[PHP]Simple Flat File Login Form

BrettFreeman

BrettFreeman

New Member
Messages
106
Reaction score
0
Points
0
In this tutorial, I will show you have to creat a simple flatfile PHP login system.

This is our code, I will break it down at the end:
Login.php:
PHP: 
<html>
<head>
<title>Login</title>
</head>
<body>
<form action="./login.php" method="post">
<input type="text" name="uname">
<input type="password" name="pwd">
<input type="submit" value="Login!">
</form>
</body>
</html>

<?
if ($_POST[pwd] !== "test" || $_POST[uname] !== "test") {
   echo "Sorry, try again!";
} else {
  echo "Welcome $_POST[uname]!";
}
?>

To break it down, the HTML is pretty simple. It is a form that will verify on it's self.

The PHP between the <? ?> tags verifys than information. Right now we have the username & password set to 'test'. You can set these to anything you wish. The != says if the username & password are NOT equal to test, do this. I have it set to echo Sorry, try again. If it is equal, it will go the the } else { and display anything under that. I hope this tutorial helped some. I will soon do one with MySQL and cookies.

-Brett Freeman
 
C

CheetahShrk

New Member
Messages
204
Reaction score
0
Points
0
For the form action you could also use <?php echo $PHP_SELF;?> so it submits the form to itself.
 
Origin

Origin

New Member
Messages
1,082
Reaction score
0
Points
0
That is by no ways complicated... Nor is it safe.

So you login just for it to say "Welcome"? lmao
 
Chris

Chris

New Member
Messages
1,538
Reaction score
0
Points
0
Origin said:
That is by no ways complicated... Nor is it safe.

So you login just for it to say "Welcome"? lmao
Click to expand...

Notice the word "simple" in the title.

I know it's not safe, but try to get the username/password from http://achtunga.org/login.php. By the way, I didn't add any extra layer of security. I don't mean "try to get the username/password" by hacking. If you know of some way to get it, then get it. Obviously, if you hack it, you'll get it. You can hack anything, as secure as it might be, such as professional-done logins.

You can make it create a page... Just because he just made it say welcome doesn't mean you can't do other things...
 
Last edited:
C

clement

New Member
Messages
146
Reaction score
0
Points
0
Chris said:
Notice the word "simple" in the title.

I know it's not safe, but try to get the username/password from http://achtunga.org/login.php. By the way, I didn't add any extra layer of security. I don't mean "try to get the username/password" by hacking. If you know of some way to get it, then get it. Obviously, if you hack it, you'll get it. You can hack anything, as secure as it might besuch as professional-done logins.

You can make it create a page... Just because he just made it say welcome doesn't mean you can't do other things...
Click to expand...

i agree..man that dude is just trying to help some ppl out here who might have a use for it so give him a break :eek:riginal:
 
BrettFreeman

BrettFreeman

New Member
Messages
106
Reaction score
0
Points
0
BrettFreeman said:
I will soon do one with MySQL and cookies.
Click to expand...

This one will be coming soon. I should just post it right now, seeing as some of you were not satisified with my current tutorial. I relize that it is very insecure, but if you have a need for a quick login page, this would be the way to go, instead of creating a MySQL database, etc.
 
Conquester777

Conquester777

New Member
Messages
180
Reaction score
0
Points
0
I belive you can just do this:
<form method="post">

with no action, and it will post to itself. a touch cleaner. (it works, but is it legal?)

and it's not really a login... it's like the javascript windows you can have popup, you put in your name, and it'll say hi ____. and then you can have it say different things to different names...

add either sessions or cookies and then you have a simple -login-
 
E

esoterikdesign

New Member
Messages
3
Reaction score
0
Points
0
I'm curious, how is this not safe? If you mean it's open to variable injection, it isn't; if the user doesn't enter "test" for both the username and password, it simply echoes back the "try again" message; if however, the user does enter "test" and "test", it will always echo back "Welcome, test."

Where's the security problem?

EDIT: My apologies; I didn't realize that Brett had used the || (or) operator and not the && (and) operator. Had he used the latter, this script would be safe. Because he used the former, a malicious user could enter "test" for the password and "eval([just about anything])" for the username, thus resulting in all of the code inside the eval() code being executed. Now I find myself wishing somebody elaborated even slightly on the security risk of the script prior to my posting.

Oh, and by the way, to have a form submit to the page it's included on, the best method is to use action=""; using PHP_SELF makes things more difficult than necessary, and excluding the action attribute makes for invalid code.
 
Last edited:
Chris Z

Chris Z

Active Member
Messages
5,603
Reaction score
0
Points
36
Also, just a little tip, do not use shortags, such as:
PHP: 
<?
?>
always use:
PHP: 
<?php
?>
this may save you headaches when trying to debug a script.
 
malfist

malfist

New Member
Messages
67
Reaction score
0
Points
0
And using the short tags can mess with XML if you ever use any.

Not to be rude or anything, not only is that not secure, it's useless to php newcomers. Maybe if you was showing them how to use POST instead of a flatfile login, I wouldn't be so disappointed.
 
Slothie

Slothie

New Member
Messages
1,429
Reaction score
0
Points
0
How nice... a code snippet. This is what I use (bear in mind this is only the access class)

PHP: 
<?php
/**
 PHP Class to user access (login, register, logout, etc)
 
 <?php
 include('access.class.php');
 $user = new ezAccess();
if (!$user->is_loaded()) {
	//display some unauthorized login page here... 
} 
}
 ? >
 */

/**
 * ez Access - The main class
 * 
 * @param string $dbName
 * @param string $dbHost 
 * @param string $dbUser
 * @param string $dbPass
 * @param string $dbTable
 */

class ezAccess{
  /*Settings*/
  /**
   * The database that we will use
   * var string
   */
  var $dbName = 'database';
  /**
   * The database host
   * var string
   */
  var $dbHost = 'localhost';
  /**
   * The database port
   * var int
   */
  var $dbPort = 3306;
  /**
   * The database user
   * var string
   */
  var $dbUser = 'user';
  /**
   * The database password
   * var string
   */
  var $dbPass = 'password';
  /**
   * The database table that holds all the information
   * var string
   */
  var $dbTable  = 'users';
  /**
   * The session variable ($_SESSION[$sessionVariable]) which will hold the data while the user is logged on
   * var string
   */
  var $sessionVariable = 'userSessionValue';
  /**
   * Those are the fields that our table uses in order to fetch the needed data. The structure is 'fieldType' => 'fieldName'
   * var array
   */
  var $tbFields = array(
  	'userID'=> 'userID', 
  	'login' => 'username',
  	'pass'  => 'password',
  	'email' => 'email',
  	'active'=> 'active'
  );
	/**
   * When user wants the system to remember him/her, how much time to keep the cookie? (seconds)
   * var int
   */
  var $remTime = 2592000;//One month
  /**
   * The name of the cookie which we will use if user wants to be remembered by the system
   * var string
   */
  var $remCookieName = 'ckSavePass';
  /**
   * The cookie domain
   * var string
   */
  var $remCookieDomain = '';
  /**
   * The method used to encrypt the password. It can be sha1, md5 or nothing (no encryption)
   * var string
   */
  var $passMethod = 'sha1';
  /**
   * Display errors? Set this to true if you are going to seek for help, or have troubles with the script
   * var bool
   */
  var $displayErrors = true;
  /*Do not edit after this line*/
  var $userID;
  var $dbConn;
  var $userData=array();
  /**
   * Class Constructure
   * 
   * @param string $dbConn 
   * @return void
   */
  function ezAccess($dbConn = '')
  {
		$this->remCookieDomain = $_SERVER['HTTP_HOST'];
		$this->dbConn = ($dbConn=='')? mysql_connect($this->dbHost.':'.$this->dbPort, $this->dbUser, $this->dbPass):$this->dbConn = $dbConn;
		if ( !$this->dbConn ) die(mysql_error($this->dbConn));
		mysql_select_db($this->dbName, $this->dbConn)or die(mysql_error($this->dbConn));
		if( !isset( $_SESSION ) ) session_start();
		if ( !empty($_SESSION[$this->sessionVariable]) )
		{
			$this->loadUser( $_SESSION[$this->sessionVariable] );
		}
		//Maybe there is a cookie?
		if ( isset($_COOKIE[$this->remCookieName]) && !$this->is_loaded()){
		  //echo 'I know you<br />';
		  $u = unserialize(base64_decode($_COOKIE[$this->remCookieName]));
		  $this->login($u['uname'], $u['password']);
		}
  }
  
  /**
  	* Login function
  	* @param string $uname
  	* @param string $password
  	* @param bool $loadUser
  	* @return bool
  */
  function login($uname, $password, $remember = false, $loadUser = true)
  {
    	$uname    = $this->escape($uname);
    	$password = $originalPassword = $this->escape($password);
		switch(strtolower($this->passMethod)){
		  case 'sha1':
		  	$password = "SHA1('$password')"; break;
		  case 'md5' :
		  	$password = "MD5('$password')";break;
		  case 'nothing':
		  	$password = "'$password'";
		}
		$res = $this->query("SELECT * FROM `{$this->dbTable}` 
		WHERE `{$this->tbFields['login']}` = '$uname' AND `{$this->tbFields['pass']}` = $password LIMIT 1",__LINE__);
		if ( @mysql_num_rows($res) == 0)
			return false;
		if ( $loadUser )
		{
			$this->userData = mysql_fetch_array($res);
			$this->userID = $this->userData[$this->tbFields['userID']];
			$_SESSION[$this->sessionVariable] = $this->userID;
			if ( $remember ){
			  $cookie = base64_encode(serialize(array('uname'=>$uname,'password'=>$originalPassword)));
			  $a = setcookie($this->remCookieName, 
			  $cookie,time()+$this->remTime, '/', $this->remCookieDomain);
			}
		}
		return true;
  }
  
  /**
  	* Logout function
  	* param string $redirectTo
  	* @return bool
  */
  function logout($redirectTo = '')
  {
		unset($_COOKIE[$this->remCookieName]);
    $_SESSION[$this->sessionVariable] = '';
    if ( $redirectTo != '' && !headers_sent()){
	   header('Location: '.$redirectTo );
	   exit;//To ensure security
	}
  }
  /**
  	* Function to determine if a property is true or false
  	* param string $prop
  	* @return bool
  */
  function is($prop){
  	return $this->get_property($prop)==1?true:false;
  }
  
    /**
  	* Get a property of a user. You should give here the name of the field that you seek from the user table
  	* @param string $property
  	* @return string
  */
  function get_property($property)
  {
    if (empty($this->userID)) $this->error('No user is loaded', __LINE__);
    if (!isset($this->userData[$property])) $this->error('Unknown property <b>'.$property.'</b>', __LINE__);
    return $this->userData[$property];
  }
  /**
  	* Is the user an active user?
  	* @return bool
  */
  function is_active()
  {
    return $this->userData[$this->tbFields['active']];
  }
  
  /**
   * Is the user loaded?
   * @ return bool
   */
  function is_loaded()
  {
    return empty($this->userID) ? false : true;
  }
  /**
  	* Activates the user account
  	* @return bool
  */
  function activate()
  {
    if (empty($this->userID)) $this->error('No user is loaded', __LINE__);
    if ( $this->is_active()) $this->error('Allready active account', __LINE__);
    $res = $this->query("UPDATE `{$this->dbTable}` SET {$this->tbFields['active']} = 1 
	WHERE `{$this->tbFields['userID']}` = '".$this->escape($this->userID)."' LIMIT 1");
    if (@mysql_affected_rows() == 1)
	{
		$this->userData[$this->tbFields['active']] = true;
		return true;
	}
	return false;
  }
  /*
   * Creates a user account. The array should have the form 'database field' => 'value'
   * @param array $data
   * return int
   */  
  function insertUser($data){
    if (!is_array($data)) $this->error('Data is not an array', __LINE__);
    switch(strtolower($this->passMethod)){
	  case 'sha1':
	  	$password = "SHA1('".$data[$this->tbFields['pass']]."')"; break;
	  case 'md5' :
	  	$password = "MD5('".$data[$this->tbFields['pass']]."')";break;
	  case 'nothing':
	  	$password = $data[$this->tbFields['pass']];
	}
    foreach ($data as $k => $v ) $data[$k] = "'".$this->escape($v)."'";
    $data[$this->tbFields['pass']] = $password;
    $this->query("INSERT INTO `{$this->dbTable}` (`".implode('`, `', array_keys($data))."`) VALUES (".implode(", ", $data).")");
    return (int)mysql_insert_id($this->dbConn);
  }
  ////////////////////////////////////////////
  // PRIVATE FUNCTIONS
  ////////////////////////////////////////////
  
  /**
  	* SQL query function
  	* @access private
  	* @param string $sql
  	* @return string
  */
  function query($sql, $line = 'Uknown')
  {
    //if (defined('DEVELOPMENT_MODE') ) echo '<b>Query to execute: </b>'.$sql.'<br /><b>Line: </b>'.$line.'<br />';
	$res = mysql_db_query($this->dbName, $sql, $this->dbConn);
	if ( !res )
		$this->error(mysql_error($this->dbConn), $line);
	return $res;
  }
  
  /**
  	* A function that is used to load one user's data
  	* @access private
  	* @param string $userID
  	* @return bool
  */
  function loadUser($userID)
  {
	$res = $this->query("SELECT * FROM `{$this->dbTable}` WHERE `{$this->tbFields['userID']}` = '".$this->escape($userID)."' LIMIT 1");
    if ( mysql_num_rows($res) == 0 )
    	return false;
    $this->userData = mysql_fetch_array($res);
    $this->userID = $userID;
    $_SESSION[$this->sessionVariable] = $this->userID;
    return true;
  }

  /**
  	* Produces the result of addslashes() with more safety
  	* @access private
  	* @param string $str
  	* @return string
  */  
  function escape($str)
  {
    $str = get_magic_quotes_gpc()?stripslashes($str):$str;
    $str = mysql_real_escape_string($str, $this->dbConn);
    return $str;
  }
  
  /**
  	* Error holder for the class
  	* @access private
  	* @param string $error
  	* @param int $line
  	* @param bool $die
  	* @return bool
  */  
  function error($error, $line = '', $die = false)
  {
    if ( $this->displayErrors )
    	echo '<b>Error: </b>'.$error.'<br /><b>Line: </b>'.($line==''?'Unknown':$line).'<br />';
    if ($die) exit;
    return false;
  }
}
?>

It'd post some examples but its almost 5am here =/
 
Last edited:
DarkDragonLord

DarkDragonLord

New Member
Messages
782
Reaction score
0
Points
0
BrettFreeman said:
This one will be coming soon. I should just post it right now, seeing as some of you were not satisified with my current tutorial. I relize that it is very insecure, but if you have a need for a quick login page, this would be the way to go, instead of creating a MySQL database, etc.
Click to expand...



Waiting very excited for that :D

could you post a register.php (that write in mysql) and a login.php ?

and the code taht we can add in the restricted pages that verifies if is logged?

With comments and explanations if possible :D
^__________________________________________^


thanks
 
Slothie

Slothie

New Member
Messages
1,429
Reaction score
0
Points
0
Based on my class

1. Login / Logout
PHP: 
<?
/*
Basic login example with php user class
*/
require_once 'access.class.php';
$user = new ezAccess();
if ( $_GET['logout'] == 1 ) 
	$user->logout('http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']);
if ( !$user->is_loaded() )
{
	//Login stuff:
	if ( isset($_POST['uname']) && isset($_POST['pwd'])){
	  if ( !$user->login($_POST['uname'],$_POST['pwd'],$_POST['remember'] )){//Mention that we don't have to use addslashes as the class do the job
	    echo 'Wrong username and/or password';
	  }else{
	    //user is now loaded
	    header('Location: http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']);
	  }
	}
	echo '<h1>Login</h1>
	<p><form method="post" action="'.$_SERVER['PHP_SELF'].'" />
	 username: <input type="text" name="uname" /><br /><br />
	 	 password: <input type="password" name="pwd" /><br /><br />
	 Remember me? <input type="checkbox" name="remember" value="1" /><br /><br />
	 <input type="submit" value="login" />
	</form>
	</p>';
}else{
  //User is loaded
  echo '<a href="'.$_SERVER['PHP_SELF'].'?logout=1">logout</a>';
}
?>

2. Register
PHP: 
<?
/*
Adding a user to a table. Here is the table that I am using (it is the same we use with the default settings):
====================== MySQL Dump ===============================
CREATE TABLE `users` (
  `userID` mediumint(8) unsigned NOT NULL auto_increment,
  `ucode` varchar(50) NOT NULL default '',
  `username` varchar(50) NOT NULL default '',
  `password` varchar(100) NOT NULL default '',
  `email` varchar(150) NOT NULL default '',
  `active` tinyint(1) NOT NULL default '0',
  PRIMARY KEY  (`userID`),
  UNIQUE KEY `username` (`username`),
  UNIQUE KEY `email` (`email`),
  KEY `active` (`active`)
) ENGINE=MyISAM  DEFAULT CHARSET=utf8;
================================================================
In this example we will automatically activate the user
IMPORTANT:
Do not use this example as is. Here we do not validate anything. In your application you should validate the data first, but you don't have to addslashes() as the class does this operation.
*/

if (!empty($_POST['username'])){
  //Register user:
  require_once 'access.class.php';
  $user = new ezAccess();
  //The logic is simple. We need to provide an associative array, where keys are the field names and values are the values :)
  $data = array(
  	'username' => $_POST['username'],
  	'email' => $_POST['email'],
  	'password' => $_POST['pwd'],
  	'active' => 1
  );
  $userID = $user->insertUser($data);//The method returns the userID of the new user or 0 if the user is not added
  if ($userID==0)
  	echo 'User not registered';//user is allready registered or something like that
  else
  	echo 'User registered with user id '.$userID;
}


echo '<h1>Register</h1>
	<p><form method="post" action="'.$_SERVER['PHP_SELF'].'" />
	 username: <input type="text" name="username" /><br /><br />
	 password: <input type="password" name="pwd" /><br /><br />
	 email: <input type="text" name="email" /><br /><br />
	 <input type="submit" value="Register user" />
	</form>
	</p>';

?>
 
warlordste

warlordste

New Member
Messages
653
Reaction score
0
Points
0
if u can look at the coding behind the website it is pretty easy to find out the password
 
malfist

malfist

New Member
Messages
67
Reaction score
0
Points
0
slothie, that looks pretty good, but you don't escape any of the input from the users and are vulnerable to sql-injection attacks.
My DatabaseManager class isn't the best, but it's something to start on.
PHP: 
<?php
/**
 *	Creates a connection to the database
 *  Designed to be secure.
 *
 *	Please correct or alert me to any security
 *	flaws
 *	jeromehollon@gmail.com
*/
class DatabaseManager{
	var $dbName;
	var $connection;
	var $db;
	var $dbUser;
	
	function DatabaseManager($database = -1, $password = "", $hoster = "localhost", $user = 0)
	{
		if(is_numeric($priv))
		{
			switch($priv)
			{
				case 0:
					$this->dbUser = "malfist_ro";
					break;
				case 1:
					$this->dbUser = "malfist_rw";
					break;
				/*case 2:	//shouldn't need this, this is only for phpMyAdmin stuff, all privlages are granted to malfist_malfist
					$this->dbUser = "malfist_malfist";
					break; */
				default:
					$this->dbUser = "ERROR";
			}
		}
		if(is_numeric($database))
		{
			switch ($databse)
			{
				case 0:
					$this->dbName = "malfist_users";
					break;			
				case 1:
					$this->dbName = "malfist_forums";
					break;
				default:
					$this->dbName = "ERROR";
			}
		}else
		$this->dbName = $database;
		$this->connection = mysql_connect($hoster,$this->dbUser,$password);// or die("dm.1".mysql_error());
		$this->db = mysql_select_db($this->dbName);// or die("dm.2: ".mysql_error());
	}
	
	/*function count($table)
	{
		$sql = "count(*) from $table";
		$result = $this->select($sql);
		$row = mysql_fetch_array($result);
		$current = $row[0];
		
		return $current;
	}*/
		
	/**
	* Closes database connection and hopefully
	*/
	function closeConnection()
	{
		mysql_close();
		unset($this);
	}
	/**
	* @return Database Name
	*/
	function getDatabaseName()
	{
		return $this->dbName;
	}
	function makeSafe($query)
	{
		return mysql_real_escape_string($query);
	}
	/**
	 *	@return username for database
	 */
	function getDatabaseUsername()
	{
		return $this->dbUser;
	}
	/**
	*	@return user privage for databse
	*/
	function getDatabaseUser()
	{
		if($this->dbUser == "malfist_ro")
			return 0;
		else if($this->dbUser == "malfist_rw")
			return 1;
		else
			return -1;
	}
	/**
	* Use only if already safe, and if makeing it safe interfears with quotes
	*/
	function unsafeQuery($query)
	{
		return mysql_query($query);
	}
	
	/**
	  * The query to use.
	  *	@param $query holds the query with %s as the values
	  *	@param $params is an array that holds the values that replace the %s's
	  */
	function query($query,$params=array()) 
	{
		for ($i=0;$i<count($params);$i++) {
			$params[$i] = mysql_real_escape_string($params[$i]);
		}	
		$prep_query = vsprintf($query,$params);
		return mysql_query($prep_query);
	}
	
	/**
	 *	Used for fetching an array (keys and numbers) from a resultset
	 */
	function fetchArray($resultset)
	{
		return mysql_fetch_array($resultset);
	}
	
	/**
	 *	Get error from last query
	 */
	function error()
	{
		return mysql_error();
	}

}

?>
 
Last edited:
Chris Z

Chris Z

Active Member
Messages
5,603
Reaction score
0
Points
36
Yeah, it really would just be easier and more secure if you use a MySQL database. It's not hard at all either.
 
Slothie

Slothie

New Member
Messages
1,429
Reaction score
0
Points
0
malfist said:
slothie, that looks pretty good, but you don't escape any of the input from the users and are vulnerable to sql-injection attacks.
My DatabaseManager class isn't the best, but it's something to start on.
PHP: 
<?php
/**
 *    Creates a connection to the database
 *  Designed to be secure.
 *
 *    Please correct or alert me to any security
 *    flaws
 *    jeromehollon@gmail.com
*/
class DatabaseManager{
    var $dbName;
    var $connection;
    var $db;
    var $dbUser;
    
    function DatabaseManager($database = -1, $password = "", $hoster = "localhost", $user = 0)
    {
        if(is_numeric($priv))
        {
            switch($priv)
            {
                case 0:
                    $this->dbUser = "malfist_ro";
                    break;
                case 1:
                    $this->dbUser = "malfist_rw";
                    break;
                /*case 2:    //shouldn't need this, this is only for phpMyAdmin stuff, all privlages are granted to malfist_malfist
                    $this->dbUser = "malfist_malfist";
                    break; */
                default:
                    $this->dbUser = "ERROR";
            }
        }
        if(is_numeric($database))
        {
            switch ($databse)
            {
                case 0:
                    $this->dbName = "malfist_users";
                    break;            
                case 1:
                    $this->dbName = "malfist_forums";
                    break;
                default:
                    $this->dbName = "ERROR";
            }
        }else
        $this->dbName = $database;
        $this->connection = mysql_connect($hoster,$this->dbUser,$password);// or die("dm.1".mysql_error());
        $this->db = mysql_select_db($this->dbName);// or die("dm.2: ".mysql_error());
    }
    
    /*function count($table)
    {
        $sql = "count(*) from $table";
        $result = $this->select($sql);
        $row = mysql_fetch_array($result);
        $current = $row[0];
        
        return $current;
    }*/
        
    /**
    * Closes database connection and hopefully
    */
    function closeConnection()
    {
        mysql_close();
        unset($this);
    }
    /**
    * @return Database Name
    */
    function getDatabaseName()
    {
        return $this->dbName;
    }
    function makeSafe($query)
    {
        return mysql_real_escape_string($query);
    }
    /**
     *    @return username for database
     */
    function getDatabaseUsername()
    {
        return $this->dbUser;
    }
    /**
    *    @return user privage for databse
    */
    function getDatabaseUser()
    {
        if($this->dbUser == "malfist_ro")
            return 0;
        else if($this->dbUser == "malfist_rw")
            return 1;
        else
            return -1;
    }
    /**
    * Use only if already safe, and if makeing it safe interfears with quotes
    */
    function unsafeQuery($query)
    {
        return mysql_query($query);
    }
    
    /**
      * The query to use.
      *    @param $query holds the query with %s as the values
      *    @param $params is an array that holds the values that replace the %s's
      */
    function query($query,$params=array()) 
    {
        for ($i=0;$i<count($params);$i++) {
            $params[$i] = mysql_real_escape_string($params[$i]);
        }    
        $prep_query = vsprintf($query,$params);
        return mysql_query($prep_query);
    }
    
    /**
     *    Used for fetching an array (keys and numbers) from a resultset
     */
    function fetchArray($resultset)
    {
        return mysql_fetch_array($resultset);
    }
    
    /**
     *    Get error from last query
     */
    function error()
    {
        return mysql_error();
    }

}

?>
Click to expand...

I did mention it in the comments at the top, its up to the coder to sanitize the strings, either by discarding invalid characters and matching types, or just addslashes to it :)
 
malfist

malfist

New Member
Messages
67
Reaction score
0
Points
0
I did not see that, sorry. (Besides, I wanted to showcase my skillz :p)
If you can't tell by my comments, I"m a java programmer, so using classes is a must. I refuse to work on a project that abuses php.
 
Slothie

Slothie

New Member
Messages
1,429
Reaction score
0
Points
0
I work with whatever works, OOP isn't the only method of developing applications
 
malfist

malfist

New Member
Messages
67
Reaction score
0
Points
0
It may not be the only, but from my point of view, it is usually best. Granted, programs that don't have much power at their disposal probably shouldn't use it, like drivers, or calculators, or other simple machines.
But for 'real' software, OOP is nearly a must.
 
You must log in or register to reply here.
Top