Difference between revisions of "PHP/MySQL"
From dbawiki
(→Using prepared statements to avoid SQL injection) |
|||
| Line 9: | Line 9: | ||
Fill your boots on PDO [http://be2.php.net/book.pdo here] | Fill your boots on PDO [http://be2.php.net/book.pdo here] | ||
| + | |||
| + | ===CSV tables - equivalent of External tables in Oracle=== | ||
| + | ====Are they enabled?==== | ||
| + | <pre> | ||
| + | show engines; | ||
| + | </pre> | ||
| + | ====Create a CSV table==== | ||
| + | <pre> | ||
| + | create table csv_test (id int, value varchar(20)) engine = csv; | ||
| + | insert into csv_test VALUES (1, 'Record 1'), (2, 'Record 2'), (3, 'Record 3'); | ||
| + | select * from csv_test; | ||
| + | </pre> | ||
| + | ====What it looks like in unix==== | ||
| + | <pre> | ||
| + | $ cat csv_test.CSV | ||
| + | "1","record 1" | ||
| + | "2","record 2" | ||
| + | "3","record 3" | ||
| + | </pre> | ||
| + | |||
| + | |||
| + | See [[http://www.fromdual.ch/csv-storage-engine here]] for more info | ||
Revision as of 10:14, 25 March 2013
Contents
Using prepared statements to avoid SQL injection
Using this method of writing SQL removes the necessity of attempting to clean the input with mysql_real_escape_string()
$dbPreparedStatement = $db->prepare('INSERT INTO table (postId, htmlcontent) VALUES (:postid, :htmlcontent)');
$dbPreparedStatement->bindParam(':postid', $userId, PDO::PARAM_INT);
$dbPreparedStatement->bindParam(':htmlcontent', $yourHtmlData, PDO::PARAM_STR);
$dbPreparedStatement->execute();
Fill your boots on PDO here
CSV tables - equivalent of External tables in Oracle
Are they enabled?
show engines;
Create a CSV table
create table csv_test (id int, value varchar(20)) engine = csv; insert into csv_test VALUES (1, 'Record 1'), (2, 'Record 2'), (3, 'Record 3'); select * from csv_test;
What it looks like in unix
$ cat csv_test.CSV "1","record 1" "2","record 2" "3","record 3"
See [here] for more info
