Shawn,
Just wanted to let you know your help was appreciated. I'm close to getting it
straight. Away from my console for the day so I won't know till later. However,
while I did figure out the correct variable and query name, there is about 20 other
lines of code that needed adjusting to m
It's all good information. I need to be thinking security as well as generating
proper efficient code. All is appreciated.
Stuart
Harald Fuchs <[EMAIL PROTECTED]> wrote:
In article ,
[EMAIL PROTECTED] writes:
> I agree and I am sorry I forgot a very basic security practice. You must
> always
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] writes:
> I agree and I am sorry I forgot a very basic security practice. You must
> always check any input from a user. Make sure that the user gives you a
> valid number and reject the request if it is anything out of your
> acceptable range
I agree and I am sorry I forgot a very basic security practice. You must
always check any input from a user. Make sure that the user gives you a
valid number and reject the request if it is anything out of your
acceptable range or datatype. Otherwise a "bad" user could compromise your
database
In article <[EMAIL PROTECTED]>,
Stuart Felenstein <[EMAIL PROTECTED]> writes:
> Not sure exactly what you mean by a SQL injection
> attack. I'm thinking a string could be input as
> opposed to an integer ?
Exactly - especially an SQL string.
> The form itself constricts user to a set of choices
Not sure exactly what you mean by a SQL injection
attack. I'm thinking a string could be input as
opposed to an integer ?
The form itself constricts user to a set of choices.
Stuart
--- Harald Fuchs <[EMAIL PROTECTED]> wrote:
> I think this is bad advice, even for a novice like
> Stuart, becau
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] writes:
> Don't do an "@usrDays", just stick the number in there so that the
> statement you create looks exactly like the one you tested with.
> If you get a "number" from a user from a form, just put that value into
> the string. For instance
Don't do an "@usrDays", just stick the number in there so that the
statement you create looks exactly like the one you tested with.
If you get a "number" from a user from a form, just put that value into
the string. For instance if the user enters 43 into a field on the first
page, put 43 into
Shawn - You answered the right question. Since a SQL
statement is closer to my grasp right now , today,
trying that approach.
I think this is something close to correct, though I'm
stuck on what to assign to @usrDays:=
SELECT DateEntry from Entry_Table,
WHERE DateEntry >= DATE_SUB(CurDate(),
Stuart,
I feel you pains. I think I can speak for most of us to say "we've been
there, too"
First, You want to try to keep your column values on the LEFT side of any
inequality. MySQL just goes faster that way.
SELECT
WHERE EntryDate >= DATESUB(CurDate(), Interval 2 day
Shawn, partially discourage but mostly confused about
what I really need to do.
Bear in mind for a moment, that I'm working in a
somewhat untradional manner. Meaning a) very new to
database and SQL b) (and i realize this list is not
for programming languages) using a RAD that allows me
to point,
Were you able to solve you problem another way or just discouraged by my
response? I wasn't trying to make you feel bad, you just covered so much
ground in your original post that I really couldn't understand your issue.
Please, post again but with a little more background.
We all want to h
Ok, never mind . I guess a conditional loop is not
needed.
Stuart
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
A whole lot of context would be very useful in helping us understand your
issue:
What is the purpose of the Entry_Table table?
What were you trying to accomplish with the CountBack_Table table?
What were the intended purpose and the expected results of the query that
you couldn't write?
How doe
I read through the parts of the manual that applied
but I might be missing something here.
I have a table where I'm trying to query the date with
a conditional statement. As you'll see , if 3 was the
condition then the statement should result in a list
of any entries made <= current date.
It j
15 matches
Mail list logo
