Search Results

Search found 36111 results on 1445 pages for 'mysql update'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 488/1445 | < Previous Page | 484 485 486 487 488 489 490 491 492 493 494 495  | Next Page >

  • How can I secure my $_GETs in PHP?

    - by ggfan
    My profile.php displays all the user's postings,comments,pictures. If the user wants to delete, it sends the posting's id to the remove.php so it's like remove.php?action=removeposting&posting_id=2. If they want to remove a picture, it's remove.php?action=removepicture&picture_id=1. Using the get data, I do a query to the database to display the info they want to delete and if they want to delete it, they click "yes". So the data is deleted via $POST NOT $GET to prevent cross-site request forgery. My question is how do I make sure the GETs are not some javascript code, sql injection that will mess me up. here is my remove.php //how do I make $action safe? //should I use mysqli_real_escape_string? //use strip_tags()? $action=trim($_GET['action']); if (($action != 'removeposting') && ($action != 'removefriend') && ($action != 'removecomment')) { echo "please don't change the action. go back and refresh"; header("Location: index.php"); exit(); } if ($action == 'removeposting') { //get the info and display it in a form. if user clicks "yes", deletes } if ($action =='removepicture') { //remove pic } I know I can't be 100% safe, but what are some common defenses I can use. EDIT Do this to prevent xss $action=trim($_GET['action']); htmlspecialchars(strip_tags($action)); Then when I am 'recalling' the data back via POST, I would use $posting_id = mysqli_real_escape_string($dbc, trim($_POST['posting_id']));

    Read the article

  • reterview data from two tables using inner join in cakephp

    - by user3593884
    I two tables from database one as user(id,first_name,last_name) and the second table location(id,country). I need to perform inner join with this two tables and the list should display first_name,last_name,country with condition user.id=location.id I have written sql queries in cakephp $this->set('users',$this->User->find('list', array( 'fields' => array('User.id', 'User.first_name','location.country'), array('joins' => array(array('table' => 'location', 'alias' => 'location', 'type' => 'INNER', 'conditions' => array('User.id = location.id'))))))); i get error -Unknown column 'location.country' in 'field list' Please help!

    Read the article

  • PHP mysql_fetch does not return values

    - by Petr
    Hi, Being quite new with PHP, I cannot find any solution why this does not work. The query is OK and the resource is returned. But I dunno why fetch_assoc does not print values. Thanks $query=sprintf("SELECT ID,NAME FROM USERS WHERE PASS='%s' AND NAME='%s'",mysql_real_escape_string($p),mysql_real_escape_string($n)); $result=mysql_query($query); if ($result) { while ($row = mysql_fetch_assoc($result)) { echo $row['ID']; echo $row['NAME']; } } }

    Read the article

  • Writing an installer using codigniter

    - by RobertWHurst
    I'm just about finished my first release of automailer, a program I've been working on for a while now. I've just got to finish writing the installer. Its job is to rewrite the codigniter configs from templates. I've got the read/write stuff working, but I'd like to be able to test the server credentials given by the user without codingiter throwing a system error if they're wrong. Is there a function other than mysql_connect that I can use to test a connection that will return true or false and won't make codeigniter have a fit?

    Read the article

  • How could I compare these database values in PHP?

    - by Dan
    So a user selects from a drop down list a value. I take this value, put it into a variable, then select from the database the ID value of that table A holding the selected value also. So now I'm trying to use that ID value to get to a many-to-many relationship table that has the selected value from table A to a different table B. The many-to-many relationship table has both IDs. How can I compare this using PHP? So it would be like: $A = $_POST['a']; $sql = "SELECT a, aID from TABLEA WHERE a = $A"; What do I do then to compare the aID with the many-to-many relationships table, then get the other ID in that table and then take that ID to get values from table B?

    Read the article

  • How to write this loop prettier?

    - by Tom
    I've just read this topic http://stackoverflow.com/questions/2930533/highlight-search-keywords-on-hover and actually I use pretty the same structure, but it looks awful. So can you give me an advice, how to write this loop prettier in one php file, I mean php and html at the same time? <table class="result"> <?php while ($row= mysql_fetch_array($result, MYSQL_ASSOC)) { $cQuote = highlightWords(htmlspecialchars($row['cQuotes']), $search_result); ?> <tr> <td style="text-align:right; font-size:15px;"><?php h($row['cArabic']); ?></td> <td style="font-size:16px;"><?php echo $cQuote; ?></td> <td style="font-size:12px;"><?php h($row['vAuthor']); ?></td> <td style="font-size:12px; font-style:italic; text-align:right;"><?php h($row['vReference']); ?></td> </tr> <?php } ?>

    Read the article

  • searching array of words faster

    - by Martijn
    hi eveybody i want to look how much an array comes in a database. Its pretty slow and i want to know if there's a way of searching like multiple words or an whole array without a for loop.. i'm struggeling for a while now. here's my code $dateBegin = "2010-12-07 15:54:24.0"; $dateEnd = "2010-12-30 18:19:52.0"; $textPerson = " text text text text text text text text text text text text text text "; $textPersonExplode = explode(" ", $textPerson ); $db = dbConnect(); for ( $counter = 0;$counter <= sizeof($textPersonExplode)-1 ; $counter++) { $query = "SELECT count(word) FROM `news_google_split` WHERE `word` LIKE '$textPersonExplode[$counter]' AND `date` >= '$dateBegin' AND `date` <= '$dateEnd'"; $result = mysql_query($query) or die(mysql_error()); while($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $word[] = $textPersonExplode[$counter]; $count[] = $row[0]; } if (!$result) { die('Invalid query: ' . mysql_error()); } } thanks for the help.

    Read the article

  • I need help with a SQL query. Fetching an entry, it's most recent revision and it's fields.

    - by Tigger ate my dad
    Hi there, I'm building a CMS for my own needs, and finished planning my database layout. Basically I am abstracting all possible data-models into "sections" and all entries into one table. The final layout is as follows: Database diagram: I have yet to be allowed to post images, so here is a link to a diagram of my database. Entries (section_entries) are children of their section (sections). I save all edits to the entries in a new revision (section_entries_revisions), and also track revisions on the sections (section_revisions), in order to match the values of a revision, to the fields of the section that existed when the entry-revision was made. The section-revisions can have a number of fields (section_revision_fields) that define the attributes of entries in the section. There is a many-to-many relationship between the fields (section_revision_fields) and the entry-revisions (section_entry_revisions), that stores the values of the attributes defined by the section revision. Feel free to ask questions if the diagram is confusing. Now, this is the most complex SQL I've ever worked with, and the task of fetching my data is a little daunting. Basically what i want help with, is fetching an entry, when the only known variables are; section_id, section_entry_id. The query should fetch the most recent revision of that entry, and the section_revision model corresponding to section_revision_id in the section_entry_revisions table. It should also fetch the values of the fields in the section-revision. I was hoping for a query result, where there would be as many rows as fields in the section. Each row would contain the information of the entry and the section, and then information for one of the fields (e.g. each row corresponding to a field and it's value). I tried to explain the best I could. Again, feel free to ask questions if my description somehow lacking. I hope someone is up for the challenge. Best regards. :-)

    Read the article

  • custom function is not getting called

    - by nectar
    here my code - $child1 = create_childid()."01"; $sqltree = "INSERT INTO tbltree (`userId`, `level`, `superId`, `rootId`, `childcount`) VALUES ('$child1', '1', '$newid', '$myroot', '0');"; mysql_query($sqltree); echo $newid; update_level(); $child2 = create_childid()."02"; $sqltree = "INSERT INTO tbltree (`userId`, `level`, `superId`, `rootId`, `childcount`) VALUES ('$child2', '1', '$newid', '$myroot', '0');"; mysql_query($sqltree); update_level(); $child3 = create_childid()."03"; $sqltree = "INSERT INTO tbltree (`userId`, `level`, `superId`, `rootId`, `childcount`) VALUES ('$child3', '1', '$newid', '$myroot', '0');"; mysql_query($sqltree); update_level(); $child4 = create_childid()."04"; $sqltree = "INSERT INTO tbltree (`userId`, `level`, `superId`, `rootId`, `childcount`) VALUES ('$child4', '1', '$newid', '$myroot', '0');"; mysql_query($sqltree); update_level(); $child5 = create_childid()."05"; $sqltree = "INSERT INTO tbltree (`userId`, `level`, `superId`, `rootId`, `childcount`) VALUES ('$child5', '1', '$newid', '$myroot', '0');"; mysql_query($sqltree); update_level(); ERROR : update_level(); is executing only once why??

    Read the article

  • Prioritize SQL WHERE clause

    - by JaTochNietDan
    Basically I want to do this: SELECT * FROM `table` WHERE x = 'hello' OR x = 'bye' LIMIT 1'; I want it to return 1 value, but to prioritize results from the 1st where clause. So if there exists a row where column x's value is "hello", it will not return the result from the 'bye' value. If the "hello" value doesn't exist though, it will return the result from the 'bye' value. Can't figure out a way to do it even though it seems fairly trivial. Any ideas?

    Read the article

  • Why is it inserting 0's instead of blank spaces into my DB using php?

    - by zeckdude
    I have an insert: $sql = 'INSERT into orders SET fax_int_prefix = "'.$_SESSION['fax_int_prefix'].'", fax_prefix = "'.$_SESSION['fax_prefix'].'", fax_first = "'.$_SESSION['fax_first'].'", fax_last = "'.$_SESSION['fax_last']; The value of all of these fields is that they are blank right before the insert. Here is an example of one of them I echo'd out just before the insert: $_SESSION[fax_prefix] = For some reason it inserts the integer 0, instead of a blank value or null, as it should. Why is it inserting 0's instead of blank spaces into my DB?

    Read the article

  • Creating a multi-row "table" as part of a SELECT

    - by Chad Birch
    I'm not really sure how to describe my question (thus the awful title), but it's related to this recent question. The problem would be easily solved if there was some way for me to create a "table" with 4 rows as part of my SELECT (to use with NOT IN or MINUS). What I mean is, I can do this: SELECT 1, 2, 3, 4; And will receive one row from the database: | 1 | 2 | 3 | 4 | But is there any way to receive the following (without using UNION, I don't really want a query that's potentially thousands of lines long with a long list)? | 1 | | 2 | | 3 | | 4 |

    Read the article

  • What would be the Better db design for the old db structure?

    - by yawok
    i've a old database where i store the data of the holidays and dates in which they are celebrated.. id country hdate description link 1 Afghanistan 2008-01-19 Ashura ashura 2 Albania 2008-01-01 New Year Day new-year the flaws in the above structure is that, i repeat the data other than date for every festival and every year and every country.. For example, I store a new date for 2009 for ashura and afghanistan .. I tried to limit the redundancy and split the tables as countries (id,name) holidays (id, holiday, celebrated_by, link) // celebrated_by will store the id's of countries separated by ',' holiday_dates (holiday_id, date, year) // date will the full date and year will be as 2008 or 2009 Now i have some problems with the structure too.. consider that i store the holiday like Independence day , its common for more countries but will have different dates. so how to handle this and and the link will have to be different too.. And i need to list the countries which celebrates the same holiday and also when i describe about a single holiday i need to list all the other holidays that country would be celebrating.. And the most of all , i already have huge amount of data in the old tables and i need to split it to the new one once the new design is finalized... Any ideas?

    Read the article

  • Convert tax like IRS function to SQL

    - by CrashRoX
    Trying to convert this tax-like IRS function http://stackoverflow.com/questions/1817920/calculating-revenue-share-at-different-tiers to SQL. The assumption is the table would be one column (price) and the tiers will be added dynamically. My first attempt has some case statements that didn't work out well. I have since scrapped it :) Thanks for the help!

    Read the article

  • 2 table SQL Query weird results

    - by javArc
    Ok this is driving me nuts, I need to write an SQL query that will grab product information from 2 tables. The first table 'products' contains the productId, productname, quantityperunit and unitprice. Now I can search by productname and categoryname individually, but when I try to combine the 2 I get crazy results, Here's the query: "SELECT DISTINCT productId, productname, quantityperunit, unitprice FROM products pr, categories ca WHERE pr.categoryID = ca.categoryID AND ProductName LIKE '%" + searchTerm + "%' OR CategoryName LIKE '%" + searchTerm + "%' excuse the java style in there, here it is formatted better: SELECT DISTINCT productId, productname, quantityperunit, unitprice FROM products pr, categories ca WHERE pr.categoryID = ca.categoryID AND ProductName LIKE 'Tofu' OR CategoryName LIKE 'Tofu' any help would be appreciated.

    Read the article

  • How can I select the required records?

    - by simple
    Tables: Product: [id, name, brand_id, is_published] Brand: [id, name, is_published] Awards: [id, name] ProductAwards [product_id, award_id] How do I select the list of PUBLISHED brands along with the number of AWARDS of brand's products that are Published. I am cool with all the part except issuing the "is_published" restriction when counting Awards. I hope this is clear; can anyone just suggest where to dig?

    Read the article

  • PHP: reusing database class

    - by citricsquid
    Hi, I built a class that allows me to do: $db->query($query); and it works perfectly, although if I want to do: $db->query($query); while($row = $db->fetch_assoc()){ $db->query($anotherquery); echo $db->result(); } it "breaks" the class. I don't want to constantly have to redeclare my class (eg: $seconddb = new database()), is there a way to get around this? I want to be able to reuse $db within $db, without overwriting the "outside" db. currently I'm create an array of data (from db-fetch_assoc() then doing a foreach and then doing the db call inside that: $db->query('SELECT * FROM table'); while($row = $db->fetch_assoc()){ $arr[] = $row; } foreach($arr as $a){ $db->query(); // query and processing here } Is this the best method or am I missing the obvious? Should I consider passing a connection link ID with the database connection?

    Read the article

  • Help with sql query

    - by user225269
    I have two tables: subject and student. I'm trying to count the number of subjects enrolled by each student. How do I do that?I'm trying the code below but it doesn't give the answer I need. Please help. SELECT COUNT( subject.SUBJECT ) , student.IDNO, student.FIRSTNAME, subject.SUBJECT FROM student, subject GROUP BY subject.SUBJECT LIMIT 0 , 30

    Read the article

  • how can I check data has been inserted successfully

    - by Piyush
    I have two insert statements.Second one will be executed only after successful execution of First one.What I wd like to do is- $sqlone="Insert into ....."; $sqltwo="Insert into....."; If(mysql_query($sqlone)) { If(mysql_query($sqltwo)) { show message Data inserted in both tables. } }

    Read the article

  • Update paths of already-created Paperclip attachments

    - by Horace Loeb
    I used to have this buggy Paperclip config: class Photo < ActiveRecord::Base has_attached_file :image, :storage => :s3, :styles => { :medium => "600x600>", :small => "320x320>", :thumb => "100x100#" }, :s3_credentials => "#{RAILS_ROOT}/config/s3.yml", :path => "/:style/:filename" end This is buggy because two images cannot have the same size and filename. To fix this, I changed the config to: class Photo < ActiveRecord::Base has_attached_file :image, :storage => :s3, :styles => { :medium => "600x600>", :small => "320x320>", :thumb => "100x100#" }, :s3_credentials => "#{RAILS_ROOT}/config/s3.yml", :path => "/:style/:id_:filename" end Unfortunately this breaks all URLs to attachments I've already created. How can I update those file paths or otherwise get the URLs to work?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 484 485 486 487 488 489 490 491 492 493 494 495  | Next Page >