[PHP-DB] Protecting files
Can anyone point me to a tutorial that explains in words of one syllable how to protect files/directories without using .htaccess and .htpasswd. I have log-in screens that search an authorized users database for name, password, level before they can get into the site. But each time someone (ie me at the moment) tries to log-in, the browser throws up the (HTTP Authentication?) dialog box - I guess because I have .htaccess and .htpasswd protecting the directories where the scripts reside. I would prefer not to have this happen and rely only on authentication from the database. But how do I then protect the directories/scripts from anyone wanting to have a look (not that they're worth much!). Thanks Mick Lloyd [EMAIL PROTECTED] Tel: +44 (0)1684 560224 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Transmitting Arrays
Mark
I've had similar problems in the past. It's my understanding that you can't
pass arrays between scripts, except when using sessions. They seem to
transfer in, for example:
include("script.php");
require("script.php");
but not in:
a href='script.php?var=$var'Pass/a
but I would love to be corrected on this by a PHP expert!
Regards
Mick Lloyd
[EMAIL PROTECTED]
Tel: +44 (0)1684 560224
- Original Message -
From: Mark Collin [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, March 20, 2001 9:44 PM
Subject: [PHP-DB] Transmitting Arrays
I have a form which dynamically builds a table by taking data out of a
mysql
database
http://www.fyrespray.net/screenshots/admin/modifyscreenshot.php4?pageid=1
but i'm having problems whn i try to modify the data i'm trying to put all
the data into arrays serialize it, urlencode it then send it on to the
next
page to put it into database and then send back to the original page when
its done, i'm having a problem actually sendig my arrays around though,
the
second page doesn't seem to get any data after i have unserialized it and
urlunecoded it.
anyone have any ideas, i've been fiddleing about a load with the code and
there is a good chance i have totally messed it up now heres the state its
in atm though if you would like to look
http://www.fyrespray.net/screenshots/admin/modifyscreenshot.txt
http://www.fyrespray.net/screenshots/admin/modify.txt
(prolly need to save the first page if your browser is picking up the html
bits and making half of a web page up like mine does)
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Yet more strings
Gary
Thanks for the advice. I had checked the string length to make sure there
were no "hidden" spaces (which there aren't in the specific field I am
selecting) and have now tried trim() but to no avail. Still fiddling with
it!
Regards
Mick Lloyd
[EMAIL PROTECTED]
Tel: +44 (0)1684 560224
- Original Message -
From: Gary Huntress [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, March 21, 2001 12:45 PM
Subject: Re: [PHP-DB] Yet more strings
When I have exact string matches fail where I don't expect them, and using
a
LIKE fixes it, the very first thing I check for is embedded whitespace in
the data. "foo " and "foo" and " foo " are not the same.
If this is the case then IMHO the best solution is to fix the data in the
database, but barring that you can probably use the TRIM() function in
your
where clause. (note: the MySQL docs show using trim in the output, not
in
the where clause so I won't swear that its possible, but it should be)
Regards,
Gary
""Mick Lloyd"" [EMAIL PROTECTED] wrote in message
00c001c0b1ea$54a5f5c0$5c0083ca@oemcomputer">news:00c001c0b1ea$54a5f5c0$5c0083ca@oemcomputer...
CC's suggestion of using mysql_num_rows helped to clarify the problem
rather
than find a solution! The problem is with mysql not PHP. When I use:
$resultp = mysql_query("select Primaryid from primarycodes where Code =
'".$row[Primaryexpertise]."'") or die (mysql_error());
it doesn't return a resource id#, ie the query fails. mysql_num_rows
returns
0.
Using:
$resultp = mysql_query("select Primaryid from primarycodes where Code
LIKE
'%$row[Primaryexpertise]%'") or die (mysql_error());
it works, mysql_num_rows returns 1.
I have also checked the string length of $row[Primaryexpertise] (the
value
of which is Biology for example) and it shows that there are no "hidden"
characters in the field value (ie strlen returns 7).
Running all this at the mysql shell (is that the word?) results in the
same
errors.
The row values are Primaryid (8) and Code (Biology).
mysqlselect Primaryid,Code from primarycodes where Code like
'%Biology%';
\\returns the correct values
mysqlselect Primaryid,Code from primarycodes where Primaryid = 8;
\\returns
the correct values
mysqlselect Primaryid,Code from primarycodes where Code = 'Biology';
\\returns Empty set
I'm no expert (obviously) but something seems odd here.
Regards
Mick Lloyd
[EMAIL PROTECTED]
Tel: +44 (0)1684 560224
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DB] More on strings
I thought I had it but I didn't! I can only get LIKE to perform queries that
allow me use the result for a subsequent query but for accuracy, I need to
use actual values. The first statement below works OK (at least I get a
Resource id #) - courtesy of help received here - but will not return
$pcodeid from the third statement - it dies giving me "No pcodeid". Using
the LIKE version (second one below) works fine and I can use the $pcodeid
array elements as I like. Any thoughts gratefully received.
$resultp = mysql_query("select Primaryid from primarycodes where Code =
'".$row['Primaryexpertise']."'") or die (mysql_error());
$resultp = mysql_query("select Primaryid from primarycodes where Code like
'%$row[Primaryexpertise]%'") or die (mysql_error());
$pcodeid = mysql_fetch_array($resultp) or die("No pcodeid");
Regards
Mick Lloyd
[EMAIL PROTECTED]
Tel: +44 (0)1684 560224
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DB] Strings
Can anyone advise on how to surround a string variable in a query. I select
a string code from a column using:
$result = mysql_query("SELECT * FROM $TA WHERE Profileid = '$profileid'");
$row = mysql_fetch_array($result);
I then want to extract from a second table an id that relates to the code
from the first query. I've tried various combinations of:
$result = mysql_query("select Primaryid from primarycodes where Code =
'$row[Primaryexpertise]'")
with =, ==, ===, ', \", but always get a syntax error. I can get it to
work with LIKE as follows:
$result = mysql_query("select Primaryid from primarycodes where Code like
'%$row[Primaryexpertise]%'")
but I need greater accuracy because some codes contain similar data. String
manipulation has me baffled most of the time!
Thanks.
Mick Lloyd
[EMAIL PROTECTED]
Tel: +44 (0)1684 560224
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DB] Load file
I'm trying to read a text file into a blob field in a database with the
following code:
$cvfile=".txt";
$exist = file_exists($cvfile);
echo "File exists $existBR";
$result1=mysql_query("select * from $TA");
$rows=mysql_num_rows($result1);
echo "$rowsBR";
$result=mysql_query("update $TA set P1description = load_file($cvfile)") or
die (mysql_error());
Output shows File exists 1 (which I assume menas True) and the table is
being read because $rows equals 2.
P1
Then I get the "You have an error in your SQL syntax near '(.txt)' at
line 1" error
Any help?
Regards
Mick Lloyd
[EMAIL PROTECTED]
Tel: +44 (0)1684 560224
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DB] Frames
I have been battling with frames to display output from a database select
query. The aim is to have a top page indicating the result of the query
(number of names found), a list of names in the left frame which link (a
href , etc) to a page for each name in the main frame. Thereby, the user
can look at individual details for each name without losing sight of the
full list of names. I can do a simple link to a new page and 'Back' again
but would prefer the list to remain in view.
One complication (?), before the search (or on a new search), the page does
not use frames. A form collects search criteria then submits output to the
frames page. So, I use "if (!submit){ " to check if the form has been
completed - if not show it, else do search and set up frames to display.
Can anyone point me to a good tutorial or code snippet. I have searched
PHPBuilder, DevShed, WeberDev, Zend, etc but with little success.
Thanks
Mick Lloyd
[EMAIL PROTECTED]
Tel: +44 (0)1684 560224
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
