开发者

How to add entries to mysql db using API..? [closed]

开发者 https://www.devze.com 2023-03-24 23:30 出处:网络
Closed. This question needs details or clarity. It is not currently accepting answers. 开发者_如何学编程
Closed. This question needs details or clarity. It is not currently accepting answers. 开发者_如何学编程

Want to improve this question? Add details and clarify the problem by editing this post.

Closed 9 years ago.

Improve this question

I am new to PHP and mysql and i am trying to make API's for my iphone app. So far i have been able to connect and retrive data from my sql database now m trying to make entries to it using API's and parameters.

Can anyone help me out here please.

Thanks alot!!


If by to make entries you mean adding data to the database.

You do this in the same way that you select data.
Instead of issuing a select statement like:

SELECT x,y,z FROM table1 

You do:

INSERT INTO table1 (x,y,z) VALUES ('a', 1, 'test')

Or:

UPDATE table1 SET x = 'b' WHERE x = 'a'

How you pass parameters depends on the API you use.
It is best (safest) to use PDO to pass parameters.

How to get parameters out of a url
In order to get the parameters out of the url (e.g.: example.com/test.php?username=xyz&password=!@#$%) do:

$username = mysql_real_escape_string($_GET['username']);  
$password = mysql_real_escape_string($_GET['password']);  
$query = "SELECT * FROM users WHERE username = '$username' 
          AND passhash = sha2(CONCAT(salt,'$password'),512)";

Note that it's vital to put single quotes around the injected variable names when using mysql_real_escape_string() or the escaping will be useless. Used like this the code is 100% secure from SQL-injection.

If you're using PDO, you can drop the mysql_real_escape_string() if not you need it to prevent SQL-injection.

Links
http://dev.mysql.com/doc/refman/5.5/en/update.html
http://dev.mysql.com/doc/refman/5.5/en/insert.html
http://php.net/manual/en/ref.pdo-mysql.php
https://stackoverflow.com/search?q=%5Bphp%5D+%5Bmysql%5D+pdo
http://php.net/manual/en/reserved.variables.get.php
http://php.net/manual/en/function.mysql-real-escape-string.php

0

精彩评论

暂无评论...
验证码 换一张
取 消