StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
1206461
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
1
CommunityOwnedDate
CreationDate
2009-07-30T13:02:02.753
FavoriteCount
0
LastActivityDate
2018-02-24T20:14:25.417
LastEditDate
2018-02-24T20:14:25.417
LastEditorUserId
3478852
OwnerUserId
88070
ParentId
1205889
PostTypeId
2
Score
59
ViewCount
0
LastEditorDisplayName
text
Body
<blockquote> <ul> <li><code>mysql_real_escape_string</code> used when insert into database </li> <li><code>htmlentities()</code> used when outputting data into webpage</li> <li><code>htmlspecialchars()</code> used when?</li> <li><code>strip_tags()</code> used when?</li> <li><code>addslashes()</code> used when?</li> </ul> </blockquote> <h3>htmlspecialchars() used when?</h3> <code>htmlspecialchars</code> is roughly the same as <code>htmlentities</code>. The difference: character encodings. Both encode control characters like <code><</code>, <code>></code>, <code>&</code> and so on used for opening tags etc. <code>htmlentities</code> also encode chars from other languages like umlauts, euro-symbols and such. If your websites are UTF, use <code>htmlspecialchars()</code>, otherwise use <code>htmlentities()</code>. <h3>strip_tags() used when?</h3> <code>htmlspecialchars</code> / <code>entities</code> encode the special chars, so they're displayed but not interpreted. <code>strip_tags</code> REMOVES them. In practice, it depends on what you need to do. An example: you've coded a forum, and give users a text field so they can post stuff. Malicious ones just try: <pre><code>pictures of <a href="javascript:void(window.setInterval(function () {window.open('http://evil.com');}, 1000));">kittens</a> here </code></pre> If you don't do anything, the link will be displayed and a victim that clicks on the link gets lots of pop-ups. If you htmlentity/htmlspecialchar your output, the text will be there as-is. If you strip_tag it, it simply removes the tags and displays it: <pre><code>pictures of kittens here </code></pre> Sometimes you may want a mixture, leave some tags in there, like <code></code> (<code>strip_tags</code> can leave certain tags in there). This is unsafe too, so better use some full blown library against XSS. <h3>addslashes</h3> To quote an <a href="https://web.archive.org/web/20100525131537/http://php.net/manual/en/function.addslashes.php" rel="nofollow noreferrer">old version of the PHP manual</a>: <blockquote> Returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote ('), double quote ("), backslash () and NUL (the NULL byte). An example use of addslashes() is when you're entering data into a database. For example, to insert the name O'reilly into a database, you will need to escape it. It's highly recommeneded to use DBMS specific escape function (e.g. mysqli_real_escape_string() for MySQL or pg_escape_string() for PostgreSQL), but if the DBMS you're using does't have an escape function and the DBMS uses \ to escape special chars, you can use this function. </blockquote> The <a href="http://php.net/addslashes" rel="nofollow noreferrer">current version</a> is worded differently.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POHow to prevent code injection attacks in PHP?
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. This table or related slice is empty.
UserOwnerUserId
1. USstefs
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. POHow to prevent code injection attacks in PHP?
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTAcceptedByOriginator
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.