You should use [PDO Prepare][1]


  [1]: http://php.net/manual/en/pdo.prepare.php

From the link:

&gt; Calling PDO::prepare() and PDOStatement::execute() for statements that will be issued multiple times with different parameter values optimizes the performance of your application by allowing the driver to negotiate client and/or server side caching of the query plan and meta information, and **helps to prevent SQL injection attacks by eliminating the need to manually quote the parameters**. 

PDO offers an alternative designed to replace **[mysql_escape_string()][1]** with the **[PDO::quote()][2]** method.

Here is an excerpt from the PHP website:

    &lt;?php
        $conn = new PDO(&#39;sqlite:/home/lynn/music.sql3&#39;);

        /* Simple string */
        $string = &#39;Nice&#39;;
        print &quot;Unquoted string: $string\n&quot;;
        print &quot;Quoted string: &quot; . $conn-&gt;quote($string) . &quot;\n&quot;;
    ?&gt;

The above code will output:

    Unquoted string: Nice
    Quoted string: &#39;Nice&#39;

  [1]: http://us3.php.net/mysql_escape_string
  [2]: http://us3.php.net/manual/en/pdo.quote.php



Use prepared statements. Those keep the data and syntax apart, which removes the need for escaping MySQL data. See e.g. [this tutorial][1].

  [1]: http://php.net/manual/en/pdo.prepared-statements.php


How do you reference an constants with EL on a JSP page?

I have an interface `Addresses` with a constant named `URL`. I know I can reference it with a scriplet by going: `&lt;%=Addresses.URL%&gt;`, but how do I do this using EL?

How to reference constants in EL?

I have created a new user account on my mac and I am trying to update to the current version of ruby on it (1.9.2) from the snow leopard default of 1.8.7. Can somebody point me to tutorial or explain the best method to update Ruby on my mac from 1.8 to 1.9.2? Thanks

How to update Ruby to 1.9.x on Mac?

I&#39;m using PDO after migrating away from the `mysql` library. What do I use in place of the old `real_escape_string` function?

I need to escape single quotes so they will go into my database and I think there may be a better way to handle this without add(ing) slashes to all my strings. What should I be using?


Real escape string and PDO

<p>I'm using PDO after migrating away from the <code>mysql</code> library. What do I use in place of the old <code>real_escape_string</code> function?</p>
<p>I need to escape single quotes so they will go into my database and I think there may be a better way to handle this without add(ing) slashes to all my strings. What should I be using?</p>


    Class test{
        function test1()
        {
            echo &#39;inside test1&#39;;
        }
    
        function test2()
        {
            echo &#39;test2&#39;;
        }
    
        function test3()
        {
            echo &#39;test3&#39;;
        }
    }
    
    $obj = new test;
    $obj-&gt;test2();//prints test2
    $obj-&gt;test3();//prints test3


Now my question is,

How can i call another function before any called function execution?
In above case, how can i auto call &#39;test1&#39; function for every another function call,
so that i can get the output as,

    test1
    test2
    test1
    test3

currently i am getting output as 

    test2
    test3


&gt; I cannot call &#39;test1&#39; function in
&gt; every function definition as there may
&gt; be many functions. I need a way to
&gt; auto call a function before calling
&gt; any function of a class.

Any alternative way would also be do.

 

How to auto call function in php for every other function call

I&#39;ve been using XAMPP for Windows.

Where does PHP&#39;s error log reside in XAMPP?

Where does PHP&#39;s error log reside in XAMPP?

Get the first N elements of an array?

I&#39;ve occasionally run up against a server&#39;s memory allocation limit, particularly with a bloated application like Wordpress, but never encountered &quot;Unable to allocate memory for pool&quot; and having trouble tracking down any information.

Does anyone know what this means?  I&#39;ve tried increasing the `memory_limit` without success.  I also haven&#39;t made any significant changes to the application. One day there was no problem, the next day I hit this error.

What is causing &quot;Unable to allocate memory for pool&quot; in PHP?

I am using PHP 5 and I&#39;ve heard of a new featured in the object-oriented approach, called &#39;method chaining&#39;. What is it exactly? How do I implement it?

PHP method chaining or fluent interface?

I&#39;ve just made a database on mysql on my server. I want to connect to this via my website using php. This is the contents of my connections file:

    $dbhost = &#39;localhost&#39;;
    $dbuser = &#39;root&#39;;
    $dbpass = &#39;password&#39;;
    
    $conn = mysql_connect($dbhost, $dbuser, $dbpass)
        or die(&#39;Error connecting to mysql&#39;);
    			
    $dbname = &#39;epub&#39;;
    mysql_select_db($dbname);

I know what the username/passwords are, and I know the IP address of the server. What I&#39;m just wondering is how do I know which port to use?

mysql server port number

**EDIT: I have been using Postgres with PostGIS for a few months now, and I am satisfied.**

I need to analyze a few million geocoded records, each of which will have latitude and longitude. These records include data of at least three different types, and I will be trying to see if each set influences the other.

What database is best for the underlying data store for all this data? Here&#39;s my desires:

 - **I&#39;m familiar with the DBMS.** I&#39;m weakest with PostgreSQL, but I am willing to learn if everything else checks out.
 - **It does well with GIS queries.** Google searches suggest that PostgreSQL + PostGIS may be the strongest? At least a lot of products seem to use it. MySql&#39;s Spatial Extensions seem comparatively minimal?
 - **Low cost.** Despite the 10GB DB limit in SQL Server Express 2008 R2, I&#39;m not sure I want to live with this and other limitations of the free version.
 - **Not antagonistic with Microsoft .NET Framework.** Thanks to Connector/Net 6.3.4, MySql works well C# and .NET Framework 4 programs. It fully supports .NET 4&#39;s Entity Framework. I cannot find any noncommercial PostgreSQL equivalent, although I&#39;m not opposed to paying $180 for Devart&#39;s dotConnect for PostgreSQL Professional Edition.
 - **Compatible with R.** It appears all 3 of these can talk with R using ODBC, so may not be an issue.

I&#39;ve already done some development using MySql, but I can change if necessary.

GIS: PostGIS/PostgreSQL vs. MySql vs. SQL Server?

I&#39;m looking at MySQL stored procedures and functions. What is the real difference? 

They seem to be similar, but a function has more limitations.

I&#39;m likely wrong, but it seems a stored procedure can do everything and more than a stored function can. Why/when would I use a procedure vs a function?


MySQL stored procedure vs function, which would I use when?

I&#39;m doing an `INSERT ... ON DUPLICATE KEY UPDATE` for a `PRIMARY KEY` in the following table:

    DESCRIBE users_interests;

&lt;!-- language: none --&gt;

    +------------+---------------------------------+------+-----+---------+-------+
    | Field      | Type                            | Null | Key | Default | Extra |
    +------------+---------------------------------+------+-----+---------+-------+
    | uid        | int(11)                         | NO   | PRI | NULL    |       |
    | iid        | int(11)                         | NO   | PRI | NULL    |       |
    | preference | enum(&#39;like&#39;,&#39;dislike&#39;,&#39;ignore&#39;) | YES  |     | NULL    |       |
    +------------+---------------------------------+------+-----+---------+-------+

However, even though these values should be unique, I&#39;m seeing 2 rows affected.

    INSERT INTO users_interests (uid, iid, preference) VALUES (2, 2, &#39;like&#39;)
    ON DUPLICATE KEY UPDATE preference=&#39;like&#39;;

&lt;!-- language: none --&gt;

    Query OK, 2 rows affected (0.04 sec)

Why is this happening?

**EDIT**

For comparison, see this query:

    UPDATE users_interests SET preference=&#39;like&#39; WHERE uid=2 AND iid=2;

&lt;!-- language: none --&gt;

    Query OK, 1 row affected (0.44 sec)
    Rows matched: 1  Changed: 1  Warnings: 0

Why are 2 rows affected in my `INSERT ... ON DUPLICATE KEY UPDATE`?

Totally out of ideas here, could be needing a simple solution.

Basically my desired query is :

    SELECT * FROM table WHERE id = 3,4

I want to select only the row which has ID 3 and 4, or maybe name &quot;andy&quot; and &quot;paul&quot;

Thank you very much for the answer

MySQL Select Multiple VALUES

I can&#39;t seem to get any error message from PDO:

    #$dbh-&gt;setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING );
    try {
      $sth = $dbh-&gt;prepare(&#39;@$%T$!!!&#39;);
      print_r($sth);
      print_r($dbh-&gt;errorInfo());
    } catch (PDOException $e) {
        echo $e-&gt;getMessage();
    }

It is giving out only:

    PDOStatement Object
    (
        [queryString] =&gt; @$%T$!!!
    )
    Array
    (
        [0] =&gt; 00000
        [1] =&gt;
        [2] =&gt;
    )

setAttribute doesn&#39;t help anything.

It&#39;s PHP 5.3.3 Apache 2.0 Handler &lt;br/&gt;
PDO Driver for MySQL enabled &lt;br/&gt;
Client API version mysqlnd 5.0.7-dev - 091210 - $Revision: 300533 $

What can I do to get error information?


How to squeeze error message out of PDO?

Before I retrieve data I always have to type:

    $STH-&gt;setFetchMode(PDO::FETCH_OBJ);

In the interest of making my code more readable it would be great if I could set a default mode somewhere....

Thanks!

**Edit**. I was originally hoping I could add PDO:FETCH_OBJ to the [setAttribute][1] code I run when I connect to the DB, but that doesn&#39;t seem to work... 


  [1]: http://php.net/manual/en/pdo.setattribute.php

Is is possible to set a default PDO fetch mode?

I had this previously in my normal mysql_* connection:

    mysql_set_charset(&quot;utf8&quot;,$link);
    mysql_query(&quot;SET NAMES &#39;UTF8&#39;&quot;);

Do I need it for the PDO? And where should I have it?

    $connect = new PDO(&quot;mysql:host=$host;dbname=$db&quot;, $user, $pass, array(PDO::ATTR_ERRMODE =&gt; PDO::ERRMODE_EXCEPTION));

PHP PDO: charset, set names?

I&#39;ve looked through all the other StackOverflow (and google) posts with the same problem, but none seemed to address my problem.

I am using PDO and PHP.

My code:


    $vals = array(
       &#39;:from&#39;    =&gt; $email,
       &#39;:to&#39;      =&gt; $recipient,
       &#39;:name&#39;    =&gt; $name,
       &#39;:subject&#39; =&gt; $subject,
       &#39;:message&#39; = &gt;$message
    );
    print_r($vals);
    try {
       $pdo = new PDOConfig();
       $pdo-&gt;setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
       $sql = &quot;SELECT * FROM messages WHERE `message` LIKE :message&quot;;
       $q = $pdo-&gt;prepare($sql);
       $q-&gt;execute(array(&#39;:message&#39; =&gt; $vals[&#39;:message&#39;]));
       $resp = $q-&gt;fetchAll();
    
       foreach ($resp as $row) {
          throw new Exception(&#39;Please do not post the same message twice!&#39;);
       }
    
       $sql = &quot;INSERT INTO messages (from, to, name, subject, message) VALUES (:from, :to, :name, :subject, :message)&quot;;
       $q = $pdo-&gt;prepare($sql);
       $q-&gt;execute($vals);
    } 
    catch(PDOException $e) {
       echo $e-&gt;getMessage();
    }


and the first print_r gives

    Array ( [:from]    =&gt; abc@gmail.com 
            [:to]      =&gt; lala@me.com 
            [:name]    =&gt; abc 
            [:subject] =&gt; abc 
            [:message] =&gt; abc )

which is expected (none are null)

but it outputs the error

&gt; SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near &#39;from, to, name, subject, message) VALUES (&#39;abc@gmail.com&#39;, &#39;lala@me.com&#39; at line 1

No idea how to fix this. any ideas?

SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax — PHP — PDO

Are they both do the same thing, only differently?

Is there any difference besides using `prepare` between

    $sth = $db-&gt;query(&quot;SELECT * FROM table&quot;);
    $result = $sth-&gt;fetchAll();
and  

    $sth = $db-&gt;prepare(&quot;SELECT * FROM table&quot;);
    $sth-&gt;execute();
    $result = $sth-&gt;fetchAll();
?

Content Type	Original Author	Original Content on Stackoverflow
Question	John	View Question on Stackoverflow
Solution 1 - Php	SteD	View Answer on Stackoverflow
Solution 2 - Php	PowerAktar	View Answer on Stackoverflow
Solution 3 - Php	Piskvor left the building	View Answer on Stackoverflow

Real escape string and PDO

Php Problem Overview

Php Solutions

Solution 1 - Php

Solution 2 - Php

Solution 3 - Php

How to update Ruby to 1.9.x on Mac?

How to reference constants in EL?

Attributions