TalkPHP - View Single Post

ReSpawN · 12-07-2007, 09:52 PM

Thus using the result just gave you, you can also make your query a lot more safe. Even if you are a beginner. Though this does looks a lot better than when I first started out. Props on that one. First I should advise you NOT to use double quotes ("") but single quotes (''). Why? Since defining what ever in a query, it's wise to open a identifier with "'.$username.'". Thus the query will look like this:

PHP Code:


			
$rSql = mysql_query('SELECT username FROM respawn_users WHERE username = "'.$username.'"');

First it looks a lot better, second, you can use `` at any given option in the query. Thus looking like this:

PHP Code:


			
$rSql = mysql_query('SELECT username FROM `respawn_users` WHERE `username` = "'.$username.'"');

On a final note, when it comes to the category listing of a specific item, use LIMIT 1 to shorten the code and result. (thus preventing the expanded use of mysql_free_result()) Next to that, use the tablenames instead of *. :)

Although it is a bit off topic, it still might help you.

Good luck crazyryan!

12-07-2007, 09:52 PM	#4 (permalink)
ReSpawN The Frequenter Join Date: Nov 2007 Location: Netherlands Posts: 460 Thanks: 49	Thus using the result just gave you, you can also make your query a lot more safe. Even if you are a beginner. Though this does looks a lot better than when I first started out. Props on that one. First I should advise you NOT to use double quotes ("") but single quotes (''). Why? Since defining what ever in a query, it's wise to open a identifier with "'.$username.'". Thus the query will look like this: PHP Code: `$rSql = mysql_query('SELECT username FROM respawn_users WHERE username = "'.$username.'"');` First it looks a lot better, second, you can use `` at any given option in the query. Thus looking like this: PHP Code: $rSql = mysql_query('SELECT username FROM `respawn_users` WHERE `username` = "'.$username.'"'); On a final note, when it comes to the category listing of a specific item, use LIMIT 1 to shorten the code and result. (thus preventing the expanded use of mysql_free_result()) Next to that, use the tablenames instead of *. :) Although it is a bit off topic, it still might help you. Good luck crazyryan!