All Questions

2784
votes
28answers
1286423 views

How can I prevent SQL injection in PHP?

If user input is inserted without modification into an SQL query, then the application becomes vulnerable to SQL injection, like in the following example: $unsafe_variable = $_POST['user_input']; m...
414
votes
10answers
113574 views

When to use single quotes, double quotes, and backticks in MySQL

I am trying to learn the best way to write queries. I also understand the importance of being consistent. Until now, I have randomly used single quotes, double quotes, and backticks without any real t...
427
votes
4answers
172055 views

SQL injection that gets around mysql_real_escape_string()

Is there an SQL injection possibility even when using mysql_real_escape_string() function? Consider this sample situation. SQL is constructed in PHP like this: $login = mysql_real_escape_string(GetF...
65
votes
2answers
3358 views

Cleansing User Passwords

How should I escape or cleanse user-provided passwords before I hash them and store them in my database? When PHP developers consider hashing users' passwords for security purposes, they often tend t...
726
votes
27answers
674339 views

SQL select only rows with max value on a column

I have this table for documents (simplified version here): +------+-------+--------------------------------------+ | id | rev | content | +------+-------+------------...
766
votes
9answers
590835 views

Select first row in each GROUP BY group?

As the title suggests, I'd like to select the first row of each set of rows grouped with a GROUP BY. Specifically, if I've got a purchases table that looks like this: SELECT * FROM purchases; i...
1327
votes
39answers
1606198 views

Concatenate many rows into a single text string?

Consider a database table holding names, with three rows: Peter Paul Mary Is there an easy way to turn this into a single string of Peter, Paul, Mary?
900
votes
38answers
281464 views

Parameterize an SQL IN clause

How do I parameterize a query containing an IN clause with a variable number of arguments, like this one? SELECT * FROM Tags WHERE Name IN ('ruby','rails','scruffy','rubyonrails') ORDER BY Count DES...
613
votes
18answers
360759 views

Retrieving the last record in each group

There is a table messages that contains data as shown below: Id Name Other_Columns ------------------------- 1 A A_data_1 2 A A_data_2 3 A A_data_3 4 B B_data_...
121
votes
6answers
113064 views

SQL Server dynamic PIVOT query?

I've been tasked with coming up with a means of translating the following data: date category amount 1/1/2012 ABC 1000.00 2/1/2012 DEF 500.00 2/1/2012 G...

Previous Next