Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 9 years ago.
Improve this question
What is the equivalent of the below in SQL?
PHP function for MySQL:
mysqli_real_escape_string($POST['password']);
Escaping is done to prepare a SQL statement correctly. There is no equivalent in MySQL because by the time it hits that layer it should have been escaped in the first place.
Using mysqli_real_escape_string is also a sign you're doing something incorrectly as you should be using the bind_param method instead of this kind of super low-level call.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
It is observed that SQL statements can be executed using methods pg_query(), pg_prepare(), pg_query_params(), pg_execute().
Please guide me when to use which method.
When you need to execute a single database operation with manually escaped/prepared variables or just literals and get returned values: pg_query, when you want a reusable statement which is executed often with different variables' values + optimized by the driver go for pg_prepare together with pg_execute (pg_execute runs the query prepared by pg_prepare with actual variables' values), to execute and return values of a single query with variables escaped/prepared by the driver you have pg_query_params
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 4 years ago.
Improve this question
i have send one extra colum but my table has 7 elements why my sql want 1 extra?? as u can see i have send $na 2 times
$sqlQ="insert into users values ('".$na."','".$na."','".$num."','".$gender."','".$user."','".$email."','".$pass."')";
$result= mysqli_query($mysqli,$sqlQ);
actually this is not good practice to insert the value in the database.
i recommend always use something like this.
$sqlQ="insert into users (tableField,tableField1) values ('$value','$value1')";
Note:never put auto increment field name OR value in the query.and always use prepared statements to avoid sql injection attack.given code is also vulnerable.if you do not know about prepared statement raise question or google it.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
but i have this project for school,
i need to make a blog with a database connection.
I have one using mysqli but we are only allowed to use PDO, and in don't know how i can convert it in to PDO can someone help me?
A good link for you : Migrate from mysql extension to pdo
And take the time to read the PDO manual here : http://php.net/manual/fr/book.pdo.php
Sorry but, I cant give you more specific information if you dont share us the code that gives you trouble.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 years ago.
Improve this question
I am using Eloquent for my new PHP project. But at some point I needed to run some raw sql queries. How can I set up eloquent so that I can run raw sql too ?
User::select(DB::raw('name as full_name'))->get();
I have use DB::raw to setup the select query. There are many possible ways here. Make sure raw code does not break with ORM changes like changing table etc.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
The problem is that I must catch situation when some variable (and I don't know it's name, that is I don't know where this value first arises) matches some record in database. The way I think it could be done is to run after each statement an external code against array of local and remote variables. In that external code would be a simple foreach loop and db query, the script would then output line number where given situation happened.
Is this possible with xdebug ?
There is a function for that, http://php.net/manual/en/function.register-tick-function.php more documentation on ticks is http://www.php.net/manual/en/control-structures.declare.php here.