On Fri, Apr 20, 2012 at 5:33 AM, Raymond O'Donnell wrote:
> Yep - no need to worry about quoting if you use parameters - it's all
> done for you. It's also MUCH safer, as it makes SQL injection attacks
> much harder (if not impossible).
And in some cases, it can even be more bandwidth-efficient.
2012/4/19 Raymond O'Donnell
>
>
> Yep - no need to worry about quoting if you use parameters - it's all
> done for you. It's also MUCH safer, as it makes SQL injection attacks
> much harder (if not impossible).
>
> Ray.
>
>
fine, thanks !
--
Yvon
On 19/04/2012 20:30, Yvon Thoraval wrote:
>
>
> 2012/4/19 Raymond O'Donnell mailto:r...@iol.ie>>
>
> Or better still - and easier - use parametrised queries.
>
>
>
> Right it is easier something like :
> $sql = "categories (idx, ctime, mtime, name) VALUES ( :idx, :ctime,
> :mtime, :name);
2012/4/19 Raymond O'Donnell
> Or better still - and easier - use parametrised queries.
>
Right it is easier something like :
$sql = "categories (idx, ctime, mtime, name) VALUES ( :idx, :ctime, :mtime,
:name);";
$prep = $db->prepare($sql);
$prep->execute( array(':idx' => $_GET['idx'], ':ctime' =
On 19/04/2012 17:12, Chris Angelico wrote:
> On Fri, Apr 20, 2012 at 2:03 AM, Yvon Thoraval
> wrote:
>> function quoteAsAre($string){
>> return preg_replace('/\\\"/', '"', preg_replace("/\\\'/", "'",
>> $string));
>> }
>> function sql2str($string){
>> return preg_replace('/\'\'/', "
2012/4/19 Chris Angelico
>
> No; ditch them. I mean no offense to you personally, but these
> functions are not worth keeping. Every SQL API includes a function for
> quoting something as a literal string. With PDO, it's this one:
>
> http://www.php.net/manual/en/pdo.quote.php
>
> I don't know wh
On Fri, Apr 20, 2012 at 2:03 AM, Yvon Thoraval wrote:
> function quoteAsAre($string){
> return preg_replace('/\\\"/', '"', preg_replace("/\\\'/", "'",
> $string));
> }
> function sql2str($string){
> return preg_replace('/\'\'/', "'", $string);
> }
> function str2sql($string){
>
2012/4/19 Chris Angelico
> On Fri, Apr 20, 2012 at 1:20 AM, Adrian Klaver
> wrote:
> > Am CCing list so more eyes can see this and because I don't use PHP.
> >
> > On 04/19/2012 07:59 AM, Yvon Thoraval wrote:
> >> Fatal error: Call to a member function fetch() on a non-object in
> >> /home/yt/Si
On Fri, Apr 20, 2012 at 1:20 AM, Adrian Klaver wrote:
> Am CCing list so more eyes can see this and because I don't use PHP.
>
> On 04/19/2012 07:59 AM, Yvon Thoraval wrote:
>> Fatal error: Call to a member function fetch() on a non-object in
>> /home/yt/Sites/landp_public/landp.php on line 500
>>
2012/4/19 Chris Angelico
>
> If all your inserts make use of the sequence, and you never alter the
> sequence, then this should never happen (unless, that is, 34 other
> inserts happened between when you inserted and when you checked the
> max). Be extremely careful of selecting max(rowid) when y
Am CCing list so more eyes can see this and because I don't use PHP.
On 04/19/2012 07:59 AM, Yvon Thoraval wrote:
What does the error say?
Fatal error: Call to a member function fetch() on a non-object in
/home/yt/Sites/landp_public/landp.php on line 500
This is PHP/PDO error message
On Fri, Apr 20, 2012 at 1:05 AM, Yvon Thoraval wrote:
> 2012/4/19 Chris Angelico
>> As a side point, I would recommend against doing this. Once you've
>> "used" a rowid, it's not worth reusing it. You'll save yourself some
>> headaches down the track if you simply ignore those odd gaps (ditto
>>
2012/4/19 Chris Angelico
>
> As a side point, I would recommend against doing this. Once you've
> "used" a rowid, it's not worth reusing it. You'll save yourself some
> headaches down the track if you simply ignore those odd gaps (ditto
> the gaps that result from rolled-back transactions) and ju
On Fri, Apr 20, 2012 at 12:19 AM, Yvon Thoraval wrote:
> even if i rearrange de sequence by :
>
> "SELECT MAX(rowid) FROM items;";
> "SELECT last_value FROM items_rowid_seq;";
> then if last_value is lower than MAX(rowid) i set it to MAX(rowid) :
> "SELECT setval('items_rowid_seq', max(rowid)) FRO
On 19 April 2012 16:19, Yvon Thoraval wrote:
> why ?
Because you're doing it wrong, apparently. However, since you left out
all the relevant information that could have helped determining what
you're doing and what errors you got, we can't help you.
Please provide the entire insert statement and
On 04/19/2012 07:19 AM, Yvon Thoraval wrote:
i do have a serial named 'rowid' it is of "SERIAL PRIMARY KEY" in a
table 'items'.
if i delete some of the rows i can't anymore insert afterwards.
even if i rearrange de sequence by :
"SELECT MAX(rowid) FROM items;";
"SELECT last_value FROM items_ro
i do have a serial named 'rowid' it is of "SERIAL PRIMARY KEY" in a table
'items'.
if i delete some of the rows i can't anymore insert afterwards.
even if i rearrange de sequence by :
"SELECT MAX(rowid) FROM items;";
"SELECT last_value FROM items_rowid_seq;";
then if last_value is lower than MAX
On Thu, May 15, 2008 at 6:54 AM, Ottavio Campana <[EMAIL PROTECTED]> wrote:
> I'm dealing with this scenario: access 97 is connected through odbc to a
> postgresql server. All tables are saved in postgresql and access is used
> only to generated the program interface.
>
> Everything works fines, bu
On Thursday 15 May 2008 11:44 pm, Ottavio Campana wrote:
> Adrian Klaver ha scritto:
> >> The fact is that the serial data type is in pratice an integer, and when
> >> I also try to connect with pgadminIII I see an integer data type and not
> >> a serial. I think that since it sees an integer, it d
Adrian Klaver ha scritto:
The fact is that the serial data type is in pratice an integer, and when
I also try to connect with pgadminIII I see an integer data type and not
a serial. I think that since it sees an integer, it does not understand
that it is a serial, and access does not recognize it
On Thursday 15 May 2008 9:14 am, Ottavio Campana wrote:
> Scott Marlowe ha scritto:
> > On Thu, May 15, 2008 at 7:54 AM, Ottavio Campana <[EMAIL PROTECTED]>
wrote:
> >> I know it's not fully IT with the list, but maybe somebody can help me.
> >>
> >> I'm dealing with this scenario: access 97 is co
Scott Marlowe ha scritto:
On Thu, May 15, 2008 at 7:54 AM, Ottavio Campana <[EMAIL PROTECTED]> wrote:
I know it's not fully IT with the list, but maybe somebody can help me.
I'm dealing with this scenario: access 97 is connected through odbc to a
postgresql server. All tables are saved in postg
On Thu, May 15, 2008 at 7:54 AM, Ottavio Campana <[EMAIL PROTECTED]> wrote:
> I know it's not fully IT with the list, but maybe somebody can help me.
>
> I'm dealing with this scenario: access 97 is connected through odbc to a
> postgresql server. All tables are saved in postgresql and access is us
I know it's not fully IT with the list, but maybe somebody can help me.
I'm dealing with this scenario: access 97 is connected through odbc to a
postgresql server. All tables are saved in postgresql and access is used
only to generated the program interface.
Everything works fines, but I'm ha
24 matches
Mail list logo
