apw Posted August 28, 2008 Share Posted August 28, 2008 When using php to select information whats the differences in these two lines.. $userstat="select * from pfile where playername='$player'"; and the line $userstats=$db->execute("select * from $dbtables[pfile] where playername='$player'"); whats the difference and which would be safer to use Quote Link to comment Share on other sites More sharing options...
DarkWater Posted August 28, 2008 Share Posted August 28, 2008 Well, the latter has incorrect array syntax, and the first one doesn't execute a query, it just makes a string variable that needs to be passed to mysql_query(), but I'll assume you knew that. The second one clearly uses some database class (PDO maybe?) to execute its queries and handle results. It's basically the same thing. Quote Link to comment Share on other sites More sharing options...
obsidian Posted August 28, 2008 Share Posted August 28, 2008 Well, the latter has incorrect array syntax... Actually, since it is within a string, the array syntax is fine Quote Link to comment Share on other sites More sharing options...
.josh Posted August 28, 2008 Share Posted August 28, 2008 1: $userstat="select * from pfile where playername='$player'"; 2: $userstats=$db->execute("select * from $dbtables[pfile] where playername='$player'"); - Both are query strings to be sent to the database, but #1 is just the string while #2 looks like it calls a method to actually execute the string (mentioned ^). #1 doesn't actually retrieve information. #2 'probably' does, but we can't know for sure, because we have no idea what $db->execute does, except for making an assumption based on the name. - #2 uses a variable instead of a hardcoded table name. This could mean that that there is more than one table being used, or maybe it's setup that way to allow the admin to specify table name during installation of the script. Could mean other things, but those are probably most likely 2 reasons. - Which is safer? Assuming that the variables are properly sanitized beforehand (which we can't determine from what you posted), they both look equally "safe." Can't really tell which one is "safer," based off just those two things. - #2 seems to utilize a class for database handling, which overall, is the "preferred" thing to do, because it's generally cleaner, more structured, and all those other reasons why people generally prefer object oriented programming over procedural. -On the other hand, #1 could just as easily be OOP based, as well. For all we know, the next line of #1 could be $result=$db->execute($userstat); Which is pretty much the same as #2, except that you're separating it into 2 lines, which is pretty useful for debugging or adding error handling. But #2 could just as easily have error handling inside the class, too. Well, that's about all I have to offer, based on what you've provided. The real point of this post is that there's really know way to tell you which is safer or better, based off what you posted. Quote Link to comment Share on other sites More sharing options...
apw Posted August 28, 2008 Author Share Posted August 28, 2008 After the line posted, #2 would be $userinfo = $userstats->fields; which im assuming pulls fields and places them into $userstats ? Quote Link to comment Share on other sites More sharing options...
.josh Posted August 28, 2008 Share Posted August 28, 2008 How should we know? We don't have your code sitting in front of us (please don't dump all your code on us; only post relevant stuff, like...just the "fields" method). Not to mention...I'm getting the impression this isn't your script. I suggest you contact the person who made the script or find a community based on it (like a support forum for that specific script) or post in 3rd party forum (this may just end up getting moved there anyways) or hire someone. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.