SQL injection allows a hacker to inject malicious SQL statement by exploiting improperly sanitized queries. It is by far one of the most common attack vectors, and was used in several famous exploits. For example, let’s say we use user-submitted form data to check a user’s credentials: sqlQuery = ” SELECT * FROM users WHERE […]
If you are trying to connect to an SQL Server database with the dblib drivers for PDO, this is the correct connection string to use: new PDO(‘dblib:host=’.$host.’;dbname=’.$database, $this->user, $this->password); You can also specify the encoding with charset=UTF-8 or charset=ISO-8859-1 if necessary. Be aware that dblib is incredibly buggy and that it does not support unicode […]
If you want to add a month to the current date in SQL Server, use the DATEADD function. In this example, we add 1 month to the current date by combining it with GETDATE(): DATEADD(mm,1,GETDATE()) In this second example, we add two months to a date from another column called other_column: DATEADD(mm,2,other_column) You can use […]
If you are familiar with MySQL, you might have been looking for a use database_name; equivalent when accessing your database from the PostgreSQL shell. Use the following command to switch to another database: \c my_database_name
If you want to access XAMPP’s MySQL shell on Mac OS X, use the following command: /Applications/xampp/xamppfiles/bin/mysql -u root -p This gave me a few headaches in the past, so I’ll leave this here for others to find.
Here is a simple solution to the “#1046: No database selected” error when trying to import a .sql file in phpMyAdmin. Solution #1: Before importing In phpMyAdmin, click on the Export tab from the home page of phpMyAdmin, without selecting any database. phpMyAdmin will then include instructions to create and select the database when you […]