Tag: php

How can I prevent SQL injection in PHP?

If user input is inserted without modification into an SQL query, then the application becomes vulnerable to SQL injection, like in the following example: $unsafe_variable = $_POST[‘user_input’]; mysql_query(“INSERT INTO `table` (`column`) VALUES (‘$unsafe_variable’)”); That’s because the user can input something like value’); DROP TABLE table;–, and the query becomes: INSERT INTO `table` (`column`) VALUES(‘value’); DROP […]

PHP PDO connection with MS SQL Server using ODBC

I have a db.php file & and init.php to use within my register.php file. I have a database within MS SQL Server and am trying to connect to it using PDO. This error is showing and I can’t see why. I used the same code to connect to a MySQL db and this inserted the […]

freetds Class 'mssql_connect' not found

I’m using mssql server on my php scripts. I’ve buy new server and getting some error about usigin freetds. I’ve confire and install complete freetds. I’m using tsql shell command on ssh. it’s working. But when I try to on Php getting some error. Class ‘mssql_connect’ not found. sql connect page : http://renori.net/a/giris.php php info […]

PHP5-Sybase alternativ for MSSQL connect on Windows(XAMPP) and Linux

im looking since hours now for an PHP extention to connect on a MSSQL Server, which can be used on Windows and Linux systems with PHP 5.3 and higher. PHP5-Sybase is only working for Linux. SQLSERV only for Windows. ODBC seems not working (it works but it seems like there is different syntax betwen windows […]

ZF2 and SQL server 'execute as user'

Currently we are running Zend Framework 2 and SQL server for our internal application. We have a stored procedure in place for our AuditTrail. This AuditTrail include a AuditUser who made the change/insert. At this moment this “AuditUser” is username of PDO connection. We are working towards a situation to change this AuditUser is the […]

PHP mssql_fetch_field not returning column_source

I run a query with a few joins using mssql_query() I then have something like: $fields = mssql_num_fields($result); According to http://www.php.net/manual/en/function.mssql-fetch-field.php $fields[i] should have a property called column_source containing the table name the field is from. Oddly column_source is the name of the field, not the name of the table it’s from. column_source: “projectItemsID” max_length: […]

Rapid Development framework/tools for PHP / MSSQL

I’m coming from a classic ASP / MSSQL background. .NET seems way too big and bloated for me and I am looking for suggestions for a new framework in PHP, but staying with MSSQL for database. I believe in developing the data structure first and much of the business logic is in Stored Procedures in […]

Connecting to SQL Server 2012 from Linux VM via Codeigniter

I created a Virtual Machine with Ubuntu Desktop 12.0.4 LTS. On it, I have installed Apache2, php5, MySQL. I have read a ton of posts trying to understand how to connect to a SQL Server database on another box, but I haven’t quite got it figured out. On the Linux box, I installed unixODBC and […]

How to Unlink a File from Website's Folder when MSSQL Table Row is Deleted Using PHP

I am trying to make the link <a href='{$_SERVER[‘PHP_SELF’]}?del=true&orderid={$row[‘orderid’]}’ style=’color:black;’ onclick=’return show_confirm();’>Delete</a> delete the specific row from the MSSQL table using the while function. Currently, the bottom code works fine and deletes the specific row from the table, but I would now like it to unlink a file from the sharedstorage folder. The file that […]

SQL Server PDO-ODBC Connection UTF-8

I’m trying to connect to Microsofts SQL Server (2000 & 2008) via PHP (5.5) on Windows with PDO_ODBC and set the Charset to UTF-8, but I don’t find a way. That’s what I’m trying: $db[‘conn’] = new PDO( //”odbc:driver={SQL Server};”. “odbc:driver={SQL Server Native Client 10.0};”. //”odbc:driver={SQL Server Native Client 11.0};”. “server=”.$db[‘host’].”;”. “database=”.$db[‘bank’].”;”. “uid=”.$db[‘user’].”;”. “pwd=”.$db[‘pass’].”;”. “charset=UTF-8;” […]

MS SQL Server is a Microsoft SQL Database product, include sql server standard, sql server management studio, sql server express and so on.