Building Queries on the Fly : mysql_real_escape_string « MySQL Database « PHP





Building Queries on the Fly

 
<?php
  function opendatabase ($host,$user,$pass) {
    try {
      if ($db = mysql_connect ($host,$user,$pass)){
        return $db;
      } else {
        throw new exception ("Sorry, could not connect to mysql.");
      }
    } catch (exception $e) {
      echo $e->getmessage ();
    }
  }
  
  function selectdb ($whichdb, $db){
    try {
      if (!mysql_select_db ($whichdb,$db)){
        throw new exception ("Sorry, database could not be opened.");
      }
    } catch (exception $e) {
      echo $e->getmessage();
    }
  }
  function closedatabase ($db){
    mysql_close ($db);
  }
  $db = opendatabase ("localhost","root","");
  selectdb ("mydatabase",$db);
  $_POST['user'] = "myname";
  $_POST['pass'] = "mypassword";
  
  function validatelogin ($user,$pass){
    mysql_real_escape_string ($user);
    mysql_real_escape_string ($pass);
    $thequery = "SELECT * FROM userlogin WHERE username='$user' AND password='$pass'";
    if ($aquery = mysql_query ($thequery)){
      if (mysql_num_rows ($aquery) > 0){
        return true;
      } else {
        return false;
      }
    } else {
      echo mysql_error();
    }
  }
  
  if (validatelogin ($_POST['user'],$_POST['pass'])){
    echo "You have successfully logged in.";
  } else {
    echo "Sorry, you have an incorrect username and/or password.";
  }
  
  closedatabase ($db);
  
?>
  
  










Related examples in the same category