Difference between revisions of "PHP/MySQL"
From dbawiki
(→Using prepared statements to avoid SQL injection) |
|||
| Line 11: | Line 11: | ||
[[CSV tables - equivalent of External tables in Oracle]] | [[CSV tables - equivalent of External tables in Oracle]] | ||
| + | ===Run a shell script with an html button=== | ||
| + | <pre> | ||
| + | <?php | ||
| + | if ($_GET['run']) { | ||
| + | # This code will run if ?run=true is set. | ||
| + | exec("/path/to/name.sh"); | ||
| + | } | ||
| + | ?> | ||
| + | <!-- This link will add ?run=true to your URL, myfilename.php?run=true --> | ||
| + | <button type="button" onclick="?run=true">Click Me!</button> | ||
| + | </pre> | ||
Revision as of 21:47, 23 April 2013
Using prepared statements to avoid SQL injection
Using this method of writing SQL removes the necessity of attempting to clean the input with mysql_real_escape_string()
$dbPreparedStatement = $db->prepare('INSERT INTO table (postId, htmlcontent) VALUES (:postid, :htmlcontent)');
$dbPreparedStatement->bindParam(':postid', $userId, PDO::PARAM_INT);
$dbPreparedStatement->bindParam(':htmlcontent', $yourHtmlData, PDO::PARAM_STR);
$dbPreparedStatement->execute();
Fill your boots on PDO here
CSV tables - equivalent of External tables in Oracle
Run a shell script with an html button
<?php
if ($_GET['run']) {
# This code will run if ?run=true is set.
exec("/path/to/name.sh");
}
?>
<!-- This link will add ?run=true to your URL, myfilename.php?run=true -->
<button type="button" onclick="?run=true">Click Me!</button>
