Results 1 to 2 of 2
  1. #1
    Join Date
    Aug 2004

    Unanswered: 7 semi-noob questions

    I am using MySQL - 4.1.15 & PHP 4 & reading Visual QuickPro PHP/mySQL.

    1. About mysql security - when I set up my PHP forms to write to text files I use the PHP functions to strip about any bad characters. For example, $Location=htmlspecialchars(stripslashes($Location) ); . Is there a mySQL equivalent? Right now I have them formatted like $city=$_POST['city'];

    2. This could be related to the last question. Whenever I enter data thru my forms and the data has brackets ("< >")wrapped around it the brackets get stripped out. Why is this?

    3. Is it recommended to keep your mySQL username and password in a separate file outide of your web directory?

    4. Is there anything wrong with insert 2 different inputs from a form into 1 column with a query like this? $query = "INSERT INTO listingsgames VALUES ('$tourneydate3-$tourneydate-$tourneydate2')?

    5. Is there a way to create a query to move a record to another table then delete the record in the originial table? Someone on google recommended this but it doesnt work.

    $query="UPDATE listingsgames SET deletestatus = 'yes' WHERE gameid = '$variable2'";
    INSERT listingsgamesdeleted (gameid, deletestatus) SELECT gameid, deletestatus FROM listingsgames WHERE deletestatus = 'yes';
    T1 = SELECT COUNT(*) from listingsgames WHERE deletestatus = 'yes';
    T2 = SELECT COUNT(*) from listingsgamesdeleted WHERE deletestatus = 'yes';
    if ( T1 == T2 ) DELETE FROM listingsgames WHERE deletestatus = 'yes';
    UPDATE listingsgamesdeleted SET deletestatus = 'no';

    After my investigating into the subject, I get the impression that I might have have to use a "transaction" which would require me to change the table type to "innoDB" (which i hear are slower). If this is true would it slow the queries down if I have 25,000 records and am doing 80% SELECT queries and 20% INSERT queries? Are there any other downsides - other than foreign keys - to have an innoDB table type instead of MYISAM?

    6. I have a field where I would prefer to give people about 700 characters to enter information. Would having the column type as "text(700)" be much slower than "varchar(255)". I would have about 15,000 records.

    7. I have people enter information on my site and I want them to be able to edit it. But, for now, I don't want to set up usernames and passwords. My idea is that if they want to change their listing then I have them enter their email into a form and the form emails them an address like 9841354456 where the "pw" variable is a random number I generate with each record creation. Are there any security problems with this?

    thanks for your time

  2. #2
    Join Date
    Apr 2002
    Toronto, Canada
    1. no mysql equivalent

    2. error in your php script

    4. syntactically, no -- semantically, probably

    5. not a single query, no

    two questions: why do you feel the need to move rows to another table? why not just leave them where they are with a deleted status?

    and where in the world did you hear that foreign keys are a "downside"???

    6. much slower? not at all -- and note that in 5.0.3 and later, you can use VARCHAR up to 65K

    7. yes, it's extra coding, and it uses a password which you said you didn't want to use | @rudydotca
    Buy my SitePoint book: Simply SQL

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts