Garethp Posted September 16, 2008 Share Posted September 16, 2008 I just built a class, thought this might be the place to share it. It compares a class to a mysql value. Here it is mysql_compare($Table, $IDColumn, $ID, $CompareCol, $Value); function mysql_compare($Table, $Columna, $ID, $Columnb, $Value) { $Error = 0; $Query = mysql_query("SELECT * FROM `$Table` WHERE `$Columna`='$ID'"); if(mysql_num_rows($Query) > 1) { $Error = 1; $Errortext = "Identifier is not unique"; } else if(mysql_num_rows($Query) == 0) { $Error = 1; $Errortext = "Row does not exist"; } else { $Show = mysql_fetch_array($Query); $Compare = $Show["$Columnb"]; if($Compare == $Value) { $Errortext = 1; } else { $Errortext = 0; } } return ($Errortext); } Quote Link to comment Share on other sites More sharing options...
Mchl Posted September 16, 2008 Share Posted September 16, 2008 "SELECT `$Columnb` FROM `$Table` WHERE `$Columna`='$ID'" would be enough, wouldn't it? Also running mysql_real_escape_string on $Columnb,$Columna,$Table and $ID wouldn't hurt. Quote Link to comment Share on other sites More sharing options...
Garethp Posted September 18, 2008 Author Share Posted September 18, 2008 What's the difference between mysql_real_escape_string() and mysql_escape_string()? Quote Link to comment Share on other sites More sharing options...
Mchl Posted September 18, 2008 Share Posted September 18, 2008 Description string mysql_escape_string ( string $unescaped_string ) This function will escape the unescaped_string , so that it is safe to place it in a mysql_query(). This function is deprecated. This function is identical to mysql_real_escape_string() except that mysql_real_escape_string() takes a connection handler and escapes the string according to the current character set. mysql_escape_string() does not take a connection argument and does not respect the current charset setting. (Underlining by me) Quote Link to comment Share on other sites More sharing options...
Garethp Posted September 18, 2008 Author Share Posted September 18, 2008 What exactly does the last paragraph mean? I get that my version is depreciated. Quick question, how do I update the PHP version on EasyPHP? Because if I can't, I need to find another way to host my own PHP server, and last time I tried I had no luck Quote Link to comment Share on other sites More sharing options...
Mchl Posted September 18, 2008 Share Posted September 18, 2008 It means, that mysql_real_escape_string() can only be run after mysql_connect(). It needs a mysql connection to be present, so that it could escape the string according to the charset defined by for example mysql_query(""SET NAMES 'utf8'"); Quote Link to comment Share on other sites More sharing options...
Garethp Posted September 18, 2008 Author Share Posted September 18, 2008 But can I use mysql_escape_string() to escape PHP injection, even if there is no mysql involved anywhere? Quote Link to comment Share on other sites More sharing options...
Mchl Posted September 18, 2008 Share Posted September 18, 2008 What kind of injection you're afraid? Quote Link to comment Share on other sites More sharing options...
Garethp Posted September 18, 2008 Author Share Posted September 18, 2008 I'm not, I just want a secure site. As secure as possible. If myqsl_escape_string escapes PHP injection, I might use a combination of the two depending on what I'm escaping it for Quote Link to comment Share on other sites More sharing options...
Mchl Posted September 18, 2008 Share Posted September 18, 2008 I think that other methods should be used against PHP injection. Quote Link to comment Share on other sites More sharing options...
Garethp Posted September 18, 2008 Author Share Posted September 18, 2008 Honestly, this is the only one I know. Can you tell me of some others? Quote Link to comment Share on other sites More sharing options...
Mchl Posted September 18, 2008 Share Posted September 18, 2008 That would depend on what PHP injection you're securing against. Is it eval() or require() or something else? Quote Link to comment Share on other sites More sharing options...
Garethp Posted September 18, 2008 Author Share Posted September 18, 2008 I'm just after general knowledge. I'm not doing a big project now but the information will come in handy later Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.