Tagged Questions
11
votes
2answers
517 views
10
votes
4answers
711 views
Is this function vulnerable to SQL injection?
I've this function to list products from database by category. I'm using prepared statements but wouldn't this make it pretty pointless to use them?
...
8
votes
2answers
569 views
Comparing data in 2 tables on different servers with CHECKSUM
So I've had a problem where I need to compare data in 2 different tables on two different servers. Now, I know MySQL supports CHECKSUM TABLES, but from my testing ...
6
votes
1answer
68 views
Removing image records if no physical file exists
I have a working script that selects image fields in all tables and empty their values if the physical file doesnt exist.
...
5
votes
2answers
1k views
Is this PHP/sqlite code safe?
I am a 3rd year computer science undergraduate. One of my university lecturers has developed his own page for students to submit work. It came up that one student was accused of hacking (sic) by the ...
5
votes
3answers
374 views
Is this code SQL injection proof?
I don't see anyway for a SQL attack to happen with its all hard coded.
...
5
votes
1answer
101 views
System for inputting and monitoring worker shifts
I've been building a system for inputting and monitoring shifts for casual staff, who work across multiple sites with the ability to generate accounting information.
I've had some help from Stack ...
5
votes
1answer
35 views
Updating number of article views - potential concurrent access issue?
I have articles on my website (built in PHP) and when an article is viewed the number of views is recorded back in the database. The SQL code snippet of my load ...
5
votes
1answer
780 views
PHP Login Authentication with BCrypt
So I have a php authentication script and everything works fine. But I'm very unsure about the way I programmed it (i hardcoded some stuff) and I was hoping stack could look through this and point out ...
4
votes
4answers
494 views
Two while for the same query
If I have to loop results of a query echoing first all fields of a column, then echoing something not to loop, then fields of another column.
...
4
votes
3answers
145 views
Did you like my product?
I have the following MySQL query which selects product details and whether the viewing user likes them. I feel like it could be more efficient and that there is a more practical approach than using a ...
4
votes
2answers
388 views
Is there a PHP security exploit with $_POST in my code?
I posted this question here.
And an answer stated that I should not do:
$table_name = 'survey_'.$_POST['surveyid'];
because
It is easy for a hacker to ...
4
votes
3answers
621 views
4
votes
2answers
155 views
Injections and query
I made a class that connects to my DB and inserts some values. Is it secure or how can I protect this further from injections? The object declaration will come from variables with POST from a form, ...
4
votes
3answers
70 views
Web application to insert into MySQL database
I'm currently learning PHP, SQL/MySQL and HTML to develop a web application project (I have very little practical experience in all of these.) To get started, I spent far too long and many questions ...
4
votes
1answer
36 views
Speeding up class that uses an ODBC connection
I have created a class that gets data from an ODBC connection. The code works but it is really slow - I'm talking up to 1.20ish minutes to run. I know my code is inefficient but I'm really not sure ...
4
votes
1answer
111 views
Make this MySQL query more elegant &/or efficient
I have created a MySQL query that works, but I feel there must be a better way. The query will be used by a PHP script whose purpose is to assign conditions & subconditions to new participants in ...
4
votes
2answers
63 views
SQL - query syntax
I need advise whether my database structure is correct and what is the appropriate query syntax that can be used.
Table1
...
4
votes
1answer
131 views
Code Reiview for an PHP PDO Queries? is there a better way to do it?
so this is my code for a equipping an item in my game dev't:
...
4
votes
2answers
117 views
How can I improve this set of queries in PHP
Okay so as I learn more about PHP and really strive to improve my code I have a few questions about a current setup of mine and how to approach it in the best way.
I think I have all the tools ...
4
votes
1answer
261 views
Please review my PDO Database wrapper
The subject is this small project - PHP/MySQL Database wrapper
The three main goals of this projects are:
Easy way to map database columns to object properties
Simple solution to insert or update ...
3
votes
4answers
167 views
Are these two scripts secure enough from exploits?
I'll gladly appreciate it if you could review my code below and let me know if they are sufficiently secure.
My main website and these scripts will use same database, so I need to make sure they are ...
3
votes
2answers
128 views
Querying a database with PHP
I'm new to PHP programming. I would love some feedback on this simple code I wrote which queries a database based on some arguments supplied by a user and returns an HTML table displaying the data.
...
3
votes
3answers
175 views
Parsing Placeholders as SQL Arguments in PHP
I am trying to find a good way of parsing SQL arguments, the way I am accomplishing it now seems like it can use a lot of improvement. I am trying to convert arguments that are split apart by ', & ...
3
votes
1answer
145 views
3
votes
2answers
208 views
Review some of my code
I'm working on a simple CMS. It's working quite ok, but I think my code can be improved a bit~ so i'm reaching out to you experts. I work with a section.php, which is included from the index.php with ...
3
votes
2answers
518 views
Protecting a database from bad data
I'm just getting into SQL injection and data sanitization and seeking some advice on my script to get started. I have made this simple program which allows the user to enter their name into a form and ...
3
votes
2answers
271 views
Gathering data from database
The following code has one of the most confusing lines I've ever wrote. I can imagine ten other way to write it but I do not know which else could be any better. So I'm here to ask you fellows how ...
3
votes
1answer
104 views
Performance on PHP sql queries
I'm barely learning PHP and MYSQL so I don't know much about performance, I've wrote this script to fetch and format content from my DB, it also counts how many result are and separate them in to ...
3
votes
1answer
150 views
Is this an efficient way of accessing the database?
I followed this tutorial to create an SQL "factory".
The link shows how to make a class who's methods will output SQL statements based on the arguments you pass to it, and I've expanded on it with ...
3
votes
1answer
378 views
3
votes
1answer
1k views
Codeigniter active record - prepared statement assistance
I understand that I should use prepared statements to prevent sql injection. Unfortunately, having read the php docs on the matter I am none the wiser. Here is one of my simple active record sql ...
3
votes
2answers
2k views
PHP SQLQuery class
I created a PHP class to handle building SQL query strings. I need advice on how to make the code more efficient.
...
2
votes
1answer
478 views
Too many queries. Better way to do this? [closed]
What would be the best way of doing this?
This way seems like it'd generate far too many queries:
http://pastebin.com/0iWMugWu
Basically, fetch fields from a database and then fetch the images that ...
2
votes
2answers
453 views
My simple CMS system - security and code obscurity?
I'm working on a simple CMS with the intent of making it as secure as possible (a personal challenge) and the code as clean as possible. I think I've a long way to go so I would appreciate any input, ...
2
votes
1answer
2k views
Converting entire table to JSON data. Is there a better way?
Building a 'card' database: I'm simply learning to take input data and store to database. Incorporating JSON, PDO, SQL, and enforcing my general coding skills through PHP, hopefully.
...
2
votes
1answer
113 views
How can I improve this PHP code which builds an SQL query?
How can I write this PHP code better? It puts together an SQL query string from user input. The task is to return search results based on one or more text fields. The user can determine if partial ...
2
votes
2answers
165 views
Submit form data to MYSQL table with PHP execute
I have written code to send a simple email submission form to a sql table so that I can manage the data. I would like feedback on whether or not the code that I have written is efficient and secure. I ...
2
votes
3answers
226 views
Remove vulnerabilities from query on public website [closed]
I think that the following query is preventing against SQL injection, but what other measures do I need to take to ensure my queries are 100% safe from any malicious attacks?
...
2
votes
1answer
59 views
Two script completing the same task, which is the best way?
I have the following two methods of completing the same task, however I'd like to know which is the preferred method and WHY? Or if there are any suggestions to complete the task in an even better, ...
2
votes
4answers
1k views
Multi column search
I have 4 text columns, a mix of Varchar and Text. I need to find rows in a table where all words searched for are present across the 4 columns.
The 4 columns are:
name
type
keywords
description
...
2
votes
1answer
67 views
UserDAO with CRUD functionality for my UserRepository
This is my first attempt at creating a DAO.
I would like to get some feedback regarding the following aspects if possible:
Code readability
Efficiency
Usability
I also would appreciate any other ...
2
votes
1answer
157 views
Correct use of my JOIN and arrays to fetch the data?
After learning a lot about programming, I've decided to write some code pertaining to scripting and use of different functions. I've come to a point where I'd like others to verify my code for ...
2
votes
2answers
247 views
Storing Hierarchical Data in a Database
in a extension tho this post Pages system PHP/SQL
I've created this class/script to handle Multi-dimensional Menus wich data it's stored in a DB... I need some feedback and new ideas... (all of this ...
2
votes
1answer
267 views
Newsletter SQL query optimization
I want to build a small newsletter like tool which sends mails in pre-defined timespans. First after registration, second 14 days later, third 7 days later etc.
I came across for two database designs ...
2
votes
1answer
594 views
Polling script to determine the continuous time a user has been connected
I've been asked to keep track of how long a user has been connected to a site without interruption.
So far the solution I've come up with is to use ajax to poll the site every now and then to check ...
2
votes
1answer
149 views
Website for updating a div
I've built a web site that uses AJAX to update a div. Most of the data displayed in the div is drawn from a MySQL database. All the pages are PHP.
I've tried to follow best practices. I put all the ...
2
votes
1answer
612 views
Converting looped row in table from datetime to string [closed]
I am trying to pull out the whole column for row[3] in the following script. Everything works, but unfortunately, the code is only pulling out the last row's data from the whole page while everything ...
2
votes
1answer
57 views
Is having preset queries prone for disaster?
Edit Just did some further reading around the website and have come to the conclusion that this method leads to Leaky Abstraction, sorry for wasting peoples time. Time to head back to the drawing ...
2
votes
1answer
97 views
Working Mysql Query but i need more optimize this query
This project is based on trivia(Question/Answer Quiz) basically scenario its so simple but i have to improve/ more optimize my query using these tables
I have 5 different table.... (working Query)
...
