Database communication using php,mysql

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
harishreddy
Forum Newbie
Posts: 5
Joined: Sun Mar 08, 2009 12:22 am

Database communication using php,mysql

Post by harishreddy »

$query="select * from emp where ename='$ename' and empno='$empno'";
print "<br>".$query;
$result=mysql_query($query);
print "<br>".$result."<br>";

if($result)
{
$res=mysql_fetch_array($result);
print_r($res);
while($row=$res)
{
echo "<br>".$row['ename'];
}
}

in the above code while loop executed infinite times,can any body tell the reason for that
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Database communication using php,mysql

Post by kaisellgren »

Please use code tags.

The reason is that the statement, which you throw in the while loop, always equals to true. You probably want:

Code: Select all

$res=mysql_fetch_array($result);
while($res)
{
echo "<br>".$res['ename'];
$res=mysql_fetch_array($result);
}
And as for the security, your code is vulnerable to SQL injections.
Post Reply