Archive

Posts Tagged ‘SQL’

Limit Number Of Rows Returned In MS SQL

September 23rd, 2008 No comments

To limit the number of rows returned in a MS SQL query you need to use the TOP command. This goes before you name the columns that are to be returned by the SELECT statement.

The following query returns the first 35 rows from a table.

SELECT TOP 35 * FROM table WHERE value > 4 ORDER BY id DESC

Categories: MS SQL Tags: , , , , ,

Reset Your WordPress Password

September 9th, 2008 No comments

If for some reason you can’t remember your WordPress password and you can’t use the "lost your password" function that comes with WordPress, due to problems with email, then you can use the following SQL command to reset your password.

UPDATE wp_users SET user_pass = md5('newpassword') WHERE user_login = 'admin';

This can be useful if you have a local web server that you are trying things out on before they go live on the Internet. These servers often don’t have access to email as they are just testing platforms and will therefore fail if you try to use the "lost your password" function.

This command has been tested on WordPress version 2.6.2.

Categories: Wordpress Tags: , , , , ,

Check Slash on Database Input

January 10th, 2008 No comments

If you are querying a database you should get into the habit of sanitising your input, even if it’s not coming from users at the moment it might do in the future. SQL injection attacks are all too common and they can be easily prevented.

The addslashes() function takes a string as the input and returns a string with backslashes before all characters that required quoting in database queries. The characters it acts on are quote, double quote, backslash and NUL (or a NULL byte). Magic quotes runs addslashes() on all COOKIE, GET and POST data. The important thing is not to use addslashes() and magic quotes on the same string as everything will be double escaped.

Use the get_magic_quotes_gpc() function to see if magic quotes is enabled. If it isn’t then use the PHP function addslashes() to do the same thing. Use this function if you have any user input in order to sanitise anything that you are about to send to a database.

The following function will add slashes to the string even if magic quotes is disabled.

private static function checkslash($slashes_string){
  if (get_magic_quotes_gpc()==1) {
    return $slashes_string;
  }else{
    return addslashes($slashes_string);
  };
};

You should never rely on magic_quotes being enabled on any server. So get into the habit of doing this on your SQL strings.

$sql = 'SELECT * FROM table WHERE table.name="'.checkslash($string).'"';

This has the effect of escaping all characters in the string that might cause error or security breaches.

Categories: PHP Tags: , , , , ,