1392
votes
23answers
190k views
How to prevent SQL injection in PHP?
If user input is inserted into an SQL query directly, the application becomes vulnerable to SQL injection, like in the following example:
$unsafe_variable = $_POST['user_input'];
mysql_query("INSERT ...
148
votes
8answers
103k views
How to 'insert if not exists' in MySQL?
I started by googling, and found this article which talks about mutex tables.
I have a table with ~14 million records. If I want to add more data in the same format, is there a way to ensure the ...
71
votes
5answers
5k views
How can an SQL query return data from multiple tables [closed]
I would like to know the following:
how to get data from multiple tables in my database?
what types of methods are there to do this?
what are joins and unions and how are they different from one ...
57
votes
25answers
70k views
How can I compare two sets of 1000 numbers against each other?
I must check approximately 1000 numbers against 1000 other numbers.
I loaded both and compared them server-side:
foreach( $numbers1 as $n1 ) {
foreach( $numbers2 as $n2 ) {
if( $n1 == $n2 ) {
...
51
votes
13answers
75k views
mysql_fetch_array() expects parameter 1 to be resource, boolean given in select
I am trying to select data from a table but get this error message:
mysql_fetch_array() expects parameter 1 to be resource, boolean given..
This is my code:
$username = $_POST['username'];
...
50
votes
5answers
14k views
SQL injection that gets around mysql_real_escape_string()
Is there an SQL injection possibility even when using mysql_real_escape_string() function?
Consider this sample situation. SQL is constructed in PHP like this:
$login = ...
42
votes
9answers
18k views
How to debug PDO database queries?
Before moving to PDO, I created SQL queries in PHP by concatenating strings. If I got database syntax error, I could just echo the final SQL query string, try it myself on the database, and tweak it ...
41
votes
15answers
8k views
Flat File Databases in PHP
What are your best practices around creating flat file database structures in PHP? A lot of the more mature PHP flat file frameworks I see out there attempt to implement SQL-like query syntax, which ...
41
votes
8answers
43k views
How can I tell when a MySQL table was last updated?
In the footer of my page, I would like to add something like "last updated the xx/xx/200x"; with this date being the last time a certain mySQL table has been updated.
What is the best way to do that ? ...
40
votes
7answers
10k views
Getting raw SQL query string from PDO prepared statements
Is there a way to get the raw SQL string executed when calling PDOStatement::execute() on a prepared statement? For debugging purposes this would be extremely useful.
35
votes
3answers
3k views
Implementing permissions based on reputation
I'm creating a website in which there are projects, users, and permissions for each user or groups of users. What this is is a community collaboration tool, and I have 4 different permissions:
...
33
votes
7answers
13k views
What are the best PHP input sanitizing functions?
I am very new to PHP/programming, with that in mind I am trying to come up with a function that I can pass all my strings through to sanatize. So that the string that comes out of it will be safe for ...
27
votes
9answers
26k views
A script to change all tables and fields to the utf-8-bin collation in MYSQL
Is there a SQL or PHP script that I can run that will change the default collation in all tables and fields in a database?
I can write one myself, but I think that this should be something that ...
25
votes
19answers
2k views
Is SQL injection a risk today?
I've been reading about SQL injection attacks and how to avoid them, although I can never seem to make the "awful" examples given work, e.g. this post
...
25
votes
6answers
9k views
Do SQL connections opened with PDO in PHP have to be closed
When I open a MySQL connection in PHP with just PHP's built-in MySQL functions, I do the following:
$link = mysql_connect($servername, $username, $password);
mysql_select_db($dbname);
//queries ...
