Posted by Steve on 03/28/07 17:03

"Seansan" <sean115=at@=reeve.nl> wrote in message
news:460a952a$0$29129$dbd49001@news.wanadoo.nl...
| Anybody have an idea why (and I have been trying for 1 hour now) when I
| execute this code that last_change is never update, but all the other
| fields are?
|
| I just have no idea!
|
| $DB->query("UPDATE ".get_table_name('users')."
| SET last_login=NOW(), last_change=NOW(),
| session=?
| WHERE user_id=?",
| true, $_SESSION['user_id']);

surely you write code following better standards of practice that this
spaghetti. i'm sure you just slung this slop here in said manner because it
is a ng and not your production source, right?

this would be more like what i'd guess your production source to look
like...right?

$stamp = date('Y-m-d H:i:s');
$userId = $_SESSION['user_id'];
$sql = "
UPDATE " . get_table_name('users') . "
SET last_login = '" . $stamp . "' ,
last_change = '" . $stamp . "'
WHERE user_id = '" . $userId . "'
";
$DB->query($sql);

as it is, i have a big problem with people who half-way decouple in-line sql
as you have done here. don't know what i mean? you are counting on the table
'users' to potentially have differing names however you then count on the
structure to always be the same...i.e. last_login and last_change. if you're
going to do it right, then decouple the whole damn thing. create a table
class. extend the class for each specific table. the table name will be used
to create the correct instance/version. the extended class knows the
structure of the table and will store all of your in-line sql. at that
point, you'd just be calling add/update/delete interfaces (passing the
necissary parameters to each) and it would do your $DB->query() calls. any
other measure is half-assed.

but that's just my 0.02 usd.

btw, i used $stamp for both fields being set as using NOW() (even if you got
your query to work) would set them to two different values even though the
transaction happened at the same time. further, i assume this is just a
login transaction...why on earth would last_change be set anyway - that
should relate to something they *changed* while logged on. don't you lose
valuable information that way once a user does log in?

this code speaks volumes to me even though you don't realize what it is
saying. to me, this is screaming 'i can be hacked easily because it appears
user information is only validated once and then stored in session data', 'i
don't really have any good kind of auditing system in place', and 'i really
could give two flying fucks about good coding practices'. don't care to hear
me warn you about all this? better me than your employer!

• Next in forum: Re: Problem with NOW() with PHP and MySQL
• Prev in forum: Problem with NOW() with PHP and MySQL
• Thread view: Re: Problem with NOW() with PHP and MySQL

[Reply to this message]