Search Results

Search found 27396 results on 1096 pages for 'mysql query'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 509/1096 | < Previous Page | 505 506 507 508 509 510 511 512 513 514 515 516  | Next Page >

  • Will these security functions be enough? (PHP)

    - by ggfan
    I am trying to secure my site so I don't have sql injections and xss scripting. Here's my code. //here's the from, for brevity, i just show a field for users to put firstname <form> <label for="first_name" class="styled">First Name:</label> <input type="text" id="first_name" name="first_name" value="<?php if (!empty($first_name)) echo $first_name; ?>" /><br /> //submit button etc </form> if (isset($_POST['submit'])) { //gets rid of extra whitesapce and escapes $first_name = mysqli_real_escape_string($dbc, trim($_POST['first_name'])); //check if $first_name is a string if(!is_string($first_name) { echo "not string"; } //then insert into the database. ....... } mysqli_real_espace_string: I know that this func escapes certain letters like \n \r, so when the data gets inputted into the dbc, it would have '\' next to all the escaped letters? --Will this script be enough to prevent most sql injections? just escaping and checking if the data is a string. For integers values(like users putting in prices), i just: is_numeric(). --How should I use htmlspecialchars? Should I use it only when echoing and displaying user data? Or should I also use this too when inputting data to a dbc? --When should I use strip_tags() or htmlspecialchars? SOO with all these function... if (isset($_POST['submit'])) { //gets rid of extra whitesapce and escapes $first_name = mysqli_real_escape_string($dbc, trim($_POST['first_name'])); //check if $first_name is a string if(!is_string($first_name) { echo "not string"; } //gets rid of any <,>,& htmlspecialchars($first_name); //strips any tags with the first name strip_tags($first_name) //then insert into the database. ....... } Which funcs should I use for sql injections and which ones should I use for xss?

    Read the article

  • retrieve value from db in php

    - by wangdoo
    I have a db in which 1 column value will be always null.I want it to pass to next page but it is passing all values of other column except this null value column. This is my code $row=mysql_query("SELECT * FROM `thirdpartycategorymaster` WHERE ISNULL(`delete`)"); while($row1=mysql_fetch_array($row)) { <td><b><a href="catdel.php?head1=<?php echo $row1['ThirdPartyCategoryName'] . '&&msg1=' . $row1['ThirdPartyCategoryID'] . '&&ctdel=' . $row1['delete']; ?> ">Delete</a></b></td> This my db table ThirdPartyCategoryID ThirdPartyCategoryName delete 29 ecommerce NULL

    Read the article

  • I cant get a field on report from a view

    - by felipedz
    When I get a field, this work good. But, when get a field from a 'VIEW', is a problem because the code of a VIEW is: CREATE OR REPLACE VIEW tabla_clientes AS SELECT id_cliente,nombre, CONCAT('$ ',FORMAT(monto_a_favor,0), '???'), CONCAT('$ ',FORMAT(calcular_monto_por_cobrar_cliente(id_cliente),0)) FROM cliente; When I compile this. Appears errors from the name of fields. Description | Object ---------------------------------------------------------------------------- Syntax error, insert ";" to complete BlockStatements | ${CONCAT('$ ',FORMAT(monto_a_favor,0)} Syntax error on tokens, delete these tokens | ${CONCAT('$ ',FORMAT(monto_a_favor,0)} Syntax error on token ",", delete this token | ${CONCAT('$ ',FORMAT(monto_a_favor,0)} If I change the name at this field appears other error.

    Read the article

  • Magento: Add (and retrieve) custom database field for CMS pages

    - by Toby H
    I want to assign custom parameters to CMS pages in Magento (i.e. 'about', 'customer service', etc), so they can be grouped. The end goal is to use the parameters for each page to show (or hide) them in a nav menu. Writing a quick method in the page/html block to retrieve the pages (active only) for the menu was easy, but I can't figure out how to group them so that 'testimonials', 'history', and 'contact' are associated with 'about', and 'return policy', 'shipping', and 'contact' are associated with 'customer service'. Any help to point me in the right direction would be greatly appreciated. Thanks!

    Read the article

  • Does UNIQ constraint mean also an index on that field(s)?

    - by Gremo
    As title, should i defined a separate index on email column (for searching purposes) or the index is "automatically" added along with UNIQ_EMAIL_USER constraint? CREATE TABLE IF NOT EXISTS `customer` ( `id` int(11) NOT NULL AUTO_INCREMENT, `user_id` int(11) NOT NULL, `first` varchar(255) NOT NULL, `last` varchar(255) NOT NULL, `slug` varchar(255) NOT NULL, `email` varchar(255) NOT NULL, `created_at` datetime NOT NULL, `updated_at` datetime NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `UNIQ_SLUG` (`slug`), UNIQUE KEY `UNIQ_EMAIL_USER` (`email`,`user_id`), KEY `IDX_USER` (`user_id`) ) ENGINE=InnoDB;

    Read the article

  • How can i bind a Database field value to a hidden field inside a gridview

    - by Dorababu
    I use the following to bind a field from the table to a hidden field inside a gridview but i am getting the error as System.Data.DataRowView' does not contain a property with the name 'AccountType'. This is how i assigned <asp:TemplateField> <ItemTemplate> <asp:HiddenField ID="hdnAccntType" runat="Server" Value='<%#Eval("AccountType") %>' /> </ItemTemplate> </asp:TemplateField> Is it correct or i have to make any corrections

    Read the article

  • Can't use method return value in write context; Not sure where to go from here

    - by Morgan Green
    This is my source for the variable. <?php if ($admin->get_permissions()=3) echo 'Welcome to the Admin Panel'; else echo 'Sorry, You do not have access to this page'; ?> And the code that I'm actually trying to call with the if statement is: public function get_permissions() { $username = $_SESSION['admin_login']; global $db; $info = $db->get_row("SELECT `permissions` FROM `user` WHERE `username` = '" . $db->escape($username) . "'"); if(is_object($info)) return $info->permissions; else return ''; } This should be a simple way to call my pages that the user is authorized for by using an else if statement. Or So I thought

    Read the article

  • How to store coordinates in a database

    - by Tim
    Hello all! I have a Flex GUI where I have to place quadrate elements. The position of these elements need to be stored into a database. So I can create two integer fields in the db table x and y. Also I need an angle, because the user can rotate these elements, so I can also make a int (int is okay, I do not need a double value therefore). As a ORM, I use Hibernate. But the question is, if creating three integer fields is the best way to handle this. Perhaps someone can tell me if this will be okay or if there are better ways? Thanks a lot in advance & Best Regards.

    Read the article

  • I can't delete record in Codeigniter

    - by jomblo
    I'm learning CRUD in codeigniter. I have table name "posting" and the coloumns are like this (id, title, post). I successed to create a new post (both insert into database and display in the view). But I have problem when I delete my post in the front-end. Here is my code: Model Class Post_Model extends CI_Model{ function index(){ //Here is my homepage code } function delete_post($id) { $this->db->where('id', $id); $this->db->delete('posting'); } } Controller Class Post extends CI_Controller{ function delete() { $this->load->model('Post_Model'); $this->Post_Model->delete_post("id"); redirect('Post/index/', 'refresh'); } } After click "delete" in the homepage, there was nothing happens. While I'm looking into my database, my records still available. Note: (1) to delete record, I'm following the codeigniter manual / user guide, (2) I found a message error (Undefined variable: id) after hiting the "delete" button in the front-end Any help or suggestion, please

    Read the article

  • PHP: Building A Stock Index Using Yahoo Finance [on hold]

    - by Jeremy
    I have the following code which is pulling data but it is not outputting properly. <?php class YahooStock { public function getQuotes(){ $stocks = array(); $result = array(); $s = file_get_contents("http://finance.yahoo.com/d/quotes.csv?s=AMZN+CRM+CNQR+CTL+CTXS+DWRE+EMC+GOOG+HP+IBM+JIVE+LNKD+MKTO+MSFT+N+NFLX+NOW+ORCL+RAX+SAP+T+VEEV+VMW+VZ+WDAY&f=npf6&e=.csv"); $data = explode( ',', $s); $result = $data; return $result; } } $objYahooStock = new YahooStock; foreach( $objYahooStock->getQuotes() as $code => $result){ echo 'Name:' . $result[0] . '<br />'; echo 'Price:' . $result[1] . '<br />'; echo 'Float:' . $result[2] . '<br />'; } ?> The output looks like it is separating every character with a comma instead of each column: Name:" Price:A Float:m Name: Price:I Float:n Name:3 Price:3 Float:2 Name: Price: Float: Any help is appreciated!

    Read the article

  • Easy way to compute how close an auto_increment is to its maximum value?

    - by David M
    So yesterday we had a table that has an auto_increment PK for a smallint that reached its maximum. We had to alter the table on an emergency basis, which is definitely not how we like to roll. Is there an easy way to report on how close each auto_increment field that we use is to its maximum? The best way I can think of is to do a SHOW CREATE TABLE statement, parse out the size of the auto-incremented column, then compare that to the AUTO_INCREMENT value for the table. On the other hand, given that the schema doesn't change very often, should I store information about the columns' maximum values and get the current AUTO_INCREMENT with SHOW TABLE STATUS?

    Read the article

  • Using NHibernate's HQL to make a query with multiple inner joins

    - by Abu Dhabi
    The problem here consists of translating a statement written in LINQ to SQL syntax into the equivalent for NHibernate. The LINQ to SQL code looks like so: var whatevervar = from threads in context.THREADs join threadposts in context.THREADPOSTs on threads.thread_id equals threadposts.thread_id join posts1 in context.POSTs on threadposts.post_id equals posts1.post_id join users in context.USERs on posts1.user_id equals users.user_id orderby posts1.post_time where threads.thread_id == int.Parse(id) select new { threads.thread_topic, posts1.post_time, users.user_display_name, users.user_signature, users.user_avatar, posts1.post_body, posts1.post_topic }; It's essentially trying to grab a list of posts within a given forum thread. The best I've been able to come up with (with the help of the helpful users of this site) for NHibernate is: var whatevervar = session.CreateQuery("select t.Thread_topic, p.Post_time, " + "u.User_display_name, u.User_signature, " + "u.User_avatar, p.Post_body, p.Post_topic " + "from THREADPOST tp " + "inner join tp.Thread_ as t " + "inner join tp.Post_ as p " + "inner join p.User_ as u " + "where tp.Thread_ = :what") .SetParameter<THREAD>("what", threadid) .SetResultTransformer(Transformers.AliasToBean(typeof(MyDTO))) .List<MyDTO>(); But that doesn't parse well, complaining that the aliases for the joined tables are null references. MyDTO is a custom type for the output: public class MyDTO { public string thread_topic { get; set; } public DateTime post_time { get; set; } public string user_display_name { get; set; } public string user_signature { get; set; } public string user_avatar { get; set; } public string post_topic { get; set; } public string post_body { get; set; } } I'm out of ideas, and while doing this by direct SQL query is possible, I'd like to do it properly, without defeating the purpose of using an ORM. Thanks in advance! EDIT: The database looks like this: http://i41.tinypic.com/5agciu.jpg (Can't post images yet.)

    Read the article

  • How would I go about writing a conditional statement to check if visitor is coming from a particular

    - by Matthew
    Hello guys, What I have in mind is this... We are going to have people come from a particular site during a acquisition campaign and was wondering how I could conditionalize a certain section of my site to display a thank you message instead of the sign up form as they would have had the opportunity to fill this out before coming to my landing page. I have seen solutions like: $referal = mysql_real_escape_string($_SERVER['HTTP_REFERER']); I would like to know if this is the best way to get this to work??? - okay this is what i think might work. The third party website that is referring people to our landing page once the form on that site has been filled out can push into the record a hidden input value of "www.sample.com" or whatever... then I can have something check the for that particular value and fire off the conidtional. Does that even sound right?

    Read the article

  • Is it safe to modify CCK tables by hand?

    - by LanguaFlash
    I'm not intimately familiar with CCK but I have a one-time custom setup and know that I could get some performance gains if I created indexes and changed the field type and length of some of the fields in my CCK table. Is it save to modify this table at all or will I end up destroying something in the process? Thanks

    Read the article

  • How to know record has been updated successfully in php

    - by Lisa Ray
    $sql = "UPDATE...."; if(mysql_query($sql)) { $_SESSION['Trans']="COMMIT"; header("location:result.php"); exit; } else { $_SESSION['Trans']="FAIL"; $_SESSION['errors'] = "Error: Sorry! We are unable to update your Profile, Please contact to PNP HelpDesk."; header("location:result.php"); exit; }//end IF data is getting updated then why compiler is not coming inside IF condition.

    Read the article

  • PHP Code Problem...

    - by aamir Fayyaz
    function check_login($array_val) { $strQury = "Select * from tblsignup where usr_email ='".$array_val[0]."' and usr_password = '".$array_val[1]."'" ; $result = mysql_query($strQury); $row_user = mysql_fetch_array($result); if(mysql_num_rows($result)>0) { $msg = "true"; } else { $msg = "false"; } return $msg ; } The return value is Object id #1true???? what is object id#1?

    Read the article

  • Use where clause with Like in codeigniter

    - by user2524013
    I am working on a project. I am implementing the Search functionality in my System. I will have to show the search record from two tables base on the current use login. I have tried the following code: function searchActivity($limit,$offset,$keyword1,$keyword2,$recruiter_id) { $q=$this->db->select('*')->from('tbl_activity')->limit($limit,$offset); $this->db->join('tbl_job', 'tbl_job.job_id = tbl_activity.job_id_fk', 'left outer'); $this->db->order_by("activity_id", "ASC"); $this->db->like('job_title',$keyword1,'both'); $this->db->or_like('job_title',$keyword2,'both'); $this->db->or_like('activity_subject',$keyword1,'both'); $this->db->or_like('activity_subject',$keyword2,'both'); $this->db->or_like('activity_details',$keyword1,'both'); $this->db->or_like('activity_details',$keyword2,'both'); $this->db->where('tbl_activity.recruiter_id_fk',$recruiter_id); $ret['rows']=$q->get()->result(); return $ret; } I want to show search results based on the current user id, which is currently store in $recruiter. Thanks in advance.

    Read the article

  • Allow users to pull temporary data then delete table?

    - by JM4
    I don't know the best way to title this question but am trying to accomplish the following goal: When a client logs into their profile, they are presented with a link to download data from an existing database in CSV format. The process works, however, I would like for this data to be 'fresh' each time they click the link so my plan was - once a user has clicked the link and downloaded the CSV file, the database table would 'erase' all of its data and start fresh (be empty) until the next set of data populated it. My EXISTING CSV creation code: <?php $host = 'localhost'; $user = 'username'; $pass = 'password'; $db = 'database'; $table = 'tablename'; $file = 'export'; $link = mysql_connect($host, $user, $pass) or die("Can not connect." . mysql_error()); mysql_select_db($db) or die("Can not connect."); $result = mysql_query("SHOW COLUMNS FROM ".$table.""); $i = 0; if (mysql_num_rows($result) > 0) { while ($row = mysql_fetch_assoc($result)) { $csv_output .= $row['Field'].", "; $i++; } } $csv_output .= "\n"; $values = mysql_query("SELECT * FROM ".$table.""); while ($rowr = mysql_fetch_row($values)) { for ($j=0;$j<$i;$j++) { $csv_output .= '"'.$rowr[$j].'",'; } $csv_output .= "\n"; } $filename = $file."_".date("Y-m-d",time()); header("Content-type: application/vnd.ms-excel"); header("Content-disposition: csv" . date("Y-m-d") . ".csv"); header( "Content-disposition: filename=".$filename.".csv"); print $csv_output; exit; ?> any ideas?

    Read the article

  • Is it possible to integrate user databases between Drupal and an ASP&SQL Server platform?

    - by hecatomber
    We have a game project designed on ASP&SQL Server, and we need to integrate it's user database with Drupal. This would be easier from Project to Drupal (since there is user_save and user_delete functions available globally by using drupal bootstrap) but I'm not sure if we can execute PHP functions on an ASP platform. Is there any documentation for this kind of problems? What do you suggest?

    Read the article

  • LinqtoSql Pre-compile Query problem with Count() on a group by

    - by Joe Pitz
    Have a LinqtoSql query that I now want to precompile. var unorderedc = from insp in sq.Inspections where insp.TestTimeStamp > dStartTime && insp.TestTimeStamp < dEndTime && insp.Model == "EP" && insp.TestResults != "P" group insp by new { insp.TestResults, insp.FailStep } into grp select new { FailedCount = (grp.Key.TestResults == "F" ? grp.Count() : 0), CancelCount = (grp.Key.TestResults == "C" ? grp.Count() : 0), grp.Key.TestResults, grp.Key.FailStep, PercentFailed = Convert.ToDecimal(1.0 * grp.Count() / tcount * 100) }; I have created this delegate: public static readonly Funct<SQLDataDataContext, int, string, string, DateTime, DateTime, IQueryable<CalcFailedTestResult>> GetInspData = CompiledQuery.Compile((SQLDataDataContext sq, int tcount, string strModel, string strTest, DateTime dStartTime, DateTime dEndTime, IQueryable<CalcFailedTestResult> CalcFailed) => from insp in sq.Inspections where insp.TestTimeStamp > dStartTime && insp.TestTimeStamp < dEndTime && insp.Model == strModel && insp.TestResults != strTest group insp by new { insp.TestResults, insp.FailStep } into grp select new { FailedCount = (grp.Key.TestResults == "F" ? grp.Count() : 0), CancelCount = (grp.Key.TestResults == "C" ? grp.Count() : 0), grp.Key.TestResults, grp.Key.FailStep, PercentFailed = Convert.ToDecimal(1.0 * grp.Count() / tcount * 100) }); The syntax error is on the CompileQuery.Compile() statement It appears to be related to the use of the select new {} syntax. In other pre-compiled queries I have written I have had to just use the select projection by it self. In this case I need to perform the grp.count() and the immediate if logic. I have searched SO and other references but cannot find the answer.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 505 506 507 508 509 510 511 512 513 514 515 516  | Next Page >