MySQL Forums
Forum List  »  Perl

Re: Mysql query produces different results for different users
Posted by: Rick James
Date: December 09, 2012 01:45PM

(The following specifics apply to PHP; there are similar issues in Perl.)

You must explicitly check for errors after each SQL statement issued from PHP. You must write error messages based on errors found. These could go out via error_log() or echo.

You must escape strings that are interpolated into SQL statements, or use an API that does it for you. For example, if a user gives the name "O'Brian" and you put this into
$name = $_GET['name'];
$sql = "INSERT INTO tbl (name) VALUES ('$name')";
Mysql will give you a syntax error, since it will see
INSERT INTO tbl (name) VALUES ('O'Brian')
Note the unbalanced quotes.



Edited 1 time(s). Last edit at 12/09/2012 01:48PM by Rick James.

Options: ReplyQuote


Subject
Written By
Posted
Re: Mysql query produces different results for different users
December 09, 2012 01:45PM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.