Page 1 of 1
So I was escaping my SQL, and...!
Posted: Wed Feb 28, 2007 3:51 pm
by Mightywayne
Hi! In my layout, on the top of every page, I do my set_cookie stuff and all the things that check to make sure they are fully logged in, and also, I set a variable called $user to their information. However, considering I make many queries in a script, I was wondering if instead of...
Code: Select all
$query = mysql_query("SELECT monnum FROM user WHERE username = '$user'", mysql_real_escape_string($user));
I could just on the top of every page, set $user = to...
Code: Select all
$user = mysql_real_escape_string($user)
and so when I call it $user for stuff like WHERE username, I wouldn't have to do escape that.
Posted: Wed Feb 28, 2007 4:04 pm
by Christopher
I prefer putting the escaping with the database code like your first example. Then you can be sure that there are no code paths that might circumvent the code at the "top of the page." Also if you ever move that database code out into its own module to work with several pages then the escaping goes with it.
Posted: Wed Feb 28, 2007 4:14 pm
by Mightywayne
Alright, cool. Quick question now, this "module" thing. Is this like "classes" where people suggest I learn it though it has nothing to do with making games? Cuz I notice some times, I can just do things people suggest better with very simple coding, but there's usually a "what if" kinda thing like, say, modules. "What if you want to [big confusing thing that is of no specific help]?"
Like here, the modules, I'm not really having any trouble with multiple pages.
Posted: Wed Feb 28, 2007 4:29 pm
by Christopher
It is a little difficult to follow what you have written...
Mightywayne wrote:Alright, cool. Quick question now, this "module" thing. Is this like "classes" where people suggest I learn it though it has nothing to do with making games?
Well, classes have to do with games if you use them ... but there are really no programming methodologies specifically associated with games -- except maybe those associated with coding everything in assembler.
Mightywayne wrote: Cuz I notice some times, I can just do things people suggest better with very simple coding, but there's usually a "what if" kinda thing like, say, modules.
Again, using classes has little to do with "very simple coding" and were in fact created to simplify code.
Mightywayne wrote:"What if you want to [big confusing thing that is of no specific help]?"
I really haven't a clue what that means?
A module is just code that can be separate due to its dependencies (or lack of them).
Mightywayne wrote:Like here, the modules, I'm not really having any trouble with multiple pages.
Yeah ... I'm not having any trouble with multiple pages either.
Posted: Wed Feb 28, 2007 4:56 pm
by Mightywayne
A module is just code that can be separate due to its dependencies (or lack of them).
Ohhhh. Okay! I thought it was a thing to learn. Thanks for the help!
Posted: Wed Feb 28, 2007 5:03 pm
by Christopher
Mightywayne wrote:I thought it was a thing to learn.
No, no no ... we wouldn't want that ...
Posted: Wed Feb 28, 2007 10:16 pm
by feyd
The first example will cause an error if I'm not mistaken.

Posted: Wed Feb 28, 2007 11:21 pm
by Mightywayne
feyd wrote:The first example will cause an error if I'm not mistaken.

Oh, not sure, I've never been attacked. The one time I tried on myself I just ended up messing everything up anyway.
Consolation, though! I'm using the second one anyway. Wee!
Posted: Wed Feb 28, 2007 11:38 pm
by Christopher
Mightywayne wrote:Oh, not sure, I've never been attacked. The one time I tried on myself I just ended up messing everything up anyway.
Don't worry ... be happy!
Mightywayne wrote:Consolation, though! I'm using the second one anyway. Wee!
I would have expected nothing less!