Category: Practical MySQL

Practical MySQL

Debugging prepared statements in php

Debugging prepared statements in php

Prepared statements in PHP sometimes reports a block error which is hard to debug. So for debugging prepared statements we use MYSQLI_REPORT_ALL in conjunction with MySql drivers to get a full detailed message. For...

Prepared statements in php

Prepared statements in php

Many of the more mature databases support the concept of prepared statements. They have following advantages : 1) The query only needs to be parsed (or prepared) once, but can be executed multiple times...

Preventing HTML Injection

Preventing HTML Injection

There’s another type of injection you need to concern yourself about—not for the safety of your own websites, but for your users’ privacy and protection. That’s Cross Site Scripting, also referred to as XSS....

Using placeholders

Using placeholders

Another way—this one virtually bulletproof—to prevent SQL injections is to use a feature called placeholders. The idea is to predefine a query using ? characters where the data will appear. Then, instead of calling...

Preventing SQL Injection

Preventing SQL Injection

It may be hard to understand just how dangerous it is to pass user input unchecked to MySQL. For example, suppose you have a simple piece of code to verify a user, and it...

Using AUTO_INCREMENT

Using AUTO_INCREMENT

When using AUTO_INCREMENT, you cannot know what value has been given to a column before a row is inserted. Instead, if you need to know it, you must ask MySQL afterward using the mysql_insert_id...

Updating Data

Updating Data

Changing data that you have already inserted is also quite simple. Consider the following example

Retrieving Data

Retrieving Data

Now that some data has been entered into the cats table, following example shows how you can check that it was correctly inserted.

Adding Data

Adding Data

Let’s add some data to the table using the code in following example. You may wish to add a couple more items of data by modifying $query as follows and calling the program up...