Re: [PHP-DB] Help with file upload
I used this code now:
if (is_uploaded_file($_FILES['ufile1']['tmp_name'])) {
move_uploaded_file($_FILES['ufile1']['tmp_name'],'./' .
$_FILES['ufile1']['name']);
This is the reply I got:
Warning: move_uploaded_file(./ayservenet.jpg): failed to open stream:
Permission denied in /home/ayserve/public_html/fu/fuprocess.php on line 6
Warning: move_uploaded_file(): Unable to move '/tmp/phpfJyDSw' to
'./ayservenet.jpg' in /home/ayserve/public_html/fu/fuprocess.php on line 6
ayservenet.jpg DONE Array ( [ufile1] = Array ( [name] = ayservenet.jpg
[type] = image/pjpeg [tmp_name] = /tmp/phpfJyDSw [error] = 0 [size]
= 3030 ) )
I had experienced this also on Windows IIS now it is also coming on my
Linux yet I have full access to the two servers.
Bunmi
John W. Holmes wrote:
Bunmi Akinmboni wrote:
His is the new code:
?php
if (is_uploaded_file($_FILES['ufile1']['tmp_name'])) {
copy($_FILES['ufile1']['tmp_name'], .);
You should be using move_uploaded_file() instead of copy(), first of all.
Next, the two arguments passed to either copy() or move_uploaded_file()
are _filenames_, not directories. So something like
move_uploaded_file($_FILES['ufile1']['tmp_name'],'./' .
$_FILES['ufile1']['name']);
is probably what you're after.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
For the message:
Warning: move_uploaded_file(./ayservenet.jpg): failed to open stream:
Permission denied in /home/ayserve/public_html/fu/fuprocess.php on line 6
you have to change the permissions of the file folder where you are copying
the file.
If you created it via FTP then you can't use copy() or move().
check:
echo fileperms( $folder );
if it's 33188 or 33279 it's ok but I think it is not the permission of your
folder.
I think you'll get 17901 or some other.
so you have to use ftp_chmod() of ftp_site() to change it..
try this:
$folderbase = folderbase; // it's the folder where your folder for
uploads is.
$folder = foldername;// it's your folder for uploads.
$mode = 0777;
$site = ftp_connect ( ftp.yourdomain.com );
if( $site != FALSE ) {
$loged = ftp_login( $site , your username, your password );
if( $loged ) {
ftp_chdir( $site , $folder );
ftp_site( $site , chmod $mode $folder );
}
ftp_quit( $site );
John W. Holmes [EMAIL PROTECTED] escribió en el mensaje
news:[EMAIL PROTECTED]
Bunmi Akinmboni wrote:
Pls Help.
I have done a lot of reading prior to this yet I just can't seem make it
work. I wrote an upload program as seen below but the response I got
was:
Possible file upload attack. Filename: ayservenet.jpg Array ( [ufile1]
= Array ( [name] = ayservenet.jpg [type] = image/pjpeg [tmp_name] =
/tmp/phpIMEhdh [error] = 0 [size] = 3030 ) )
[snip]
if (is_uploaded_file($_FILES['ufile1']['name'])) {
copy($_FILES['ufile1']['name'], .);
echo $ufile1_name ;
echo DONE;
echo ;
print_r($_FILES);
} else {
echo Possible file upload attack. Filename: .
$_FILES['ufile1']['name'];
echo ;
print_r($_FILES);
}
?
You should pass $_FILES['ufile1']['tmp_name'] to is_uploaded_file().
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals www.phparch.com
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: Help with file upload
I made a mistake in my last message:
The lines that say:
ftp_chdir( $site , $folder );
ftp_site( $site , chmod $mode $folder );
should say:
ftp_chdir( $site , $folderbase );// this is the one that
was wrong
ftp_site( $site , chmod $mode $folder );
Bunmi Akinmboni [EMAIL PROTECTED] escribió en el mensaje
news:[EMAIL PROTECTED]
Pls Help.
I have done a lot of reading prior to this yet I just can't seem make it
work. I wrote an upload program as seen below but the response I got was:
Possible file upload attack. Filename: ayservenet.jpg Array ( [ufile1]
= Array ( [name] = ayservenet.jpg [type] = image/pjpeg [tmp_name] =
/tmp/phpIMEhdh [error] = 0 [size] = 3030 ) )
My codes are:
File UPLOAD.HTM:
html
head
titleUntitled Document/title
meta http-equiv=Content-Type content=text/html; charset=iso-8859-1
/head
body
form method=post action=fuprocess.php enctype=multipart/form-data
input type=file name=ufile1 size=20
input type=submit name=submit value=submit
/form
/body
/html
File FUPROCESS.PHP:
?php
// In PHP earlier then 4.1.0, $HTTP_POST_FILES should be used instead
of $_FILES.
// $realname = $_FILES['ufile1']['name'];
if (is_uploaded_file($_FILES['ufile1']['name'])) {
copy($_FILES['ufile1']['name'], .);
echo $ufile1_name ;
echo DONE;
echo ;
print_r($_FILES);
} else {
echo Possible file upload attack. Filename: .
$_FILES['ufile1']['name'];
echo ;
print_r($_FILES);
}
?
Thanks.
--
'Bunmi Akinmboni
5, Aibu Street, Off Bode Thomas Street,
P.O. Box 6235, Surulere, Lagos, NIGERIA.
Tel: (234) 1-813-3335
Fax: (234) 1-583-2585 (Nigeria Only)
Fax: 1 (309) 285-2383 (International)
Email: [EMAIL PROTECTED]
Web site: http://www.budelak.com
http://www.ayserve.net
Web Design, Web Hosting, Domain Registration, ICT Consultancy,
Networking, Internet, eCommerce, System Integrator
===
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] more about permissions
Have in mind that some permissions can be changed only via FTP but some other can only be changed useing chmod(). If you want more security you should set the permission in the moment of the upload and change it again after it. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Another way.
You can also pass the variable via POST to the script where the function is.
It remains a local variable.
Or you can set it as global like Chris says.
And another way is puting it in a cookie.
Adam Symonds [EMAIL PROTECTED] escribió en el mensaje
news:[EMAIL PROTECTED]
Hi,
I am starting to us functions with my work but I am having troubles
With the variables in the functions..
If I have the following function called from my page it will work but the
variable won't
($username)
but if I put this code straight on the page then it works fine..
Any reason for the variable not to work in the function but in straight
coding?
Thanx
Sample Function Below:
==
function LoginSystem()
{
echo div align=right;
if ( !isset( $_SESSION['login'] ) ) {
echo form action=../Users/Login.php method=post;
echo font size=1Username: /fontinput name=user type=text
size=10nbsp;font size=1Password: /fontinput name=pass type=password
size=10nbsp;input type=submit value=GObr;
echo a href=../Register.phpfont size=1Not A Member
Yet?/font/font/anbsp;;
echo /form;
} else {
echo font size=1Welcome $username nbsp;nbsp;nbsp;a
href=../Users/Logout.phpfont
size=1Logout/anbsp;nbsp;nbsp;/font/fontbrbr;
}
echo /div;
}
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] About security.
In your code, where you have:
if (is_uploaded_file($_FILES['ufile1']['name'])) {
copy($_FILES['ufile1']['name'], .);
...
you should check the extension of the file been uploaded
you should'n accept files with php, cgi, asp, etc., extensions neither an
index file
if you do, some user (hacker) could upload a script and would be inside your
server
then check this:
if (is_uploaded_file($_FILES['ufile1']['name'])) {
if ( the file is not a script ){
copy($_FILES['ufile1']['name'], .);
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
On Thu, 2003-10-16 at 07:14, John W. Holmes wrote: Bunmi Akinmboni wrote: Warning: move_uploaded_file(./ayservenet.jpg): failed to open stream: Permission denied in /home/ayserve/public_html/fu/fuprocess.php on line 6 PHP runs as the web server and it does not have permission to write to the current directory. If you're using IIS, PHP runs as the IUSR_computer_name user. And how is it by running Linux. I've a similar problem with my provider in uploading files via php. The permissions in the html-subdir are set that all persons have write-permissions. At the moment I work with a workaround that by using email to transfer the file to me to be uploaded via ftp. But the way should be that the user should be able to upload a file by himselve via PHP. Regards, Ruprecht -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Sorry, About security is for this discution.
The message About security is for Help with file upload. I placed the message outside. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
I just changed the permission on fu folder to 777 but it gives me the
same problem. I'm writing this script so that I can use it to upload to
jpeg files. The code is hereby attached.
Gabriel Peugnet wrote:
For the message:
Warning: move_uploaded_file(./ayservenet.jpg): failed to open stream:
Permission denied in /home/ayserve/public_html/fu/fuprocess.php on line 6
you have to change the permissions of the file folder where you are copying
the file.
If you created it via FTP then you can't use copy() or move().
check:
echo fileperms( $folder );
if it's 33188 or 33279 it's ok but I think it is not the permission of your
folder.
I think you'll get 17901 or some other.
so you have to use ftp_chmod() of ftp_site() to change it..
try this:
$folderbase = folderbase; // it's the folder where your folder for
uploads is.
$folder = foldername;// it's your folder for uploads.
$mode = 0777;
$site = ftp_connect ( ftp.yourdomain.com );
if( $site != FALSE ) {
$loged = ftp_login( $site , your username, your password );
if( $loged ) {
ftp_chdir( $site , $folder );
ftp_site( $site , chmod $mode $folder );
}
ftp_quit( $site );
John W. Holmes [EMAIL PROTECTED] escribi en el mensaje
news:[EMAIL PROTECTED]
Bunmi Akinmboni wrote:
Pls Help.
I have done a lot of reading prior to this yet I just can't seem make it
work. I wrote an upload program as seen below but the response I got
was:
Possible file upload attack. Filename: ayservenet.jpg Array ( [ufile1]
= Array ( [name] = ayservenet.jpg [type] = image/pjpeg [tmp_name] =
/tmp/phpIMEhdh [error] = 0 [size] = 3030 ) )
[snip]
if (is_uploaded_file($_FILES['ufile1']['name'])) {
copy($_FILES['ufile1']['name'], .);
echo $ufile1_name ;
echo DONE;
echo ;
print_r($_FILES);
} else {
echo Possible file upload attack. Filename: .
$_FILES['ufile1']['name'];
echo ;
print_r($_FILES);
}
?
You should pass $_FILES['ufile1']['tmp_name'] to is_uploaded_file().
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals www.phparch.com
--
'Bunmi Akinmboni
5, Aibu Street, Off Bode Thomas Street,
P.O. Box 6235, Surulere, Lagos, NIGERIA.
Tel: (234) 1-813-3335
Fax: (234) 1-583-2585 (Nigeria Only)
Fax: 1 (309) 285-2383 (International)
Email: [EMAIL PROTECTED]
Web site: http://www.budelak.com
http://www.ayserve.net
Web Design, Web Hosting, Domain Registration, ICT Consultancy,
Networking, Internet, eCommerce, System Integrator
===
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
I just changed the permission on fu folder to 777 but it gives me the
same problem. I'm writing this script so that I can use it to upload to
jpeg files. The code is hereby attached.
Bunmi
Gabriel Peugnet wrote:
For the message:
Warning: move_uploaded_file(./ayservenet.jpg): failed to open stream:
Permission denied in /home/ayserve/public_html/fu/fuprocess.php on line 6
you have to change the permissions of the file folder where you are copying
the file.
If you created it via FTP then you can't use copy() or move().
check:
echo fileperms( $folder );
if it's 33188 or 33279 it's ok but I think it is not the permission of your
folder.
I think you'll get 17901 or some other.
so you have to use ftp_chmod() of ftp_site() to change it..
try this:
$folderbase = folderbase; // it's the folder where your folder for
uploads is.
$folder = foldername;// it's your folder for uploads.
$mode = 0777;
$site = ftp_connect ( ftp.yourdomain.com );
if( $site != FALSE ) {
$loged = ftp_login( $site , your username, your password );
if( $loged ) {
ftp_chdir( $site , $folder );
ftp_site( $site , chmod $mode $folder );
}
ftp_quit( $site );
John W. Holmes [EMAIL PROTECTED] escribi en el mensaje
news:[EMAIL PROTECTED]
Bunmi Akinmboni wrote:
Pls Help.
I have done a lot of reading prior to this yet I just can't seem make it
work. I wrote an upload program as seen below but the response I got
was:
Possible file upload attack. Filename: ayservenet.jpg Array ( [ufile1]
= Array ( [name] = ayservenet.jpg [type] = image/pjpeg [tmp_name] =
/tmp/phpIMEhdh [error] = 0 [size] = 3030 ) )
[snip]
if (is_uploaded_file($_FILES['ufile1']['name'])) {
copy($_FILES['ufile1']['name'], .);
echo $ufile1_name ;
echo DONE;
echo ;
print_r($_FILES);
} else {
echo Possible file upload attack. Filename: .
$_FILES['ufile1']['name'];
echo ;
print_r($_FILES);
}
?
You should pass $_FILES['ufile1']['tmp_name'] to is_uploaded_file().
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals www.phparch.com
--
'Bunmi Akinmboni
5, Aibu Street, Off Bode Thomas Street,
P.O. Box 6235, Surulere, Lagos, NIGERIA.
Tel: (234) 1-813-3335
Fax: (234) 1-583-2585 (Nigeria Only)
Fax: 1 (309) 285-2383 (International)
Email: [EMAIL PROTECTED]
Web site: http://www.budelak.com
http://www.ayserve.net
Web Design, Web Hosting, Domain Registration, ICT Consultancy,
Networking, Internet, eCommerce, System Integrator
===
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
Bunmi, you need to understand Unix file permissions.
Because you are running as the web server 'user / group' that user needs
permission to write to the directory you are specifying. In this case you
are trying to circumvent filesystem access controls by writing directly to
the root directory of the filesystem !
So you need to adjust your path to for example
/home/ayserve/public_html/fu/uploads/
*** Then*** You need to adjust the permission on this directory to allow
write access to the web server. You can do this from most FTP clients
(dreamweaver has a plugin to adjust the permissions of the directory). It
needs to be mode 660 or 666 for testing, you can tighten up the permissions
later.
If you absolutely cant do this by FTP somehow, try using
chmod(/home/ayserve/public_html/fu/uploads/,100666);
execute your upload after extensive file type checks
chmod(/home/ayserve/public_html/fu/uploads/,100755);
To change it back again to a safe setting as soon as possible !
666 corresponds to user-group-everybody, rwx and 660 to rw (no execute
permission). Finally, 755 allows owner rwx and others rx permission -
execute permission needs to be set again afterwards to allow the web server
to traverse (read) the directory again.
PS _ Can you remind me again how this is related to Databases in PHP, the
topic of this list ;-)
Cheers - Neil.
At 06:25 16/10/2003 +, you wrote:
Message-ID: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Thu, 16 Oct 2003 06:09:07 +0100
From: Bunmi Akinmboni [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DB] Help with file upload
I used this code now:
if (is_uploaded_file($_FILES['ufile1']['tmp_name'])) {
move_uploaded_file($_FILES['ufile1']['tmp_name'],'./' .
$_FILES['ufile1']['name']);
This is the reply I got:
Warning: move_uploaded_file(./ayservenet.jpg): failed to open stream:
Permission denied in /home/ayserve/public_html/fu/fuprocess.php on line 6
Warning: move_uploaded_file(): Unable to move '/tmp/phpfJyDSw' to
'./ayservenet.jpg' in /home/ayserve/public_html/fu/fuprocess.php on line 6
ayservenet.jpg DONE Array ( [ufile1] = Array ( [name] = ayservenet.jpg
[type] = image/pjpeg [tmp_name] = /tmp/phpfJyDSw [error] = 0 [size] =
3030 ) )
I had experienced this also on Windows IIS now it is also coming on my
Linux yet I have full access to the two servers.
Bunmi
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
Thanks Neil. My ultimate aim to update my database with the details of
the upload after it uploads successfully, but I need to solve this
problem first.
The folder already has permission 777.
Bunmi
Neil Smth wrote:
Bunmi, you need to understand Unix file permissions.
Because you are running as the web server 'user / group' that user needs
permission to write to the directory you are specifying. In this case
you are trying to circumvent filesystem access controls by writing
directly to the root directory of the filesystem !
So you need to adjust your path to for example
/home/ayserve/public_html/fu/uploads/
*** Then*** You need to adjust the permission on this directory to allow
write access to the web server. You can do this from most FTP clients
(dreamweaver has a plugin to adjust the permissions of the directory).
It needs to be mode 660 or 666 for testing, you can tighten up the
permissions later.
If you absolutely cant do this by FTP somehow, try using
chmod(/home/ayserve/public_html/fu/uploads/,100666);
execute your upload after extensive file type checks
chmod(/home/ayserve/public_html/fu/uploads/,100755);
To change it back again to a safe setting as soon as possible !
666 corresponds to user-group-everybody, rwx and 660 to rw (no execute
permission). Finally, 755 allows owner rwx and others rx permission -
execute permission needs to be set again afterwards to allow the web
server to traverse (read) the directory again.
PS _ Can you remind me again how this is related to Databases in PHP,
the topic of this list ;-)
Cheers - Neil.
At 06:25 16/10/2003 +, you wrote:
Message-ID: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Thu, 16 Oct 2003 06:09:07 +0100
From: Bunmi Akinmboni [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DB] Help with file upload
I used this code now:
if (is_uploaded_file($_FILES['ufile1']['tmp_name'])) {
move_uploaded_file($_FILES['ufile1']['tmp_name'],'./' .
$_FILES['ufile1']['name']);
This is the reply I got:
Warning: move_uploaded_file(./ayservenet.jpg): failed to open stream:
Permission denied in /home/ayserve/public_html/fu/fuprocess.php on line 6
Warning: move_uploaded_file(): Unable to move '/tmp/phpfJyDSw' to
'./ayservenet.jpg' in /home/ayserve/public_html/fu/fuprocess.php on
line 6
ayservenet.jpg DONE Array ( [ufile1] = Array ( [name] =
ayservenet.jpg [type] = image/pjpeg [tmp_name] = /tmp/phpfJyDSw
[error] = 0 [size] = 3030 ) )
I had experienced this also on Windows IIS now it is also coming on my
Linux yet I have full access to the two servers.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
Neil,
The folder fu is not the root. I just created it for testing and it has
777 permission. My ultimate aim is to update a database upon successful
uploading.
Bunmi
Neil Smth wrote:
Bunmi, you need to understand Unix file permissions.
Because you are running as the web server 'user / group' that user needs
permission to write to the directory you are specifying. In this case
you are trying to circumvent filesystem access controls by writing
directly to the root directory of the filesystem !
So you need to adjust your path to for example
/home/ayserve/public_html/fu/uploads/
*** Then*** You need to adjust the permission on this directory to allow
write access to the web server. You can do this from most FTP clients
(dreamweaver has a plugin to adjust the permissions of the directory).
It needs to be mode 660 or 666 for testing, you can tighten up the
permissions later.
If you absolutely cant do this by FTP somehow, try using
chmod(/home/ayserve/public_html/fu/uploads/,100666);
execute your upload after extensive file type checks
chmod(/home/ayserve/public_html/fu/uploads/,100755);
To change it back again to a safe setting as soon as possible !
666 corresponds to user-group-everybody, rwx and 660 to rw (no execute
permission). Finally, 755 allows owner rwx and others rx permission -
execute permission needs to be set again afterwards to allow the web
server to traverse (read) the directory again.
PS _ Can you remind me again how this is related to Databases in PHP,
the topic of this list ;-)
Cheers - Neil.
At 06:25 16/10/2003 +, you wrote:
Message-ID: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Thu, 16 Oct 2003 06:09:07 +0100
From: Bunmi Akinmboni [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DB] Help with file upload
I used this code now:
if (is_uploaded_file($_FILES['ufile1']['tmp_name'])) {
move_uploaded_file($_FILES['ufile1']['tmp_name'],'./' .
$_FILES['ufile1']['name']);
This is the reply I got:
Warning: move_uploaded_file(./ayservenet.jpg): failed to open stream:
Permission denied in /home/ayserve/public_html/fu/fuprocess.php on line 6
Warning: move_uploaded_file(): Unable to move '/tmp/phpfJyDSw' to
'./ayservenet.jpg' in /home/ayserve/public_html/fu/fuprocess.php on
line 6
ayservenet.jpg DONE Array ( [ufile1] = Array ( [name] =
ayservenet.jpg [type] = image/pjpeg [tmp_name] = /tmp/phpfJyDSw
[error] = 0 [size] = 3030 ) )
I had experienced this also on Windows IIS now it is also coming on my
Linux yet I have full access to the two servers.
Bunmi
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
permission is ok but it's got to be inside the home directory of web server,
which is /var/www by default for apache
Nitin
- Original Message -
From: Bunmi Akinmboni [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, October 16, 2003 1:28 PM
Subject: Re: [PHP-DB] Help with file upload
Thanks Neil. My ultimate aim to update my database with the details of
the upload after it uploads successfully, but I need to solve this
problem first.
The folder already has permission 777.
Bunmi
Neil Smth wrote:
Bunmi, you need to understand Unix file permissions.
Because you are running as the web server 'user / group' that user needs
permission to write to the directory you are specifying. In this case
you are trying to circumvent filesystem access controls by writing
directly to the root directory of the filesystem !
So you need to adjust your path to for example
/home/ayserve/public_html/fu/uploads/
*** Then*** You need to adjust the permission on this directory to allow
write access to the web server. You can do this from most FTP clients
(dreamweaver has a plugin to adjust the permissions of the directory).
It needs to be mode 660 or 666 for testing, you can tighten up the
permissions later.
If you absolutely cant do this by FTP somehow, try using
chmod(/home/ayserve/public_html/fu/uploads/,100666);
execute your upload after extensive file type checks
chmod(/home/ayserve/public_html/fu/uploads/,100755);
To change it back again to a safe setting as soon as possible !
666 corresponds to user-group-everybody, rwx and 660 to rw (no execute
permission). Finally, 755 allows owner rwx and others rx permission -
execute permission needs to be set again afterwards to allow the web
server to traverse (read) the directory again.
PS _ Can you remind me again how this is related to Databases in PHP,
the topic of this list ;-)
Cheers - Neil.
At 06:25 16/10/2003 +, you wrote:
Message-ID: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Thu, 16 Oct 2003 06:09:07 +0100
From: Bunmi Akinmboni [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DB] Help with file upload
I used this code now:
if (is_uploaded_file($_FILES['ufile1']['tmp_name'])) {
move_uploaded_file($_FILES['ufile1']['tmp_name'],'./' .
$_FILES['ufile1']['name']);
This is the reply I got:
Warning: move_uploaded_file(./ayservenet.jpg): failed to open stream:
Permission denied in /home/ayserve/public_html/fu/fuprocess.php on line
6
Warning: move_uploaded_file(): Unable to move '/tmp/phpfJyDSw' to
'./ayservenet.jpg' in /home/ayserve/public_html/fu/fuprocess.php on
line 6
ayservenet.jpg DONE Array ( [ufile1] = Array ( [name] =
ayservenet.jpg [type] = image/pjpeg [tmp_name] = /tmp/phpfJyDSw
[error] = 0 [size] = 3030 ) )
I had experienced this also on Windows IIS now it is also coming on my
Linux yet I have full access to the two servers.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
HI Nitin,
Is that not dangerous as it will affect the entire server structure?
Bunmi
Nitin wrote:
permission is ok but it's got to be inside the home directory of web server,
which is /var/www by default for apache
Nitin
- Original Message -
From: Bunmi Akinmboni [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, October 16, 2003 1:28 PM
Subject: Re: [PHP-DB] Help with file upload
Thanks Neil. My ultimate aim to update my database with the details of
the upload after it uploads successfully, but I need to solve this
problem first.
The folder already has permission 777.
Bunmi
Neil Smth wrote:
Bunmi, you need to understand Unix file permissions.
Because you are running as the web server 'user / group' that user needs
permission to write to the directory you are specifying. In this case
you are trying to circumvent filesystem access controls by writing
directly to the root directory of the filesystem !
So you need to adjust your path to for example
/home/ayserve/public_html/fu/uploads/
*** Then*** You need to adjust the permission on this directory to allow
write access to the web server. You can do this from most FTP clients
(dreamweaver has a plugin to adjust the permissions of the directory).
It needs to be mode 660 or 666 for testing, you can tighten up the
permissions later.
If you absolutely cant do this by FTP somehow, try using
chmod(/home/ayserve/public_html/fu/uploads/,100666);
execute your upload after extensive file type checks
chmod(/home/ayserve/public_html/fu/uploads/,100755);
To change it back again to a safe setting as soon as possible !
666 corresponds to user-group-everybody, rwx and 660 to rw (no execute
permission). Finally, 755 allows owner rwx and others rx permission -
execute permission needs to be set again afterwards to allow the web
server to traverse (read) the directory again.
PS _ Can you remind me again how this is related to Databases in PHP,
the topic of this list ;-)
Cheers - Neil.
At 06:25 16/10/2003 +, you wrote:
Message-ID: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Thu, 16 Oct 2003 06:09:07 +0100
From: Bunmi Akinmboni [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DB] Help with file upload
I used this code now:
if (is_uploaded_file($_FILES['ufile1']['tmp_name'])) {
move_uploaded_file($_FILES['ufile1']['tmp_name'],'./' .
$_FILES['ufile1']['name']);
This is the reply I got:
Warning: move_uploaded_file(./ayservenet.jpg): failed to open stream:
Permission denied in /home/ayserve/public_html/fu/fuprocess.php on line
6
Warning: move_uploaded_file(): Unable to move '/tmp/phpfJyDSw' to
'./ayservenet.jpg' in /home/ayserve/public_html/fu/fuprocess.php on
line 6
ayservenet.jpg DONE Array ( [ufile1] = Array ( [name] =
ayservenet.jpg [type] = image/pjpeg [tmp_name] = /tmp/phpfJyDSw
[error] = 0 [size] = 3030 ) )
I had experienced this also on Windows IIS now it is also coming on my
Linux yet I have full access to the two servers.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
i dont understand, what are you saying dangerous to...
i just gave an example, at your machine home directory of web server could
be entirely different.
anyway read my last mail
Nitin
- Original Message -
From: Bunmi Akinmboni [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, October 16, 2003 1:56 PM
Subject: Re: [PHP-DB] Help with file upload
HI Nitin,
Is that not dangerous as it will affect the entire server structure?
Bunmi
Nitin wrote:
permission is ok but it's got to be inside the home directory of web
server,
which is /var/www by default for apache
Nitin
- Original Message -
From: Bunmi Akinmboni [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, October 16, 2003 1:28 PM
Subject: Re: [PHP-DB] Help with file upload
Thanks Neil. My ultimate aim to update my database with the details of
the upload after it uploads successfully, but I need to solve this
problem first.
The folder already has permission 777.
Bunmi
Neil Smth wrote:
Bunmi, you need to understand Unix file permissions.
Because you are running as the web server 'user / group' that user
needs
permission to write to the directory you are specifying. In this case
you are trying to circumvent filesystem access controls by writing
directly to the root directory of the filesystem !
So you need to adjust your path to for example
/home/ayserve/public_html/fu/uploads/
*** Then*** You need to adjust the permission on this directory to
allow
write access to the web server. You can do this from most FTP clients
(dreamweaver has a plugin to adjust the permissions of the directory).
It needs to be mode 660 or 666 for testing, you can tighten up the
permissions later.
If you absolutely cant do this by FTP somehow, try using
chmod(/home/ayserve/public_html/fu/uploads/,100666);
execute your upload after extensive file type checks
chmod(/home/ayserve/public_html/fu/uploads/,100755);
To change it back again to a safe setting as soon as possible !
666 corresponds to user-group-everybody, rwx and 660 to rw (no execute
permission). Finally, 755 allows owner rwx and others rx permission -
execute permission needs to be set again afterwards to allow the web
server to traverse (read) the directory again.
PS _ Can you remind me again how this is related to Databases in PHP,
the topic of this list ;-)
Cheers - Neil.
At 06:25 16/10/2003 +, you wrote:
Message-ID: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Thu, 16 Oct 2003 06:09:07 +0100
From: Bunmi Akinmboni [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DB] Help with file upload
I used this code now:
if (is_uploaded_file($_FILES['ufile1']['tmp_name'])) {
move_uploaded_file($_FILES['ufile1']['tmp_name'],'./' .
$_FILES['ufile1']['name']);
This is the reply I got:
Warning: move_uploaded_file(./ayservenet.jpg): failed to open stream:
Permission denied in /home/ayserve/public_html/fu/fuprocess.php on
line
6
Warning: move_uploaded_file(): Unable to move '/tmp/phpfJyDSw' to
'./ayservenet.jpg' in /home/ayserve/public_html/fu/fuprocess.php on
line 6
ayservenet.jpg DONE Array ( [ufile1] = Array ( [name] =
ayservenet.jpg [type] = image/pjpeg [tmp_name] = /tmp/phpfJyDSw
[error] = 0 [size] = 3030 ) )
I had experienced this also on Windows IIS now it is also coming on my
Linux yet I have full access to the two servers.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: Variables not working within Functions
==
function LoginSystem()
{
global $username;
echo div align=right;
if ( !isset( $_SESSION['login'] ) ) {
Adam Symonds wrote:
Hi,
I am starting to us functions with my work but I am having troubles
With the variables in the functions..
If I have the following function called from my page it will work but the
variable wont
($username)
but if I put this code straight on the page then it works fine..
Any reason for the variable not to work in the function but in straight
coding?
Thanx
Sample Function Below:
==
function LoginSystem()
{
echo div align=right;
if ( !isset( $_SESSION['login'] ) ) {
echo form action=../Users/Login.php method=post;
echo font size=1Username: /fontinput name=user type=text
size=10nbsp;font size=1Password: /fontinput name=pass type=password
size=10nbsp;input type=submit value=GObr;
echo a href=../Register.phpfont size=1Not A Member
Yet?/font/font/anbsp;;
echo /form;
} else {
echo font size=1Welcome $username nbsp;nbsp;nbsp;a
href=../Users/Logout.phpfont
size=1Logout/anbsp;nbsp;nbsp;/font/fontbrbr;
}
echo /div;
}
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Sessions and MySQL?
Not sure if this is a MySQL Q. or a PHP one, but here goes...
I'm just learning sessions...
And I'm trying to add a session variable to a MySQL database.
I've done this page that takes the results from a previous form...
But I get this error:
Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or
`T_NUM_STRING'
On line 83
Which is the line that relates to the line:
\$_SESSION['salutation'];\,
I've tried removing the ';' but it change nothing...?
Can anyone see my error?
=
?
session_start();
header(Cache-control: private);
$_SESSION['salutation'] = $_POST['salutation'];
//MySQL connection stuff
mysql_query(INSERT INTO $table (
salutation,
name,
city
} VALUES {
\$_SESSION['salutation'];\,
\$_SESSION['name'];\,
\$_SESSION['city'];\
}
?
//Rest of page... thanks etc...
=
*
The information contained in this e-mail message is intended only for
the personal and confidential use of the recipient(s) named above.
If the reader of this message is not the intended recipient or an agent
responsible for delivering it to the intended recipient, you are hereby
notified that you have received this document in error and that any
review, dissemination, distribution, or copying of this message is
strictly prohibited. If you have received this communication in error,
please notify us immediately by e-mail, and delete the original message.
***
Re: [PHP-DB] Sessions and MySQL?
From: [EMAIL PROTECTED]
And I'm trying to add a session variable to a MySQL database.
I've done this page that takes the results from a previous form...
But I get this error:
Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or
`T_NUM_STRING'
On line 83
Which is the line that relates to the line:
\$_SESSION['salutation'];\,
I've tried removing the ';' but it change nothing...?
Can anyone see my error?
=
?
session_start();
header(Cache-control: private);
$_SESSION['salutation'] = $_POST['salutation'];
//MySQL connection stuff
mysql_query(INSERT INTO $table (
salutation,
name,
city
} VALUES {
\$_SESSION['salutation'];\,
\{$_SESSION['salutation']}\,
\$_SESSION['name'];\,
\{$_SESSION['name']}\,
\$_SESSION['city'];\
\{$_SESSION['city']\,
}
---John Holmes...
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: Sessions and MySQL?
might seem a bit long winded but this is how I would code it
$sql = INSERT INTO $table ( salutation, name, city} VALUES {
$sql .= '.$_SESSION{'salutation'].',
$sql .= '.$_SESSION{'name'].',
$sql .= '.$_SESSION{'city'].' )
mysql_query($sql);
regards
pete
mysql_query(INSERT INTO $table (
salutation,
name,
city
} VALUES {
\$_SESSION['salutation'];\,
\$_SESSION['name'];\,
\$_SESSION['city'];\
}
Tristan Pretty wrote:
Not sure if this is a MySQL Q. or a PHP one, but here goes...
I'm just learning sessions...
And I'm trying to add a session variable to a MySQL database.
I've done this page that takes the results from a previous form...
But I get this error:
Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or
`T_NUM_STRING'
On line 83
Which is the line that relates to the line:
\$_SESSION['salutation'];\,
I've tried removing the ';' but it change nothing...?
Can anyone see my error?
=
?
session_start();
header(Cache-control: private);
$_SESSION['salutation'] = $_POST['salutation'];
//MySQL connection stuff
mysql_query(INSERT INTO $table (
salutation,
name,
city
} VALUES {
\$_SESSION['salutation'];\,
\$_SESSION['name'];\,
\$_SESSION['city'];\
}
?
//Rest of page... thanks etc...
=
*
The information contained in this e-mail message is intended only for
the personal and confidential use of the recipient(s) named above.
If the reader of this message is not the intended recipient or an agent
responsible for delivering it to the intended recipient, you are hereby
notified that you have received this document in error and that any
review, dissemination, distribution, or copying of this message is
strictly prohibited. If you have received this communication in error,
please notify us immediately by e-mail, and delete the original message.
***
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Sessions and MySQL?
In addition to what John suggested, I see you have switched from parens to
curly braces when you close your list of columns and list of values. AFAIK,
you need to use parens to contain those lists.
-Original Message-
From: CPT John W. Holmes [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 16, 2003 9:08 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [PHP-DB] Sessions and MySQL?
From: [EMAIL PROTECTED]
And I'm trying to add a session variable to a MySQL database.
I've done this page that takes the results from a previous form...
But I get this error:
Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or
`T_NUM_STRING'
On line 83
Which is the line that relates to the line:
\$_SESSION['salutation'];\,
I've tried removing the ';' but it change nothing...?
Can anyone see my error?
=
?
session_start();
header(Cache-control: private);
$_SESSION['salutation'] = $_POST['salutation'];
//MySQL connection stuff
mysql_query(INSERT INTO $table (
salutation,
name,
city
} VALUES {
\$_SESSION['salutation'];\,
\{$_SESSION['salutation']}\,
\$_SESSION['name'];\,
\{$_SESSION['name']}\,
\$_SESSION['city'];\
\{$_SESSION['city']\,
}
---John Holmes...
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: Sessions and MySQL?
I'm not sure that this code will work.
Try to use $_SESSION['..'] and (..). [Don't use the {, } for this purposes.
vio-
- Original Message -
From: pete M [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, October 16, 2003 4:02 PM
Subject: [PHP-DB] Re: Sessions and MySQL?
might seem a bit long winded but this is how I would code it
$sql = INSERT INTO $table ( salutation, name, city} VALUES {
$sql .= '.$_SESSION{'salutation'].',
$sql .= '.$_SESSION{'name'].',
$sql .= '.$_SESSION{'city'].' )
mysql_query($sql);
regards
pete
mysql_query(INSERT INTO $table (
salutation,
name,
city
} VALUES {
\$_SESSION['salutation'];\,
\$_SESSION['name'];\,
\$_SESSION['city'];\
}
Tristan Pretty wrote:
Not sure if this is a MySQL Q. or a PHP one, but here goes...
I'm just learning sessions...
And I'm trying to add a session variable to a MySQL database.
I've done this page that takes the results from a previous form...
But I get this error:
Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or
`T_NUM_STRING'
On line 83
Which is the line that relates to the line:
\$_SESSION['salutation'];\,
I've tried removing the ';' but it change nothing...?
Can anyone see my error?
=
?
session_start();
header(Cache-control: private);
$_SESSION['salutation'] = $_POST['salutation'];
//MySQL connection stuff
mysql_query(INSERT INTO $table (
salutation,
name,
city
} VALUES {
\$_SESSION['salutation'];\,
\$_SESSION['name'];\,
\$_SESSION['city'];\
}
?
//Rest of page... thanks etc...
=
*
The information contained in this e-mail message is intended only for
the personal and confidential use of the recipient(s) named above.
If the reader of this message is not the intended recipient or an agent
responsible for delivering it to the intended recipient, you are hereby
notified that you have received this document in error and that any
review, dissemination, distribution, or copying of this message is
strictly prohibited. If you have received this communication in error,
please notify us immediately by e-mail, and delete the original message.
***
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Sessions and MySQL?
Try this instead:
mysql_query(INSERT INTO $table (
salutation,
name,
city
} VALUES {
\.$_SESSION['salutation'].\,
\.$_SESSION['name'].\,
\.$_SESSION['city'].\
}
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: 16 October 2003 13:33
To: [EMAIL PROTECTED]
Subject: [PHP-DB] Sessions and MySQL?
Not sure if this is a MySQL Q. or a PHP one, but here goes...
I'm just learning sessions...
And I'm trying to add a session variable to a MySQL database.
I've done this page that takes the results from a previous form...
But I get this error:
Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or
`T_NUM_STRING'
On line 83
Which is the line that relates to the line:
\$_SESSION['salutation'];\,
I've tried removing the ';' but it change nothing...?
Can anyone see my error?
=
?
session_start();
header(Cache-control: private);
$_SESSION['salutation'] = $_POST['salutation'];
//MySQL connection stuff
mysql_query(INSERT INTO $table (
salutation,
name,
city
} VALUES {
\$_SESSION['salutation'];\,
\$_SESSION['name'];\,
\$_SESSION['city'];\
}
?
//Rest of page... thanks etc...
=
*
The information contained in this e-mail message is intended only for
the personal and confidential use of the recipient(s) named above.
If the reader of this message is not the intended recipient or an agent
responsible for delivering it to the intended recipient, you are hereby
notified that you have received this document in error and that any
review, dissemination, distribution, or copying of this message is
strictly prohibited. If you have received this communication in error,
please notify us immediately by e-mail, and delete the original message.
***
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Sessions and MySQL?
Eeek, didn't notice your brackets. They're a bit messed up as well.
mysql_query(INSERT INTO $table (salutation, name, city)
VALUES (\.$_SESSION['salutation'].\, \.$_SESSION['name'].\,
\.$_SESSION['city'].\););
This MIGHT work :-)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: 16 October 2003 13:33
To: [EMAIL PROTECTED]
Subject: [PHP-DB] Sessions and MySQL?
Not sure if this is a MySQL Q. or a PHP one, but here goes...
I'm just learning sessions...
And I'm trying to add a session variable to a MySQL database.
I've done this page that takes the results from a previous form...
But I get this error:
Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or
`T_NUM_STRING'
On line 83
Which is the line that relates to the line:
\$_SESSION['salutation'];\,
I've tried removing the ';' but it change nothing...?
Can anyone see my error?
=
?
session_start();
header(Cache-control: private);
$_SESSION['salutation'] = $_POST['salutation'];
//MySQL connection stuff
mysql_query(INSERT INTO $table (
salutation,
name,
city
} VALUES {
\$_SESSION['salutation'];\,
\$_SESSION['name'];\,
\$_SESSION['city'];\
}
?
//Rest of page... thanks etc...
=
*
The information contained in this e-mail message is intended only for
the personal and confidential use of the recipient(s) named above.
If the reader of this message is not the intended recipient or an agent
responsible for delivering it to the intended recipient, you are hereby
notified that you have received this document in error and that any
review, dissemination, distribution, or copying of this message is
strictly prohibited. If you have received this communication in error,
please notify us immediately by e-mail, and delete the original message.
***
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
On Thu, 2003-10-16 at 09:58, Bunmi Akinmboni wrote:
Thanks Neil. My ultimate aim to update my database with the details of
the upload after it uploads successfully, but I need to solve this
problem first.
The folder already has permission 777.
Dateiname: /home/www/web172/phptmp/phppYlgrZDatei wurde hochgeladen
Warning: move_uploaded_file(): SAFE MODE Restriction in effect. The
script whose uid is 897 is not allowed to access
/home/www/web172/html/html owned by uid 30 in
/home/www/web172/html/upload_http.php on line 9
This is my actual Warning after running this script
files should moved from ../web172/phptmp/ into ../web172/html/
both directories are on the same 'floor'.
?
echo 'Dateiname: ';
echo $userfile;
//chdir('html');
if(is_uploaded_file($userfile));
{
echo Datei wurde hochgeladen;
chmod(html,100755);
move_uploaded_file($userfile,'html/'.$userfile);
}
//move_uploaded_file($userfile,$userfile);
?
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Sessions and MySQL?
On Thu, 16 Oct 2003 13:33:28 +0100
[EMAIL PROTECTED] wrote:
Not sure if this is a MySQL Q. or a PHP one, but here goes...
I'm just learning sessions...
And I'm trying to add a session variable to a MySQL database.
I've done this page that takes the results from a previous form...
But I get this error:
Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or
`T_NUM_STRING'
On line 83
Which is the line that relates to the line:
\$_SESSION['salutation'];\,
I've tried removing the ';' but it change nothing...?
Can anyone see my error?
Tristan,
yes, You are alternating between curly braces {} and parenethes ()
(spelling??). Also you forgot to the closing double quotes when
completeing the mysql_query statement.
You could also put the insert statement into a vairable and echo that to
the screen. That way if you can't see the error, paste the query text
into the mysql command line client.
See my alterations to you code below..
Regards
George Patterson
=
?
session_start();
header(Cache-control: private);
$_SESSION['salutation'] = $_POST['salutation'];
//MySQL connection stuff
mysql_query(INSERT INTO $table (
salutation,
name,
city
) VALUES (
\$_SESSION['salutation'];\,
\$_SESSION['name'];\,
\$_SESSION['city'];\
);
?
//Rest of page... thanks etc...
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Sessions and MySQL?
Cheers to everyone...
the curly brackets was me not thinking after a boozy lunch, and trying to
recreate code, on an E-mail..
anyhoo...
I thought the best idea, and the simplest for me, was to remove the ' from
the session recall
Turning $_SESSION['salutation'] -- INTO -- $_SESSION[salutation]
Cheers all...
it's clear as day now...
aint it always the way eh?
Tris...
George Patterson [EMAIL PROTECTED] wrote on 16/10/2003 14:15:54:
On Thu, 16 Oct 2003 13:33:28 +0100
[EMAIL PROTECTED] wrote:
Not sure if this is a MySQL Q. or a PHP one, but here goes...
I'm just learning sessions...
And I'm trying to add a session variable to a MySQL database.
I've done this page that takes the results from a previous form...
But I get this error:
Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or
`T_NUM_STRING'
On line 83
Which is the line that relates to the line:
\$_SESSION['salutation'];\,
I've tried removing the ';' but it change nothing...?
Can anyone see my error?
Tristan,
yes, You are alternating between curly braces {} and parenethes ()
(spelling??). Also you forgot to the closing double quotes when
completeing the mysql_query statement.
You could also put the insert statement into a vairable and echo that to
the screen. That way if you can't see the error, paste the query text
into the mysql command line client.
See my alterations to you code below..
Regards
George Patterson
=
?
session_start();
header(Cache-control: private);
$_SESSION['salutation'] = $_POST['salutation'];
//MySQL connection stuff
mysql_query(INSERT INTO $table (
salutation,
name,
city
) VALUES (
\$_SESSION['salutation'];\,
\$_SESSION['name'];\,
\$_SESSION['city'];\
);
?
//Rest of page... thanks etc...
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
*
The information contained in this e-mail message is intended only for
the personal and confidential use of the recipient(s) named above.
If the reader of this message is not the intended recipient or an agent
responsible for delivering it to the intended recipient, you are hereby
notified that you have received this document in error and that any
review, dissemination, distribution, or copying of this message is
strictly prohibited. If you have received this communication in error,
please notify us immediately by e-mail, and delete the original message.
***
Re: [PHP-DB] problem - query inside a function
My Comment bellow:
On Wednesday 15 October 2003 14:38, Kirk Babb wrote:
Hi,
I'm having trouble with a query inside a function. I thought I'd written
this so that the function would fail if email and zipcode supplied were not
in the same row (trying to use those two things to identify the user), but
I don't think that is what is happening because I can enter the wrong
zipcode and it will return data based on the email. Any suggestions or
corrections? Thanks!
-Kirk
[code snippet]
function getEditData($email,$zipcode) {
$sql = SELECT * FROM contact_info WHERE zipcode='$zipcode' AND
email=\{$email}\;
Change by
$sql = SELECT * FROM contact_info WHERE zipcode='{$zipcode}' AND
email='{$email}';
$query = mysql_query($sql);
if (mysql_affected_rows()==0) {
$this-sendResult(Fail,We do not have the given email and zipcode
on file. Please go to the menu and start again.);
}
[end snippet]
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] problem - query inside a function
From: Luis M Morales C [EMAIL PROTECTED]
My Comment bellow:
On Wednesday 15 October 2003 14:38, Kirk Babb wrote:
Hi,
I'm having trouble with a query inside a function. I thought I'd
written
this so that the function would fail if email and zipcode supplied were
not
in the same row (trying to use those two things to identify the user),
but
I don't think that is what is happening because I can enter the wrong
zipcode and it will return data based on the email. Any suggestions or
corrections? Thanks!
-Kirk
[code snippet]
function getEditData($email,$zipcode) {
$sql = SELECT * FROM contact_info WHERE zipcode='$zipcode' AND
email=\{$email}\;
Change by
$sql = SELECT * FROM contact_info WHERE zipcode='{$zipcode}' AND
email='{$email}';
That's not causing the problem. Both methods are valid.
$query = mysql_query($sql);
if (mysql_affected_rows()==0) {
mysql_affected_rows() does not apply to SELECT queries. Perhaps you're
meaning mysql_num_rows()?
$this-sendResult(Fail,We do not have the given email and
zipcode
on file. Please go to the menu and start again.);
}
---John Holmes...
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] problem - query inside a function
You guys might have valid points, but I think Kirk solved this problem to
his satisfaction sometime yesterday. I can't speak for Kirk though.
See:
[PHP-DB] [CLARIFICATION on SOLUTION] Re: problem - query inside a function
-Original Message-
From: CPT John W. Holmes [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 16, 2003 10:57 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [PHP-DB] problem - query inside a function
From: Luis M Morales C [EMAIL PROTECTED]
My Comment bellow:
On Wednesday 15 October 2003 14:38, Kirk Babb wrote:
Hi,
I'm having trouble with a query inside a function. I thought I'd
written
this so that the function would fail if email and zipcode
supplied were
not
in the same row (trying to use those two things to
identify the user),
but
I don't think that is what is happening because I can
enter the wrong
zipcode and it will return data based on the email. Any
suggestions or
corrections? Thanks!
-Kirk
[code snippet]
function getEditData($email,$zipcode) {
$sql = SELECT * FROM contact_info WHERE
zipcode='$zipcode' AND
email=\{$email}\;
Change by
$sql = SELECT * FROM contact_info WHERE zipcode='{$zipcode}' AND
email='{$email}';
That's not causing the problem. Both methods are valid.
$query = mysql_query($sql);
if (mysql_affected_rows()==0) {
mysql_affected_rows() does not apply to SELECT queries. Perhaps you're
meaning mysql_num_rows()?
$this-sendResult(Fail,We do not have the given email and
zipcode
on file. Please go to the menu and start again.);
}
---John Holmes...
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Retreive data from multiple columns by ['tablename.colname']
Hi,
I use a query with multiple tables:
SELECT * FROM cases,status,prio where cases.statusid=status.id .
I retreive the data into my variable $line like this.
while ($line = mysql_fetch_array($result)) {.
How can I retreive data from $line without using the index value as
integers for example $line[13]
I would like to write $line['cases.id'] to retreive 'id' data from the
table 'cases' in a SQL-manner. But I get an error message regarding unknown
index 'cases.id'.
Is there an easy solution to this? Is there another sign then '.' or should
I use other names for my 'id'-columns such as c_id, s_id etc.?
Regards
Erik Björling
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Retreive data from multiple columns by ['tablename.colname']
Erik Bjrling wrote:
Hi,
I use a query with multiple tables:
SELECT * FROM cases,status,prio where cases.statusid=status.id .
I retreive the data into my variable $line like this.
while ($line = mysql_fetch_array($result)) {.
How can I retreive data from $line without using the index value as
integers for example $line[13]
I would like to write $line['cases.id'] to retreive 'id' data from the
table 'cases' in a SQL-manner. But I get an error message regarding
unknown index 'cases.id'.
Take a look at $line and you'll see the values are already there.
$line['id'], etc. Use print_r() on $line to see it's contents.
Is there an easy solution to this? Is there another sign then '.' or
should I use other names for my 'id'-columns such as c_id, s_id etc.?
Yes, this is recommended. Otherwise the id column from one table will
overwrite the value from another table when it's all put into $line. Use
an alias and remember that the keys do not include the table name, only
the column name: $line['id'] instead of $line['table1.id'].
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals www.phparch.com
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Retreive data from multiple columns by ['tablename.colname']
Hi Erik,
I think you can use ** $line['cases.id'] ** if you individually identify each column
selected, rather than using the * symbol.
David
Erik Björling [EMAIL PROTECTED]
10/16/2003 10:57 AM
To:
[EMAIL PROTECTED]
cc:
Subject:
[PHP-DB] Retreive data from multiple columns by ['tablename.colname']
Hi,
I use a query with multiple tables:
SELECT * FROM cases,status,prio where cases.statusid=status.id .
I retreive the data into my variable $line like this.
while ($line = mysql_fetch_array($result)) {.
How can I retreive data from $line without using the index value as
integers for example $line[13]
I would like to write $line['cases.id'] to retreive 'id' data from the
table 'cases' in a SQL-manner. But I get an error message regarding
unknown
index 'cases.id'.
Is there an easy solution to this? Is there another sign then '.' or
should
I use other names for my 'id'-columns such as c_id, s_id etc.?
Regards
Erik Björling
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] problem with LDAP support
Dear friends: I have a problem of installation of php. I'm using Linux 7.3. I have installed openldap2.1.22 successfully. Now I'm compiling php with the following command: ./configure --with-apache2=/usr/local/apache2 \ --with-mysql=/usr/local/mysql \ --with-ldap=/usr/local/ldap The configuration is past. However, when I type make, the following error occured: gcc: sapi/cli/php_cli.o: No such file or directory gcc: sapi/cli/getopt.o: No such file or directory make: ***[sapi/cli/php] Error 1 Any ideas? Many thanks in advance. Zhan Xu EECS Department Case Western Reserve University Email: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
At 18:44 16/10/2003 +, you wrote: From: Ruprecht Helms [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: Bunmi Akinmboni [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Content-Type: text/plain Message-Id: [EMAIL PROTECTED] Mime-Version: 1.0 Date: 16 Oct 2003 15:12:38 +0200 Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DB] Help with file upload On Thu, 2003-10-16 at 09:58, Bunmi Akinmboni wrote: Thanks Neil. My ultimate aim to update my database with the details of the upload after it uploads successfully, but I need to solve this problem first. The folder already has permission 777. Re your response below : I missed the leading dot, and so I may have not been concise enough with my answer so let me try again : You are trying to move a file to ./ayservenet.jpg Now, as far as the OS can determine, this file is not allowed to be placed there (even though its the same directory) because you probably have the open_basedir restriction in place on your server (quite rightly, for security reasons). What you need to do let me reiterate, is to ensure the directory you are copying to has the correct permissions (you say this is tru) *and* you name the path as an absolute path name within the Linux filesystem structure. My ISP does the same thing, and you can only upload files to an absolute path which is at or below your html root directory. In your case this is probably /home/ayserve/public_html/fu/ Please do not use relative paths for this as it will probably not work, as you have found. Hope that helps - Cheers, Neil. This is the reply I got: Warning: move_uploaded_file(./ayservenet.jpg): failed to open stream: Permission denied in /home/ayserve/public_html/fu/fuprocess.php on line 6 Warning: move_uploaded_file(): Unable to move '/tmp/phpfJyDSw' to './ayservenet.jpg' in /home/ayserve/public_html/fu/fuprocess.php on line 6 ayservenet.jpg DONE Array ( [ufile1] = Array ( [name] = ayservenet.jpg [type] = image/pjpeg [tmp_name] = /tmp/phpfJyDSw [error] = 0 [size] = 3030 ) ) I had experienced this also on Windows IIS now it is also coming on my Linux yet I have full access to the two servers. Bunmi -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: [PHP] $_POST in MySQL query issue...
I concur, assign the superglobal array to a variable ... $Name = strip_slashes($_POST['elementName']); $sql=INSERT INTO $table SET Name='$Name']; ... and then use that opportunity to run additional checks on the content. -- Jon Kriek http://phpfreaks.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: [PHP] $_POST in MySQL query issue...
Actually, I meant to suggest addslashes() and mysql_espace_string() -- Jon Kriek http://phpfreaks.com Jon Kriek [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I concur, assign the superglobal array to a variable ... $Name = strip_slashes($_POST['elementName']); $sql=INSERT INTO $table SET Name='$Name']; ... and then use that opportunity to run additional checks on the content. -- Jon Kriek http://phpfreaks.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: [PHP] $_POST in MySQL query issue...
On Thu, 16 Oct 2003, Jon Kriek wrote:
I concur, assign the superglobal array to a variable ...
$Name = strip_slashes($_POST['elementName']);
$sql=INSERT INTO $table SET Name='$Name'];
... and then use that opportunity to run additional checks on the content.
Again, waste of variable space, and makes what you are doing less
readable. You also don't want to strip slashes most likely. If you have
magic_quotes turned on, PHP will automatically backslash any escaped
characters (', /, some others), so you don't need to use addslashes on
that variable. If it is not turned on, you will need to addslashes on
your post variable.
magic_quotes turned on
You don't know me! = $_POST['elementName'] == You don\'t know \me\!
Turned off
You don't know me! = $_POST['elementName'] == You don't know me!
If you don't addslashes when magic_quotes are turned off, your select will
fail, as the string will end at the first set of quotes (just after know
).
Beckman
---
Peter Beckman Internet Guy
[EMAIL PROTECTED] http://www.purplecow.com/
---
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] $_POST in MySQL query issue...
Greetings to all. I am trying for the life of me to place a $_POST[] variable in my MySQL query. I am running the latest stable versions of PHP, MySQL and Apache 2 on my Win2kPro machine. My register_globals are set to off in my php.ini. My code I am attempting create is basically as follows: $table=elements; $sql=insert into $table set Name = '$elementName'; This works with register_globals set to on. But, I want to be able to turn that off. My code then, I am guessing, be something as follows: $table=elements; $sql=insert into $table set Name = '$_POST[elementName]'; Unfortunately this and every other combination I can think of, combinations of quotes that is, does not work. I believe the source of the problem is the quotes within quotes within quotes. I also tried: $sql='insert into $table set Name = '.$_POST[elementName]; or $sql=insert into $table set Name = .$_POST['elementName']; and several other variations. Can anyone give me some pointers to inserting $_POST[] statements inside of query statements? I am sure there must be a way but I have spent a lot of time on this and am really stumped here. Thanks for any help. -Adam Reiswig PS if anything here is not clear to you, please let me know and I'll clarify as I can. Thanks again. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: [PHP] $_POST in MySQL query issue...
Adam Reiswig wrote: $table=elements; $sql=insert into $table set Name = '$elementName'; This works with register_globals set to on. But, I want to be able to turn that off. My code then, I am guessing, be something as follows: $table=elements; $sql=insert into $table set Name = '$_POST[elementName]'; I see you can achieve this by two ways: 1. Take out all the inside quotes (single or double) like the following: $sql=insert into $table set Name = $_POST[elementName]; 2. Use a temporary variable for $_POST[elementName], like $elementName = $_POST[elementName], then continute use your original SQL sentence when the register_globals was on. Best Bao Unfortunately this and every other combination I can think of, combinations of quotes that is, does not work. I believe the source of the problem is the quotes within quotes within quotes. I also tried: -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: $_POST in MySQL query issue...
$sql=insert into $table set Name = '.$_POST[elementName].'; or even better: $sql=insert into .$table. set Name = '.$_POST[elementName].'; But the method both Jake and Bao suggested will also work (temporary var)... -- // DvDmanDT MSN: [EMAIL PROTECTED] Mail: [EMAIL PROTECTED] Adam Reiswig [EMAIL PROTECTED] skrev i meddelandet news:[EMAIL PROTECTED] Greetings to all. I am trying for the life of me to place a $_POST[] variable in my MySQL query. I am running the latest stable versions of PHP, MySQL and Apache 2 on my Win2kPro machine. My register_globals are set to off in my php.ini. My code I am attempting create is basically as follows: $table=elements; $sql=insert into $table set Name = '$elementName'; This works with register_globals set to on. But, I want to be able to turn that off. My code then, I am guessing, be something as follows: $table=elements; $sql=insert into $table set Name = '$_POST[elementName]'; Unfortunately this and every other combination I can think of, combinations of quotes that is, does not work. I believe the source of the problem is the quotes within quotes within quotes. I also tried: $sql='insert into $table set Name = '.$_POST[elementName]; or $sql=insert into $table set Name = .$_POST['elementName']; and several other variations. Can anyone give me some pointers to inserting $_POST[] statements inside of query statements? I am sure there must be a way but I have spent a lot of time on this and am really stumped here. Thanks for any help. -Adam Reiswig PS if anything here is not clear to you, please let me know and I'll clarify as I can. Thanks again. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] $_POST in MySQL query issue...
On Thu, 16 Oct 2003, Adam Reiswig wrote: $sql=insert into $table set Name = '$_POST[elementName]'; Unfortunately this and every other combination I can think of, combinations of quotes that is, does not work. I believe the source of the problem is the quotes within quotes within quotes. I also tried: $sql='insert into $table set Name = '.$_POST[elementName]; or $sql=insert into $table set Name = .$_POST['elementName']; You need to quote the Name. $sql = 'insert into '.$table.' set Name = '.addslashes($_POST['elementName']).''; You've done everything here that you need, no extra variables, no nothing. Register_Globals is bad -- if you can avoid using it, do so. Performance-wise, it is better to use single quotes and concat the variables outside of the quoted line. Better performance, less problems with variables not being expanded correctly. Beckman --- Peter Beckman Internet Guy [EMAIL PROTECTED] http://www.purplecow.com/ --- -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: [PHP] $_POST in MySQL query issue...
On Fri, 17 Oct 2003, BAO RuiXian wrote: I see you can achieve this by two ways: 1. Take out all the inside quotes (single or double) like the following: $sql=insert into $table set Name = $_POST[elementName]; This is bad. Using no quotes MAY work, but it is considered a BARE WORD and not an actual string. $sql='insert into '.$table.' set Name = '.addslashes($_POST['elementName']).''; is the (more) correct way to do this. 2. Use a temporary variable for $_POST[elementName], like $elementName = $_POST[elementName], then continute use your original SQL sentence when the register_globals was on. Waste (albeit very minor) of variable space. Concat them. Beckman --- Peter Beckman Internet Guy [EMAIL PROTECTED] http://www.purplecow.com/ --- -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: $_POST in MySQL query issue...
$sql=insert into $table set Name = '$_POST[elementName]';
The problem with this is that you need to use curly braces around the
variable being substituted in the string. Also use single quotes around the
array index.
$sql=insert into $table set Name = '{$_POST['elementName']}';
See the manual.. (Variable parsing section)
http://php.net/manual/en/language.types.string.php
Lang
Adam Reiswig wrote:
Greetings to all. I am trying for the life of me to place a $_POST[]
variable in my MySQL query. I am running the latest stable versions of
PHP, MySQL and Apache 2 on my Win2kPro machine. My register_globals are
set to off in my php.ini. My code I am attempting create is basically
as follows:
$table=elements;
$sql=insert into $table set Name = '$elementName';
This works with register_globals set to on. But, I want to be able to
turn that off. My code then, I am guessing, be something as follows:
$table=elements;
$sql=insert into $table set Name = '$_POST[elementName]';
Unfortunately this and every other combination I can think of,
combinations of quotes that is, does not work. I believe the source of
the problem is the quotes within quotes within quotes. I also tried:
$sql='insert into $table set Name = '.$_POST[elementName];
or
$sql=insert into $table set Name = .$_POST['elementName'];
and several other variations.
Can anyone give me some pointers to inserting $_POST[] statements inside
of query statements? I am sure there must be a way but I have spent a
lot of time on this and am really stumped here. Thanks for any help.
-Adam Reiswig
PS if anything here is not clear to you, please let me know and I'll
clarify as I can. Thanks again.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
