Re: [PHP-DB] works on command line, not on server
The Disguised Jedi wrote: try users@httpd.apache.org list On Tue, 25 Jan 2005 14:21:25 -0800, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I have a new installation of php on an existing apache 2 server, and something strange is happening. The file 'test.php' works and connects to the database when run through the command line, but when run from the web server (http://server/test.php) produces a segmentation fault: child pid 29056 exit signal Segmentation fault segmentation faults are a built in feature of the PHP/Apache2 setup whenever you don't use the PREFORK Apache2 worker module - I know barely enough to know this - this is due to threading (which is not supported with ?most? php extension - not sure if php itself has this problem also). Anyway bottom line switch to PREFORK worker module if your not already using it, alternatively you could try to get a stable threaded setup going but before you embark I'd like to paraphrase a higher PHP authority, Rasmus Leidorf (they don't get any higher actually) speaking in relation to using a threaded Apache2 worker module: Your in unchartered territory, good luck. and Nobody knows. php itself does work, and a file with only phpinfo() in it runs fine on both the server and the command line. Has anyone seen anything like this before? Any ideas? ?php $link = mysql_connect(localhost, user, pass) or die(Could not connect); mysql_select_db(disorder) or die(Could not select database); print hello; also you may need/wish to try the newer mysqli_* extension which is geared to the latest versions of MySQL. ? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Managing Many2Many with PHP/JS
Hi guys: Thanks in advance for your help. I am newby in this PHP stuff and I've got quite a problem here, and Ive spent several days (and nights) trying to solve this problem. I am trying to manage a many to many relationship in a web database application. I have three tables: tbl_project (which contains the name of a development project), tbl_Contraparte(which contains the name of the organisations which manage the project) and tbl_ProyOrg (which contains two fields: proy_id and OrgSigla) and is the join table for the many2many relationship. I have created a form for the tbl_project table with all the data referring to the project. Into this form I´ve personalized some code (I have fetched from internet) to create a table which dynamically creates new rows into the tbl_ProyOrg table (in the client side using JavaScript) with a drop down box, so the page do not needs to reload every time the new row is created. As you will see my problem stands in populate the select box with a query from a MySql database made using PHP into the JavaScript function. You can find the code following: Thanks a lot Best regards, Alvaro. OS: Linux Debian Sarge Apache: 2.0 PHP: 4.3.10-2 Mysql: 4.1.8 !--Here starts the code-- ?php $hostname_monitoreo_conn = host; $database_monitoreo_conn = database_name; $username_monitoreo_conn = username; $password_monitoreo_conn = password; $monitoreo_conn = mysql_pconnect($hostname_monitoreo_conn, $username_monitoreo_conn, $password_monitoreo_conn) or trigger_error(mysql_error(),E_USER_ERROR); ? ?php mysql_select_db($database_monitoreo_conn, $monitoreo_conn); $query_rs_contraparte = SELECT orgSigla FROM tbl_02Contraparte ORDER BY orgSigla ASC; $rs_contraparte = mysql_query($query_rs_contraparte, $monitoreo_conn) or die(mysql_error()); $row_rs_contraparte = mysql_fetch_assoc($rs_contraparte); $totalRows_rs_contraparte = mysql_num_rows($rs_contraparte); ? !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd; html head link rel=stylesheet href=monitoreo.css type=text/css / titleProjects by organisation/title /head body h4Projects by organisation/h4 form action=./ins_ProyOrg.php method=post enctype=multipart/form-data Project_Id: input name=tf_proyId type=text id=tf_proyId / pa href=javascript:add_row()Add an organisation/a/p !-- Here begins the function to create a new row for a new organisation-- script type=text/javascript var rows = 1; function add_row() { var counter; var ptable = document.getElementById('tbl_ProyOrg'); var trow = document.createElement('tr'); //creates the tag for a a new table row trow.setAttribute('id', 'r' + rows); //Here IE 6.0 reports an error, but it works in Firefox1.0 and Opera var ptd = new Array(4); var arKind = Array('input', 'select', 'input'); //defines the kind of control var arNames = Array('proyId[]','orgSigla[]','none'); //defines the name of the control var arTypes = Array('hidden','text','button'); //defines de type of the control for (counter = 0; counter arTypes.length; counter++) //Loop wchich creates one by one the elements of the table { ptd[counter] = document.createElement('td'); var p = document.createElement('span') var pinput = document.createElement(arKind[counter]); pinput.setAttribute('name', arNames[counter]); pinput.setAttribute('type', arTypes[counter]); pinput.setAttribute('id', arNames[counter]); /* THE MAIN PROBLEM IS HERE (at least I guess so :) ). I am trying to give the option values to the select control, from the query listed at the beginning of the file. I suposse the big problem is in the array definition but I have no idea of how to build a proper array. if (arKind[counter] == 'select') { var num_rec = ?php echo $totalRows_rs_contraparte; ?; var list_rec = ?php echo $row_rs_contraparte; ?; var source_combo = new Array(num_rec); for (i=0, i num_rec, i++) { source_combo[i]= list_rec[i]; } pinput.options(source_combo[i]); } */ if (arTypes[counter] == 'button') { pinput.setAttribute('value', 'x'); pinput.onclick = removeNode; pinput.rId = 'r' + rows; } //This is the part which actually creates the table row p.appendChild(pinput); ptd[counter].appendChild(p); trow.appendChild(ptd[counter]); } ptable.appendChild(trow);
[PHP-DB] authenticating users with phpmysql
Hi All, I am trying to create a page with 2 text boxes a name and a password with a submit button.The user must enter his username and password that is stored in mysql to access the site. With the following code i get a successfull connection with a blank username and password but when i enter a wrong username and password i get a error that is correct. html headtitleMySQL Connection/title/head body div align=centre form action=?php echo $_SERVER[PHP_SELF]; ? method=POST Name: input type=text name=txt_namenbsp; Password: input type=text name=txt_passwordnbsp; br /input type=submit value=Submit /div /form /body /html ?php $db_host = localhost; $db_user = $_POST[txt_name]; $db_password = $_POST[txt_password]; $db_name = data; $connection = @mysql_connect ($db_host, $db_user, $db_password) or die (error connecting); echo connection successful!; ? What is the best way to authenticate users against mysql for login? Regards __ http://www.webmail.co.za the South African FREE email service -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] firebird - equivalent of stristr() in Stored Procedure.
hi Guys, I'm using Firebird 1.5 with PHP5. I have a problem where by I am trying to do the equivelant of: $a = 'A'; $b = 'AG'; if (stristr($b, $a)) { // do something. } Inside a Stored procedure, where $a and $b are both input variables to the stored procedure. The Interbase Lang Ref (PDF) doesn't help me here - I've tried all sorts of forms of syntax using CONTAINS and LIKE but it all gives syntax errors... (which didn't surprise me!) Then I thought that I could used Ard Biesheuvels php_ibase_udf UDF lib for firebird, php_ibase_udf.c is in the php cvs (somewhere); this lib allows access to php functions defined in your calling scripts. at any rate I get BLR type errors when I tried to use the UDFs (btw googling php_ibase_udf.c doesn't return a lot, but you will definitely find one email mentioning the BLR error!!). Actually I have tried setting up this UDF lib on 3 different servers (all fbird1.5/php5 - different minor versions) with out any luck. does anyone have a clue as to how do the equivalent of the PHP above inside a firebird stored procedure? or possibly can point out so good literature/examples (all the good firebird stuff seems to be in russian) on/of 'advanced' stored procedures. alternatively is there anyone out there that has gotten the php_ibase_udf UDF lib to work (Lester Caine have you tried it yet?, I ask you specifically because your name often pops up on php lists in relation to firebird :-). before any says: why not ask the developer - we'll his is an aquaintance of mine, I have his mobile number and I have asked him!, its just a case of he has _no_ time (due to dissitation/research commitments) to dig into the problem and I know that he will help when he gets some free time again, but for now I'm on mine own. hope somebody can give me a clue :-), thanks and regards, Jochem -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] firebird - equivalent of stristr() in Stored Procedure.
Jochem Maas wrote: hi Guys, hope somebody can give me a clue :-), well about 5 mins after I posted I managed to find a solution thanks to a man named Ivan Prenosil (who by all accounts knows where his firebird towel is ;-) http://www.volny.cz/iprenosil/interbase/ip_ib_code_string.htm (the stored procedure named 'Pos' on that page was basically what I was looking for.) btw - if somebody at google decided to throw all the Mozilla related references to the word 'firebird' out of the F** indexes I wouldn't loose any sleep over it. thanks and regards, Jochem -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] authenticating users with phpmysql
On Wed, 2005-01-26 at 12:44 +0200, it clown wrote: $db_user = $_POST[txt_name]; $db_password = $_POST[txt_password]; $db_name = data; $connection = @mysql_connect ($db_host, $db_user, $db_password) or die (error connecting); echo connection successful!; ? Replace this line - $connection = @mysql_connect ($db_host, $db_user, $db_password) or die (error connecting); - with this one - $connection = @mysql_connect($db_host, $db_user, $db_password) or die (Error connecting : .mysql_error()); - so you can debug better. However take a look here www.php.net/mysql_connect . $db_user and $db_password are the username and password to log on the MYSQL DATABASE. You probably want to login from a database table which will contain a password and username field. Here's an example : $dbHandle = mysql_connect($host, $user, $pass) or die (mysql_error()); mysql_select_db($db_name); $sql = SELECT * FROM `table_name` WHERE `user_field` = ' . $_POST[txt_name] . ' AND `pass_field` = ' . md5($_POST[txt_password]) . ' LIMIT 1; $result = mysql_query($sql, $dbHandle); if(mysql_num_rows($result)!=0) /* Logged on */ else /* Invalid Username/Password */ There're lots of tutorials out there, google's your friend. P.S. This is my first message on this maillist so I want to say hello to everyone ;-) -- Josip Dzolonga, dzolonga at mt dot net dot mk -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] storing images in database
if(isset($_GET['id'])) { $id=$_GET['id']; $query = select bin_data, filetype from binary_data where id=$id; This is a really bad example, anybody can inject your query with malicious sql commands. Never trust user supplied data. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] authenticating users with phpmysql
That is incrediably risky since you are exposing the entire db for those users. What about setting [limited] permissions for those users? I woul move to a table based authentication, where you have a users table and one [or more] mysql accounts with the bare minimum privileges to allow the user to run the application. The below table structure could be the bare minimum. CREATE TABLE `users` ( `user_id` int(10) NOT NULL auto_increment, `user_name` varchar(50) NOT NULL default '', `user_password` varchar(50) NOT NULL default '', PRIMARY KEY (`user_id`) ) TYPE=MyISAM AUTO_INCREMENT=1 ; Then your code would besomething like this: (note there should be way more validation of the username and password before attempting to execute the query) #60;html#62; #60;head#62;#60;title#62;MySQL Connection#60;/title#62;#60;/head#62; #60;body#62; #60;div align=centre#62; #60;form action=#60;?php echo $_SERVER[PHP_SELF];?#62; method=POST#62; Name: #60;input type=text name=txt_name#62;nbsp; Password: #60;input type=password name=txt_password#62;nbsp; #60;br /#62;#60;input type=submit value=Submit#62; #60;/div#62; #60;/form#62; #60;/body#62; #60;/html#62; #60;?php $user_name = @$_POST['txt_name']; $user_pass = @$_POST['txt_password']; if ((trim($user_name) = )(trim($user_pass) = )) { echo User not authorized. HIt the back button to login again; die(); }//end if $db_host = localhost; $db_user = $account_name; $db_password = $account_password; $db_name = data; $connection = @mysql_connect ($db_host, $db_user,$db_password) or die (error connecting); echo connection successful!; $sql = select * from users where user_name =$user_name and user_password = '$user_pass'; $result = mysql_query($sql) or die(Can't query because .mysql_error()); if (mysql_num_rows($result)==1) { echo User auhorized; }else{ echo User not authorized. HIt the back button to login again; }//end if ?#62; hth Bastien From: it clown [EMAIL PROTECTED] To: php-db@lists.php.net Subject: [PHP-DB] authenticating users with phpmysql Date: Wed, 26 Jan 2005 12:44:38 +0200 Hi All, I am trying to create a page with 2 text boxes a name and a password with a submit button.The user must enter his username and password that is stored in mysql to access the site. With the following code i get a successfull connection with a blank username and password but when i enter a wrong username and password i get a error that is correct. html headtitleMySQL Connection/title/head body div align=centre form action=?php echo $_SERVER[PHP_SELF]; ? method=POST Name: input type=text name=txt_namenbsp; Password: input type=text name=txt_passwordnbsp; br /input type=submit value=Submit /div /form /body /html ?php $db_host = localhost; $db_user = $_POST[txt_name]; $db_password = $_POST[txt_password]; $db_name = data; $connection = @mysql_connect ($db_host, $db_user, $db_password) or die (error connecting); echo connection successful!; ? What is the best way to authenticate users against mysql for login? Regards __ http://www.webmail.co.za the South African FREE email service -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] storing images in database
Yes, I totally agree. This was merely a sample code of how it could be done. Not a definitive code samples of how to do it securely. There should be way more validation, and better error handling too. Bastien From: Gareth Heyes [EMAIL PROTECTED] To: php-db@lists.php.net CC: [EMAIL PROTECTED] Subject: RE: [PHP-DB] storing images in database Date: Wed, 26 Jan 2005 13:30:45 + if(isset($_GET['id'])) { $id=$_GET['id']; $query = select bin_data, filetype from binary_data where id=$id; This is a really bad example, anybody can inject your query with malicious sql commands. Never trust user supplied data. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] IIS, PHP, and session data
It turns out that the real problem was problem 1) I am not personally in control of our web server. I forwarded some of the posted messages to our IT department and they decided to change what they were telling me. They actually had register globals turned off not on. I changed my code to use the session array and it works beautifully now. Thank you all for your advice! - Matthew -Original Message- From: Simon Rees [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 25, 2005 4:25 PM To: php-db@lists.php.net Cc: Perry, Matthew (Fire Marshal's Office) Subject: Re: [PHP-DB] IIS, PHP, and session data On Tuesday 25 January 2005 20:20, Perry, Matthew (Fire Marshal's Office) wrote: I am having trouble with my session data on Microsoft IIS. Here is a little background of the problem: 1) I am not personally in control of our web server. Our IT department manages it. oh dear! ;-) They have IIS running on their sever and use MS SQL Server, but they have allowed me to use PHP instead of ASP. 2) I have Apache running on a local web server in our office (not the IT department). It accesses the SQL Server database remotely. I I can't comment on the use of register_globals or session_register as I always use the $_SESSION array but I do use PHP on IIS... Something that you might like to check is that the directory specified by: session.save_path in the IIS server's php.ini is a directory writable by the user that IIS masquerades. The default value for this is: c:\php\sessiondata which if your sysadmin installed php as Administrator will not be writable by the IIS user (normally IUSR_hostname). Either get the sysadmin to specify ( create) another dir that is writable by IIS or change the permissions on c:\php\sessiondata Assuming you're running Apache on a Linux (and probably other un*x) distribution you will find that the session.save_path variable is set to /tmp which is usually world writable. I think if you posted the exact error message it would tell me if this was happening to you or not... hth, Simon -- ~~ Simon Rees | [EMAIL PROTECTED] | ORA-03113: end-of-file on communication channel ~~ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] storing images in database
Thanks for all the tips guys. I'll keep the last couple for future reference. -- Chip Gareth Heyes [EMAIL PROTECTED] wrote on 01/26/2005 05:30:45 AM: if(isset($_GET['id'])) { $id=$_GET['id']; $query = select bin_data, filetype from binary_data where id=$id; This is a really bad example, anybody can inject your query with malicious sql commands. Never trust user supplied data. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] works on command line, not on server
[EMAIL PROTECTED] wrote: Thanks, I already had prefork installed. I solved the problem by heaven help those that walk the threaded path heh :-) changing to php 5 from php 4. IC interesting to know. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Define constants: awkward usage?
Hi all, I got this sets(20) of defined constants which using them as keys to an array eg define(FNAME, fname); farray = array( FNAME = hello ,...); my question is how do I insert that directly into a javascript(to do some client validation) I need this: var fname = document.addrform.fname.value var fname = document.addrform.{FName}.value//don't work var fname = document.addrform.{'FName'}.value//don't work var fname = document.addrform.[FName].value//don't work I know this work, but messey $tmp = FNAME; var fname = document.addrform.{$tmp}.value I'am finding the use of define constants rather awkward. does anyone make much use of them? Thanks Tony -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Define constants: awkward usage?
tony wrote: Hi all, I got this sets(20) of defined constants which using them as keys to an array eg define(FNAME, fname); farray = array( FNAME = hello ,...); my question is how do I insert that directly into a javascript(to do some client validation) I need this: var fname = document.addrform.fname.value var fname = document.addrform.{FName}.value//don't work var fname = document.addrform.{'FName'}.value//don't work var fname = document.addrform.[FName].value//don't work I know this work, but messey $tmp = FNAME; var fname = document.addrform.{$tmp}.value you could try sprintf()/printf(): $output = sprintf('var fname = document.addrform.%s.value', FNAME ); or printf('var fname = document.addrform.%s.value', FNAME ); I'am finding the use of define constants rather awkward. does anyone make much use of them? yes. :-) for... session varnames post/get varnames bitwise flags er...? Thanks Tony -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php