Difference between revisions of "PHP/MySQL"
From dbawiki
(→Using prepared statements to avoid SQL injection) |
|||
| Line 1: | Line 1: | ||
| + | ===Excellent tutorial on Object Orientated PHP=== | ||
| + | [http://www.killerphp.com/tutorials/object-oriented-php/ www.killerphp.com] | ||
===Using prepared statements to avoid SQL injection=== | ===Using prepared statements to avoid SQL injection=== | ||
Using this method of writing SQL removes the necessity of attempting to clean the input with mysql_real_escape_string() | Using this method of writing SQL removes the necessity of attempting to clean the input with mysql_real_escape_string() | ||
Revision as of 15:30, 8 March 2014
Excellent tutorial on Object Orientated PHP
Using prepared statements to avoid SQL injection
Using this method of writing SQL removes the necessity of attempting to clean the input with mysql_real_escape_string()
$dbPreparedStatement = $db->prepare('INSERT INTO table (postId, htmlcontent) VALUES (:postid, :htmlcontent)');
$dbPreparedStatement->bindParam(':postid', $userId, PDO::PARAM_INT);
$dbPreparedStatement->bindParam(':htmlcontent', $yourHtmlData, PDO::PARAM_STR);
$dbPreparedStatement->execute();
Fill your boots on PDO here
CSV tables - equivalent of External tables in Oracle
Run a shell script with an html button
<?php
if ($_GET['run']) {
# This code will run if ?run=true is set.
exec("/path/to/name.sh");
}
?>
<!-- This link will add ?run=true to your URL, myfilename.php?run=true -->
<button type="button" onclick="?run=true">Click Me!</button>
