RE: database hell

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> -----Original Message-----
> From: Nick Edwards [mailto:nick.z.edwards@xxxxxxxxx]
> Sent: 12 July 2012 12:30
> To: php-general@xxxxxxxxxxxxx
> Subject:  database hell
> 
> Hi
> 
> We have a program that manages users, throughout all database calls
> 
> created as:
> $connect = mysql_connect($db_host--other variables);
> mysql_query("Delete from clients where id=$User");
> 
> All this works good, but, we need, in the delete function to delete from
> another database
> 
> $connmy=mysql_connect("host","user","pass");
>                     mysql_select_db("vsq",$connmy);
>                     mysql_query("DELETE from userprefs where clientr='$User'");
> $mysql_close($connmy); this fails, unless we use a mysql_close prior to it,
> and then reconnect to original database after we run this delete, how can we
> get around this without closing and reopening?
> We have a  perl script doing similar for manual runs, and it works well
> knowing that $connmy is not $connect, I'm sure there is a simple way to tell
> php but  I'm darned if I can see it.
> 
> Thanks
> Niki
> 
> --
> PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
> http://www.php.net/unsub.php


Just create a new resource/connection to MySQL and pass the identifier into mysql_query().
You'll also want to use mysql_real_escape_string() by the looks of it to attempt to stop SQL injection.


Something like this will do it:

$db1 = mysql_connect($host,$user,$pass);
$db2 = mysql_connect($host,$user,$pass);

mysql_select_db('db1',$db1);
mysql_select_db('db2',$db2);

// do your queries with $DB1

$result = mysql_query("delete from userprefs where clientr=".mysql_real_escape_string($user,$db1)."", $db1);

// do your queries again with $DB1

mysql_close($db1);//close db1
mysql_close($db2);//close db2


Cheers
Adam.

=============================================================================

This email is intended solely for the recipient and is confidential and not for third party unauthorised distribution. If an addressing or transmission error has misdirected this email, please notify the author by replying to this email or notifying the system manager (online.security@xxxxxxxx).  If you are not the intended recipient you must not disclose, distribute, copy, print or rely on this email. 

Any opinions expressed in this document are those of the author and do not necessarily reflect the opinions of Hargreaves Lansdown. In addition, staff are not authorised to enter into any contract through email and therefore nothing contained herein should be construed as such. Hargreaves Lansdown makes no warranty as to the accuracy or completeness of any information contained within this email. In particular, Hargreaves Lansdown does not accept responsibility for any changes made to this email after it was sent. 

Hargreaves Lansdown Asset Management Limited (Company Registration No 1896481), Hargreaves Lansdown Fund Managers Limited (No 2707155), Hargreaves Lansdown Pensions Direct Limited (No 3509545) and Hargreaves Lansdown Stockbrokers Limited (No 1822701) are authorised and regulated by the Financial Services Authority and registered in England and Wales. The registered office for all companies is One College Square South, Anchor Road, Bristol, BS1 5HL. Telephone: 0117 988 9880

______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux