Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
It is observed that SQL statements can be executed using methods pg_query(), pg_prepare(), pg_query_params(), pg_execute().
Please guide me when to use which method.
When you need to execute a single database operation with manually escaped/prepared variables or just literals and get returned values: pg_query, when you want a reusable statement which is executed often with different variables' values + optimized by the driver go for pg_prepare together with pg_execute (pg_execute runs the query prepared by pg_prepare with actual variables' values), to execute and return values of a single query with variables escaped/prepared by the driver you have pg_query_params
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
In order to find websites with potential sql injections, it is possible to use google dorks like "inurl:.php?id="
From the results that google will give, does it mean all the websites listed use sql database (mysql, oracle or any other)?
As it is a backend call, we can't exactly say, that it related to a Database as well. The reason is that while captured based on $_GET['id'], the returning value can be decided only upon the backend, solely based on PHP. So SQL connection is not essentially needed in that purpose.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 4 years ago.
Improve this question
i have send one extra colum but my table has 7 elements why my sql want 1 extra?? as u can see i have send $na 2 times
$sqlQ="insert into users values ('".$na."','".$na."','".$num."','".$gender."','".$user."','".$email."','".$pass."')";
$result= mysqli_query($mysqli,$sqlQ);
actually this is not good practice to insert the value in the database.
i recommend always use something like this.
$sqlQ="insert into users (tableField,tableField1) values ('$value','$value1')";
Note:never put auto increment field name OR value in the query.and always use prepared statements to avoid sql injection attack.given code is also vulnerable.if you do not know about prepared statement raise question or google it.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
It's possible create code can delete data in table after specific time given from user using php and pdo or something similar and how i do it?
public function delete_time($thedata,$time){
}
Your question is a bit vague and so my answer must be vague as well, but I believe you can do what you want using the Event Scheduler. You can create a SQL statement to schedule a query (such as a DELETE) to run once or repeatedly at a future time:
CREATE EVENT future_delete
ON SCHEDULE AT <timestamp>
DO CALL my_delete_procedure(<param1>, <param2>);
I should imagine you could wrap this in a stored procedure that you could then invoke from php, passing bound values for <timestamp>, <param1>, <param2> &c.
Hope that's of some use to you.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 years ago.
Improve this question
I am using Eloquent for my new PHP project. But at some point I needed to run some raw sql queries. How can I set up eloquent so that I can run raw sql too ?
User::select(DB::raw('name as full_name'))->get();
I have use DB::raw to setup the select query. There are many possible ways here. Make sure raw code does not break with ORM changes like changing table etc.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 9 years ago.
Improve this question
What is the equivalent of the below in SQL?
PHP function for MySQL:
mysqli_real_escape_string($POST['password']);
Escaping is done to prepare a SQL statement correctly. There is no equivalent in MySQL because by the time it hits that layer it should have been escaped in the first place.
Using mysqli_real_escape_string is also a sign you're doing something incorrectly as you should be using the bind_param method instead of this kind of super low-level call.