query help

[zyreena]

is this syntax correct?

$query = "SELECT off_auth.user_id FROM off_auth, off_users WHERE off_auth.user_id = off_users.user_id AND off_auth.passcode = " . $pass . " AND off_users.user_name = \"" . $user . "\";";

 

[garrettroyce]

$query = 
"SELECT off_auth.user_id 
FROM off_auth, off_users 
WHERE off_auth.user_id = off_users.user_id 
AND off_auth.passcode = '$pass' 
AND off_users.user_name = '$user'";

I like to break up my queries so you can see what you're doing a little better. Whitespace and linebreaks are ignored. Using double quotes means that variables will be parsed, so there's no need to do "string " . $var . " string", just "string $var string". You don't need a semicolon on the end of the query. Also, when you are doing comparisons, any strings need to be quoted: "and x = 'y' " not "and x = y"

A common mistake people make is to make as many tables as possible. This causes confusion, complicated queries, and referential integrity problems.

If you have tables like this:
table 1:
user ID.....user name
1...............joe
2...............bob

table 2
user ID.....user phone number
1..............123-123-1234
2..............123-123-1235

If each user only has 1 phone number, it makes no sense to add the complexity of another table.

 

[zyreena]

Thanks,. made it right.

i've got another one. whats d difference between mysql_numrows() to mysql_num_rows()?

 

[garrettroyce]

mysql_numrows() doesn't exist

 

[adamparkzer]

whats d difference between mysql_numrows() to mysql_num_rows()?

I'm pretty sure mysql_munrows() is just an alias for mysql_num_rows(), which returns the number of rows in a result.

 

[misson]

In addition to garrettroyce's advice on syntax and table design, there are two security points that should be addressed. Make sure $pass and $user have been sanitized (so that little Robert'; DROP TABLE off_auth;-- won't cause problems when he registers for your site). off_auth.passcode should store a hash (properly salted) of each user's password so that if someone compromises your server and gets the passcodes, they won't yet be able to sign in with stolen credentials (they will first need to find one of the passwords or a collision by brute force).

 

[gomarc]

I'm pretty sure mysql_munrows() is just an alias for mysql_num_rows(), which returns the number of rows in a result.

Correct!

mysql_numrows() is a deprecated alias of
mysql_num_rows()

source: http://us2.php.net/manual/en/function.mysql-num-rows.php

So you are better off using mysql_num_rows()

 

[zyreena]

therefore mysql_numrows(); no longer exists and should not be used, ryt?

and no longer supported in the latest version?

 

[garrettroyce]

They've removed the function from their PHP >= 5 documentation at php.net, so they're just keeping the function alive for the lazy coders out there who can't update their code

Using deprecated functions will actually give an error under certain conditions so I would not use them. In this case, it's just a name change, but it's still a bad practice to get into.