PHP Code:
$u_id = $this->db->makesafe($u_id);
$sql = sprintf("SELECT `u_id`, `username`, `password`, `registerdate`, `registerip` FROM `MEMBER_TABLE` WHERE `u_id` = %d", $u_id);
$this->data = $this->db->query($sql)->fetch();
Something like that?
And thanks for your comment :)
About my comment blocks, I use PHPDesigner 2007, and when I use regular //commentlines, they go grey and I can barely see them. /**commentblock**/ is orange, which is alot easier to see.
But you didn't see any php errors? :)
EDIT: Actually to check the id is rather pointless, because it will always be an integer, however, the search for name would be more important to use this feature.
PHP Code:
public function load($u_id) {
$this->data = $this->query("SELECT `u_id`, `username`, `password`, `registerdate`, `registerip` FROM `MEMBER_TABLE` WHERE `u_id` = '".$u_id."'")->fetch();
}
public function find($name) {
$name = $this->data->makesafe($name);
$id = $this->query("SELECT `u_id` FROM `MEMBER_TABLE` WHERE `username` = '" . $name )->fetch();
// If anything was found
if(isset($id['id'])) {
$this->load($id['id']);
}
As you see, loading the id comes from the query from the finding. So the users have no way of writing it in manually.
So it would look something like this:
PHP Code:
public function find($name) {
$name = $this->data->makesafe($name);
$sql = printf("SELECT `u_id` FROM `MEMBER_TABLE` WHERE `username` = %s", $name);
$id = $this->query($sql)->fetch();
// If anything was found
if(isset($id['id'])) {
$this->load($id['id']);
}
}
Better? :P