Thread: Parameter !

    #1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2013
    Posts
    97
    Rep Power
    0

    Parameter !


    $connection = mysql_connect("localhost","root","root");
    if (!$connection)
    {
    die('PHP Mysql database connection could not connect : ' . mysql_error());
    }

    $db_selected = mysql_select_db("php_mysql",$connection);

    $sql_query = "SELECT * from user";
    $result = mysql_query($sql_query, $connection);

    WHY HERE WE ARE USING $connection again in MySQL_query() function ??
  2. #2
  3. Code Monkey V. 0.9
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Mar 2005
    Location
    A Land Down Under
    Posts
    2,101
    Rep Power
    1990
    This is a case of RTFM... http://www.php.net/mysql_query

    The $connection variable is optional and is mostly used when you have more then one database connection to work with so that you do the query on the correct database. If you've only got one database connection set up you don't need to use it, but if you're working with multiple connections you should use it. Even with just one it's still good practice to include it so that you can get used to the syntax when you need it later on.

    Oh, and because I know that it will be mentioned here somewhere - You should not be using the deprecated mysql_* functions. You should be using the mysqli_* functions or PDO for any database interaction.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2013
    Posts
    97
    Rep Power
    0

    Thumbs up Yo !


    Yes catacaustic, you are right ... my teacher educating me with basic CMS nowadays to understand PHP and MySQL integration ... He told me he will taught me OOP and other PHP stuff ! Thank for this kind reply. Meet you soon !
  6. #4
  7. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Hi,

    if you're self-confident enough, you should tell your teacher that those programming techniques are considered outdated, dangerous and just sloppy.

    Pretty much every line of this is bad practice. It starts with the old MySQL extension, which is obsolete since almost a decade (as already mentioned by Catacaustic). Using die() to display errors poses a massive security hole, because it bypasses all error surpressing mechanisms and will leak important info about your system. Using the database root for an application is just absurd. Using SELECT * is very sloppy and dangerous, because it will load even the most sensitive user data (passwords, email addresses etc.) into the application. The variable names are also ... debateable.

    You may say this doesn't matter for a beginners' course. But I think this is especially import for beginners, because those are the most basic things you need to take care of when programming web scripts. I mean, when you learn to drive, does the driving school teach you to run over red lights and ignore all speed limits, "because those things are not important for a beginner"? To the contrary, they're particularly picky about traffic rules.

    And writing proper PHP is neither difficult nor effortful. All you need to do is care about the things you do and keep up to date.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2013
    Posts
    97
    Rep Power
    0
    @Jacques1

    Yeah but for learning purpose I have to go through it you know I started to learn PHP 3 years ago but due to my ailment I never had it finished. So, again I started it with new zeal and I think all those dangerous stuff was useful back then. I`ll surely go with the new one after I got deeper understanding how to write my own code !
    Happy now my friend !

IMN logo majestic logo threadwatch logo seochat tools logo