All Questions

2783
votes
28answers
1307006 views

How can I prevent SQL injection in PHP?

If user input is inserted without modification into an SQL query, then the application becomes vulnerable to SQL injection, like in the following example: $unsafe_variable = $_POST['user_input']; m...
2027
votes
13answers
165723 views

Why shouldn't I use mysql_* functions in PHP?

What are the technical reasons for why one shouldn't use mysql_* functions? (e.g. mysql_query(), mysql_connect() or mysql_real_escape_string())? Why should I use something else even if they work on m...
811
votes
33answers
664541 views

mysql_fetch_array()/mysql_fetch_assoc()/mysql_fetch_row()/mysql_num_rows etc... expects parameter 1 to be resource

I am trying to select data from a MySQL table, but I get one of the following error messages: mysql_fetch_array() expects parameter 1 to be resource, boolean given or mysqli_fetch_array() ex...
905
votes
14answers
111793 views

UTF-8 all the way through

I'm setting up a new server, and want to support UTF-8 fully in my web application. I have tried in the past on existing servers and always seem to end up having to fall back to ISO-8859-1. Where ex...
424
votes
10answers
115796 views

When to use single quotes, double quotes, and back ticks in MySQL

I am trying to learn the best way to write queries. I also understand the importance of being consistent. Until now, I have randomly used single quotes, double quotes, and back ticks without any real ...
443
votes
5answers
174226 views

SQL injection that gets around mysql_real_escape_string()

Is there an SQL injection possibility even when using mysql_real_escape_string() function? Consider this sample situation. SQL is constructed in PHP like this: $login = mysql_real_escape_string(GetF...
67
votes
5answers
7580 views

Can I mix MySQL APIs in PHP?

I have searched the net and so far what I have seen is that you can use mysql_ and mysqli_ together meaning: <?php $con=mysqli_connect("localhost", "root" ,"" ,"mysql"); if( mysqli_connect_errno(...
48
votes
1answers
79623 views

Syntax error due to using a reserved word as a table or column name in MySQL

I'm trying to execute a simple MySQL query as below: INSERT INTO user_details (username, location, key) VALUES ('Tim', 'Florida', 42) But I'm getting the following error: You have an error in y...
210
votes
8answers
201888 views

MySQL pivot table

If I have a MySQL table looking something like this: company_name action pagecount ------------------------------- Company A PRINT 3 Company A PRINT 2 Company A PRINT 3 C...
753
votes
28answers
690996 views

SQL select only rows with max value on a column

I have this table for documents (simplified version here): +------+-------+--------------------------------------+ | id | rev | content | +------+-------+------------...

Previous Next