Prevent multiple data entries in MySQL

So here is the deal. I have looked around everywhere, and all other techniques relate to refreshing the browser, and methods to prevent the php page from resubmitting the post data. I am new to this (obviously :p) But anyways, my questions I believe is simple. I just want a method, possibly an if else statement that would check the post data entries, and if there is a match already in my table


所以这里是交易。 我环顾四周,其他所有技术都涉及到刷新浏览器,以及防止php页面重新提交发布数据的方法。 我对此很陌生(显然:p)但无论如何,我认为我的问题很简单。 我只想要一个方法,可能是一个if语句来检查发布数据条目,并且如果我的表中已经存在匹配,那么不要执行查询。 我并不担心查询桌子的所有结果,因为我只怀疑这张桌子有50-60个参赛作品。 这里是处理表单提交的php页面: $firstName = $_POST['firstName

Preventing SQL injections.

Possible Duplicate: Best way to prevent SQL Injection in PHP Does mysqli class in PHP protect 100% against sql injections? So I've been reading up about safety against SQL injections and whilst PDO seems to be the safest way to fight against any such attack I've decided to move from MYSQL_ to MYSQLI_. So after converting I've decided its about time I started making my site sec


可能重复: 防止PHP中的SQL注入的最佳方法 PHP中的mysqli类是否可以保护100%免于sql注入? 所以我一直在阅读有关针对SQL注入的安全性,而PDO似乎是对付我已决定从MYSQL_移动到MYSQLI_的任何此类攻击的最安全方法。 所以转换后,我决定了它的时间,我开始让我的网站足够安全。 所以对于我已经开始使用mysqli_real_escape_string的例子。 下面的代码是否足够安全?还是我可以进一步构建它? 我是否需要将它添加到我的

I have an array of integers, how do I use each one in a mysql query (in php)?

I have an array full of random content item ids. I need to run a mysql query (id in the array goes in the WHERE clause), using each ID that's in the array, in the order that they appear in the said array. How would I do this? This will be an UPDATE query, for each individual ID in the array. As with nearly all "How do I do SQL from within PHP" questions - You really should use


我有一个充满随机内容项ID的数组。 我需要运行一个mysql查询(数组中的id在WHERE子句中),使用它们出现在数组中的每个ID。 我将如何做到这一点? 这将是一个UPDATE查询,用于数组中的每个单独的ID。 几乎所有的“我如何从PHP内部执行SQL”问题 - 您确实应该使用准备好的语句。 这并不难: $ids = array(2, 4, 6, 8); // prepare an SQL statement with a single parameter placeholder $sql = "UPDATE MyTable SET Last

Escaping quotes in PHP from MySQL result (PDO)

The string to display comes from a MySQL table. I use PDO queries. The string contains double quotes: Older spelling (from French). The modernized "petty larceny" is now preferred. This is a definition of a dictionary entry that is displayed if available: $search_results .= (!empty($english_definition)? "


要显示的字符串来自MySQL表。 我使用PDO查询。 该字符串包含双引号: 较早的拼写(来自法语)。 现代化的“小偷袭”现在是首选。 这是一个字典条目的定义,如果可用则显示: $search_results .= (!empty($english_definition)? "".$english."*" : $english); 由于引用了这个定义,所以在“现

How to handle user text input in PHP and PDO?

Should I be using PDO quote() and then strip the quotes and slashes from user input when I retrieve it, or is there a better method? When inserting user input into MySQL from a PHP form, any single quotes (apostrophes) are truncating the data. I'm currently using PDO prepared statements and bindValue() statements. I'm uncertain about using PDO quote() method which seems to encapsulate


我是否应该使用PDO quote() ,然后在检索时从用户输入中除去引号和斜杠,或者有更好的方法吗? 当从PHP表单插入用户输入到MySQL时,任何单引号(撇号)都会截断数据。 我目前正在使用PDO准备好的语句和bindValue()语句。 我不确定使用PDO quote()方法,它似乎将所有的字符串封装在引号中,然后用反斜杠(“”)在字符串中将引号转义。 据我所知,如果我使用这种方法,那么当我检索数据时,我需要从字符串中去除引号。 这是最

query to PDO causes unwanted escaping

I have recently been switching all of my old mysql_query calls to PDO's. I've encountered an issue that wasn't present in the mysql_query configuration. When I try to input a variable into a database with quotations, It appears as escapes in my database. I have disables magic quotes in my php.ini file. $myString = "Enter 'one' now"; $sql=$pdo->prepare("UPDATE $tbl_name SET stri


我最近一直在将所有旧的mysql_query调用切换到PDO。 我遇到了mysql_query配置中不存在的问题。 当我尝试用引号将变量输入到数据库中时,它在我的数据库中显示为转义。 我在我的php.ini文件中禁用了魔术引号。 $myString = "Enter 'one' now"; $sql=$pdo->prepare("UPDATE $tbl_name SET string=:myString WHERE etc...); $sql->execute(array(':myString' => $myString)); 此更新为 Enter 'one' now 我需要的是

php pdo double quotes also getting escaped

I am using php pdo->quote to before injecting values into database. but surprisingly double quotes (") are also getting escaped! tried disabling magic_quotes_gpc, magic_quotes_runtime, magic_quotes_sybase in php.ini .htaccess and also by ini_set. still out of luck. the double quotes are getting escaped along with the single quotes. It's not only adding slashes while inserting values


我在使用php pdo-> quote将值注入数据库之前。 但令人惊讶的双引号(“)也越来越逃脱!尝试禁用php.ini .htaccess中的magic_quotes_gpc,magic_quotes_runtime,magic_quotes_sybase,并且还通过ini_set。仍然运气不佳。双引号与单引号一起被越狱。在向数据库插入值时添加斜杠,即使是简单的echo $ pdo-> quotes('hi'this this is a test');给我'hi'这个“是测试'作为输出。逃避双引号!是否有

mysqli real escape string

i'm escaping a string using the OOP method of mysqli_real_escape_string. i saved the input being entered into a session variable to make sure it's escaping correctly. it seems to be escaping correctly, but when i check what gets entered into the database i don't see the slashes before single and double quotes. so in the browser i echo: Array ( [formContent] => I'm always h


我使用mysqli_real_escape_string的OOP方法转义字符串。 我将输入保存到会话变量中,以确保它正确地转义。 它似乎是正确的逃避,但是当我检查什么进入数据库我没有看到单引号和双引号之前的斜线。 所以在浏览器中我回应: Array ( [formContent] => I'm always here! ) 但在我看到的数据库中: I'm always here! 这是否意味着我的代码有什么问题? 谢谢! 不,这很正常。 mysqli_real_escape_string自动为您m

is this normal?

When I use mysqli->real_escape_string and add a string value to the db such as "who's", it adds the string without modifying the quote in any way. When I check the db, the value within it is "who's". When I do not use mysqli->real_escape_string and add a string with a single quote like "who's", it just doesn't get added to the database. It i


当我使用mysqli-> real_escape_string并向数据库添加字符串值(例如“who's”)时,它会以任何方式添加字符串而不修改引号。 当我检查分贝时,其中的值是“谁的”。 当我不使用mysqli-> real_escape_string并添加一个像“who's”这样的单引号的字符串时,它不会被添加到数据库中。 它无处可寻。 这不正常,是吗? 是的。 以比这更详细的方式回答这个问题有点困难。 real_escape_string()只能转义数据,因此它

PDO binding values for MySQL IN statement

I have an issue with PDO that I'd really like to get an answer for after being plagued by it for quite some time. Take this example: I am binding an array of ID's to a PDO statement for use in a MySQL IN statement. The array would be say: $values = array(1,2,3,4,5,6,7,8); The database-safe variable would be $products = implode(',' $values); So, $products would then be a


我有一个与PDO有关的问题,我很想在被它困扰了一段时间之后得到答案。 以这个例子: 我将一个ID数组绑定到PDO语句以用于MySQL IN语句。 该数组将会说: $ values = array(1,2,3,4,5,6,7,8); 数据库安全变量应该是$ products = implode(','$ values); 因此, $产品将会是一个值为'1,2,3,4,5,6,7,8'的STRING 声明如下所示: SELECT FROM users JOIN products ON products.user_id = use