Re: [PHP-DB] database synchronization
Are you running your sites on the same server? If yes use only one database for all of them.
Re: [PHP-DB] SQL or array ?
Only? That aint too big, but now i'm confused what's ur hardware and O.Sspecs? 300 to 500 would be a peice of cake to load. However, it depends on ur system. I would rather use the array than hitting the db for the query. Because the bottom line is that you will receive your data in an array no matter what even if its in the db so doesnt realy matter unless you wanna paginate it. In that case I'd use the db rather to array alone. Wow Hold on. That's a catch 22. If ur loading ur array in the beginning of the execution then just do it on the DB once n just load it the next time. That means the next time you dont have to take a trip to ur file system n then another trip to display the array. And plus if u needed to paginate which of corse ull need to for such a number db helps, however paginating arrays is easy as well. HTH Benchmark it! And find out for yourself. On 4/24/05, Paul Reilly [EMAIL PROTECTED] wrote: explain the phrase big array. I guess everything is relative! We're talking about 300-500 items here. Paul -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- M.Saleh.E.G 97150-4779817
Re: [PHP-DB] CMS Translation Systen: DB Desiging
I'd always preffer to keep language stuff in files instead of DB. A question or a problem u might face later is: How are you going to store the text in the proper Charset in ur tables? I'd do it this way. -A field in DB to keep the current default language -Every module in the app should have it's own language pack -Write a set of routines to read my language files and return the right values. With DB-Method u gotta hit a trip to ur database for every element or every language pack. Try checking phpMyAdmins way of managing language or any other application to get inspired. On Sun, 17 Oct 2004 23:23:03 -0300, bruno b b magalhaes [EMAIL PROTECTED] wrote: Hi everone, I am building a multilingual content management systen, and I am studying the best way to have the content translated, with minimal Database queries and load. So I have: CONTENTS contentId contentCreationDate contentModificationDate translationId contentStatus CATEGORIES categoryId categoryParentId categoryModulePath translationId categoryStatus TRANSLATIONS translationId field01 field02 field03 field04 field05 field06 field07 field08 field09 field10 translationLanguage translationStatus So just run a simple join query: SELECT contents.*,translations.* FROM contents,translations WHERE contents.translationId=translations.translationId AND translations.translationLanguage='en-uk' AND translations.translationStatus = 1 Or with categories: SELECT categories.*,translations.* FROM categories,translations WHERE categories.translationId=translations.translationId AND translations.translationLanguage='en-uk' AND translations.translationStatus = 1 AND categories.categoryModulePath='products' Any better idea to handle that? Regards, Bruno B B Magalhaes -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- M.Saleh.E.G 97150-4779817 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] CMS Translation Systen: DB Desiging
Then use the some variable in ur language files. That is templated
language elements that could hold variable in them.
e.g.
The article {ARTICLE_SUBJECT} was successfuly deleted !
It's dynamic now!
On Mon, 18 Oct 2004 09:10:35 -0200, Bruno B B Magalhães
[EMAIL PROTECTED] wrote:
Hi,
I do have a flat file with all the translations for the interface and
everything, but the problem is de dynamic content that must be
multilingual...
Regards,
Bruno
On Oct 18, 2004, at 5:29 AM, M Saleh EG wrote:
I'd always preffer to keep language stuff in files instead of DB.
A question or a problem u might face later is: How are you going to
store the text in the proper Charset in ur tables?
I'd do it this way.
-A field in DB to keep the current default language
-Every module in the app should have it's own language pack
-Write a set of routines to read my language files and return the
right values.
With DB-Method u gotta hit a trip to ur database for every element or
every language pack.
Try checking phpMyAdmins way of managing language or any other
application to get inspired.
On Sun, 17 Oct 2004 23:23:03 -0300, bruno b b magalhaes
[EMAIL PROTECTED] wrote:
Hi everone,
I am building a multilingual content management systen, and I am
studying the best way
to have the content translated, with minimal Database queries and
load.
So I have:
CONTENTS
contentId
contentCreationDate
contentModificationDate
translationId
contentStatus
CATEGORIES
categoryId
categoryParentId
categoryModulePath
translationId
categoryStatus
TRANSLATIONS
translationId
field01
field02
field03
field04
field05
field06
field07
field08
field09
field10
translationLanguage
translationStatus
So just run a simple join query:
SELECT contents.*,translations.* FROM contents,translations WHERE
contents.translationId=translations.translationId AND
translations.translationLanguage='en-uk' AND
translations.translationStatus = 1
Or with categories:
SELECT categories.*,translations.* FROM categories,translations WHERE
categories.translationId=translations.translationId AND
translations.translationLanguage='en-uk' AND
translations.translationStatus = 1 AND
categories.categoryModulePath='products'
Any better idea to handle that?
Regards,
Bruno B B Magalhaes
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
M.Saleh.E.G
97150-4779817
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
M.Saleh.E.G
97150-4779817
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] refresh the page on back
use the cache disable headers in HTML as well as PHP for the server side headers. pick any of the two methods. 1-HTML caching control: meta http-equiv=pragma content=no-cache / meta http-equiv=cache-control content=no-cache / meta http-equiv=cache-control content=must-revalidate / meta http-equiv=cache-control content=proxy-revalidate / meta http-equiv=expires content=Sat, 06 Dec 2003 1:00:00 GMT / 2-PHP server headers for caching control: // Date in the past header(Expires: Mon, 26 Jul 1997 05:00:00 GMT); // always modified header(Last-Modified: . gmdate(D, d M Y H:i:s) . GMT); // HTTP/1.1 header(Cache-Control: no-store, no-cache, must-revalidate); header(Cache-Control: post-check=0, pre-check=0, false); // HTTP/1.0 header(Pragma: no-cache); On Thu, 14 Oct 2004 12:19:27 +0530, balwantsingh [EMAIL PROTECTED] wrote: first of all excuse me for putting the non related question in this forum. but i am sure someone will help me. i want that whenever users press the browser back button, the page should be refreshed and than displayed. thanks for your help in advance. with best wishes balwant -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- M.Saleh.E.G 97150-4779817 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Arabic characters displayed as garbage !!
The whole thing doesnt have to do anything with the DB. Because what
matters is the client or the gateway character-set ( browser in your
case ) so if ur on windows u're probably posting data through
charset=windows-1256 so if ur using HTML then use this encoding or if
ur using XHTML u could put the charset in the xmlns or html tag.
or as mentioned earlier by sending headers.
Hope that helps.
On Mon, 4 Oct 2004 15:26:09 +0100, Han [EMAIL PROTECTED] wrote:
Sorry, I meant BLOB, not BLOP.
Han.
- Original Message -
From: Han [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; Dre [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, October 04, 2004 3:24 PM
Subject: Re: [PHP-DB] Arabic characters displayed as garbage !!
Hi,
I might be able to help. I've done a website that uses Chinese characters.
I have to store the data in a BLOP mysql field. Then use the correct ISO
for the webpage display.
Try that.
Han
- Original Message -
From: [EMAIL PROTECTED]
To: Dre [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, October 04, 2004 2:36 AM
Subject: Re: [PHP-DB] Arabic characters displayed as garbage !!
By default, MySQL uses the ISO-8859-1 (Latin1) character set. I guess you
need to set this parameter to something suitable for Arabic (if it is
supported by MySQL). I suggest you read The Character Set Used for Data
and Sorting part of MySQL manual. That's all I can help with.
Cheers
yes I did .. and the problem only happens for arabic text stored in
database
[EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Did you set a character encoding on your page to Arabic? (eg.
ISO-8859-6)
Hi,
I'm working on a website that needs to save and display Arabic
characters.
I'm using MySQL database and no matter how I insert the data either
using
phpMyAdmin or inserting it using a script of my own, when I try to
show
(display) the data I previously saved (which contains Arabic
characters),
the output is rubbish and has no relation with the words I saved
the script I'm using for displaying the data is as simple as the
following
one
//===
?php
include(db.php);
$result = mysql_query(select * from mem_applications);
if ($result)
{
while ($row = mysql_fetch_array($result))
{
echo $row['first_name'];
echo br;
echo $row['mid_name'];
echo br;
echo $row['last_name'];
echo br;
}
}
?
//===
Thanks in advance
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
M.Saleh.E.G
97150-4779817
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: String handling
As I understand, you're trying to check if the passed value is an
integer or not and then check it's value right?
Use the TYPECASTING technique.
example:
$var = (int) $var;
In this case you're converting ur $var to integer before processing it.
Typecasting is a very well known technique in any programming language.
The alternative is to check the type of ur $var. That is using
is_int($var) if it holds then compare.
However the best way is to limit the user on the client side to enter
the right datatype like a JS validator to see if the user entered the
right type of info then an slight type checking on the server side
to make ur life easier.
Hope this was useful.
On Mon, 04 Oct 2004 23:35:25 +1000, Ross Honniball
[EMAIL PROTECTED] wrote:
I usually just add zero to a string to force a conversion.
eg. $x = '123'; $int = $x + 0;
You might also want to use the is_numeric() function to validate data first?
At 10:47 AM 3/10/2004, you wrote:
Try using the intval() function
intval('1000'); // will result in 1000
intval('1000ABC'); // will result in 1000
Amit
www.digitalamit.com
Darryl wrote:
Hay,
Is there a way to make a string into an integer?
I have a value coming from a textbox and I want to check if the amount in it
is 1.
Thanks,
Darryl
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
.
. Ross Honniball. JCU Bookshop Cairns, Qld, Australia.
.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
M.Saleh.E.G
97150-4779817
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: Convert plain text to HTML tagged text
I think this should be posted somewhere else. Maybe the php-general list ?! This is no chemistry nor physics ! it's PHP-DB related issues right? no arrays or strings probs. Plz keep the consistancy of our good lists that are valuable for users who are us! On Mon, 4 Oct 2004 12:51:52 -0700, Andrew Kreps [EMAIL PROTECTED] wrote: On Fri, 1 Oct 2004 23:33:46 -0400, GH [EMAIL PROTECTED] wrote: I have a question along this line... is it possible to have PHP do more than one str_replace at the same time? Have a look at the man page, it shows you how to use arrays to accomplish what you're trying to do. http://us2.php.net/str_replace -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- M.Saleh.E.G 97150-4779817 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] which DB to use?
I'd say never be subjective n say i'm not a fan of MS. Choose what works the best for you. Check ur budget... ur time ur method of programming and ur DB knowlede. And ofcorse the size of your project. For website(not web applications) i'd prefer mySQL For webapps I'd preffer MSSQL. For intranet use I'd preffer Oracle. M.Saleh.EG +971 50 4779817 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Capturing a sql query
I'd recommand u to use a serialized variable saved in ur database. As in the an array of keywords saved in an serialized variable once the form is submited to save the query. e.g. $searchQuery = array(); $searchQuery[Keywords]= $_POST[keyword]; $searchQuery[JobCategory]= $_POST[category]; $searchQuery[Pay]=$_POST[pay]; ... ... ... $s_sq=serialize($searchQuery); then save $s_sq into ur DB. now... u should have a page that shows the saved searches right? now by clicking on the saved search u should grab the data saved and query ur database according to the query saved in $s_sq. Simple isnt it? About emailing the search agent results. I'd prefer pluging that into ur mailing-list solutions. I mean try to query every user's searches before sending an email so ull email users proper jobs according to their searches and criterias. Need explanation? Hope that was of a help. On Wed, 29 Sep 2004 15:49:37 -0400, Joseph Crawford [EMAIL PROTECTED] wrote: stuart, the cron job is a schedule yes, you can setup a cron job to run every minute, hour, day, everyday at 3pm whatever... You can have it execute whatever you want, in this case script.php in the script.php file is where you check all agents, create the sql and send the email based on the users email and thier saved agent keywords. -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] 802-558-5247 For a GMail account contact me OFF-LIST -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- M.Saleh.E.G 97150-4779817 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Question on Registration Method
I'd do it this way... I'd add two column in the users table. 1- activated, 2- activation-hash once the registeration form is ubmited.. a-the username and user info will be saved in the users table. b-an encrypted hash would be made n saved in activation-hash column and sent along with the registeration info (username pass) in the form of a url (eg. http://domain/activationpage.php?hash=ljk;lkj;lkjl;ksjfasdfa). if the user is activated then the login function works for them if not given a msg saying ur activation hasnt been done yet the activatepage.php should then put 1, or on in the activated colum in the users table on the row that has the hash passed to it. simple enought aint it? On Sun, 26 Sep 2004 05:02:07 -0700 (PDT), Stuart Felenstein [EMAIL PROTECTED] wrote: Currently there are only 2 types of users planned Each has a basic access level. I don't think this is the same as a usergroup though. If I don't have usergroups, but access levels, then perhaps I should set the level to some less then what is required login till activated. Then it sounds like I have the system autogenerate an activation code. Not sure what you mean by : a separate table holding information on how to activate (something along the lines of userid, tousergroup, activationcode). --- Oscar Rylin [EMAIL PROTECTED] wrote: Usergroups. Most likely, you're dealing with an application where you'll want to have different kinds of users (administrators, power users, users). Just make a usergroup for accounts that haven't been activated yet. Also, a separate table holding information on how to activate (something along the lines of userid, tousergroup, activationcode). / rylin -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- M.Saleh.E.G 97150-4779817 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Question on Registration Method
Stuart... u got the logic now. check ur syntax problems urself... this is the only way ull learn it! a hint... if ur database query is giving u errors... try echoing it before sending it to mysql_query. ull find out the problem yourself then ;) another hint... mysql_query always returns arrays so u can check it with is_array or count() or even with isset functions before getting it in use. Having some error preventing mechanisms are always good. On Sun, 26 Sep 2004 11:40:17 -0700 (PDT), Stuart Felenstein [EMAIL PROTECTED] wrote: Unknown column 'a338265f' in 'where clause' is the latest problem (and should be the last). I had this same error earlier while just doing a straight sql to the database. I corrected it then by putting apostrophes around the column name. That didn't help here , not quotes , maybe double apostrophes? $_GET['activate_hash]) This is where it's not picking the string correctly. Stuart -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- M.Saleh.E.G 97150-4779817 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql to postgres migration blues...
define the connection object as a global var in ur function
function ( params)
{
global $ur_connection_obj;
...
...
}
On Thu, 23 Sep 2004 14:56:10 -0300, Eduardo Sampaio [EMAIL PROTECTED] wrote:
Its because the function cannot access your connection object...
Try passing it to the function..
function makelistboxentries($link, $title, $mytable, $mycolumn, $othertable,
$wherestring)
On Thu, 23 Sep 2004 19:44:51 +0200, Antoine [EMAIL PROTECTED] wrote:
Hi,
I am trying to get skilled up on postgres and decided to port a little
movie database I wrote for mysql with php to access it.
I used an auto converter for the bulk and then tried to tweak. The
following code does not work but the error message it gives me is
strange. It tells me that the connection string used on line 82 (where
it calls pg_query in makelistboxentries) is invalid... but the same
string/connection works just great in another script... any pointers
appreciated.
Cheers
Antoine
?php
/* Connect to database */
$link = pg_connect(dbname=movies host=localhost user=anton
password=password)
or die(Could not connect : . pg_result_error($link));
print TII
div id=mybody
Search by:
BR
TABLE border=1 cellpadding=10 cellspacing=10TR
TD align=center
ID:
form name=input action=searchout.php method=post
input type=text name=mychoice
input type=hidden name = wherestring value= t1.ID =
input type=hidden name = othertable value=movies
input type=submit value=Submit
/form
/TD
TD align=center
Name:
form name=input action=searchname.php method=post
input type=text name=mychoice
input type=submit value=Submit
/form
/TD/TR
/TABLEBR
TABLE border=1 cellpadding=10 cellspacing=10TR
TII;
makelistboxentries(Audio Language, lang, lang, audio ,
t2.movie = t1.ID and t2.lang = );
makelistboxentries(Subtitle Language, lang, lang, subtitles ,
t2.movie = t1.ID and t2.lang = );
makelistboxentries(Genre, Genre, Genre, moviegenre ,
t2.movie = t1.ID and t2.genre = );
print TINI
/TD
/TR/TABLE
brbr
PShow All:/P
form name=input action=allout.php
method=post
input type=submit value=Submit
/form
/div
div id=mymenu
PA href=index.phpH3Back to main page/H3/A/P
PA href=movie.phpAdd a movie/A/P
Pa href=audio.phpAdd a movie's audio languages/a/P
Pa href=subtitles.phpAdd a movie's subtitle languages/a/P
Pa href=searchin.phpSearch the movies/a/P
/div
TINI;
/* Close connection */
pg_close($link);
function makelistboxentries($title, $mytable, $mycolumn, $othertable,
$wherestring)
{
print TD align=\center\;
print $title:;
/* Perform SQL query */
$query = SELECT $mycolumn FROM $mytable;
$result = pg_query($link,$query)
or die(Query failed : . pg_result_error($link));
print form name=\input\ action=\searchout.php\ method=\post\;
print SELECT NAME=\mychoice\;
print option value=\zz\ SELECTEDSelect $title/option;
while ($line = pg_fetch_array($result,$result_countt++,PGSQL_ASSOC)) {
foreach ($line as $col_value) {
print (OPTION VALUE=\.$col_value.\);
print $col_value;
print (/OPTION);
}
}
print /select;
print input type=hidden name = wherestring value=\$wherestring\;
print input type=hidden name = othertable value=$othertable;
print input type=\submit\ value=\Submit\;
print /form;
pg_free_result($result);
}
?
--
G System, The Evolving GUniverse - http://www.g-system.at
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
M.Saleh.E.G
97150-4779817
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Passing URL parameters, how to hide
I agree with John Holmes. It's all the matter of obfuscating in this case. The real deal structure is to have a set of permission checking! This is where ACL comes into play. But I asume ur app is not that of a big one for u to make a set of permissions based actions and gui's. So staticaly just check if the user is the same user or have access to a certain record. Again as John Holmes mentioned, Hiding or encrypting ur data is just a way of making it tough to break in. But the points I mentioned earlier about checking and securing ur code before hitting a trip to ur DB. Checking ur datatypes... n integrity... will save u time instead of thinking how to hide it, think of how to secure it even if it's open! so ACL comes into play. That's my opinion. On Tue, 21 Sep 2004 09:27:26 -0400, Bastien Koert [EMAIL PROTECTED] wrote: Hi Guys Just to jump in here. I really need to disagree with any method of hiding the 'record id' How is hiding the record ID in the hidden input any safer than in the URL...simple answer: it isn't...it will prevent the unsophisticated user from changing the value, but its not even challenge to a seasoned user. Same goes for cookies. To be entirely honest, there is no real reason not to use the url to pass data, IF the data is not sensitive. For sensitive data, sessions are the best thing to use. HIdden fields are good only to keep the users from accidently changing the id to something. This doesn't negate the need to validate the incoming data, ALL incoming data needs to be validated and exceptions need to be handled. So if the user changes the id number to something else, then a message should appear saying 'no record found' A better approach to securing sensitive data is to use the database and to develop a system whereby usiers can only access their own limited data. There is a little more data involved here (like storing a user_id with the row) This user_id can then be associated with users record (profile) and that profile could be used to determine whether the user can view/edit/access the particular record. The user's profile is stored in a session (or it could be validated every time there is db interaction) and those values determine exactly which records the user can do anything with. You can build profiles that could llimit the access to data belonging to a particular group of users, a particular region of the country or to a single location, depending on the structure of the compnay and the desired goals of the system. Designing this is tricky and its a lot of work, but when complete, its portable (you can use the framework in many applications) and its secure. Basically you build an admin area, whereby some trusted users have admin privileges and assign those to various users. The permissions themselves are simply yes/no fields, assigned with checkboxes or radio buttons. Bastien Koert From: M Saleh EG [EMAIL PROTECTED] Reply-To: M Saleh EG [EMAIL PROTECTED] To: Stuart Felenstein [EMAIL PROTECTED] CC: Jasper Howard [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [PHP-DB] Passing URL parameters, how to hide Date: Tue, 21 Sep 2004 15:19:32 +0400 1-So I'm going to ask, how does PHP stop a URL from being changed ? Are there specific functions that block that type of activity ? I said : I personaly dont recommand using url parameters for passing record ids, i'd rather use hidden inputs, sessions, or even cookies but never URI querystrings for record ids. 2-Stuart Felenstein askes : Can you explain a bit further how an hidden input might work ? I'll answer ur first question here. The addresses on the browsers are in control of the users. you cant control that. wat's on the client side is only controlled by the client which is the browser. So u cant stop changing the address,( the work around is using a popup that wouldnt show the address but still a person with abit of knowledge would figure out openning a new window hisself n entering the address so it aint practical). Instead you can validate the ID that is comming from the URI. How's that? alright, Your check the ID weather with encryption or not if it matches with the ID of the user logged in show the form if not that's it show the error page. Ur 2nd question.. Okay .. how would u use the hidden inputs? with hidden inputs.. I mean the form hidden elements (input type=hidden name=id value=recordID /) so instead of having hyperlinks pointing to the form page use a form with submit btns that post the hidden id to the page that shows the user forms. That is by fetching the recordID by post. Hope it's useful. On Tue, 21 Sep 2004 01:20:42 -0700 (PDT), Stuart Felenstein [EMAIL PROTECTED] wrote: See my response interspersed: --- M Saleh EG [EMAIL PROTECTED] wrote: You should always avoid passing Record IDs through URL parameters. Use form Hidden fields instead! I agree. Even
Re: [PHP-DB] Re: Finding the value of the COMMENT in a table column
hmm... u better check n hack phpmyadmin... u might get somethin out there... On Mon, 20 Sep 2004 13:02:55 +0930, David Robley [EMAIL PROTECTED] wrote: On Sun, 19 Sep 2004 21:19, Ross Honniball wrote: Hi all, Anyone know how to access the optional COMMENT you can add to columns during table creation? eg. create table x (fldx char(1) COMMENT 'some comment', fldy char (1) COMMENT 'another comment') I want to 'get' the COMMENT field. I know it should be in the manual, but I can't find it. Thanks ... Ross . . Ross Honniball. JCU Bookshop Cairns, Qld, Australia. SHOW TABLE STATUS LIKE 'pattern' or SHOW CREATE TABLE tablename will return the table comment, along with other info - you'll have to parse it out of the returned data. If there is a better way, I haven't found it yet :-0 Not sure how this will work with column comments. Cheers -- David Robley May I introduce the family Stone? Tom asked slyly. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: Finding the value of the COMMENT in a table column
Or maybe with Describe Table ? On Mon, 20 Sep 2004 10:51:30 -0700, Jasper Howard [EMAIL PROTECTED] wrote: don't you get that with the DEFINE `table` query? -- -- Jasper Howard :: Database Administration ApexEleven Web Design 1.530.559.0107 http://www.ApexEleven.com/ -- Ross Honniball [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi all, Anyone know how to access the optional COMMENT you can add to columns during table creation? eg. create table x (fldx char(1) COMMENT 'some comment', fldy char (1) COMMENT 'another comment') I want to 'get' the COMMENT field. I know it should be in the manual, but I can't find it. Thanks ... Ross . . Ross Honniball. JCU Bookshop Cairns, Qld, Australia. . -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Passing URL parameters, how to hide
You should always avoid passing Record IDs through URL parameters. Use form Hidden fields instead! In your case, when ur selecting the users form data from the record check if it's the same user if not then if he tries to change the ID from the URI Parameter just block it. Or u better MD5 every logged in user's record ID and hold it in ur sessions then check against it and show the proper form or just show an error page or a page saying Access Denied! . I personaly dont recommand using url parameters for passing record ids, i'd rather use hidden inputs, sessions, or even cookies but never URI querystrings for record ids. Better use of URI querystrings would be for logic, section, category, decision, options rather than important data such as ur table primary keys! Hope this is useful. On Mon, 20 Sep 2004 15:32:07 -0700, Jasper Howard [EMAIL PROTECTED] wrote: When I created a business management script for the business I work for, it was important that ids in url's were encrypted. What I did was create a code for each item that needed one. My encryption table fields looked something like: enc_id, encryption, table, id where enc_id was the unique identifier in this table, encryption was the 14 character code, table was the table that the encrypted data was stored in, and id was the id of the encrypted data. That was you can pass the 14 digit code in the html, then when you need to use it in a php script you can just make a function that returns the data from the database from the encryption code. For extra security (since someone could just remember the encryption code) I added a cron job script that changed the encryptions every midnight. If anyone thinks something like this would work for them, some thing to remember is that you need to make sure that when you add an item to the encryption table in the db that each code is unique. -- -- Jasper Howard :: Database Administration ApexEleven Web Design 1.530.559.0107 http://www.ApexEleven.com/ -- Stuart Felenstein [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm restarting this post. I thought I was out of the woods, but not. Here situation, in most of my update forms which involve 1 record, passing a session variable , usually the users ID is enough. No URL param passing. Not so in two update forms I have where there are multiple records for each user. If I pass a session variable it only brings up the first record. So unless I am missing something, I must pass the record ID via a URL parameter. That works just great, but the problems lies in the fact, that all anyone would need to do is change recordID=1 to recordID=2 and they can see someone elses record, which is supposed to confidential. Now I've looked at sights like Monster, Amazon, Ebay, and tried changing the recordID in the URL area, but it either ignores my change or kicked back an invalid ID. This is even if I remove the other ID's from the line. So, I'm sure this has been dealt with more, I don't have the foggiest clue yet though how I can implement something that either hides, or prevents a user from going through records in the database by changing the id number. Appreciate any suggestions or ideas. Thank you, Stuart --- Stuart Felenstein [EMAIL PROTECTED] wrote: Turned out hiding the id wasn't necessary as the awaiting update page can grab the session ID. I wasn't thinking. Sorry Stuart --- John Holmes [EMAIL PROTECTED] wrote: Stuart Felenstein wrote: I'm still confused over one aspect of URL parameters. As far as a form passing data back to the server, I understand about get, post and replace. Here is my problem. I have an update form. User is logged in to the system and needs to update whatever information. Right now I'm including in the link the user's ID, so when they arrive at the update page, their record will be displayed. The problem is all one has to do is change the ID number in the URL parameter in the update page and you can go to someone else's record. How do programmers generally get around this ? I must be missing something. How do you identify the user once they are logged in? There should be some way to relate the logged in user to valid records they can see. Then, if they request an invalid record, you can show them an error page. Hiding the ID isn't going to fix anything. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals - www.phparch.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit:
[PHP-DB] How do u preffer ur Javascript in PHP?
Is it better if u have ur javascript alone (for example a good JS framework to make anykind of UI elements u need?) or would u preffer having a good set of PHP classes that generates those UI elements for u from PHP w/o even touching JS or even knowing it? to be clear, Would u write this script type=text/javascriptalert(I preffer pure JS);/script or would u write JS::Alert(I preffer using PHP code); Which one would u prefer? or which method do u use? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Database VS Datastructure
Do u prefer data structures in your scripts? as in Trees, Queues, Stacks Do u like arrays? or like classes? Once u get ur data from ur DB would u store it in a Tree for example or would u just take more trips to the database instead? Datascructures make DB so it cant be against it right? Datastructures are live, runtime in ur script while Database is somewhere else that u fetch or play with. So more hits to DB or one hit n playing with ur Trees, Stacks? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Passing URL parameters, how to hide
BTW u might expose n get ur database hacked if u dont do some sort of validation while using the ID from the URI parameter example: http://domain/?show=recordsid=4 if someone changes id to 4;use mysql; update user set password=md5(hello) where user='root'; imagine wat would happen??? ur mySQL root password is changed u should always avoid or protect urself one way is to keep -- after ur db queries because MySQL takes -- as comment so it will remark the rest of the queries. 1-always check for the datatype as well use the === instead of == to check if the data type holds or now when ur comparing or use is_int, is_string,n the rest 2-always check if the parameter ur getting is of the same type u have in ur database 3-Try to convert or trancate the datatype to the one u need check against in ur DB for example: $recordID=is_int($_GET['id'])?$_GET['id']:-1; 4-Never expose ur column names, fieled names, or table names!! Never 5-Always protect ur DB queries by ur own error-handling and never show DB errors on ur pages... it exposes alot of data about ur database! I think ur problem is that u started coding before thinking of a logic n drawing ur algorithm... while it's simple, lack of these plannings makes ur work harder. On Tue, 21 Sep 2004 05:29:30 +0400, M Saleh EG [EMAIL PROTECTED] wrote: You should always avoid passing Record IDs through URL parameters. Use form Hidden fields instead! In your case, when ur selecting the users form data from the record check if it's the same user if not then if he tries to change the ID from the URI Parameter just block it. Or u better MD5 every logged in user's record ID and hold it in ur sessions then check against it and show the proper form or just show an error page or a page saying Access Denied! . I personaly dont recommand using url parameters for passing record ids, i'd rather use hidden inputs, sessions, or even cookies but never URI querystrings for record ids. Better use of URI querystrings would be for logic, section, category, decision, options rather than important data such as ur table primary keys! Hope this is useful. On Mon, 20 Sep 2004 15:32:07 -0700, Jasper Howard [EMAIL PROTECTED] wrote: When I created a business management script for the business I work for, it was important that ids in url's were encrypted. What I did was create a code for each item that needed one. My encryption table fields looked something like: enc_id, encryption, table, id where enc_id was the unique identifier in this table, encryption was the 14 character code, table was the table that the encrypted data was stored in, and id was the id of the encrypted data. That was you can pass the 14 digit code in the html, then when you need to use it in a php script you can just make a function that returns the data from the database from the encryption code. For extra security (since someone could just remember the encryption code) I added a cron job script that changed the encryptions every midnight. If anyone thinks something like this would work for them, some thing to remember is that you need to make sure that when you add an item to the encryption table in the db that each code is unique. -- -- Jasper Howard :: Database Administration ApexEleven Web Design 1.530.559.0107 http://www.ApexEleven.com/ -- Stuart Felenstein [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm restarting this post. I thought I was out of the woods, but not. Here situation, in most of my update forms which involve 1 record, passing a session variable , usually the users ID is enough. No URL param passing. Not so in two update forms I have where there are multiple records for each user. If I pass a session variable it only brings up the first record. So unless I am missing something, I must pass the record ID via a URL parameter. That works just great, but the problems lies in the fact, that all anyone would need to do is change recordID=1 to recordID=2 and they can see someone elses record, which is supposed to confidential. Now I've looked at sights like Monster, Amazon, Ebay, and tried changing the recordID in the URL area, but it either ignores my change or kicked back an invalid ID. This is even if I remove the other ID's from the line. So, I'm sure this has been dealt with more, I don't have the foggiest clue yet though how I can implement something that either hides, or prevents a user from going through records in the database by changing the id number. Appreciate any suggestions or ideas. Thank you, Stuart --- Stuart Felenstein [EMAIL PROTECTED] wrote: Turned out hiding the id wasn't necessary as the awaiting update page can grab
Re: [PHP-DB] SQLite problem INSERTing string
$val=127.0.0.1;
$query=INSERT INTO node set uri=\$val\, name=\bla\;
Try this one... think is better n less confusing for u...
On Sun, 19 Sep 2004 19:13:48 +0200, Darryl [EMAIL PROTECTED] wrote:
$val = 127.0.0.1;
$query = INSERT INTO node (uri,name) VALUES ('.$val.','bla');
Try that?
-Original Message-
From: Stefan Reimers [mailto:[EMAIL PROTECTED]
Sent: Sunday, September 19, 2004 6:37 PM
To: [EMAIL PROTECTED]
Subject: [PHP-DB] SQLite problem INSERTing string
Hello,
I am currently experiencing a problem with an INSERT statement in SQLite.
First of all an excerpt from the code:
$val = 127.0.0.1;
$query = INSERT INTO node (uri,name) VALUES (.$val.,'bla');
$db_name = mysqlite;
if($db_hdl = sqlite_open($db_name)){
$db_result = sqlite_query($db_hdl,$query);
}
I get the error message:
Warning: sqlite_query(): near .: syntax error in
C:\Programme\xampp\htdocs\dipl\testclient\sqlite_test.php on line 10
I tried addslashes (which I know I shouldn't), sqlite_escape_string, any
variant of quotes etc, I asked google and the searched the news groups
but with no relevant result, except the insight, that others experience
the same so long unsolved problem or use a syntax in their tutorials
that does not work with my code...
As you an see from the error message, I use Windows, Apache, PHP4 with
SQLite in a 2.8.14 version.
If anyone has a clue, please contact me or just answer.
Thanks in advance
Stefan
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Abstraction Layer....
Anyone for a list of php abstraction classes? ADODB, PEAR::DB... any others? or better? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: SQLite problem INSERTing string
I think I figured it out. SQLLite doesnt take single quotes as the text or varchar datatype values the strings passed to sqllite should match the data type of the column ... so ur mistake was creating a data type mismatch at the SQL lite end. hmm... thanx for the info Stefan... I never knew SQLLite doesnt support the inline Inserts using Set... thanx for that. I dont use SQLLite now.. plannin' to do that whenever possible.. On Sun, 19 Sep 2004 19:58:14 +0200, Stefan Reimers [EMAIL PROTECTED] wrote: Hi again, first of all thanks for quick suggestions. After some more testing, I can get more specific: This might be a more general problem than the . in the error message. Even when I use $val = hello I get an equivalent error message sqlite_query(): near hello As said, I have done all the quoting stuff, so \' instead of ' was no solution either, until I tried double quotes instead of single ones, just as M Saleh Eg suggested. So the following statement finally works: $query = INSERT INTO node (uri,name) VALUES (\$val\,\\); Just for everybody else: SQLite does not support the SET statement in INSERTs, so INSERT INTO table SET attr=val would not work. Thx Stefan -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
