For Java, avoiding SQL Injection is exactly the same just Prepare a satement using the Connection and then the respective parameter values. This really helps also in dealing with strings like (ng'ombe). You should NEVER concatenate users input with your sql query. On Tue, Oct 5, 2010 at 3:53 PM, Gregory Okoth <gregory.okoth@gmail.com>wrote:
@David... How would you prevent SQL injections, esp when using Prepared Statements.....I use Java, but I can get the flow in some structured pseudocode!! I will try to research more in Java terms though!! :-)
On Wed, Sep 1, 2010 at 3:42 PM, David Njuguna <dnjuguna@gmail.com> wrote:
And to prevent SQL injection I suggest
$comma_separated = implode(",", $array_of_uids); *array_walk($comma_separated, 'mysqli_real_escape_string', $mysqli_link_object);* $sql = "UPDATE products SET product_price = '7.6' WHERE id IN ($comma_separated)";
On Wed, Sep 1, 2010 at 12:39 PM, Haggai Nyang <haggai.nyang@gmail.com>wrote:
Let me add to Gregory's explanation...you can save on cpu cycles by making one sql query to update all rows. Instead of a loop on the sql queries you can loop on the array_of_uids variable and create a comma delimited string out of them e.g. in PHP you can easily use the implode function:
$comma_separated = implode(",", $array_of_uids); $sql = "UPDATE products SET product_price = '7.6' WHERE id IN ($comma_separated)";
HTH
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1f... ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1f... ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1f... ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Solomon Kariri, Software Developer, Cell: +254736 729 450 Skype: solomonkariri