RE: [PHP-DB] Submitting form from

[Sean Mumford]

 Couldn't you achieve the same effect without javascript by simply using GET
values instead of post? As in each hyperlink would say something like A B,
although perhaps you're trying to intentionally avoid using GET as to not
clutter up their browser history.
..
-Original Message-
From: Andrew Kreps [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 14, 2006 7:15 PM
To: Skip Evans
Cc: Php-Db
Subject: Re: [PHP-DB] Submitting form from 


function submitForm (letter)
{
document.search.letter.value = letter;//
Here's where we're
setting the form value 'letter' to the letter the user clicked on.
document.search.submit();   // Then, submit
the form.
}




  
 Search all
campuses


$letter ";
}
?>




-

The receiving end of the form looks much as you might expect, it just parses
the form values:

--



\n";
}
else
{
print "Checkbox value is: False\n"; }

print "Letter: " . $_POST["letter"];
?>





And there you go!  Let me know if you have any problems.



On 7/14/06, Skip Evans <[EMAIL PROTECTED]> wrote:
> Hey all,
>
> This is not database related, but I get the impression this list 
> entertains general PHP questions? If I'm mistaken, flame away.
>
> I need submit a form when a hyper link is pressed, and have been 
> trying all manner of onlicks, etc, but have been unable to hit the 
> right combination.
>
> Here's the scenario:
>
> I have the alphabet in hyper links with a check box below:
>
>
> 
> A B C D E F G H I J K.
>
> [] check for all campuses
> 
>
> What needs to happen is that when they click a
> letter, which is a  now, it submits
> the check box value as well, to be read through
> $_POST on the receiving end.
>
> And of course I need to know what letter was
> click, this I was trying to get through a
> $_REQUEST var, but was not able to do so.
>
> Any tips would be monstrously appreciated.
> --
> Skip Evans
> Big Sky Penguin, LLC
> 61 W Broadway
> Butte, Montana 59701
> 406-782-2240
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DB] MD5, MySQL, and salts

[Sean Mumford]

Hi Guys,
I'm working on securing user passwords in a MySQL 4 database with a PHP5
frontend. I remember being told in one of my classes (I'm currently a
college junior) that the best way would be to hash a salt and the password
together and then store the hash in the database instead of the plain MD5
hash. My question is, what is a good method for the server and the database
to agree on a salt value to use? I know i could use a predefined variable,
but I was wondering if something dynamic might be better (timestamp, current
date, something like that). Any ideas? Thanks in advance!
-Sean

[PHP-DB] Installing PEAR

[Sean Mumford]

I know this may be a bit off-topic, but I would like to use the PEAR library
to implement some of my database functions. Unfortunately, the PEAR
documentation is woefully incomplete and as a result i've been unable to
install it properly. Here's the procedure i went through:
 
PHP Version: 5.1.2
Apache Version: 2.0.55
MySQL Version: 5.0.18
Windows XP Pro
 
1. launch the go-pear batch file
2. select system-wide installation
3. use default install directories: (Seems fine to me since PHP is installed
into C:\PHP)
Installation Base ($prefix) C:\PHP
Binaries DirectoryC:\PHP
PHP code Directory ($php_dir)  C:\PHP\pear
Documentation Directory  C:\PHP\pear\docs
Data Directory C:\PHP\pear\data
Tests DirectoryC:\PHP\pear\tests
Name of Configuration FileC:\WINDOWS\pear.ini
Path to CLI php.exe C:\PHP\.
 
4. The batch file tells me pear is installed
5. I add the environment variable via the PEAR_ENV.reg file
6. add the line "require db.php" and load to this message:
Warning: require(DB.php) [function.require
 ]: failed to open stream: No such file
or directory in C:\wwwroot\phpinfo.php on line 2
Fatal error: require() [function.require 
]: Failed opening required 'DB.php' (include_path='.;C:\PHP\pear') in
C:\wwwroot\phpinfo.php on line 2 
7. Figure DB might not be installed by default, so follow the website's
instructions by attempting to call it from the command line:
pear install db = not recognized as internal or external command, bla bla
bla
c:\php\pear install db = see above
c:\php\pear\pear install db = see above
8. get annoyed, go back to phpinfo file, remove erroneous line and look for
references to PEAR, come up with the following (only) line:
  include_path  .;C:\PHP\pear   .;
C:\PHP\pear
9. Go crazy, hit cute, fuzzy animals.
 
I apolagize for the length of my e-mail, but I know that being thorough
helps most of the time. Does anyone have any advice or ideas?

[PHP-DB] Database storage and Sessions

[Sean Mumford]

Hi guys,
I'm trying to create a small, publicly accessable database where security is
a concern since want some users to have administrative access and others not
to. The backend is MySQL 5.0.18 with PHP 5.1.2 on an Apache 2.0.55 server,
and I am curious as to how much my session code and my database should
interact to achieve a good balance of security and speed/overhead. I have
come up with several approaches:
 
1. Use sessions to send the username and password from the website to the
database, where the database will authenticate it and allow that user to log
in with pre-defined privaledges. Administrators could create database user
accounts.
2. Use sessions to store usernames and passwords completely in PHP, and then
have a single non-administrative account that the PHP would use to access
the database. A similar method would be used for administrative accounts as
well.
3. Store all session-related information in the database (might be faster
than using PHP to store the info?).
 
As I said before, i'm trying to implement a reasonable amount of security
without significantly impacting the overal speed of my system (frontend &
backend). Any advice?
 
-Sean