Re: [PHP-DB] use php variable within postgresql query

2023-06-09 Thread Aziz Saleh 
That was a bad copy/paste on his part. Syntax errors will not allow PHP to
even run the code.

On Fri, Jun 9, 2023 at 11:14 AM G. Franklin  wrote:

> My friends,
>
> Would not the syntax of "$query=$_GET['databasecolumn'[;" be part of the
> issue?
>
> I believe the brackets should be closed like this, no?
> "$query=$_GET['databasecolumn'];"
>
> ~G.
>
>
>
> On Fri, 9 Jun 2023 at 10:53, Aziz Saleh  wrote:
>
> > Read and understand these, should help you:
> >
> > https://www.php.net/manual/en/language.types.array.php
> >
> > Basically its databasecolumnname get param is not defined (set) causing
> the
> > query to fail also.
> >
> > On Fri, Jun 9, 2023 at 5:06 AM e-letter  wrote:
> >
> > > Readers,
> > >
> > > Suppose:
> > >
> > > $query=$_GET['databasecolumn'[;
> > >
> > > $anotherquery=pg_query($databaseconnection, 'SELECT * FROM
> > > databasename WHERE databasecolumnname="'.$query.';"');
> > >
> > > Two errors are reported:
> > >
> > > PHP Notice:  Undefined index: databasecolumnname
> > >
> > > PHP Warning:  pg_query(): Query failed: ERROR:  column ";" does not
> exist
> > >
> > > Any advice please?
> > >
> > > --
> > > PHP Database Mailing List (http://www.php.net/)
> > > To unsubscribe, visit: http://www.php.net/unsub.php
> > >
> > >
> >
>

Re: [PHP-DB] use php variable within postgresql query

2023-06-09 Thread Aziz Saleh 
Read and understand these, should help you:

https://www.php.net/manual/en/language.types.array.php

Basically its databasecolumnname get param is not defined (set) causing the
query to fail also.

On Fri, Jun 9, 2023 at 5:06 AM e-letter  wrote:

> Readers,
>
> Suppose:
>
> $query=$_GET['databasecolumn'[;
>
> $anotherquery=pg_query($databaseconnection, 'SELECT * FROM
> databasename WHERE databasecolumnname="'.$query.';"');
>
> Two errors are reported:
>
> PHP Notice:  Undefined index: databasecolumnname
>
> PHP Warning:  pg_query(): Query failed: ERROR:  column ";" does not exist
>
> Any advice please?
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP-DB] what does the mysqli real connect MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT flag do? How to disable only CN validation?

2023-03-22 Thread Aziz Saleh 
That flag uses SSL encryption but disables validation of the provided SSL
certificate. This is only for installations using MySQL Native Driver and
MySQL 5.6 or later.

On Wed, Mar 22, 2023 at 4:50 PM John Wythe  wrote:

> mysqli_real_connect has a parameter called flags than can be passed to
> it.  One of the flags in *MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT.*
>
>
>
> What does this flag do?  Does it only disable the CN validation, or does
> it also disable the certificate validation against a CA authority.
>
>
>
> SSL_CONEXT talks about options
>
>
>
> peer_name
>
> peer_verify
>
> peer_verify_name
>
>
>
> I would like to use these to at least disable only the verify_name part,
> or maybe even set the peer_name and have both validations turned on.
>
>
>
> Seems this context function is only available for streams and not mysqli.
>
>
>
> Openssl seems to have the ability to do this, however it does not appear
> to be exposed via mysqli.  I am guessing the flag above equates to peer
> verify and not peer_verify_name, or equates to both.
>
>
>
> I suppose I could download the source for php_pmysqli, and have a look,
> would that be the correct package to look at?
>
>
>
>
>
> John Wythe
> Software & Systems Engineer
> Epicor Software Corporation
> www.epicor.com
>
> Ph: 250-260-6495
> TF Support: 800-678-7423
> E-Mail: jwy...@epicor.com
> Support E-Mail: *silksupp...@epicor.com *
>
> *Support portal:* *https://epicorcs.service-now.com/epiccare/
> *
>
> 
>
>
>

Re: [PHP-DB] Realtime connection to postgres database

2020-10-25 Thread Aziz Saleh 
Another way to do this is to have an ajax call on timeout to an update
endpoint, if there is an update inject that update on the page (or refresh
it).

Some js examples (both short/long polling):

https://stackoverflow.com/questions/42825972/update-html-when-change-is-noticed-in-mysql-database
https://stackoverflow.com/questions/22577457/update-data-on-a-page-without-refreshing
https://stackoverflow.com/questions/8100594/refresh-content-automatically-if-the-database-changes


On Sun, Oct 25, 2020 at 5:18 PM Rodrigo Sánchez 
wrote:

> Hi everyone,
>
>   I made a table in html that reads a table from a postgres database
> (easy part).  The postgres database grows every time an earthquake
> occurs. What is the best way to keep the table updated automatically,
> each time a new earthquake is added to the database? (I mean, not having
> to update by clicking on the browser). The ugly way to do it is by using
> something like header ("refresh: 3"); for example ... but isn't there
> something better?
>
>   Excuse the question if it is very obvious, but I am not a "full" time
> php programmer.
>
>   (PHP 7.4.11, postgresql 9.6.19)
>
>
> --
> 
>   Rodrigo Sánchez-Olavarría
>   CSN, Centro Sismologico Nacional
>   Universidad de Chile
>   Celular : +56 9 42137243
> 
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP-DB] Can connect to Mysql via command line but not via browser

2020-09-03 Thread Aziz Saleh 
Are both connected to the same network? Just asking because I see a local
ip for server ip/name. Maybe try with public IP instead see if it helps.

On Thu, Sep 3, 2020 at 5:51 PM Tai Larson  wrote:

> I have a MySQL database server and a separate web sever running Apache.
> Both are running Centos 8.
>
> I can connect to my database server from my web server via the command
> line, but I get permission denied whenever I try to connect to the server
> via a browser.
>
> Here is the code I'm running:
>  $servername = "192.168.10.XXX";
> $username = "root";
> $password = "123456789";
> $conn = new mysqli($servername, $username, $password); if
> ($conn->connect_error) {
>   die("Connection failed: " . $conn->connect_error); } echo "Connected
> successfully"; ?>
>
> I SSH into my web server and run this command "php TestMySQL.php".  I
> receive the output of "Connected successfully".
>
> When I attempt through my browser or curl, I receive the output of
> "Connection failed: Permission denied".
>
> I can also connect to the remote database with the local mysql client.
>
> Thank you all in advance for your help.
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP-DB] PHP mysqli is NOT trapping some errors when calling stored procedure

2019-02-12 Thread Aziz Saleh 
Do you have sufficient privileges to execute stored procedures (procs_priv)
on PHP's end?

On Tue, Feb 12, 2019 at 11:07 AM Venkat Hariharan 
wrote:

> Can you take a look at the issue that I've described at
>
> https://stackoverflow.com/questions/54643704/php-mysqli-is-not-trapping-some-errors-when-calling-stored-procedure
> and tell me what I am missing in my PHP code ?
>
> To summarize: I am calling a MySQL stored procedure from PHP that does some
> DMLs (using mysqli). But the problem is that PHP is not able to get
> intimated of some database error conditions raised by the stored proc
> (which I know are raised, bcoz they do get flagged when invoked from a
> mysql client)
>
> I've listed the relevant code fragments there. Am I not using mysqli
> correctly?
>
> Thanks,
> Venkat
>

Re: [PHP-DB] Corn job anomaly

2016-09-25 Thread Aziz Saleh 
On Sun, Sep 25, 2016 at 4:59 AM, Karl DeSaulniers 
wrote:

> > On Sep 23, 2016, at 5:38 AM, Richard  innovate.net> wrote:
> >
> >
> >
> >> Date: Friday, September 23, 2016 03:28:47 -0500
> >> From: Karl DeSaulniers 
> >>
> >> Ok, so I have run down all the possible things (that I know of)
> >> that could be keeping this from working. I have checked with my
> >> hosting service that:
> >>
> >> 1. MySQL is accessible with the original user I started with (for
> >> this case were using db123456) via ssh. 2. The cron is accessing my
> >> php script fine.
> >> 3. The cron is running the script and is attempting to access MySQL
> >> but not allowing access still.
> >>
> >> I tried running the script via ssh and it is timing out. No error
> >> of not accessing MySQL, just telling me it is timing out.  This
> >> tells me (I could be wrong) that it is in fact accessing MySQL and
> >> that my calls to MySQL are making the script time out? What bothers
> >> me is that the cron errors out saying access denied but ssh says
> >> timeout error. Does anyone have any ideas for me to try at this
> >> point? If I don't get this to work in the next couple of days, I am
> >> toast!
> >>
> >
> > -- Try the mysql access and commands directly from the command
> >line (using the mysql cli).
> >
> > -- Put debug/print statements in your code so you can clearly
> >see where you are getting.
> >
> >-- This includes printing out your mysql statements so that
> >   you know exactly what is being passed to mysql (both when
> >   you run the script by hand and via cron).
> >
>
> Thanks Richard,
> That got me thinking and I figured out my access issue... HALELUYA!
>
> Now I am getting an error with mysql syntax.
>
> "SELECT otn.*, cf.* FROM ".ORDER_TABLE." otn LEFT JOIN ".FIELDS_TABLE." cf
> ON cf.Order_ID = otn.Order_ID WHERE cf.Earliest_Pickup >= DATE(NOW()) AND
> cf.Earliest_Pickup <= DATE(NOW() + INTERVAL ".($Num_Days_Away+1)." DAY) AND
> otn.Order_Status != 'Shipping' AND otn.Order_Status != 'Completed'"
>
> is giving me this error:
> You have an error in your SQL syntax; check the manual that
> corresponds to your MySQL server version for the right syntax to use near
> '\"Shipping\" AND otn.Order_Status != \"Completed\"' at line 1
>
> I think at this point my brain is fried and I am not seeing what is wrong
> with this.
> Can anyone point out my folly? My guess is it is an obvious one, but I am
> not seeing it.
>
> Thanks again for your help everyone. I think I am almost there!
>
> Best,
>
> Karl DeSaulniers
> Design Drumm
> http://designdrumm.com
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Echo out the query, then manually run it.

Re: [PHP-DB] weird string literal related problem

2016-08-01 Thread Aziz Saleh 
But if i print $entries['decoderUserGUID'] I get the correct value

This means the key value is decoderUserGUID NOT 'decoderUserGUID', try
creating $strIndex without the quotes, just the key value.

On Mon, Aug 1, 2016 at 2:31 PM, Ratin  wrote:

> Hi I am new to this list, not sure how active this list is but i have a
> question regarding php-sqlite integration. I am using a string variable
> where I put the column name and trying to use that varible to get its
> value, in a loop. So here is what I have (simplified version):
>
>
> $strIndex='\'' . $columns[$i] . '\'';  //strIndex has the value :
> 'decoderUserGUID'  (including quotes)
> $result = $db->query('select * from DecoderUser');
> while ($entries = $result->fetchArray())
> {
> $value=$entries[$strIndex];
> }
>
>
>
> So if I print $value, I get nothing. But if i print
> $entries['decoderUserGUID'] I get the correct value. If I print $strIndex,
> I get 'decoderUserGUID' (including the quotes). How can I solve this
> mistery.. whats hapenning here , Anybody have any idea?
>
>
> Thanks
>
> Ratin
>

Re: [PHP-DB] Zero Values

2015-09-01 Thread Aziz Saleh 
On Tue, Sep 1, 2015 at 11:36 PM, Ethan Rosenberg <
erosenb...@hygeiabiomedical.com> wrote:

> Dear List -
>
> I have a payment/charges table -
>
> mysql> describe Charges;
> +--+--+--+-+-+---+
> | Field| Type | Null | Key | Default | Extra |
> +--+--+--+-+-+---+
> | Indx | mediumint(9) | NO   | PRI | 0   |   |
> | Cust_Num | smallint(5) unsigned | NO   | | NULL|   |
> | Balance  | decimal(10,2)| YES  | | NULL|   |
> | Payments | decimal(10,2)| YES  | | NULL|   |
> | Charges  | decimal(10,2)| YES  | | NULL|   |
> | Notes2   | text | YES  | | NULL|   |
> | Date | date | YES  | | NULL|   |
> | PH1  | char(4)  | YES  | | NULL|   |
> | PH2  | char(4)  | YES  | | NULL|   |
> | PH3  | char(5)  | YES  | | NULL|   |
> +--+--+--+-+-+---+
> 10 rows in set (0.11 sec)
>
> If Balance, Payments and Charges all equal 0, and then
>
> select * from Charges,
>
> the rows w/ all zero values will not be displayed.
>
> Why?
>
> TIA
>
> Ethan
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
The default value field is NULL, which is not the same as zero. When
inserting the records add '0' as a value if you want. Another way to do it
is during the SELECT ad an ifnull use '0'.

Re: [PHP-DB] For my understanding

2015-07-25 Thread Aziz Saleh 
On Sat, Jul 25, 2015 at 9:33 PM, Karl DeSaulniers k...@designdrumm.com
wrote:

 Hello,
 This might be a question better suited for the general php list.
 If it is, please let me know.

 I have inherited some pages that have a code on it I don't recognize.
 Can anyone enlighten me as to what this code is doing?

 [code]
 array_walk($Options, create_function('$val', '$val = trim($val);'));

 Is this creating php variables from the contents of the $Options array?
 TIA

 Best,

 Karl DeSaulniers
 Design Drumm
 http://designdrumm.com




It's trimming all elements within the array.

http://php.net/manual/en/function.array-walk.php
http://php.net/manual/en/function.create-function.php
http://php.net/manual/en/function.trim.php

Re: [PHP-DB] Re: سلام دوست من

2015-06-23 Thread Aziz Saleh 
It's spam message, been sent almost every other day.

2015-06-23 11:06 GMT-04:00 Jim Giner jim.gi...@albanyhandball.com:

 On 6/2/2015 2:17 PM, Mahsa Ehsani wrote:

 زمان ثمردهي‌اش گذشته بود و دوره بازنشستگي را طي مي‌كرد. روزگاري طراوت و
 سرسبزي داشت و كودك و بزرگ از قِبَلِ او مرزوق بودند. اما اكنون تمام
 دلخوشي‌اش اين بود كه پيامبر اعظم ـ صلي­الله­عليه­و­آله ـ چون به ايراد سخن
 مي‌ايستاد بر او تكيه مي‌كرد و اين براي او از هر افتخاري بالاتر بود.
 نخل خشكيده‌اي در شهر مدينه كه توفيق هم­جواري با حجّت كبراي حق و برترين
 مخلوق در عرصه هستي را پيدا كرده بود.
 او چوب خشكيده‌اي بود از جنس نخل، نه ادعاي عقلانيّت داشت و نه خود را در حد
 و اندازه ما انسان‌ها مي‌دانست. اما تمام سرمايه‌اش عشقي بود كه به وجود
 نوراني پيامبر خدا ـ صلي­الله­عليه­و­آله ـ در دل پيدا كرده بود.
 چند صباحي گذشت تا اين كه اصحاب براي حضرت منبري سه پله از چوب درست كردند و
 با اجازه ايشان وارد مسجد نمودند، اما تكيه حضرت همچنان به نخل خشكيده بود.
 در اثناء سخن، حضرت به سمت منبر حركت كرد. اما چند قدم دورتر نشده بود كه
 نخل صدايش به ناله بلند شد. ناله‌اي از سوز دل مثل ناله ماده­شتر در فراق
 فرزندش. و همه مردم شنيدند و به ستون حنّانه خيره ماندند كه الله اكبر!
 الله اكبر از اين شور و اشتياق و از اين بي‌تحملي درد فراق!
 اما او نبيّ رحمت بود و كشتي نجات امّت؛ و با همه هستي رفيق شفيق بود و يار
 صميمي. و الله اكبر از اين قلب آكنده از محبّت نبي حتي نسبت به آنچه كه ما
 بي‌جانش مي‌پنداريم.
 او برگشت به سوي ستون و با تمام وجود او را در آغوش گرفت و خوشا به حال ستون
 عاشق. نخل اما صداي ناله‌اش عوض شد و مثل كودكي كه بعد از دوري به آغوش مادر
 رسيده باشد هق هق گريست.
 و رسول او را نوازش كرد. آن قدر كه نخل در آغوش پرمهر مادر هستي آرام گرفت و
 گريه‌اش خاموش شد.
 حضرت رو كرد به مردم و فرمود: به خدا قسم اگر در آغوشش نمي­گرفتم تا قيام
 قيامت ناله‌اش پاياني نداشت!
 و مرحبا بر ستون و هزار آفرين بر اين همه ارادت و استقامت!
 آري مهدي‌جان! او كه چوب بود و بي‌جان، فراق حجت خدا را چند ثانيه بيشتر
 نتوانست تحمل كند اما ما كه انسانيم و ادعا داريم سيزده قرن فراق تو را
 ديده‌ايم و هنوز صدايمان به ناله بلند نشده است! كه اگر شده بود تو آمده بودي!
 چرا كه تو پسر همان پيغمبري با همه شئونات حتي مهرباني‌اش منهاي وحي.
 آري، مشكل از ما است كه لذت با تو بودن را نچشيديم تا در رنج و درد جانسوز
 فراقت ناله زنيم.
 ما بيشتر به نبودنت انس گرفته‌ايم تا به بودنت؛ پس بيا، بيا و لذت با ولي
 بودن و با ولي زيستن را به انسانيت بچشان.
 هرگونه پخش و نشر اين محتوا بلامانع مي باشد

  Uhh,  translation please?

 --
 PHP Database Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] SQL injection

2015-06-21 Thread Aziz Saleh 
On Sun, Jun 21, 2015 at 9:19 AM, Lester Caine les...@lsces.co.uk wrote:

 OK - this had no chance of success since publish_date_desc is processed
 using the _desc ( or _asc ) and any invalid data stripped


 sort_mode=publish_date_desc%20or%20(1,2)=(select*from(select%20name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a)%20--%20and%201%3D1

 The question is more of interest in just what it was trying to achieve?
 I presume hack MySQL? So Firebird would barf anyway, but just trying to
 something that has generated some several hundred error log entries in
 the last two days ...

 --
 Lester Caine - G8HFL
 -
 Contact - http://lsces.co.uk/wiki/?page=contact
 L.S.Caine Electronic Services - http://lsces.co.uk
 EnquirySolve - http://enquirysolve.com/
 Model Engineers Digital Workshop - http://medw.co.uk
 Rainbow Digital Media - http://rainbowdigitalmedia.co.uk

 --
 PHP Database Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php


The sub-query is invalid, if valid it would've been equivalent to:
 or (1,2)=(select*from(select 'b2xvbG9zaGVy' as 1, 'b2xvbG9zaGVy' as 1))a)
-- and 1=1

Seems non threatening to me.

Re: [PHP-DB] Fwd: About PDO::fetchObject

2015-06-11 Thread Aziz Saleh 
On Thu, Jun 11, 2015 at 1:53 AM, Octopus Puras zlk1...@gmail.com wrote:

 I have a MySQL table, whose name is Items:
 ItemID ItemName ItemDescription

 I also have a PHP class:
 class Item {
   public $id;
   public $name;
   public $description;
 }

 If I execute $stmt-fetchObject(), I will get an object with fields of
 ItemID, ItemName, etc. But I want to adapt the name of the fields to the
 Item class. What should I do?


It would be easier/more efficient/easier to debug to change the field names
to what you want to, instead of having to do that manually like Stefan
suggested.

Re: [PHP-DB] Removing slashes from the database

2015-06-03 Thread Aziz Saleh 
On Wed, Jun 3, 2015 at 12:25 AM, Ron Piggott ron.pigg...@actsministries.org
 wrote:

  On 02/06/15 23:20, Aziz Saleh wrote:

  On Tue, Jun 2, 2015 at 11:08 PM, Ron Piggott 
 ron.pigg...@actsministries.org wrote:


 On 02/06/15 22:58, Aziz Saleh wrote:



 On Tue, Jun 2, 2015 at 10:50 PM, Ron Piggott 
 ron.pigg...@actsministries.org wrote:


 I am working through the process of removing \'s from the database. I am
 trying to get this query using a variable starting with 

 $query1  =EOF
 UPDATE `TABLE_NAME` SET `COLUMN_NAME` =
 REPLACE(REPLACE(REPLACE(`COLUMN_NAME`,'\\\'','\''),'\\\',''),'','\\');
 EOF;

 But when I go to execute the query I am getting the error:

 |#1064 - You have an error in your SQL syntax; check the manual that
 corresponds to your MariaDB server version for the right syntax to use near
 '\''),'\\',''),'\\','\')' at line 1 |

 Could someone help me know what \ and ' should be part of this query so
 it will execute correctly --- only removing \'s from the database table
 text columns?

 Thank you.

 Ron


  When you say remove, as replace all occurrences with an empty string,
 or replace with a different character?

  I want \ to become just 
 I want \' to become just '
 I also want however \ was escaped to become just \

 (I am trying to revert the text back to what it was originally before
 mysql_escape_string was applied)

 I hope this helps elaborate.

 Ron


  For simplicity sake, do each one in its own query and see which one
 breaks if any:


 $query1  =EOF
 UPDATE `TABLE_NAME` SET `COLUMN_NAME` = REPLACE(`COLUMN_NAME`,'\','')
 EOF;
 $query2  =EOF
 UPDATE `TABLE_NAME` SET `COLUMN_NAME` = REPLACE(`COLUMN_NAME`,\',')
 EOF;
 $query3  =EOF
 UPDATE `TABLE_NAME` SET `COLUMN_NAME` = REPLACE(`COLUMN_NAME`,'','\\')
 EOF;

  However, personally, I do not recommend this sort of action. Your data
 should be escaped in the DB. Your MySQL driver should be handling the
 escape/un-escape when setting/retrieving the data.

 A friend pointed out to me today: In the earlier versions of PHP there was
 a setting called 'magic_quotes_gpc'.  When enabled slashes were added  by
 default. This setting has since been depreciated as of PHP 5.3 and was
 removed completely in PHP 5.4.  I am using PHP 5.6.

 Thank you for the suggestion of running 3 separate commands.  Individually
 these execute successfully.  Is it even possible to do a REPLACE in the
 fashion I have noted?

 Ron


It is possible, but sometimes with the clutter you don't notice a syntax
issue. This seems to work fine:

$query  =EOF
UPDATE `TABLE_NAME` SET `COLUMN_NAME` =
REPLACE(REPLACE(REPLACE(`COLUMN_NAME`,'','\\'),\','),'\','')
EOF;

Re: [PHP-DB] Removing slashes from the database

2015-06-02 Thread Aziz Saleh 
On Tue, Jun 2, 2015 at 10:50 PM, Ron Piggott ron.pigg...@actsministries.org
 wrote:


 I am working through the process of removing \'s from the database. I am
 trying to get this query using a variable starting with 

 $query1  =EOF
 UPDATE `TABLE_NAME` SET `COLUMN_NAME` =
 REPLACE(REPLACE(REPLACE(`COLUMN_NAME`,'\\\'','\''),'\\\',''),'','\\');
 EOF;

 But when I go to execute the query I am getting the error:

 |#1064 - You have an error in your SQL syntax; check the manual that
 corresponds to your MariaDB server version for the right syntax to use near
 '\''),'\\',''),'\\','\')' at line 1 |

 Could someone help me know what \ and ' should be part of this query so it
 will execute correctly --- only removing \'s from the database table text
 columns?

 Thank you.

 Ron


When you say remove, as replace all occurrences with an empty string, or
replace with a different character?

Re: [PHP-DB] Removing slashes from the database

2015-06-02 Thread Aziz Saleh 
On Tue, Jun 2, 2015 at 11:08 PM, Ron Piggott ron.pigg...@actsministries.org
 wrote:


 On 02/06/15 22:58, Aziz Saleh wrote:



 On Tue, Jun 2, 2015 at 10:50 PM, Ron Piggott 
 ron.pigg...@actsministries.org wrote:


 I am working through the process of removing \'s from the database. I am
 trying to get this query using a variable starting with 

 $query1  =EOF
 UPDATE `TABLE_NAME` SET `COLUMN_NAME` =
 REPLACE(REPLACE(REPLACE(`COLUMN_NAME`,'\\\'','\''),'\\\',''),'','\\');
 EOF;

 But when I go to execute the query I am getting the error:

 |#1064 - You have an error in your SQL syntax; check the manual that
 corresponds to your MariaDB server version for the right syntax to use near
 '\''),'\\',''),'\\','\')' at line 1 |

 Could someone help me know what \ and ' should be part of this query so
 it will execute correctly --- only removing \'s from the database table
 text columns?

 Thank you.

 Ron


  When you say remove, as replace all occurrences with an empty string, or
 replace with a different character?

 I want \ to become just 
 I want \' to become just '
 I also want however \ was escaped to become just \

 (I am trying to revert the text back to what it was originally before
 mysql_escape_string was applied)

 I hope this helps elaborate.

 Ron


For simplicity sake, do each one in its own query and see which one breaks
if any:


$query1  =EOF
UPDATE `TABLE_NAME` SET `COLUMN_NAME` = REPLACE(`COLUMN_NAME`,'\','')
EOF;
$query2  =EOF
UPDATE `TABLE_NAME` SET `COLUMN_NAME` = REPLACE(`COLUMN_NAME`,\',')
EOF;
$query3  =EOF
UPDATE `TABLE_NAME` SET `COLUMN_NAME` = REPLACE(`COLUMN_NAME`,'','\\')
EOF;

However, personally, I do not recommend this sort of action. Your data
should be escaped in the DB. Your MySQL driver should be handling the
escape/un-escape when setting/retrieving the data.

Re: [PHP-DB] SQL Injection

2015-05-14 Thread Aziz Saleh 
On Thu, May 14, 2015 at 9:05 PM, Karl DeSaulniers k...@designdrumm.com
wrote:

 Hello Everyone,
 Have a quick question. Was reading some material and wanted some Players
 perspective.
 I know w3schools is not the de-facto on everything, so I wanted to know
 how reliable is the information on this page.

 http://www.w3schools.com/sql/sql_injection.asp

 Namely the @ symbol before SQL Values and because this talks about SQL and
 not MySQL specifically, does this not apply to MySQL?
 To my uneducated eyes it seems legit. Any clarification is greatly
 appreciated.

 TIA,

 Best,

 Karl DeSaulniers
 Design Drumm
 http://designdrumm.com



That is preferred in PHP as well. The SQL/MySQL isn't specifically doing
the replacement, but rather the driver object. Using parametrized queries:

http://php.net/manual/en/pdo.prepared-statements.php

Re: [PHP-DB] MySQLi

2014-09-13 Thread Aziz Saleh 
On Sat, Sep 13, 2014 at 8:55 PM, Karl DeSaulniers k...@designdrumm.com
wrote:

 On Sep 13, 2014, at 7:40 AM, Lester Caine les...@lsces.co.uk wrote:

  On 13/09/14 11:40, Karl DeSaulniers wrote:
  Hope this message finds you well. Quick question about MySQLi and PHP.
  I have a website that was built back in 2012 that is still on PHP 5.2
 and MySQL
  and I am wanting to update it to PHP 5.7 with MySQLi without headaches.
  I am dreading this like a spoonful of molasses. Is there any sugar
 remedy for this medicine
  or do I just grow a pair and take it?
 
  Well a few problems 5ere ...
  PHP5.2 had already been shelved at end of 2010, but I know why it was
  probably used 2 years later. I'm STILL running 5.2 on servers as the
  time needed to convert those sites is just not available and can't be
  justified cost wise :(
 
  Any MySQL = MySQLi converters out there?
  Any PHP5.2 = PHP 5.7 cheat sheets?
 
  If I update my server to PHP 5.7 is everything going to break? Or
 stupid question of course it is?
  PHP5.7 will not be around any time soon, PHP5.6 has just been released.
  But converting from 5.2 all the way to 5.6 is not something that is easy
  to do. I'm still only moving 5.2 to 5.4 at presnt.
 
  http://php.net/manual/en/migration53.php and
  http://php.net/manual/en/migration54.php is the starting point, but
  things depricated in 5.3 were removed in 5.4 so if you are using any of
  those methods then they need removing. You can switch the later PHP
  servers to ignore e_strict warning/errors, but this is the major problem
  area. and really the only way to move forward is clear all of those
  problems before moving forward. Unless you caa ensure your server will
  always be switched bak to a compatible mode of working.
 
  And all that before even looking at MySQL ... I've never used it, so
  hopefully someone else will cover that side.
 
  --
  Lester Caine - G8HFL

 Ah, I see. Now Glob Design's comment makes sense.
 Thanks Lester.

 Best,

 Karl DeSaulniers
 Design Drumm
 http://designdrumm.com


 --
 PHP Database Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php


I am not sure about any MySQL - MySQLI wrappers, but I did built a MySQL
- PDO Wrapper a while back that you can use if you have PDO_MySQL enabled:

https://github.com/azizsaleh/mysql

Re: [PHP-DB] www-data file

2014-08-25 Thread Aziz Saleh 
On Tue, Aug 26, 2014 at 12:20 AM, Ethan Rosenberg 
erosenb...@hygeiabiomedical.com wrote:

 Dear list -

 When I use  fopen, the  file owner and group are both www-data.

 How can I ensure that the owner and group will be ethan?

 TIA

 Ethan



 --
 PHP Database Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php


Use chown/chgrp after the fact:
http://php.net/manual/en/function.chown.php
http://php.net/manual/en/function.chgrp.php

If you want it to be ethan by default, something which I would never do or
recommend to do for obvious security reasons you will need to modify your
Apache environment variables (find where the configs are set by using grep,
for example: grep www- /etc/apache2/apache2.conf).

Re: [PHP-DB] Re: Query does not work

2014-07-01 Thread Aziz Saleh 
On Tue, Jul 1, 2014 at 10:02 AM, Jim Giner jim.gi...@albanyhandball.com
wrote:

 How about just showing us the section of code instead of disjoint pieces
 that WE cannot be sure are applied correctly?


 --
 PHP Database Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php


Also the DB structure would help, using sqlfiddle will make things a lot
easier as well for us (lazy me).

Re: [PHP-DB] VAR_DUMP INTO PHP VARIABLES

2014-06-19 Thread Aziz Saleh 
On Thu, Jun 19, 2014 at 10:09 AM, Toby Hart Dyke t...@hartdyke.com wrote:



 My error! This:


 $responseCode = $result[return]['responsecode'];

 should have been


 $responseCode = $result['return']['responsecode'];


 The other responses have been rather more elegant, though I think my
 solution is a little more readable - i.e., I had to think about what was
 happening for those ones!

   Toby


 On 6/19/2014 9:50 AM, Oriole Computing wrote:

 Hi Toby,

 my response is in variable $result so i run the code as below

 $responseCode = $result[return]['responsecode'];

 but getting this error: PHP Parse error:  syntax error, unexpected
 T_RETURN, expecting ']

 Warm Regards



 *SUPPORT TEAMORIOLE COMPUTING*

 *1938 B1 MUNGWI ROAD*

 *LUSAKAZAMBIA*

 *Skype:* oriolecomputing | *Url:* oriolecomputing.blogspot.com
 http://generalcomputing.blogspot.com/


 On Thu, Jun 19, 2014 at 12:23 PM, Pritoj Singh prit...@gmail.com wrote:

  foreach($arr['return'] as $key=$val){
 $$key=$val;
 }


 On Thu, Jun 19, 2014 at 3:48 PM, Toby Hart Dyke t...@hartdyke.com
 wrote:

  If you have the response in a variable, $response:

 $responseCode = $response[return]['responsecode'];
 $responseMessage = $response[return]['responseMessage'];
 $transactionID = $response[return]['transactionID'];




 --
 PHP Database Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php


Nothing to do with DB. Wrong mailing list: http://php.net/mailing-lists.php

Re: [PHP-DB] Newbie Question $2

2014-06-18 Thread Aziz Saleh 
On Wed, Jun 18, 2014 at 2:13 PM, Karl DeSaulniers k...@designdrumm.com
wrote:



 Sent from losPhone

  On Jun 18, 2014, at 7:56 AM, Jim Giner jim.gi...@albanyhandball.com
 wrote:
 
  On 6/18/2014 12:31 AM, Ethan Rosenberg, PhD wrote:
  On 06/17/2014 12:02 PM, onatawah...@yahoo.ca wrote:
  Hi Ethan,
 
  Here are some things to clean up your code:
 
  Your line:
 
  $phn = $_POST[phone];
 
  should use quotations as follows:
 
  $phn = $_POST['phone'];
 
  Your line:
 
  $sql1 ='select Lname, Fname from Customers where Phone = $Phn ';
 
  Should use double quotes if you need the variable to be interpreted:
 
  $sql1 =select Lname, Fname from Customers where Phone = $Phn ;
 
  Lastly, as people have mentioned PDO is probably the best way to go.
  Try connecting to your database with PDO. Look on Google for PDO
  prepared statements and use those instead of the mysql escape string
  method.
 
  Hope this helps,
 
  -Kevin
 
  Sent from Yahoo Mail on Android
  IT WORKS!!!
 
  Here is the code -
 
  !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN
  http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
  html xmlns=http://www.w3.org/1999/xhtml;
 
  html
  ?php
$bla = 1;
  ?
  head
  /head
  body
  div align=center
  form method=post
  input type='text' name=phone/input
  input type='submit'
  br /br /br /
  /form
  /div
  ?php
  error_reporting(-1);
  require '/home/ethan/PHP/ethan.inc';
  $db = Store;
  $cxn = mysqli_connect($host,$user,$password,$db);
 
  $phn = $_POST[phone];
  $phn = (string)$phn;
  $dsh = '-';
  $Phn =
 
 $phn[0].$phn[1].$phn[2].$dsh.$phn[3].$phn[4].$phn[5].$dsh.$phn[6].$phn[7].$phn[8].$phn[9];
 
  $sql1 =select Lname, Fname from Customers where Phone =
  '$Phn' ;
  $result1 = mysqli_query($cxn, $sql1);
  if(!$result)
  {
  ?
  div align=center
 
  strongNo Match Found/strong
  br /br /
  /div
  ?php
  }
 
  ?
  div align=center
  table border=4 cellpadding=5 cellspacing=55
  rules=all frame=box
  tr class='heading'
  thLast Name/th
  thFirst Name/th
  ?php
 
  while($row1 = mysqli_fetch_row($result1))
  {
 
  $Lname = $row1[0];
  $Fname = $row1[1];
 
 
 
  ?  tr
  td ?php echo $Lname; ? /td
  td ?php echo $Fname; ? /td
  /tr
  ?php
}
  ?
/table
  /div
  /body
  /html
 
  As you [those that replied] accurately noted, the problem was with the
  quoting.
 
  I appreciate all your comments, take them seriously and will use the
  information contained in them for future programming.
 
  No matter how much skill in programming I have, I will remain a NEWBIE;
  ie, someone who wishes to grrow in knowledge and acknowledges that there
  are many programmers much more skilled than I.
 
  Thanks again.
 
  Ethan
  happy to hear you got it working.  Sad to see that you didn't heed the
 tips provided to you and alter your code, and that you still have errors in
 it.  oh, well
 

 Wow. Just wow. I though when I signed up on this list that if I did what
 Ethan did I would be shunned from the list. But I guess I was wrong. You
 can be an ask hole on here and people will still try and help. Kudos to the
 good souls who try.

 Karl
 --
 PHP Database Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php


There are lots of people who have free time on their hands to teach the
basics, which I think is a good thing. Personally, if someone doesn't care
enough to read the manual or attempt to understand the basics, I wouldn't
spend too much time on their problems.

Re: [PHP-DB] Re: Newbie Question $2

2014-06-17 Thread Aziz Saleh 
IMO a newbie is someone who read the docs and understood them (at least in
theory) before they attempt to write code, which doesn't seem to be the
case.


On Tue, Jun 17, 2014 at 10:04 AM, Jim Giner jim.gi...@albanyhandball.com
wrote:

 We're all so eager to help out poor Ethan (who many of you know is NOT a
 newbie) but nowhere does Ethan say what difficulty he is having.

 The suggestions made so far are great but what are we solving?


 --
 PHP Database Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] Newbie Question $2

2014-06-16 Thread Aziz Saleh 
On Mon, Jun 16, 2014 at 10:58 PM, Ethan Rosenberg 
erosenb...@hygeiabiomedical.com wrote:

 Dear List -

 I have the following code:

 The input from the form is a 10 digit string [1234567890] which is
 converted to phone number format [123-456-7890]

 $phn = $_POST[phone];
  $phn = (string)$phn;
  $dsh = '-';
  $Phn = $phn[0].$phn[1].$phn[2].$dsh.$phn[3].$phn[4].$phn[5].$dsh.$
 phn[6].$phn[7].$phn[8].$phn[9];
 echo $Phn; // this is folded by Thunderbird.  In the script, it is
 //all on one line

 mysql_real_escape_string($Phn);
 $sql1 ='select Lname, Fname from Customers where Phone = $Phn ';
 echo $sql1; //this always shows $phn as Phn and not as a numerical
 //string.
 $result1 = mysqli_query($cxn, $sql1);

 TIA

 Ethan

 --
 PHP Database Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php


This page should help you:
http://www.php.net//manual/en/language.types.string.php understand the
difference between single and double quotes.

Re: [PHP-DB] PDO Connection problem

2014-01-10 Thread Aziz Saleh 
On Fri, Jan 10, 2014 at 10:13 AM, Jim Giner jim.gi...@albanyhandball.comwrote:

 History:
 I'm trying to help a friend who is hosting his domain with the same
 company that I use.  I've been using this company for several years and
 have used a certain 'connection' script all the time.  Part of it looks
 like this:

 $host=mysql:host=mydomain.com;dbname=$sc_dbname;charset=utf8;
 $uid = uid;
 $pswd = pswd;
 Try
 {
 $mysql = new PDO($host,$uid,$pswd,$db_options);
 }
 .

 So - when I tried to provide this template to my friend (who is new to all
 of this) we went thru days of emails trying to make sure everything was
 setup correctly but could never get a connection using the above code.
  Finally last night, after reviewing how my 'old' mysql interface
 connection worked, I experimented with the above changing my host= from my
 domain name to simply 'localhost'.  Voila - it worked for him.  It also
 worked for my site.

 Here's my question:  What would make by friend's account not work when
 referencing a true domain name in the host= attribute?  I'm assuming that
 our (shared) provider is setting up his many accounts  servers the same
 way, but I could be wrong.  And of course, I don't have a clue about what
 makes any of this work - I simply follow instructions/guidance I get from
 manuals and searches until I get things to work.  That's how I got his
 account to finally work, but I'd love to have an idea why it now does.


 --
 PHP Database Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php


It could be that your MySQL configs -bind-address and skip-networking are
set, so it is not allowing for external connections. My guess (could be
wrong) that using yourdomain.com is the same as making an external call, as
opposed to using localhost (no DNS lookup).