Am 20.09.2011 01:23, schrieb Dotan Cohen:
> On Tue, Sep 20, 2011 at 01:48, Reindl Harald wrote:
>> i would use a samll class holding the db-connection with
>> insert/update-methods
>> pass the whole record-array, lokk what field types are used in the table
>> and use intval(), doubleval() or my
On Tue, Sep 20, 2011 at 01:48, Reindl Harald wrote:
> i would use a samll class holding the db-connection with insert/update-methods
> pass the whole record-array, lokk what field types are used in the table
> and use intval(), doubleval() or mysql_real_escape-String
>
By the way, the database co
On Tue, Sep 20, 2011 at 01:48, Reindl Harald wrote:
> i would use a samll class holding the db-connection with insert/update-methods
> pass the whole record-array, lokk what field types are used in the table
> and use intval(), doubleval() or mysql_real_escape-String
>
> so you never write "insert
On Tue, Sep 20, 2011 at 02:09, Hank wrote:
>>
>> I want to be sure that all variables in the query are escaped. I don't
>> trust myself or anyone else to do this to every variable right before
>> the query:
>> $someVar=mysql_real_escape_string($someVar);
>>
>
> But you're doing exactly that right
>
>
> I want to be sure that all variables in the query are escaped. I don't
> trust myself or anyone else to do this to every variable right before
> the query:
> $someVar=mysql_real_escape_string($someVar);
>
>
But you're doing exactly that right before the query anyway with:
$M[username]=mysql_
Am 20.09.2011 00:39, schrieb Dotan Cohen:
> On Tue, Sep 20, 2011 at 01:11, Hank wrote:
>> Best of both worlds:
>>> $username=$_POST['username'];
>>> // do some stuff with username here
>>> $M=array(); // Array of things to be inserted into MySQL
>>> $M[username]=mysql_real_escape_string($userna
On Tue, Sep 20, 2011 at 01:11, Hank wrote:
> Best of both worlds:
>> $username=$_POST['username'];
>> // do some stuff with username here
>> $M=array(); // Array of things to be inserted into MySQL
>> $M[username]=mysql_real_escape_string($username); // Everything that
>> goes into $M is escaped
Best of both worlds:
> $username=$_POST['username'];
> // do some stuff with username here
> $M=array(); // Array of things to be inserted into MySQL
> $M[username]=mysql_real_escape_string($username); // Everything that
> goes into $M is escaped
> $query="INSERT INTO table (username) VALUES ('{$M
On Mon, Sep 19, 2011 at 18:11, Reindl Harald wrote:
> it is not because it is clear that it is sanitized instead hope and pray
> thousands of layers somewhere else did it - for a inline-query the best
> solution, if you are using a framework you will never have the "insert into"
> at this place!
>
Am 19.09.2011 16:55, schrieb Hank:
>>
>> what ugly style - if it is not numeric and you throw it to the database
>> you are one of the many with a sql-injection because if you are get
>> ivalid values until there you have done no sanitize before and do not here
>>
>>
> It's a matter of opinion.
>
> what ugly style - if it is not numeric and you throw it to the database
> you are one of the many with a sql-injection because if you are get
> ivalid values until there you have done no sanitize before and do not here
>
>
It's a matter of opinion. I never said the data wasn't sanitized (it is
On Mon, Sep 19, 2011 at 07:47, Reindl Harald wrote:
> what ugly style - if it is not numeric and you throw it to the database
> you are one of the many with a sql-injection because if you are get
> ivalid values until there you have done no sanitize before and do not here
>
> $sql="INSERT into tab
On Mon, Sep 19, 2011 at 04:00, Hank wrote:
> I agree with Brandon's suggestions, I would just add when using numeric
> types in PHP statements where you have a variable replacement, for instance:
>
> $sql="INSERT into table VALUES ('$id','$val')";
>
> where $id is a numeric variable in PHP and a n
Am 19.09.2011 03:00, schrieb Hank:
> I agree with Brandon's suggestions, I would just add when using numeric
> types in PHP statements where you have a variable replacement, for instance:
>
> $sql="INSERT into table VALUES ('$id','$val')";
>
> where $id is a numeric variable in PHP and a numeri
On Sun, Sep 18, 2011 at 12:28 PM, Dotan Cohen wrote:
> On Sun, Sep 18, 2011 at 17:44, Brandon Phelps wrote:
> > Personally I don't use any quotes for the numeric types, and single
> quotes
> > for everything else. Ie:
> >
>
> Thanks, Brandon. I understand then that quote type is a matter of
> t
On Sun, Sep 18, 2011 at 17:44, Brandon Phelps wrote:
> Personally I don't use any quotes for the numeric types, and single quotes
> for everything else. Ie:
>
Thanks, Brandon. I understand then that quote type is a matter of
taste. I always use double quotes in PHP and I've only recently
started
`varchar_field` = 'Test' WHERE `id` = 3"
And some people prefer to put numeric fields in quotes as well, although it is
not necessary:
UPDATE mytable SET int_field = '5' WHERE id = '3';
On 9/18/11 5:00 AM, Dotan Cohen wrote:
I am somewhat confused as to t
There is no logical difference. There's a tiny bit of overhead in
preparing and executing the statements, but if you have a query where
the limit is variable, a prepared statement might be better than
coding within an application, because then when ANY user or
application connects it can use that
what is the difference between this:
SET @a=1; PREPARE STMT FROM 'SELECT * FROM tbl LIMIT ?';EXECUTE STMT USING
@a;
and this:
'SELECT * FROM tbl LIMIT 1
And then this:
SET @skip=1; SET @numrows=5;
PREPARE STMT FROM 'SELECT * FROM tbl LIMIT ?, ?';
EXECUTE STMT USING @skip, @numrows;
and this:
'
Sorry, two errors, should be ...
...) OR m.repyear IS NULL
GROUP BY c.year
PB
-
Chris Fonnesbeck wrote:
On 2/17/06, Peter Brawley <[EMAIL PROTECTED]> wrote:
Chris,
Your WHERE clause is weeding out the NULL joined entries. Try something
like...
select
m.repyear as repyear,
In the last episode (Feb 17), Chris Fonnesbeck said:
> I am trying to figure out how to get a comprehensive count of rows in
> a database by year. Unfortunately, when there are no rows for a
> particular year, the year is omitted from the result set, rather than
> showing up with a zero count:
>
>
Chris,
Your WHERE clause is weeding out the NULL joined entries. Try something
like...
select
m.repyear as repyear,
count(*) as count
from years y
left join mortality m on y.year=m.repyear
where (
m.region like 'Southwest'
and m.repyear>1985
and m.dthcode!=4
and (m.cause like '%red tide%' or m
I am trying to figure out how to get a comprehensive count of rows in
a database by year. Unfortunately, when there are no rows for a
particular year, the year is omitted from the result set, rather than
showing up with a zero count:
mysql> select count(*) as count, repyear from mortality where re
On 10/24/05, Jasper Bryant-Greene <[EMAIL PROTECTED]> wrote:
> On Mon, 2005-10-24 at 06:09 +0200, Dotan Cohen wrote:
> > How do I use a not operator in the WHERE clause? The obvious != and
> > NOT didn't work for me. Something along the lines of:
> > $query = "SELECT album, year FROM albums WHERE y
On Mon, 2005-10-24 at 06:09 +0200, Dotan Cohen wrote:
> How do I use a not operator in the WHERE clause? The obvious != and
> NOT didn't work for me. Something along the lines of:
> $query = "SELECT album, year FROM albums WHERE year!=1990 ORDER BY year ASC";
The above query is syntactically corre
How do I use a not operator in the WHERE clause? The obvious != and
NOT didn't work for me. Something along the lines of:
$query = "SELECT album, year FROM albums WHERE year!=1990 ORDER BY year ASC";
$query = "SELECT album, year FROM albums WHERE year NOT 1990 ORDER BY year ASC";
Thanks in advance
writing something
useful to the error log.
Cheers,
--V
mos wrote:
I have a compiled application that accesses a dedicated MySQL 4.1.1
server with MyISAM tables on Win XP. For some reason when the application
is in a loop doing simple single table Select statements, the MySQL
server after 48
r hours as this will lock your
MyISAM tables.
Quoting mos <[EMAIL PROTECTED]>:
> I have a compiled application that accesses a dedicated MySQL 4.1.1 server
> with MyISAM tables on Win XP. For some reason when the application is in a
> loop doing simple single table Select statement
mos <[EMAIL PROTECTED]> wrote on 03/23/2005 12:04:59 PM:
> I have a compiled application that accesses a dedicated MySQL 4.1.1
server
> with MyISAM tables on Win XP. For some reason when the application is in
a
> loop doing simple single table Select statements, the MySQL s
.
Cheers,
--V
mos wrote:
I have a compiled application that accesses a dedicated MySQL 4.1.1
server with MyISAM tables on Win XP. For some reason when the
application is in a loop doing simple single table Select statements,
the MySQL server after 48 seconds of processing will upchuck with the
I have a compiled application that accesses a dedicated MySQL 4.1.1 server
with MyISAM tables on Win XP. For some reason when the application is in a
loop doing simple single table Select statements, the MySQL server after 48
seconds of processing will upchuck with the error "Can't
Hi,
I'm having serious trouble getting prepared statements with bound parameters
in the where clause to work over the C API with MySQL 4.1.3. The Bugtracker on
mysql.com has similar bugs for 4.1.2, which are marked as closed and fixed in
4.1.3 so I wanted to make sure that I'm doing things correctl
Hi,
I would like to know if functions will ever be able to issue SELECT
statements, like procedures can. I want a function which can select
multiple rows from another table, process those rows into a single
scalar, and return that as its result. I want a function to do this
so that I can use
PROTECTED]
Subject: Re: Strings and variables in select statements
I'm a beginner so don't quote me. I beleive you need something like:
Select hs_identifiers.hs_id_num from hs_identifiers,
where (accession_num LIKE (result of another select statement)%);
I beleive that should give you
I'm a beginner so don't quote me. I beleive you need something like:
Select hs_identifiers.hs_id_num from hs_identifiers,
where (accession_num LIKE (result of another select statement)%);
I beleive that should give you the first part and if there is anything after
it.
Respectfully,
Ligaya Turme
Hi,
I would appreciate help with the following.
I have a table where each of the values in a column consists of a
combination of letters and numbers followed by a decimal then a single digit.
Examples of the two types of entries that could be found in this column(accession_num)
are:
BQ877252.1
Bernd Jagla wrote:
Hi there,
I have some rather complicated sql statements that seem to eat up all resources from
mysqld.
Once I have two of them running at the same time no one can log on any more. Simple
queries involving distinct get a out of memory error.
We have tried changing the index buf
Hi there,
I have some rather complicated sql statements that seem to eat up all resources from
mysqld.
Once I have two of them running at the same time no one can log on any more. Simple
queries involving distinct get a out of memory error.
We have tried changing the index buffer size from 256M
What version of MySQL are you using?
Regards,
A$
On Saturday, August 2, 2003, at 11:45 PM, Pascal Délisle wrote:
Hi!
I try to figure out how to use a nested "SELECT" statement after the
"IN" predicate. For example, when I try this code, it doesn't return
anything although it should:
SELECT b
In the last episode (Aug 03), Pascal Dlisle said:
> Finally, I solved my problem by creating a temporary table that holds
> the result of the subquery. So, it looks like this:
...
> The only problem I see is when there are concurrent access to the
> table "livreTemp", e.g. when there are multiple
= auteur.IDAuteur
and livre.IDLivre = livreEcritPar.IDLivre;
++-+--+
| title | Prenom | Nom |
+----+-----+--+
| howto: MySQL | Matthew | Gold |
| howto: PHP | Matthew | Gold |
| History of Tayport | Matthew | Gold |
+---
ay, August 03, 2003 1:02 PM
Subject: Re: Nested SELECT statements problem
Finally, I solved my problem by creating a temporary table that holds
the result of the subquery. So, it looks like this:
CREATE TABLE livreTemp (IDLivre int(11));
INSERT INTO livreTemp (IDLivre) SELECT book.IDLivre
FROM li
- Original Message -
From: "Pascal Délisle" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, August 03, 2003 1:02 PM
Subject: Re: Nested SELECT statements problem
> Finally, I solved my problem by creating a temporary table that holds
> the result of
matched; or otherwise the query will not return
anything.
Hope this helps.
Lin
-Original Message-
From: Pascal Délisle [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 02, 2003 11:46 PM
To: [EMAIL PROTECTED]
Subject: Nested SELECT statements problem
Hi!
I try t
be matched; or otherwise the query will not return anything.
Hope this helps.
Lin
-Original Message-
From: Pascal Délisle [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 02, 2003 11:46 PM
To: [EMAIL PROTECTED]
Subject: Nested SELECT statements problem
Hi!
I tr
ery indeed returns some
records to be matched; or otherwise the query will not return anything.
Hope this helps.
Lin
-Original Message-
From: Pascal Délisle [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 02, 2003 11:46 PM
To: [EMAIL PROTECTED]
Subject: Nested SELECT
Dan Nelson wrote:
In the last episode (Aug 02), Pascal Dlisle said:
I try to figure out how to use a nested "SELECT" statement after the
"IN" predicate. For example, when I try this code, it doesn't return
anything although it should:
SELECT book.IDLivre, aut.Prenom, aut.Nom FROM livre book,
In the last episode (Aug 02), Pascal Dlisle said:
> I try to figure out how to use a nested "SELECT" statement after the
> "IN" predicate. For example, when I try this code, it doesn't return
> anything although it should:
>
> SELECT book.IDLivre, aut.Prenom, aut.Nom FROM livre book,
> livreEcrit
Hi!
I try to figure out how to use a nested "SELECT" statement after the
"IN" predicate. For example, when I try this code, it doesn't return
anything although it should:
SELECT book.IDLivre, aut.Prenom, aut.Nom FROM livre book, livreEcritPar
ecr, auteur aut WHERE ecr.IDLivre = book.IDLivre A
be as many as 100,000 select
> statements. With mysql this is ending up with a performance penalty of
> about 3x the existing time that the current report writer takes.
>
> Running Intel's vtune I can see that the select statements (through
> mysql_query)are taking up around 90% of
Hello Gary,
The MySQL server uses the "myisam" libraries to access MyISAM tables at the
lower level. It works similarly to and just as quickly as C-ISAM, though the
API is fairly different (IMHO).
A myisam user manual is available, but is not complete (I know, since I
wrote it).
You could use that
ursday, February 27, 2003 2:52 PM
Subject: speeding up simple SELECT statements with the C api?
> I'm in the process of writing a report writer for mysql which is necessary
> for the migration from the current database of my company's product to
mysql
> (due to the amount of re
rmance issue as the old
database report writer had direct access to the database through a c library
(no sql interface). On some reports there can be as many as 100,000 select
statements. With mysql this is ending up with a performance penalty of
about 3x the existing time that the current repo
Thanks for the information, I will try that in this situation, however, I
have done this in other select statements and it has worked fine. I will
follow-up in the PHP list if I still have problems.
Please note also that since I assumed this was a MySQL problem I posted it
to this group. Since
Hi,
> while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {
>
> echo " ALIGN=left>".$line['name']." ALIGN=right>".$line['$wk']."";
>
> }
Here is your problem. Your are indeed substituting $wk into the query
correctly, but when you go to output the result rows y
Hi,
>From the code below $wk gets the values (w1, w2, w3, etc.) as it goes
through the 'for' loop. w1, w2, etc. are also colums in the table manager.
What I can't figure out is why the select statement fails (no error, just no
data) when I use $wk as apposed to hardcoding w1, w2, etc. Is this pos
Sorry, Geetika. It looks like I lost this thread in the mix.
Have you tried some Perl like this:
# concurrent.pl
# Check start time.
for my $n (1..$DO_TRIES) {
print qq{Doing # [$n] PID [$$]\n};
my $pid = fork();
if ($pid == 0) {
print qq{Child [$$] running command.\n};
exec(qq{e
12:38:45 -0500 (EST)
To: [EMAIL PROTECTED]
Subject: Executing concurrent select statements from perl on MySQL ISAM
tables (fwd)
I am trying to make my perl script fork several processes that all execute
'select' statements on MySQL. I want the statements to happen
concurrently (as I wa
From: Geetika Tewari <[EMAIL PROTECTED]>
> ...perl script fork several processes...
> ...I think my 'select' statements are not happening concurrently.
Why do you think that?
---
Rodney Broom
President, R.Broom Consulting
http:
In the last episode (Nov 25), Geetika Tewari said:
> I am trying to make my perl script fork several processes that all
> execute 'select' statements on MySQL. I want the statements to
> happen concurrently (as I want to monitor the behaviour of MySQL with
> native
I am trying to make my perl script fork several processes that all execute
'select' statements on MySQL. I want the statements to happen
concurrently (as I want to monitor the behaviour of MySQL with native ISAM
tables under this concurrent Read access). So I am using 'fork'
ge -
> From: "Jed Verity" <[EMAIL PROTECTED]>
> To: "julian haffegee" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Friday, September 06, 2002 3:42 AM
> Subject: Re: select statements
>
>
>> Hello, Jules,
>>
>> Yo
such phrases seem pretty useless!
Thanks for your time
Jules
- Original Message -
From: "Jed Verity" <[EMAIL PROTECTED]>
To: "julian haffegee" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, September 06, 2002 3:42 AM
Subject: Re: select stat
Hello, Jules,
You can use the "value in (a,b,c)" format. If necessary, implode your array
and do something like this:
SELECT emailAddress FROM subscribers_html WHERE mailingGroup value in
($toText);
Check the documentation, if necessary, for usage of implode and "value in".
HTH!
Jed
On the th
Hi all,
I have a database of names and email addresses, that I want to email.
$result = mysql_query("SELECT emailAddress FROM subscribers_html WHERE
mailingGroup='$toText'");
The select statement needs to return a row when mailingGroup='$toText', but
$toText is an array. How should I write thi
Never mind, I figured it out by reading a previous question and I understand
how to use Left join to do this.
-Original Message-
From: Alan Coleman [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 22, 2002 5:22 AM
To: [EMAIL PROTECTED]
Subject: Internal Select statements using IN and
I've noticed that MySQL doesn't support the use of internal selects with the
in and not in methods such as in this example from a where statement.
and shift_id not in
(select shift_assoc from facdba.staff_schedule_temp
where status <> 'EXL')
This function
I have a problem in VB trying to use select statements with MySQL. My
problem does not occur only with the example below but with ANY select
statement I try to make against my MySQL database. Much thanks in advance to
anyone that can help me out with this :)
This is my code:
Private Sub
* [EMAIL PROTECTED]
> Description:
> I try to get the last 5 different times and the first 5
> different times. There is a difference of aproximately
> 1 minute and 40 seconds between this to queries. I do not see
> reason for the difference in the execution times.
There is a problem in some case
NULL | 3418459 | where used; Using index; Using temporary; Using filesort
|
+---+---+-+--+-+
--+-+--+
1 row in set (0.00 sec)
Fix:
Synopsis: Speed problem with sorted select statements
Sub
On Tuesday 22 January 2002 10:21 am, Bernhard Schmalhofer wrote:
> x807b75f handle_segfault__Fi + 383
> ? ? ? ? ?0x812bcaa pthread_sighandler + 154
> ? ? ? ? ?0x8150974 chunk_realloc + 56
> ? ? ? ? ?0x8150907 realloc + 787
> ? ? ? ? ?0x811594e my_realloc + 46
> ? ? ? ? ?0x80fae62 _mi_read_pack_inf
>Description:
We are running about 100 MySQL-database servers on a single
Machine.
The databases are usually accessed via a web-interface. For some
batch processing
we tried to do basically 'SELECT *' on some tables. This caused
the mysqld-Processed
to fail. 'safe_m
On Thursday 30 August 2001 15:28, Andre Konopka wrote:
> Hi,
>
> I have, three tables (one,two, three) with the rows id/value. id is the
> key for all the tables.
>
>
> with
>
>
> select value from one where id=xx;
> select value from two where id=xx;
> select value from three where id=xx;
>
>
> I
Hi,
I have, three tables (one,two, three) with the rows id/value. id is the
key for all the tables.
with
select value from one where id=xx;
select value from two where id=xx;
select value from three where id=xx;
I can select all values from the tables with the id=xx.
How can I do this wit
Hello everyone,
I have a few questions that I hope some of you might be able to answer.
Is there a MAX_SIZE on a select statements and when does MySQL lose
performance when the statement becomes very large?
When using the 'IN' clause, how does MySQL parse the data? Does it do
I upgraded from 3.23.27-beta to 3.23.32 after seeing bugfixes
on intermediate versions. However the problems are continuing:
Mod_perl DBI/DBD::mysql queries are failing to return rows that
I know exist. It could be DBI/DBD::Mysql, but just in case
I have some questions:
- Are there known pr
76 matches
Mail list logo
