1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
  • Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Reply to: Need some SQL help

Collapse

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

  • You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
  • You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
  • If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Previously on "Need some SQL help"

Collapse
  • MrMark
    replied
    If your web users are only doing selects on the database, it may be useful practice to make sure their privileges on the database involved are limited to just selects (ie stop them being able to insert update or delete). A belt and braces approach, as you will already be trying to prevent sql injection at application level as mentioned above. The biggest danger is allowing the hacker to gain userid knowledge from the users table at login.

    Leave a comment:

  • Cliphead
    replied
    Taken onboard. Learning a lot about this and quite happy that things are as secure as they can be at the moment. I don't know much about SQL but I know UNIX and security so that's a good start.

    I've also quizzed the developers about their methods and asked for their input re security bit not expecting much feedback...

    Leave a comment:

  • BrilloPad
    replied
    Originally posted by NickFitz View Post
    Google for SQL injection if you're planning on implementing a web-based interface to a database-backed application.

    Also worth looking up cross-site scripting, and cross-site request forgery
    http://www.cgisecurity.com/2007/06/27

    Even microsoft have suffered! They should have employed NF...

    Leave a comment:

  • NickFitz
    replied
    Originally posted by Cliphead View Post
    Excellent!
    Google for SQL injection if you're planning on implementing a web-based interface to a database-backed application.

    Also worth looking up cross-site scripting, and cross-site request forgery

    Leave a comment:

  • BrilloPad
    replied
    Originally posted by Cliphead View Post
    Excellent!
    I sent this to the dbas at clientco - they did not so much as laugh. either they have seen it several times before or are humourless ****s

    Leave a comment:

  • Cliphead
    replied
    Originally posted by BrilloPad View Post
    Have you allowed for this?

    http://benajnim.com/index.php/php/sa...-input-in-php/
    Excellent!

    Leave a comment:

  • BrilloPad
    replied
    Have you allowed for this?

    http://benajnim.com/index.php/php/sa...-input-in-php/

    Leave a comment:

  • Cliphead
    replied
    Originally posted by BrilloPad View Post
    try "drop table user"

    HTH
    I already did that, the backup script worked

    Leave a comment:

  • BrilloPad
    replied
    Originally posted by Cliphead View Post
    I'd be forever grateful and would love to buy a pint or two for anyone who can help me out with this. I know zip about SQL.

    I have a web app using Postgres as the backend. I've installed phpPgAdmin on the web server so I can look but not touch anything in there.

    I want to do a simple listing of all the users but I need to query two tables, one holds the username, first and last names, the other holds email and home address etc.

    I know this is likely very simple to do but I haven't got a clue
    try "drop table user"

    HTH

    Leave a comment:

  • Cliphead
    replied
    Originally posted by NickFitz View Post
    HTH
    I sorta knew how the query should be structured but not the actual syntax. This stuff is a long way from Clipper

    Thanks again!

    Leave a comment:

  • NickFitz
    replied
    Originally posted by Cliphead View Post
    Yes, the first example was bang on and got it working for me.

    You're a star Nick, I owe you for this one!
    HTH

    Leave a comment:

  • Cliphead
    replied
    Originally posted by NickFitz View Post
    Presumably the username is used as a key in the table that holds the details? Or is there a numeric field, probably called "id", and a corresponding numeric field, probably called "user_id", in the second field?

    As those questions might suggest you really need to explicitly state what the structure of the tables is (and indeed their names), but this might get you started:

    Code:
    SELECT user.username, user.first_name, user.last_name, user_info.email
FROM user, user_info
WHERE user.id = user_info.user_id
    or, if the username is used as the key,

    Code:
    SELECT user.username, user.first_name, user.last_name, user_info.email
FROM user, user_info
WHERE user.username = user_info.username
    Yes, the first example was bang on and got it working for me.

    You're a star Nick, I owe you for this one!

    Leave a comment:

  • NickFitz
    replied
    Originally posted by Cliphead View Post
    I'd be forever grateful and would love to buy a pint or two for anyone who can help me out with this. I know zip about SQL.

    I have a web app using Postgres as the backend. I've installed phpPgAdmin on the web server so I can look but not touch anything in there.

    I want to do a simple listing of all the users but I need to query two tables, one holds the username, first and last names, the other holds email and home address etc.

    I know this is likely very simple to do but I haven't got a clue
    Presumably the username is used as a key in the table that holds the details? Or is there a numeric field, probably called "id", and a corresponding numeric field, probably called "user_id", in the second field?

    As those questions might suggest you really need to explicitly state what the structure of the tables is (and indeed their names), but this might get you started:

    Code:
    SELECT user.username, user.first_name, user.last_name, user_info.email
FROM user, user_info
WHERE user.id = user_info.user_id
    or, if the username is used as the key,

    Code:
    SELECT user.username, user.first_name, user.last_name, user_info.email
FROM user, user_info
WHERE user.username = user_info.username

    Leave a comment:

  • Cliphead
    started a topic Need some SQL help

    Need some SQL help

    I'd be forever grateful and would love to buy a pint or two for anyone who can help me out with this. I know zip about SQL.

    I have a web app using Postgres as the backend. I've installed phpPgAdmin on the web server so I can look but not touch anything in there.

    I want to do a simple listing of all the users but I need to query two tables, one holds the username, first and last names, the other holds email and home address etc.

    I know this is likely very simple to do but I haven't got a clue
    Tags: None

Advertisers

  1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
Working...
X