Difference between revisions of "PHP/MySQL"
From dbawiki
| Line 10: | Line 10: | ||
Fill your boots on PDO [http://be2.php.net/book.pdo here] | Fill your boots on PDO [http://be2.php.net/book.pdo here] | ||
| − | + | [[CSV tables - equivalent of External tables in Oracle]] | |
====Are they enabled?==== | ====Are they enabled?==== | ||
<pre> | <pre> | ||
Revision as of 10:16, 25 March 2013
Contents
Using prepared statements to avoid SQL injection
Using this method of writing SQL removes the necessity of attempting to clean the input with mysql_real_escape_string()
$dbPreparedStatement = $db->prepare('INSERT INTO table (postId, htmlcontent) VALUES (:postid, :htmlcontent)');
$dbPreparedStatement->bindParam(':postid', $userId, PDO::PARAM_INT);
$dbPreparedStatement->bindParam(':htmlcontent', $yourHtmlData, PDO::PARAM_STR);
$dbPreparedStatement->execute();
Fill your boots on PDO here
CSV tables - equivalent of External tables in Oracle
Are they enabled?
show engines;
Create a CSV table
create table csv_test (id int, value varchar(20)) engine = csv; insert into csv_test VALUES (1, 'Record 1'), (2, 'Record 2'), (3, 'Record 3'); select * from csv_test;
What it looks like in unix
$ cat csv_test.CSV "1","record 1" "2","record 2" "3","record 3"
