[PHP-DB] Protecting files
Can anyone point me to a tutorial that explains in words of one syllable how to protect files/directories without using .htaccess and .htpasswd. I have log-in screens that search an authorized users database for name, password, level before they can get into the site. But each time someone (ie me at the moment) tries to log-in, the browser throws up the (HTTP Authentication?) dialog box - I guess because I have .htaccess and .htpasswd protecting the directories where the scripts reside. I would prefer not to have this happen and rely only on authentication from the database. But how do I then protect the directories/scripts from anyone wanting to have a look (not that they're worth much!). Thanks Mick Lloyd [EMAIL PROTECTED] Tel: +44 (0)1684 560224 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Transmitting Arrays
Mark I've had similar problems in the past. It's my understanding that you can't pass arrays between scripts, except when using sessions. They seem to transfer in, for example: include("script.php"); require("script.php"); but not in: a href='script.php?var=$var'Pass/a but I would love to be corrected on this by a PHP expert! Regards Mick Lloyd [EMAIL PROTECTED] Tel: +44 (0)1684 560224 - Original Message - From: Mark Collin [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 20, 2001 9:44 PM Subject: [PHP-DB] Transmitting Arrays I have a form which dynamically builds a table by taking data out of a mysql database http://www.fyrespray.net/screenshots/admin/modifyscreenshot.php4?pageid=1 but i'm having problems whn i try to modify the data i'm trying to put all the data into arrays serialize it, urlencode it then send it on to the next page to put it into database and then send back to the original page when its done, i'm having a problem actually sendig my arrays around though, the second page doesn't seem to get any data after i have unserialized it and urlunecoded it. anyone have any ideas, i've been fiddleing about a load with the code and there is a good chance i have totally messed it up now heres the state its in atm though if you would like to look http://www.fyrespray.net/screenshots/admin/modifyscreenshot.txt http://www.fyrespray.net/screenshots/admin/modify.txt (prolly need to save the first page if your browser is picking up the html bits and making half of a web page up like mine does) -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Yet more strings
Gary Thanks for the advice. I had checked the string length to make sure there were no "hidden" spaces (which there aren't in the specific field I am selecting) and have now tried trim() but to no avail. Still fiddling with it! Regards Mick Lloyd [EMAIL PROTECTED] Tel: +44 (0)1684 560224 - Original Message - From: Gary Huntress [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 21, 2001 12:45 PM Subject: Re: [PHP-DB] Yet more strings When I have exact string matches fail where I don't expect them, and using a LIKE fixes it, the very first thing I check for is embedded whitespace in the data. "foo " and "foo" and " foo " are not the same. If this is the case then IMHO the best solution is to fix the data in the database, but barring that you can probably use the TRIM() function in your where clause. (note: the MySQL docs show using trim in the output, not in the where clause so I won't swear that its possible, but it should be) Regards, Gary ""Mick Lloyd"" [EMAIL PROTECTED] wrote in message 00c001c0b1ea$54a5f5c0$5c0083ca@oemcomputer">news:00c001c0b1ea$54a5f5c0$5c0083ca@oemcomputer... CC's suggestion of using mysql_num_rows helped to clarify the problem rather than find a solution! The problem is with mysql not PHP. When I use: $resultp = mysql_query("select Primaryid from primarycodes where Code = '".$row[Primaryexpertise]."'") or die (mysql_error()); it doesn't return a resource id#, ie the query fails. mysql_num_rows returns 0. Using: $resultp = mysql_query("select Primaryid from primarycodes where Code LIKE '%$row[Primaryexpertise]%'") or die (mysql_error()); it works, mysql_num_rows returns 1. I have also checked the string length of $row[Primaryexpertise] (the value of which is Biology for example) and it shows that there are no "hidden" characters in the field value (ie strlen returns 7). Running all this at the mysql shell (is that the word?) results in the same errors. The row values are Primaryid (8) and Code (Biology). mysqlselect Primaryid,Code from primarycodes where Code like '%Biology%'; \\returns the correct values mysqlselect Primaryid,Code from primarycodes where Primaryid = 8; \\returns the correct values mysqlselect Primaryid,Code from primarycodes where Code = 'Biology'; \\returns Empty set I'm no expert (obviously) but something seems odd here. Regards Mick Lloyd [EMAIL PROTECTED] Tel: +44 (0)1684 560224 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DB] More on strings
I thought I had it but I didn't! I can only get LIKE to perform queries that allow me use the result for a subsequent query but for accuracy, I need to use actual values. The first statement below works OK (at least I get a Resource id #) - courtesy of help received here - but will not return $pcodeid from the third statement - it dies giving me "No pcodeid". Using the LIKE version (second one below) works fine and I can use the $pcodeid array elements as I like. Any thoughts gratefully received. $resultp = mysql_query("select Primaryid from primarycodes where Code = '".$row['Primaryexpertise']."'") or die (mysql_error()); $resultp = mysql_query("select Primaryid from primarycodes where Code like '%$row[Primaryexpertise]%'") or die (mysql_error()); $pcodeid = mysql_fetch_array($resultp) or die("No pcodeid"); Regards Mick Lloyd [EMAIL PROTECTED] Tel: +44 (0)1684 560224 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DB] Strings
Can anyone advise on how to surround a string variable in a query. I select a string code from a column using: $result = mysql_query("SELECT * FROM $TA WHERE Profileid = '$profileid'"); $row = mysql_fetch_array($result); I then want to extract from a second table an id that relates to the code from the first query. I've tried various combinations of: $result = mysql_query("select Primaryid from primarycodes where Code = '$row[Primaryexpertise]'") with =, ==, ===, ', \", but always get a syntax error. I can get it to work with LIKE as follows: $result = mysql_query("select Primaryid from primarycodes where Code like '%$row[Primaryexpertise]%'") but I need greater accuracy because some codes contain similar data. String manipulation has me baffled most of the time! Thanks. Mick Lloyd [EMAIL PROTECTED] Tel: +44 (0)1684 560224 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DB] Load file
I'm trying to read a text file into a blob field in a database with the following code: $cvfile=".txt"; $exist = file_exists($cvfile); echo "File exists $existBR"; $result1=mysql_query("select * from $TA"); $rows=mysql_num_rows($result1); echo "$rowsBR"; $result=mysql_query("update $TA set P1description = load_file($cvfile)") or die (mysql_error()); Output shows File exists 1 (which I assume menas True) and the table is being read because $rows equals 2. P1 Then I get the "You have an error in your SQL syntax near '(.txt)' at line 1" error Any help? Regards Mick Lloyd [EMAIL PROTECTED] Tel: +44 (0)1684 560224 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DB] Frames
I have been battling with frames to display output from a database select query. The aim is to have a top page indicating the result of the query (number of names found), a list of names in the left frame which link (a href , etc) to a page for each name in the main frame. Thereby, the user can look at individual details for each name without losing sight of the full list of names. I can do a simple link to a new page and 'Back' again but would prefer the list to remain in view. One complication (?), before the search (or on a new search), the page does not use frames. A form collects search criteria then submits output to the frames page. So, I use "if (!submit){ " to check if the form has been completed - if not show it, else do search and set up frames to display. Can anyone point me to a good tutorial or code snippet. I have searched PHPBuilder, DevShed, WeberDev, Zend, etc but with little success. Thanks Mick Lloyd [EMAIL PROTECTED] Tel: +44 (0)1684 560224 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]