resources
helpful hints - MySQL
JavaScript is a scripting language most often used for client-side web development. The primary use of JavaScript is to write functions that are embedded in HTML pages and interact with the Document Object
Model (DOM) of the page. Some simple examples of this usage are:
- Opening or popping up a new window with programmatic control over the size, position and 'look' of the new window (i.e. whether the menus, toolbars, etc. are visible).
- Validation of web form input values to make sure that they will be accepted before they are submitted to the server.
- Changing images as the mouse cursor moves over them.
Because JavaScript code can run locally in a user's browser (client side as opposed to server side), it can respond to user actions quickly, making an application feel more responsive. Furthermore,
JavaScript code can detect user actions which HTML alone cannot, such as an 'onClick' or 'onmouseover' event.
Number of Rows Returned
$totalrows = mysql_num_rows($sql);
Dealing with HTML Special Characters
PHP 4, PHP5 [htmlspecialchars()]
PHP 5 >= 5.1.0 [htmlspecialchars_decode()]
htmlspecialchars($str)
converts '&' (ampersand), " (double quote), ' (single quote), < (less than), and > (greater than)
htmlspecialchars_decode($str, ENT_NOQUOTES)
reverses above
converts '&' (ampersand), " (double quote), ' (single quote), < (less than), and > (greater than)
htmlspecialchars_decode($str, ENT_NOQUOTES)
reverses above
Script Security
You should never use addslashes() for escaping characters for use in SQL queries. The only safe function for this purpose in MySQL is the use of mysql_real_escape_string(). Any other escaping technique is insecure. You should never have to use stripslashes on database output. Aside from security, escaping is for the benefit of the SQL parser only, Escape slashes are not stored in the database. If magic_quotes_gpc is enabled, it should be defeated using stripslashes on each input value, that is to be used.
number_format issue with large numbers
number_format ($number, [int precision], [decimal separator], [thousands separator])
default for number_format ($number, 2) is a decimal and a coma
(e.g. 1,2300.00)
This can give problems when adding large numbers (the comma is the problem).
number_format($number,2, '.', '');
The above solves the problem by eliminating the comma (the last '')
Alternative:
$number = '12000';
$html_number = number_format($number,2);
result: 12,000.00
$mysql_number = str_replace(',', '', $number_with_comma);
result: 12000.00
Left Joins
Left joins (sometimes called left outer joins) are especially useful for finding rows that are only in one table and not the other. For example, say we have a members table and a customer table and we want to find only members who have not placed orders (i.e. a customer):
SELECT members.member_id, members.first_name, members.last_name, members.email_address
FROM members LEFT JOIN customer ON customer.member_id = members.member_id
WHERE customer.member_id IS NULL
FROM members LEFT JOIN customer ON customer.member_id = members.member_id
WHERE customer.member_id IS NULL
This will give us all members from the members table (the left table) who are not present in the customers table (i.e. customer.member_id IS NULL).