Andy,
Thanks for your comment. What I posted is only part of my code though,
as the entire thing is a bit long, and with all the includes rather hard
to follow unless I posted the whole file set. Above the piece I posted I
have code to do slashing, and some MD5 hashing, as well enforcing strin
Could I recommend a more secure approach:
1) using two hashes to protect the data (in case the database is
compromised they are both one-way hashes, and using two protects
against collision attacks whereby a different password string
generates the same hash as the original password)
2) escaping use
Peter Westergaard wrote:
You should probably check out http://php.net/mysql_query for more
information on this function. The difference between "empty result"
and "invalid query" is significant. Once you've determined that the
query is valid, you must also then check to see if it returned
the code is wrong but
didn't know why, which is why I didn't respond earlier.
Gary
> -Original Message-
> From: Peter Westergaard [mailto:[EMAIL PROTECTED] Behalf Of
> Peter Westergaard
> Sent: Tue, January 08, 2008 11:09 AM
> To: php-db@lists.php.net
> Subject:
Ben, I would say that the only reason
$select_sql_two = mysql_query($select_sql);
if($select_sql_two) {
would refuse to execute is if $select_sql represents an invalid SQL
statement. Whether it has records or not, you should (if I'm not very
much mistaken) get a resource returned in sele
