MySQL Forums
Forum List  »  PHP

Re: Tie mysql database to my website
Posted by: Peter Brawley
Date: January 13, 2020 07:48PM

> $db = mysql_pconnect($dbhost,$dbuser,$dbpass);

1 The mysql API you are using is obsolete. Use the mysqli API.

2 "$db" is a misleading variable name; a connect() call returns a connection not a database. You will find yourself creating fewer errors if you use variable names that reflect their content.

3 Any database call can fail, so all such code needs error handling eg minimally ...

$conn = mysqli_connect(...) or exit( mysqli_connect_error() );

> $fetch = mysql_query("SELECT * FROM accounts WHERE login='{$_POST["register"]["name"]}'")

4 Using $_POST[] values directly in queries exposes the code to SQL injection risks. Use mysqli_escape_string on such content.

5 This call also needs error handling eg ...

$result = mysqli_query( $conn, ... ) or exit( mysqli_error($conn) );

> if (!empty($num)) die('This email already exists, Please select a new one.');

6 The query call attempted to SELECT an account, not create one, so the error message misleads.

> mysql_query("INSERT INTO `accounts`... )

7 Again fails both to track the result of the call and to fetch error info.



Edited 1 time(s). Last edit at 01/14/2020 10:41AM by Peter Brawley.

Options: ReplyQuote


Subject
Written By
Posted
Re: Tie mysql database to my website
January 13, 2020 07:48PM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.