PHP/MySQL

From dbawiki
Revision as of 15:30, 8 March 2014 by Stuart (talk | contribs)
Jump to: navigation, search

Excellent tutorial on Object Orientated PHP

www.killerphp.com

Using prepared statements to avoid SQL injection

Using this method of writing SQL removes the necessity of attempting to clean the input with mysql_real_escape_string() 

$dbPreparedStatement = $db->prepare('INSERT INTO table (postId, htmlcontent) VALUES (:postid, :htmlcontent)');
$dbPreparedStatement->bindParam(':postid', $userId, PDO::PARAM_INT);
$dbPreparedStatement->bindParam(':htmlcontent', $yourHtmlData, PDO::PARAM_STR);
$dbPreparedStatement->execute();

Fill your boots on PDO here

CSV tables - equivalent of External tables in Oracle

Run a shell script with an html button

<?php
if ($_GET['run']) {
  # This code will run if ?run=true is set.
  exec("/path/to/name.sh");
}
?>
<!-- This link will add ?run=true to your URL, myfilename.php?run=true -->
<button type="button" onclick="?run=true">Click Me!</button>
Retrieved from "https://mailnest.com/dbawiki/index.php?title=PHP/MySQL&oldid=1094"