mysql_compare

Garethp · September 16, 2008

I just built a class, thought this might be the place to share it. It compares a class to a mysql value. Here it is

mysql_compare($Table, $IDColumn, $ID, $CompareCol, $Value);

function mysql_compare($Table, $Columna, $ID, $Columnb, $Value)
{

$Error = 0;

$Query = mysql_query("SELECT * FROM `$Table` WHERE `$Columna`='$ID'");

if(mysql_num_rows($Query) > 1)
	{
	$Error = 1;
	$Errortext = "Identifier is not unique";
	}
else if(mysql_num_rows($Query) == 0)
	{
	$Error = 1;
	$Errortext = "Row does not exist";
	}
else
	{
	$Show = mysql_fetch_array($Query);
	$Compare = $Show["$Columnb"];

	if($Compare == $Value)
		{
		$Errortext = 1;
		}
	else
		{
		$Errortext = 0;
		}
	}

return ($Errortext);
}

Mchl · September 16, 2008

"SELECT `$Columnb` FROM `$Table` WHERE `$Columna`='$ID'" would be enough, wouldn't it?

Also running mysql_real_escape_string on $Columnb,$Columna,$Table and $ID wouldn't hurt.

Garethp · September 18, 2008

What's the difference between mysql_real_escape_string() and mysql_escape_string()?

Mchl · September 18, 2008

Description

string mysql_escape_string ( string $unescaped_string )

This function will escape the unescaped_string , so that it is safe to place it in a mysql_query(). This function is deprecated.

This function is identical to mysql_real_escape_string() except that mysql_real_escape_string() takes a connection handler and escapes the string according to the current character set. mysql_escape_string() does not take a connection argument and does not respect the current charset setting.

(Underlining by me)

Garethp · September 18, 2008

What exactly does the last paragraph mean? I get that my version is depreciated.

Quick question, how do I update the PHP version on EasyPHP? Because if I can't, I need to find another way to host my own PHP server, and last time I tried I had no luck

Mchl · September 18, 2008

It means, that mysql_real_escape_string() can only be run after mysql_connect(). It needs a mysql connection to be present, so that it could escape the string according to the charset defined by for example

mysql_query(""SET NAMES 'utf8'");

Garethp · September 18, 2008

But can I use mysql_escape_string() to escape PHP injection, even if there is no mysql involved anywhere?

Mchl · September 18, 2008

What kind of injection you're afraid?

Garethp · September 18, 2008

I'm not, I just want a secure site. As secure as possible. If myqsl_escape_string escapes PHP injection, I might use a combination of the two depending on what I'm escaping it for

Mchl · September 18, 2008

I think that other methods should be used against PHP injection.

Garethp · September 18, 2008

Honestly, this is the only one I know. Can you tell me of some others?

Mchl · September 18, 2008

That would depend on what PHP injection you're securing against.

Is it eval() or require() or something else?

Garethp · September 18, 2008

I'm just after general knowledge. I'm not doing a big project now but the information will come in handy later

Sign In

mysql_compare

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Archived

Important Information