StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POReference: What is a perfect code sample using the MySQL extension?
primarykey
Id
6198104
data
AcceptedAnswerId
6198763
AnswerCount
5
ClosedDate
2012-07-03T12:12:58.770
CommentCount
0
CommunityOwnedDate
2011-06-01T11:21:10.640
CreationDate
2011-06-01T08:09:03.803
FavoriteCount
18
LastActivityDate
2012-07-03T12:12:54.527
LastEditDate
2012-03-27T10:23:09.260
LastEditorUserId
815724
OwnerUserId
187606
ParentId
0
PostTypeId
1
Score
60
ViewCount
2506
LastEditorDisplayName
text
Body
<blockquote> This is to create a community learning resource. The goal is to have examples of good code that do not repeat the awful mistakes that can so often be found in copy/pasted PHP code. I have requested it be made Community Wiki. This is not meant as a coding contest. It's not about finding the fastest or most compact way to do a query - it's to provide a good, readable reference especially for newbies. </blockquote> Every day, there is a huge influx of questions with really bad code snippets using the <code>mysql_*</code> family of functions on Stack Overflow. While it is usually best to direct those people towards PDO, it sometimes is neither possible (e.g. inherited legacy software) nor a realistic expectation (users are already using it in their project). Common problems with code using the <code>mysql_*</code> library include: <ul> <li>SQL injection in values</li> <li>SQL injection in LIMIT clauses and dynamic table names</li> <li>No error reporting ("Why does this query not work?")</li> <li>Broken error reporting (that is, errors always occur even when the code is put into production)</li> <li>Cross-site scripting (XSS) injection in value output</li> </ul> Let's write a PHP code sample that does the following using the <a href="http://php.net/manual/en/book.mysql.php" rel="noreferrer">mySQL_* family of functions</a>: <ul> <li>Accept two POST values, <code>id</code> (numeric) and <code>name</code> (a string)</li> <li>Do an UPDATE query on a table <code>tablename</code>, changing the <code>name</code> column in the row with the ID <code>id</code></li> <li>On failure, exit graciously, but show the detailed error only in production mode. <code>trigger_error()</code> will suffice; alternatively use a method of your choosing </li> <li>Output the message "<code>$name</code> updated."</li> </ul> And does not show any of the weaknesses listed above. It should be as simple as possible. It ideally doesn't contain any functions or classes. The goal is not to create a copy/pasteable library, but to show the minimum of what needs to be done to make database querying safe. Bonus points for good comments. The goal is to make this question a resource that a user can link to when encountering a question asker who has bad code (even though it isn't the focus of the question at all) or is confronted with a failing query and doesn't know how to fix it. To pre-empt PDO discussion: Yes, it will often be preferable to direct the individuals writing those questions to PDO. When it is an option, we should do so. It is, however, not always possible - sometimes, the question asker is working on legacy code, or has already come a long way with this library, and is unlikely to change it now. Also, the <code>mysql_*</code> family of functions is perfectly safe if used properly. So no "use PDO" answers here please.
Tags
<php><mysql><security><sql-injection>
Title
Reference: What is a perfect code sample using the MySQL extension?
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USPeter O.
UserOwnerUserId
1. USPekka 웃
plurals
PostLinksPostIdRelatedPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
2. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostLinksRelatedPostIdPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
2. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
3. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
3. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POReference: What is a perfect code sample using the MySQL extension?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTDownMod
2. VO
 singulars
 PostPostId
 POReference: What is a perfect code sample using the MySQL extension?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 POReference: What is a perfect code sample using the MySQL extension?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.