Is script 1 safer?
";
}
else
{
queryMysql("CREATE TABLE $name($query)");
echo "Table '$name' created
";
}
}
function tableExists($name)
{
$result = queryMysql("SHOW TABLES LIKE '$name'");
return mysql_num_rows($result);
}
function queryMysql($query)
{
$result = mysql_query($query) or die(mysql_error());
return $result;
}
function destroySession()
{
$_SESSION=array();
if (session_id() != "" || isset($_COOKIE[session_name()]))
setcookie(session_name(), '', time()-2592000, '/');
session_destroy();
}
function sanitizeString($var)
{
$var = strip_tags($var);
$var = htmlentities($var);
$var = stripslashes($var);
return mysql_real_escape_string($var);
}
function showProfile($user)
{
if (file_exists("$user.jpg"))
echo "img src='$user.jpg' border='1' align='left' />";
$result = queryMysql("SELECT * FROM rnprofiles WHERE user='$user'");
if (mysql_num_rows($result))
{
$row = mysql_fetch_row($result);
echo stripslashes($row[1]) . "
";
}
}
?>
or is script 2 safer?
MySQL Error: " . mysql_error());
// Print a message to the user, include the footer, and kill the script.
include ('./includes/footer.htm');
exit();
} // End of mysql_select_db IF.
} else { // If it couldn't connect to MySQL.
// Print a message to the user, include the footer, and kill the script.
trigger_error("Could not connect to MySQL!\n
MySQL Error: " . mysql_error());
include ('./includes/footer.htm');
exit();
} // End of $dbc IF.
// Create a function for escaping the data.
function escape_data ($data) {
// Address Magic Quotes.
if (ini_get('magic_quotes_gpc')) {
$data = stripslashes($data);
}
// Check for mysql_real_escape_string() support.
if (function_exists('mysql_real_escape_string')) {
global $dbc; // Need the connection.
$data = mysql_real_escape_string (trim($data), $dbc);
} else {
$data = mysql_escape_string (trim($data));
}
// Return the escaped value.
return $data;
} // End of function.
?>