PHP/MySQL Database/mysql real escape string

Материал из Web эксперт
Перейти к: навигация, поиск

Building Queries on the Fly

   <source lang="html4strict">

<?php 

 function opendatabase ($host,$user,$pass) {
   try {
     if ($db = mysql_connect ($host,$user,$pass)){
       return $db;
     } else {
       throw new exception ("Sorry, could not connect to mysql.");
     }
   } catch (exception $e) {
     echo $e->getmessage ();
   }
 }
 
 function selectdb ($whichdb, $db){
   try {
     if (!mysql_select_db ($whichdb,$db)){
       throw new exception ("Sorry, database could not be opened.");
     }
   } catch (exception $e) {
     echo $e->getmessage();
   }
 }
 function closedatabase ($db){
   mysql_close ($db);
 }
 $db = opendatabase ("localhost","root","");
 selectdb ("mydatabase",$db);
 $_POST["user"] = "myname";
 $_POST["pass"] = "mypassword";
 
 function validatelogin ($user,$pass){
   mysql_real_escape_string ($user);
   mysql_real_escape_string ($pass);
   $thequery = "SELECT * FROM userlogin WHERE username="$user" AND password="$pass"";
   if ($aquery = mysql_query ($thequery)){
     if (mysql_num_rows ($aquery) > 0){
       return true;
     } else {
       return false;
     }
   } else {
     echo mysql_error();
   }
 }
 
 if (validatelogin ($_POST["user"],$_POST["pass"])){
   echo "You have successfully logged in.";
 } else {
   echo "Sorry, you have an incorrect username and/or password.";
 }
 
 closedatabase ($db);

?> 

 </source>
Источник — «http://wbex.ru/index.php?title=PHP/MySQL_Database/mysql_real_escape_string&oldid=1063»