Re: [PHP-DB] Dates - adding to unix 86400 seconds not equal nextday
Isn't this due to how your operating system handles the switch from daylight saving time to GMT (or local equivilent)? Or is this handled by PHP? That could account for different experiences. Of course if your locale doesn't switch from DST on this date you won't see the issue either... Using gmdate doesn't cause this anomaly. Apologies if this is what you're discussing and the issue is when the DST switch takes place... cheers Simon -- Simon Rees | -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Executing SQL query with ODBC
Hi Most databases don't return the number of rows in the results of a select statement to odbc_num_rows. See: http://www.php.net/manual/en/function.odbc-num-rows.php Usually the way to determine the number of rows a select returns is to either fetch them all and count them or do an additional aggregate query. It depends on your requirements. I presume that this behaviour is because in most cases the database engine does not make the number of rows in a result set available to the driver. The only way the php interface could calculate the number of rows would be to fetch them all which may be inefficient - say if you were only interested in the first row out of a possible 100. [anybody else care to comment?] Note, after an insert, update and delete statements odbc_num_rows does return the number of rows affected. cheers Simon On Tuesday 09 November 2004 08:09, Petrus Ali Saputra wrote: Here is my code: $conn = odbc_connect(Ta Fara,,); $query = SELECT * FROM Config; $result = odbc_exec($conn, $query); echo odbc_num_rows($result); This code never give me a 0 result even there is some data. How can I solve it? Thank you. -- Petrus Ali Saputra == Addr. : Karang Empat Besar 76 Surabaya 60133 East Java, Indonesia Phone : 62-31-381-7866 62-31-6010-2653 62-81-23000-254 -- A professional web hosting for your business and corporate URL : http://attractive.as/hostmania -- Mau kredit mobil baru/bekas dengan bunga rendah? URL : http://fantastic.as/kreditmobil -- ~~ Simon Rees | [EMAIL PROTECTED] | ORA-03113: end-of-file on communication channel ~~ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Do You Need addslashes() When Using Bind Variables
Hi Francis No. Thats one of the great things about bind variables. cheers Simon On Wednesday 10 November 2004 05:45, Francis Chang wrote: Hi, I'm using the Oracle database though I think this question is generic to all databases. If you're using bind variables and preparing the SQL statements ahead of time, do you still need to call addslashes() before binding the strings to the bind variables? Thanks in advance. Francis -- ~~ Simon Rees | [EMAIL PROTECTED] | ORA-03113: end-of-file on communication channel ~~ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Problem with an insert query
were upset. The Dean (SR) was kind enough to try and help explain to our members that there was a communications problem that caused the paperwork not to be completely in place before we started the program. LL and I got the members' phone numbers so that we can advise them if we are canceled next week. One consumer, DSL, was being uncooperative with us through out the time we were in session. She was pouting and having an attitude with all who were there including: the parents of another consumer, Dean SR and staff. I attempted to calm Ms. L down and stated that I was informed by MR that there might be a problem at 6:45PM on Friday. After the close of business hours on Friday. Ms. L stated on many occasions that M should of told her that we were not having class today. She called a couple of persons including a counselor at ZZZ, to which I was able to speak and explain the situation. I attempted to explain the entire situation and that we did not definitely know that they were not going to let us in to the room until today. The counselor seemed to be understanding. I told her that we are expecting to run the program next week and that we would contact Ms. L if we are told that we can not.', 'Everyone (Consumers, Parents and Staff) wishes to have the program by next week please help us get up and running.', 'Attempt to start up the program next session.', 'GMH, PgmLdr' ); SQL-query : INSERT INTO ProgressNotes ( DateOfReport, NumPartReg, NumPartPresent, NumStaffPresent, NumVolPresent, TodaysActivities, DescribeSession, Interactions, Comments, Plans, Signed ) VALUES ( '1', Select Count(*) From Attendance WHERE Session = 1, Select Count(*) From Attendance WHERE Session = 1 AND Present = 'Yes', Select Count(*) From StaffAttendance WHERE Session = 1 AND Present = 'Yes', '0', 'Attempt to start program', 'Due to the lack of completed paperwork between and SITE, we were unable to complete the program as schedule. We informed the consumers of the situation.', 'Understandably, the consumers were upset. The Dean (SR) was kind enough to try and help explain to our members that there was a communications problem that caused the paperwork not to be completely in place before we started the program. LL and I got the members' phone numbers so that we can advise them if we are canceled next week. One consumer, DSL, was being uncooperative with us through out the time we were in session. She was pouting and having an attitude with all who were there including: the parents of another consumer, Dean SR and staff. I attempted to calm Ms. L down and stated that I was informed by MR that there might be a problem at 6:45PM on Friday. After the close of business hours on Friday. Ms. L stated on many occasions that M should of told her that we were not having class today. She called a couple of persons including a counselor at ZZZ, to which I was able to speak and explain the situation. I attempted to explain the entire situation and that we did not definitely know that they were not going to let us in to the room until today. The counselor seemed to be understanding. I told her that we are expecting to run the program next week and that we would contact Ms. L if we are told that we can not.', 'Everyone (Consumers, Parents and Staff) wishes to have the program by next week please help us get up and running.', 'Attempt to start up the program next session.', 'GMH, PgmLdr' ); MySQL said: #1064 - You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'Select Count(*) From Attendance WHERE Session = 1, Select Cou [/QUOTE PHPMYADMIN RESULTS] -- ~~ Simon Rees | [EMAIL PROTECTED] | ORA-03113: end-of-file on communication channel ~~ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Problem with an insert query
On Saturday 13 November 2004 20:25, GH wrote: Explain Bind Vars please... Thanks It is a technique for preparing an SQL statement with placeholders which can then be substituted with values when the statement is executed. It will be unavailable to you unless you are using MySQL 4.1.3 or above and are using the mysqli library. See: http://www.php.net/manual/en/function.mysqli-prepare.php Note, this is a common technique in database programming but one which MySQL is only just starting to adopt... Simon -- ~~ Simon Rees | [EMAIL PROTECTED] | ORA-03113: end-of-file on communication channel ~~ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql - image storing
On Tuesday 18 January 2005 19:18, Jochem Maas wrote: I was always under the impression that single quotes (assuming you are delineating you args with single quotes) should (officially) be escaped with another single quote - although backslash also works: I think it depends on the database that you are using. Oracle and MS-SQL both require quotes to be escaped with another quote, MySQL uses backslashes. I seem to recall that two quotes is the standard... Of course it is even better to use bind vars and then you don't need to escape the quotes (or worry about sql injection attacks)... cheers Simon -- ~~ Simon Rees | [EMAIL PROTECTED] | ORA-03113: end-of-file on communication channel ~~ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] IIS, PHP, and session data
On Tuesday 25 January 2005 20:20, Perry, Matthew (Fire Marshal's Office) wrote: I am having trouble with my session data on Microsoft IIS. Here is a little background of the problem: 1) I am not personally in control of our web server. Our IT department manages it. oh dear! ;-) They have IIS running on their sever and use MS SQL Server, but they have allowed me to use PHP instead of ASP. 2) I have Apache running on a local web server in our office (not the IT department). It accesses the SQL Server database remotely. I I can't comment on the use of register_globals or session_register as I always use the $_SESSION array but I do use PHP on IIS... Something that you might like to check is that the directory specified by: session.save_path in the IIS server's php.ini is a directory writable by the user that IIS masquerades. The default value for this is: c:\php\sessiondata which if your sysadmin installed php as Administrator will not be writable by the IIS user (normally IUSR_hostname). Either get the sysadmin to specify ( create) another dir that is writable by IIS or change the permissions on c:\php\sessiondata Assuming you're running Apache on a Linux (and probably other un*x) distribution you will find that the session.save_path variable is set to /tmp which is usually world writable. I think if you posted the exact error message it would tell me if this was happening to you or not... hth, Simon -- ~~ Simon Rees | [EMAIL PROTECTED] | ORA-03113: end-of-file on communication channel ~~ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] JOIN problem
On Monday 07 February 2005 18:22, Zouari Fourat wrote: Hello I have 2 tables with two columns in each one (cloned tables) like this : ID int(6) UserName varchar(25) and i would like to select usernames from table1 that doesnt appear in table2 so i did this : Depending on which database you're using you may be able to do this: SELECT a.username FROM table1 a WHERE a.username NOT IN ( SELECT b.username FROM table2 b ) cheers Simon -- ~~ Simon Rees | [EMAIL PROTECTED] | ORA-03113: end-of-file on communication channel ~~ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] password in md5 to connect to mysql instead of clear password
On Sunday 27 February 2005 20:53, Micah Stevens wrote: I think about as safe as you can get is by putting the connection data out of the served directory, somewhere that's not directly accessable, and concentrate on system integrity. (security wise) A refinement of this technique is available on Unix boxes to which you have root access. Create a simple program that can read data about passwords etc. from a file. Create a file that can be read by the program you've written with the 'secrets' you want to keep secure in it. Make this file owned and readable only by root. Set the program owned by root, executable by everyone and suid. This will allow any user that can execute programs on the machine to obtain the password. Attackers who have just 'escaped' the web server root, say by taking advantage of a coding flaw, will not be able to read the password file. You can use groups to give finer grained access by making the program executable by a specific group only. However if an attacker has managed to obtain an account on your box they could probably just use a rootkit. In practice I use a simple c program (for speed) to read the password file and a system call in my php script to call the c program. A PHP program could be used for reading the password file but will need to be executed by a shebang rather than as a parameter to php. I can post further details if anyone is interested. cheers Simon -- ~~ Simon Rees | [EMAIL PROTECTED] | ORA-03113: end-of-file on communication channel ~~ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] password in md5 to connect to mysql instead of clear password
On Monday 28 February 2005 10:52, Jason Wong wrote: If you don't need the flexibility of the custom program and would rather make use of existing infrastructure: http://marc.theaimsgroup.com/?l=php-generalm=110137778213700w=2 You said in that post: Set default MySQL user and password in your virtual host container. Then connect to MySQL without specifying user and password. Presumably the file which contains the virtual host directive is readable by the process the webserver is running as - if not how does this work? Therefore the technique you describe is no more secure than that described earlier of putting the passwords in a file outside the webserver root. The technique I described keeps you passwords secret even if an attacker has read access to files they shouldn't. A similar strategy is used for the shadow password file on Unix boxes. cheers Simon -- ~~ Simon Rees | [EMAIL PROTECTED] | ORA-03113: end-of-file on communication channel ~~ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: password in md5 to connect to mysql instead of clear password
On Monday 28 February 2005 13:52, Gael Lams wrote:
Simon, I read your post regarding the use of a C
program and I would be interested in having some more
details as we started thinking about implementing
something similar.
Unfortunately I've misplaced the program I'd used in the past to do this. It
was written by a colleague at a workplace we've now both left. As an
exercise I've tried to re-implement it myself. The source code is inline at
the end of this message. Note I'm still learning C so it may be worth
getting someone more experienced to check it over before setting it suid
and using it in a secure environment! - it does appear to work however. It
may be worth considering one of the many C libs already written for
accessing config information as well...
Our idea is to 'obfuscate' the password in some way
and then process the value to get back to the plain
text password.
I don't know that this would be much help - if someone can read the file the
passwords are in it is likely they can read and copy the executable that
reads that file. Running the executable themselves they will be able to
figure out the obfuscation used... Still any obstacle is an obstacle!
In order to perform the connection to Oracle, the php
I liked Jason's suggestion of setting the password in an apache config file
that was only readable by root which has the same benefits as my suggestion
but much simpler. I didn't realise you could do that.
AFAICT the feature to set a default password, user etc doesn't seem to be
available for Oracle connections. Although I'm going to investigate that
further as I'm working with oracle at the moment.
cheers Simon
---
keyinfo.c:
/*
* keyinfo.c:
*
* Retrieve information from a config file.
*
* Reads a text file. Splits each line on the first whitespace. If the token
* before the whitespace matches the program's argument everything after the
* whitespace up until the end of line is returned. Processing of further
lines
* stops on the first match.
* Lines starting # are ignored.
*
* $Id: keyinfo.c,v 1.3 2005/02/28 18:30:12 sr Exp $
*/
#include stdio.h
#include stdlib.h
#include string.h
/* hard coded location of the file which contains secret information */
#define SECRETS_FILE /etc/keyinfo.conf
/* maximum length of lines in the secrets file */
#define MAX_LINE_LENGTH 80
int main ( int argc, char *argv[] )
{
FILE *in_fileh;
char buffer[MAX_LINE_LENGTH + 1];
char *sought_key;
char *key, *value;
char delimiter_chars[] = \t;
/* check a single parameter was passed */
if ( argc != 2 ) {
fprintf( stderr, Required single command argument not
supplied\n );
exit( 8 );
}
else {
sought_key = argv[1];
}
/* open keyinfo.conf file */
in_fileh = fopen( SECRETS_FILE, r );
if ( in_fileh == NULL ) {
fprintf( stderr, Error: Unable to open file %s\n,
SECRETS_FILE );
exit( 8 );
}
/* read lines in file looking for key match */
while ( fgets( buffer, sizeof( buffer ), in_fileh ) ) {
/* skip lines that start with # */
if ( buffer[0] == '#' ) {
continue;
}
key = strtok( buffer, delimiter_chars );
value = strtok( NULL, delimiter_chars );
if ( strcmp( key, sought_key ) == 0 ) {
/* remove trailing \n from value and print to stdout */
value[ strlen( value ) - 1 ] = '\0';
printf( %s, value );
break;
}
}
fclose( in_fileh );
exit( 0 );
}
---
/etc/keyinfo.conf:
# database 1 password
db1_pass 6dioqlFq
# database 2
db2_passxx55usp
---
--
~~
Simon Rees | [EMAIL PROTECTED] |
ORA-03113: end-of-file on communication channel
~~
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Why not ?
On Thursday 24 March 2005 17:26, JeRRy wrote: I was getting an error earlier stating round1 does not exist, however it does. round1 table does not exist. So does not say round1.game1 does not exist. Does a table named round1 exist in your database? If so and you are using mysql 4.0.4 you will need to mention all tables referenced in the WHERE clause in the UPDATE clause. e.g. UPDATE tipping, round1 SET tipping.score = 3 WHERE round1.game1 = 'H' AND tipping.username = 'jerry' (assuming the score column you want to update is in the tipping table...) You almost certainly want to join the two tables as well but without knowing your database it is impossible for me to say how. If you are using an older mysql version what you want to do is probably impossible in one statement. Simon -- ~~ Simon Rees | [EMAIL PROTECTED] | ORA-03113: end-of-file on communication channel ~~ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] comprehensive sql tutorial
On Monday 28 March 2005 13:00, Yemi Obembe wrote: Does anyone please know where i can get a comprehensive SQL tutorial as in one that contains stuffs on engines, data structures, table types, etc NOT JUST the basic query commands CREATE, SELECT, UPDATE, DELETE, INSERT... their syntax(es). Hi Yemi It sounds like the information you're after tends to be fairly specific for the database you're using. Of the databases I've used both Oracle and MySql's documentation was very helpful about setting up databases although they do assume some knowledge of general database concepts. See (for MySQL) http://dev.mysql.com/doc/ or (for Oracle - requires OTN membership which is free) http://oraclesvca2.oracle.com/docs/cd/B14117_01/index.htm cheers Simon -- ~~ Simon Rees | [EMAIL PROTECTED] | ORA-03113: end-of-file on communication channel ~~ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] GD Question
On Tuesday 05 April 2005 19:19, Craig Hoffman wrote: The script works fine when I test it on a stand alone page. I'm just not sure how to include with the rest of the site. You can't do it all from the same script (AFAIK). This is because of the way http/browsers work - each image is requested as a separate file. Put your image code in a separate script and request it in the src attribute of your html image tags. e.g. img src=display_image.php Simon -- ~~ Simon Rees | [EMAIL PROTECTED] | ORA-03113: end-of-file on communication channel ~~ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] PHP Sessions
On Thursday 14 April 2005 10:23, Ian McGhee wrote: I have been looking into PHP sessions and I have noticed you can actually use a database for storing the sessions instead of flat files I will be using MS SQL for the database can any one give be a clue as to how I would go about this or point me in the direction of a good tutorial? Have a look at the user comments on this page of the docs: http://www.php.net/manual/en/function.session-set-save-handler.php There are examples for MySQL and Postgres which should give you an idea of where to start. cheers Simon -- ~~ Simon Rees | [EMAIL PROTECTED] | ORA-03113: end-of-file on communication channel ~~ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: SQL or array ?
On Sunday 24 April 2005 12:25, Paul Reilly wrote: How would I go about benchmarking the different options? What tools are there to do this? a) time the script - quick, dirty and inaccurate but may provide an indicative result. b) use a profiler, which can be more interesting as it will show the CPU time taken by various parts of the script. I've used Xdebug for profiling and found it useful. Have a look at http://www.php.net/debugger for this and other options (I assume the other debuggers have profiling support). Simon -- ~~ Simon Rees | [EMAIL PROTECTED] | ORA-03113: end-of-file on communication channel ~~ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] printf() in a variable, or alternative to printf()
On Friday 27 May 2005 04:49, mayo wrote: I need to be able to format data. Printf() is perfect because I need a certain amount of characters (30 for address). However I need this formatted data to be inside a file that's fwrite() and then FTPed to a distributor who will parse it and input into their database. Use sprintf see: http://uk2.php.net/manual/en/function.sprintf.php Si -- ~~ Simon Rees | [EMAIL PROTECTED] | ORA-03113: end-of-file on communication channel ~~ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] transactions
On Tuesday 08 November 2005 09:37, Koen Wagemans wrote: MySQL isn't a transactional DB it doesn't know rollback and commit. MySQL does support transactions so long as you use a reasonably recent version and InnoDB tables. However as Bastien suggested a transaction can't persist beyond the execution of a script. cheers Simon -- ~~ Simon Rees | [EMAIL PROTECTED] | ORA-03113: end-of-file on communication channel ~~ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
