how to encode and decode html tag using php
you can encode using ->
html_entities(mysql_real_escape_string($variable));
you can decoe using
html_entity_decode(stripslashes($variable));
Application development and sharing our knowledge to developer to developer for helping knowledge to build a effective solution for web architect.
$stmt = $pdo->prepare('SELECT * FROM employees WHERE name = :name');
$stmt->execute(array(':name' => $name));
foreach ($stmt as $row) {
// do something with $row
}
$stmt = $dbConnection->prepare('SELECT * FROM employees WHERE name = ?');
$stmt->bind_param('s', $name);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
// do something with $row
}
PDO
to access a MySQL database real prepared statements are not used by default. To fix this you have to disable the emulation of prepared statements. An example of creating a connection using PDO is:$dbConnection = new PDO('mysql:dbname=dbtest;host=127.0.0.1;charset=utf8', 'user', 'pass');
$dbConnection->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$dbConnection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
In the above example the error mode isn't strictly necessary, but it is advised to add it. This way the script will not stop with a Fatal Error
when something goes wrong. And gives the developer the chance to catch
any error(s) (which are throw
ed as PDOException
s.setAttribute()
line, which tells PDO to disable emulated prepared statements and use real
prepared statements. This makes sure the statement and the values
aren't parsed by PHP before sending it the the MySQL server (giving a
possible attacker no chance to inject malicious SQL).charset
in the options of the constructor it's important to note that 'older' versions of PHP (< 5.3.6) silently ignored the charset parameter in the DSN.prepare
is parsed and compiled by the database server. By specifying parameters (either a ?
or a named parameter like :name
in the example above) you tell the database engine where you want to filter on. Then when you call execute
the prepared statement is combined with the parameter values you specify. $name
variable contains 'Sarah'; DELETE * FROM employees
the result would simply be a search for the string "'Sarah'; DELETE * FROM employees", and you will not end up with an empty table.$preparedStatement = $db->prepare('INSERT INTO table (column) VALUES (:column)');
$preparedStatement->execute(array(':column' => $unsafeValue));
// a good user's name
$name = "timmy";
$query = "SELECT * FROM customers WHERE username = '$name'";
echo "Normal: " . $query . "<br />";
// user input that uses SQL Injection
$name_bad = "' OR 1'";
// our MySQL query builder, however, not a very safe one
$query_bad = "SELECT * FROM customers WHERE username = '$name_bad'";
// display what the new query will look like, with injection
echo "Injection: " . $query_bad;
//NOTE: you must be connected to the database to use this function! // connect to MySQL $name_bad = "' OR 1'"; $name_bad = mysql_real_escape_string($name_bad); $query_bad = "SELECT * FROM customers WHERE username = '$name_bad'"; echo "Escaped Bad Injection: <br />" . $query_bad . "<br />"; $name_evil = "'; DELETE FROM customers WHERE 1 or username = '"; $name_evil = mysql_real_escape_string($name_evil); $query_evil = "SELECT * FROM customers WHERE username = '$name_evil'"; echo "Escaped Evil Injection: <br />" . $query_evil;
A FUNCTION is always returns a value using the return statement. A PROCEDURE may return one or more values through parameters or may not return at all. b. Functions are normally used for computations where as procedures are normally used for executing business logic. c. A Function returns 1 value only. Procedure can return multiple values (max 1024). d. Stored procedure returns always integer value by default zero. Whereas function returns type could be scalar or table or table values e. Stored procedure is precompiled execution plan where as functions are not. f. A function can call directly by SQL statement like select func_name from dual while procedure cannot. g.Stored procedure has the security and reduces the network traffic and also we can call stored procedure in any no. of applications at a time. h. A Function can be used in the SQL Queries while a procedure cannot be used in SQL queries .that cause a major difference b/w function and procedures.
--------------------------------
Stored procedures are a set of actions already written and stored inside the database for acheiving a particular task where as functions are general database objects which are used for general purpose programming
there are 3 main differences between sp and function. 1 sp takes input,output parameters, function takes only input parameters. 2 temparary variables required to store return values of sp. in functions temparary variables will be optinale. 3 sp can not be called directly into DML statements , functions can be called directly into DML statements.
1. Functions can be used inline with a select statement while sprocs can't. 2. EXEC command can't be used inside a Function where it can be used inside an sproc.
<?php
$Server = "127.0.0.1";
$DataBase = "tedt";
$UserName = "root";
$PassWord = "124@#";
$Conn = mysqli_connect($host, $UserName, $PassWord);
if(!$Conn)
{
die("Could not connect to server : " . mysqli_error());
}
else
{
mysqli_select_db($Conn,$DataBase) or die("Could not connect to database");
}
?>
<?php
print "Procedure #1";
$res=
$Conn
->query("CALL storepro;");
print_r($
res
) ;
?
>
-
{
-
"title": "A cool blog post",
-
"clicks": 4000,
-
"children": null,
-
"published": true,
-
"comments": [
-
{
-
"author": "Mister X",
-
"message": "A really cool posting"
-
},
-
{
-
"author": "Misrer Y",
-
"message": "It's me again!"
-
}
-
]
-
}
It contains basically everything that you can express through JSON.
As you can see no dates, regexes or something like that. Also, you need
to make sure that your whole JSON document is encoded in UTF-8. We'll see later how to ensure that in PHP. Due to this shortcomings (and for other good reasons) BSON(Binary
JSON) was developed. It was designed to be more space-efficient and
provides traversability and extensions like the date type. Its most
prominent use case is MongoDB, but
honestly I never came across it somewhere else. I recommend you to take
a short look at the specification if you have some time left, since I
find it very educating.
-
json_encode(mixed $value, int $options = 0);
An integer for options you might ask? Yup, that's called a bitmask.
We'll cover them in a separate part a little bit later. Since these
bitmask options change the way the data is encoded, for the following
examples assume that we use defaults and don't provide custom params.
-
<?php
-
// Returns: ["Apple","Banana","Pear"]
-
json_encode(array("Apple", "Banana", "Pear"));
-
-
// Returns: {"4":"four","8":"eight"}
-
json_encode(array(4 => "four", 8 => "eight"));
-
-
// Returns: {"apples":true,"bananas":null}
-
json_encode(array("apples" => true, "bananas" => null));
-
?>
How your arrays are translated depends on your indexes used. You can also see that json_encode
takes care of the correct type conversion, so booleans
and null
are not transformed into strings but use their correct type. Let's now look into objects:
-
<?php
-
class User {
-
public $firstname = "";
-
public $lastname = "";
-
public $birthdate = "";
-
}
-
-
$user = new User();
-
$user->firstname = "foo";
-
$user->lastname = "bar";
-
-
// Returns: {"firstname":"foo","lastname":"bar"}
-
json_encode($user);
-
-
$user->birthdate = new DateTime();
-
-
/* Returns:
-
{
-
"firstname":"foo",
-
"lastname":"bar",
-
"birthdate": {
-
"date":"2012-06-06 08:46:58",
-
"timezone_type":3,
-
"timezone":"Europe\/Berlin"
-
}
-
}
-
*/
-
json_encode($user);
-
?>
Objects are inspected and their public attributes are converted. This
happens recursively, so in the example above the public attributes of
the DateTime
object are also translated into JSON. This is a handy trick if you want
to easly transmit datetimes over JSON, since the client-side can then
operate on both the actual time and the timezone.
-
<?php
-
class User {
-
public $pub = "Mister X.";
-
protected $pro = "hidden";
-
private $priv = "hidden too";
-
-
public $func;
-
public $notUsed;
-
-
public function __construct() {
-
$this->func = function() {
-
return "Foo";
-
};
-
}
-
}
-
-
$user = new User();
-
-
// Returns: {"pub":"Mister X.","func":{},"notUsed":null}
-
echo json_encode($user);
-
?>
Here, you can see that only public attributes are used. Not initialized variables are translated to null
while closures that are bound to a public attribute are encoded with an
empty object (as of PHP 5.4, there is no option to prevent public
closures to be translated).|
. So, a call to json_encode may look like this:
-
<?php
-
// Returns: {"0":"Starsky & Hutch","1":123456}
-
json_encode(array("Starsky & Hutch", "123456"), JSON_NUMERIC_CHECK | JSON_FORCE_OBJECT);
-
?>
JSON_FORCE_OBJECT
forces the array to be translated into an object and JSON_NUMERIC_CHECK
converts string-formatted numbers to actual numbers. You can find all bitmasks (constants) here.
Note that most of the constants are available since PHP 5.3 and some of
them were added in 5.4. Most of them deal with how to convert
characters like < >
, &
or ""
. PHP 5.4 provides a JSON_PRETTY_PRINT
constant that may you help during development since it uses whitespace
to format the output (since it adds character overhead, I won't enable
it in production of course).stdClass
back. Here's a short example:
-
<?php
-
$string = '{"foo": "bar", "cool": "attr"}';
-
$result = json_decode($string);
-
-
// Result: object(stdClass)#1 (2) { ["foo"]=> string(3) "bar" ["cool"]=> string(4) "attr" }
-
var_dump($result);
-
-
// Prints "bar"
-
echo $result->foo;
-
-
// Prints "attr"
-
echo $result->cool;
-
?>
If you want to get an associative array back instead, set the second parameter to true:
-
<?php
-
$string = '{"foo": "bar", "cool": "attr"}';
-
$result = json_decode($string, true);
-
-
// Result: array(2) { ["foo"]=> string(3) "bar" ["cool"]=> string(4) "attr" }
-
var_dump($result);
-
-
// Prints "bar"
-
echo $result['foo'];
-
-
// Prints "attr"
-
echo $result['cool'];
-
?>
If you expect a very large nested JSON document, you can limit the recursion depth to a certain level. The function will return null
and stops parsing if the document is deeper than the given depth.
-
<?php
-
$string = '{"foo": {"bar": {"cool": "value"}}}';
-
$result = json_decode($string, true, 2);
-
-
// Result: null
-
var_dump($result);
-
?>
<?php $ch = curl_init("http://rss.news.yahoo.com/rss/oddlyenough"); $fp = fopen("example_homepage.html", "w"); curl_setopt($ch, CURLOPT_FILE, $fp); curl_setopt($ch, CURLOPT_HEADER, 0); curl_exec($ch); curl_close($ch); fclose($fp); $xml = simplexml_load_file('example_homepage.html'); print "<ul>\n"; foreach ($xml->channel->item as $item){ print "<li>$item->title</li>\n"; } print "</ul>"; ?>