Specifications
You should always check all data coming in from a user. Even if your HTML form consisted
of select boxes and radio buttons, someone might alter the URL to try to crack your script. It’s
also worth checking the size of the incoming data.
If users are typing in passwords or confidential data to be stored in your database, remember
that it will be transmitted from the browser to the server in plaintext unless you use SSL
(Secure Sockets Layer). We’ll discuss using SSL in more detail later.
Getting More Information About Databases
So far, we’ve used SHOW and DESCRIBE to find out what tables are in the database and what
columns are in them. We’ll briefly look at how else they can be used, and at the use of the
EXPLAIN statement to get more information about how a SELECT is performed.
Getting Information with SHOW
Previously we had used
SHOW TABLES;
to get a list of tables in the database.
The statement
show databases;
will display a list of available databases. You can then use the SHOW TABLES statement to see a
list of tables in one of those databases:
show tables from books;
When you use SHOW TABLES without specifying a database, it defaults to the one in use.
When you know what the tables are, you can get a list of the columns:
show columns from orders from books;
Using MySQL
P
ART II
254
We talked in the last chapter about using PHP’s addslashes() and stripslashes()
functions to get rid of any problematic characters in strings. It’s important to remem-
ber to do this, and to do a general data clean up before sending anything to MySQL.
You might remember that we used the
doubleval() function to check that the
numeric data was really numeric. It’s a common error to forget this—people remem-
ber to use
addslashes() but not to check numeric data.
CAUTION
14 7842 CH11 3/6/01 3:35 PM Page 254