Warning: security issues (powerful SQL injections)!jaoudestudios wrote:...or use MySQLi with multiplie queries.
In MySQL can you use JOIN for INSERT queries?
Moderator: General Moderators
Re: In MySQL can you use JOIN for INSERT queries?
There are 10 types of people in this world, those who understand binary and those who don't
- jaoudestudios
- DevNet Resident
- Posts: 1483
- Joined: Wed Jun 18, 2008 8:32 am
- Location: Surrey
Re: In MySQL can you use JOIN for INSERT queries?
Really? I thought MySqli was MySql(improved) so better with speed and security?Warning: security issues (powerful SQL injections)!
Re: In MySQL can you use JOIN for INSERT queries?
multi_query allows you to execute many queries in one call as opposed to one. This opens more possibilities for SQL injection that wouldn't work with mysqli_query, so one needs to be more careful when using it.
Re: In MySQL can you use JOIN for INSERT queries?
As pytrin said, I was referring to the "multiple queries" mode, not the mysqli library itself.jaoudestudios wrote:Really? I thought MySqli was MySql(improved) so better with speed and security?Warning: security issues (powerful SQL injections)!
Let's have an inexperienced web developer (just like me
Code: Select all
$sql = 'select * from posts where post.author_id = '. $_GET['id'];Code: Select all
http://badsite.com/posts/view.php?id=1 or 1=1Code: Select all
http://badsite.com/posts/view.php?id=1;drop database user; drop database post;There are 10 types of people in this world, those who understand binary and those who don't
Re: In MySQL can you use JOIN for INSERT queries?
Another approach for performing multiple queries is to use stored procedures.
http://dev.mysql.com/doc/refman/5.0/en/ ... tines.html
It will save bandwidth and increase performance and security. A side effect is that using stored procedures often moves parts of the business logic into the DB layer.
http://dev.mysql.com/doc/refman/5.0/en/ ... tines.html
It will save bandwidth and increase performance and security. A side effect is that using stored procedures often moves parts of the business logic into the DB layer.
There are 10 types of people in this world, those who understand binary and those who don't