Re: Mysql query produces different results for different users
Posted by:
Rick James
Date: December 09, 2012 01:45PM
(The following specifics apply to PHP; there are similar issues in Perl.)
You must explicitly check for errors after each SQL statement issued from PHP. You must write error messages based on errors found. These could go out via error_log() or echo.
You must escape strings that are interpolated into SQL statements, or use an API that does it for you. For example, if a user gives the name "O'Brian" and you put this into
$name = $_GET['name'];
$sql = "INSERT INTO tbl (name) VALUES ('$name')";
Mysql will give you a syntax error, since it will see
INSERT INTO tbl (name) VALUES ('O'Brian')
Note the unbalanced quotes.
Edited 1 time(s). Last edit at 12/09/2012 01:48PM by Rick James.
Subject
Written By
Posted
December 05, 2012 07:02PM
December 05, 2012 08:20PM
December 06, 2012 12:11PM
Re: Mysql query produces different results for different users
December 09, 2012 01:45PM
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.