Anti-QSL Injection. I'm sure it could be better, so any improvements are welcome.

This class is a simple authentication scheme which makes it easy to add authentication to any page by including one class and adding one table to your MySQL database.

The following functions are employed by this authentication class:

auth()

this is the default constructor; it automatically checks for the POST vars "username" and "password", it also checks to see if the user passed the GET variable "logout", which would prompt it to set the authentication status to un-authenticated.

is_authorized()

Checks the SESSION variable "authorized" and returns true or false depending on that variable.

mysql_bind()

This is automatically called by the constructor each time the class is instantiated and $_POST['username'] and $_POST['password'] are present. It queries the db for a valid username and MD5 encoded password.

user_create($username,$email,$password)

Creates a user, if the username is available, and creates an MD5 hash based on username, password and date, to be used in the "activation" of the account.

user_activation_message($username)

Sends the custom activation message to the email address for the username specified

user_activation($activation_hash)

Checks to see if the activation hash is valid, if it is, the activation_hash variable is set to NULL, thus signifying that the account is active.

user_password_change($username,$password_old,$password_new)

Quick and easy way to change the user's password with one function call.

user_logout()

Sets the authorization status in $_SESSION['authorized'] to FALSE

is_username_available( $username )

Returns TRUE or FALSE depending on whether or not the username is free.

I use this method for keeping my sql templates away from my code.

You can extend upon the idea, as I have done in the past, by placing SQL handing classes between your scripts and the template library.

Things to note here:

The lesser userd heredoc string method. The reason this is used is to keep the SQL clear and well laid out, and not as messy as using quotes.

vsprintf() is a very handy function if you don't want to hard code the number of parameters to interpolate your string with.

The use of sprintf templates offers you additional security. For example, only allowing numbers to be placed where a %d falls. This, of course, shouldn't be the only security on user supplied variables, but comes in extra handy for debugging purposes.

Regarding the TODO in there, it would take a check of the number of % placeholders there are in the template. One caveat is remembering to remove the count of %%'s that appear (the literal percentage).

this snippet show how to set up passwords in a mysql console.

Cuando concatenamos varios campos con CONCAT( Campo1, Campo2,... ) si algún valor es NULL no se realiza la concatenación, para concater campos (aunque algunos tengan NULL) usaremos COALESCE que devuelve el primer valor que no sea null de la lista.
Asi le pasaremos una listca con el nombre del campo seguido de "", si el campo estava lleno, devuelve el campo, si es null devuelve el segundo, es decir ""

My previous entry on an easy to use SQLite interface for XUL/JS got me thinking: how many times have I had to write functions that were just wrappers for a little SQL?

Below is the fruits of that little query (excuse the pun). Forgive the dbXXX functions; my implementation depended on a small portion of a larger mysql library that I've grown accustomed to coding with.

Often when inserting information in a database we need to know the value of the autonumber/identity field so that we can insert related data in another table. MSSQL Server provides a SCOPE_IDENTITY() function for just such a purpose (PHP/MySQL users have the mysql_insert_id() function -- lucky).

*This is in the generic section because there is no MSSQL Server or Database section.

How to connect to your mysql serve

I made this script to delete any unneeded files from the server that weren't being used by the database. Of course you can expand this a lot more, but I cut it down a little to put it up here.

This is my MySQL database class that I use for all of my sites. Some included features are:
- Get execution time
- Error reporting (screen and email)
- SQL stats