On Mon, Sep 19, 2011 at 04:00, Hank hes...@gmail.com wrote:
I agree with Brandon's suggestions, I would just add when using numeric
types in PHP statements where you have a variable replacement, for instance:
$sql=INSERT into table VALUES ('$id','$val');
where $id is a numeric variable in
On Mon, Sep 19, 2011 at 07:47, Reindl Harald h.rei...@thelounge.net wrote:
what ugly style - if it is not numeric and you throw it to the database
you are one of the many with a sql-injection because if you are get
ivalid values until there you have done no sanitize before and do not here
what ugly style - if it is not numeric and you throw it to the database
you are one of the many with a sql-injection because if you are get
ivalid values until there you have done no sanitize before and do not here
It's a matter of opinion. I never said the data wasn't sanitized (it is).
Am 19.09.2011 16:55, schrieb Hank:
what ugly style - if it is not numeric and you throw it to the database
you are one of the many with a sql-injection because if you are get
ivalid values until there you have done no sanitize before and do not here
It's a matter of opinion. I never said
On Mon, Sep 19, 2011 at 18:11, Reindl Harald h.rei...@thelounge.net wrote:
it is not because it is clear that it is sanitized instead hope and pray
thousands of layers somewhere else did it - for a inline-query the best
solution, if you are using a framework you will never have the insert into
Best of both worlds:
$username=$_POST['username'];
// do some stuff with username here
$M=array(); // Array of things to be inserted into MySQL
$M[username]=mysql_real_escape_string($username); // Everything that
goes into $M is escaped
$query=INSERT INTO table (username) VALUES
On Tue, Sep 20, 2011 at 01:11, Hank hes...@gmail.com wrote:
Best of both worlds:
$username=$_POST['username'];
// do some stuff with username here
$M=array(); // Array of things to be inserted into MySQL
$M[username]=mysql_real_escape_string($username); // Everything that
goes into $M is
Am 20.09.2011 00:39, schrieb Dotan Cohen:
On Tue, Sep 20, 2011 at 01:11, Hank hes...@gmail.com wrote:
Best of both worlds:
$username=$_POST['username'];
// do some stuff with username here
$M=array(); // Array of things to be inserted into MySQL
I want to be sure that all variables in the query are escaped. I don't
trust myself or anyone else to do this to every variable right before
the query:
$someVar=mysql_real_escape_string($someVar);
But you're doing exactly that right before the query anyway with:
On Tue, Sep 20, 2011 at 02:09, Hank hes...@gmail.com wrote:
I want to be sure that all variables in the query are escaped. I don't
trust myself or anyone else to do this to every variable right before
the query:
$someVar=mysql_real_escape_string($someVar);
But you're doing exactly that
On Tue, Sep 20, 2011 at 01:48, Reindl Harald h.rei...@thelounge.net wrote:
i would use a samll class holding the db-connection with insert/update-methods
pass the whole record-array, lokk what field types are used in the table
and use intval(), doubleval() or mysql_real_escape-String
so you
On Tue, Sep 20, 2011 at 01:48, Reindl Harald h.rei...@thelounge.net wrote:
i would use a samll class holding the db-connection with insert/update-methods
pass the whole record-array, lokk what field types are used in the table
and use intval(), doubleval() or mysql_real_escape-String
By the
Am 20.09.2011 01:23, schrieb Dotan Cohen:
On Tue, Sep 20, 2011 at 01:48, Reindl Harald h.rei...@thelounge.net wrote:
i would use a samll class holding the db-connection with
insert/update-methods
pass the whole record-array, lokk what field types are used in the table
and use intval(),
fields in quotes as well, although it is
not necessary:
UPDATE mytable SET int_field = '5' WHERE id = '3';
On 9/18/11 5:00 AM, Dotan Cohen wrote:
I am somewhat confused as to the proper way to place quotes around
arguments in INSERT and SELECT statements. I also don't see where this
is made explicit
On Sun, Sep 18, 2011 at 17:44, Brandon Phelps bphe...@gls.com wrote:
Personally I don't use any quotes for the numeric types, and single quotes
for everything else. Ie:
Thanks, Brandon. I understand then that quote type is a matter of
taste. I always use double quotes in PHP and I've only
On Sun, Sep 18, 2011 at 12:28 PM, Dotan Cohen dotanco...@gmail.com wrote:
On Sun, Sep 18, 2011 at 17:44, Brandon Phelps bphe...@gls.com wrote:
Personally I don't use any quotes for the numeric types, and single
quotes
for everything else. Ie:
Thanks, Brandon. I understand then that
Am 19.09.2011 03:00, schrieb Hank:
I agree with Brandon's suggestions, I would just add when using numeric
types in PHP statements where you have a variable replacement, for instance:
$sql=INSERT into table VALUES ('$id','$val');
where $id is a numeric variable in PHP and a numeric field
what is the difference between this:
SET @a=1; PREPARE STMT FROM 'SELECT * FROM tbl LIMIT ?';EXECUTE STMT USING
@a;
and this:
'SELECT * FROM tbl LIMIT 1
And then this:
SET @skip=1; SET @numrows=5;
PREPARE STMT FROM 'SELECT * FROM tbl LIMIT ?, ?';
EXECUTE STMT USING @skip, @numrows;
and this:
There is no logical difference. There's a tiny bit of overhead in
preparing and executing the statements, but if you have a query where
the limit is variable, a prepared statement might be better than
coding within an application, because then when ANY user or
application connects it can use that
Sorry, two errors, should be ...
...) OR m.repyear IS NULL
GROUP BY c.year
PB
-
Chris Fonnesbeck wrote:
On 2/17/06, Peter Brawley [EMAIL PROTECTED] wrote:
Chris,
Your WHERE clause is weeding out the NULL joined entries. Try something
like...
select
m.repyear as repyear,
I am trying to figure out how to get a comprehensive count of rows in
a database by year. Unfortunately, when there are no rows for a
particular year, the year is omitted from the result set, rather than
showing up with a zero count:
mysql select count(*) as count, repyear from mortality where
Chris,
Your WHERE clause is weeding out the NULL joined entries. Try something
like...
select
m.repyear as repyear,
count(*) as count
from years y
left join mortality m on y.year=m.repyear
where (
m.region like 'Southwest'
and m.repyear1985
and m.dthcode!=4
and (m.cause like '%red tide%' or
In the last episode (Feb 17), Chris Fonnesbeck said:
I am trying to figure out how to get a comprehensive count of rows in
a database by year. Unfortunately, when there are no rows for a
particular year, the year is omitted from the result set, rather than
showing up with a zero count:
On 10/24/05, Jasper Bryant-Greene [EMAIL PROTECTED] wrote:
On Mon, 2005-10-24 at 06:09 +0200, Dotan Cohen wrote:
How do I use a not operator in the WHERE clause? The obvious != and
NOT didn't work for me. Something along the lines of:
$query = SELECT album, year FROM albums WHERE year!=1990
How do I use a not operator in the WHERE clause? The obvious != and
NOT didn't work for me. Something along the lines of:
$query = SELECT album, year FROM albums WHERE year!=1990 ORDER BY year ASC;
$query = SELECT album, year FROM albums WHERE year NOT 1990 ORDER BY year ASC;
Thanks in advance.
On Mon, 2005-10-24 at 06:09 +0200, Dotan Cohen wrote:
How do I use a not operator in the WHERE clause? The obvious != and
NOT didn't work for me. Something along the lines of:
$query = SELECT album, year FROM albums WHERE year!=1990 ORDER BY year ASC;
The above query is syntactically correct.
to be writing something
useful to the error log.
Cheers,
--V
mos wrote:
I have a compiled application that accesses a dedicated MySQL 4.1.1
server with MyISAM tables on Win XP. For some reason when the application
is in a loop doing simple single table Select statements, the MySQL
server after 48
I have a compiled application that accesses a dedicated MySQL 4.1.1 server
with MyISAM tables on Win XP. For some reason when the application is in a
loop doing simple single table Select statements, the MySQL server after 48
seconds of processing will upchuck with the error Can't connect
.
Cheers,
--V
mos wrote:
I have a compiled application that accesses a dedicated MySQL 4.1.1
server with MyISAM tables on Win XP. For some reason when the
application is in a loop doing simple single table Select statements,
the MySQL server after 48 seconds of processing will upchuck
mos [EMAIL PROTECTED] wrote on 03/23/2005 12:04:59 PM:
I have a compiled application that accesses a dedicated MySQL 4.1.1
server
with MyISAM tables on Win XP. For some reason when the application is in
a
loop doing simple single table Select statements, the MySQL server after
48
as this will lock your
MyISAM tables.
Quoting mos [EMAIL PROTECTED]:
I have a compiled application that accesses a dedicated MySQL 4.1.1 server
with MyISAM tables on Win XP. For some reason when the application is in a
loop doing simple single table Select statements, the MySQL server after 48
Hi,
I'm having serious trouble getting prepared statements with bound parameters
in the where clause to work over the C API with MySQL 4.1.3. The Bugtracker on
mysql.com has similar bugs for 4.1.2, which are marked as closed and fixed in
4.1.3 so I wanted to make sure that I'm doing things
Hi,
I would like to know if functions will ever be able to issue SELECT
statements, like procedures can. I want a function which can select
multiple rows from another table, process those rows into a single
scalar, and return that as its result. I want a function to do this
so that I can use
Hi,
I would appreciate help with the following.
I have a table where each of the values in a column consists of a
combination of letters and numbers followed by a decimal then a single digit.
Examples of the two types of entries that could be found in this column(accession_num)
are:
BQ877252.1
I'm a beginner so don't quote me. I beleive you need something like:
Select hs_identifiers.hs_id_num from hs_identifiers,
where (accession_num LIKE (result of another select statement)%);
I beleive that should give you the first part and if there is anything after
it.
Respectfully,
Ligaya
PROTECTED]
Subject: Re: Strings and variables in select statements
I'm a beginner so don't quote me. I beleive you need something like:
Select hs_identifiers.hs_id_num from hs_identifiers,
where (accession_num LIKE (result of another select statement)%);
I beleive that should give you the first
Bernd Jagla wrote:
Hi there,
I have some rather complicated sql statements that seem to eat up all resources from
mysqld.
Once I have two of them running at the same time no one can log on any more. Simple
queries involving distinct get a out of memory error.
We have tried changing the index
Hi there,
I have some rather complicated sql statements that seem to eat up all resources from
mysqld.
Once I have two of them running at the same time no one can log on any more. Simple
queries involving distinct get a out of memory error.
We have tried changing the index buffer size from
will not return anything.
Hope this helps.
Lin
-Original Message-
From: Pascal Délisle [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 02, 2003 11:46 PM
To: [EMAIL PROTECTED]
Subject: Nested SELECT statements problem
Hi!
I try to figure out how to use a nested SELECT
this helps.
Lin
-Original Message-
From: Pascal Délisle [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 02, 2003 11:46 PM
To: [EMAIL PROTECTED]
Subject: Nested SELECT statements problem
Hi!
I try to figure out how to use a nested SELECT statement after the
IN predicate
- Original Message -
From: Pascal Délisle [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, August 03, 2003 1:02 PM
Subject: Re: Nested SELECT statements problem
Finally, I solved my problem by creating a temporary table that holds
the result of the subquery. So, it looks like
: Re: Nested SELECT statements problem
Finally, I solved my problem by creating a temporary table that holds
the result of the subquery. So, it looks like this:
CREATE TABLE livreTemp (IDLivre int(11));
INSERT INTO livreTemp (IDLivre) SELECT book.IDLivre
FROM livre book, livreEcritPar ecr, auteur
)
- Original Message -
From: Pascal Délisle [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, August 03, 2003 8:02 PM
Subject: Re: Nested SELECT statements problem
Finally, I solved my problem by creating a temporary table that holds
the result of the subquery. So, it looks like this:
CREATE
In the last episode (Aug 03), Pascal Dlisle said:
Finally, I solved my problem by creating a temporary table that holds
the result of the subquery. So, it looks like this:
...
The only problem I see is when there are concurrent access to the
table livreTemp, e.g. when there are multiple
What version of MySQL are you using?
Regards,
A$
On Saturday, August 2, 2003, at 11:45 PM, Pascal Délisle wrote:
Hi!
I try to figure out how to use a nested SELECT statement after the
IN predicate. For example, when I try this code, it doesn't return
anything although it should:
SELECT
Hi!
I try to figure out how to use a nested SELECT statement after the
IN predicate. For example, when I try this code, it doesn't return
anything although it should:
SELECT book.IDLivre, aut.Prenom, aut.Nom FROM livre book, livreEcritPar
ecr, auteur aut WHERE ecr.IDLivre = book.IDLivre AND
In the last episode (Aug 02), Pascal Dlisle said:
I try to figure out how to use a nested SELECT statement after the
IN predicate. For example, when I try this code, it doesn't return
anything although it should:
SELECT book.IDLivre, aut.Prenom, aut.Nom FROM livre book,
livreEcritPar ecr,
Dan Nelson wrote:
In the last episode (Aug 02), Pascal Dlisle said:
I try to figure out how to use a nested SELECT statement after the
IN predicate. For example, when I try this code, it doesn't return
anything although it should:
SELECT book.IDLivre, aut.Prenom, aut.Nom FROM livre book,
returns some
records to be matched; or otherwise the query will not return anything.
Hope this helps.
Lin
-Original Message-
From: Pascal Délisle [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 02, 2003 11:46 PM
To: [EMAIL PROTECTED]
Subject: Nested SELECT statements
select
statements. With mysql this is ending up with a performance penalty of
about 3x the existing time that the current report writer takes.
Running Intel's vtune I can see that the select statements (through
mysql_query)are taking up around 90% of the run time.
[...]
Anyways, I'm not sure
as the old
database report writer had direct access to the database through a c library
(no sql interface). On some reports there can be as many as 100,000 select
statements. With mysql this is ending up with a performance penalty of
about 3x the existing time that the current report writer takes
Subject: speeding up simple SELECT statements with the C api?
I'm in the process of writing a report writer for mysql which is necessary
for the migration from the current database of my company's product to
mysql
(due to the amount of reports dependent on the current database report
writer
Hello Gary,
The MySQL server uses the myisam libraries to access MyISAM tables at the
lower level. It works similarly to and just as quickly as C-ISAM, though the
API is fairly different (IMHO).
A myisam user manual is available, but is not complete (I know, since I
wrote it).
You could use that
Hi,
From the code below $wk gets the values (w1, w2, w3, etc.) as it goes
through the 'for' loop. w1, w2, etc. are also colums in the table manager.
What I can't figure out is why the select statement fails (no error, just no
data) when I use $wk as apposed to hardcoding w1, w2, etc. Is this
Hi,
while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {
echo TR WIDTH=150TD
ALIGN=left.$line['name']./TDTD
ALIGN=right.$line['$wk']./TD;
}
Here is your problem. Your are indeed substituting $wk into the query
correctly, but when you go to output the
Thanks for the information, I will try that in this situation, however, I
have done this in other select statements and it has worked fine. I will
follow-up in the PHP list if I still have problems.
Please note also that since I assumed this was a MySQL problem I posted it
to this group. Since
Sorry, Geetika. It looks like I lost this thread in the mix.
Have you tried some Perl like this:
# concurrent.pl
# Check start time.
for my $n (1..$DO_TRIES) {
print qq{Doing # [$n] PID [$$]\n};
my $pid = fork();
if ($pid == 0) {
print qq{Child [$$] running command.\n};
I am trying to make my perl script fork several processes that all execute
'select' statements on MySQL. I want the statements to happen
concurrently (as I want to monitor the behaviour of MySQL with native ISAM
tables under this concurrent Read access). So I am using 'fork'. However,
I think
In the last episode (Nov 25), Geetika Tewari said:
I am trying to make my perl script fork several processes that all
execute 'select' statements on MySQL. I want the statements to
happen concurrently (as I want to monitor the behaviour of MySQL with
native ISAM tables under this concurrent
From: Geetika Tewari [EMAIL PROTECTED]
...perl script fork several processes...
...I think my 'select' statements are not happening concurrently.
Why do you think that?
---
Rodney Broom
President, R.Broom Consulting
http://www.rbroom.com/
sql
concurrent select statements from perl on MySQL ISAM
tables (fwd)
I am trying to make my perl script fork several processes that all execute
'select' statements on MySQL. I want the statements to happen
concurrently (as I want to monitor the behaviour of MySQL with native ISAM
tables under
Jules
- Original Message -
From: Jed Verity [EMAIL PROTECTED]
To: julian haffegee [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Friday, September 06, 2002 3:42 AM
Subject: Re: select statements
Hello, Jules,
You can use the value in (a,b,c) format. If necessary, implode your
array
and do
,
I'm still stuck though
I did as you suggested
- Original Message -
From: Jed Verity [EMAIL PROTECTED]
To: julian haffegee [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Friday, September 06, 2002 3:42 AM
Subject: Re: select statements
Hello, Jules,
You can use the value in (a,b
Hi all,
I have a database of names and email addresses, that I want to email.
$result = mysql_query(SELECT emailAddress FROM subscribers_html WHERE
mailingGroup='$toText');
The select statement needs to return a row when mailingGroup='$toText', but
$toText is an array. How should I write this
Hello, Jules,
You can use the value in (a,b,c) format. If necessary, implode your array
and do something like this:
SELECT emailAddress FROM subscribers_html WHERE mailingGroup value in
($toText);
Check the documentation, if necessary, for usage of implode and value in.
HTH!
Jed
On the
I've noticed that MySQL doesn't support the use of internal selects with the
in and not in methods such as in this example from a where statement.
and shift_id not in
(select shift_assoc from facdba.staff_schedule_temp
where status 'EXL')
This
Never mind, I figured it out by reading a previous question and I understand
how to use Left join to do this.
-Original Message-
From: Alan Coleman [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 22, 2002 5:22 AM
To: [EMAIL PROTECTED]
Subject: Internal Select statements using
I have a problem in VB trying to use select statements with MySQL. My
problem does not occur only with the example below but with ANY select
statement I try to make against my MySQL database. Much thanks in advance to
anyone that can help me out with this :)
This is my code:
Private Sub
|
+---+---+-+--+-+
--+-+--+
1 row in set (0.00 sec)
Fix:
how to correct or work around the problem, if known (multiple
lines)
Synopsis: Speed problem with sorted select statements
Submitter-Id
Description:
We are running about 100 MySQL-database servers on a single
Machine.
The databases are usually accessed via a web-interface. For some
batch processing
we tried to do basically 'SELECT *' on some tables. This caused
the mysqld-Processed
to fail.
On Tuesday 22 January 2002 10:21 am, Bernhard Schmalhofer wrote:
x807b75f handle_segfault__Fi + 383
? ? ? ? ?0x812bcaa pthread_sighandler + 154
? ? ? ? ?0x8150974 chunk_realloc + 56
? ? ? ? ?0x8150907 realloc + 787
? ? ? ? ?0x811594e my_realloc + 46
? ? ? ? ?0x80fae62 _mi_read_pack_info +
On Thursday 30 August 2001 15:28, Andre Konopka wrote:
Hi,
I have, three tables (one,two, three) with the rows id/value. id is the
key for all the tables.
with
select value from one where id=xx;
select value from two where id=xx;
select value from three where id=xx;
I can select
Hello everyone,
I have a few questions that I hope some of you might be able to answer.
Is there a MAX_SIZE on a select statements and when does MySQL lose
performance when the statement becomes very large?
When using the 'IN' clause, how does MySQL parse the data? Does it do an
inline
I upgraded from 3.23.27-beta to 3.23.32 after seeing bugfixes
on intermediate versions. However the problems are continuing:
Mod_perl DBI/DBD::mysql queries are failing to return rows that
I know exist. It could be DBI/DBD::Mysql, but just in case
I have some questions:
- Are there known
74 matches
Mail list logo