PHP/MySQL

From dbawiki

Revision as of 10:15, 25 March 2013 by Stuart (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Contents

1 Using prepared statements to avoid SQL injection
2 CSV tables - equivalent of External tables in Oracle

Using prepared statements to avoid SQL injection

Using this method of writing SQL removes the necessity of attempting to clean the input with mysql_real_escape_string()

$dbPreparedStatement = $db->prepare('INSERT INTO table (postId, htmlcontent) VALUES (:postid, :htmlcontent)');
$dbPreparedStatement->bindParam(':postid', $userId, PDO::PARAM_INT);
$dbPreparedStatement->bindParam(':htmlcontent', $yourHtmlData, PDO::PARAM_STR);
$dbPreparedStatement->execute();

Fill your boots on PDO here

CSV tables - equivalent of External tables in Oracle

Are they enabled?

show engines;

Create a CSV table

create table csv_test (id int, value varchar(20)) engine = csv;
insert into csv_test VALUES (1, 'Record 1'), (2, 'Record 2'), (3, 'Record 3');
select * from csv_test;

What it looks like in unix

$ cat csv_test.CSV
"1","record 1"
"2","record 2"
"3","record 3"

References

Retrieved from "https://mailnest.com/dbawiki/index.php?title=PHP/MySQL&oldid=481"