- Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
- Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!
Reply to: Need some SQL help
Collapse
You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:
- You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
- You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
- If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.
Logging in...
Previously on "Need some SQL help"
Collapse
-
If your web users are only doing selects on the database, it may be useful practice to make sure their privileges on the database involved are limited to just selects (ie stop them being able to insert update or delete). A belt and braces approach, as you will already be trying to prevent sql injection at application level as mentioned above. The biggest danger is allowing the hacker to gain userid knowledge from the users table at login.
-
Taken onboard. Learning a lot about this and quite happy that things are as secure as they can be at the moment. I don't know much about SQL but I know UNIX and security so that's a good start.
I've also quizzed the developers about their methods and asked for their input re security bit not expecting much feedback...
Leave a comment:
-
Originally posted by NickFitz View PostGoogle for SQL injection if you're planning on implementing a web-based interface to a database-backed application.
Also worth looking up cross-site scripting, and cross-site request forgery
Even microsoft have suffered! They should have employed NF...
Leave a comment:
-
Originally posted by Cliphead View PostExcellent!
Also worth looking up cross-site scripting, and cross-site request forgery
Leave a comment:
-
-
-
Originally posted by Cliphead View PostI'd be forever grateful and would love to buy a pint or two for anyone who can help me out with this. I know zip about SQL.
I have a web app using Postgres as the backend. I've installed phpPgAdmin on the web server so I can look but not touch anything in there.
I want to do a simple listing of all the users but I need to query two tables, one holds the username, first and last names, the other holds email and home address etc.
I know this is likely very simple to do but I haven't got a clue
HTH
Leave a comment:
-
Originally posted by NickFitz View PostPresumably the username is used as a key in the table that holds the details? Or is there a numeric field, probably called "id", and a corresponding numeric field, probably called "user_id", in the second field?
As those questions might suggest you really need to explicitly state what the structure of the tables is (and indeed their names), but this might get you started:
Code:SELECT user.username, user.first_name, user.last_name, user_info.email FROM user, user_info WHERE user.id = user_info.user_id
Code:SELECT user.username, user.first_name, user.last_name, user_info.email FROM user, user_info WHERE user.username = user_info.username
You're a star Nick, I owe you for this one!
Leave a comment:
-
Originally posted by Cliphead View PostI'd be forever grateful and would love to buy a pint or two for anyone who can help me out with this. I know zip about SQL.
I have a web app using Postgres as the backend. I've installed phpPgAdmin on the web server so I can look but not touch anything in there.
I want to do a simple listing of all the users but I need to query two tables, one holds the username, first and last names, the other holds email and home address etc.
I know this is likely very simple to do but I haven't got a clue
As those questions might suggest you really need to explicitly state what the structure of the tables is (and indeed their names), but this might get you started:
Code:SELECT user.username, user.first_name, user.last_name, user_info.email FROM user, user_info WHERE user.id = user_info.user_id
Code:SELECT user.username, user.first_name, user.last_name, user_info.email FROM user, user_info WHERE user.username = user_info.username
Leave a comment:
-
Need some SQL help
I'd be forever grateful and would love to buy a pint or two for anyone who can help me out with this. I know zip about SQL.
I have a web app using Postgres as the backend. I've installed phpPgAdmin on the web server so I can look but not touch anything in there.
I want to do a simple listing of all the users but I need to query two tables, one holds the username, first and last names, the other holds email and home address etc.
I know this is likely very simple to do but I haven't got a clueTags: None
- Home
- News & Features
- First Timers
- IR35 / S660 / BN66
- Employee Benefit Trusts
- Agency Workers Regulations
- MSC Legislation
- Limited Companies
- Dividends
- Umbrella Company
- VAT / Flat Rate VAT
- Job News & Guides
- Money News & Guides
- Guide to Contracts
- Successful Contracting
- Contracting Overseas
- Contractor Calculators
- MVL
- Contractor Expenses
Advertisers
Contractor Services
CUK News
- Streamline Your Retirement with iSIPP: A Solution for Contractor Pensions Sep 1 09:13
- Making the most of pension lump sums: overview for contractors Sep 1 08:36
- Umbrella company tribunal cases are opening up; are your wages subject to unlawful deductions, too? Aug 31 08:38
- Contractors, relabelling 'labour' as 'services' to appear 'fully contracted out' won't dupe IR35 inspectors Aug 31 08:30
- How often does HMRC check tax returns? Aug 30 08:27
- Work-life balance as an IT contractor: 5 top tips from a tech recruiter Aug 30 08:20
- Autumn Statement 2023 tipped to prioritise mental health, in a boost for UK workplaces Aug 29 08:33
- Final reminder for contractors to respond to the umbrella consultation (closing today) Aug 29 08:09
- Top 5 most in demand cyber security contract roles Aug 25 08:38
- Changes to the right to request flexible working are incoming, but how will contractors be affected? Aug 24 08:25
Leave a comment: