Is there a way to do an if statement like this:
if ($password == mysql_query("SELECT password from member WHERE id = $id")) {
// f00
}
So what I mean is, if it is possible and/or good practice to have a short query in your if, instead of extracting it from your DB first.
Thanks!
mysql_query returns a resource so it wont work
I wouldn't recommend it. If there is an error in the SQL, if you can't connect to the server, if there are no rows returned, or if there are any other errors then you'd have some big problems.
Sure it's possible but it's not a good idea.
Consider if you were using a database abstraction layer instead of basic php_mysql like adodb
you could easily have:
if($password == $DB->GetOne('Select password from member where id = '.$ID)){
//do something
}
However if the query failed or otherwise returned anything you were implicitly expecting you could have unforeseen errors.
You should encapsulate database output and database queries so that if they fail, they fail gracefully and do not have weird side effects that could be a pain to track down later.
WHERE id = $id"toWHERE id = '$id'"*(note the single quotes around$id, otherwisemysql_real_escape_string()will not protect you.mysql_queryfunction?