This question already has answers here:
How to use mysql_real_escape_string function in PHP
(6 answers)
How can I prevent SQL injection in PHP?
(27 answers)
Closed 5 years ago.
I have the following:
$did=$_GET['deptID'];
variable passed from 1st page and on 2nd page, the link is like and to get data MySQL query is:
$q= mysql_query("select DepName from dep where DepID='$did'")or die(mysql_error());
Now my question is how can I use the mysql_escape_string() function in this query?
Related
This question already has answers here:
PHP - concatenate or directly insert variables in string
(15 answers)
PHP variable interpolation vs concatenation [duplicate]
(1 answer)
How can I prevent SQL injection in PHP?
(27 answers)
Single quotes or double quotes for variable concatenation? [closed]
(10 answers)
What is the difference between single-quoted and double-quoted strings in PHP?
(7 answers)
Closed 3 years ago.
I have this code:
$sql=mysqli_query($dbc, "SELECT * FROM users WHERE user = '".$username."'");
but why so many people do this if
$query = "SELECT type FROM users WHERE user = '$username' ";
works fine too? And if we have multiple values we can just do
$query = "SELECT type FROM users WHERE user = '$username', '$pass' ";
I couldn't find any explanations on this syntax on the internet.
This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
Closed 4 years ago.
I'm trying to insert data into a mysql database, with the code below.
Problem is, my json code containing the value "R\u00f8nde" is changed to "Ru00f8nde" after I insert it into the database.
What is the best way to avoid this?
INSERT INTO jos_payplans_user(user_id, params) VALUES ('24882', '{"modtager":"Anders And","adresse":"Paradisaeblevej 111","postnr":"1234","by":"R\u00f8nde","telefon":"12345678","user_notes":""}')
In json itself avoid the slashes and insert in db
echo json_encode($value, JSON_UNESCAPED_SLASHES);
This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
Closed 4 years ago.
How can I select a row in MySQL db where the value of a column contains ' and \ ?
For example, I want to select a column that matches this types of string:
https://www.mayoclinic.org/diseases-conditions/hirschsprung\'s-disease/symptoms-causes/syc-20351556
What can I do to achieve what I want?
This should work, both characters must be escaped into the query:
SELECT * FROM `urls` WHERE text LIKE "%\\\\\'%"
This question already has answers here:
How to retrieve the last 4 characters from a mysql database field?
(4 answers)
Getting last 5 char of string with mysql query
(6 answers)
Query to select strings end with certain character
(6 answers)
Closed 5 years ago.
this is my data in the database and i'm using mysql
database image
How do I retreive number "4" from the data using sql command?
USE reverse and left
set #myfield = 1234;
select left(reverse(#myfield),1) as result;
result
4
demo here
http://rextester.com/LTBE34983
This question already has answers here:
python list in sql query as parameter [duplicate]
(16 answers)
Closed 8 years ago.
I'd like to build a query string with a variable length in where clause.
In PHP I might do this like
<?php
$vars=array('john','mike','matt');
$placeHolders=array_fill(0,sizeof($vars),'%s');
$whereClause=" name in (".join(',',$placeHolders).")";
Is there a concise Python translation of this in python
I think I'd use this to create the variable strings:
', '.join('%s' for _ in vars)
That eliminates the need to substring the result and gets you as many placeholders as you have values.