Help with my php code

[boang3000]

---

can be prevented if they use mysql_real_escape_string or mysql_escape_string (DEPRECEATED)

there are lot of possible solutions but this are the straight forward one... always use this if you have form that interact with your database or else ma inject-kan ang imo db...

mao jd sakto jd c salbahis. mysql_real_escape_string kay gamit kayo mao jd ni gamit sa mga programmers mostly.

[Klave]

@boang3000 and @salbahis?
asay mas effective og gamit compared to prepared statements?
Prepared statements ang akoang current ron...Hehehe

[boang3000]

mysql_real_escape_string lang kay basaha ni nga link kay d ko khbw mo explain bsta related to sql mao jd na gamiton PHP: mysql_real_escape_string - Manual.

md5 kay gamit sad na xa for encrypting what about filters?

[salbahis]

@boang3000 and @salbahis?
asay mas effective og gamit compared to prepared statements?
Prepared statements ang akoang current ron...Hehehe

depende sa imo need, either way the most important thing is the results if it satifies you and client then thats fair enough

there are pros and cons sa prepared statements it has better security but it is quite slow in executing, considering that it is prepared you dont have and option to further optimize and make execute faster....

there no such thing as a perfect code, only better!!

[salbahis]

Simplified user login authentication

PHP Code:

$user_name = mysql_real_escape_string($_POST['user_name']);
$user_password = mysql_real_escape_string($_POST['user_password']); 


if you want to add more password security you can use hashing by using md5, the downside is, md5 is a one-way encryption procedure, it only ecrypt but it cant decrypt most website uses this type of encryption along side with adding salt to the parameter, in this way to retrieve the password you have to regenerate it again

PHP Code:

// With salt
$user_password = md5('salbahis-gwapo@'.$user_password);

// Without salt
$user_password = md5($user_password); 


To make this query works MORE better, you have to make sure the table structure of user name are set to UNIQUE, or atleast all data save on that field are unique

PHP Code:

$res = mysql_query("SELECT TRUE AS is_exist FROM user_table WHERE username='".$user_name."' AND password='".$user_password."'");
$isfound = mysql_fetch_object($res);
if($isfound->is_exist){
    // OK
}else{
    // Not OK
} 


or this one

PHP Code:

$res = mysql_query("SELECT COUNT(username) AS _count FROM user_table WHERE username='".$user_name."' AND password='".$user_password."'");
$user = mysql_fetch_object($res);
if($user->_count == 1){
    // OK
}elseif($user->_count > 1){
    // Duplicate username
}else{
    // Not OK
} 


and another one

PHP Code:

$res = mysql_query("SELECT username FROM user_table WHERE username='".$user_name."' AND password='".$user_password."'");
$num_rows = mysql_num_rows($res)
if($num_rows == 1){
    // OK
}elseif($num_rows > 1){
    // Duplicate username
}else{
    // Not OK
} 


dili kay simplified ang code sample ninyo so i made it simplified...

[domzky]

Hello istoryans.

kinsay naay code sa php log in log out
pwede ku manga yu sa code maglisod kog connect sa mysql database
daghan error.
Design ra jud akong mahimo pero sa functionality sa program daghan jud
error..
pls give me the code of php log in log out..k ng ma k connect ku sa database..

i hope naay muhatag sa code..


tnks..& god bless..

[domzky]

hello kinsay naay code sa php log in log out?
ka ng ma k connect ku sa database,
pwede ku mangayu?

tnks..

[salbahis]

hello kinsay naay code sa php log in log out?
ka ng ma k connect ku sa database,
pwede ku mangayu?

tnks..

try ngadto sa php.net or w3school.com to tana imo kinahanglan... if not google is your friend