Author Archives: Admin

PHP Sort Functions

1)sort-sort array in ascending order

2)rsort-sort arrays in descending order

3)asort-sort associative array in ascending order-based on value

4)ksort-sort associative arrays in ascending order -based on key

5)arsort-sort associative arrays in descending order-based on value

6)krsort associative arrays in descending order-based on key

SQL Constraints

Constraints are used to limit the type of data inserting into the table.this is doing while creating the table or altering the table.

Following are the constraints

#)NOT NULL
#)UNIQUE
#)PRIMARY KEY
#)FOREIGN KEY
#)CHECK
#)DEFAULT

unique index on a table

unique index means that two rows cannot have the same index value.

unique index creates using the keyword unique.

For example:

Simple index:

create index myindex on tablefirst(cloumn1);

Unique index:

create unique index myindex2 on tablesecond(column2);

Mysql Export-databse,tables

Export data into the outfile using select statement.

mysql>Select * from tutorials_tbl into OUTFILE ‘/tmp/tutorials.txt’;

‘mysqldump’ is used to copy or back up tables and databases

$mysqldump -u root -p TUTORIALS tutorials_tbl>dump.txt password
$mysqldump -u root -p TUTORIALS > database_dump.txt password ****
$mysqldump -u root -p –all-databases>database_dump.txt password**

Like Operator in mysql with Escape Characters

To Address LIKE quandary, a custome escaping mechanism must convert user-supplied % and _ characters to literals.Use addcslashes(), a function the let’s you specify a character range tot escape

For Examples

$mydoubts=addcslashes(mysql_real_escape_string(“%something_”),”%_”);
//$mydoubts=\%something\_
mysql_query(“SELECT * From messages where subject LIKE ‘{$mydoubts}%'”);

Preventing SQL injection in Webapplication

You can handle all escape characters smartly in scripting languages like PERL and PHP.

The MySql extension for PHP provides the function mysql_real_escape_string() to escape input characters that are special to MySQL.

Below are the one example for esacpe input characters.

if(get_magic_quotes_gpc())
{
$name=stripslashes($name);
}
$name=mysql_real_escape_string($name);
$qry=”Select * from users where name='{$name}'”;
mysql_query($qry);

mysql_real_escape_string -Escapes special characters in a string fo use in SQL Statement.

Other escape characters methods are below

1) addslashes()-Quote string with slashes
2)stripslashes-Un-quotes a quoted string
3)get_magic_quotes_runtime()-Gets the current active configuration setting of magic_quotes_runtime
4)ini_get-Gets the value of a configuration option

MYSQL Injection

Injection usually occurs when you ask a user input,like their name and instead of a name given you a mysql statement that you will unknowingly run on your database.

For Examples

$name=”mydoubts.in’;Delete from users;”;
mysql_query(“Select * from useres where name='{$name}'”);

if you use mysql,the mysql_query() function does not permit query stacking,or executing multiple queries in a single function call.if you try to stack queries , the call fails

However ,other php database extension such as SQLite and PostgreSQL will perform stacked queries,executing all of the queries provided in one string and creating serious security prblmes.