php - Converting mysql_* to mysqli_* issue -

-

i using mysqlconvertertool convert web application,

first issue faced code getting big dont understand means? small code before , see big.

//old code $ask_id = mysql_real_escape_string($_post['ask_id']);  //after convert $ask_id = ((isset($globals["___mysqli_ston"]) && is_object($globals["___mysqli_ston"])) ? mysqli_real_escape_string($globals["___mysqli_ston"], $_post['ask_id']) : ((trigger_error("[mysqlconvertertoo] fix mysql_escape_string() call! code not work.", e_user_error)) ? "" : ""));

its working fine want know if correct way of mysqli_* or there issue or bug need fix in line?

i want know how can make part secure

if (isset($_post['asking-money'])) {     $dailybonus = 10000;     $update = mysqli_query($globals["___mysqli_ston"], "update users set ask_time='$newtime', bonus='dailybonus'  id='$userid'"); // more calculation }

the first bit of code looks (grossly) added giant ternary statement check variables using @ least set, other should able use:

mysqli_real_escape_string($globals["___mysqli_ston"], $_post['ask_id'])

as security sql query, try using prepared statements instead of directly querying variables

mysqli_prepare


Comments

Post a Comment

Popular posts from this blog

c# - How Configure Devart dotConnect for SQLite Code First? -

-
can configure following sample code ? when run following code, error : no entity framework provider found ado.net provider invariant name 'devart.data.sqlite' setting in machine.config <system.data> <dbproviderfactories> <add name="dotconnect sqlite" invariant="devart.data.sqlite" description="devart dotconnect sqlite" type="devart.data.sqlite.sqliteproviderfactory, devart.data.sqlite, version=4.6.287.0, culture=neutral, publickeytoken=09af7300eec23701" /> </dbproviderfactories> </system.data> after add below block code in app.config <?xml version="1.0"?> <configuration>   <configsections> <!-- more information on entity framework configuration, visit http://go.microsoft.com/fwlink/?linkid=237468 --> <section name="entityframework" type="system.data.entity.internal.configfile.entityframeworksection, entit...
Read more

java - Copying object fields -

-
what best way of copying classes when need have 2 independent variables? have simple class: public class myclass { boolean = false; string b= "not empty"; } do need make method : assign(myclass data ) { a= data.a; b= data.b; } is there automatic method copy (duplicate) objects in java? do need make method : pretty close. instead of making method, should make constructor. such constructors called copy constructor , , create them this: myclass(myclass data) { = data.a; b = data.b; } and create copy of instance, use constructor this: myclass obj1 = new myclass(); myclass obj2 = new myclass(obj1); copy constructor can tedious : using copy constructor create deep-copy can tedious, when class has mutable fields. in case, assignment create copy of reference, , not object itself. have create copy of fields (if want deep copy). can go recursive. a better way create deep copy serialize , deserialize object. why not use clone()? ...
Read more

c++ - Clear the memory after returning a vector in a function -

-
i have function processes , stores lot of data in , returns results vector of class. amount of data stored in function tremendous , want clear storage memory of function after finished job. necessary (does function automatically clear memory) or should clear memory function? update: vector<customers> process(char* const *filename, vector<int> id) { vector<customers> list_of_customers; (perform actions) return list_of_customers; } variables defined locally within function automatically released @ end of function scope. destructors objects called, should free memory allocated objects (if objects coded correctly). example of such object std::vector . anything you've allocated new must have corresponding delete release storage. try avoid doing own allocation , use raii instead, i.e. containers or smart pointers.
Read more