over 1 year ago

在這邊有一個前提就是我們必須要有兩台Linux Server

  1. Production/Staging Server
  2. CI Server
Read on →
 
about 2 years ago

使用 prepared statement 是否讓 mysql 效能更好? 見仁見智,若是多個重複sql執行在同一條 connection,這是肯定的,也比較安全; 若只是 query 一次,其實會比直接串 sql 還要慢一些,參考第三個網址,底下有mysql關方的說明,第四個網址則有很清楚的圖文說明。

http://totou-phpmysql.blogspot.tw/2008/05/prepared-statement.html

http://php.net/manual/zh/mysqli.quickstart.prepared-statements.php

http://dev.mysql.com/doc/refman/5.6/en/c-api-prepared-statement-function-overview.html

http://www.codedata.com.tw/database/mysql-tutorial-12-prepared-statement/

 
over 2 years ago
escape.html
請輸入測試字串,例如:<  >
<input type="text" id="text" />
<button id="btn">轉換</button>
<br>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script>
<script type="text/javascript">
    $('#btn').on('click', function(){
        $('#text').val(escapeHtml($('#text').val()));
    });

    function escapeHtml(unsafe) {
        return unsafe
             .replace(/&/g, "&amp;")
             .replace(/</g, "&lt;")
             .replace(/>/g, "&gt;")
             .replace(/"/g, "&quot;")
             .replace(/'/g, "&#039;");
     }
</script>
 
over 2 years ago

測試cookie是否有用httpOnly,可這樣測試

test.js
<script>
     alert(document.cookie);
</script>

Yii可以這樣設定

protected/controllers/Controller.php
<?php
    $cookie = new CHttpCookie('cookiename', 'some value', array('httpOnly' => true));
?>
 
over 2 years ago
CDbCommand failed to execute the SQL statement: SQLSTATE[HY000]: General error: 2031 No data supplied for parameters in prepared statement. The SQL statement executed was: INSERT INTO `products` (`name`, `image`, `price`, `description`, `category_id`) VALUES (:yp0, :yp1, :yp2, :yp3, :yp4). Bound with :yp0='HTC One X', :yp1=NULL, :yp2=21000, :yp3=NULL, :yp4=2

用Yii的ActiveRecord select or insert into 的時候遇到這樣的問題

這是PDO噴出來的錯,就直接用createCommand 來select 或 insert into也會遇到同樣問題

大至上有兩種問題 佔位符號(:yp1)NULL

1.:yp0:yp1,像這種佔位符號,不可以重複出現例如

select * FROM products WHERE name LIKE :keyword OR description LIKE :keyword

在PHP5.5.x以上的版本,如果這樣寫,就會噴錯...,因此若改為這樣:

select * FROM products WHERE name LIKE :nameKeyword OR description LIKE :descKeyword

就正常了,這是PHP PDO的問題,這就要追一下PHP何時改成這樣較嚴謹的寫法

2.塞NULL值一定要用new CDbExpression('NULL'),不然也會噴2031的錯誤

protected/models/Product.php
array('image, description', 'default', 'value' => new CDbExpression('NULL'))