For a project where most queries on the database will include requirements like “within an polygon” I have come to think about choosing PostgreSQL with PostGIS instead of MySQL, which I have previously mainly used. Mainly because PostgreSQL has more GIS functions. However, I am uncertain how to evaluate this, and also can’t really see the difference from a PHP
Tag: php
Can I parameterize the table name in a prepared statement?
I’ve used the mysqli_stmt_bind_param function several times. However, if I separate variables that I’m trying to protect against SQL injection I run into errors. Here’s some code sample: Is it possible to somehow replace the .$new_table. concatenation with another question mark statement, make another bind parameter statement, or add onto the existing one to protect against SQL injection? Like this
PDO Exception Questions – How to Catch Them
I’m using PDO to re-write a website interface for a database. I used to use the mysql extension, but I had never bothered with error handling, and the few error handlers I had were basically copy-paste. Now I’d like to do this right. However, I’m having issues catching the errors how I’d like (errors like “Duplicate Entry”, “Null Value” etc
Undefined index uid calling GET fetch
I have a function that calls a SQL query, the function is type fetch_user Now i get an Undefined Index error when I call my query, The error message is Undefined index: uid in profile.php on line 3 But the thing is that i cant find the error, This is my user.inc.php that have the function And this is my
Database Design – Loaner System – Customer loaning multiple items
I am implementing a loaner system and would like find out the most efficient / database standard structure technique to use for the loan records. Let me start with the basics: I have two tables: Customer_Record(id, f_name, l_name, p_number) Loaner_Pool(id, model, serial_n, status) The idea is that the loaner pool consists of a list of gear like: Mouse/Keyboard/Laptop/Batteries/Camera/etc. Status represents
SQL writing format
I would like to inner join to tables with sql like this: $check_unscored = “select * from [user] INNER JOIN [tenderrc] on [user].[id] = [tenderrc].[userid]”; $…
How can I prevent 2nd order SQL attacks?
I’m using PHP PDO for my queries, everywhere, but I read that in very rare cases there could still be “second order injections” where an unsafe variable is stored then executed when used in another statement. Will prepared statements still protect against this? As long as I make sure I always use them? Or do I have to take more
Issues using sqlsrv_rows_affected, it keeps returning false even when its true
I have a query that changes a users password, and I want to check the users knows their current password before being able to change it. So it is working, I need to enter the current password before changes will be made, but my outputs are still always false, here is the code I have: Can anyone see this won’t
Doctrine 2 Query Builder abs Function
This Work: This Don’t Work: The Error: Syntax Error] line 0, col 118: Error: Expected end of string, got ‘(‘ The native doctrine function abs work only on a select part of statment and don’t work on order by part. Obs: 1-) Im avoiding to use NativeQuery. 2-) u.code is a varchar fild on mysql and need to be varchar
How to print SQL statement in codeigniter model
I have a sql statement in my model, I then say My query always fails, how do I get php to print the exact sql statement being sent to my database? And display that on my php view, page Answer To display the query string: To display the query result: The Profiler Class will display benchmark results, queries you have