All Questions

2784
votes
28answers
1286424 views

How can I prevent SQL injection in PHP?

If user input is inserted without modification into an SQL query, then the application becomes vulnerable to SQL injection, like in the following example: $unsafe_variable = $_POST['user_input']; m...
1987
votes
13answers
162929 views

Why shouldn't I use mysql_* functions in PHP?

What are the technical reasons for why one shouldn't use mysql_* functions? (e.g. mysql_query(), mysql_connect() or mysql_real_escape_string())? Why should I use something else even if they work on m...
800
votes
33answers
659149 views

mysql_fetch_array()/mysql_fetch_assoc()/mysql_fetch_row() expects parameter 1 to be resource

I am trying to select data from a MySQL table, but I get one of the following error messages: mysql_fetch_array() expects parameter 1 to be resource, boolean given or mysqli_fetch_array() ex...
884
votes
14answers
110171 views

UTF-8 all the way through

I'm setting up a new server, and want to support UTF-8 fully in my web application. I have tried in the past on existing servers and always seem to end up having to fall back to ISO-8859-1. Where ex...
414
votes
10answers
113574 views

When to use single quotes, double quotes, and backticks in MySQL

I am trying to learn the best way to write queries. I also understand the importance of being consistent. Until now, I have randomly used single quotes, double quotes, and backticks without any real t...
427
votes
4answers
172055 views

SQL injection that gets around mysql_real_escape_string()

Is there an SQL injection possibility even when using mysql_real_escape_string() function? Consider this sample situation. SQL is constructed in PHP like this: $login = mysql_real_escape_string(GetF...
65
votes
5answers
7357 views

Can I mix MySQL APIs in PHP?

I have searched the net and so far what I have seen is that you can use mysql_ and mysqli_ together meaning: <?php $con=mysqli_connect("localhost", "root" ,"" ,"mysql"); if( mysqli_connect_errno(...
48
votes
1answers
77585 views

Syntax error due to using a reserved word as a table or column name in MySQL

I'm trying to execute a simple MySQL query as below: INSERT INTO user_details (username, location, key) VALUES ('Tim', 'Florida', 42) But I'm getting the following error: You have an error in y...
206
votes
8answers
197248 views

MySQL pivot table

If I have a MySQL table looking something like this: company_name action pagecount ------------------------------- Company A PRINT 3 Company A PRINT 2 Company A PRINT 3 C...
726
votes
27answers
674341 views

SQL select only rows with max value on a column

I have this table for documents (simplified version here): +------+-------+--------------------------------------+ | id | rev | content | +------+-------+------------...

Previous Next