PHP/MySQL

From dbawiki
Revision as of 21:47, 23 April 2013 by Stuart (talk | contribs) (Using prepared statements to avoid SQL injection)
Jump to: navigation, search

Using prepared statements to avoid SQL injection

Using this method of writing SQL removes the necessity of attempting to clean the input with mysql_real_escape_string() 

$dbPreparedStatement = $db->prepare('INSERT INTO table (postId, htmlcontent) VALUES (:postid, :htmlcontent)');
$dbPreparedStatement->bindParam(':postid', $userId, PDO::PARAM_INT);
$dbPreparedStatement->bindParam(':htmlcontent', $yourHtmlData, PDO::PARAM_STR);
$dbPreparedStatement->execute();

Fill your boots on PDO here

CSV tables - equivalent of External tables in Oracle

Run a shell script with an html button

<?php
if ($_GET['run']) {
  # This code will run if ?run=true is set.
  exec("/path/to/name.sh");
}
?>
<!-- This link will add ?run=true to your URL, myfilename.php?run=true -->
<button type="button" onclick="?run=true">Click Me!</button>
Retrieved from "https://mailnest.com/dbawiki/index.php?title=PHP/MySQL&oldid=537"