Re: [PHP-DB] how is this line a security risk?
read up on register_globals. It is a security risk because if i do
http://domain.com/file.php?plugins_directory=/directory/
it can reset your variable.
the best way to do that is to make PLUGINS_DIR a constant
define('PLUGINS_DIR', '/directory/');
Joseph Crawford
On Sep 23, 2008, at 12:58 PM, michael wrote:
I get an error stating that this line in my code is a security risk
when I code it.
require_once($PLUGINS_DIRECTORY.forum/forum.php);
here is what the explanation is:
include() or analogous is used with variable argument this can be
dangerous since variables are in many cases controlled by remote
users.
the recommended soloution is to write it this way
define('SCRIPT_PATH',/htdocs);
include ('sSCRIPT_PATH./Foo.inc);
my question is why is the other way safer? im kinda confused..
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Im new to this but...
You did everything perfectly in the email except for show what the error message was. i am assuming your issue is with the line $page = '$_GET[page]'; that should just be $page = $_GET['page']; The way you are doing it (inside single quotes) does not evaluate the array as a variable, rather PHP thinks the entire thing is just a string. when you you do the query $sql = SELECT * FROM page WHERE id=$page; Your query is actually SELECT * FROM page WHERE id=$_GET[page]; Now changing that one line may fix the issue at hand but I will also suggest that you read articles, blog entries, etc about SQL Injection and how to cleanse your data before throwing a user submitted value at your database. Thanks, Joseph Crawford On Sep 2, 2008, at 3:05 PM, Chris Hale wrote: I have: Apache 2.0.59 MySQL 5.0.41 PHP 4.4.7 5.2.5 and this is my program: ?php session_start(); include(includes/functions_main.php); include(Vars.php); ? ?php get_header(); ? ?php get_sidebar(); ? ?php $page = '$_GET[page]'; $cxn = mysqli_connect($host, $user,$passwd, $database) or die (Can't Connect.); $sql = SELECT * FROM page WHERE id=$page; $result = mysqli_query($cxn, $sql); $row = mysqli_fetch_assoc($result); extract ($row); ? div id=column_right div class=content h2?php $title ?/h2 ?php $content ? /div /div ?php get_footer();? But i get an error every time. I have read PHP and MySQL for Dummies to get me started but none of the things in the book seem to work for me. It is very frustrated. I dont know whether it just my lameass host provider that hasn't set the mysql properly. I would appreciate any help. Thanks -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Recommended web developers
The cost factor was why I did not speak up myself. On Jun 24, 2008, at 3:45 PM, Ken Keefe wrote: I'm a little surprised no one else has commented on this, but for a website that complicated, 10k is way too low. I've done work on websites that do almost all of those things separately, but not combined and I can tell you to have a high quality website that does just one of the things you mention will cost you about 10k. This is very much a guess because something like Blogging can be done very simply (cheaply). But it will not have even close to the feature set of the major blogging sites. In fact, I just wrapped up a project that was a simple business directory last month for 5k. Again, that site was *simple* and no where near as flexible as the code you see from yahoo or google. There is a reason those companies pay hundreds of developers 80k a year... Sorry to rain on your parade. Hopefully you just left out a 0 or two... Ken On Tue, Jun 24, 2008 at 10:00 AM, A. Joseph [EMAIL PROTECTED] wrote: Which company in India or USA can you recommend to design a complex website for my company. The site will be a social site, will include, Blog, Articles, Shops, Music, Movie, Directory, Pre-paid card system, Culture and Tourism, downloads, file upload and sharing The site is just like yahoo, but no email service. Advert method will be like Google Ads PHP 5 MySql, Smarty, SOAP Service, Ajax, Javascript, div based, Apache with mod_rewrite Admin Area, Users area, front end Full detail will be available Planned amount is $1 Max -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Naturally, the common people don't want war, but they can always be brought to the bidding of the leaders. Tell them they are being attacked, and denounce the pacifists for lack of patriotism and endangering the country. It works the same in every country. --- Herman Goering, Hitler's Reichsmarschall, At the Nuremberg Trials -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] PHP4 and Constructor
this is why for backwards compatibility with PHP 4 people usually do
this. Note that if you use public/private/protected it probably will
not work on PHP 4
?php
class Foo
{
function __construct($params)
{
$this-Foo($params);
}
function Foo($params)
{
// Actual Constructor
}
}
?
On 10/4/07, Jean Molliné [EMAIL PROTECTED] wrote:
Hi,
In PHP4, the constructor has the same name as the class.
class ClassName {
function ClassName() {
}
}
T K a écrit :
Hi,
I would like to use constructor in PHP4, but how do you make a constructor?
In PHP5, I do like
class ClassName {
function __construct() {
}
}
But PHP4 doesn't have such a thing as __construct()... Reading the
official manual didn't make me understood. Does this mean the very
first `function` in class is always the constructor for the Class?
Tek
--
Joseph Crawford Jr.
Zend Certified Engineer
http://www.josephcrawford.com/
1-315-820-4244
[EMAIL PROTECTED]
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Classes and Includes
include_once('database.php');
--
Joseph Crawford Jr.
Zend Certified Engineer
Codebowl Solutions, Inc.
1-802-671-2021
[EMAIL PROTECTED]
Re: [PHP-DB] Quick question
ini_set('max_execution_time', 9600);
that's how you set the max_execution_time, i would assume the rest follow
the same format.
notice the time is in seconds.
--
Joseph Crawford Jr.
Zend Certified Engineer
Codebowl Solutions, Inc.
1-802-671-2021
[EMAIL PROTECTED]
[PHP-DB] Emails Bouncing
I keep getting the following, can someone from the staff rectify this please Your message To: Subject: Re: [PHP-DB] Restricting What's Retreived Sent: Thu Dec 08 09:56:44 2005 did not reach the following recipient(s): [EMAIL PROTECTED] on Thu Dec 08 09:56:44 2005 The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address. grisu.itxnet.local #5.1.1 Thanks, -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. 1-802-671-2021 [EMAIL PROTECTED]
Re: [PHP-DB] Google Style Search Results
why not use substr? $preview = substr($string, 0, 50) .'...'; it will probably cut off in the middle of a word, but you can use strpos and check to see if the char is a space to get to the point you want. -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. 1-802-671-2021 [EMAIL PROTECTED]
Re: [PHP-DB] getting rows by an ID field or by another field in a table
i would do something like
SELECT id, date, subject FROM journal LIMIT 20
ofcourse this would mean you have to add an id column to your table and i
would make that a primary key and auto_increment,
this way when you do the select you could do something like this
$res = mysql_query(SELECT id, date, subject FROM journal LIMIT 20);
echo 'table';
echo 'trtdSubject/tdtdDate/td/tr';
while($entry=mysql_fetch_array($res)) {
echo 'trtda href=details.php
?id='.$entry['id'].''.$entry['subject'].'/a/tdtd'.$entry['date'].'/td/tr';
}
echo '/table';
--
Joseph Crawford Jr.
Zend Certified Engineer
Codebowl Solutions, Inc.
1-802-671-2021
[EMAIL PROTECTED]
Re: [PHP-DB] Debugging
zend studio client/server work hand in hand and are the best debugging tools i have found ;) install zend studio server on the web server and use the zend studio client locally to debug. -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. 1-802-671-2021 [EMAIL PROTECTED]
Re: [PHP-DB] Suggestions please!
you might want to create a table called perms and have each row contain a
user id and a perm for each
the way i have mine setup is a bit more complex but fully configurable.
Here's how i would set it up
user_permissions
- user_id
- action
- value
user_actions
- id
- title
users
- id
- username
- passwd
then to get the permissions i would use a user object maybe something like
this
class user {
var $_id;
var $_permissions;
function user() {
$this-loadPermissions();
}
function hasPermission($val) {
$perm = $this-getPermission($val);
if(isset($perm) $perm == 1) return true;
else return false
}
function loadPermissions() {
global $db;
$res = $db-Query(SELECT user_permissions.value, user_actions.title value
FROM user_permissions INNER JOIN user_actions ON
user_permissions.action==user_actions.id
$data = $db-fetchAll($res);
return $data
}
}
Understand that this code will not work out of the box and no security
measures were implemented, i did this just to show an example ;)
In my system i have user permissions and group permissions, i load the group
permissions then override with the user permissions.
--
Joseph Crawford Jr.
Zend Certified Engineer
Codebowl Solutions, Inc.
1-802-671-2021
[EMAIL PROTECTED]
Re: [PHP-DB] Searching remote web sites for content
you could probably use curl to grab the source for the page then use a regex to see if your domain is found maybe something like if(preg_match(/www\.domain\.com/is)) // match found else // not found dont quote me on the regex as i am not very good with regex, also you would want a button in the admin area that you push to check and return the results in a nice table. You would not want this check to run with every page load as curl could be time consuming depending on the speed of the site you are checking. -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. 1-802-671-2021 [EMAIL PROTECTED]
Re: [PHP-DB] Re: Subject: Searching remote web sites for content
why do all that, if you know the address of the page that the link will reside on just curl that page for the results and preg_match that. -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. 1-802-671-2021 [EMAIL PROTECTED]
Re: [PHP-DB] URL Forwarding in PHP...
header(Location: http://www.php.net/;); note that this cannot be set once any output has been sent to the browser. atleast not without using output buffering. -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. 1-802-671-2021 [EMAIL PROTECTED]
[PHP-DB] Fwd: Code Optimization Help
Hello Everyone,
I have some code that is using COM to interact with MS Word to create a mail
merge based on my mysql database, however it is running dreadfully slow
13.53846 seconds to be exact. This is only running on 34 records, i could
imagine running this on a few hundred records not to mention thousand. Is
COM usually this slow? These load times i believe to be accurate as they
come from zend studio's profiler.
You can see screenshots of the profile @
http://codebowl.dontexist.net/bugs/MailMerge/ Below you will see my code,
anything you guys see that i could do to speed this up quite a bit i would
appreciate it. It seems the naughty methods are CreateHeader,
CreateDataSource, CreateDocument.
CODE
=
?php
class MailMerge {
private $mm_data_dir;
private $obj;
private $fieldcnt;
private $rowcnt;
private $letter_template;
private $envelope_template;
public function __construct($list = null, $letter = 'Has_Site', $envelope =
'Envelope', $data_dir = 'data/mailmerge') {
if(!is_array($list)) throw new Exception('Cannot Create A Mail Merge With An
Empty List.');
$this-mm_data_dir = 'F:/htdocs/csaf/'.$data_dir;
$this-list = $list;
$this-letter_template = $letter;
$this-envelope_template = $envelope;
$this-initilize();
$this-CreateHeaderFile();
$this-CreateDataSource();
$this-CreateDocument($this-letter_template);
$this-CreateDocument($this-envelope_template);
}
public function __destruct() {
unlink($this-mm_data_dir.'/ds.doc');
unlink($this-mm_data_dir.'/header.doc');
}
private function initilize() {
$this-rowcnt = count($this-list);
$this-fieldcnt = count($this-list[0]);
}
private function Close() {
$this-obj-Documents-Close();
}
private function Quit() {
$this-obj-Quit();
}
private function Release() {
$this-obj = NULL;
}
private function CreateHeaderFile() {
$this-obj = new COM(word.application) or die('Couldnt load Word!');
if(!is_object($this-obj)) throw new Exception('Unable to instanciate
Word!');
$this-obj-Documents-Add();
$this-obj-ActiveDocument-Tables-Add($this-obj-Selection-Range,1,$this-fieldcnt);
for($i = 0; $i = $this-rowcnt; $i++) {
foreach($this-list[$i] as $key = $value) {
$this-obj-Selection-TypeText($key);
$this-obj-Selection-MoveRight();
}
}
$this-obj-ActiveDocument-SaveAs($this-mm_data_dir.'/header.doc');
$this-Close();
$this-Quit();
$this-Release();
}
private function CreateDataSource() {
$this-obj = new COM(word.application);
if(!is_object($this-obj)) throw new Exception('Unable to instanciate
Word!');
$this-obj-Documents-Add();
$this-obj-ActiveDocument-Tables-Add($this-obj-Selection-Range,$this-rowcnt,$this-fieldcnt);
for($i = 0; $i = $this-rowcnt; $i++) {
foreach($this-list[$i] as $key = $value) {
$this-obj-Selection-TypeText($value);
$this-obj-Selection-MoveRight();
}
}
$this-obj-ActiveDocument-SaveAs($this-mm_data_dir.'/ds.doc');
$this-Close();
$this-Quit();
$this-Release();
}
private function CreateDocument($template) {
$this-obj = new COM(word.application);
if(!is_object($this-obj)) throw new Exception('Unable to instanciate
Word!');
$this-obj-Documents-Open($this-mm_data_dir.'/'.$template.'.dot');
$this-obj-ActiveDocument-MailMerge-OpenHeaderSource($this-mm_data_dir.'/header.doc');
$this-obj-ActiveDocument-MailMerge-OpenDataSource($this-mm_data_dir.'/ds.doc');
$this-obj-ActiveDocument-MailMerge-Execute();
$this-obj-ActiveDocument-SaveAs($this-mm_data_dir.'/'.$template.'.doc');
$this-Close();
$this-Quit();
$this-Release();
}
}
? [EMAIL PROTECTED]
--
Joseph Crawford Jr.
Codebowl Solutions, Inc.
1-802-671-2021
[EMAIL PROTECTED]
Re: [PHP-DB] Delivery reports about your e-mail
i am getting those too, seems i talked to gmail and users are spoofing other gmail accounts ;( not sure how we stop this or if we even can. -- Joseph Crawford Jr. Codebowl Solutions, Inc. 1-802-671-2021 [EMAIL PROTECTED]
Re: [PHP-DB] registration form with activation code sent to user
i dont think a capcha is what they are looking for, rather a way to create a md5 or something that they can email a link to users to a page such as confirm.php?validate=MD5-HERE so that they can validate thier email. Steps to do this 1.) Create the string maybe an MD5 based on the email they choose or something like that 2.) Store that string to the database somewhere 3.) Email the mail to the address specified with the url to the confirm page 3.) The user will check thier email and click the link to your confirm page, this will confirm that they did in fact check thier email. 4.) Mark the user as confirmed. -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED]
Re: [PHP-DB] registration form with activation code sent to user
#2 Well when the user registers there will have to be a database table for members i assume, why not make a column confirmation or something and store this string there? #3 Check into the mail() function, this will allow you to send custom headers etc.. You just create the body of the message something like this $body = 'Thank you for registering with usbr'; $body .= 'You must now confirm your email address by clicking herehttp://yourdomain.com/[EMAIL PROTECTED]code=sdjfhasf80g7ad9fgfg the actual url for the clicking here link you need to create maybe something like a href= yourdomain.com/[EMAIL PROTECTED]code=sdjfhasf80g7ad9fgfghttp://yourdomain.com/[EMAIL PROTECTED]code=sdjfhasf80g7ad9fgfgclicking here/a then you use the mail() function to send the mail to the users email address... on the confirm.php page you should grabe the code and email using $_GET['code'] and $_GET['email'] then check the database for the users email and make sure the code matches the one in the database. If it does mark them as confirmed and let them proceed, if not well do nothing. -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED]
Re: [PHP-DB] Limiting Results
You could always try the LIMIT keyword :) select a.college, a.state, a.cd http://a.cd/, b.rep from a, b where a.state = al and a.cd http://a.cd/ = 3 or a.state = az and a.cd http://a.cd/ = 1 and a.state = b.state and a.cd http://a.cd/ = b.cd http://b.cd/ LIMIT 50 -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED]
Re: [PHP-DB] addslashes + stripslashes + mysql question
you might want to check to see if magic quotes GPC is turned on, if it is then you are adding slashes twice. You can either turn it off or do not use addslashes ;) -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED]
Re: [PHP-DB] Getting information on ICQ
i am sorry but what does this have to do with PHP? -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED]
Re: [PHP-DB] Test
recieved On Mon, 21 Mar 2005 12:50:46 +0100, Juffermans, Jos [EMAIL PROTECTED] wrote: Sorry to use this, but I don't know if my messages are arriving... Can someone (only 1 please) reply that my message was received? Jos -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] How to programmatically finding freetds.conf location?
you could execute the exec command in php and run a locate freetds.conf or whereis freetds.conf or find freetds.conf, i believe whereis only locates binary files not sure though. read up on exec here http://us2.php.net/manual/en/function.exec.php -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] most popular places
the only way i can think of off the top of my head would not be
intense as you would have to do a foreach for each of the cities such
as
$qry = select * from table
$total = mysql_num_rows( $qry );
foreach( $cities as $city ) {
// do db query such as
// $qry = mysql_query(SELECT id FROM table where members=$city OR
pictures=$city OR reports=$city);
//$cities[$city] = $total / mysql_num_rows($qry);
with something like this you would get an array, you could then sort
the array based on highest to lowest value, you could then display the
cities which are used the most, if you really want to get into the
details you could do seperate queries for the members, pictures,
reports and store them as such
$citites[$city]['members'] etc...
--
Joseph Crawford Jr.
Codebowl Solutions
[EMAIL PROTECTED]
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql - image storing
Jason, can you explain why stripslashes should not be used on data taken from the db? when you store data in the db i thought it was good practice to addslashes, when you retrieve from the db, you will need to use stripslashes to remove the extra \ -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Getting total results
actually, i was not doing anything with it because it was just the class. The way i use it is that i would store the object in a session variable for use accross pages :D -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Site optimization
i was wondering this as well :D are there any tools out there to simulate high traffic on your web server say where you specify how many users hit the site at one time and the tool actually hits your server that many times? -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Getting total results
this is a good method, however i created a paging class in php 5 and i believe i still have it here locally in php 4 i will get the link soon :D -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Getting total results
http://www.weberdev.com/get_example-4005.html that is the url to the PHP 5 object i created, it was created to show the use of the singleton pattern. This means you can only use this class to have one pager per page. i can edit the code if you do not know how to make it so you can have more than one per page. the php 4 version i will need to zip up locally here and will post it @ http://codebowl.dontexist.org/pager_php4.zip -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Getting total results
php 4 version is posted, let me know if you like it or not. Please keep in mind it is a very basic class, you could extend this in many ways, especially to make the nav bar do something like 1 2 3 4 25 26 27 28 -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] to many addresses
one thought might be to check thier data for Str, St etc... and have it automatically replace with Street. Another would be to reload the page and give them suggestions on what to use, if they do Rd, have a drop down with Road, Street, Avenue etc.. so they can choose the correct one. -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: sessions
correct me if i am wrong but i have been told it is bad and insecure to use register_global=on i have seen many comercial scripts that rely on this and it just makes me laugh On Sat, 11 Dec 2004 16:48:05 +0800, Shen Kong [EMAIL PROTECTED] wrote: Hi, if your register_global = on you can do it like you do, if register_global = off, use it like this: session_start(); session_register(session_username); //or $_SESSION[session_username] = null; session_register(session_level); // or $_SESSION[session_level] = null; $_SESSION['session_username'] = $username; $_SESSION['session_level'] = $account_level; echo $_SESSION['session_username']; Warren Mason : I am attempting to get information from a mysql database and then use this in a session. Is there a trick to using sessions? For example, can something like below be placed anywhere in a script? (I have the session_start(); at the very top of my page.) session_register( session_username ); session_register( session_level ); $session_username = $username; $session_level = $account_level; The resulting session is session_username|N;session_level|i:0; $username is set to warren and $account_level is set to 255. Any help would be greatly appreciated as I have gone through about 5 books and searched the net and can't find an answer as to why this isn't working. - This message is intended for the addressee named and may contain confidential information. If you are not the intended recipient, please delete it and notify the sender. Views expressed in this message are those of the individual sender and are not necessarily the views of the Mid Western Area Health Service. - gwavasig -- -- ShenKong (shenkong(at)php.net) -- http://www.openphp.cn -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] For a GMail account contact me OFF-LIST -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Fwd: [PHP-DB] Data from a pull down menu
-- Forwarded message -- From: Joseph Crawford [EMAIL PROTECTED] Date: Fri, 10 Dec 2004 16:00:33 -0500 Subject: Re: [PHP-DB] Data from a pull down menu To: [EMAIL PROTECTED] well are you looking for an automatic page refresh when a name is selected? If so you need to look into javascript for some help. If you have a go button or something like that what i would do is make the drop down use the person's id and name such as select name=person option value=3Joe Crawford/option /select when the form is posted the value of $_POST['person'] will be 3, i would use that to query the database and display any intormation that i needed displayed. -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] For a GMail account contact me OFF-LIST -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] php v jsp
Depending on how you code, PHP can easilly be reused. if you program procedurally it is much more difficult to reuse code however it can be done through the use of including files. If you go for the object oriented approach, php is easy to expand and reuse the code. OO is also a cleaner more organized way to use PHP when working in a team environment. -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] For a GMail account contact me OFF-LIST -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Optimize Query Output
the display really has nothing to do with SQL but rather your php output format. you would use php to display the data however you want it formatted. -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] For a GMail account contact me OFF-LIST -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: [users@httpd] November 2, 2004
Do we care? Realy? Unlikely. Maybe you should send your 'useful' info on a national mailinglist only. i am sorry but i do care, if you do not care about voting you dont care if the war comes to the US. -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] For a GMail account contact me OFF-LIST -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Session Objects, Dynamic Parameters
Guys can anyone explain why this is returning odd results?
function getObject($class, $params=NULL) {
if (!is_array($_SESSION['objects'])) {
$_SESSION['objects'] = array();
}
if (!isset($_SESSION['objects'][$class])) {
if (is_array($params)) {
// this is what is erroring
$args = implode(, , array_map(paramType, $params));
echo $class.'('.$args.')';
$_SESSION['objects'][$class] = new $class($args);
} elseif($params != NULL) {
$_SESSION['objects'][$class] = new $class(paramType($params));
} else {
$_SESSION['objects'][$class] = new $class;
}
}
return $_SESSION['objects'][$class];
}
function paramType($var) {
if (is_string($var)) {
return '.$var.';
} else {
return $var;
}
}
when i call this
$dbParams = array(
'server' = 'localhost',
'database' = 'ipro2',
'username' = 'root',
'password' = '**'
);
$db = getObject('Mysql', $dbParams);
$db-connect();
it seems to take this, (which is the actual call in the getObject function
Mysql('localhost', 'database', 'user', '**')
it seems that
'localhost', 'database', 'user', '**'
is being taken as one parameter, i am guessing because the getObject
function creates it as one string, my question is how can i get this
to think it is different arguments, i keep getting errors like this
mysql error: Unknown MySQL Server Host ''localhost', 'database',
'user', '**'' (-1)
--
Joseph Crawford Jr.
Codebowl Solutions
[EMAIL PROTECTED]
802-558-5247
For a GMail account
contact me OFF-LIST
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Capturing a sql query
Not so much that it is bad but you might be storing data you dont need to, all you really need to store are the keywords the person has searched for. -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] 802-558-5247 For a GMail account contact me OFF-LIST -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Capturing a sql query
why do you need more than a varchar? the persons keywords shouldnt be that much text for each agent maybe PHP+Programming+Vermont -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] 802-558-5247 For a GMail account contact me OFF-LIST -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] which DB to use?
i am not a fan of microsoft go with mysql :) -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] 802-558-5247 For a GMail account contact me OFF-LIST -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] String handling
$string = '10001';
if((int)$string) 1) { echo 'Yep it is'; }
--
Joseph Crawford Jr.
Codebowl Solutions
[EMAIL PROTECTED]
802-558-5247
For a GMail account
contact me OFF-LIST
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Capturing a sql query
Stuart, in this case what i would do is store the keywords, when they are on the site they can click thier saved searches and it will basically do an auto search with the saved keywords. For the email way i think they probably save the keywords as well but are using a cron job to fetch the results and form the email. Let me take a look at one of these sites to see what exactly you want and can give a better explanation. -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] 802-558-5247 For a GMail account contact me OFF-LIST -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] I have a query
I have database called asset
in which 5 table are present namely asset1,asset2,asset3,asset4,asset5...
all the tables have the same schema structure and common field names ,equal no of
columns(but not the equal number of rows)
why on earth would you do this?
rather i would create a database named site or something and a table
called asset_groups, here i would have
id (int 11 auto_increment primary_key)
title (varchar 50)
this is where i would store Asset1, Asset2 etc...
i would then have a table called assets and have that be sturectured like so
id (int 11 auto_increment primary_key)
asset (int 11) (ID of the asset_group)
whatever else you want for column names.
$result = mysql_query(SELECT id, title FROM asset_groups as ag INNER
JOIN assets a ON ag.id=a.asset WHERE a.asset_loc='heaven');
while($data=mysql_fetch_array($result)) {
// returned a row, display it or whatever
}
$result = null;
$data = null;
this would return a row containing everything you want and would allow
you to loop through the rows so you can display them or whatever
--
Joseph Crawford Jr.
Codebowl Solutions
[EMAIL PROTECTED]
802-558-5247
For a GMail account
contact me OFF-LIST
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Capturing a sql query
they are doing exactly what i thought on monster.com here is an example url to save an agent http://my.monster.com/modifyagents.asp?bq=programming+PHP+MySQL/bcn=lid=fn=554sort=rvvw=bcy=USbrd=1%2C1862%2C1863from=jssavesearch=on the bold part above are the keywords searched for it will basically save these into a database record and use a cron job to pull the latest matches and send the emails. also it just uses those keywords when you use that agent on thier site. -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] 802-558-5247 For a GMail account contact me OFF-LIST -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Question on Registration Method
that is done when they click the link in thier email if they are sent to domain.com/page.php?code=X4rfkj490T the code in page.php will $_GET['code'] and compare it to the one in the database, if they match, flip the switch if not show an error. On Sun, 26 Sep 2004 06:35:59 -0700 (PDT), Stuart Felenstein [EMAIL PROTECTED] wrote: K...I've added the 2 columns, my names - activate and activate_hash. Upon registration, the activate_hash has a generated string inserted. activate column is default to 0. I can compare it to the database - but not sure how to flip the switch on the activate column 0-1 Is that done through an update mechanism ? Stuart --- Joseph Crawford [EMAIL PROTECTED] wrote: what i did is i used php to create a random string of numbers and letters about 15 chars long, then i store this in the db, and in the email i make the link page.php?code=RandomStringHere, then on the page.php i get the code and compare it to the ont in the database. If they match activate the user otherwise show an error. On Sun, 26 Sep 2004 05:54:14 -0700 (PDT), Stuart Felenstein [EMAIL PROTECTED] wrote: Ok , I think this is along the lines of what I've started. I added a column called active with a default to 0. It's a tiny int since I'm think 0=fales, 1=true. So can you explain a tad more about this hash stuff ? Is that specific to a sql field or just a name you've chose ? I'm not sure what you mean in your last statement about the hash passing over to the activate column ? Stuart --- M Saleh EG [EMAIL PROTECTED] wrote: I'd do it this way... I'd add two column in the users table. 1- activated, 2- activation-hash once the registeration form is ubmited.. a-the username and user info will be saved in the users table. b-an encrypted hash would be made n saved in activation-hash column and sent along with the registeration info (username pass) in the form of a url (eg. http://domain/activationpage.php?hash=ljk;lkj;lkjl;ksjfasdfa). if the user is activated then the login function works for them if not given a msg saying ur activation hasnt been done yet the activatepage.php should then put 1, or on in the activated colum in the users table on the row that has the hash passed to it. simple enought aint it? On Sun, 26 Sep 2004 05:02:07 -0700 (PDT), Stuart Felenstein [EMAIL PROTECTED] wrote: Currently there are only 2 types of users planned Each has a basic access level. I don't think this is the same as a usergroup though. If I don't have usergroups, but access levels, then perhaps I should set the level to some less then what is required login till activated. Then it sounds like I have the system autogenerate an activation code. Not sure what you mean by : a separate table holding information on how to activate (something along the lines of userid, tousergroup, activationcode). --- Oscar Rylin [EMAIL PROTECTED] wrote: Usergroups. Most likely, you're dealing with an application where you'll want to have different kinds of users (administrators, power users, users). Just make a usergroup for accounts that haven't been activated yet. Also, a separate table holding information on how to activate (something along the lines of userid, tousergroup, activationcode). / rylin -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- M.Saleh.E.G 97150-4779817 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] 802-558-5247 For a GMail account contact me OFF-LIST -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] 802-558-5247 For a GMail account contact me OFF-LIST -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Question on Registration Method
no you dont need a user id or anything, here is some sample code to
give you the idea
$result = mysql_query(SELECT fields FROM table WHERE code=.$_GET['code']);
if(mysql_num_rows($result) 0) {
// we have a match, activate the account
$result1 = mysql_query(UPDATE table SET activated=1 WHERE
code=.$_GET['code']);
// show a page saying they are now activated
} else {
// show an error
}
On Sun, 26 Sep 2004 07:18:54 -0700 (PDT), Stuart Felenstein
[EMAIL PROTECTED] wrote:
Nothing like sharing my pain ;) sorry!
It seems that in order to compare the code to the one
in the database, don't I need the userid or something?
or just that it exists in the database?
Thank you,
Stuart
--- Joseph Crawford [EMAIL PROTECTED] wrote:
what i did is i used php to create a random string
of numbers and
letters about 15 chars long, then i store this in
the db, and in the
email i make the link
page.php?code=RandomStringHere, then on the
page.php i get the code and compare it to the ont in
the database. If
they match activate the user otherwise show an
error.
On Sun, 26 Sep 2004 05:54:14 -0700 (PDT), Stuart
Felenstein
[EMAIL PROTECTED] wrote:
Ok , I think this is along the lines of what I've
started. I added a column called active with a
default to 0. It's a tiny int since I'm think
0=fales, 1=true.
So can you explain a tad more about this hash
stuff ?
Is that specific to a sql field or just a name
you've
chose ? I'm not sure what you mean in your last
statement about the hash passing over to the
activate
column ?
Stuart
--- M Saleh EG [EMAIL PROTECTED] wrote:
I'd do it this way...
I'd add two column in the users table. 1-
activated,
2- activation-hash
once the registeration form is ubmited..
a-the username and user info will be saved in
the
users table.
b-an encrypted hash would be made n saved in
activation-hash column
and sent along with the registeration info
(username
pass) in the
form of a url (eg.
http://domain/activationpage.php?hash=ljk;lkj;lkjl;ksjfasdfa).
if the user is activated then the login function
works for them if not
given a msg saying ur activation hasnt been done
yet
the activatepage.php should then put 1, or on in
the
activated colum
in the users table on the row that has the hash
passed to it.
simple enought aint it?
On Sun, 26 Sep 2004 05:02:07 -0700 (PDT), Stuart
Felenstein
[EMAIL PROTECTED] wrote:
Currently there are only 2 types of users
planned
Each has a basic access level. I don't think
this
is
the same as a usergroup though.
If I don't have usergroups, but access levels,
then
perhaps I should set the level to some less
then
what
is required login till activated.
Then it sounds like I have the system
autogenerate
an
activation code.
Not sure what you mean by :
a separate table holding information on how
to
activate (something
along the lines of userid, tousergroup,
activationcode).
--- Oscar Rylin [EMAIL PROTECTED] wrote:
Usergroups.
Most likely, you're dealing with an
application
where you'll want to have
different kinds of users (administrators,
power
users, users).
Just make a usergroup for accounts that
haven't
been
activated yet.
Also, a separate table holding information
on
how to
activate (something
along the lines of userid, tousergroup,
activationcode).
/ rylin
--
PHP Database Mailing List
(http://www.php.net/)
To unsubscribe, visit:
http://www.php.net/unsub.php
--
M.Saleh.E.G
97150-4779817
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit:
http://www.php.net/unsub.php
--
Joseph Crawford Jr.
Codebowl Solutions
[EMAIL PROTECTED]
802-558-5247
For a GMail account
contact me OFF-LIST
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Joseph Crawford Jr.
Codebowl Solutions
[EMAIL PROTECTED]
802-558-5247
For a GMail account
contact me OFF-LIST
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Question on Registration Method
$_GET['activation_hash] is missing the end ' On Mon, 27 Sep 2004 03:20:22 +0800, Jason Wong [EMAIL PROTECTED] wrote: On Monday 27 September 2004 03:01, Stuart Felenstein wrote: How are they any different? I'm seeing the same thing as your method. These two methods are separate: - Send user a system generated password with which they can login and subsequently change. OR - Send user an activation link which once clicked on would activate them and allow them to choose a password. What is the advantage in sending someone a password AND making them click on a link to activate? -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-db -- /* A countryman between two lawyers is like a fish between two cats. -- Ben Franklin */ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] 802-558-5247 For a GMail account contact me OFF-LIST -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] unsubscribe me
also check john's signiture on how to unsubscribe ;) On Wed, 22 Sep 2004 10:23:52 -0400, John Holmes [EMAIL PROTECTED] wrote: From: CJ Koh [EMAIL PROTECTED] unsubscribe me I'm sorry, but you must phrase your request in the form of a question. ---John Holmes... -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] 802-558-5247 For a GMail account contact me OFF-LIST -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: [nyphp-talk] Socket Errors
yea i got it the servers are now back up and working perfectly ;) anyone know of any private news servers i can get an account on free? i have my ISP one however my app is not going to be hosted on my machine and my ISP limits connections to ones using one of thier IP's so my web host wont be able to connect to the account. -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] 802-558-5247 For a GMail account contact me OFF-LIST -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: [nyphp-talk] Socket Errors
yea i got it the servers are now back up and working perfectly ;) anyone know of any private news servers i can get an account on free? i have my ISP one however my app is not going to be hosted on my machine and my ISP limits connections to ones using one of thier IP's so my web host wont be able to connect to the account. -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] 802-558-5247 For a GMail account contact me OFF-LIST -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: [nyphp-talk] Socket Errors
yea i got it the servers are now back up and working perfectly ;) anyone know of any private news servers i can get an account on free? i have my ISP one however my app is not going to be hosted on my machine and my ISP limits connections to ones using one of thier IP's so my web host wont be able to connect to the account. -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] 802-558-5247 For a GMail account contact me OFF-LIST -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] PHP 5 Error Handling
guys thanks for the responses, i am sure i may be able to parse the
results of $e-getTrace() to get the results i want ;)
On Wed, 15 Sep 2004 09:25:05 -0500, Gary Every
[EMAIL PROTECTED] wrote:
Good question. I've tried the __LINE__ and __FILE__ in my
error-handling, but it does the same thing you're experiencing, getting
the line in the function/method as opposed to the actual error line. The
only way I've gone around it is whenever there may be an exception, such
as a sql statement, etc I assign $line_no = __LINE__ and if an exception
gets thrown, the $line_no is captured, and I can use the info to print
to the logs or the screen or ...
G.
Gary Every
Sr. UNIX Administrator
Ingram Entertainment Inc.
2 Ingram Blvd, La Vergne, TN 37089
Pay It Forward!
-Original Message-
From: Joseph Crawford [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 14, 2004 5:55 AM
To: [PHP-DB] Mailing List
Subject: [PHP-DB] PHP 5 Error Handling
Guys,
i have been working with custom exception classes that extend the
general exception. Here is some code i have
public function command($cmd) {
if($cmd) {
$res = fputs($this-connection, $cmd);
$this-response = fgets($this-connection, 128);
switch($this-getCode()) {
case 500:
throw new CommandException($cmd);
break;
}
}
}
public function selectGroup($group) {
$this-group = $group;
if(substr($this-response,0,3) == 200) {
THIS IS THE LINE THAT THROWS THE ERROR
$this-command(NoSuchCommand\n);
$this-response = fgets($this-connection, 1024);
}
$info = split( , $this-response);
$this-first = $info[2];
$this-last = $info[3];
}
now when the error is thrown and i do $e-getLine(); it shows the line
of the file where the throw statement is. Is there a way to make it
show the actual line number of the line that is the error? the
$this-command(NoSuchCommand\n); line.
--
Joseph Crawford Jr.
Codebowl Solutions
[EMAIL PROTECTED]
802-558-5247
For a GMail account
contact me OFF-LIST
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Joseph Crawford Jr.
Codebowl Solutions
[EMAIL PROTECTED]
802-558-5247
For a GMail account
contact me OFF-LIST
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] PHP 5 Error Handling
Guys,
i have been working with custom exception classes that extend the
general exception. Here is some code i have
public function command($cmd) {
if($cmd) {
$res = fputs($this-connection, $cmd);
$this-response = fgets($this-connection, 128);
switch($this-getCode()) {
case 500:
throw new CommandException($cmd);
break;
}
}
}
public function selectGroup($group) {
$this-group = $group;
if(substr($this-response,0,3) == 200) {
THIS IS THE LINE THAT THROWS THE ERROR
$this-command(NoSuchCommand\n);
$this-response = fgets($this-connection, 1024);
}
$info = split( , $this-response);
$this-first = $info[2];
$this-last = $info[3];
}
now when the error is thrown and i do $e-getLine(); it shows the line
of the file where the throw statement is. Is there a way to make it
show the actual line number of the line that is the error? the
$this-command(NoSuchCommand\n); line.
--
Joseph Crawford Jr.
Codebowl Solutions
[EMAIL PROTECTED]
802-558-5247
For a GMail account
contact me OFF-LIST
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] functions via event handlers
the closest you could come is to make javascript functions call php pages basically redirects that would call the php functions. -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] 802-558-5247 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
