The mysqli extension, or as it is sometimes known, the MySQL improved extension, was developed to take advantage of new features found in MySQL systems versions 4.1.3 and newer. The mysqli extension is included with PHP versions 5 and later.
10
votes
3answers
161 views
Review of PHP prepared statements from security viewpoint
I received a ton of help from 200_success once again here.
Since then, I decided to go with OOP Style and prepared statements, and so far I like it a lot more than the procedural style. Much more ...
3
votes
1answer
49 views
UPDATE SQL with prepared stmt using only 1 variable
HTML form field names must be equal to SQL table field names.
Changing only table name and allowed fields can be used in many other update pages.
How can I improve this?
$allowed = ...
3
votes
1answer
61 views
Arithmetic quiz using PHP5 and mySQLi
I would very much appreciate a general review of my PHP code which grabs information from a mySQL database and also inserts some information into the database.
Overview :
Users go to /main.php and ...
2
votes
2answers
59 views
Workaround for have 2 column with pseudo AUTO INCREMENT
This is the situation :
the table order has a column with ID AUTO INCREMENT but (there is always a but)
i can't use it because i don't want number order 1234567 after 5 years but i want 1/2014 , ...
3
votes
1answer
39 views
Are all these steps necessary with prepared statement?
Are all these steps correct and necessary?
<?php
if (isset($_SESSION['userID'])) {
$userID = $_SESSION['userID'];
$stmt = $mysqli->prepare(
"SELECT usergroup, firstname FROM ...
4
votes
2answers
74 views
Does this generic query follow good OOP standards?
I am trying to convert over to MySQLi and wanted expert advice. Is the enclosed code 100% OOP. Also, how secure is the code against attacks? I know nothing is 100% secure, but how good/safe is it? ...
5
votes
2answers
114 views
Update PHP function GetSQLValueString
The old function was:
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : ...
4
votes
1answer
92 views
Help me shorten my URL shortener
I am working on a website, and due to some reasons, they want my code to be as short as possible. I have, from my side, tried everything to shorten this code.
So if possible, can you all also help me ...
2
votes
1answer
135 views
Increase security of sign up form code
Does my PHP look secure enough for a sign up form?
<?php
$con=mysqli_connect("host","user","password","db_name");
$sql="INSERT INTO users values (?, ?, ?)";
if ($stmt = mysqli_prepare($con,$sql)) ...
0
votes
2answers
395 views
PHP starting OOP MySQLi singleton
this is my first post on the whole StackExchange network, so I might make some mistakes. And I'm also spanish spearker, so I'll probably have mistakes in my writting too..
Context: I'm starting with ...
2
votes
2answers
78 views
Critiques and possible improvements for this DB abstraction class
I'm trying to code a simple and scalable PHP framework for my own use. Could you please offer some critiques or mandatory improvements for these 2 classes?
<!-- language: PHP -->
<?php
...
3
votes
1answer
659 views
PHP Register Page ( MYSQLI )
I have a website written in PHP but the whole script is old so today I started upgrading from Mysql to Mysqli.
So here's my register page. I still have to add account confirmation and send mail part ...
1
vote
1answer
40 views
How could I simplify this query?
How can this function be better? I feel there might be a more elegant way of doing it.
For a little background on the function. I am trying to evaluate if someone has read and seen all the questions ...
4
votes
2answers
236 views
Some questions about correct use of Mysqli (Connection, query)
I'm beginner PHP developer and it's my first time using mysqli. I've no idea about if i use a correct implementation of the connection and query because some people defend this method and some others ...
6
votes
2answers
358 views
Minimalistic mysql db class
I am really just looking to make sure I am not making any weird mistakes that could hurt me in the long run or if something seems odd in the way I imagine it to work. This code does work for the way I ...
1
vote
1answer
155 views
How can I make this code safer against XSS attacks?
I'm not sure what I'm doing wrong, but I run the code using a Web Vulnerability software and I get a lot of XSS attacks against the code. Is there something I could do better?
// connect to ...
-3
votes
1answer
115 views
A short MySQLi library that should solve SQL injection risks. Feedback? [closed]
I keep seeing SQL injection ready code posted on SO and I just can't believe people don't escape they SQL input variables. It should become a reflex but nobody's doing it.
So... I decided to share a ...
0
votes
1answer
93 views
Need a review on how I ran my MYSQL Queries
I was hoping there is a better way to accomplish the same thing I have here without 24 queries. I have two queries for each month of the year which adds up to 24 separate queries. Please see January's ...
1
vote
1answer
65 views
User Data Security Improvements
** Original Question From Stack Overflow **
I'm working on my site, and need help knowing what I need to do to improve the security of my login system.
If you feel so inclined, I would love some ...
1
vote
2answers
83 views
MySQLi Code Review for methods and functions used
I made my first script of MySQLi. I have just learnt it from 3rd party website. So, I am not sure i am using functions which are not deprecated or outdated. I should start to practice good scripts to ...
2
votes
1answer
138 views
Could really use some feedback on this registration code in php
I was hoping someone could give me some feedback on my code. I am still new to php and I'm sure I have messed up somewhere. The code pasted is for a registration page where users will submit their ...
0
votes
1answer
54 views
Is declaring a property as `public` insecure?
I posted a question few weeks back, on making a PHP Login Script. Most of you guys told me not to use global variables and especially for something like MySQLi connection object as it may be insecure. ...
3
votes
3answers
148 views
Improve Speed of RPI Calculation
It currently takes about 10 minutes to process ~16k teams and ~81k games. I could soon have ~17k teams with ~160k, and multiple sports. I run this as a cron job overnight and store the results in a ...
1
vote
2answers
130 views
Prepared Statements Function
Hello, CR :)
I've finally finished my universal query preparation function. Sorry about my previous post, I wasn't aware of the rules before.
Anyway, here is a working function. Any suggestions to ...
0
votes
1answer
72 views
(Procedural)(Snippet) MySQL to MySQLi. Any advice?
This is what i had before (using the MySQL api)
$info_get = mysqli_query("SELECT * FROM `users` WHERE `uid`='".$_SESSION['uid']."'") or die(mysqli_error());
$info = mysql_fetch_assoc($info_get);
...
3
votes
2answers
170 views
Can this class be improved?
I have this class whose code I pasted in full. The CredentialsManager class is not shown here as all it does is return the DB connection variables. My question is if this class can be improved or if ...
4
votes
1answer
3k views
Better way of handling data returned from fetch_assoc() (mysqli)
So I connected to the db, pull the data using fetch_assoc() (fetch_all(NUMB) is not available on the machine we are working with else this would be less of an issue). So I get the returned data and ...
3
votes
1answer
1k views
mysqli wrapper class
I made the following class to wrap mysqli for PHP using prepared statements. It seems to work well, but I was hoping to get opinions (on overall structure, performance, usage, etc.). Thanks for the ...
3
votes
2answers
396 views
Best practices to protect a database from bad data
I'm just getting into SQL injection and data sanitization and seeking some advice on my script to get started. I have made this simple program which allows the user to enter their name into a form and ...
6
votes
1answer
564 views
MySQLi DB library - quality/security review?
This libray was written quite some time ago, and it has so far been used in all sorts of small-ish projects.
I'm about to base a more complex, security (Access Control) related, open-source project ...
1
vote
1answer
179 views
Extracting Multiple Associative arrays in PHP
public static function find_user_tracks($id)
{
global $mySQL;
$sql = "SELECT * FROM `tracks` WHERE account_id = {$id}";
$result_set = $mySQL->query($sql);
$ret = array();
...
3
votes
1answer
819 views
Creating a database class in PHP with MySQLi
I am creating a database class in PHP but I feel that there's something wrong with my code. Is there any suggestion to refactor this? I feel like there's something wrong and missing in this code.
...
2
votes
2answers
88 views
Inserting data in the database through POST
My code here is completely working, but I feel like I destroyed or didn't follow the DRY rule, what suggestions can you give to me for this code??
<?php require_once("./includes/Utilities.php") ...
2
votes
2answers
91 views
Username verification class
Everything in this code is completely working, but I still feel that this code needs to be refactored. any suggestions?
<?php
class Db_CheckUsername{
protected $_conn;
...
2
votes
2answers
980 views
PHP-Mysqli example secure?
I'm just writing my first PHP-Mysqli sample (think about a Wiki 0.0.1) and I would like to ask you if this example is secure or not or if there are any other problems/suggestions you might recommend?
...
4
votes
2answers
220 views
Am I on the right track? PHP/MySQL
I have the following table called info:
info_name | info_value
name | Susan
desc | Human
I'm trying to print Susan without knowing that the value is Susan.
The following ...
2
votes
1answer
132 views
Another how could this mysqli php call be better
This code from a flex app and is the PHP to set that a user has read a section of text and answered a question correctly. So I write to a table that is similar to a bookmark, and then update the users ...
2
votes
1answer
312 views
How could this PHP function / mysqli call be better?
I just wanted to post my php code to see how it could be better. It works fine, but I feel that since I am new to this, it probably isn't best. For some background on the code, it is from a flex app ...
1
vote
2answers
215 views
Need Tips For Improving PHP Code
I am fairly new to PHP, and would love to have my code reviewed to see what I am doing wrong and ways to improve it. The code works fine, I just feel like there's an easier way to do this.
This is ...
2
votes
1answer
305 views
MySQLi_STMT wrapper, allows placeholders
I've made a simple wrapper for MySQLi_STMT, allowing the usage of placeholders and spares you the need to manually bind variables. The full code is at the bottom of this question (it's quite large, ...
6
votes
1answer
384 views
MySQLi_Recordset: blending SPL and Statement/Query results
I've made a SPL-based class named "Recordset" that wraps both MySQLi_STMT and MySQLi_Result objects and allows treating either as a 3-dimensional array. It requires PHP5.3+.
I'm pretty bummed about ...
11
votes
2answers
461 views
A take on DB Abstraction - PHP / MySql
It's a little bit more code but i wanted to show the full class. I highlight the points i'd like input after the source.
I've cut comments since they where not in english and translated the important ...
