Re: [sqlite] SQLITE PHP syntax issues - INSERT INTO db

2017-08-08 Thread Stephen Chrzanowski
Awesome find Warren. Thanks. On Tue, Aug 8, 2017 at 4:08 PM, Warren Young wrote: > On Aug 8, 2017, at 11:06 AM, Jens Alfke wrote: > > > > On Aug 8, 2017, at 10:03 AM, Igor Korot wrote: > >> > >> Just google "Jonny Drop All Tables".

Re: [sqlite] SQLITE PHP syntax issues - INSERT INTO db

2017-08-08 Thread Stephen Chrzanowski
To add on to what Jens mentions, with PHP, you can at least sanitize the $NewID by using (integer)$NewID. Any string or non integer that is assigned to $NewID will get converted to the integer value zero. From my experience, typically IDs aren't stored as zero, but I've not looked at EVERY

Re: [sqlite] SQLITE PHP syntax issues - INSERT INTO db

2017-08-08 Thread Warren Young
On Aug 8, 2017, at 11:06 AM, Jens Alfke wrote: > > On Aug 8, 2017, at 10:03 AM, Igor Korot wrote: >> >> Just google "Jonny Drop All Tables". ;-) > > “Little Bobby Tables” to be precise; here’s a direct link: Little Bobby has a web site now:

Re: [sqlite] SQLITE PHP syntax issues - INSERT INTO db

2017-08-08 Thread Jens Alfke
> On Aug 8, 2017, at 10:03 AM, Igor Korot wrote: > > Just google "Jonny Drop All Tables". ;-) “Little Bobby Tables” to be precise; here’s a direct link: https://xkcd.com/327/ —Jens ___ sqlite-users

Re: [sqlite] SQLITE PHP syntax issues - INSERT INTO db

2017-08-08 Thread Igor Korot
Hi, On Tue, Aug 8, 2017 at 12:58 PM, Jens Alfke wrote: > >> On Aug 5, 2017, at 6:48 AM, Edmondo Borasio wrote: >> >> *$query1="INSERT INTO Table"."(ID,name,surname)"."VALUES(\' ' . $NewID . >> '\','newName','newSurname');"; * > > It’s a very, very

Re: [sqlite] SQLITE PHP syntax issues - INSERT INTO db

2017-08-08 Thread Jens Alfke
> On Aug 5, 2017, at 6:48 AM, Edmondo Borasio wrote: > > *$query1="INSERT INTO Table"."(ID,name,surname)"."VALUES(\' ' . $NewID . > '\','newName','newSurname');"; * It’s a very, very bad idea to insert variable strings directly into a SQL query like this. If the

Re: [sqlite] SQLITE PHP syntax issues - INSERT INTO db

2017-08-06 Thread Clemens Ladisch
Edmondo Borasio wrote: > //If I input the $NewID manually as a string (for example '6', *it works > fine* and updates the db correctly) > *$query1="INSERT INTO > Table"."(ID,name,surname)"."VALUES('6','newName','newSurname');"; * > > //However if I try to use the $NewID variable from above *it

[sqlite] SQLITE PHP syntax issues - INSERT INTO db

2017-08-05 Thread Edmondo Borasio
$ID; echo $ID; //This returns: *string(1) "5"* $NewID = $ID + 1; echo $NewID; //This returns: *6* //If I input the $NewID manually as a string (for example '6', *it works fine* and updates the db correctly) *$query1="INSERT INTO Table"."(ID,name,surname)"."VALUES('6','newName','newSurname');"; *