[next-studio|TheKiller]

Well, i have started with a small project, creating a small class which allow the user control a mysql database(on php) with less commands and on a secured system.
I had this idea, because alot of users on this forum are victims of sql injection on php(the people who do not know)
So i've thinked to create a php class, which allow you to manage the mysql normally, but on other type.

For example, you want to connect into the mysql database, we need to do:

PHP код:

$db = mysql_connect($host, $user, $pass);
mysql_select_db($database, $db); 


With this script, you just need to do:

PHP код:

require "mysql_class.php";
$mysql = new mysql($host, $user, $pass, $database); 


For example, to login a user, you need to login a user
The normal script requires:

PHP код:

$db = mysql_connect($host, $user, $pass);
mysql_select_db($database, $db);
$user = mysql_real_escape_string($variableuser);
$pass = mysql_real_escape_string($variablepass);
$login = mysql_query("SELECT * from users WHERE username = '$user' AND pass = '$pass'", $db);
if(mysql_num_rows($login) == 1)
{
    //continue the login
}
else {
    // show the error message
} 


With this class, you just need to do:

PHP код:

require "mysql_class.php";
$mysql = new mysql($host, $user, $pass, $database);
$login = $mysql->query("SELECT * FROM users WHERE username = '$user' AND pass = '$pass'");
if($mysql->NumRows($login) == 1)
{
    // login the user
}
else {
    // error message
} 


You don't need to use the mysql_real_escape_string, since the moment the query will take the $variables and escape them.
This will totally speed up some scripts, with less lines of scripting.
This is more likely a "anti cheat" system, and "hack" at the same time, anti cheat system, because it protects the sql injections, and a hack, because you need to script less, for more.

I would like to know what do you think about this, because i really don't want to be scripting the hole week + weekend to have this class done.

Thanks!