difference between db_query and mysql_query

[Leipe Po]

whats the diffrence between them, i use db_query on my site, but dont know what the difference is,
does it secure it when inserting into the db?

thank you, Leipe Po

[Harzem]

db_query has the ability to log errors in SMF error log.

db_query also has some precautions to prevent hacking. You can see these in the function definition of db_query, where there are lines of die("hacking attempt...");

// We don't use UNION in SMF, at least so far.  But it's useful for injections.

if (strpos($clean, 'union') !== false && preg_match('~(^|[^a-z])union($|[^[a-z])~s', $clean) != 0)

$fail = true;

// Comments?  We don't use comments in our queries, we leave 'em outside!

elseif (strpos($clean, '/*') > 2 || strpos($clean, '--') !== false || strpos($clean, ';') !== false)

$fail = true;

// Trying to change passwords, slow us down, or something?

elseif (strpos($clean, 'set password') !== false && preg_match('~(^|[^a-z])set password($|[^[a-z])~s', $clean) != 0)

$fail = true;

elseif (strpos($clean, 'benchmark') !== false && preg_match('~(^|[^a-z])benchmark($|[^[a-z])~s', $clean) != 0)

$fail = true;

// Sub selects?  We don't use those either.

elseif (preg_match('~\([^)]*?select~s', $clean) != 0)

$fail = true;

if (!empty($fail))

{

log_error('Hacking attempt...' . "\n" . $db_string, $file, $line);

fatal_error('Hacking attempt...', false);

}



I suggest you to go through the function definition. It is not a default PHP function, it is defined for SMF in Subs.php

[Leipe Po]

ok, thats about the only file i havent searched in for that function,
thank you harzem!!!