Jump to content

Connecting to SQL


Recommended Posts

I need help. Is this code ok?

<?php$username=$_POST['username'];$email=$_POST['email'];$password=$_POST['password'];$sql= mysql_connect("xxxxxxx","yyyyyyyyyyy","vvvvvvvvvvvvv");$database="MYSQL_SELECT_DB(bbbbbbbbbb)";if (!$sql); { die('Could not connect: ' . mysql_error()); }if (!$database); { die ("Could not connect: ' . mysql_error()"); }if (!mysql_query("INSERT INTO Member (Username, Password, Email, Folder)VALUES ('$username','$password','$email','$username')")){die("Could not connect: ' . mysql_error()")}mysql_close($sql);echo "You're registered as:<br>$username<br>Password<br>$password<br>Email:<br>$email<br>Your Folder:<br>http://thelostwaters.com/upload/$username";?>
Link to post
Share on other sites

This line: $database="MYSQL_SELECT_DB(bbbbbbbbbb)"; should be like

$database=mysql_select_db("dbname");

These lines:

if (!$database);{die ("Could not connect: ' . mysql_error()");}

is syntactically incorrect, and also would be more logical as

if (!$database);{die ("Could not select db: " . mysql_error());}

This line: die("Could not connect: ' . mysql_error()") (the third die()) is syntactically incorrect, and also textually misleading. It should be more like

die("Query failed: " . mysql_error());

Otherwise, it looks ok (except for the lack of SQL injection protection, use mysql_real_escape_string() on the $_POST variables).

Link to post
Share on other sites

And the one after if (!$sql)

if (!$sql){die('Could not connect: ' . mysql_error());}

I missed that one :)

Link to post
Share on other sites

The semicolon delimits a line, so after a ; there is a new statement. The excalimation mark is the boolean NOT, so if (!$sql) means if not $sql (e.g. if $sql is false).mysql_real_escape_string() escapes (puts \) before any character that may interfere with the SQL parser, like -- comments, " quotation marks, and ; semicolons.

Link to post
Share on other sites

This alright?

<?php$username=$_POST['username'];$email=$_POST['email'];$password=$_POST['password'];$sql= mysql_connect("HIDDEN","HIDDEN","HIDDEN");$database=mysql_select_db("HIDDEN");if (!$sql){die('Could not connect: ' . mysql_error());}if (!$database){die ("Could not select db: " . mysql_error());}// Testing if (mysql_query("SELECT Username FROM Members WHERE Username = $username" LIMIT 1")){die("$username is taken");}//Protection?$user = mysql_real_escape_string($username);$pwd = mysql_real_escape_string($password);if (user='" . $user . "' AND password='" . $pwd . "'"){die ("Username and Password is invaild")}if (!mysql_query("INSERT INTO Member (Username, Password, Email, Folder)VALUES ('$username','$password','$email','http://thelostwaters.com/upload/$username/')")){die("Query failed: " . mysql_error());}mysql_close($sql);echo "You're registered as:<br>$username<br>Password<br>$password<br>Email:<br>$email<br>Your Folder:<br>http://thelostwaters.com/upload/$username";?>
Link to post
Share on other sites
What does the semicolon do
A semicolon terminates a statement. So whatever is before a semicolon is considered a statement. This is a line with 5 "no-ops", so this line has 5 statements on it that each do nothing:
;;;;;

So when you see something like this:

if (!$database);{  die ("Could not select db: " . mysql_error());}

where you have a semicolon right after the if statement, you could say that in the English language sort of like this:"If $database evaluates to false, do nothing"That's all that if statement does. If the $database variable evaluates to false then it executes the next statement (which is a no-op), and does nothing. Then it executes the next block of code (with the die in it) regardless of whether or not the if statement was true or false, since the die statement is not part of the if block, it's just a standalone block. It's the same as doing this:

if (!$database){  ; // nothing}{  echo "this is a standalone code block";}

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...