RE: [PHP-DB] FW: Excel to CSV
Thanks a lot for your response. Actually I reposted my message caused there was failure notice from [EMAIL PROTECTED] when sending my previous email. -Original Message- From: chris smith [mailto:[EMAIL PROTECTED] Sent: Saturday, March 11, 2006 2:12 PM To: Adman, Nur anita Cc: php-db@lists.php.net Subject: Re: [PHP-DB] FW: Excel to CSV > Have you any script/example how to Save As Excel file to CSV using PHP? You don't need to repost your question if you don't get an immediate response. Going "file", "save as" is client side. PHP can't interact with excel like that. Create a VB macro or something to do it. -- Postgresql & php tutorials http://www.designmagick.com/
Re: [PHP-DB] FW: Excel to CSV
> Have you any script/example how to Save As Excel file to CSV using PHP? You don't need to repost your question if you don't get an immediate response. Going "file", "save as" is client side. PHP can't interact with excel like that. Create a VB macro or something to do it. -- Postgresql & php tutorials http://www.designmagick.com/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] FW: Excel to CSV
Dear All, Have you any script/example how to Save As Excel file to CSV using PHP? Thanks & Regards, Anita
[PHP-DB] unescape a string
Is there a way to unescape a string once the command mysql_real_escape_string($variable); has been used on it? (This is to display it to the screen, instead of sending it to the database.) Ron -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] flash/php problem
Actually, I don't see why either method would work: The SWF is in a static HTML page. It requests an mp3, and loads it without having to refresh. So it needs an mp3 returned, not another SWF. Updating the DB from the SWF call sounds cool, but serverside wise requires the .htaccess updated to instruct .swf requests from that dir to be read as PHP. The PHP script would need to update the DB then open the mp3 and write the correct headers before returning it. What's the AMFPHP deal? Flash Remoting. Action Message Format. Like SOAP but better :D Tony -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Excel to CSV
Dear All, Have you any script/example how to Save As Excel file to CSV using PHP? Thanks & Regards, Anita
RE: [PHP-DB] Database abuse help needed
Ahhh thank you everyone,
I came up with the same solution - kind of, but I used about 5 more lines of
code to achieve the same thing as below so I was on the same tracks just not
quite as efficient :-)
Chris
Incorporating what Bastien said:
$badWordsArray = array("these" ,"are", "bad", "words"); foreach($_POST as
$key => $value){
if( in_array($value, $badWordsArray) ){
//$value was found in $badWordsArray
}
}
http://us2.php.net/in_array
-Original Message-
From: Chris Payne [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 09, 2006 8:40 PM
To: php-db@lists.php.net
Subject: RE: [PHP-DB] Database abuse help needed
Thank you for that. And excuse the inexperience, but how would I use an
Array with the below? I mean say I had words such as this,is,a,bad,word
(Just as examples as I can't post what I'm trying to block on here) how
would I loop through those to check if any of them exist and if they do THEN
execute the error script? I'm not too good with Arrays - but I'm learning.
Thank you
Chris
If you POST from your form use $_POST, or $_GET for a form GET
foreach($_POST as $key => $value){
if( strpos($value, $findme) !== false ){
//$findme was found in $value
}
}
http://php.net/manual/en/reserved.variables.php
http://us2.php.net/manual/en/control-structures.foreach.php
http://us2.php.net/strpos Yes, that's !== or ===
-Original Message-
From: Chris Payne [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 09, 2006 5:21 PM
To: php-db@lists.php.net
Subject: [PHP-DB] Database abuse help needed
Hi there everyone,
Is there a better way I can do this?
if ($email == "[EMAIL PROTECTED]" OR $subject == "Rulez666"
Basically, if I have data coming from a form to a DB, is there a better way
to say check EVERY variable for a specific set of words rather than doing
$name, $subject etc seperately?
The reason I ask is my scripts are being exploited and I can fix it when the
attacks happen, but i'd like to be able to have a string which checks all
the form data and takes action if a word I define in a list exists.
So, instead of doing if ($name == " mememe " .. if($email == "
[EMAIL PROTECTED] " ... I could just have a simple statement with a
group of words, and if one of the words appears it takes an action I specify
such as do not proceed to add to DB etc
Any help would be greatly appreciated as I am tired of keep writing the same
scripts with different variables, i'd love to just grab all the variables
from the form and perform the action ONCE on the incoming form data and then
all the variables are affected instead of doing each one.
Please save me from going nuts :-)
Chris
--
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006
--
--
PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit:
http://www.php.net/unsub.php
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Passwords
Dwight Altman wrote: Sure, mysql.com and seasrch for crypt. Not sure why this is asked on a PHP list since it has nothing to do with PHP. b) every language has a crypt function Then I guess it's okay to have crypt questions/answers on "every language" list. Sure whatever, its just this list is specifically about PHP and DB use so PHP's crypt() is pretty much the lamest recommendation since most DB sngines have lots of good encryption and you can use it in your queries. So then they need look in theri DB's documentation for what their type/version offer. At that point it has 100% nothing to do with PHP :) If they just want to crypt() some string for an /etc/passwd type system then they need to post to a PHP basics list not a DB specific one. Not really a big deal but why have specofoc lists if they arn't kept specific :) -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Passwords
On 3/10/06, Micah Stevens <[EMAIL PROTECTED]> wrote:
> On Friday 10 March 2006 7:09 am, Michael Crute wrote:
> > On 3/10/06, Dusty Bin <[EMAIL PROTECTED]> wrote:
> > > One thing to remember, is that the password function is MySQL's way of
> > > storing passwords for MySQL use, and that may change from one release of
> > > MySQL to another. This happened very recently. If you want to store
> > > application passwords, it is better to use a hash, and be independent of
> > > MySQL changes. I use sha1 as I believe it *may* be stronger than MD5(I
> > > am not a cryptographer), so I store my password as:
> > >$passwordToBeStored = sha1($password);
> > > and check the password as:
> > >If(sha1($password) == $storedPassword) {
> > >...
> > >}
> > > HTH... Dusty
> >
> > Just a note, I would never compare passwords like that, you should put
> > sha1($password) in your SQL string as a condition and check to see if
> > any rows where returned.
> >
> > -Mike
>
> It doesn't matter if you have an SSL link to the database. :)
Indeed, but why bother with transfering and loading a resultset if you
have no need for it?
-Mike
--
Michael E. Crute
http://mike.crute.org
It is a mistake to think you can solve any major problems just with potatoes.
--Douglas Adams
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Database abuse help needed
Incorporating what Bastien said:
$badWordsArray = array("these" ,"are", "bad", "words");
foreach($_POST as $key => $value){
if( in_array($value, $badWordsArray) ){
//$value was found in $badWordsArray
}
}
http://us2.php.net/in_array
-Original Message-
From: Chris Payne [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 09, 2006 8:40 PM
To: php-db@lists.php.net
Subject: RE: [PHP-DB] Database abuse help needed
Thank you for that. And excuse the inexperience, but how would I use an
Array with the below? I mean say I had words such as this,is,a,bad,word
(Just as examples as I can't post what I'm trying to block on here) how
would I loop through those to check if any of them exist and if they do THEN
execute the error script? I'm not too good with Arrays - but I'm learning.
Thank you
Chris
If you POST from your form use $_POST, or $_GET for a form GET
foreach($_POST as $key => $value){
if( strpos($value, $findme) !== false ){
//$findme was found in $value
}
}
http://php.net/manual/en/reserved.variables.php
http://us2.php.net/manual/en/control-structures.foreach.php
http://us2.php.net/strpos Yes, that's !== or ===
-Original Message-
From: Chris Payne [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 09, 2006 5:21 PM
To: php-db@lists.php.net
Subject: [PHP-DB] Database abuse help needed
Hi there everyone,
Is there a better way I can do this?
if ($email == "[EMAIL PROTECTED]" OR $subject == "Rulez666"
Basically, if I have data coming from a form to a DB, is there a better way
to say check EVERY variable for a specific set of words rather than doing
$name, $subject etc seperately?
The reason I ask is my scripts are being exploited and I can fix it when the
attacks happen, but i'd like to be able to have a string which checks all
the form data and takes action if a word I define in a list exists.
So, instead of doing if ($name == " mememe " .. if($email == "
[EMAIL PROTECTED] " ... I could just have a simple statement with a
group of words, and if one of the words appears it takes an action I specify
such as do not proceed to add to DB etc
Any help would be greatly appreciated as I am tired of keep writing the same
scripts with different variables, i'd love to just grab all the variables
from the form and perform the action ONCE on the incoming form data and then
all the variables are affected instead of doing each one.
Please save me from going nuts :-)
Chris
--
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006
--
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Passwords
On Friday 10 March 2006 7:09 am, Michael Crute wrote:
> On 3/10/06, Dusty Bin <[EMAIL PROTECTED]> wrote:
> > One thing to remember, is that the password function is MySQL's way of
> > storing passwords for MySQL use, and that may change from one release of
> > MySQL to another. This happened very recently. If you want to store
> > application passwords, it is better to use a hash, and be independent of
> > MySQL changes. I use sha1 as I believe it *may* be stronger than MD5(I
> > am not a cryptographer), so I store my password as:
> >$passwordToBeStored = sha1($password);
> > and check the password as:
> >If(sha1($password) == $storedPassword) {
> >...
> >}
> > HTH... Dusty
>
> Just a note, I would never compare passwords like that, you should put
> sha1($password) in your SQL string as a condition and check to see if
> any rows where returned.
>
> -Mike
It doesn't matter if you have an SSL link to the database. :)
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Passwords
>>Sure, mysql.com and seasrch for crypt. Not sure why this is asked on a >>PHP list since it has nothing to do with PHP. > b) every language has a crypt function Then I guess it's okay to have crypt questions/answers on "every language" list. -Original Message- From: JupiterHost.Net [mailto:[EMAIL PROTECTED] Sent: Thursday, March 09, 2006 7:07 PM To: php-db@lists.php.net Subject: Re: [PHP-DB] Passwords Bastien Koert wrote: > Not PHP? Correct, not PHP. most DB engines have built in encryption funtions for use in their INSERT (IE "store the password in the DB so that it is encrypted") and SELECT (for verifying it with the same funtion you used in INSERT) > http://us3.php.net/crypt yes "Not PHP": a) crypt() has nothing to do with a query b) every language has a crypt function The question has more to do with a general idea of how to accomplish a task, the most suitable answer to is to be had in their DB documentation, since data should be independant of the language handling it (whether it a real language like C or Perl or a wanna be duct taped hack like PHP - no need for flames, I won't listen or care ;p) -- -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Passwords
On 3/10/06, Dusty Bin <[EMAIL PROTECTED]> wrote:
> One thing to remember, is that the password function is MySQL's way of
> storing passwords for MySQL use, and that may change from one release of
> MySQL to another. This happened very recently. If you want to store
> application passwords, it is better to use a hash, and be independent of
> MySQL changes. I use sha1 as I believe it *may* be stronger than MD5(I
> am not a cryptographer), so I store my password as:
>$passwordToBeStored = sha1($password);
> and check the password as:
>If(sha1($password) == $storedPassword) {
>...
>}
> HTH... Dusty
Just a note, I would never compare passwords like that, you should put
sha1($password) in your SQL string as a condition and check to see if
any rows where returned.
-Mike
--
Michael E. Crute
http://mike.crute.org
It is a mistake to think you can solve any major problems just with potatoes.
--Douglas Adams
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Passwords
Kosala Atapattu wrote:
> Hi Ben,
>
>> I have created a user login/registration page. As of now I
>> am using a MySQL database to store the info of the user. To
>> validate the user I also have the password stored in the same
>> DB. I was wondering if there is a way that I can store the
>> password in the DB so that it is encrypted or something.
>> Just so it is not in plain text.
>
> You can use,
>
> SQL> Insert into users_table(user_name, pass_word) values ('your_name',
> PASSWORD('your_pass'));
>
> And crypted password will be saved in the DB
>
> To verify password you can use something like...
>
> SQL> select * from users_table where user_name = 'your_name' and
> pass_word = PASSWORD('your_pass');
>
> If the select query is not empty then user credentials are matching.
>
> As others have suggested PHP crypt functions are useful when you want to
> encrypt data within the DB like credit card details, Company Executives
> Salary and stuff like that. For password encryption the best is MySQL
> inbuilt encryption. MD5 is another I use with PHP, which is not really
> necessary.
>
> Kosala
>
> www.linux.lk/~kosala/
One thing to remember, is that the password function is MySQL's way of
storing passwords for MySQL use, and that may change from one release of
MySQL to another. This happened very recently. If you want to store
application passwords, it is better to use a hash, and be independent of
MySQL changes. I use sha1 as I believe it *may* be stronger than MD5(I
am not a cryptographer), so I store my password as:
$passwordToBeStored = sha1($password);
and check the password as:
If(sha1($password) == $storedPassword) {
...
}
HTH... Dusty
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] PMA Database ... not OK General relation features Disabled
Hi! Server system SBS (Novell Small Business suite) 6.5 sp 1 with MySQL ver. 4.0.15a, PHP 4.2.3, all of them on same machine. Using the phpMyAdmin to build a new DB, I observed the "PMA Database ... not OK General relation features Disabled " message. In the above message is a link to a page with the following explanation that I don't know how to use: - $cfg['Servers'][$i]['pmadb'] string Starting with version 2.3.0 phpMyAdmin offers a lot of features to work with master / foreign - tables. To use those as well as the bookmark feature you need special tables with a predefined structure, which we explain below. If you are the only user of this phpMyAdmin installation, you can use your current database to store those special tables; in this case, just put your current database name in $cfg['Servers'][$i]['pmadb']. If you are setting up a multi-user phpMyAdmin installation, you will need to create a new db and setup special privileges, so, as superuser: create a new database for phpmyadmin: CREATE DATABASE phpmyadmin; Note that "controluser" must have SELECT, INSERT, UPDATE and DELETE privileges on this database. Here is a query to set up those privileges (using "phpmyadmin" as the database name, and "pma" as the controluser): GRANT SELECT,INSERT,UPDATE,DELETE ON phpmyadmin.* to 'pma'@'localhost'; do not give any other user rights on this database. enter the databasename in $cfg['Servers'][$i]['pmadb'] Please help TIA Nanu -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] PMA Database ... not OK General relation features Disabled
Hi! Server system SBS (Novell Small Business suite) 6.5 sp 1 with MySQL ver. 4.0.15a, PHP 4.2.3, all of them on same machine. Using the phpMyAdmin to build a new DB, I observed the "PMA Database ... not OK General relation features Disabled " message. In the above message is a link to a page with the following explanation that I don't know how to use: - $cfg['Servers'][$i]['pmadb'] string Starting with version 2.3.0 phpMyAdmin offers a lot of features to work with master / foreign - tables. To use those as well as the bookmark feature you need special tables with a predefined structure, which we explain below. If you are the only user of this phpMyAdmin installation, you can use your current database to store those special tables; in this case, just put your current database name in $cfg['Servers'][$i]['pmadb']. If you are setting up a multi-user phpMyAdmin installation, you will need to create a new db and setup special privileges, so, as superuser: create a new database for phpmyadmin: CREATE DATABASE phpmyadmin; Note that "controluser" must have SELECT, INSERT, UPDATE and DELETE privileges on this database. Here is a query to set up those privileges (using "phpmyadmin" as the database name, and "pma" as the controluser): GRANT SELECT,INSERT,UPDATE,DELETE ON phpmyadmin.* to 'pma'@'localhost'; do not give any other user rights on this database. enter the databasename in $cfg['Servers'][$i]['pmadb'] Please help TIA Nanu -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] PMA Database ... not OK General relation features Disabled
Hi! Server system SBS (Novell Small Business suite) 6.5 sp 1 with MySQL ver. 4.0.15a, PHP 4.2.3, all of them on same machine. Using the phpMyAdmin to build a new DB, I observed the "PMA Database ... not OK General relation features Disabled " message. In the above message is a link to a page with the following explanation that I don't know how to use: - $cfg['Servers'][$i]['pmadb'] string Starting with version 2.3.0 phpMyAdmin offers a lot of features to work with master / foreign - tables. To use those as well as the bookmark feature you need special tables with a predefined structure, which we explain below. If you are the only user of this phpMyAdmin installation, you can use your current database to store those special tables; in this case, just put your current database name in $cfg['Servers'][$i]['pmadb']. If you are setting up a multi-user phpMyAdmin installation, you will need to create a new db and setup special privileges, so, as superuser: create a new database for phpmyadmin: CREATE DATABASE phpmyadmin; Note that "controluser" must have SELECT, INSERT, UPDATE and DELETE privileges on this database. Here is a query to set up those privileges (using "phpmyadmin" as the database name, and "pma" as the controluser): GRANT SELECT,INSERT,UPDATE,DELETE ON phpmyadmin.* to 'pma'@'localhost'; do not give any other user rights on this database. enter the databasename in $cfg['Servers'][$i]['pmadb'] Please help TIA Nanu -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
