Ken2k7 Posted August 24, 2007 Share Posted August 24, 2007 Okay I just want to see if this works or not: $sql = mysql_query("SELECT * FROM member WHERE name='$_SESSION['name']'") or die(mysql_error()); See where it says: ...name='$_SESSION['name']'...? Does the quotes work on that part or do I need to use the character '\'? Quote Link to comment Share on other sites More sharing options...
MadTechie Posted August 24, 2007 Share Posted August 24, 2007 use either $sql = mysql_query("SELECT * FROM member WHERE name='{$_SESSION['name']}'") or die(mysql_error()); or $sql = mysql_query("SELECT * FROM member WHERE name='".$_SESSION['name']."'") or die(mysql_error()); Quote Link to comment Share on other sites More sharing options...
nathanmaxsonadil Posted August 24, 2007 Share Posted August 24, 2007 the quotes work on that part.. you might want to change it to this though $sql = mysql_query("SELECT * FROM member WHERE name='{$_SESSION['name']}'") or die(mysql_error()); EDIT:lol MadTechie beat me to it Quote Link to comment Share on other sites More sharing options...
deadimp Posted August 24, 2007 Share Posted August 24, 2007 Actually, since it's in a string, you don't really need quotes. But one thing you'll need to observe is the possibility of an SQL-injection attack, meaning someone could rewrite your query to do malicious things - which isn't good. Be sure you escape your data properly. Quote Link to comment Share on other sites More sharing options...
MadTechie Posted August 24, 2007 Share Posted August 24, 2007 Actually, since it's in a string, you don't really need quotes. Erm yes you do! But one thing you'll need to observe is the possibility of an SQL-injection attack, meaning someone could rewrite your query to do malicious things Its a SESSION, not a POST or GET so how would the user do that ???? Quote Link to comment Share on other sites More sharing options...
Neptunus Maris Posted August 24, 2007 Share Posted August 24, 2007 $user_sess = $_SESSION["the_session"] or $_SESSION[the_session] or $_SESSION['the_session'] WHERE name = '$user_sess' Quote Link to comment Share on other sites More sharing options...
MadTechie Posted August 24, 2007 Share Posted August 24, 2007 nice third options except the $_SESSION[the_session] one which will work but is bad pratice.. as PHP will see the the_session as a constant and your get a warning notice Quote Link to comment Share on other sites More sharing options...
Neptunus Maris Posted August 24, 2007 Share Posted August 24, 2007 Actually, since it's in a string, you don't really need quotes. Erm yes you do! But one thing you'll need to observe is the possibility of an SQL-injection attack, meaning someone could rewrite your query to do malicious things Its a SESSION, not a POST or GET so how would the user do that ???? Ive used a $_SESSION string without using quotes before...and Ive done it alot. Quote Link to comment Share on other sites More sharing options...
Neptunus Maris Posted August 24, 2007 Share Posted August 24, 2007 nice third options except the $_SESSION[the_session] one which will work but is bad pratice.. as PHP will see the the_session as a constant and your get a warning notice True! Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted August 24, 2007 Author Share Posted August 24, 2007 And I'm completely confused. So what's the answer? Quote Link to comment Share on other sites More sharing options...
MadTechie Posted August 24, 2007 Share Posted August 24, 2007 its a bad habit and if you turn on error reporting your see a ton of errors, $_SESSION[the_session] will look for a constant named the_session and will fail to find one, and then will send a notice, but php will then use the_session as the variable.. so to sumup PHP is fixing the error "per say" but its still bad pratice.. Quote Link to comment Share on other sites More sharing options...
MadTechie Posted August 24, 2007 Share Posted August 24, 2007 options are use either $sql = mysql_query("SELECT * FROM member WHERE name='{$_SESSION['name']}'") or die(mysql_error()); or $sql = mysql_query("SELECT * FROM member WHERE name='".$_SESSION['name']."'") or die(mysql_error()); or $name = $_SESSION['name']; $sql = mysql_query("SELECT * FROM member WHERE name='$name' ") or die(mysql_error()); Quote Link to comment Share on other sites More sharing options...
Jessica Posted August 24, 2007 Share Posted August 24, 2007 I usually do it the last way MadTechie showed. I find it's cleaner and you might need to use $name later so why mess with $_SESSION['name'] every time Quote Link to comment Share on other sites More sharing options...
MadTechie Posted August 24, 2007 Share Posted August 24, 2007 yeah, personally i use {} on a short script but if its a long script i set all the variable at the start, thus doing basically the same. Quote Link to comment Share on other sites More sharing options...
Neptunus Maris Posted August 24, 2007 Share Posted August 24, 2007 I usually do it the last way MadTechie showed. I find it's cleaner and you might need to use $name later so why mess with $_SESSION['name'] every time True! but the key words ...I've used... I dont do it without quotes anymore. but...lol we hevent really helped the topic starter out really, we are off in our own little circle, not unless he gave up and stopped reading our posts Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted August 24, 2007 Author Share Posted August 24, 2007 Okay thanks guys. Lastly, does this work (I don't feel like starting a new topic): <?php /* Codes not shown */ $sql = mysql_query("SELECT * FROM member"); // pulling database info directly using $sql $name = $sql['name']; /* Codes not shown */ ?> Quote Link to comment Share on other sites More sharing options...
MadTechie Posted August 24, 2007 Share Posted August 24, 2007 Nope, but close <?php /* Codes not shown */ /* make a request SQL*/ $sql = mysql_query("SELECT * FROM member"); // pulling database info directly using $sql $row = mysql_fetch_assoc($sql); //edit pesky ; //display the data $name = $row['name']; echo $name; /* Codes not shown */ ?> Quote Link to comment Share on other sites More sharing options...
Neptunus Maris Posted August 24, 2007 Share Posted August 24, 2007 Nope, but close <?php /* Codes not shown */ /* make a request SQL*/ $sql = mysql_query("SELECT * FROM member"); // pulling database info directly using $sql $row = mysql_fetch_assoc($sql); //edit pesky ; //display the data $name = $row['name']; echo $name; /* Codes not shown */ ?> to add to that you can also use: /* make a request SQL*/ $sql = mysql_query("SELECT * FROM member"); // pulling database info directly using $sql $row = mysql_fetch_array($sql); //edit pesky ; //display the data $name = $row['name']; echo $name; mysql_fetch_assoc and mysql_fetch_array are basically the same thing Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted August 24, 2007 Author Share Posted August 24, 2007 Oh darn! Thanks MadTechie. Speaking of the quotes, do I have to use the curly braces ({}) everytime I put them in strings? Like this too: <?php /* codes not shown */ if (sha1($_SESSION['pass']) == $sql['password']) header("Location: {$_SESSION['name']}"); /* codes not shown*/ ?> Quote Link to comment Share on other sites More sharing options...
MadTechie Posted August 24, 2007 Share Posted August 24, 2007 No their 3 options started above, options are use either 1. $sql = mysql_query("SELECT * FROM member WHERE name='{$_SESSION['name']}'") or die(mysql_error()); or 2. $sql = mysql_query("SELECT * FROM member WHERE name='".$_SESSION['name']."'") or die(mysql_error()); or 3. $name = $_SESSION['name']; $sql = mysql_query("SELECT * FROM member WHERE name='$name' ") or die(mysql_error()); All do the same thing if you plan to use it alot in the current script then use the third option find the one that you find works best Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted August 24, 2007 Author Share Posted August 24, 2007 Oh okay. Thanks. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.