TalkPHP - View Single Post

bluesaga · 10-04-2007, 06:17 PM

Code:

$szSQL = "SELECT id FROM users WHERE user = '$szUser' LIMIT 0,1";

Would be better as:

Code:

$szSQL = sprintf("SELECT id FROM users WHERE user = '%s' LIMIT 0,1", mysql_escape_string($szUser));

Its more secure to use that.

Code:

            if($bResult == True){

There is no need to use the "== True" just use:

Code:

               if($bResult){

Other than that, the code looks good, but i haven't looked THAT hard at it lol

10-04-2007, 06:17 PM	#3 (permalink)
bluesaga Super Moderator Join Date: Sep 2007 Posts: 165 Thanks: 0	Code: $szSQL = "SELECT id FROM users WHERE user = '$szUser' LIMIT 0,1"; Would be better as: Code: $szSQL = sprintf("SELECT id FROM users WHERE user = '%s' LIMIT 0,1", mysql_escape_string($szUser)); Its more secure to use that. Code: if($bResult == True){ There is no need to use the "== True" just use: Code: if($bResult){ Other than that, the code looks good, but i haven't looked THAT hard at it lol