The first thing I notice browsing your code is this block stuck
immediately between your 2 insert statements:
if ($_POST['address'] != '' ) {
die("Changed field");
}
This guarantees that your 2 auto_increment sequences will fall out of
sync any time any client POSTs (and perhaps all gets?) to this script
without an 'address' parameter.
Again, I see no reason you could not call last_insert_id() after the
first insert and use that value explicitly in the second.
- michael dykman
On Fri, Apr 15, 2011 at 12:16 PM, Reindl Harald <h.rei...@thelounge.net> wrote:
>
>
> Am 15.04.2011 17:59, schrieb Gary:
>> Michael, thank you for your reply
>>
>> ""Might I suggest, instead of the 2 part juggling act, you drop the
>> auto-increment property on your second table, and just use the value
>> derived from the first as the joining key in the second. Then there
>> is only one sequence to worry about with nothing to sync against
>> ""
>>
>> There is only one AI into the main page. This is the insert code, I have
>> probably left more in than you need to see.
>>
>> What I also did was to add some duplicate columns in the two tables (email,
>> ip, timestamp) so in the event I need to manually to in I would be able to
>> decifer who goes where.
>>
>> On second look, it would appear I am NOT using a join, but two inserts.... I
>> don't recall why I did it that way
>
> this code is unreadable for me because of its coding-style and if i see
> "addslashes" for database inserts i start to fear and run away
>
> you are using two inserts so what do you do there and where can be anything
> out of sync on the database-level? where is the magic in your code without
> using mysql_insert_id() or LAST_INSERT_ID() - what should this code do?
>
> * insert in main table
> * fetch mysql_insert_id() what is thread-safe
> * use that value in the second table
> ____________
>
> and please do not use such ugly hacks as in the begin of your code
> addslashes() has no useable security for user-input
>
> even mysql_escape_string() has not -> mysql_real_escape_string()
>
>
>
--
- michael dykman
- mdyk...@gmail.com
May the Source be with you.
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=arch...@jab.org
