php-general Digest 6 Nov 2004 22:35:17 -0000 Issue 3097
Topics (messages 201357 through 201380):
Questions about mysql_real_escape_string and addslashes
201357 by: Stuart Felenstein
201360 by: M. Sokolewicz
201366 by: Stuart Felenstein
image uploads - part 2
201358 by: Jaskirat Singh
201359 by: Jaskirat Singh
201361 by: M. Sokolewicz
201369 by: Robby Russell
Re: Problem with fopen(...) - "No error"??
201362 by: Jason Wong
Re: Passing values from a new window
201363 by: M Saleh EG
Re: Big table dump stopping in between
201364 by: Jason Wong
201365 by: Ritesh Nadhani
201376 by: James Kaufman
Question: Passing error messages
201367 by: Stuart Felenstein
201368 by: Daniel Schierbeck
201370 by: Stuart Felenstein
201371 by: Daniel Schierbeck
201375 by: Stuart Felenstein
Re: Problem with fopen(...) -
201372 by: P M
201378 by: Jason Wong
Re: images doesn't seem to cache
201373 by: anders thoresson
201374 by: anders thoresson
201377 by: M. Sokolewicz
Recover POST form
201379 by: Christian Ista
201380 by: Greg Donald
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
First I'm a bit unsure , because in the manual it
states that you must use mysql_real_escape_string on
binary data. So first question, what constitutues
binary data, a file or just an integer?
Second question - Since magic_quote_gpc is enabled on
my server (and I have no choice) - I gather I must use
addslashes()
3rd- Some of the user input translates to an int value
where I later do a join for the actual label. I
believe those fields are protected naturally since the
database won't accept anything but an int.
4th - With both of these functions it looks like they
become part of the sql query. I could use some help
in understanding how to set up variables using both
functions. In otherwords, an example of how they get
coded.
Thank you ,
Stuart
--- End Message ---
--- Begin Message ---
Stuart Felenstein wrote:
First I'm a bit unsure , because in the manual it
states that you must use mysql_real_escape_string on
binary data. So first question, what constitutues
binary data, a file or just an integer?
any data that might contain a null-byte (\0) is usually seen as the
definition for binary files.
Second question - Since magic_quote_gpc is enabled on
my server (and I have no choice) - I gather I must use
addslashes()
why?
3rd- Some of the user input translates to an int value
where I later do a join for the actual label. I
believe those fields are protected naturally since the
database won't accept anything but an int.
that is correct, however, remember that sql-injection attacks could
still be made in such places.
4th - With both of these functions it looks like they
become part of the sql query. I could use some help
in understanding how to set up variables using both
functions. In otherwords, an example of how they get
coded.
Look at the examples in the documentation, they are all I could give
you.. (http://www.php.net/manual/en/function.mysql-real-escape-string.php)
Thank you ,
Stuart
--- End Message ---
--- Begin Message ---
--- "M. Sokolewicz" <[EMAIL PROTECTED]> wrote:
(http://www.php.net/manual/en/function.mysql-real-escape-string.php)
I have my eye on example 3: The Quote_Smart function.
Do I have to list all the variables out though or is
there a way to have it check everything passing
through ?
What would nice is if I didn't have to put the
Quote_smart function in every query statement but have
it test everything?
Stuart
>
>
--- End Message ---
--- Begin Message ---
Thanks Robby Russell, Jason Wong , Greg Donald, raditha dissanayak and
every one else who answered part 1 of my email concerning image
uploads.
It was about where to store images uploaded by website users and
question was database vs filesystem and dedicated vs shared hosting
and the conclusion I could understand was
fast,secure,cheap pick any two
1) database + shared = secure and cheap
2) filesystem + shared = fast and cheap
3) filesystem + dedicated = fast and secure
4) database + dedicated = err.. stupid? ;)
For now I have decided to try option 1 and see how far I can go till
performance begins to become a limiting factor and then decide later if
I really need to, to choose between security and cost.
I have another question. I have used mysql mediumblob to store images.
They are jpeg files. When I retrieve that binary data with a query and
generate an image with PHP .. ie. I do
<?
...
header('Content-type: image/jpeg');
echo $binary_data;
?>
The image gets generated and displayed OK. But when I save that image
file on my work station it gets saved as a huge file .. a file which
was 36 Kb jpg when uploaded is saved as 5Mb bmp when downloaded. The
data in mysql column is 36 Kb only. So why is it getting saved as such
a huge file and why bmp when header is 'image/jpeg'
thanks
Jas
--- End Message ---
--- Begin Message ---
Thanks Robby Russell, Jason Wong , Greg Donald, raditha dissanayak and
every one else who answered part 1 of my email concerning image
uploads.
It was about where to store images uploaded by website users and
question was database vs filesystem and dedicated vs shared hosting
and the conclusion I could understand was
fast,secure,cheap pick any two
1) database + shared = secure and cheap
2) filesystem + shared = fast and cheap
3) filesystem + dedicated = fast and secure
4) database + dedicated = err.. stupid? ;)
For now I have decided to try option 1 and see how far I can go till
performance begins to become a limiting factor and then decide later if
I really need to, to choose between security and cost.
I have another question. I have used mysql mediumblob to store images.
They are jpeg files. When I retrieve that binary data with a query and
generate an image with PHP .. ie. I do
<?
...
header('Content-type: image/jpeg');
echo $binary_data;
?>
The image gets generated and displayed OK. But when I save that image
file on my work station it gets saved as a huge file .. a file which
was 36 Kb jpg when uploaded is saved as 5Mb bmp when downloaded. The
data in mysql column is 36 Kb only. So why is it getting saved as such
a huge file and why bmp when header is 'image/jpeg'
thanks
Jas
--- End Message ---
--- Begin Message ---
Jaskirat Singh wrote:
Thanks Robby Russell, Jason Wong , Greg Donald, raditha dissanayak and
every one else who answered part 1 of my email concerning image
uploads.
It was about where to store images uploaded by website users and
question was database vs filesystem and dedicated vs shared hosting
and the conclusion I could understand was
fast,secure,cheap pick any two
1) database + shared = secure and cheap
2) filesystem + shared = fast and cheap
3) filesystem + dedicated = fast and secure
4) database + dedicated = err.. stupid? ;)
For now I have decided to try option 1 and see how far I can go till
performance begins to become a limiting factor and then decide later if
I really need to, to choose between security and cost.
I have another question. I have used mysql mediumblob to store images.
They are jpeg files. When I retrieve that binary data with a query and
generate an image with PHP .. ie. I do
<?
...
header('Content-type: image/jpeg');
echo $binary_data;
?>
The image gets generated and displayed OK. But when I save that image
file on my work station it gets saved as a huge file .. a file which
was 36 Kb jpg when uploaded is saved as 5Mb bmp when downloaded. The
data in mysql column is 36 Kb only. So why is it getting saved as such
a huge file and why bmp when header is 'image/jpeg'
*sighs*
IE
thanks
Jas
--- End Message ---
--- Begin Message ---
On Sat, 2004-11-06 at 03:58 -0800, Jaskirat Singh wrote:
> 4) database + dedicated = err.. stupid? ;)
I should have clarified this more as to why I prefer the DB storage
method. I don't expect that my web application will be the only
interface to the data that I am storing the database. For some clients,
we build pyton interfaces that clients run on their desktop. We also
replicate our databases across a few servers and it's much easier to
keep track of the database than it is to make sure a bunch of
filesystem-stored files are too. Some of our client database machines
don't have a webservers so we don't program with just the web in mind.
With storing in the database, we get transaction support and we know
that an image will not be deleted if it is being referenced by another
piece of data. Speed versus data integrity is something we have to
juggle per client as to what is more important. If you know how to
optimize your database (a stock pgsql db can be rather slow..) then the
speed differences are not enough of a factor for us to know that our
data just a bit more safer.
-Robby
--
/***************************************
* Robby Russell | Owner.Developer.Geek
* PLANET ARGON | www.planetargon.com
* Portland, OR | [EMAIL PROTECTED]
* 503.351.4730 | blog.planetargon.com
* PHP/PostgreSQL Hosting & Development
* --- Now supporting PHP5 ---
****************************************/
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
On Friday 05 November 2004 22:04, Pankaj Kafley wrote:
> Can you be more specific ? I actually had the same sort of problem
> once but maybe it is not the same. But anyways I was getting null
> everytime until I change $_FILES variable to $HTTP_POST_FILES. As by
> suggested by someone else here.
A question for you (and the OP), are you using a relatively new version of
PHP?
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
/*
Are we on STRIKE yet?
*/
--- End Message ---
--- Begin Message ---
Javascript.
Simply just update ur fields at the parent window.
On onUnload even of the popup do this....
self.opener.formName.fieldName.value=document.popupformName.popupfieldName.value;
Your keywords to check in Javascript papers are parent_window,
window_opener and Javascript DOM. If you're using Dreamweaver then ur
blessed by having a Javascript at the palm of ur hand.
HTH.
On Fri, 05 Nov 2004 13:03:31 -0800, Todd Cary <[EMAIL PROTECTED]> wrote:
> I have a button that creates a new window. The surfer may enter data in
> the new window, and if he does, when the window is closed by the surfer,
> can the information update fields on the original page - the page/window
> from which the new window was created?
>
> I have seen instances where the surfer can open a new window to get
> email addresses and these addresses appear in the first window.
>
> Todd
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
M.Saleh.E.G
97150-4779817
--- End Message ---
--- Begin Message ---
On Saturday 06 November 2004 05:43, Ritesh Nadhani wrote:
> In the script I connect to one our tables having more then 80K rows and
> dump the data using echo command.
>
> When I run this page from my browser, the process always stops half way
> thru and only half the data is dumped. I can reproduce this problem
> everytime. I am on a 512Kbps DSL line.
>
> By stopping i mean from IE, about 50K rows are dumped and then the process
> stops.
>
> I have even tried: set_time_limit (0) so that we have unlimited timeout but
> its still giving the same error.
Do you actually get an error message?
> Do I need to configure something in the server so that complete data is
> dumped?
Have you ruled out the possibility that it's IE that's barfing? Try a
different browser and/or try using a download utility to just download the
page to file, or link to that page from another page so you can right-click
"Save link as...".
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
/*
Accuracy, n.:
The vice of being right
*/
--- End Message ---
--- Begin Message ---
Hello,
>
> From: Jason Wong <[EMAIL PROTECTED]>
> Date: 2004/11/06 Sat PM 06:01:28 EST
> To: [EMAIL PROTECTED]
> Subject: Re: [PHP] Big table dump stopping in between
>
> On Saturday 06 November 2004 05:43, Ritesh Nadhani wrote:
>
> > In the script I connect to one our tables having more then 80K rows and
> > dump the data using echo command.
> >
> > When I run this page from my browser, the process always stops half way
> > thru and only half the data is dumped. I can reproduce this problem
> > everytime. I am on a 512Kbps DSL line.
> >
> > By stopping i mean from IE, about 50K rows are dumped and then the process
> > stops.
> >
> > I have even tried: set_time_limit (0) so that we have unlimited timeout but
> > its still giving the same error.
>
> Do you actually get an error message?
>
No.
> > Do I need to configure something in the server so that complete data is
> > dumped?
>
> Have you ruled out the possibility that it's IE that's barfing? Try a
> different browser and/or try using a download utility to just download the
> page to file, or link to that page from another page so you can right-click
> "Save link as...".
>
I even tried an HTTP utility but it is also stopping half way thru. I think its a
problem with ISPs server. Looks like some server option has to be configured.
> --
> Jason Wong -> Gremlins Associates -> www.gremlins.biz
> Open Source Software Systems Integrators
> * Web Design & Hosting * Internet & Intranet Applications Development *
> ------------------------------------------
> Search the list archives before you post
> http://marc.theaimsgroup.com/?l=php-general
> ------------------------------------------
> /*
> Accuracy, n.:
> The vice of being right
> */
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
On Sat, Nov 06, 2004 at 10:10:56AM -0500, Ritesh Nadhani wrote:
>
> I even tried an HTTP utility but it is also stopping half way thru. I think its a
> problem with ISPs server. Looks like some server option has to be configured.
>
What database is this again? I had a similar problem with an 'Enterprise class'
database. My solution was to update statistics. This gives clues to the
database engine on how best to do the qury. Before the update, my large, though
not as large as your result set, would just stop partly through. After updating
statistics, it worked fine.
--
Jim Kaufman
Linux Evangelist
public key 0x6D802619
---
Life is like an onion: you peel it off one layer at a time, and sometimes you
weep.
-- Carl Sandburg
--- End Message ---
--- Begin Message ---
I've started getting into the habit of passing error
messages through session variables, particularly on
redirects.
>From some peoples reaction on this list I gather it's
not the best practice.
What is an alternative way ? I believe it's through a
URL. not sure how to go about that method
Stuart
--- End Message ---
--- Begin Message ---
Stuart Felenstein wrote:
I've started getting into the habit of passing error
messages through session variables, particularly on
redirects.
From some peoples reaction on this list I gather it's
not the best practice.
What is an alternative way ? I believe it's through a
URL. not sure how to go about that method
Stuart
I'm not quite getting what you're saying - are you sending the error
messages on to a new page?! The usual and simple way of doing this is
the good 'ol OR operator:
do_something() or die('Couldn\'t do it, sorry...');
Well, maybe an IF then:
if (!do_something()) {
exit('Still can\' do it...');
}
But there are also much more sophisticated ways of doing it. Clarify
exactly what you're trying to do, and we'll get back to them.
--
Daniel Schierbeck
Help spread Firefox (www.getfirefox.com):
http://www.spreadfirefox.com/?q=user/register&r=6584
--- End Message ---
--- Begin Message ---
--- Daniel Schierbeck <[EMAIL PROTECTED]> wrote:
> I'm not quite getting what you're saying - are you
> sending the error
> messages on to a new page?! The usual and simple way
> of doing this is
> the good 'ol OR operator:
>
I'm saying, currently if there is an error and the
script needs to exit, I'm doing this :
if ..error {
$_SESSION['ErMsg'] = "Submit Failure";
header (location: ........)
exit;
}
I want to know what alternatives there are to error
messages aside from using a session variable.
Thank you ,
Stuart
--- End Message ---
--- Begin Message ---
Stuart Felenstein wrote:
I'm saying, currently if there is an error and the
script needs to exit, I'm doing this :
if ..error {
$_SESSION['ErMsg'] = "Submit Failure";
header (location: ........)
exit;
}
I want to know what alternatives there are to error
messages aside from using a session variable.
Thank you ,
Stuart
Where are you redirecting the client to? An error page?
--
Daniel Schierbeck
Help spread Firefox (www.getfirefox.com):
http://www.spreadfirefox.com/?q=user/register&r=6584
--- End Message ---
--- Begin Message ---
--- Daniel Schierbeck <[EMAIL PROTECTED]> wrote:
> Where are you redirecting the client to? An error
> page?
Either an error page or back out to a main page.
Stuart
--- End Message ---
--- Begin Message ---
Well, since I'm using the latest version of the PHP plugin, it can't be that I'm using
the $_FILES variable ($HTTP_POST_FILES is for older versions of php as far as I know).
Nevertheless, I tried it.. and it didn't work.
To clarify my problem.. I'm using a form to get a file name and some other info
(regular text boxes) where the file information is supposed to be stored in the
$_FILES array (predefined by php). Though it seems that I can't use neither the [name]
or the [tmp_name] field in this array to get the file name. The error occurs directly
when I try to fopen(...) the file. I simply get the following error:
Warning: fopen("", "r") - No error in c:\code\wengine\aey.php on line 130
My MySQL db is working just fine, so is PHP (other code works), as well as the process
of using other HTML form information for PHP processing (such as textboxes).
Does the error message above ring a bell to you? Thanks..
Arty
-----Original Message-----
From: Pankaj Kafley <[EMAIL PROTECTED]>
To: Arty <[EMAIL PROTECTED]>
Date: Fri, 5 Nov 2004 23:04:24 +0100
Subject: Re: [PHP] Problem with fopen(...) - "No error"??
Can you be more specific ? I actually had the same sort of problem
once but maybe it is not the same. But anyways I was getting null
everytime until I change $_FILES variable to $HTTP_POST_FILES. As by
suggested by someone else here.
Regards
On Fri, 5 Nov 2004 21:08:17 +0100, Arty <[EMAIL PROTECTED]> wrote:
> I'm working against a table without problems, that is, as long as I insert and
> retrieve texts and numerical values from various fields. However, I'm also using a
> table for images, but I can't upload files correctly. This is the error I get :
>
> Warning: fopen("", "r") - No error in c:\code\wengine\aey.php on line 130
>
> Warning: fread(): supplied argument is not a valid File-Handle resource in
> c:\code\wengine\aey.php on line 131
>
> I have no clue what's the problem. I checked register_globals (on) but then again,
> that shouldn't matter 'cause I'm using the $_FILES variable to access the file
> information. Obviously, PHP thinks otherwise. It seems (from the warning "fopen("",
> "r")" above), that even so, $_FILES[userfile][tmp_name] is not recognized and just
> interpretated as null. I've tried $_FILES[userfile][name] also, but the same error
> occurs. The second error is obviously just an effect from the first, so what am I
> doing wrong here?? Any tips appreciated!
>
> Thanks,
> Arty
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
On Saturday 06 November 2004 19:33, P M wrote:
Please do not top post.
> Well, since I'm using the latest version of the PHP plugin, it can't be
> that I'm using the $_FILES variable ($HTTP_POST_FILES is for older versions
> of php as far as I know). Nevertheless, I tried it.. and it didn't work.
Do the examples in the manual work for you? If so what are you doing
differently from the examples?
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
/*
If *I* had a hammer, there'd be no more folk singers.
*/
--- End Message ---
--- Begin Message ---
Your eyes are fine. You need to check for If-Modified-Since header, if
the time is older than file modification time (filemtime()) send
Last-Modified header and the image, else send 304 Not Modified response.
This code seems to work. Have I got it right?
// Get the time the cache file was last modified
$lastModified = filemtime($pPath);
// Issue an HTTP last modified header
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $lastModified) . '
GMT');
if (isset($_GET['If-Modified-Since']))
{
// Split the If-Modified-Since (Netscape < v6 gets this wrong)
$modifiedSince = explode(';', $_GET['If-Modified-Since']);
// Turn the client request If-Modified-Since into a timestamp
$modifiedSince = strtotime($modifiedSince[0]);
}
else
{
$modifiedSince = 0;
}
// Compare time the content was last modified with client cache
if ($lastModified <= $modifiedSince)
{
header('HTTP/1.1 304 Not Modified');
}
else
{
$extention = substr($path, -3);
if ($extention == "jpg")
header("Content-type: image/jpeg");
if ($extention == "gif")
header("Content-type: image/gif");
if ($extention == "bmp")
header("Content-type: image/bmp");
if ($extention == "png")
header("Content-type: image/png");
readfile("$pPath");
}
--- End Message ---
--- Begin Message ---
This code seems to work. Have I got it right?
No. I have not. Sometimes the images are viewed from the cache, just
to get downloaded from the server again next time, just a minute later,
when I try again.
My local development server is running IIS, my production server is
running Apache. Where is the best place to look for If-Modified-Since?
Is $_GET['If-Modified-Since'] a safe bet?
//Anders
--- End Message ---
--- Begin Message ---
Anders Thoresson wrote:
This code seems to work. Have I got it right?
No. I have not. Sometimes the images are viewed from the cache, just to
get downloaded from the server again next time, just a minute later,
when I try again.
My local development server is running IIS, my production server is
running Apache. Where is the best place to look for If-Modified-Since?
Is $_GET['If-Modified-Since'] a safe bet?
it won't be a php-parameter. Seen as the script isn't executed when the
server decides it is the same as the cached version. So only if it deems
not to be, then it runs the script, and when it does that, the script
doesn't need to know anything about modified-since, because that checks
has long since been passed.
This is all an issue between browser and server, and php can't interfere
in between those. However, to do something about it, change the headers
that you send abou caching. These are the pragma headers for HTTP/1.0
(?), and the Cache-Control headers in HTTP/1.1
//Anders
--- End Message ---
--- Begin Message ---
Hello,
In a PHP page I use a form with POST method.
I'd like in the action page recover all the variable posted. Could you tell
me how to do that ?
Thanks,
Christian,
--- End Message ---
--- Begin Message ---
On Sat, 6 Nov 2004 23:32:23 +0100, Christian Ista <[EMAIL PROTECTED]> wrote:
> In a PHP page I use a form with POST method.
>
> I'd like in the action page recover all the variable posted. Could you tell
> me how to do that ?
They are available in the $_POST array.
echo '<pre>';
print_r($_POST);
echo '</pre>';
--
Greg Donald
Zend Certified Engineer
http://gdconsultants.com/
http://destiney.com/
--- End Message ---
