1667
votes
28answers
236k views
How to prevent SQL injection in PHP?
If user input is inserted into an SQL query directly, the application becomes vulnerable to SQL injection, like in the following example:
$unsafe_variable = $_POST['user_input'];
...
167
votes
8answers
119k views
How to 'insert if not exists' in MySQL?
I started by googling, and found this article which talks about mutex tables.
I have a table with ~14 million records. If I want to add more data in the same format, is there a way to ensure the ...
86
votes
17answers
96k views
mysql_fetch_array() expects parameter 1 to be resource, boolean given in select
I am trying to select data from a table but get this error message:
mysql_fetch_array() expects parameter 1 to be resource, boolean given..
This is my code:
$username = $_POST['username'];
...
73
votes
5answers
6k views
How can an SQL query return data from multiple tables [closed]
I would like to know the following:
how to get data from multiple tables in my database?
what types of methods are there to do this?
what are joins and unions and how are they different from one ...
58
votes
5answers
18k views
SQL injection that gets around mysql_real_escape_string()
Is there an SQL injection possibility even when using mysql_real_escape_string() function?
Consider this sample situation. SQL is constructed in PHP like this:
$login = ...
57
votes
25answers
70k views
How can I compare two sets of 1000 numbers against each other?
I must check approximately 1000 numbers against 1000 other numbers.
I loaded both and compared them server-side:
foreach( $numbers1 as $n1 ) {
foreach( $numbers2 as $n2 ) {
if( $n1 == $n2 ) {
...
46
votes
9answers
21k views
How to debug PDO database queries?
Before moving to PDO, I created SQL queries in PHP by concatenating strings. If I got database syntax error, I could just echo the final SQL query string, try it myself on the database, and tweak it ...
44
votes
7answers
11k views
Getting raw SQL query string from PDO prepared statements
Is there a way to get the raw SQL string executed when calling PDOStatement::execute() on a prepared statement? For debugging purposes this would be extremely useful.
42
votes
15answers
8k views
Flat File Databases in PHP
What are your best practices around creating flat file database structures in PHP? A lot of the more mature PHP flat file frameworks I see out there attempt to implement SQL-like query syntax, which ...
37
votes
7answers
18k views
What are the best PHP input sanitizing functions?
I am very new to PHP/programming, with that in mind I am trying to come up with a function that I can pass all my strings through to sanatize. So that the string that comes out of it will be safe for ...
35
votes
3answers
4k views
Implementing permissions based on reputation
I'm creating a website in which there are projects, users, and permissions for each user or groups of users. What this is is a community collaboration tool, and I have 4 different permissions:
...
29
votes
7answers
11k views
Do SQL connections opened with PDO in PHP have to be closed
When I open a MySQL connection in PHP with just PHP's built-in MySQL functions, I do the following:
$link = mysql_connect($servername, $username, $password);
mysql_select_db($dbname);
//queries ...
28
votes
9answers
28k views
A script to change all tables and fields to the utf-8-bin collation in MYSQL
Is there a SQL or PHP script that I can run that will change the default collation in all tables and fields in a database?
I can write one myself, but I think that this should be something that ...
25
votes
19answers
2k views
Is SQL injection a risk today?
I've been reading about SQL injection attacks and how to avoid them, although I can never seem to make the "awful" examples given work, e.g. this post
...
25
votes
13answers
1k views
Clean OO-structure vs. SQL performance
When programming in PHP I always try to create meaningful 'models' (classes) that correspond to tables in the database. I often encounter the following problem:
Assuming that I've created a database ...
