 |
Account Login
|
 |
|
Latest Articles
|
|
|
IRC Channel
|
|
|
Associates
|
|
|
Associates
|
|
|
 |
|
|
|
05-07-2008, 09:53 AM
|
#1 (permalink)
|
|
The Prestige
Join Date: Dec 2007
Posts: 1,044
Thanks: 193
|
Where clause issue etc
Look I'm not feeling well, so here is the problem, it's saying that
my custom value is a column or something, something stupid.
sql Code:
SELECT m.mid AS mid,
m.username AS username,
m.email AS email
FROM `members` AS m
WHERE `username` = `$username`
meh whatever
by the way, $username value is in the $_COOKIE array.
returns Unknown column 'Orc-Admin' in 'where clause'
Never mind, I fixed it, yeha I forogot quotes are in it, yadda yadddda. so i suppose to have '$username'
__________________
VillageIdiot can have my babbies ;d
|
|
|
|
|
05-07-2008, 05:31 PM
|
#2 (permalink)
|
|
The Wanderer
Join Date: May 2008
Location: Beware of programmers carrying screwdrivers
Posts: 21
Thanks: 0
|
Anything within the $_COOKIE array can easily be spoofed and become an SQL Injection, it is still user input, so you would need to sanitise the variable before inserting it into your SQL Query.
Also, your column calls are ambiguous, you won’t need to use AS.
Example, in this query:
PHP Code:
$sql = "SELECT m.mid AS mid,
m.username AS username,
m.email AS email
FROM members AS m
WHERE username = '" . mysql_real_escape_string($username) . "'";
Your field names when used within mysql_fetch_assoc() are going to be:
username, email, and mid.
And they would be exactly the same if you just used the column names without the alias:
PHP Code:
$sql = "SELECT m.mid, m.username, m.email
FROM members AS m
WHERE username = '" . mysql_real_escape_string($username) . "'";
They would still be: 'mid', 'username', and 'email'. |
|
|
|
|
05-07-2008, 09:04 PM
|
#3 (permalink)
|
|
The Frequenter
Join Date: Dec 2007
Location: Bucharest, Romania
Posts: 438
Thanks: 3
|
Extending what Highway said above, you don't need to use a table alias when you're fetching values from a single table. You're only slowing down the query. So, the following is the same with what you wrote in the first place:
PHP Code:
$sql = "SELECT mid, username, email
FROM members
WHERE username = '" . mysql_real_escape_string($username) . "'";
__________________
I have optimistic thoughts, even though sometimes (if not always) life's a bitch.
|
|
|
|
|
05-08-2008, 08:45 AM
|
#4 (permalink)
|
|
The Prestige
Join Date: Dec 2007
Posts: 1,044
Thanks: 193
|
theres no slow queries. lol
__________________
VillageIdiot can have my babbies ;d
|
|
|
|
|
05-08-2008, 09:39 AM
|
#5 (permalink)
|
|
The Frequenter
Join Date: Dec 2007
Location: Bucharest, Romania
Posts: 438
Thanks: 3
|
Just an advice: take the advices given to you and memorize them (or don't, I really don't care). Don't be a smart ass just for the sake of being one. Everybody here wants to help you, but they will stop doing that at one time or another, if you don't change your attitude.
__________________
I have optimistic thoughts, even though sometimes (if not always) life's a bitch.
|
|
|
|
|
05-08-2008, 09:40 AM
|
#6 (permalink)
|
|
The Prestige
Join Date: Dec 2007
Posts: 1,044
Thanks: 193
|
Quote:
Originally Posted by xenon
Just an advice: take the advices given to you and memorize them (or don't, I really don't care). Don't be a smart ass just for the sake of being one. Everybody here wants to help you, but they will stop doing that at one time or another, if you don't change your attitude.
|
well my queries dont slow down
__________________
VillageIdiot can have my babbies ;d
|
|
|
|
|
05-08-2008, 04:47 PM
|
#7 (permalink)
|
|
The Wanderer
Join Date: May 2008
Location: Beware of programmers carrying screwdrivers
Posts: 21
Thanks: 0
|
Quote:
Originally Posted by Orc
well my queries dont slow down
|
Have you run benchmarks against them? how do you know?
Running them side-by-side, you may not notice a difference, in-fact, you probably won't.
They may slow down by 0.01 seconds, which may seem insignificant, but that will make a big difference the more queries you have and the more traffic you have on your site that would cause these queries to run.
A savings of 0.01 seconds is significant on my sites. But regardless, it’s a good idea to use correct practices, and xenon is correct regarding the usage of aliases.
Aliases would be needed on multiple table queries, but are not needed when querying a single table. :)
It’s not a *big* deal, but it’s still good practice. ;) |
|
|
|
|
The Following User Says Thank You to Highway of Life For This Useful Post:
|
|
|
05-08-2008, 05:01 PM
|
#8 (permalink)
|
|
The Prestige
Join Date: Dec 2007
Posts: 1,044
Thanks: 193
|
Quote:
Originally Posted by Highway of Life
Have you run benchmarks against them? how do you know?
Running them side-by-side, you may not notice a difference, in-fact, you probably won't.
They may slow down by 0.01 seconds, which may seem insignificant, but that will make a big difference the more queries you have and the more traffic you have on your site that would cause these queries to run.
A savings of 0.01 seconds is significant on my sites. But regardless, it’s a good idea to use correct practices, and xenon is correct regarding the usage of aliases.
Aliases would be needed on multiple table queries, but are not needed when querying a single table. :)
It’s not a *big* deal, but it’s still good practice. ;)
|
What would you prefer then?
__________________
VillageIdiot can have my babbies ;d
|
|
|
|
|
05-08-2008, 05:03 PM
|
#9 (permalink)
|
|
The Wanderer
Join Date: May 2008
Location: Beware of programmers carrying screwdrivers
Posts: 21
Thanks: 0
|
Not sure I understand the question. :|
|
|
|
|
|
05-08-2008, 05:05 PM
|
#10 (permalink)
|
|
The Prestige
Join Date: Dec 2007
Posts: 1,044
Thanks: 193
|
Quote:
Originally Posted by Highway of Life
Not sure I understand the question. :|
|
I ment, whats the best way to grab rows from tables from the mysql? just the good old basic ways? Also, could you help me with a COUNT(i) scheme, where it has to work with Group By? I use that as an alias cause I wouldn't know what it would be otherwise when its in the array. :P
__________________
VillageIdiot can have my babbies ;d
|
|
|
|
|
05-08-2008, 05:51 PM
|
#11 (permalink)
|
|
The Wanderer
Join Date: May 2008
Location: Beware of programmers carrying screwdrivers
Posts: 21
Thanks: 0
|
Ah, pretty much the way you did it...
Code:
SELECT column1, column2, column3
FROM table_name WHERE column4 = 'some value';
Multiple table queries would need aliases:
Code:
SELECT a.column1, a.column2, b.field1, b.field2
FROM table_name a
LEFT JOIN another_table b
ON (a.column3 = b.field3)
WHERE column4 = 'some value';
Count queries can use an alias, but the table doesn't need an alias:
Code:
SELECT COUNT(post_id) AS total_posts
FROM posts_table
WHERE post_time > 1207677000
Your assoc array would contain $array['total_posts'];
Though I would need to see your COUNT query to understand what you’re asking. :) |
|
|
|
|
05-08-2008, 05:55 PM
|
#12 (permalink)
|
|
The Prestige
Join Date: Dec 2007
Posts: 1,044
Thanks: 193
|
Quote:
Originally Posted by Highway of Life
Ah, pretty much the way you did it...
Code:
SELECT column1, column2, column3
FROM table_name WHERE column4 = 'some value';
Multiple table queries would need aliases:
Code:
SELECT a.column1, a.column2, b.field1, b.field2
FROM table_name a
LEFT JOIN another_table b
ON (a.column3 = b.field3)
WHERE column4 = 'some value';
Count queries can use an alias, but the table doesn't need an alias:
Code:
SELECT COUNT(post_id) AS total_posts
FROM posts_table
WHERE post_time > 1207677000
Your assoc array would contain $array['total_posts'];
Though I would need to see your COUNT query to understand what you’re asking. :) |
My sql, says that
Code:
SELECT COUNT(post_id) AS total_posts
FROM posts_table
WHERE post_time > 1207677000
Gives me an error, with GROUP BY needed so yeah... :P by the way, I use the extended MySQLI php5 class library, and I use fetch_object.
__________________
VillageIdiot can have my babbies ;d
|
|
|
|
|
05-08-2008, 06:15 PM
|
#13 (permalink)
|
|
The Wanderer
Join Date: May 2008
Location: Beware of programmers carrying screwdrivers
Posts: 21
Thanks: 0
|
Depending on your table, and the data you are trying to obtain, you may need a GROUP BY clause, but a COUNT SELECT doesn’t require a GROUP BY in itself.
The data is key, it would depend on what kind of data you are trying to pull from your database.
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
Join the friendly bunch on IRC...
