2009/1/16 Shawn McKenzie :
> Lars Torben Wilson wrote:
>> 2009/1/15 tedd :
>>> At 9:46 AM -0800 1/15/09, Chris Carter wrote:
>>>
>>> Chris:
>>>
>>> That's not the way I would do it. After establishing a connection with the
>>> database, I would use the query:
>>>
>>> $query "SELECT email FROM owner
At 10:36 AM -0600 1/16/09, Shawn McKenzie wrote:
mysql_num_rows() may make more sense, however mysql_affected_rows() will
work the same with a select. The PHP mysql_affected_rows() calls the
MySQL mysql_affected_rows(), which states:
"For SELECT statements, mysql_affected_rows() works like mysq
Eric Butera wrote:
$result = mysql_query($query) or die(mysql_error());
You know guys, after seeing all this talk of sql injection over the
past few days, I'd also like to point out or die is pretty bad too.
Especially when coupled with mysql_error(). It can expose sensitive
system info (secur
> $result = mysql_query($query) or die(mysql_error());
You know guys, after seeing all this talk of sql injection over the
past few days, I'd also like to point out or die is pretty bad too.
Especially when coupled with mysql_error(). It can expose sensitive
system info (security vuln) when a sim
Lars Torben Wilson wrote:
> 2009/1/15 tedd :
>> At 9:46 AM -0800 1/15/09, Chris Carter wrote:
>>
>> Chris:
>>
>> That's not the way I would do it. After establishing a connection with the
>> database, I would use the query:
>>
>> $query "SELECT email FROM owners WHERE email = '$emailAddress' ":
>>
At 11:01 PM -0800 1/15/09, Lars Torben Wilson wrote:
2009/1/15 tedd :
You want to use mysql_num_rows() there instead of
mysql_affected_rows(). (Just a typo in this case, I suspect, but for
the benefit of the less experienced it's worth pointing out.)
For the newer PHP users, mysql_num_rows() tel
2009/1/15 tedd :
> At 9:46 AM -0800 1/15/09, Chris Carter wrote:
>
> Chris:
>
> That's not the way I would do it. After establishing a connection with the
> database, I would use the query:
>
> $query "SELECT email FROM owners WHERE email = '$emailAddress' ":
> $result = mysql_query($query) or die(
2009/1/15 tedd
> At 9:46 AM -0800 1/15/09, Chris Carter wrote:
>
> Chris:
>
> That's not the way I would do it. After establishing a connection with the
> database, I would use the query:
>
> $query "SELECT email FROM owners WHERE email = '$emailAddress' ":
> $result = mysql_query($query) or die(
At 9:46 AM -0800 1/15/09, Chris Carter wrote:
Chris:
That's not the way I would do it. After establishing a connection
with the database, I would use the query:
$query "SELECT email FROM owners WHERE email = '$emailAddress' ":
$result = mysql_query($query) or die(mysql_error());
if(mysql_aff
You might want to (seriously) look at the PEAR Auth class.
It can save you a TON of time...all the stuff you're trying to do with
this code (that you were just told you're going to have to rewrite) is
already done for you.
It's very handy for registering/tracking users of your sites.
John Corry
Welcome to the list, Chris.
Your code is going to require some rewriting to save you a lot of
headaches and serious security issues down the road. So here we go:
On Thu, Jan 15, 2009 at 12:46, Chris Carter wrote:
*/
if($_POST['submit']) {
// Check to see if the user already exist
Hi,
I know this is very basic question, this is so because I am a basic
programmer struggling to make things work.
Where in this code should I be trying to check if the user already exists
and throw an error saying "The user already exists ding ding ding". The
check has to be done with the email
12 matches
Mail list logo
