Hi all, I've been doing some reading on mysqli_real_escape_string(), and, after getting my content properly escaped, I'm having some trouble getting to display properly when I pull it out again. Here's the code I have: function update_section_content() { $name = mysqli_real_escape_string($this->conn, $_POST['name']); $text = m...
Hi all, This one's been puzzling me for a bit; hope folks can offer some suggestions! I'm uploading some video details and a thumbnail image to a database using prepared statements. When I do the upload, everything appears to work perfectly -- no SQLi errors or anything -- yet, when I look at the database, I notice that my image_conte...
Firstly hello as my first question. Looking for guidance rather than coding fix. The final flicker of Informix 4gl contracting extingiushed for me in 2004. To cut a long story short I am looking to code again by creating a website. I will be using PHP v5 and MySQL. Spent about a year (in spare time) doing all data analysis and DB desig...
Hi all, I apologize if this is a dense question, but I'm having a bit of trouble using MYSQL LOAD_FILE() in conjunction with prepared statements in order to upload an image BLOB. As a result, I'm having to resort to using to separate queries, one to prepare a statement for details, and another, which doesn't prepare the statement to ins...
Hello! I have 3 tables (actors, categories, actor_cats) in my db. I'm using a form to insert new info in the database (mysql). Most of the information goes into the actors table. But in a label "categories", i have a checkbox input type, with 3 fields that i get from the categories table [action (id1), comedy(id2), drama(id3)]. I want ...
Hi, I'm recently changing to mysqli and while performing an update on a script, i couldn't manage to use the same SELECT information as i did before. How can I bind_results from a Left Join between 3 tables? This is the script: "SELECT actor.id, actor.name, actor.gender, thumbs.id, thumbs.filename, thumbs.actorid FROM actors, thum...
I am making an all in one registration / login script, which will first display the registration form if $_POST is not set. If it is, but the required fields are not filled, it redirects to the page again, re-setting $_POST. If all the fields are filled in, then if the name of the submit button $_POST["login"] is set, the form confirms t...
The Problem So I'm writing my web based application and it dawns on me "Durr, your stuff is wide open to SQL injection and whatnot! Rewrite db class!" I'm currently re-writing my $db class and I am having a significant amount of trouble understanding how I'm supposed to implement prepared statements. Previously... I used to use somet...
The following code; //... connect to mysqli database $xyz = array(); $xyz[] = new Object(); $xyz[] = new Object(); apc_store("xyz", new ArrayObject(xyz), 600); $xyz = apc_fetch("xyz"); mysqli_close($link); causes mysqli_close to throw; Error Type: mysqli_close() [function.mysqli-close]: Couldn't fetch mysqli (WARNING) I need to sto...
I have problem with mysql_num_rows() function. I've checked query (it has proper syntax and I'm getting the result in sql) and connection to database and everything seems to be able to work. // some code here, connecting to database and working query to db $query = "SELECT ff_client.email FROM ff_order, ff_client WHERE ff_order.id = '$o...
I have the following code for inserting new row into the database: $query = "INSERT INTO files_requests VALUES (NULL, ?, ?, ?, ?, ?, ?, {$userinfo['id']}, 0, ". time() .", 0)"; $stmt = $mysqli->prepare($query); $stmt->bind_param('isssss', $listID, $files, $filesize, $audio, $subtitles, $fansub); $stmt->execute(); Is there ...
Hello. I have been trying to make OOP PHP5 code. But I think my attempts are clumsy. These are my questions: Is their a better, more leaner way to include database config information? Can I somehow get around having to declare $db = new Db() in every function I make? Should I use PEAR as database abstraction layer instead of Mysqli_da...
New to this new and secure way of handling SQL's in PHP and MySql driven web based application, to secure the code from SQL injections. I am planning to start using mysqli with PDO. Can anyone please outline how should i get started and proceed. Any reference to any article will also be helpful. Thanks in advance. ...
I'll cut right to the chase. All I can achieve at this point with this class is a database connection. I am unable to make a query. Can you show me exactly how to get this working and/or show me how to recode it in a better way. <?php class database{ public $dbHost = ''; public $dbUser = ''; public $dbPass = ''; public $dbName = ''; p...
Hi! I'm trying to run the following query, and I'm having trouble with the wildcard. function getStudents() { global $db; $users = array(); $query = $db->prepare("SELECT id, adminRights FROM users WHERE classes LIKE ? && adminRights='student'"); $query->bind_param('s', '%' . $this->className . '%'); $query->...
I have scoured the web for a good example but I can't find anything. I am trying to extend the mysqli class to make a helper class that will abstract away some of the complexities. One of the main things I want to accomplish is to make use of prepared statements. I don't really know where to start, or how to handle input and output p...
Based on this code below I use for regular mysql, how could I convert it to use mysqli? Is it as simple as changing **mysql _query($sql); to mysqli _query($sql); ?** <?PHP //in my header file that is included on every page I have this $DB["dbName"] = "emails"; $DB["host"] = "localhost"; $DB["user"] = "root"; $DB["pass"] = ""; $link = ...
I know how to use INDEX as in the following code. And I know how to use foreign key and primary key. CREATE TABLE tasks ( task_id INT UNSIGNED NOT NULL AUTO_INCREMENT, parent_id INT UNSIGNED NOT NULL DEFAULT 0, task VARCHAR(100) NOT NULL, date_added TIMESTAMP NOT NULL, date_completed TIMESTAMP, PRIMARY KEY (task_id), INDEX parent...
If I am using Zend_Db classes to abstract my queries from the backend database, does it make a difference which mysql driver I use, pdo_mysql vs. mysqli? My understanding of pdo_mysql is it is also to provide abstraction, so I'm assuming that if I am using Zend_Db, then I would not be taking advantage of the extra features as part of mys...
Is there any way to get the actual SQL that is the result of preparing a statement when using the mysqli extension? My problem: I am using prepared statements. In all cases, they SHOULD update a record. I am not catching any errors. However, when I check for affected rows, there are none. So, I want to see the actual SQL that woul...