1564
votes
25answers
219k views
How to prevent SQL injection in PHP?
If user input is inserted into an SQL query directly, the application becomes vulnerable to SQL injection, like in the following example:
$unsafe_variable = $_POST['user_input'];
mysql_query("INSERT ...
72
votes
16answers
88k views
mysql_fetch_array() expects parameter 1 to be resource, boolean given in select
I am trying to select data from a table but get this error message:
mysql_fetch_array() expects parameter 1 to be resource, boolean given..
This is my code:
$username = $_POST['username'];
...
54
votes
5answers
17k views
SQL injection that gets around mysql_real_escape_string()
Is there an SQL injection possibility even when using mysql_real_escape_string() function?
Consider this sample situation. SQL is constructed in PHP like this:
$login = ...
160
votes
9answers
112k views
How to 'insert if not exists' in MySQL?
I started by googling, and found this article which talks about mutex tables.
I have a table with ~14 million records. If I want to add more data in the same format, is there a way to ensure the ...
75
votes
5answers
6k views
How can an SQL query return data from multiple tables [closed]
I would like to know the following:
how to get data from multiple tables in my database?
what types of methods are there to do this?
what are joins and unions and how are they different from one ...
22
votes
4answers
9k views
PHP PDO bindValue in LIMIT
Here is a snapshot of my code:
$fetchPictures = $PDO->prepare("SELECT * FROM pictures WHERE album = :albumId ORDER BY id ASC LIMIT :skip, :max");
$fetchPictures->bindValue(':albumId', ...
7
votes
4answers
1k views
Use global variables in a class
I'm trying to create a pagination class and use a variable from outside the class.
But it's giving me the fatal error "Call to a member function query() on a non-object".
This is the index file:
...
11
votes
2answers
2k views
How to properly setting up PDO connection
From time to time I see questions regarding connecting to database.
Most answers is not the way I do it, or I might just not get the answers correctly. Anyway; I've never thought about it because the ...
36
votes
7answers
16k views
What are the best PHP input sanitizing functions?
I am very new to PHP/programming, with that in mind I am trying to come up with a function that I can pass all my strings through to sanatize. So that the string that comes out of it will be safe for ...
17
votes
7answers
22k views
Invoking a PHP script from a mysql trigger
Is there anyway invoke a PHP page / function when a record being inserted in to the mysql db table. We dont have control over the record insertion procedure.Is there some thing called trigger which ...
14
votes
6answers
6k views
MySQL Prepared statements with a variable size variable list
How would you write a prepared MySQL statement in PHP that takes a differing number of arguments each time. An example such query is:
SELECT age, name FROM people WHERE id IN (12, 45, 65, 33)
The IN ...
8
votes
9answers
964 views
Achieve hierarchy, Parent/Child Relationship in an effective and easy way
I have a table like
create table site
(
site_Id int(5),
parent_Id int(5),
site_desc varchar2(100)
);
Significance of the fields:
site_Id : Id of the sites
parent_Id : Parent id of the site
...
41
votes
7answers
11k views
Getting raw SQL query string from PDO prepared statements
Is there a way to get the raw SQL string executed when calling PDOStatement::execute() on a prepared statement? For debugging purposes this would be extremely useful.
14
votes
5answers
19k views
Commands out of sync; you can't run this command now
I am trying to execute my PHP code, which calls two MySQL queries via mysqli, and get the error "Commands out of sync; you can't run this command now".
Here is the code I am using
<?php
$con = ...
1
vote
1answer
1k views
mysql_num_rows(): supplied argument is not a valid MySQL result resource [duplicate]
if(mysql_num_rows($result))
{
echo "no match found!";
}
it is throwing an error-
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in ...
