So I was escaping my SQL, and...!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Mightywayne
Forum Contributor
Posts: 237
Joined: Sat Dec 09, 2006 6:46 am

So I was escaping my SQL, and...!

Post by Mightywayne »

Hi! In my layout, on the top of every page, I do my set_cookie stuff and all the things that check to make sure they are fully logged in, and also, I set a variable called $user to their information. However, considering I make many queries in a script, I was wondering if instead of...

Code: Select all

$query = mysql_query("SELECT monnum FROM user WHERE username = '$user'", mysql_real_escape_string($user));
I could just on the top of every page, set $user = to...

Code: Select all

$user = mysql_real_escape_string($user)
and so when I call it $user for stuff like WHERE username, I wouldn't have to do escape that.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

I prefer putting the escaping with the database code like your first example. Then you can be sure that there are no code paths that might circumvent the code at the "top of the page." Also if you ever move that database code out into its own module to work with several pages then the escaping goes with it.
(#10850)
Mightywayne
Forum Contributor
Posts: 237
Joined: Sat Dec 09, 2006 6:46 am

Post by Mightywayne »

Alright, cool. Quick question now, this "module" thing. Is this like "classes" where people suggest I learn it though it has nothing to do with making games? Cuz I notice some times, I can just do things people suggest better with very simple coding, but there's usually a "what if" kinda thing like, say, modules. "What if you want to [big confusing thing that is of no specific help]?"

Like here, the modules, I'm not really having any trouble with multiple pages.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

It is a little difficult to follow what you have written...
Mightywayne wrote:Alright, cool. Quick question now, this "module" thing. Is this like "classes" where people suggest I learn it though it has nothing to do with making games?
Well, classes have to do with games if you use them ... but there are really no programming methodologies specifically associated with games -- except maybe those associated with coding everything in assembler.
Mightywayne wrote: Cuz I notice some times, I can just do things people suggest better with very simple coding, but there's usually a "what if" kinda thing like, say, modules.
Again, using classes has little to do with "very simple coding" and were in fact created to simplify code.
Mightywayne wrote:"What if you want to [big confusing thing that is of no specific help]?"
I really haven't a clue what that means?

A module is just code that can be separate due to its dependencies (or lack of them).
Mightywayne wrote:Like here, the modules, I'm not really having any trouble with multiple pages.
Yeah ... I'm not having any trouble with multiple pages either.
(#10850)
Mightywayne
Forum Contributor
Posts: 237
Joined: Sat Dec 09, 2006 6:46 am

Post by Mightywayne »

A module is just code that can be separate due to its dependencies (or lack of them).
Ohhhh. Okay! I thought it was a thing to learn. Thanks for the help!
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

Mightywayne wrote:I thought it was a thing to learn.
No, no no ... we wouldn't want that ...
(#10850)
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

The first example will cause an error if I'm not mistaken. :?
Mightywayne
Forum Contributor
Posts: 237
Joined: Sat Dec 09, 2006 6:46 am

Post by Mightywayne »

feyd wrote:The first example will cause an error if I'm not mistaken. :?
Oh, not sure, I've never been attacked. The one time I tried on myself I just ended up messing everything up anyway.

Consolation, though! I'm using the second one anyway. Wee!
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

Mightywayne wrote:Oh, not sure, I've never been attacked. The one time I tried on myself I just ended up messing everything up anyway.
Don't worry ... be happy!
Mightywayne wrote:Consolation, though! I'm using the second one anyway. Wee!
I would have expected nothing less!
(#10850)
Post Reply