mysqli::real_query

mysqli_real_query

(PHP 5)

mysqli::real_query -- mysqli_real_query — Execute an SQL query

Description

Object oriented style

bool mysqli::real_query ( string $query )

Procedural style

bool mysqli_real_query ( mysqli $link , string $query )

Executes a single query against the database whose result can then be retrieved or stored using the mysqli_store_result() or mysqli_use_result() functions.

In order to determine if a given query should return a result set or not, see mysqli_field_count().

Parameters

link

Procedural style only: A link identifier returned by mysqli_connect() or mysqli_init()

query

The query, as a string.

Data inside the query should be properly escaped.

Return Values

Returns TRUE on success or FALSE on failure.

Коментарии

Oct 26

Автор: Tinker


Straightforward function - simply connect to the database and execute a query, similar to this function bellow.



<?php



function check_password($username, $password) {

// Create connection

$db = new mysqli('localhost','database_user','database_pass','database_name');



// Check for errors

if($db->connect_errno){

echo $db->connect_error;

}



// Execute query

$result = $db->real_query("Select * From users Where username='$username' And password='$password'");



// Always check for errors

if($db->connect_errno){

echo $db->connect_error;

}



return $result == true;

}

?>



Very easy. 



Replace database_user, database_pass and database_name with the proper names, and the text inside real_query with your actual query. 



Don't forget the quotes on either side (except for numbers, there you can omit them) otherwise it won't work. Hope that helps someone.

2016-10-26 13:18:23

http://php5.kiev.ua/manual/ru/mysqli.real-query.html

Oct 04

Автор: TIL


Please note that this example is vulnerable to injection and uses plain-stored passwords...

2018-10-04 11:37:23

http://php5.kiev.ua/manual/ru/mysqli.real-query.html

Feb 10

Автор: jay at cloudulus dot media


Well, we don't know if $password is in plain text because it was never defined in the example.



New passwords should be stored using



<?php

$crypt_pass = password_hash($password, PASSWORD_DEFAULT);

?>



Where PASSWORD_DEFAULT = BCRYPT algorithm



Then to compare a user entered password to a database stored password, we use:



<?php

$valid = password_verify($password, $crypt_pass);

?>



Which returns true or false.



As for being vulnerable to injection, this is true. To avoid this, use sprintf() or vsprintf() to format the query and inject the values using mysqli::real_escape_string, like so:



<?php

$vals = [$db->real_escape_string($username), $db->real_escape_string($password)];

$query = vsprintf("Select * From users Where username='%s' And password='%s'", $vals);

$result = $db->real_query($query);

?>

2019-02-10 01:33:50

http://php5.kiev.ua/manual/ru/mysqli.real-query.html

mysqli::real_escape_string

mysqli::reap_async_query

mysqli

PHP Manual

PHP5

Для web разработчика

Nov 13
Функция mysqli::real_query() - Execute an SQL query

mysqli::real_query

mysqli_real_query

Description

Parameters

Return Values

See Also

Коментарии

PHP5

Для web разработчика

Nov 13Функция mysqli::real_query() - Execute an SQL query

mysqli::real_query

mysqli_real_query

Description

Parameters

Return Values

See Also

Коментарии

Nov 13
Функция mysqli::real_query() - Execute an SQL query