php-general Digest 14 Jan 2012 03:52:33 -0000 Issue 7649
Topics (messages 316287 through 316295):
Re: passing variables to php script
316287 by: Curtis Maurand
316288 by: Curtis Maurand
316289 by: David Savage
advise needed on a mysql select library function
316290 by: Haluk Karamete
316291 by: Haluk Karamete
316294 by: Bastien
how do you fund out if a mysql resource is empty?
316292 by: Haluk Karamete
316293 by: Stuart Dallas
any security issues with this mysql_update function?
316295 by: Haluk Karamete
Administrivia:
To subscribe to the digest, e-mail:
[email protected]
To unsubscribe from the digest, e-mail:
[email protected]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
Make sure IIS is not running. That'll cause all kinds of trouble.
Tim Streater wrote:
> On 13 Jan 2012 at 15:05, David
Savage <[email protected]> wrote:
>
>> I open
the html file up from a windows explorer window (Q:\asterisk\),
>> and so
>> IE opens it up, but the problem lies in
the fact that I cannot find
>> apache
>> service
running in the background...haven't figured out why yet. The
>> "test
>> configuration" start menu option
(under "configure apache server") just
>> displays a
console window for a brief moment, then immediately
>>
disappears.
>> The icon I see near my time says "Running
none of 1 Apache
>> services"....So I
>> have
to get that straightened out first...I believe that's been my
>> problem all
>> along.
>
> Well,
that's going to be part of it, but it's never going to work if you
> open it via Explorer. If you do that, apache won't be involved
whether
> it's running or not. This will only work if you have IE
(or other browser)
> open and put
http://localhost/your-webpage.html into the browser's address
>
bar. Further, both the webpage and PHP file need to be in your
>
document-root. Look in your apache config file for that).
>
> --
> Cheers -- Tim
>
> --
> PHP
General Mailing List (http://www.php.net/)
> To unsubscribe,
visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Tim Streater wrote:
> On 13 Jan 2012 at 15:05, David Savage
<[email protected]> wrote:
>
>> I open the
html file up from a windows explorer window (Q:\asterisk\),
>>
and so
>> IE opens it up, but the problem lies in the fact that
I cannot find
>> apache
>> service running in the
background...haven't figured out why yet. The
>> "test
>> configuration" start menu option (under "configure
apache server") just
>> displays a console window for a
brief moment, then immediately
>> disappears.
>> The
icon I see near my time says "Running none of 1 Apache
>>
services"....So I
>> have to get that straightened out
first...I believe that's been my
>> problem all
>>
along.
>
> Well, that's going to be part of it, but it's
never going to work if you
> open it via Explorer. If you do that,
apache won't be involved whether
> it's running or not. This will
only work if you have IE (or other browser)
> open and put
http://localhost/your-webpage.html into the browser's address
>
bar. Further, both the webpage and PHP file need to be in your
>
document-root. Look in your apache config file for that).
Sorry
for the top post.
Make sure IIS is not running. It'll
cause all kinds of trouble.
--- End Message ---
--- Begin Message ---
thanks for your assistance.
________________________________
From: Tim Streater [mailto:[email protected]]
Sent: Fri 1/13/2012 9:37 AM
To: David Savage
Cc: PHP General List
Subject: Re: RE: RE: [PHP] passing variables to php script
On 13 Jan 2012 at 15:05, David Savage <[email protected]> wrote:
> I open the html file up from a windows explorer window (Q:\asterisk\), and so
> IE opens it up, but the problem lies in the fact that I cannot find apache
> service running in the background...haven't figured out why yet. The "test
> configuration" start menu option (under "configure apache server") just
> displays a console window for a brief moment, then immediately disappears.
> The icon I see near my time says "Running none of 1 Apache services"....So I
> have to get that straightened out first...I believe that's been my problem all
> along.
Well, that's going to be part of it, but it's never going to work if you open
it via Explorer. If you do that, apache won't be involved whether it's running
or not. This will only work if you have IE (or other browser) open and put
http://localhost/your-webpage.html into the browser's address bar. Further,
both the webpage and PHP file need to be in your document-root. Look in your
apache config file for that).
--
Cheers -- Tim
--- End Message ---
--- Begin Message ---
Why discover the wheel, where there are so many qualified pros are
here that pick up their brains...
I'm building a php library of functions, I mean day to day functions
that eases my RAD.
Since I am new to PHP, I'm trying to wrap php's built-in-functions and
funtionalities into new function names of my own creation from my old
ASP library so that I can work within the new php environment - using
still the familiar function names and arguments ... for example, i had
a leftof function which worked as
leftof("abcef","bc") //returns "ef"
//which is the "leftof" the "bc" in the haystack "abcdef".
That's the idea... I have over 100 functions that does all kinds of
things... the goal is to write those functions' php equaivalents. I'm
done with the string and utility functions, now I m getting into db
stuff!
My goal now is to write a one-liner sqlselect functionality which will
work like this
<?php
_select("my_wordpress_database_name_here","SELECT * FROM wp_posts",$result);
//so that I can instantly get into business as follows;
while ($row = mysql_fetch_assoc($result)) {
echo "<li>" . $row['post_title'];
}
basically, what the _select is supposed to do is to take the passed
database name, look that up in a switch statement to get the sql
server, db uid & pwd info and run the whole show all the way until it
puts the results in the $result resource. And I'm already done with
that... I posted the code below... but I want to isolate the switch
statement ( that contains the sqlserver,uid,pwd data ) out from this
library file... I do not want to keep them in the library. ideally,
that info should be kept in say, connection_info.php file...
how would you go about it?
write an include directive ( for the switch section only) and
implement it that way? or is there a better way - such as using a
function for the switch?
please fell free to not only answer this question but also improve the
code segment I posted below. I will be using the principles I gain
from this thread in writing the update,delete and insert versions...
this is where I am now and following code snippet works as intended...
_select( "wordpress_XYZ" , "SELECT * FROM wp_posts" , $result );
while ( $row = mysql_fetch_assoc($result)) {
echo "<li>" . $row['post_title'];
}
function _select($db_name,$sql,&$result)
{
switch (bp_lcase($db_name))
{
case "wordpress_XYZ";
$db_name = ""; // this is usually the same as the 1st
argument
passed by the user
$db_server = "";
$db_username = "";
$db_pass = "";
break;
case " ":
echo "Unknown database.";
die;
break;
default:
echo "Database name not passed";
die;
break;
}
$link = mysql_connect($db_server, $db_username, $db_pass) or
die(mysql_error());
mysql_select_db($db_name, $link) or die(mysql_error());
$result = mysql_query($sql,$link) or die(mysql_error());
mysql_close($link);
}
in the above code, ideally I would want to store the switch stuff
somewhere else... the question is what's the most elegant/proper way
of doing this...
now... that switch could be included as is from a plain file, that's
easy enough...
or it could be put into a function so that _select function internally
calls it and get the handle of the "$link" so that
mysql_select_db($db_name, $link) can run fine... in that case, should
the $link be passed &$ by ref? any issues with that?
which approach is better? or are there other issues that I must be
aware of in starting building such a library?
--- End Message ---
--- Begin Message ---
I'm leaning towards this;
function bp_select($db_name,$sql,&$result)
{
bp_conn($db_name,$db_server,$db_username,$db_pass);
//with that, I pass the $db_name and the rest gets byRef'ed by
the bp_conn! and I keep the bp_conn in a sep. file
$link = mysql_connect($db_server, $db_username, $db_pass) or
die(mysql_error());
mysql_select_db($db_name, $link) or die(mysql_error());
$result = mysql_query($sql,$link) or die(mysql_error());
mysql_close($link);
}
On Fri, Jan 13, 2012 at 11:18 AM, Haluk Karamete
<[email protected]> wrote:
> Why discover the wheel, where there are so many qualified pros are
> here that pick up their brains...
>
> I'm building a php library of functions, I mean day to day functions
> that eases my RAD.
>
> Since I am new to PHP, I'm trying to wrap php's built-in-functions and
> funtionalities into new function names of my own creation from my old
> ASP library so that I can work within the new php environment - using
> still the familiar function names and arguments ... for example, i had
> a leftof function which worked as
>
> leftof("abcef","bc") //returns "ef"
> //which is the "leftof" the "bc" in the haystack "abcdef".
>
> That's the idea... I have over 100 functions that does all kinds of
> things... the goal is to write those functions' php equaivalents. I'm
> done with the string and utility functions, now I m getting into db
> stuff!
>
> My goal now is to write a one-liner sqlselect functionality which will
> work like this
>
> <?php
>
> _select("my_wordpress_database_name_here","SELECT * FROM wp_posts",$result);
>
> //so that I can instantly get into business as follows;
>
> while ($row = mysql_fetch_assoc($result)) {
> echo "<li>" . $row['post_title'];
> }
>
> basically, what the _select is supposed to do is to take the passed
> database name, look that up in a switch statement to get the sql
> server, db uid & pwd info and run the whole show all the way until it
> puts the results in the $result resource. And I'm already done with
> that... I posted the code below... but I want to isolate the switch
> statement ( that contains the sqlserver,uid,pwd data ) out from this
> library file... I do not want to keep them in the library. ideally,
> that info should be kept in say, connection_info.php file...
>
> how would you go about it?
>
> write an include directive ( for the switch section only) and
> implement it that way? or is there a better way - such as using a
> function for the switch?
> please fell free to not only answer this question but also improve the
> code segment I posted below. I will be using the principles I gain
> from this thread in writing the update,delete and insert versions...
>
> this is where I am now and following code snippet works as intended...
>
>
>
> _select( "wordpress_XYZ" , "SELECT * FROM wp_posts" , $result );
>
> while ( $row = mysql_fetch_assoc($result)) {
> echo "<li>" . $row['post_title'];
> }
>
> function _select($db_name,$sql,&$result)
> {
>
>
>
>
> switch (bp_lcase($db_name))
> {
>
> case "wordpress_XYZ";
>
> $db_name = ""; // this is usually the same as the 1st
> argument
> passed by the user
> $db_server = "";
> $db_username = "";
> $db_pass = "";
> break;
>
> case " ":
>
> echo "Unknown database.";
> die;
>
> break;
>
> default:
>
> echo "Database name not passed";
> die;
> break;
>
> }
>
> $link = mysql_connect($db_server, $db_username, $db_pass) or
> die(mysql_error());
> mysql_select_db($db_name, $link) or die(mysql_error());
> $result = mysql_query($sql,$link) or die(mysql_error());
> mysql_close($link);
>
>
>
>
> }
>
> in the above code, ideally I would want to store the switch stuff
> somewhere else... the question is what's the most elegant/proper way
> of doing this...
>
> now... that switch could be included as is from a plain file, that's
> easy enough...
>
> or it could be put into a function so that _select function internally
> calls it and get the handle of the "$link" so that
> mysql_select_db($db_name, $link) can run fine... in that case, should
> the $link be passed &$ by ref? any issues with that?
>
> which approach is better? or are there other issues that I must be
> aware of in starting building such a library?
--- End Message ---
--- Begin Message ---
On 2012-01-13, at 2:18 PM, Haluk Karamete <[email protected]> wrote:
> Why discover the wheel, where there are so many qualified pros are
> here that pick up their brains...
>
> I'm building a php library of functions, I mean day to day functions
> that eases my RAD.
>
> Since I am new to PHP, I'm trying to wrap php's built-in-functions and
> funtionalities into new function names of my own creation from my old
> ASP library so that I can work within the new php environment - using
> still the familiar function names and arguments ... for example, i had
> a leftof function which worked as
>
> leftof("abcef","bc") //returns "ef"
> //which is the "leftof" the "bc" in the haystack "abcdef".
>
> That's the idea... I have over 100 functions that does all kinds of
> things... the goal is to write those functions' php equaivalents. I'm
> done with the string and utility functions, now I m getting into db
> stuff!
>
> My goal now is to write a one-liner sqlselect functionality which will
> work like this
>
> <?php
>
> _select("my_wordpress_database_name_here","SELECT * FROM wp_posts",$result);
>
> //so that I can instantly get into business as follows;
>
> while ($row = mysql_fetch_assoc($result)) {
> echo "<li>" . $row['post_title'];
> }
>
> basically, what the _select is supposed to do is to take the passed
> database name, look that up in a switch statement to get the sql
> server, db uid & pwd info and run the whole show all the way until it
> puts the results in the $result resource. And I'm already done with
> that... I posted the code below... but I want to isolate the switch
> statement ( that contains the sqlserver,uid,pwd data ) out from this
> library file... I do not want to keep them in the library. ideally,
> that info should be kept in say, connection_info.php file...
>
> how would you go about it?
>
> write an include directive ( for the switch section only) and
> implement it that way? or is there a better way - such as using a
> function for the switch?
> please fell free to not only answer this question but also improve the
> code segment I posted below. I will be using the principles I gain
> from this thread in writing the update,delete and insert versions...
>
> this is where I am now and following code snippet works as intended...
>
>
>
> _select( "wordpress_XYZ" , "SELECT * FROM wp_posts" , $result );
>
> while ( $row = mysql_fetch_assoc($result)) {
> echo "<li>" . $row['post_title'];
> }
>
> function _select($db_name,$sql,&$result)
> {
>
>
>
>
> switch (bp_lcase($db_name))
> {
>
> case "wordpress_XYZ";
>
> $db_name = ""; // this is usually the same as the 1st argument
> passed by the user
> $db_server = "";
> $db_username = "";
> $db_pass = "";
> break;
>
> case " ":
>
> echo "Unknown database.";
> die;
>
> break;
>
> default:
>
> echo "Database name not passed";
> die;
> break;
>
> }
>
> $link = mysql_connect($db_server, $db_username, $db_pass) or
> die(mysql_error());
> mysql_select_db($db_name, $link) or die(mysql_error());
> $result = mysql_query($sql,$link) or die(mysql_error());
> mysql_close($link);
>
>
>
>
> }
>
> in the above code, ideally I would want to store the switch stuff
> somewhere else... the question is what's the most elegant/proper way
> of doing this...
>
> now... that switch could be included as is from a plain file, that's
> easy enough...
>
> or it could be put into a function so that _select function internally
> calls it and get the handle of the "$link" so that
> mysql_select_db($db_name, $link) can run fine... in that case, should
> the $link be passed &$ by ref? any issues with that?
>
> which approach is better? or are there other issues that I must be
> aware of in starting building such a library?
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
You seem to be spending time on rebuilding what a lot of frameworks already
have/do.
I suggest looking at them first.
Code igniter
Cake php
Symfony
Zend
Fuelphp
Personally, codeigniter might be the best choice as its not an overwhelming
framework and it's got great docs
Bastien
--- End Message ---
--- Begin Message ---
$result = mysql_query($sql,$link) or die(mysql_error());
how do you find out if $sql returned any recordsets?
is there a fast/super efficient way of finding this out... something
along the lines of is_empty($result) type thing?
--- End Message ---
--- Begin Message ---
On 13 Jan 2012, at 20:01, Haluk Karamete wrote:
> $result = mysql_query($sql,$link) or die(mysql_error());
>
> how do you find out if $sql returned any recordsets?
> is there a fast/super efficient way of finding this out... something
> along the lines of is_empty($result) type thing?
if (mysql_num_rows($result) > 0) {
...
}
http://php.net/mysql_num_rows
And while you're there, have a browse of the function list in the left column.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
--- End Message ---
--- Begin Message ---
I wrote a function "sql_update" which takes a $db_name, a $table_name,
a $where and finally a $data array where data is authored by using an
associative array which allows easy the pairing of field names and
field values.
This is how I build the data array;
$data = array(
'FirstName' => 'John',
'LastName' => "Smith",
'Age' => 90,
);
and this is how I call the function
sql_update("blueprint2012","test_table","where PersonID=1",$data);
And this does it for me, does it very easy and convenient,
but I've got a concern...
If you kindly take a look at the function that does the work
"sql_update" posted below, therein you will see a
"mysql_real_escape_string" being used in an array_map operation.
The question is would simply having "mysql_real_escape_string" in
there will protect me from a SQLInjection? Is it that good?
Or do you think this kind of stuff should be handled before the
function is called at $data building time?
This approach of course would then nullify the need of using
mysql_real_escape_string within the below function.
I'm inclining towards the idea that the below function *should* just
assume that the data is safe ( and therefore not use
"mysql_real_escape_string" ) and that before I call the function, I
should take care of the SQLInjection stuff more transparently, so that
$data is safe and sound as far as both sqlinjection and htmlencode
against XSS.
But then again, if mysql_real_escape_string does the job well and good
enough, why worry?
what say you?
function sql_update($db_name,$table_name,$where,$data)
{
//dies out if something wrong.
//returns $the_number_of_records_effected, if any
//following 3 lines take care of the connection
bp_conn($db_name,$db_server,$db_username,$db_pass);
$link = mysql_connect($db_server, $db_username, $db_pass) or
die(mysql_error());
mysql_select_db($db_name, $link) or die(mysql_error());
$values = array_map('mysql_real_escape_string', array_values($data));
$keys = array_keys($data);
$i=-1;
$string = "SET ";
foreach ($keys as $item)
{
$i++;
$string = $string . "`" . $item . "`='" . $values[$i] . "', ";
}
//echo "[" . $string . "]";
// [SET `FirstName`='John', `LastName`='Smith', `Age`='90', ]
$string = bp_cutthelast($string,2) . " " . $where;
//echo "[" . $string . "]";
// [SET `FirstName`='John', `LastName`='Smith', `Age`='90']
$update_sql_statement = 'UPDATE `'.$table_name. "` " . $string;
//echo $update_sql_statement;
//outputs UPDATE `test_table` SET `FirstName`='John',
`LastName`='Smith', `Age`='90' where PersonID=1
if (mysql_query($update_sql_statement,$link ))
{
return mysql_affected_rows ($link);
mysql_close($link);
}
else
{
echo "error SQL FAILS " . mysql_error();
mysql_close($link) ;
die;
return null;
}
}
--- End Message ---
