04-21-2009
? is a parameter placeholder. That way you don't have to directly compose the SQL with parameters given (failure to escape the parameters properly is the major reason for SQL injection attacks).
Typically, the ? is not valid at the database layer. Normally the database library will dynamically replace them with the parameters (converting where necessary) in the SQL and pass the resulting the query to the database. In other cases, the database engine may accept placeholders itself, especially true if the db supports prepared statements so that an SQL can be prepared once, thus allowing it to be instantiated multiple times to perform the same query with different set of parameters.
8 More Discussions You Might Find Interesting
1. UNIX and Linux Applications
hi, linux gurus...
i'm trying to write a script in ksh called ResetPass that allows a user to change mysql passwords. the script accepts user, password and host like this: ResetPass <user> <password> <host>. here's the code:
*****************************************************
mysql... (1 Reply)
Discussion started by: ankimo
1 Replies
2. Programming
Hi there,
I have a hierarchical database that include 4 tables. Table A is the parent of B, B is Parent of C, C is parent of D. If I want to query everything in D that is associated with A.name, how do I do that? Thanks!
YanYan (0 Replies)
Discussion started by: pinkgladiator
0 Replies
3. Shell Programming and Scripting
Hi there, I have a table that stores multiple records for many different servers, each of which is timestamped ... I wanted to write a query that would enable me to only output the "latest" record (based on timestamp) for each "unique" server. So for example my main table looks like this
... (3 Replies)
Discussion started by: hcclnoodles
3 Replies
4. Web Development
hello all
i have 2 columns every column in the following format
column1
2011-04-01 11:39:54
column2
2019-02-03 00:00:00
i want get difference between above data as following
2 days 11:39
how to do so ?
i tried many functions but nothing works
please advice what is the query... (6 Replies)
Discussion started by: mogabr
6 Replies
5. Shell Programming and Scripting
Hi,
I want to access mysql query from database , for that i have tried the below code
#! /bin/bash
TABLE_NAME=database1
USER_NAME=root
IP_ADDR=111.20.9.256
somevar=`echo "select altid from alert where altid='2724'"| mysql -h $IP_ADDR -u $USER_NAME $TABLE_NAME `
echo $somevar
... (1 Reply)
Discussion started by: aish11
1 Replies
6. Programming
Hi,
I want to run below query on shellscript but having one problm.
ADV=$( mysql -h "$IP_ADDR" -u "$USER_NAME" "$TABLE_NAME" -BNe" SELECT ADV FROM indata where inid='$INSTRUID' and Date='$latest Date';" )
here Date column contans different below dates
2011-12-01... (0 Replies)
Discussion started by: aish11
0 Replies
7. Programming
Hello
i have created mysql query to compare to values and get difference in percentage
as following:
SELECT file_name, 100 - ((100 * (SELECT file_count FROM xipi_files z WHERE x.file_group = z.file_group AND x.file_name = z.file_name AND z.insert_date = CURDATE( ) - INTERVAL 1 DAY)) /... (1 Reply)
Discussion started by: mogabr
1 Replies
8. Programming
Hi All,
i have a table in mysql with the following data
Table name Test
Assettype Serial_No Status location
Mouse 123456 In Stock chennai
Mouse 98765 Allocated chennai
Keyboard ... (2 Replies)
Discussion started by: venkitesh
2 Replies