PHP on homepage security questions

Question

I'm fairly new to php and I'm having problems understanding how to grab content from the DB using qa functions.

I'm trying to display a random user on the homepage and have sucsessfully connected and displayed content from the database using the following code in the qa-theme.php

Can you tell me of any protential problems connecting to the DB in this way, security e.t.c

Thanks in advance

function main(){

 

     if($this->request=='') 

     {

          $con = mysqli_connect("localhost","user","password","database");

          // Check connection

          if (mysqli_connect_errno()) {

          echo "Failed to connect to MySQL: " . mysqli_connect_error();

     }

 

     $result = mysqli_query($con,"SELECT * FROM qa_users");

 

     echo "<table border='1'>

     <tr>

     <th>User ID</th>

     <th>Handle</th>

     </tr>";

 

     while($row = mysqli_fetch_array($result)) {

          echo "<tr>";

          echo "<td>" . $row['userid'] . "</td>";

          echo "<td>" . $row['handle'] . "</td>";

          echo "</tr>";

     }

 

     echo "</table>";

 

     mysqli_close($con);

     qa_html_theme_base::main();

 

     }

     else {

          qa_html_theme_base::main();

     }

 

}

Comments

Is this "homepage" a Q2A page, or is it outside of Q2A?

---

I have added the code to the qa-theme.php file so, I guess yes it is within a Q2A page.

Answer 1

There is no need of mysql connection if you are writing in qa-theme.php

Use built in function for query such as qa_db_query_sub () etc.

Something like..

$query = "SELECT * FROM ^users....";

qa_db_query_sub ($query);
//loop

Comments

Thanks but, that's what I'm having trouble with :) reading other peoples code confuses me at the level I'm currently at. I can't figure out how to convert the code in my question into something you have posted.

---

Would the way I did it cause any problems?