Ken2k7 Posted August 24, 2007 Share Posted August 24, 2007 Okay I just want to see if this works or not: $sql = mysql_query("SELECT * FROM member WHERE name='$_SESSION['name']'") or die(mysql_error()); See where it says: ...name='$_SESSION['name']'...? Does the quotes work on that part or do I need to use the character '\'? Link to comment https://forums.phpfreaks.com/topic/66572-solved-quoting/ Share on other sites More sharing options...
MadTechie Posted August 24, 2007 Share Posted August 24, 2007 use either $sql = mysql_query("SELECT * FROM member WHERE name='{$_SESSION['name']}'") or die(mysql_error()); or $sql = mysql_query("SELECT * FROM member WHERE name='".$_SESSION['name']."'") or die(mysql_error()); Link to comment https://forums.phpfreaks.com/topic/66572-solved-quoting/#findComment-333447 Share on other sites More sharing options...
nathanmaxsonadil Posted August 24, 2007 Share Posted August 24, 2007 the quotes work on that part.. you might want to change it to this though $sql = mysql_query("SELECT * FROM member WHERE name='{$_SESSION['name']}'") or die(mysql_error()); EDIT:lol MadTechie beat me to it Link to comment https://forums.phpfreaks.com/topic/66572-solved-quoting/#findComment-333448 Share on other sites More sharing options...
deadimp Posted August 24, 2007 Share Posted August 24, 2007 Actually, since it's in a string, you don't really need quotes. But one thing you'll need to observe is the possibility of an SQL-injection attack, meaning someone could rewrite your query to do malicious things - which isn't good. Be sure you escape your data properly. Link to comment https://forums.phpfreaks.com/topic/66572-solved-quoting/#findComment-333450 Share on other sites More sharing options...
MadTechie Posted August 24, 2007 Share Posted August 24, 2007 Actually, since it's in a string, you don't really need quotes. Erm yes you do! But one thing you'll need to observe is the possibility of an SQL-injection attack, meaning someone could rewrite your query to do malicious things Its a SESSION, not a POST or GET so how would the user do that ???? Link to comment https://forums.phpfreaks.com/topic/66572-solved-quoting/#findComment-333452 Share on other sites More sharing options...
Neptunus Maris Posted August 24, 2007 Share Posted August 24, 2007 $user_sess = $_SESSION["the_session"] or $_SESSION[the_session] or $_SESSION['the_session'] WHERE name = '$user_sess' Link to comment https://forums.phpfreaks.com/topic/66572-solved-quoting/#findComment-333453 Share on other sites More sharing options...
MadTechie Posted August 24, 2007 Share Posted August 24, 2007 nice third options except the $_SESSION[the_session] one which will work but is bad pratice.. as PHP will see the the_session as a constant and your get a warning notice Link to comment https://forums.phpfreaks.com/topic/66572-solved-quoting/#findComment-333455 Share on other sites More sharing options...
Neptunus Maris Posted August 24, 2007 Share Posted August 24, 2007 Actually, since it's in a string, you don't really need quotes. Erm yes you do! But one thing you'll need to observe is the possibility of an SQL-injection attack, meaning someone could rewrite your query to do malicious things Its a SESSION, not a POST or GET so how would the user do that ???? Ive used a $_SESSION string without using quotes before...and Ive done it alot. Link to comment https://forums.phpfreaks.com/topic/66572-solved-quoting/#findComment-333456 Share on other sites More sharing options...
Neptunus Maris Posted August 24, 2007 Share Posted August 24, 2007 nice third options except the $_SESSION[the_session] one which will work but is bad pratice.. as PHP will see the the_session as a constant and your get a warning notice True! Link to comment https://forums.phpfreaks.com/topic/66572-solved-quoting/#findComment-333457 Share on other sites More sharing options...
Ken2k7 Posted August 24, 2007 Author Share Posted August 24, 2007 And I'm completely confused. So what's the answer? Link to comment https://forums.phpfreaks.com/topic/66572-solved-quoting/#findComment-333458 Share on other sites More sharing options...
MadTechie Posted August 24, 2007 Share Posted August 24, 2007 its a bad habit and if you turn on error reporting your see a ton of errors, $_SESSION[the_session] will look for a constant named the_session and will fail to find one, and then will send a notice, but php will then use the_session as the variable.. so to sumup PHP is fixing the error "per say" but its still bad pratice.. Link to comment https://forums.phpfreaks.com/topic/66572-solved-quoting/#findComment-333460 Share on other sites More sharing options...
MadTechie Posted August 24, 2007 Share Posted August 24, 2007 options are use either $sql = mysql_query("SELECT * FROM member WHERE name='{$_SESSION['name']}'") or die(mysql_error()); or $sql = mysql_query("SELECT * FROM member WHERE name='".$_SESSION['name']."'") or die(mysql_error()); or $name = $_SESSION['name']; $sql = mysql_query("SELECT * FROM member WHERE name='$name' ") or die(mysql_error()); Link to comment https://forums.phpfreaks.com/topic/66572-solved-quoting/#findComment-333461 Share on other sites More sharing options...
Jessica Posted August 24, 2007 Share Posted August 24, 2007 I usually do it the last way MadTechie showed. I find it's cleaner and you might need to use $name later so why mess with $_SESSION['name'] every time Link to comment https://forums.phpfreaks.com/topic/66572-solved-quoting/#findComment-333463 Share on other sites More sharing options...
MadTechie Posted August 24, 2007 Share Posted August 24, 2007 yeah, personally i use {} on a short script but if its a long script i set all the variable at the start, thus doing basically the same. Link to comment https://forums.phpfreaks.com/topic/66572-solved-quoting/#findComment-333466 Share on other sites More sharing options...
Neptunus Maris Posted August 24, 2007 Share Posted August 24, 2007 I usually do it the last way MadTechie showed. I find it's cleaner and you might need to use $name later so why mess with $_SESSION['name'] every time True! but the key words ...I've used... I dont do it without quotes anymore. but...lol we hevent really helped the topic starter out really, we are off in our own little circle, not unless he gave up and stopped reading our posts Link to comment https://forums.phpfreaks.com/topic/66572-solved-quoting/#findComment-333469 Share on other sites More sharing options...
Ken2k7 Posted August 24, 2007 Author Share Posted August 24, 2007 Okay thanks guys. Lastly, does this work (I don't feel like starting a new topic): <?php /* Codes not shown */ $sql = mysql_query("SELECT * FROM member"); // pulling database info directly using $sql $name = $sql['name']; /* Codes not shown */ ?> Link to comment https://forums.phpfreaks.com/topic/66572-solved-quoting/#findComment-333474 Share on other sites More sharing options...
MadTechie Posted August 24, 2007 Share Posted August 24, 2007 Nope, but close <?php /* Codes not shown */ /* make a request SQL*/ $sql = mysql_query("SELECT * FROM member"); // pulling database info directly using $sql $row = mysql_fetch_assoc($sql); //edit pesky ; //display the data $name = $row['name']; echo $name; /* Codes not shown */ ?> Link to comment https://forums.phpfreaks.com/topic/66572-solved-quoting/#findComment-333483 Share on other sites More sharing options...
Neptunus Maris Posted August 24, 2007 Share Posted August 24, 2007 Nope, but close <?php /* Codes not shown */ /* make a request SQL*/ $sql = mysql_query("SELECT * FROM member"); // pulling database info directly using $sql $row = mysql_fetch_assoc($sql); //edit pesky ; //display the data $name = $row['name']; echo $name; /* Codes not shown */ ?> to add to that you can also use: /* make a request SQL*/ $sql = mysql_query("SELECT * FROM member"); // pulling database info directly using $sql $row = mysql_fetch_array($sql); //edit pesky ; //display the data $name = $row['name']; echo $name; mysql_fetch_assoc and mysql_fetch_array are basically the same thing Link to comment https://forums.phpfreaks.com/topic/66572-solved-quoting/#findComment-333484 Share on other sites More sharing options...
Ken2k7 Posted August 24, 2007 Author Share Posted August 24, 2007 Oh darn! Thanks MadTechie. Speaking of the quotes, do I have to use the curly braces ({}) everytime I put them in strings? Like this too: <?php /* codes not shown */ if (sha1($_SESSION['pass']) == $sql['password']) header("Location: {$_SESSION['name']}"); /* codes not shown*/ ?> Link to comment https://forums.phpfreaks.com/topic/66572-solved-quoting/#findComment-333494 Share on other sites More sharing options...
MadTechie Posted August 24, 2007 Share Posted August 24, 2007 No their 3 options started above, options are use either 1. $sql = mysql_query("SELECT * FROM member WHERE name='{$_SESSION['name']}'") or die(mysql_error()); or 2. $sql = mysql_query("SELECT * FROM member WHERE name='".$_SESSION['name']."'") or die(mysql_error()); or 3. $name = $_SESSION['name']; $sql = mysql_query("SELECT * FROM member WHERE name='$name' ") or die(mysql_error()); All do the same thing if you plan to use it alot in the current script then use the third option find the one that you find works best Link to comment https://forums.phpfreaks.com/topic/66572-solved-quoting/#findComment-333497 Share on other sites More sharing options...
Ken2k7 Posted August 24, 2007 Author Share Posted August 24, 2007 Oh okay. Thanks. Link to comment https://forums.phpfreaks.com/topic/66572-solved-quoting/#findComment-333503 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.