duanao6704 2013-03-28 17:55
浏览 69
已采纳

尝试查找ID或使用JOIN更有效

I made this little function that finds user's ID and I have that ID available across website because I included it before <head>

$result=mysql_query("SELECT ID FROM korisnici WHERE username='".$_COOKIE["user"]."' AND password='".$_COOKIE["pass"]."'");
$get=mysql_fetch_assoc($result);
$ID_KORISNIK=$get["ID"];
if(empty($ID_KORISNIK))
{
    echo '
        <script>window.location="IDerror.php";</script>
        ';
}

So whan I want to SELECT or INSERT into database I could use

$r=mysql_query("SELECT * FROM uzg WHERE IDkorisnik='$ID_KORISNIK'");

or use JOIN

$r=mysql_query("SELECT * FROM uzg JOIN (uzg.IDkorisnik=korisnici.ID) WHERE korisnici.username='$_COOKIE["user"]' AND korisnici.password='$_COOKIE["pass"]'");

What do you think, which one is better or effective?

  • 写回答

2条回答 默认 最新

  • duannong1801 2013-03-28 18:00
    关注
    1. Don't store password as a cookie
    2. Never trust user input, your queries are subject to SQL injection attacks
    3. Don't use mysql_* functions, use PDO or mysqli_*, and use prepared statements to prevent SQL injection attacks

    I would recommend to learn about prepared statements, and use PDO or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

    By the way I think your first solution is better (but you have to correct a lot of stuff)

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 关于大棚监测的pcb板设计
  • ¥15 stm32开发clion时遇到的编译问题
  • ¥15 lna设计 源简并电感型共源放大器
  • ¥15 如何用Labview在myRIO上做LCD显示?(语言-开发语言)
  • ¥15 Vue3地图和异步函数使用
  • ¥15 C++ yoloV5改写遇到的问题
  • ¥20 win11修改中文用户名路径
  • ¥15 win2012磁盘空间不足,c盘正常,d盘无法写入
  • ¥15 用土力学知识进行土坡稳定性分析与挡土墙设计
  • ¥15 帮我写一个c++工程