Preventing SQL Injection with Parametrized Queries

Still using magic quotes, or using addslashes to add slashes all $_POST and $_GET variables to prevent SQL Injection? Using magic quotes is considered not a good idea, and using addslashes will also certainly drive you insane.

Read more…

Optimizing SELECT * FROM with mysql_field_table()

Creating your own data access layer, can be quite some work. After some time, you will tackle the basics of querying the database and parsing the results into objects. Each query only retrieves a set of data from a single table, so you push the code to production like I did.

Then, after using the code for some time you want to be able to execute slightly more complex queries (like for example JOIN or sub queries). Then that piece of neat code, once running smoothly, started to degrade very fast.

Read more…

Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.