Search Results

Search found 23901 results on 957 pages for 'mysql stored procedure'.

Page 426/957 | < Previous Page | 422 423 424 425 426 427 428 429 430 431 432 433  | Next Page >

  • Will these security functions be enough? (PHP)

    - by ggfan
    I am trying to secure my site so I don't have sql injections and xss scripting. Here's my code. //here's the from, for brevity, i just show a field for users to put firstname <form> <label for="first_name" class="styled">First Name:</label> <input type="text" id="first_name" name="first_name" value="<?php if (!empty($first_name)) echo $first_name; ?>" /><br /> //submit button etc </form> if (isset($_POST['submit'])) { //gets rid of extra whitesapce and escapes $first_name = mysqli_real_escape_string($dbc, trim($_POST['first_name'])); //check if $first_name is a string if(!is_string($first_name) { echo "not string"; } //then insert into the database. ....... } mysqli_real_espace_string: I know that this func escapes certain letters like \n \r, so when the data gets inputted into the dbc, it would have '\' next to all the escaped letters? --Will this script be enough to prevent most sql injections? just escaping and checking if the data is a string. For integers values(like users putting in prices), i just: is_numeric(). --How should I use htmlspecialchars? Should I use it only when echoing and displaying user data? Or should I also use this too when inputting data to a dbc? --When should I use strip_tags() or htmlspecialchars? SOO with all these function... if (isset($_POST['submit'])) { //gets rid of extra whitesapce and escapes $first_name = mysqli_real_escape_string($dbc, trim($_POST['first_name'])); //check if $first_name is a string if(!is_string($first_name) { echo "not string"; } //gets rid of any <,>,& htmlspecialchars($first_name); //strips any tags with the first name strip_tags($first_name) //then insert into the database. ....... } Which funcs should I use for sql injections and which ones should I use for xss?

    Read the article

  • Problem with joining to an empty table

    - by Imran Omar Bukhsh
    I use the following query: select * from A LEFT JOIN B on ( A.t_id != B.t_id) to get all the records in A that are not in B. The results are fine except when table B is completely empty, but then I do not get any records, even from table A. Later It wont work yet! CREATE TABLE IF NOT EXISTS T1 ( id int(11) unsigned NOT NULL AUTO_INCREMENT, title varchar(50) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, t_id int(11) NOT NULL, PRIMARY KEY (id) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ; -- -- Dumping data for table T1 INSERT INTO T1 (id, title, t_id) VALUES (1, 'apple', 1), (2, 'orange', 2); -- -- Table structure for table T2 CREATE TABLE IF NOT EXISTS T2 ( id int(11) NOT NULL AUTO_INCREMENT, title varchar(50) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, t_id int(11) NOT NULL, PRIMARY KEY (id) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ; -- -- Dumping data for table T2 INSERT INTO T2 (id, title, t_id) VALUES (1, 'dad', 2); Now I want to get all records in T1 that do not have a corresponding records in T2 I try SELECT * FROM T1 LEFT OUTER JOIN T2 ON T1.t_id != T2.t_id and it won't work

    Read the article

  • help me with the following sql query

    - by rupeshmalviya
    could somebody correct my following query, i am novice to software development realm, i am to a string builder object in comma separated form to my query but it's not producing desired result qyery is as follows and string cmd = "SELECT * FROM [placed_student] WHERE passout_year=@passout AND company_id=@companyId AND course_id=@courseId AND branch_id IN('" + sb + "')"; StringBuilder sb = new StringBuilder(); foreach (ListItem li in branch.Items) { if (li.Selected == true) { sb.Append(Convert.ToInt32(li.Value) +", "); } } li is integer value of my check box list which are getting generated may be differne at different time ...please also suggest me some good source to learn sql..

    Read the article

  • Worpress WorkFlow Modfications

    - by blgnklc
    Hi All WordPress Lovers, I would like to ask a help about Zensor which is a plugin that you publish a post then a moderator approves the post to be published on the wordpress blog site. When a post is awating for approval, each awaiting post is appearing "waiting moderation". But, I dont want any link appears before moderator approval. Actually I found the joing sentence below; 1- Must be added to the end of JOIN part of any query: LEFT JOIN wp_zensor ON ID = wp_zensor.post_id 2- Must be added to the end of WHERE condition : AND wp_zensor.moderation_status = 'approved' Could you please show me; where should I add these modification on the category link presentation below: <h2>Politics</h2> <?php $recent = new WP_Query("cat=31&showposts=1"); while($recent->have_posts()) : $recent->the_post();?> <b><a href="<?php the_permalink() ?>" rel="bookmark"><?php the_title(); ?></a></b> <?php the_content_limit(140, "devami &raquo;"); ?> <div class="hppostmeta"> <p><?php the_time('j F Y, H:i'); ?> | <?php the_author_posts_link(); ?></p> </div> <?php endwhile; ?> Or any general solutions will be welcomed. Thanks. BK

    Read the article

  • Show parts of the result of an SQL statement using PHP

    - by mouthpiec
    I have an SQL query which returns a set of data (around 40-50 tuples). I would like to display the results 5 at a time on an HTML page using PHP. I already managed to have the right SELECT statement, but i am having problems to display the results 5 by 5 using a "more" button. Can you please help? Note that every time i call the query, the data is being randomized, so it is not possible to set limits and call the query again. I have to find the method to store the results somewhere, and then show them 5 by 5.

    Read the article

  • A logical problem with two tables

    - by Luke
    Hey guys, I created a list for fixtures. $result = mysql_query("SELECT date FROM ".TBL_FIXTURES." WHERE compname = '$comp_name' GROUP BY date"); $i = 1; $d = "Start"; while ($row = mysql_fetch_assoc($result)) { $odate = $row['date']; $date=date("F j Y", $row['date']); echo "<p>Fixture $i - $d to $date</p>"; } As you can see from the query, the date is displayed from the fixtures table. The way my system works is that when a fixture is "played", it is removed from this table. Therefore when the entire round of fixtures are complete, there wont be any dates for that round in this table. They will be in another table. Is there anyway I can run an other query for dates at the same time, and display only dates from the fixtures table if there isnt a date in the results table? "SELECT * FROM ".TBL_CONF_RESULTS." WHERE compid = '$_GET[id]' && type2 = '2' ORDER BY date" That would be the second query!

    Read the article

  • Binary string search on one field.

    - by CrazyJoe
    I have 300 boolean fields in one table, and im trying to do somithing like that: One string field: 10000010000100100100100100010001 Ha a simple way to do a simple search os this field like: select * from table where field xor "10000010000100100100000000010001" Im tring this but is to long: select * from teste where mid(info,2,1) and mid(info,3,1) :) Help!!

    Read the article

  • trying to redirect the php page is get id is empty ir does not exists.

    - by user570782
    <? include..... if ($picid != $_GET['picid']) || (empty($picid)) { echo "page not working"; } else { $picid = $_GET['picid']; $query = mysql_query("SELECT * FROM pic_info WHERE picid = 'picid1' ");// problem while($rows = mysql_fetch_assoc($query)): $picid = $rows['picid']; $title = $rows['title']; $link = $rows['link']; $description = $rows['description']; $movie_pic = $rows['movie_pic']; $source = $rows['source']; } $get_comment = mysql_query("SELECT * FROM comment WHERE picid ='$picid'");// work partially $comment_count = mysql_num_rows($get_comment); if ($comment_count>0) { messages = " "; while ($com = mysql_fetch_array($get_comment)){ $comment_id = $com['comment_id']; $name = $com['name']; $message = $com['message']; $time_post= $com['time_post']; $messages .= '<em> on ' .$time_post.'</em><b> '.$name.' said.....</b><br/> '.$message.'<hr/>'; // line with problem } } ?> i am stuck i am trying to say that if $_GET['picid']; is empty echo out error message or if the movid does not exist in the db echo out error message. when i run it i get an error. not sure if i am calling the correct function. what am i doing wrong please help

    Read the article

  • Zend Framework Multiple Table Query

    - by Jeff
    I am looking to execute this statement via Zend Framework. As I understand it, I can use Zend_Db_Select. Is it possible to use Zend_Db_Table? Three tables: classes, students, and class_students select classes.name, students.student_id, students.fname, students.lname from students, classes, class_students where class_students.student_id=students.student_id AND class_students.class_id=classes.class_id;

    Read the article

  • Simple PHP query question: LIKE

    - by pg
    When I replace $ordering = "apples, bananas, cranberries, grapes"; with $ordering = "apples, bananas, grapes"; I no longer want cranberries to be returned by my query, which I've written out like this: $query = "SELECT * from dbname where FruitName LIKE '$ordering'"; Of Course this doesn't work, because I used LIKE wrong. I've read through various manuals that describe how to use LIKE and it doesn't quite make sense to me. If I change the end of the db to "LIKE "apples"" that works for limiting it to just apples. Do I have to explode the ordering on the ", " or is there a way to do this in the query?

    Read the article

  • Storing database records into array

    - by zerey
    I would want to create an array that will hold records retrieved from a database using a query of SELECT statement. The records to be retrieved have multiple fields such as lastname, firstname, mi and 20 more fields. What would be the best approach on coding this function? alright i have followed what prisoner have given below.. the next question is how do i search through this kind of array using queries? for example i want to search for a username..

    Read the article

  • Autopopulate from Select box from database

    - by Chris Spalton
    hope you can help, please forgive any poor coding or anytihng, I'm new to this and just hacking my way through to get things to work. That said, on one of my projects I have this code, which successfully populates the dropdown from a database when the page is loaded: <select name="Region" id="Region"> <option value="">-- Select Region --</option> <?php $region=$POST['Region']; if ($region); { $regionquery = "SELECT DISTINCT REGION FROM Sales_Execs "; $regionresult = mysql_query($regionquery); while($row = mysql_fetch_array($regionresult)) { echo "<option value=\"".$row['REGION']."\">".$row['REGION']."</option>\n "; } } ?> <script type="text/javascript"> document.getElementById('Region').value = <?php echo json_encode(trim($_POST['Region']));?>; </script> </select> On my next project that I'm working on now, I need to do the same thing, so I copied the above code amended, and placed in my new project: <select name="Sales_Exec" id="Sales_Exec"> <option value="">-- Select SE --</option> <?php $salesexec=$POST['Sales_Exec']; if ($salesexec); { $salesexecquery = "SELECT DISTINCT Assigned FROM Data "; $salesexecresult = mysql_query($salesexecquery); while($row = mysql_fetch_array($salesexecresult)) { echo "<option value=\"".$row['ASSIGNED']."\">".$row['ASSIGNED']."</option>\n "; } } ?> <script type="text/javascript"> document.getElementById('Sales_Exec').value = <?php echo json_encode(trim($_POST['Sales_Exec']));?>; </script> </select> This second chunk of code doesn't work... and I can't work out why as it seems I've copied it all and amended all the neccersary parts, can anyone spot what is wrong? Thankyou!

    Read the article

  • check if a table exsist in where

    - by Luca Romagnoli
    This query generates an error because table2 doesn't exist: Select * FROM table WHERE table2.id IS NOT NULL Is there anything like this for check the table2 before apply the check on the id? Select * FROM table WHERE (EXIST(table2) AND table2.id IS NOT NULL) or not EXIST(table2) Thanks

    Read the article

  • Why does this properly escaped SQL query fail?

    - by Jason Rhodes
    Here's the query: INSERT INTO jobemails (jobid, to, subject, message, headers, datesent) VALUES ('340', '[email protected]', 'We\'ve received your request for a photo shoot called \'another\'.', 'message', 'headers', '2010-04-22 15:55:06') The datatypes are all correct, it always fails at the subject, so it must be how I'm escaping the values, I assume. I'm sure one of you will see my idiot mistake right away. A little help?

    Read the article

  • Database design for business numbers

    - by Rob Morris
    I'm in need of some help, I need to store the information below into a database, what would the relational database structure be for this: Then I need to create a dropdown for the insurance company followed by another dropdown depending on what the first dropdown selected value was, then once both selects have been chosen display the relevant telephone number. I guess i need to query the database, then display the dropdowns using javascript(jquery) or Ajax?

    Read the article

  • Is it possible to integrate user databases between Drupal and an ASP&SQL Server platform?

    - by hecatomber
    We have a game project designed on ASP&SQL Server, and we need to integrate it's user database with Drupal. This would be easier from Project to Drupal (since there is user_save and user_delete functions available globally by using drupal bootstrap) but I'm not sure if we can execute PHP functions on an ASP platform. Is there any documentation for this kind of problems? What do you suggest?

    Read the article

  • Easy way to compute how close an auto_increment is to its maximum value?

    - by David M
    So yesterday we had a table that has an auto_increment PK for a smallint that reached its maximum. We had to alter the table on an emergency basis, which is definitely not how we like to roll. Is there an easy way to report on how close each auto_increment field that we use is to its maximum? The best way I can think of is to do a SHOW CREATE TABLE statement, parse out the size of the auto-incremented column, then compare that to the AUTO_INCREMENT value for the table. On the other hand, given that the schema doesn't change very often, should I store information about the columns' maximum values and get the current AUTO_INCREMENT with SHOW TABLE STATUS?

    Read the article

  • How to skip an empty LIKE operator in a multiple LIKE query?

    - by alex
    I notice my query doesn't behave correctly if one of the like variables is empty: SELECT name FROM employee WHERE name LIKE '%a%' AND color LIKE '%A%' AND city LIKE '%b%' AND country LIKE '%B%' AND sport LIKE '%c%' AND hobby LIKE '%C%' Now when a and A are not empty it works but when a, A and c are not empty the c part is not excuted so it seems? How can I fix this?

    Read the article

  • PHP: Building A Stock Index Using Yahoo Finance [on hold]

    - by Jeremy
    I have the following code which is pulling data but it is not outputting properly. <?php class YahooStock { public function getQuotes(){ $stocks = array(); $result = array(); $s = file_get_contents("http://finance.yahoo.com/d/quotes.csv?s=AMZN+CRM+CNQR+CTL+CTXS+DWRE+EMC+GOOG+HP+IBM+JIVE+LNKD+MKTO+MSFT+N+NFLX+NOW+ORCL+RAX+SAP+T+VEEV+VMW+VZ+WDAY&f=npf6&e=.csv"); $data = explode( ',', $s); $result = $data; return $result; } } $objYahooStock = new YahooStock; foreach( $objYahooStock->getQuotes() as $code => $result){ echo 'Name:' . $result[0] . '<br />'; echo 'Price:' . $result[1] . '<br />'; echo 'Float:' . $result[2] . '<br />'; } ?> The output looks like it is separating every character with a comma instead of each column: Name:" Price:A Float:m Name: Price:I Float:n Name:3 Price:3 Float:2 Name: Price: Float: Any help is appreciated!

    Read the article

  • detection of 'flush tables with read lock' in php

    - by theduke0
    I would like to know from my application if a myisam table can accept writes (i.e. not locked). If an exception is thrown, everything is fine as I can catch this and log the failed statement to a file. However, if a 'flush tables with read lock' command has been issued (possibly for backup), the query I send will pretty much hang out forever. If one table is locked at a time, insert delayed works well. But when this global lock is applied, my query just waits. The query I run is an insert statement. If this statement fails or hangs, user experience is degraded. I need a way to send the query to the server and forget about it (pretty much). Does anyone have any suggestions on how to deal with this? -set a query timeout? -run asyncronous request and allow for the lock to expire while application continues? -fork my php process? Please let me know if I can provide and clarification or details.

    Read the article

< Previous Page | 422 423 424 425 426 427 428 429 430 431 432 433  | Next Page >