All Questions
Tagged with mysql-real-escape-string sql
28 questions
0
votes
0
answers
181
views
Json.dumps alternative in Redshift
I have strings like
Origi\"nal
and
Origi"nal
. I want to convert them to raw string and then to a Json String and write to a table in Redshift.
Example output of "select col from ...
1
vote
1
answer
164
views
How to convert SQL in mysql binlog to html?
My site was hacked and I was able to retrieve some SQL from binlog, they look like
<p>some text</p>\r\n<p><img src=\"images/2019-04-27/1.jpg\" alt=\"1\" /></p>
I need to ...
- 3,900
-2
votes
1
answer
2k
views
How to show the original character like \n \t in mysql in a select statement
when I run select statement from mysql database, characters like \n \t will be escaped. Is there a way to see these original characters in mysql?
What I want to see is something like "java.lang....
- 2,426
0
votes
1
answer
439
views
How to bind queries that use variables for the LIMIT parameter in Codeigniter
I am trying to fix a query in codeigniter, by binding queries for safety. But I am unable to use "?" in the limit parameter of the sql query.
Without using codeigntier's query builder, how can I fix ...
- 215
3
votes
1
answer
19k
views
mysql_real_escape_string not working for me [duplicate]
When I try to do a mysql_real_escape_string for a login system, it does not record the variable from the form. If I do
$username = $_POST['username'];
and echo it, it displays, but when I do
$...
- 121
0
votes
1
answer
2k
views
Correct usage of Mysql real escape strings
I am new to SQL injection and would like to know if I am using the mysql_real_escape_string properly? Should I make strings for the database and password to make this secure? Any advice would be great ...
- 5
0
votes
2
answers
365
views
SQL query with encoded input parameter returns empty result in MySQL
I want to fetch a spare part from MySql (yii framework). Some part titles contain ', for
ex.: OUTLANDER '03-06
For securty reason i encode query string parameter thru htmlspecialchars() (converts ...
- 6,327
1
vote
2
answers
680
views
Search for First & Last Name in table from URL Parameter
I am trying to pass a parameter in my url like so: http://example.com?rep_name=JoeSmith
The database table has this structure:
+----+-------+-------+-------------+
| id | fname | lname | email ...
- 1,159
0
votes
4
answers
1k
views
insert query to add value in database
My database table structure is
mysql> desc webhotel.`first`;
+-------+-------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------+-------------+---...
- 797
0
votes
2
answers
2k
views
php mysqli escape string error in sql syntax [closed]
I am trying to escape fields posted from a form. I can successfully insert into the SQL database by commenting out the code that escapes the string.
The error received is:
You have an error in your ...
- 1,621
-3
votes
3
answers
60
views
how to upadate field in database?
my code are not working, maybe because of the where statement. please help me with what is wrong with this line of code.
query:
mysql_query("UPDATE tblceas_vote SET fldpassword= $three WHERE ...
- 61
2
votes
2
answers
3k
views
Is it possible to prevent mysql_real_escape_string from converting NULL to 0 with MySQL?
Trying to insert as NULL if an input field is empty, using PHP.
I've got an INT field that defaults to NULL. This is for a hockey player to enter their jersey number.
If they don't have a jersey ...
- 137
1
vote
1
answer
445
views
MySQL: mysql_real_escape_string in SEARCH query
How can I add mysql_real_escape_string to this search query?
mysql_query("SELECT * FROM logs WHERE text LIKE '%$text%'");
$text comes from a POST-funktion. I have tried a lot of combinations with no ...
- 800
-2
votes
1
answer
281
views
SQL equivalent of mysqli_real_escape_string [closed]
What is the equivalent of the below in SQL?
PHP function for MySQL:
mysqli_real_escape_string($POST['password']);
-1
votes
3
answers
114
views
Is this code open to SQL Injection? [closed]
Can someone tell me if this code is open to SQL Injection and why:
$x = $_REQUEST['id'];
$x = mysql_real_escape_string($x);
$del = "DELETE FROM Y WHERE id = ".$x;
mysql_query($del);
