a better way, code technique?

is there a better way (hopefully simpler) to code this?

i want to get the user id of the logged in user to use in my next statement.

$q1 = sprintf("SELECT uid FROM users WHERE users.username='$username'");
$result1 = mysql_query($q1);
$uid = mysql_fetch_array($result1);
$u = $uid['uid'];

it seems like a long way around to get 1 bit of data??


--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=gcdmg-mysql-2@m.gmane.org

AW: a better way, code technique?

You should escape $username before passing it to mysql if its user
submitted data ... sql-injection

one/two liner: but error prone!

$un =3D mysql_real_escape_string($username);
list($id) =3D mysql_fetch_row(mysql_query("SELECT uid FROM users WHERE =
username=3D'{$un}'");

better would be=20

$result =3D mysql_query...

if (!$result)
die("error: ".mysql_error());

list($uid) =3D mysql_fetch_row($result);

if (!$uid)
die("no user with {$uname} found!");

do something with $uid

Majk
-----Ursprüngliche Nachricht-----
Von: AndrewJames [mailto:andrewhudds@gmail.com]=20
Gesendet: Freitag, 4. September 2009 12:52
An: mysql@lists.mysql.com
Betreff: a better way, code technique?

is there a better way (hopefully simpler) to code this?

i want to get the user id of the logged in user to use in my next =
statement.

$q1 =3D sprintf("SELECT uid FROM users WHERE =
users.username=3D'$username'");
$result1 =3D mysql_query($q1);
$uid =3D mysql_fetch_array($result1);
$u =3D $uid['uid'];

it seems like a long way around to get 1 bit of data??=20


--=20
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: =
http://lists.mysql.com/mysql?unsub=3Dmajk.skoric@eventim.de


--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=3Dgcdmg-mysql-2@m.gmane.o rg

AW: a better way, code technique?

little error

-list($id) =3D mysql_fetch_row(mysql_query("SELECT uid FROM users WHERE
+list($uid) =3D mysql_fetch_row(mysql_query("SELECT uid FROM users WHERE

Majk
-----Ursprüngliche Nachricht-----
Von: Majk.Skoric@eventim.de [mailto:Majk.Skoric@eventim.de]=20
Gesendet: Freitag, 4. September 2009 13:00
An: andrewhudds@gmail.com; mysql@lists.mysql.com
Betreff: AW: a better way, code technique?

You should escape $username before passing it to mysql if its user
submitted data ... sql-injection

one/two liner: but error prone!

$un =3D mysql_real_escape_string($username);
list($id) =3D mysql_fetch_row(mysql_query("SELECT uid FROM users WHERE =
username=3D'{$un}'");

better would be=20

$result =3D mysql_query...

if (!$result)
die("error: ".mysql_error());

list($uid) =3D mysql_fetch_row($result);

if (!$uid)
die("no user with {$uname} found!");

do something with $uid

Majk
-----Ursprüngliche Nachricht-----
Von: AndrewJames [mailto:andrewhudds@gmail.com]=20
Gesendet: Freitag, 4. September 2009 12:52
An: mysql@lists.mysql.com
Betreff: a better way, code technique?

is there a better way (hopefully simpler) to code this?

i want to get the user id of the logged in user to use in my next =
statement.

$q1 =3D sprintf("SELECT uid FROM users WHERE =
users.username=3D'$username'");
$result1 =3D mysql_query($q1);
$uid =3D mysql_fetch_array($result1);
$u =3D $uid['uid'];

it seems like a long way around to get 1 bit of data??=20


--=20
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: =
http://lists.mysql.com/mysql?unsub=3Dmajk.skoric@eventim.de


--=20
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: =
http://lists.mysql.com/mysql?unsub=3Dmajk.skoric@eventim.de


--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=3Dgcdmg-mysql-2@m.gmane.o rg

Re: a better way, code technique?

AndrewJames wrote:

> is there a better way (hopefully simpler) to code this?
>=20
> i want to get the user id of the logged in user to use in my next
> statement.
>=20
> $q1 =3D sprintf("SELECT uid FROM users WHERE
> users.username=3D'$username'"); =20

The only "improvement" I can see is:

$q1 =3D sprintf("SELECT uid FROM users WHERE users.username=3D'%s'",
$username); =20


/Per Jessen, Zürich


--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=3Dgcdmg-mysql-2@m.gmane.o rg

AW: Re: a better way, code technique?

LS0tLS1VcnNwcsO8bmdsaWNoZSBOYWNocmljaHQtLS0tLQ0KVm9uOiBQZXIg SmVzc2VuIFttYWls
dG86cGVyQGNvbXB1dGVyLm9yZ10gDQpHZXNlbmRldDogRnJlaXRhZywgNC4g U2VwdGVtYmVyIDIw
MDkgMTM6MDUNCkFuOiBteXNxbEBsaXN0cy5teXNxbC5jb20NCkJldHJlZmY6 IFJlOiBhIGJldHRl
ciB3YXksIGNvZGUgdGVjaG5pcXVlPw0KDQpBbmRyZXdKYW1lcyB3cm90ZToN Cg0KPj4gaXMgdGhl
cmUgYSBiZXR0ZXIgd2F5IChob3BlZnVsbHkgc2ltcGxlcikgdG8gY29kZSB0 aGlzPw0KPj4gDQo+
PiBpIHdhbnQgdG8gZ2V0IHRoZSB1c2VyIGlkIG9mIHRoZSBsb2dnZWQgaW4g dXNlciB0byB1c2Ug
aW4gbXkgbmV4dA0KPj4gc3RhdGVtZW50Lg0KPj4gDQo+PiAkcTEgPSBzcHJp bnRmKCJTRUxFQ1Qg
dWlkIEZST00gdXNlcnMgV0hFUkUNCj4+IHVzZXJzLnVzZXJuYW1lPSckdXNl cm5hbWUnIik7ICAN
Cg0KPlRoZSBvbmx5ICJpbXByb3ZlbWVudCIgSSBjYW4gc2VlIGlzOg0KPg0K PiRxMSA9IHNwcmlu
dGYoIlNFTEVDVCB1aWQgRlJPTSB1c2VycyBXSEVSRSB1c2Vycy51c2VybmFt ZT0nJXMnIiwNCj4k
dXNlcm5hbWUpOyAgDQoNCnNwcmludGYgb25seSBhZGRzIG92ZXJoZWFkIHRv IHRoaXMuIFRoZXJl
IGlzIG5vIG5lZWQgdG8gdXNlIGl0IGhlcmUuIA0KDQpZb3UgY2FuIGp1c3Qg dXNlICRxID0gIlNF
TEVDVCAuLi4iOw0KT3IgaWYgeW91IHdhbm5hIGhhdmUgaXQgbW9yZSByZWFk YWJsZSB1c2UgaGVy
ZWRvYyBzdHlsZQ0KDQokcSA9IDw8PEVPU1FMDQpTRUxFQ1QNCgl1aWQNCkZS T00NCgl1c2Vycw0K
V0hFUkUNCgl1c2VybmFtZSA9ICd7JHVzZXJuYW1lfScNCkVPU1FMOw0KDQpC dXQgdGhhdHMgYSBi
aXQgb2ZmIHRvcGljIDspDQoNCk1hamsNCg==

Re: AW: Re: a better way, code technique?

hahah thank-you, love the responses here. you guys are awesome..

ps, where does the %s come from?

--------------------------------------------------
From:
Sent: Friday, September 04, 2009 9:11 PM
To: ;
Subject: AW: Re: a better way, code technique?

> -----Ursprüngliche Nachricht-----
> Von: Per Jessen [mailto:per@computer.org]
> Gesendet: Freitag, 4. September 2009 13:05
> An: mysql@lists.mysql.com
> Betreff: Re: a better way, code technique?
>
> AndrewJames wrote:
>
>>> is there a better way (hopefully simpler) to code this?
>>>
>>> i want to get the user id of the logged in user to use in my next
>>> statement.
>>>
>>> $q1 = sprintf("SELECT uid FROM users WHERE
>>> users.username='$username'");
>
>>The only "improvement" I can see is:
>>
>>$q1 = sprintf("SELECT uid FROM users WHERE users.username='%s'",
>>$username);
>
> sprintf only adds overhead to this. There is no need to use it here.
>
> You can just use $q = "SELECT ...";
> Or if you wanna have it more readable use heredoc style
>
> $q = << > SELECT
> uid
> FROM
> users
> WHERE
> username = '{$username}'
> EOSQL;
>
> But thats a bit off topic ;)
>
> Majk
>

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=gcdmg-mysql-2@m.gmane.org

AW: AW: Re: a better way, code technique?

Pi0tLS0tVXJzcHLDvG5nbGljaGUgTmFjaHJpY2h0LS0tLS0NCj5Wb246IEFu ZHJld0phbWVzIFtt
YWlsdG86YW5kcmV3aHVkZHNAZ21haWwuY29tXSANCj5HZXNlbmRldDogRnJl aXRhZywgNC4gU2Vw
dGVtYmVyIDIwMDkgMTM6MzUNCj5BbjogU2tvcmljLCBNYWprOyBwZXJAY29t cHV0ZXIub3JnOyBt
eXNxbEBsaXN0cy5teXNxbC5jb20NCj5CZXRyZWZmOiBSZTogQVc6IFJlOiBh IGJldHRlciB3YXks
IGNvZGUgdGVjaG5pcXVlPw0KPg0KPmhhaGFoIHRoYW5rLXlvdSwgbG92ZSB0 aGUgcmVzcG9uc2Vz
IGhlcmUuIHlvdSBndXlzIGFyZSBhd2Vzb21lLi4NCj4NCj5wcywgd2hlcmUg ZG9lcyB0aGUgJXMg
Y29tZSBmcm9tPw0KDQpSZWFkIC0+IGh0dHA6Ly9kZTIucGhwLm5ldC9zcHJp bnRmIA0KDQpNYWpr
DQo=

Re: a better way, code technique?

You should store the current user id in a session variable. Then you
don't have to hit the database at all.

There really is no short way of doing it. Normally you would create a
function (i.e. runQuery) that you pass the query too. Then it handles
running the query, fetching the data, error checking, etc. That way
you don't have to rewrite the same lines every time you want to run a
query.

Brent Baisley

On Fri, Sep 4, 2009 at 6:51 AM, AndrewJames wrote:
> is there a better way (hopefully simpler) to code this?
>
> i want to get the user id of the logged in user to use in my next stateme=
nt.
>
> $q1 =3D sprintf("SELECT uid FROM users WHERE users.username=3D'$username'=
");
> $result1 =3D mysql_query($q1);
> $uid =3D mysql_fetch_array($result1);
> $u =3D $uid['uid'];
>
> it seems like a long way around to get 1 bit of data??
>
> --
> MySQL General Mailing List
> For list archives: http://lists.mysql.com/mysql
> To unsubscribe: =A0 =A0http://lists.mysql.com/mysql?unsub=3Dbrenttech@gma=
il.com
>
>

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=3Dgcdmg-mysql-2@m.gmane.o rg

RE: a better way, code technique?

You could mash it into two lines. Though I think the verbose syntax is mor=
e readable.

mysql_fetch_array( mysql_query("SELECT uid FROM users WHERE
users.username=3D'".mysql_real_escape_string($username)."'") );
$u =3D $uid['uid'];

However do you really think that 4 lines is too much to make a (possible) n=
etwork call to an external resource, ask it to parse a statement and retrie=
ve a specific piece of data, then return it to you and assign it to a varia=
ble?

For one, that's what functions are for, write it once then call your functi=
on!

Two, you should look at how much code is already hidden from you in those f=
ew functions! =3DP

Regards,
Gavin Towey



-----Original Message-----
From: Brent Baisley [mailto:brenttech@gmail.com]
Sent: Friday, September 04, 2009 6:21 AM
To: AndrewJames
Cc: mysql@lists.mysql.com
Subject: Re: a better way, code technique?

You should store the current user id in a session variable. Then you
don't have to hit the database at all.

There really is no short way of doing it. Normally you would create a
function (i.e. runQuery) that you pass the query too. Then it handles
running the query, fetching the data, error checking, etc. That way
you don't have to rewrite the same lines every time you want to run a
query.

Brent Baisley

On Fri, Sep 4, 2009 at 6:51 AM, AndrewJames wrote:
> is there a better way (hopefully simpler) to code this?
>
> i want to get the user id of the logged in user to use in my next stateme=
nt.
>
> $q1 =3D sprintf("SELECT uid FROM users WHERE users.username=3D'$username'=
");
> $result1 =3D mysql_query($q1);
> $uid =3D mysql_fetch_array($result1);
> $u =3D $uid['uid'];
>
> it seems like a long way around to get 1 bit of data??
>
> --
> MySQL General Mailing List
> For list archives: http://lists.mysql.com/mysql
> To unsubscribe: http://lists.mysql.com/mysql?unsub=3Dbrenttech@gmail.c=
om
>
>

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=3Dgtowey@ffn.com


The information contained in this transmission may contain privileged and c=
onfidential information. It is intended only for the use of the person(s) n=
amed above. If you are not the intended recipient, you are hereby notified =
that any review, dissemination, distribution or duplication of this communi=
cation is strictly prohibited. If you are not the intended recipient, pleas=
e contact the sender by reply email and destroy all copies of the original =
message.

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=3Dgcdmg-mysql-2@m.gmane.o rg

RE: a better way, code technique?

+2

> -----Original Message-----
> From: Brent Baisley [mailto:brenttech@gmail.com]
> Sent: Friday, September 04, 2009 6:21 AM
> To: AndrewJames
> Cc: mysql@lists.mysql.com
> Subject: Re: a better way, code technique?
>
> You should store the current user id in a session variable. Then you
> don't have to hit the database at all.
>
> There really is no short way of doing it. Normally you would create a
> function (i.e. runQuery) that you pass the query too. Then it handles
> running the query, fetching the data, error checking, etc. That way
> you don't have to rewrite the same lines every time you want to run a
> query.
>
> Brent Baisley


--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=gcdmg-mysql-2@m.gmane.org