5 Replies - 277 Views - Last Post: 29 January 2018 - 10:28 AM Rate Topic: -----

#1 tedchong   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 43
  • Joined: 31-December 17

What is the meaning of this code?

Posted 28 January 2018 - 07:59 PM

what is the meaning and clarification of these line $matches = array('1');?
and "INSERT INTO hashes (hash) VALUES (" . implode(', ', $values) . ") ON DUPLICATE KEY UPDATE hash='hash'";?
Thanks for your knowledge.


$matches = array('1');
$count = count($matches);
for($i = 0; $i < $count; ++$i) {
    $values[] = '?';
}

// INSERT INTO DATABASE
$sql = "INSERT INTO hashes (hash) VALUES (" . implode(', ', $values) . ") ON DUPLICATE KEY UPDATE hash='hash'";
$stmt = $dbh->prepare($sql);
$data = $stmt->execute($matches);




what is the meaning of array('1')?

Is This A Good Question/Topic? 0
  • +

Replies To: What is the meaning of this code?

#2 astonecipher   User is offline

  • Senior Systems Engineer
  • member icon

Reputation: 2585
  • View blog
  • Posts: 10,355
  • Joined: 03-December 12

Re: What is the meaning of this code?

Posted 28 January 2018 - 08:12 PM

An array, with the size of 1, and the value of '1' in it.
Was This Post Helpful? 0
  • +
  • -

#3 CTphpnwb   User is offline

  • D.I.C Lover
  • member icon

Reputation: 3798
  • View blog
  • Posts: 13,753
  • Joined: 08-August 08

Re: What is the meaning of this code?

Posted 28 January 2018 - 08:37 PM

The meaning is that somebody wants to have their database hacked.
USE PREPARED STATEMENTS properly. Don't defeat them by inserting user data into the prepare.

This post has been edited by CTphpnwb: 28 January 2018 - 08:38 PM

Was This Post Helpful? 0
  • +
  • -

#4 tedchong   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 43
  • Joined: 31-December 17

Re: What is the meaning of this code?

Posted 28 January 2018 - 11:56 PM

what is the meaning "ON DUPLICATE KEY UPDATE hash='hash'";"
Was This Post Helpful? 0
  • +
  • -

#5 andrewsw   User is offline

  • So Smart! S-M-R-T!
  • member icon

Reputation: 6578
  • View blog
  • Posts: 26,715
  • Joined: 12-December 12

Re: What is the meaning of this code?

Posted 29 January 2018 - 12:08 AM

What do you think that it might mean?

What about searching "mysql on duplicate key update"?

It is quite a clear statement of intent.
Was This Post Helpful? 1
  • +
  • -

#6 ArtificialSoldier   User is offline

  • D.I.C Lover
  • member icon

Reputation: 2053
  • View blog
  • Posts: 6,297
  • Joined: 15-January 14

Re: What is the meaning of this code?

Posted 29 January 2018 - 10:28 AM

Quote

Don't defeat them by inserting user data into the prepare.

This is the only way to do that. The query in this case isn't going to be in the correct format, but this is the way to build a query where you don't know how many placeholders there will be. It's just an array of placeholders, not values.

Although you don't need to do that loop, you could just use array_fill:

$placeholders = array_fill(0, $count, '?');


Although this will not create a valid query if there is more than one placeholder. It will create a query like this:

INSERT INTO hashes (hash) VALUES (?, ?, ?) ON DUPLICATE KEY UPDATE hash='hash'

That's a problem because you're telling it to insert into 1 column then giving 3 values, and in other news if there's a duplicate key update it's going to set the hash column to the string "hash". If you want to insert 1 value for multiple rows the syntax is different:

INSERT INTO hashes (hash) VALUES (?), (?), (?) ON DUPLICATE KEY UPDATE hash='hash'

But if hash is a unique key, that query is going to break the second time you try to insert a duplicate (because you'll have 2 "hash" values in that field, and that's a problem).
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1