Search Results

Search found 34274 results on 1371 pages for 'mysql table'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 507/1371 | < Previous Page | 503 504 505 506 507 508 509 510 511 512 513 514  | Next Page >

  • Is this a secure way to structure a mysql_query in PHP

    - by Supernovah
    I have tried and tried to achieve an SQL injection by making custom queries to the server outside of firefox. Inside the php, all variables are passed into the query in a string like this. Note, by this stage, $_POST has not been touched. mysql_query('INSERT INTO users (password, username) VALUES(' . sha1($_POST['password']) . ',' . $_POST['username'] . ')); Is that a secure way to make a change?

    Read the article

  • Difference between "and" and "where" in joins

    - by Midhat
    Whats the difference between SELECT DISTINCT field1 FROM table1 cd JOIN table2 ON cd.Company = table2.Name and table2.Id IN (2728) and SELECT DISTINCT field1 FROM table1 cd JOIN table2 ON cd.Company = table2.Name where table2.Id IN (2728) both return the same result and both have the same explain output

    Read the article

  • How can I secure my $_GETs in PHP?

    - by ggfan
    My profile.php displays all the user's postings,comments,pictures. If the user wants to delete, it sends the posting's id to the remove.php so it's like remove.php?action=removeposting&posting_id=2. If they want to remove a picture, it's remove.php?action=removepicture&picture_id=1. Using the get data, I do a query to the database to display the info they want to delete and if they want to delete it, they click "yes". So the data is deleted via $POST NOT $GET to prevent cross-site request forgery. My question is how do I make sure the GETs are not some javascript code, sql injection that will mess me up. here is my remove.php //how do I make $action safe? //should I use mysqli_real_escape_string? //use strip_tags()? $action=trim($_GET['action']); if (($action != 'removeposting') && ($action != 'removefriend') && ($action != 'removecomment')) { echo "please don't change the action. go back and refresh"; header("Location: index.php"); exit(); } if ($action == 'removeposting') { //get the info and display it in a form. if user clicks "yes", deletes } if ($action =='removepicture') { //remove pic } I know I can't be 100% safe, but what are some common defenses I can use. EDIT Do this to prevent xss $action=trim($_GET['action']); htmlspecialchars(strip_tags($action)); Then when I am 'recalling' the data back via POST, I would use $posting_id = mysqli_real_escape_string($dbc, trim($_POST['posting_id']));

    Read the article

  • select distinct over specific columns

    - by Midhat
    A query in a system I maintain returns QID AID DATA 1 2 x 1 2 y 5 6 t As per a new requirement, I do not want the (QID, AID)=(1,2) pair to be repeated. We also dont care what value is selected from "data" column. either x or y will do. What I have done is to enclose the original query like this SELECT * FROM (<original query text>) Results group by QID,AID Is there a better way to go about this? The original query uses multiple joins and unions and what not, So I would prefer not to touch it unless its absolutely necesary

    Read the article

  • Writing an installer using codigniter

    - by RobertWHurst
    I'm just about finished my first release of automailer, a program I've been working on for a while now. I've just got to finish writing the installer. Its job is to rewrite the codigniter configs from templates. I've got the read/write stuff working, but I'd like to be able to test the server credentials given by the user without codingiter throwing a system error if they're wrong. Is there a function other than mysql_connect that I can use to test a connection that will return true or false and won't make codeigniter have a fit?

    Read the article

  • SQL Join only returning 1 row.

    - by kevin
    Not quite sure what I'm missing, but my SQL statement is only returning one row. SELECT tl.*, (tl.topic_total_rating/tl.topic_rates) as topic_rating, COUNT(pl.post_id) - 1 as reply_count, MIN(pl.post_time) AS topic_time, MAX(pl.post_time) AS topic_bump FROM topic_list tl JOIN post_list pl ON tl.topic_id=pl.post_parent WHERE tl.topic_board_link = %i AND topic_hidden != 1 ORDER BY %s I have two tables (post_list and topic_list), and post_list's post_parent links to a topic_list's topic_id. Instead of returning all the topics (where their board's topic_board_link is n), it only returns one topic.

    Read the article

  • PHP mysql_fetch does not return values

    - by Petr
    Hi, Being quite new with PHP, I cannot find any solution why this does not work. The query is OK and the resource is returned. But I dunno why fetch_assoc does not print values. Thanks $query=sprintf("SELECT ID,NAME FROM USERS WHERE PASS='%s' AND NAME='%s'",mysql_real_escape_string($p),mysql_real_escape_string($n)); $result=mysql_query($query); if ($result) { while ($row = mysql_fetch_assoc($result)) { echo $row['ID']; echo $row['NAME']; } } }

    Read the article

  • searching array of words faster

    - by Martijn
    hi eveybody i want to look how much an array comes in a database. Its pretty slow and i want to know if there's a way of searching like multiple words or an whole array without a for loop.. i'm struggeling for a while now. here's my code $dateBegin = "2010-12-07 15:54:24.0"; $dateEnd = "2010-12-30 18:19:52.0"; $textPerson = " text text text text text text text text text text text text text text "; $textPersonExplode = explode(" ", $textPerson ); $db = dbConnect(); for ( $counter = 0;$counter <= sizeof($textPersonExplode)-1 ; $counter++) { $query = "SELECT count(word) FROM `news_google_split` WHERE `word` LIKE '$textPersonExplode[$counter]' AND `date` >= '$dateBegin' AND `date` <= '$dateEnd'"; $result = mysql_query($query) or die(mysql_error()); while($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $word[] = $textPersonExplode[$counter]; $count[] = $row[0]; } if (!$result) { die('Invalid query: ' . mysql_error()); } } thanks for the help.

    Read the article

  • java class that simulates a simple database table

    - by ericso
    I have a collection of heterogenous data that I pull from a database table mtable. Then, for every unique value uv in column A, I compute a function of (SELECT * FROM mtable WHERE A=uv). Then I do the same for column B, and column C. There are rather a lot of unique values, so I don't want to hit the db repeatedly - I would rather have a class that replicates some of the functionality (most importantly some version of SELECT WHERE). Additionally, I would like to abstract the column names away from the class definition, if that makes any sense - the constructor should take a list of names as a parameter, and also, I suppose, a list of types (right now this is just a String[], which seems hacky). I'm getting the initial data from a RowSet. I've more or less done this by using a hashmap that maps Strings to lists/arrays of Objects, but I keep getting bogged down in comparisons and types, and am thinking that my current implementation really isn't as clean and clear as it could be. I'm pretty new to java, also, and am not sure if I'm not going down a completely incorrect path. Does anyone have any suggestions?

    Read the article

  • wp+sql+image not goin in the folder

    - by happy
    this is my code for uploading image in database but image are going to the desird forlder...but when i m tryin to retrieve the images to diaplay,,they are not displayed..anyone help me...... $category=$_POST['category']; $uploadDir = 'D:/xampp/htdocs/js/wordpress/wp-content/plugins/img/imagess/ '; $fileName = $_FILES['Photo']['name']; $tmpName = $_FILES['Photo']['tmp_name']; $fileSize = $_FILES['Photo']['size']; $fileType = $_FILES['Photo']['type']; $filePath = $uploadDir . $fileName; $result = move_uploaded_file($tmpName,$filePath); if (!$result) { echo "Error uploading file"; exit; } if(!get_magic_quotes_gpc()) { $fileName = addslashes($fileName); $filePath = addslashes($filePath); } global $wpdb; //$insert=$wpdb->insert('images',array('image_name'=>$filePath,'cat_name'=>$category),array('%b','%s')); $insert=$wpdb->insert('images',array('image_name'=>$filePath,'cat_name'=>$category)); $wpdb->insert('categories',array('cat_name'=>$category)); echo "Successfully Submitted";

    Read the article

  • custom function is not getting called

    - by nectar
    here my code - $child1 = create_childid()."01"; $sqltree = "INSERT INTO tbltree (`userId`, `level`, `superId`, `rootId`, `childcount`) VALUES ('$child1', '1', '$newid', '$myroot', '0');"; mysql_query($sqltree); echo $newid; update_level(); $child2 = create_childid()."02"; $sqltree = "INSERT INTO tbltree (`userId`, `level`, `superId`, `rootId`, `childcount`) VALUES ('$child2', '1', '$newid', '$myroot', '0');"; mysql_query($sqltree); update_level(); $child3 = create_childid()."03"; $sqltree = "INSERT INTO tbltree (`userId`, `level`, `superId`, `rootId`, `childcount`) VALUES ('$child3', '1', '$newid', '$myroot', '0');"; mysql_query($sqltree); update_level(); $child4 = create_childid()."04"; $sqltree = "INSERT INTO tbltree (`userId`, `level`, `superId`, `rootId`, `childcount`) VALUES ('$child4', '1', '$newid', '$myroot', '0');"; mysql_query($sqltree); update_level(); $child5 = create_childid()."05"; $sqltree = "INSERT INTO tbltree (`userId`, `level`, `superId`, `rootId`, `childcount`) VALUES ('$child5', '1', '$newid', '$myroot', '0');"; mysql_query($sqltree); update_level(); ERROR : update_level(); is executing only once why??

    Read the article

  • Array values changing unexpectedly

    - by Lizard
    I am using cakephp 1.2 and I have an array that appears to have a value change even though that variable is not being manipulated. Below is the code to that is causing me trouble. PLEASE NOTE - UPDATE Changing the variable name makes no difference to the outcome, The values get changed somewhere between the two print_r calls, and I can't see why the $this-find would do this . echo "Start of findCountByString()"; print_r($myArr); $test = $this->find('count', array( 'conditions' => $conditions, 'joins' => array('LEFT JOIN `articles_entities` AS ArticleEntity ON `ArticleEntity`.`article_id` = `Article`.`id`'), 'group' => 'Article.id' )); echo "End of findCountByString()"; print_r($myArr); I am getting the following output: Start of findCountByString() Array ( [0] => 4bdb1d96-c680-4c2c-aae7-104c39d70629 [1] => 4bdb1d6a-9e38-479d-9ad4-105c39d70629 [2] => 4bdb1b55-35f0-4d22-ab38-104e39d70629 [3] => 4bdb25f4-34d4-46ea-bcb6-104f39d70629 ) End of findCountByString() Array ( [0] => 4bdb1d96-c680-4c2c-aae7-104c39d70629 [1] => 4bdb1d6a-9e38-479d-9ad4-105c39d70629 [2] => 4bdb1b55-35f0-4d22-ab38-104e39d70629 [3] => '4bdb25f4-34d4-46ea-bcb6-104f39d70629' # This is now in inverted commas ) The the value in my array have changed, and I don't know why? Any suggestions?

    Read the article

  • Why is it inserting 0's instead of blank spaces into my DB using php?

    - by zeckdude
    I have an insert: $sql = 'INSERT into orders SET fax_int_prefix = "'.$_SESSION['fax_int_prefix'].'", fax_prefix = "'.$_SESSION['fax_prefix'].'", fax_first = "'.$_SESSION['fax_first'].'", fax_last = "'.$_SESSION['fax_last']; The value of all of these fields is that they are blank right before the insert. Here is an example of one of them I echo'd out just before the insert: $_SESSION[fax_prefix] = For some reason it inserts the integer 0, instead of a blank value or null, as it should. Why is it inserting 0's instead of blank spaces into my DB?

    Read the article

  • Prioritize SQL WHERE clause

    - by JaTochNietDan
    Basically I want to do this: SELECT * FROM `table` WHERE x = 'hello' OR x = 'bye' LIMIT 1'; I want it to return 1 value, but to prioritize results from the 1st where clause. So if there exists a row where column x's value is "hello", it will not return the result from the 'bye' value. If the "hello" value doesn't exist though, it will return the result from the 'bye' value. Can't figure out a way to do it even though it seems fairly trivial. Any ideas?

    Read the article

  • What would be the Better db design for the old db structure?

    - by yawok
    i've a old database where i store the data of the holidays and dates in which they are celebrated.. id country hdate description link 1 Afghanistan 2008-01-19 Ashura ashura 2 Albania 2008-01-01 New Year Day new-year the flaws in the above structure is that, i repeat the data other than date for every festival and every year and every country.. For example, I store a new date for 2009 for ashura and afghanistan .. I tried to limit the redundancy and split the tables as countries (id,name) holidays (id, holiday, celebrated_by, link) // celebrated_by will store the id's of countries separated by ',' holiday_dates (holiday_id, date, year) // date will the full date and year will be as 2008 or 2009 Now i have some problems with the structure too.. consider that i store the holiday like Independence day , its common for more countries but will have different dates. so how to handle this and and the link will have to be different too.. And i need to list the countries which celebrates the same holiday and also when i describe about a single holiday i need to list all the other holidays that country would be celebrating.. And the most of all , i already have huge amount of data in the old tables and i need to split it to the new one once the new design is finalized... Any ideas?

    Read the article

  • How can I select the required records?

    - by simple
    Tables: Product: [id, name, brand_id, is_published] Brand: [id, name, is_published] Awards: [id, name] ProductAwards [product_id, award_id] How do I select the list of PUBLISHED brands along with the number of AWARDS of brand's products that are Published. I am cool with all the part except issuing the "is_published" restriction when counting Awards. I hope this is clear; can anyone just suggest where to dig?

    Read the article

  • INSERT INTO othertbl SELECT * tbl

    - by Harry
    Current situation: INSERT INTO othertbl SELECT * FROM tbl WHERE id = '1' So i want to copy a record from tbl to othertbl. Both tables have an autoincremented unique index. Now the new record should have a new index, rather then the value of the index of the originating record else copying results in a index not unique error. A solution would be to not use the * but since these tables have quite some columns i really think it's getting ugly. So,.. is there a better way to copy a record which results in a new record in othertbl which has a new autoincremented index without having to write out all columns in the query and using a NULL value for the index. -hope it makes sense....-

    Read the article

  • how to change a while sql query loop into an array loop

    - by Mac Taylor
    hey guys i record number of queries of my website and in page the below script runs , 40 extra queries added to page . how can I change this sql connection into a propper and light one function tree_set($index) { //global $menu; Remove this. $q=mysql_query("select id,name,parent from cats where parent='$index'"); if(mysql_num_rows($q) === 0) { return; } // User $tree instead of the $menu global as this way there shouldn't be any data duplication $tree = $index > 0 ? '<ul>' : ''; // If we are on index 0 then we don't need the enclosing ul while($arr=mysql_fetch_assoc($q)) { $subFileCount=mysql_query("select id,name,parent from cats where parent='{$arr['id']}'"); if(mysql_num_rows($subFileCount) > 0) { $class = 'folder'; } else { $class = 'file'; } $tree .= '<li>'; $tree .= '<span class="'.$class.'">'.$arr['name'].'</span>'; $tree .=tree_set("".$arr['id'].""); $tree .= '</li>'."\n"; } $tree .= $index > 0 ? '</ul>' : ''; // If we are on index 0 then we don't need the enclosing ul return $tree; } i heard , this can be done by changing it into an array , but i don't know how to do so thanks in advance

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 503 504 505 506 507 508 509 510 511 512 513 514  | Next Page >