Showing posts with label SQL. Show all posts
Showing posts with label SQL. Show all posts

Friday, 6 September 2019

How to prevent SQL injection in PHP?

<?php
$con = mysqli_connect("localhost","my_user","my_password","my_db");
// Check connection
if (mysqli_connect_errno()) {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    //unsafe data
    $unsafe_name = mysqli_real_escape_string($con, $_POST['fname']);
    $unsafe_email = mysqli_real_escape_string($con, $_POST['email']); 

    //safe data
    $safe_name = mysqli_real_escape_string($con, $_POST['fname']);
    $safe_email = mysqli_real_escape_string($con, $_POST['email']); 

    $sql = "INSERT INTO my_db (fname, email)  VALUES ('".$safe_name."', '".$safe_email."')";
    if (!mysqli_query($con,$sql)) {
        die('Error: ' . mysqli_error($con));
    }
    echo "1 record added";
    mysqli_close($con);  
}
?>

<form action="" method="post">
    Name: <input type="text" name="fname"><br>
    E-mail: <input type="text" name="email"><br>
    <input type="submit">
</form>
By at No comments:
Labels: , , ,

Thursday, 1 November 2018

Multiple words of string replace with str_replace in PHP

<?php
    ## Converting utf8 characters to iso-88591 manually in PHP
    echo "<meta http-equiv='Content-Type' content='text/html; charset=UTF-8' />";   
    function str_replace_char(){ 
        $find = array('“', '’', '…', 'â€"', 'â€"', '‘', 'é', 'Â', '•', 'Ëœ', 'â€'); // en dash
        $replace = array('"', '’', '…', '—', '–', '‘', 'é', '', '•', '˜', '"'); // original
        $new_str_content = str_replace( $find,$replace,$str_content);
        return $new_str_content;
    }
   
    $string = "It’s Getting the Best of Me";
    echo $new_string = str_replace_char($string);
?>
By at No comments:
Labels: ,

Saturday, 3 February 2018

Set only first letter capital other in lowercase in PHP SQL

$sql = "SELECT concat(left(emp_name,1),substring(lower(emp_name),2)) as emp_name FROM employee";

Input    : "Raj Kumar"
Output : "Raj kumar"
By at No comments:
Labels: ,

Friday, 29 July 2016

How to Merge Multiple .sql Tables/files Into a Single File?

1. Goto cmd

2. Type in command prompt
C:\users\Usersname>cd [.sql tables folder path ]
Press Enter
Ex: C:\users\Usersname>cd E:\project\database

3. Type command prompt
C:\users\Usersname>[.sql folder's drive (directory)name]
Press Enter
Ex: C:\users\Usersname>E:

4. Type command prompt for marge all .sql file(table) in a single file
copy /b *.sql newdatabase.sql
Press Enter
EX: E:\project\database>copy /b *.sql newdatabase.sql

5. You can see Merge Multiple .sql(file) tables Files Into A Single File in your directory folder
Ex: E:\project\database

By at No comments:
Labels: , ,

Tuesday, 18 August 2015

How to create Stored Procedures for Insert,Update,Delete,Login in PHP?




<?php
STEP - 1
#### Create Insert Data Store Procedure In PHP ##### First Create Table
# Table structure for table `users`
CREATE TABLE IF NOT EXISTS `users` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `name` varchar(50) DEFAULT NULL,
  `username` varchar(50) DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `username` (`name`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=4 ;
# Dumping data for table `users`
INSERT INTO `users` (`id`, `name`, `username`) VALUES
(1, 'Karan', 'Raj'),
(2, 'Ram', 'Kishan'),
(3, 'Abc', 'Pqr');
#### Insert Record Procedure ####

STEP - 2
# This Run in PHPMyAdmin -> [database name] -> SQL
DELIMITER $$
DROP PROCEDURE IF EXISTS InsertUser $$
CREATE PROCEDURE InsertUser(IN  p_id INT(11),IN  p_name VARCHAR(50),IN  p_username VARCHAR(50))
BEGIN
    INSERT
  INTO
   users(id,name,username)
  VALUES
   (p_id,p_name,p_username);
END $$
DELIMITER ;

STEP - 3
$host="localhost";
$username="root";
$password="";
$dbname="test";

$con = new PDO("mysql:host=$host;dbname=$dbname",$username,$password) or die(mysql_error());

if($_SERVER["REQUEST_METHOD"] == "POST"){
  if($_POST['insert_data'] == "Submit") {
    try {
      $conn = new PDO("mysql:host=localhost;dbname=test",'root','');

      // execute the stored procedure
      $id=''; 
      $name=ucfirst($_POST['name']);
      $username=ucfirst($_POST['username']);

      $sql = "CALL InsertUser('','$name','$username')";
      $q = $conn->query($sql);
      echo "insert Suucess...!";    
    } catch (PDOException $pe) {
      die("Error occurred:" . $pe->getMessage());
    }
  }
}
?>
<html>
<title>How to create Stored Procedures for Insert,Update,Delete,Login in PHP?</title>
<div align="center">
<form action="<?php basename($_SERVER['PHP_SELF']); ?>" method="POST">
  <table>
    <tr><td>Name : </td><td><input type="text" name="name" required="required" /></td></tr>
    <tr><td>Username : </td><td><input type="text" name="username" required="required"/></td></tr>
    <tr><td colspan="2"><input type="submit" name="insert_data" value="Submit"/></td></tr>
  </table>
</form>
</div>
</html>
By at 6 comments:
Labels: , ,
Subscribe to: Comments (Atom)