Re: [PHP] loading data from database
Micha Biegnolé wrote: Hi, I am a student of multimedia design. I have two tables in a database with one same column(column:Name). I ask data from table1 collumn:Name. In table2 I want to use the return of data from table1 and search table2 collumn:Name for other information. I tried joined SELECT, but it didn't work with me. I hope someone understands what I mean, my english is not so great. select data from table1. SELECT name FROM table1 WHERE movies='yes' Then I want to select from table2 using the result of select from table1. SELECT * WHERE..? If your MySQL server support sub-selects, then you can simply do : SELECT * FROM table2 WHERE column IN (SELECT name FROM table1 WHERE movies = 'yes') -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: [PHP-I18N] Multilingual Web application - how to?
Web server is Apache2+mod_rewrite with PHP5 How is this working for you ? I think there is alot of anticipation to get this combo working ok withthreading :) It works fine for us. However, our Web server never was under heavy stress. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Split command problem
On Monday 11 April 2005 09:27, Russ wrote:
I have been trying to get the following code working. I keep getting an
error on line nine.
And the error is?
It looks simular to the example in the PHP online
manual. If I substitute a print command for line nine I get the correct
information from $_POST[username]. I must be missing or have an extra a
quote but I cannot figure out where.
name($fname, $lname) = split('[/\s+/]', $_POST[username]);
split() probably uses POSIX regex and hence knows nothing about '\s'. Use
preg_split() instead:
list($fname, $lname) = preg_split('/\s+/', $_POST['username']);
--
Jason Wong - Gremlins Associates - www.gremlins.biz
Open Source Software Systems Integrators
* Web Design Hosting * Internet Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
New Year Resolution: Ignore top posted posts
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] COM works on NT but fails on 2003?
On Monday 11 April 2005 12:11, Theisen, Gary wrote:
if ($excel !=== FALSE) { //This is the error line?!?! I even tried
FALSE.
if ($excel !== FALSE) { ... }
--
Jason Wong - Gremlins Associates - www.gremlins.biz
Open Source Software Systems Integrators
* Web Design Hosting * Internet Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
New Year Resolution: Ignore top posted posts
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] alternative to mysql_real_escape_string()
Hello, I have a quick question: To use a custom solution for inhibiting sql injection attacks and not a database specific solution like mysql_real_escape_string() http://php.net/manual/en/function.mysql-real-escape-string.php ... that will run on any database, not just MySql, would the following be a viable solution: a. addslashes() to all variables and b. remove specific unwanted characters from input including: -- [comment sign in SQL] ' [single quote] It is possible to just destroy the unwanted characters in a login form and prohibit use of those characters in username and password fields. Would a. plus b. above provide reasonably good protection to inhibit sql injection attacks, or what is the best database independent approach using php and not a database function? Thank you for any help. Robin. http://www.globalissa.com info[at]globalissa.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Limiting Cpu usage
ok, that will do some of the trick , but still , a user can just write a
script which:
for($i=0;$i;$i++)
{
$x=$x+1;
}
or something and refresh it the whole time and really slow down everybody
else
Greg Donald [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
On Apr 10, 2005 9:27 AM, zini10 [EMAIL PROTECTED] wrote:
hello, how can i limit cpu usage for shared hosting enviroment?
i mean , im hosting serveal sites and wish for all php scripts to have
(for
example) no more than 5% of cpu usage so no one can bomb my server.
im currently using php as a module , i know i can do it if ill use php as
a
cgi and limit apache with cpu usage , but wont it decrease dramtically my
preformance?
You might want to look at mod_dosevasive.
http://nanoweb.si.kz/manual/mod_dosevasive.html
--
Greg Donald
Zend Certified Engineer
http://destiney.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Limiting Cpu usage
another thing i just noticed is that it is designed for nanoweb server , not for apache but thanks anyway for your help. Greg Donald [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Apr 10, 2005 9:27 AM, zini10 [EMAIL PROTECTED] wrote: hello, how can i limit cpu usage for shared hosting enviroment? i mean , im hosting serveal sites and wish for all php scripts to have (for example) no more than 5% of cpu usage so no one can bomb my server. im currently using php as a module , i know i can do it if ill use php as a cgi and limit apache with cpu usage , but wont it decrease dramtically my preformance? You might want to look at mod_dosevasive. http://nanoweb.si.kz/manual/mod_dosevasive.html -- Greg Donald Zend Certified Engineer http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Adding Fonts to JpGraph
On Apr 6, 2005 2:53 AM, Richard Lynch [EMAIL PROTECTED] wrote: On Mon, April 4, 2005 12:39 pm, Stephen Johnson said: I am using JPGraph for a project that I am working on right now and I have hit a small snag - My client wants to have the user be able to select from a list of about 20 30 standard fonts. JPGraph only has about six built into it and the support in the docs is not very helpful since it wants you to register it to get font support. I am willing to do that, BUT, their website says they are no longer accepting support clients. So anyone out there have any advice our a tutorial that I can look at for some assistance ? If it's true type fonts you're after there is a TTF_DIR setting in jpgraph.php that point s to a directory containing any fonts you may wish to use. If you're on Linux have you googled for msttcorefonts, I think they're on sourceforge? HTH -- Graham -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] in_array and annidated path
Hi all sory for the double post but i have deleted the first email that i have send to the list. The problem that i have found is that in_array function don't work with annidate path. I have created a function that update a list of filepath from a directory to DB but when i use particular path with space and more long like: C:\back\Microsoft.NET\Framework\v1.0.3705\file.exe with more iteration there are problem because add the same file again. Can you help me to fix the problem ? I have used this script with CLI but to explain the problem i have added the source to this location: http://www.fadelabot.net/update.php Thanks so much to all and good work. P.S: There is another problem about the CPU usage on windows Xp i have a process php.exe that use 99% of CPU. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Update XML
Hi NG! I've a problem in updating an XML-Node value. How can I change the value of an XML node? Thanks in Advance Stefan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] problem with mcrypt_generic_deinit function
I have a problem with this function.
When I execute via web the script:
?php
$llave = esta es una llave secre;
$entrada = Encontrémonos a las 9 en punto en el lugar secre.;
$td = mcrypt_module_open('tripledes', '', 'ofb', '');
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $llave, $iv);
$datos_cifrados = mcrypt_generic($td, $entrada);
echo $datos_cifrados;
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
?
I get the following:
3`ZïeYS lyZøW» .c¿º#190;óÇY
»ÞÐ #8221;4#189;ôUr-Ì¿°#732;¯h
Fatal error: Call to undefined function: mcrypt_generic_deinit() in
/path/script.php on line 10
The first line on the www client is the third line on the script:
Encontrémonos a las 9 en punto en el lugar secre, but encrypted.
If I comment line 10 the script run succesfully.
The server is a debian woody with apache and php-mcrypt module.
The function mcrypt_generic_deinit is necessary or is posible to use mcrypt
without this function?
Could somebody help me with this.
Thanks in advance.
Re: [PHP] Redirection after login with security
On Monday 11 April 2005 10:48, Adam Hubscher wrote: There seems to be 2 issues here: In an attempt to provide the best way to limit the # of accounts per person, I assumed that this could be accomplished by placing a dummy value only used by the site itself that is the username/encoded password for them on the community, and test if... when searched for in the database, a result set of x is discovered, then they are unable to create another account. 1) You want to prevent people from creating multiple accounts. Basically there is really nothing concrete that you can do to prevent that short of making them pay an extortionate amount of money before they can create a new account. Problem: I would like to possibly utilize a login system (created on the remote server), that would then check their username and password against the CMS database located there, then redirect with that information (encrypted of course), to the local site where the information gets stored in a session. Then when they go to create a new account, it stores the extra verfied information into the database. However, the issue at hand here is, I'm not sure how secure it would be if I were to say, create a secure login form, verify the data... and then create another pseudo form that directs the person to the local-based site using hidden post variables (this is my original thought on the subject). 2) You want to check the credentials of a user/password against a remote database. One way to do it pretty securely without having to actually login to the remote database is to setup something like this: Remote database server, on this machine setup a simple webpage which grabs username and password from the URL. The username can be in plaintext (or if circumstances dictate and/or you're paranoid can be *encrypted*). The password is hashed (md5/sha, whatever) WITH a secret key. You can then verify whether username/password is correct and return an appropriate response. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- New Year Resolution: Ignore top posted posts -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about fsockopen
Date: Sun, 10 Apr 2005 08:00:23 - (UTC) From: [EMAIL PROTECTED] I have several IP in one interface (eth0) in my server and I want make connection to another server (check email, etc) using different ip for every mail server. I was read the document, and there is no way how to make this happen. Any idea? You can do this with the CURL Extension, but then that limits you to the protocols supported by CURL. If that doesn't matter, take a look at CURLOPT_INTERFACE in curl_setopt() I'm afraid, I don't know how to do this with fsockopen() and weather it is possible at all. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Redirection after login with security
Adam Hubscher [EMAIL PROTECTED] writes: Problem: I would like to possibly utilize a login system (created on the remote server), that would then check their username and password against the CMS database located there, then redirect with that information (encrypted of course), to the local site where the information gets stored in a session. Then when they go to create a new account, it stores the extra verfied information into the database. However, the issue at hand here is, I'm not sure how secure it would be if I were to say, create a secure login form, verify the data... and then create another pseudo form that directs the person to the local-based site using hidden post variables (this is my original thought on the subject). Is there another way I could go about doing this (ie, a way that I could identify a user that is almost assuredly never going to change) or is there a more secure way? Or, am I on the right track? Maybe instead of passing the password, you can create a unique sessionid for the user. The userid+the sessionid can then be stored in a database and you pass the sessionid ahead instead of passing the password. On the other end, you can check if the userid and the sessionid that you have received has been authenticated or not. (This assumes that the database in which you kept the sessionid is accessible to both the sides). You will also need to store the timestamp of when the sessionid was created and discard old sessionids. -- Raj Shekhar Y! : Operations Engineer MySQL DBA, programmer and slacker Y!IM : lunatech3007 home : http://rajshekhar.net blog : http://rajshekhar.net/blog/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] deleting $_SESSION
I have a session variable called $_SESSION['total'] the problem is I can't delete/reset it. I have tried $_SESSION['total']= 0; $_SESSION['total']= ; and the thing remains. Is there a special way to delete them?? AD -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] deleting $_SESSION
--- AndreaD [EMAIL PROTECTED] wrote: I have a session variable called $_SESSION['total'] the problem is I can't delete/reset it. I have tried Try unset. unset($_SESSION['total']); http://us4.php.net/manual/en/function.unset.php -k. __ Do you Yahoo!? Yahoo! Mail - now with 250MB free storage. Learn more. http://info.mail.yahoo.com/mail_250 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] deleting $_SESSION
On , 2005-04-11 at 15:43 +0100, AndreaD wrote: I have a session variable called $_SESSION['total'] the problem is I can't delete/reset it. I have tried $_SESSION['total']= 0; $_SESSION['total']= ; www.php.net/unset , unset($_SESSION['total']); Josip Dzolonga, http://josip.dotgeek.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] deleting $_SESSION
use unset() -Ryan On 4/11/2005 4:43:06 PM, AndreaD ([EMAIL PROTECTED]) wrote: I have a session variable called $_SESSION['total'] the problem is I can't delete/reset it. I have tried $_SESSION['total']= 0; $_SESSION['total']= ; and the thing remains. Is there a special way to delete them?? AD -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.9.6 - Release Date: 4/11/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Almost OT - urlencode and IE
Chris wrote: I'm writing a web app that passes values in the URL separated by a / . I'm passing these values by supplying links to them. The writing and reading of these values is fine, I'm just stuck at the differing ways IE handles urlencoding the data.. IE will not work unless I double urlencode it `urlencode(urlencode($sData))` while Firefox and Opera (and, I imagine, every other non-microsoft browser out there) only needs to be encoded once. Can you provide a specific example? As horrible as IE is, I can't imagine that it doesn't properly handle URL encoding. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Creating INSERT INTO statement from dbf file - SOLVED!
Ave,
I¹m sure there would be better ways of doing this, and mine may not be the
most decent, but I did manage to solve this.
Here¹s how I did it:
- Create An Array
- Run the loop for all the records in the table
- Fill the array with the Field Names
- Display the Fields names with the ³Comma² being inserted on an ³If²
condition pertaining to the count() for the Array. So we place the ³Comma²
only ³If² there is a Value remaining in the Array.
- Reinitialize (empty) the Array upon restart of the loop (So that the next
set of values can go in)
I did this once for the Field Names and then again for the Values, and it
works perfect! The commas apostrophes are just the way they should be, not
excessive. The entire INSERT INTO SQL statement is generated from the data
in the DBF file.
Here¹s the code:
?php
$db_path = $DATABASEFILE;
$dbh = dbase_open($db_path, 0) or die(Error! Could not open
dbase database file '$db_path'.);
if ($dbh) {
#Get the Information
$column_info = dbase_get_header_info($dbh);
$record_numbers = dbase_numrecords($dbh);
$fArray = array();
$vArray = array();
#Run the loop for all the records in the Table
for ($i = 1; $i = $record_numbers; $i++) {
$row = dbase_get_record_with_names($dbh, $i);
$fArray = array();
$vArray = array();
echo INSERT INTO .substr($DATABASEFILE_name,0,-4). (;
#Run the loop for all the fields Assign Field Names to an
Array
foreach ($column_info as $v1) {$fArray[]=$v1[name]; };
#Run the loop for all values in the Array Display Field Names
$c=count($fArray);
for($j=0;$j=$c;$j++) { echo $fArray[$j]; if($j$c-1) { echo
,; } }
echo ) VALUES (;
#Run the loop for all the values corresponding to fields in the
Table
foreach ($column_info as $v1) {
$vArray[]=trim($row[$v1[name]]); }
#Run the loop for all values in the Array Display Values
$c2=count($vArray);
for($j2=0;$j2=$c2;$j2++) {
if($j2$c2) { echo '; }
echo $vArray[$j2];
if($j2$c2) { echo '; }
if($j2$c2-1) { echo , ; }
}
echo ); br;
}
}
dbase_close($dbh);
?
Rahul S. Johari
Coordinator, Internet Administration
Informed Marketing Services Inc.
251 River Street
Troy, NY 12180
Tel: (518) 266-0909 x154
Fax: (518) 266-0909
Email: [EMAIL PROTECTED]
http://www.informed-sources.com
On 4/4/05 4:33 PM, Rahul S. Johari [EMAIL PROTECTED] wrote:
Ave,
I¹ve written a code that is able to extract the Column names and Records
from a simple dbf (foxpro) file and create an INSERT INTO sql statement
which can be used to insert all those records with their corresponding field
names in an existing mySQL table. (A CREATE TABLE code I wrote is able to
create the table from the dbf file information).
Following is the code I wrote for creating the INSERT INTO sql:
?php
$db_path = $DATABASEFILE;
$dbh = dbase_open($db_path, 0) or die(Error! Could not open
dbase database file '$db_path'.);
if ($dbh) {
#Get the Information
$column_info = dbase_get_header_info($dbh);
$record_numbers = dbase_numrecords($dbh);
#Run the loop for all the records in the Table
for ($i = 1; $i = $record_numbers; $i++) {
$row = dbase_get_record_with_names($dbh, $i);
echo INSERT INTO .substr($DATABASEFILE_name,0,-4). (;
#Run the loop for all the fields in the Table
foreach ($column_info as $v1) {echo $v1[name],;}
echo ) VALUES (;
#Run the loop for all the values corresponding to fields in the
Table
foreach ($column_info as $v1) {echo
'.trim($row[$v1[name]]).',;}
echo '); br;
}
}
dbase_close($dbh);
?
It works fine, except for one problem. It¹s able to create the INSERT INTO
sql statement, with all the fields and corresponding values, but as I¹m
running a loop for both the fields names, and the values corresponding to
fields names, it leaves a comma after the records are over.
So instead of having this : INSERT INTO tblname (c1,c2,c3) VALUES
(v1¹,¹v2¹,¹v3¹);
I achieve this : INSERT INTO tblname (c1,c2,c3,) VALUES (v1¹,¹v2¹,¹v3¹,¹);
Notice an additional Comma after column names, and an additional ,¹ after
the values. I¹m not quite sure what to do to get rid of those. I¹ve tried
some different combinations using
Re: [PHP] Storing password in cookie
Computer Programmer wrote: What is a better way to store password in a cookie? This is one of the worst ideas people have, and if I'm guessing the reasoning behind your question correctly, this will help: http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice Keep in mind that cookies are included in a Cookie header within each request that satisfies the criteria specified in a previous response's Set-Cookie header. This means that cookies are exposed on every single request, which can mean many times per page (embedded content such as images are often served from the same domain). Hope that helps. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing password in cookie
[EMAIL PROTECTED] wrote: DO NOT STORE PASSWORDS ON USERS COMPUTER I hope that's clear enough. A couple of people have stated this but I think it is incorrect. Please refrain from such speculation, because it does nothing to improve the state of security within our community. This idea of storing passwords in cookies is absurd. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing password in cookie
Please refrain from such speculation, because it does nothing to improve the state of security within our community. This idea of storing passwords in cookies is absurd. Is the above sentiment true even if you store the password as some sort of hash (md5 or otherwise)? thnx, Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing password in cookie
Chris Boget wrote: Please refrain from such speculation, because it does nothing to improve the state of security within our community. This idea of storing passwords in cookies is absurd. Is the above sentiment true even if you store the password as some sort of hash (md5 or otherwise)? It's totally unnecessary. I can't think of any reason why one would _have to_ store passwords in a cookie. -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] shared library in php
Hello, I have a shared library and i would like very much to use it in php. Do i have to do anything or i can just dl it and use? Angelo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing password in cookie
Chris Boget wrote: This idea of storing passwords in cookies is absurd. Is the above sentiment true even if you store the password as some sort of hash (md5 or otherwise)? Yes, because passwords offer long-term access. If you accept a hash of the password for access, then that hash becomes as sensitive as the password. For example, this is why using client-side scripting to send the hash of a password in a login form offers no protection. Most people who inquire about storing access credentials (username and password, password, hash of the password, etc.) in a cookie want to provide a persistent login. This is a form of access control that is temporarily removed by the presence of this cookie, which is difficult enough to protect without adding in unnecessary risks. Even a temporary token used in exactly the same manner offers less risk than anything based upon the password. Hope that helps. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Smarty and PEAR DB
Hello List: I'm using PEAR DB and Smarty. The case is that I have to pass a value from a query result to a Smarty var. I try to paginate results. See the code below: /// SmartyPaginate::connect(); SmartyPaginate::setLimit(5); $gbresult = $database-query(SELECT * FROM libro_de_visitas LIMIT . SmartyPaginate::getCurrentIndex() . , . SmartyPaginate::getLimit()); $gbtotal = $database-query(SELECT COUNT(*) AS total FROM libro_de_visitas); $gbtotal-fetchRow(); SmartyPaginate::setTotal($gbtotal['total']); /// As you can see I need the COUNT value but I not know how get it from query using PEAR. Some body can help me? Regards Reynier Pérez Mira 3ero. Ing. Informática Entre más inteligente me siento, más me doy cuenta de lo ignorante que soy.
[PHP] Bulletproof POST remove
Hi all
I noticed some sites are able to remove POST data 100% of the time. Even if
the user presses the back button there is no more POST data pressent.
I would like to achieve the same thing and currently I use a location header
to transfer the user to the same page.
Like
check post
do action
header('Location: $thispage');
die();
But then when the user presses the back button they can still retransmit the
action.
I tried playing with the MUST-REVALIDATE, pragma-nocache header and stuff but
it doesn't seem to work. Also I notice that on some sites, when I press the
back button, there is a white page that sais Your session has expired.
It should be noticed that I do not use sessions.
It should be like POST-once, after that there should be no more remnants of
it.
With kind regards
Andy
--
Registered Linux User Number 379093
-- ---BEGIN GEEK CODE BLOCK-
Version: 3.12
GAT/O/CM d- s:+ a- C UL P+ L+++ E--- W+++ N++ o+ K w--- O+++ M- V
PS+ PE++ Y+ PGP+++ t+ 5-- X R !tv b DI+++ D++ G e-- h+ r--- y+
-- ---END GEEK CODE BLOCK--
Check out these few php utilities that I released
under the GPL2 and that are meant for use with a
php cli binary:
http://www.vlaamse-kern.com/sas/
--
--
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] upgrading to php 4.3.11 gets me No input file specified
upgrading from 4.3.10 - 4.3.11 test script: ? phpinfo(); ? OS: Win2000 Server: Website 3.5 Server API: isapi php folder C:\php path includes c:\php PHPRC = c:\php C:\WINNT doesn't have any files with php in their name. installed 4.3.11 by renamed c:\php to php-4.3.10 unzipped the 4.3.11 file renamed the 4.3.11 folder to php copied php-4.3.10\php.ini to c:\php restarted WebSite opened up http://server/info.php - No input file specified switched back to 4.3.10 by renamed c:\php to php-4.3.11 renamed php-4.3.10 c:\php restarted WebSite opened up http://server/info.php - normal info What did i miss, or how do i get 4.3.11 to work? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] deleting $_SESSION
AndreaD wrote: I have a session variable called $_SESSION['total'] the problem is I can't delete/reset it. I have tried $_SESSION['total']= 0; $_SESSION['total']= ; I guess you didn't know/think of trying null: $_SESSION['total'] = null; ...which has the same effect as using: unset($_SESSION['total']); // as you have been told on at least 3 diff occasions ;-) this oneliner might give you a little insight: ?php $x=1;$y=2;unset($x);$y=null;var_dump($x,isset($x),empty($x),$y,isset($y),empty($y)); ? I encourage you to read the following pages for a better understanding of variables: http://php.net/unset http://php.net/empty http://php.net/isset, and this section: http://php.net/variables have fun! rgds, Jochem PS - personally I try to remember to set a var to null if the code is inside a loop, in order to minimize function call overhead. (anyone with real skill care to comment as to whether there is actually a difference between setting a var to null and calling unset on it? also speedwise?) and the thing remains. Is there a special way to delete them?? AD -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] deleting $_SESSION
Jochem Maas mailto:[EMAIL PROTECTED] on Monday, April 11, 2005 10:45 AM said: this oneliner might give you a little insight: ?php $x=1;$y=2;unset($x);$y=null;var_dump($x,isset($x),empty($x),$y,isset($y) ,empty($y)); ? If that's a oneliner I'd hate to see a twoliner! :P Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Smarty and PEAR DB
* Reynier Perez Mira [EMAIL PROTECTED]: I'm using PEAR DB and Smarty. The case is that I have to pass a value = from a query result to a Smarty var. I try to paginate results. See the = code below: /= SmartyPaginate::connect(); SmartyPaginate::setLimit(5); $gbresult =3D $database-query(SELECT * FROM libro_de_visitas LIMIT . = SmartyPaginate::getCurrentIndex() . , . SmartyPaginate::getLimit()); $gbtotal =3D $database-query(SELECT COUNT(*) AS total FROM = libro_de_visitas); $gbtotal-fetchRow(); SmartyPaginate::setTotal($gbtotal['total']); /= As you can see I need the COUNT value but I not know how get it from = query using PEAR. Some body can help me? You'll need to do two different queries, one that counts the number of total results for the criteria, and one that pulls the set with a LIMIT statement. -- Matthew Weier O'Phinney | WEBSITES: Webmaster and IT Specialist | http://www.garden.org National Gardening Association| http://www.kidsgardening.com 802-863-5251 x156 | http://nationalgardenmonth.org mailto:[EMAIL PROTECTED] | http://vermontbotanical.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: shared library in php
Angelo Ayres Camargo wrote: Hello, I have a shared library and i would like very much to use it in php. Do i have to do anything or i can just dl it and use? Angelo Without knowing what the shared library is that you're trying to use, there's not much I can say. It may be that PECL already has the extension you're looking for. If it's a library you created and you want to use it as a PHP extension, take a look at the PHP manual, particularly the section on creating extensions: http://www.php.net/manual/en/zend.creating.php -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Can't Delete File Using Unlink
Hi i have a problem with deleting files, i use windows XP and installed on it apache server PHP 5.1 i use unlink($file) to delete files but it doesn't work while it works fine on my webhosting which is on linux machine is there another function to use to delete files under windows instead of link ?? any help would be appreciated. thanks in advance -- Ahmed Abdel-Aliem Web Developer www.ApexScript.com 0101108551 registered Linux user number 382789 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Dump client, nice concept...but how to do it via php?
Hey, A client asked me if I could do this, i told him i'll check around...so naturally I am asking you guys :-D He has an account with a sms gateway and has a website with come crappy profiles of his users. He wants the functionality that any of his users can send him an MMS message containing a picture and that picture should be uploaded to that users profile (based on the phone number that he has for that user) or some other way of uploading a pic from the users mobile to the profile... Ideas? classes? suggestions? code help? Thanks, Ryan -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.9.6 - Release Date: 4/11/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Can't Delete File Using Unlink
Ahmed Abdel-Aliem wrote: i have a problem with deleting files, i use windows XP and installed on it apache server PHP 5.1 i use unlink($file) to delete files but it doesn't work while it works fine on my webhosting which is on linux machine is there another function to use to delete files under windows instead of link ?? The webserver needs to have permission to modify the file that you are trying to delete. Check the file and directory permissions by right-clicking the directory and going to properties. You will probably need to give the user that controls apache either full or modify permissions to the Web directory. In general, permission settings under Windows suck. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] deleting $_SESSION
Jochem Maas wrote:
AndreaD wrote:
I have a session variable called
$_SESSION['total'] the problem is I can't delete/reset it. I have tried
$_SESSION['total']= 0;
$_SESSION['total']= ;
I guess you didn't know/think of trying null:
$_SESSION['total'] = null;
...which has the same effect as using:
unset($_SESSION['total']); // as you have been told on at least 3 diff
occasions ;-)
this oneliner might give you a little insight:
?php
$x=1;$y=2;unset($x);$y=null;var_dump($x,isset($x),empty($x),$y,isset($y),empty($y));
?
I encourage you to read the following pages for a better understanding
of variables:
http://php.net/unset http://php.net/empty http://php.net/isset,
and this section: http://php.net/variables
have fun!
rgds,
Jochem
PS - personally I try to remember to set a var to null if the code is
inside a loop,
in order to minimize function call overhead. (anyone with real skill
care to comment
as to whether there is actually a difference between setting a var to
null and calling unset
on it? also speedwise?)
If you set a variable to null, it will be null. If it's unset, it no
longer exists, it's not even a null. But will evaluate to null if used
and notice will be generated.
This 7-liner will ilustrate it:
error_reporting(E_ALL);
$null = $unset = 0; // to get started
var_dump($null, $unset);
$null = null;
unset($unset);
var_dump($null, $unset); // both are nulls, but notice is generated
var_dump(array_key_exists('null', $GLOBALS), array_key_exists('unset',
$GLOBALS)); // 'unset' is no longer in $GLOBALS
Speed? I don't think there is much difference. But I would use unset()
to get rid of unused variables as they are pesistent.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Can't Delete File Using Unlink
On Apr 11, 2005 8:28 PM, Ben Ramsey [EMAIL PROTECTED] wrote: Ahmed Abdel-Aliem wrote: i have a problem with deleting files, i use windows XP and installed on it apache server PHP 5.1 i use unlink($file) to delete files but it doesn't work while it works fine on my webhosting which is on linux machine is there another function to use to delete files under windows instead of link ?? The webserver needs to have permission to modify the file that you are trying to delete. Check the file and directory permissions by right-clicking the directory and going to properties. You will probably need to give the user that controls apache either full or modify permissions to the Web directory. In general, permission settings under Windows suck. i tried that, when a file is being uploaded it becomes read-only, so it can't be deleted, how can i make it not read-only by default ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Can't Delete File Using Unlink
On Tuesday 12 April 2005 02:28, Ben Ramsey wrote: In general, permission settings under Windows suck. Hmm I thought that the ACLs on NTFS were about the only thing that is good about Windows. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- New Year Resolution: Ignore top posted posts -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Can't Delete File Using Unlink
Ahmed Abdel-Aliem wrote: On Apr 11, 2005 8:28 PM, Ben Ramsey [EMAIL PROTECTED] wrote: Ahmed Abdel-Aliem wrote: i have a problem with deleting files, i use windows XP and installed on it apache server PHP 5.1 i use unlink($file) to delete files but it doesn't work while it works fine on my webhosting which is on linux machine is there another function to use to delete files under windows instead of link ?? The webserver needs to have permission to modify the file that you are trying to delete. Check the file and directory permissions by right-clicking the directory and going to properties. You will probably need to give the user that controls apache either full or modify permissions to the Web directory. In general, permission settings under Windows suck. i tried that, when a file is being uploaded it becomes read-only, so it can't be deleted, how can i make it not read-only by default ? Can you post the code you're using to upload and save the file to the Web server? -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] deleting $_SESSION
Jochem Maas wrote:
AndreaD wrote:
I have a session variable called
$_SESSION['total'] the problem is I can't delete/reset it. I have tried
$_SESSION['total']= 0;
$_SESSION['total']= ;
I guess you didn't know/think of trying null:
$_SESSION['total'] = null;
...which has the same effect as using:
unset($_SESSION['total']); // as you have been told on at least 3 diff
occasions ;-)
Not true. If you set it to null, it still exists...it's just null. If
you unset it, the variable no longer exists.
$_SESSION['total'] = null;
if ( isset ( $_SESSION['total'] ) ) {
echo ( Yes );
} else {
echo ( No );
}
unset ( $_SESSION['total'] );
if ( isset ( $_SESSION['total'] ) ) {
echo ( Yes );
} else {
echo ( No );
}
--
John C. Nichel
ÜberGeek
KegWorks.com
716.856.9675
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Can't Delete File Using Unlink
On Apr 11, 2005 8:39 PM, Ben Ramsey [EMAIL PROTECTED] wrote:
Ahmed Abdel-Aliem wrote:
On Apr 11, 2005 8:28 PM, Ben Ramsey [EMAIL PROTECTED] wrote:
Ahmed Abdel-Aliem wrote:
i have a problem with deleting files, i use windows XP and installed
on it apache server PHP 5.1
i use unlink($file) to delete files but it doesn't work while it works
fine on my webhosting which is on linux machine
is there another function to use to delete files under windows instead
of link ??
The webserver needs to have permission to modify the file that you are
trying to delete. Check the file and directory permissions by
right-clicking the directory and going to properties. You will probably
need to give the user that controls apache either full or modify
permissions to the Web directory.
In general, permission settings under Windows suck.
i tried that, when a file is being uploaded it becomes read-only, so
it can't be deleted, how can i make it not read-only by default ?
Can you post the code you're using to upload and save the file to the
Web server?
this is the function i am using to upload the file
function UploadFile($File) {
$this-File = $File;
$this-File_Name = strtolower($this-File['name']);
$SQL_Query = mysql_query(SELECT * FROM files WHERE file_name =
'$this-File_Name');
$Records = mysql_num_rows($SQL_Query);
$arr = split(\.,$this-File['name']);
if($Records 0){
$dst_file_name = $this-GenerateUniqueID();
$this-File['name'] =
$this-File['name'].$dst_file_name[1].$dst_file_name[5];
$this-File['name'] .= ..$arr[count($arr)-1];
}
$this-File_Ext = $arr[count($arr)-1];
$dest_dir = 'files';
$dest = $dest_dir . '/' .$this-File['name'];
$r = move_uploaded_file($this-File['tmp_name'], $dest);
$this-File_Name = $this-File['name'];
chmod(files/.$this-File_Name, 777);
}
the partition the server on is Fat32
hop i will find a way to solve this, thanks
--
Ahmed Abdel-Aliem
Web Developer
www.ApexScript.com
0101108551
registered Linux user number 382789
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Can't Delete File Using Unlink
On , 2005-04-11 at 14:28 -0400, Ben Ramsey wrote: The webserver needs to have permission to modify the file that you are trying to delete. Check the file and directory permissions by right-clicking the directory and going to properties. You will probably need to give the user that controls apache either full or modify permissions to the Web directory. That's correct. And also, are you using double slashes \\ instead of a single slash / ? Josip Dzolonga http://josip.dotgeek.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Can't Delete File Using Unlink
Ahmed Abdel-Aliem wrote: chmod(files/.$this-File_Name, 777); I'm not really sure how chmod() works on Windows. Someone else here may be able to answer that. However, I do know that chmod() expects an octal as the second argument, so you must prefix that 777 with a 0. It should be: chmod(files/.$this-File_Name, 0777); See here for more info: http://us2.php.net/chmod Like I said, I'm not sure whether this is the cause of the problem, but give it a shot and see what happens. :-) -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Visual PHP Editor?
We are yet blessed with existense of Zend IDE with the new features such as SQL views. But, is there a tool such as VS.Net http://VS.Net? in the means of visualness of the editing stage too? Of corse we do have the PEAR repositories and the other libraries that make our life much easier. True OOP helped alot too. But still! Anything like VS.NEThttp://VS.NETthat would draw a web-based grid on the page or form validation visualy? anything sort of thing like that? I'm again trying to clarify it as much as I can. The same things could be done by coding and is actualy convenient atleast for me. But still any visual tool? This is no biased post regarding MS or Open Source so please dont abuse the post. M.Saleh.E.G Creative Director Login Innovations 971-50-4779817
Re: [PHP] Re: Can't Delete File Using Unlink
Ahmed Abdel-Aliem wrote: snip $dest = $dest_dir . '/' .$this-File['name']; $r = move_uploaded_file($this-File['tmp_name'], $dest); $this-File_Name = $this-File['name']; chmod(files/.$this-File_Name, 777); I haven't messed with PHP/Apache on Windows in a long time but two things stick out to me that _may_ be a part of your issue. a) Can you even chmod on Windows? b) Paths in the MS world are with the backslash (\) and not the forward slash (/) -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Dump client, nice concept...but how to do it via php?
Ryan A wrote: Hey, A client asked me if I could do this, i told him i'll check around...so naturally I am asking you guys :-D He has an account with a sms gateway and has a website with come crappy profiles of his users. He wants the functionality that any of his users can send him an MMS message containing a picture and that picture should be uploaded to that users profile (based on the phone number that he has for that user) Is the gateway for sending and/or receiving messages? If you can only send then... Otherwise you can, the way just depends on the gateway protocol. or some other way of uploading a pic from the users mobile to the profile... email, but be aware of the security. Users should input some token in the subject. with nokia phones you can use nokiaphoto.sf.net Ideas? classes? suggestions? code help? Thanks, Ryan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Can't Delete File Using Unlink
John Nichel wrote: b) Paths in the MS world are with the backslash (\) and not the forward slash (/) Windows NT onward (XP, 2003, etc.) should understand both the forward slash and the backslash in a file path. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Can't Delete File Using Unlink
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John Nichel wrote: Ahmed Abdel-Aliem wrote: snip $dest = $dest_dir . '/' .$this-File['name']; $r = move_uploaded_file($this-File['tmp_name'], $dest); $this-File_Name = $this-File['name']; chmod(files/.$this-File_Name, 777); I haven't messed with PHP/Apache on Windows in a long time but two things stick out to me that _may_ be a part of your issue. a) Can you even chmod on Windows? b) Paths in the MS world are with the backslash (\) and not the forward slash (/) a, chmod doesn't work in Windows, but if you have NTFS then you can set privileges. b, Windows NT and later versions unterstand both / and \ Maerlyn - -- Maerlyn maerlyn[AT]citromail[DOT]hu http://putraware.ini.hu GnuPG Public Key ID: 0x0CE0A57 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCWsodMkyacQzgalcRAvtqAKCJjy0rUVykpsmzJRyUA1cfkdHMxwCgwjkl 72boetSgh8V5gdK5QuPS9Gw= =XQgB -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Can't Delete File Using Unlink
Ben Ramsey wrote: John Nichel wrote: b) Paths in the MS world are with the backslash (\) and not the forward slash (/) Windows NT onward (XP, 2003, etc.) should understand both the forward slash and the backslash in a file path. Like I said, it's been a loong time ;) -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] call_user_func_array and mysqli_stmt_bind_result
Hi,
This is working (as a packet of crackers):
...
mysqli_stmt_bind_result ($stmt, $arr[1], $arr[2]);
...
This I cannot get to work:
...
$arr[0]=$stmt; $arr[1]=''; $arr[2]='';
call_user_func_array ('mysqli_stmt_bind_result',$arr);
...
I'm not sure if what I try to do is possible in any way?
Btw, this is Win PHP v5.0.3 , Apache v2.0.53, Mysql v5.0.2-alpha-nt.
cheers and thanks,
Patrick from Belgium (Brussels)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: shared library in php
Without knowing what the shared library is that you're trying to use, there's not much I can say. It may be that PECL already has the extension you're looking for. If it's a library you created and you want to use it as a PHP extension, take a look at the PHP manual, particularly the section on creating extensions: http://www.php.net/manual/en/zend.creating.php -- Ben Ramsey http://benramsey.com/ The shared library is from a local software developer it is an interface with biometric sensors. It is a closed .so i can´t change it. Perhaps i sould make my question clear. Do i have to write an extension wraper to a generic .so or can o dl it and use it funcions from php? Tks Angelo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Smarty and PEAR DB
Matthew Weier O'Phinney wrote: * Reynier Perez Mira [EMAIL PROTECTED]: I'm using PEAR DB and Smarty. The case is that I have to pass a value = from a query result to a Smarty var. I try to paginate results. See the = code below: /= SmartyPaginate::connect(); SmartyPaginate::setLimit(5); $gbresult =3D $database-query(SELECT * FROM libro_de_visitas LIMIT . = SmartyPaginate::getCurrentIndex() . , . SmartyPaginate::getLimit()); $gbtotal =3D $database-query(SELECT COUNT(*) AS total FROM = libro_de_visitas); $gbtotal-fetchRow(); SmartyPaginate::setTotal($gbtotal['total']); /= As you can see I need the COUNT value but I not know how get it from = query using PEAR. Some body can help me? You'll need to do two different queries, one that counts the number of total results for the criteria, and one that pulls the set with a LIMIT statement. That is definitely not a Good Thing. I did that with an employer's site and database performance suffered having to always count and recount the records in question. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] deleting $_SESSION
John Nichel wrote:
Jochem Maas wrote:
AndreaD wrote:
I have a session variable called
$_SESSION['total'] the problem is I can't delete/reset it. I have tried
$_SESSION['total']= 0;
$_SESSION['total']= ;
I guess you didn't know/think of trying null:
$_SESSION['total'] = null;
...which has the same effect as using:
unset($_SESSION['total']); // as you have been told on at least 3 diff
occasions ;-)
Not true. If you set it to null, it still exists...it's just null. If
you unset it, the variable no longer exists.
fair enough, but then how do you differentiate between a var that exists
and is null
and a non-existant var?
Marek pointed out that setting error reporting to E_ALL, shows a notice
when you var_dump() the unset() var and not the null var, but other than that
the unset() var and the null var give the same result from isset() and empty()
e.g:
error_reporting(E_ALL);
$X = array(total = 1);
$X[total] = null;
if ( isset ( $X[total] ) ) {
echo ( Yes );
} else {
echo ( No );
}
var_dump( $X[total] );
unset ( $X[total] );
if ( isset ( $X[total] ) ) {
echo ( Yes );
} else {
echo ( No );
}
var_dump( $X[total] );
which produces the following for me:
NoNULL
NoPHP Notice: Undefined index: total in Command line code on line 23
NULL
so that means you would have to set a suitable error handler for E_NOTICE just
before
the place you want to check if the var exists and unset it immediately
afterwards??
funny how in everyday [php]life this is never a problem :-)
$_SESSION['total'] = null;
if ( isset ( $_SESSION['total'] ) ) {
echo ( Yes );
} else {
echo ( No );
}
unset ( $_SESSION['total'] );
if ( isset ( $_SESSION['total'] ) ) {
echo ( Yes );
} else {
echo ( No );
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Dump client, nice concept...but how to do it via php?
Hey, Thanks for replying. some other way of uploading a pic from the users mobile to the profile... email, but be aware of the security. Users should input some token in the subject. How with email? other than sending email using mail() i have never worked with any email functions in php. Do you have any code, classes or functions I can start reading up on? Thanks, Ryan -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.9.6 - Release Date: 4/11/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Dump client, nice concept...but how to do it via php?
Ryan A wrote: Hey, Thanks for replying. some other way of uploading a pic from the users mobile to the profile... email, but be aware of the security. Users should input some token in the subject. How with email? other than sending email using mail() i have never worked with any email functions in php. Do you have any code, classes or functions I can start reading up on? User sends email from his mobile with the picture attached. Then you can either: 1. Pipe all incoming emails to a script (php or whatever), parse it and write the image to a file and update database. There are classes that can parse emails, just search. 2. Use php's imap functions to regularly (or at the user's request) check the email account for new emails. Read the attachement, etc. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Smarty and PEAR DB
* D. Wokan [EMAIL PROTECTED]: Matthew Weier O'Phinney wrote: * Reynier Perez Mira [EMAIL PROTECTED]: I'm using PEAR DB and Smarty. The case is that I have to pass a value = from a query result to a Smarty var. I try to paginate results. See the = code below: /= SmartyPaginate::connect(); SmartyPaginate::setLimit(5); $gbresult =3D $database-query(SELECT * FROM libro_de_visitas LIMIT . = SmartyPaginate::getCurrentIndex() . , . SmartyPaginate::getLimit()); $gbtotal =3D $database-query(SELECT COUNT(*) AS total FROM = libro_de_visitas); $gbtotal-fetchRow(); SmartyPaginate::setTotal($gbtotal['total']); /= As you can see I need the COUNT value but I not know how get it from = query using PEAR. Some body can help me? You'll need to do two different queries, one that counts the number of total results for the criteria, and one that pulls the set with a LIMIT statement. That is definitely not a Good Thing. I did that with an employer's site and database performance suffered having to always count and recount the records in question. Typically, I store this count in the session or in a cache to prevent such performance issues; if the data is constantly changing, you can also have a script that performs the count for you and stores it in a common retrieval area. However, database performance for a count operation can also be tuned quite easily with the use of indexes, and shouldn't be an expensive operation unless you have multiple hundreds of thousands of records. -- Matthew Weier O'Phinney | WEBSITES: Webmaster and IT Specialist | http://www.garden.org National Gardening Association| http://www.kidsgardening.com 802-863-5251 x156 | http://nationalgardenmonth.org mailto:[EMAIL PROTECTED] | http://vermontbotanical.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] deleting $_SESSION
Marek Kilimajer wrote:
Jochem Maas wrote:
John Nichel wrote:
Jochem Maas wrote:
AndreaD wrote:
I have a session variable called
$_SESSION['total'] the problem is I can't delete/reset it. I have
tried
$_SESSION['total']= 0;
$_SESSION['total']= ;
I guess you didn't know/think of trying null:
$_SESSION['total'] = null;
...which has the same effect as using:
unset($_SESSION['total']); // as you have been told on at least 3
diff occasions ;-)
Not true. If you set it to null, it still exists...it's just null.
If you unset it, the variable no longer exists.
fair enough, but then how do you differentiate between a var that
exists and is null
and a non-existant var?
Marek pointed out that setting error reporting to E_ALL, shows a notice
when you var_dump() the unset() var and not the null var, but other
than that
the unset() var and the null var give the same result from isset() and
empty()
e.g:
error_reporting(E_ALL);
$X = array(total = 1);
$X[total] = null;
if ( isset ( $X[total] ) ) {
echo ( Yes );
} else {
echo ( No );
}
var_dump( $X[total] );
unset ( $X[total] );
if ( isset ( $X[total] ) ) {
echo ( Yes );
} else {
echo ( No );
}
var_dump( $X[total] );
which produces the following for me:
NoNULL
NoPHP Notice: Undefined index: total in Command line code on line 23
NULL
so that means you would have to set a suitable error handler for
E_NOTICE just before
the place you want to check if the var exists and unset it immediately
afterwards??
No, use isset() or empty() to check if the variable exists and you won't
get notices
right, I'm thinking about it too much - getting confused for no reason :-).
but that still leaves the point that you can't tell the difference between a
null var and one that is not set at all - this seems odd if there is actually
a difference (okay so you can tell the difference but it seems to require that
you generate an E_NOTICE which is not the idea really is it).
as I said I use empty(), isset() and null with out actually thinking about it...
they just do what I mean :-) which is great credit to the guys that wrote php
and hid all the intricacies of types/nulls etc from your average phper like me!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] shared library in php
On Mon, April 11, 2005 9:21 am, Angelo Ayres Camargo said: I have a shared library and i would like very much to use it in php. Do i have to do anything or i can just dl it and use? I'm pretty sure you need the wrapper functions. If you didn't then all the other libraries wouldn't have them. And they all have them. So you must need them. You may be able to get the names of the functions that are in that .so file using: strings whatever.so | less There will be a bunch of junk at the start and the end, but the function names will be there, in a block, eventually. Then you'll need some kinda documentation on what those functions do and what arguments they take. You *PROBABLY* have some kind of exsiting interface to this .so file in the first place, or it wouldn't be useful. If you have the .h file, use that. If you have some kind of Perl or C interface, use that. There might even be a docmented API listing all functions and their arguments. Use that too. If you have NONE of those, you probably are trying to violate some kind of license. Don't do that. :-v -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] deleting $_SESSION
Jochem Maas wrote:
Marek Kilimajer wrote:
Jochem Maas wrote:
John Nichel wrote:
Jochem Maas wrote:
AndreaD wrote:
I have a session variable called
$_SESSION['total'] the problem is I can't delete/reset it. I have
tried
$_SESSION['total']= 0;
$_SESSION['total']= ;
I guess you didn't know/think of trying null:
$_SESSION['total'] = null;
...which has the same effect as using:
unset($_SESSION['total']); // as you have been told on at least 3
diff occasions ;-)
Not true. If you set it to null, it still exists...it's just null.
If you unset it, the variable no longer exists.
fair enough, but then how do you differentiate between a var that
exists and is null
and a non-existant var?
Marek pointed out that setting error reporting to E_ALL, shows a notice
when you var_dump() the unset() var and not the null var, but other
than that
the unset() var and the null var give the same result from isset()
and empty()
e.g:
error_reporting(E_ALL);
$X = array(total = 1);
$X[total] = null;
if ( isset ( $X[total] ) ) {
echo ( Yes );
} else {
echo ( No );
}
var_dump( $X[total] );
unset ( $X[total] );
if ( isset ( $X[total] ) ) {
echo ( Yes );
} else {
echo ( No );
}
var_dump( $X[total] );
which produces the following for me:
NoNULL
NoPHP Notice: Undefined index: total in Command line code on line 23
NULL
so that means you would have to set a suitable error handler for
E_NOTICE just before
the place you want to check if the var exists and unset it
immediately afterwards??
No, use isset() or empty() to check if the variable exists and you
won't get notices
right, I'm thinking about it too much - getting confused for no reason :-).
but that still leaves the point that you can't tell the difference
between a
null var and one that is not set at all - this seems odd if there is
actually
a difference (okay so you can tell the difference but it seems to
require that
you generate an E_NOTICE which is not the idea really is it).
You can use get_defined_vars() and array_key_exists() if you really need to.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Visual PHP Editor?
On Apr 11, 2005 1:53 PM, M Saleh EG [EMAIL PROTECTED] wrote: We are yet blessed with existense of Zend IDE with the new features such as SQL views. But, is there a tool such as VS.Net http://VS.Net? in the means of visualness of the editing stage too? http://www.jcxsoftware.com/vs.php -- Greg Donald Zend Certified Engineer http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing password in cookie
On Mon, April 11, 2005 9:13 am, Chris Boget said: Please refrain from such speculation, because it does nothing to improve the state of security within our community. This idea of storing passwords in cookies is absurd. Is the above sentiment true even if you store the password as some sort of hash (md5 or otherwise)? YES! If you have to maintain a login over time, your first pass should be to use the built-in session handling functions. http://php.net/session_start Those have been proofed by professionals, and are subject to massive peer review that you can't hope to duplicate. Simply tie the session_id() to the user's record TEMPORARILY, and remove the association after X minutes of inactivity. In addition, if the content or identity of your user is worth *ANYTHING* at all to you, if you care at *ALL* about any kind of security or privacy, you should add additional controls. #1. Set the time-out on PHP's session to the shortest value you can live with, and not have your visitors/boss angry. This is a no-brainer and easy to implement. You have no excuse for NOT doing this. This time-out should be somewhat longer than X (above) but still as short as you can make it. #2. Add an ever-changing random token to their Cookie data on each HTTP exchange. If they don't send back the right token from their previous click, challenge them to identify themselves with a password, then take them on to what they asked for. This takes a little bit of work, and you have to be careful that not even the sharpest Bad Guys can predict your token, not even if they already have the previous token[s]. It also makes their Back button not work, which is a bit of a pain, but less so if you warn them from the login page it won't work. Also be sure to include that same warning in the fine print at top/bottom of all protected pages. If your challenge for a password succeeds, they should end up exactly where they wanted to be when they clicked on your site. This is minimally intrusive to legitimate users. A really sharp Bad Guy can still stage a man-in-the-middle attack and pass data back-and-forth, merely observing the interchange, or subtly changing only content that will go un-noticed (they hope) while preserving the tokens and not completely hijacking the session. *BUT* that requires *WAY* more skill/time/resources than average Bad Guy. #3 Minimize the number of pages that are password-protected. Or, rather, SEPARATE the content that matters from the open to all There is NO POINT to protecting your about page or your FAQ page etc. By focussing your efforts on the data that matters, you have a lot less scope to worry about for buglets that leak security. Your delineation between public and private areas should be OBVIOUS to all users, to all programmers, to all DBAs, to *anybody* remotely connected to the project, whether they read documentation or not. This will minimize the odds of a Technical Blunder that exposes data. This is easy for a NEW project if you Design it from the get-go. It can be challenging for an existing project, but it's worth it. #4. Track independent corraborating information about the user such as IP address, browser characteristics, and even their average time between HTTP connections. IP addresses change, but in predictable ways for a given session. Some browser characteristics change over time/request, some do not. Human users have typical speeds at which they work. So you can't use any one clear-cut setting here, but rather can produce a percentage indicator that this person is still this person, for sure. If you're not sure, challenge them for the password again, but then take them to where they were going in the first place. This will be minimally intrusive, but ensure that they are who they say they are. This is the most complex to implement, and isn't that much of a barrier -- But may be worth considering. I'm sure there are more Good Ideas out there. http://phpsec.org is your first resource for them. Security is not ON/OFF. It's a gradient. -- me :-) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] dynamic image will not print properly
I just wanted to add something to this
I moved the script over to another host to test, and it worked fine
there. So to me that says it should be something to do with the host...
now is there anything in the php.ini that could inflict this kind of
behavior?
d
On 5-Apr-05, at 5:57 PM, Richard Lynch wrote:
On Tue, April 5, 2005 2:26 pm, DuSTiN KRySaK said:
Hi there - I had my first crack at creating a dynamic image. The thing
is - the image is displayed fine in the browser, but when you go to
print it, the image is either missing, or part of it is missing. Is
there something special needed to print a dynamic image?
What you did, *should* work just fine.
But we're talking *MICROSOFT* here!
These people do *NOT* follow standards. Period.
Here is a code snippet used to create the image
header(Content-type: image/jpg);
$image = imagecreatefromjpeg(template_cpn.jpg);
$red = imagecolorallocate( $image, 255,0,0 );
imagestring($image, 2, 306, 200, $couponcode, $red);
imagestring($image, 2, 306, 235, $exp, $red);
imagestring($image, 2, 175, 338, $myname, $red);
imagestring($image, 2, 175, 360, $myemail, $red);
imagejpeg($image);
imagedestroy($image);
Now the way I have it set up, is that there is a PHP file that
generates the image (the above code). Then I have a parent PHP page
that calls that page like so:
$theurl = cstl.php?dk=soemthinghere
echo img src=\$theurl\;
See any issues in my code or setup?
Any ideas?
Here's what you do: You make it *IMPOSSIBLE* for Microsoft to screw
up.
This means you make your URL look JUST LIKE any other JPEG URL.
$theurl = cstl/dk=somethinghere/whatever.jpg;
Step 1:
Add/Create an .htaccess file with this:
Files cstl
ForceType application/x-httpd-php
/Files
This forces Apache to treat the file named 'cstl' as a PHP script.
Step 2:
Rename cstl.php to just 'cstl' (see Step 1)
Step 3:
Instead of using $_GET['dk'] do this:
$pathinfo = $_SERVER['PATH_INFO'];
$pathinfo = explode('/', $pathinfo);
//Key-Value pairs:
$_PATH = array();
//Path information buried in URL for source image sub-directories:
$PATH = array();
while (list(, $keyval) = each($pathinfo)){
$parts = explode('=', $keyval);
switch(count($parts)){
case 0: break; //do nothing with bogus extra '/' in URL
case 1: $PATH[] = $keyval;
default:
$key = $parts[0];
unset($parts[0]);
$_PATH[$key] = implode('=', $parts);
break;
}
}
Now you can use $_PATH['dk'] instead of $_GET['dk'] to get your dk
value
from the URL. You'll only change $_GET to $_PATH in cstl (formerly
cstl.php) and you're all set.
Now, there is *NO* *WAY* Microsoft can manage to screw up your URL and
decide that it must not be a JPEG because it has GET data, or ends in
.php
or whatever.
This same technique must be applied to PDF, FDF, SWF/Ming files if you
want to avoid a zillion MS IE bugs related to multi-media.
So you might as well put the code for $_PATH/$PATH in an include file.
I
guarantee you'll need it again and again as you use more and more
multi-media in your web-site.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Limiting Cpu usage
On Mon, April 11, 2005 3:05 am, zini10 said:
ok, that will do some of the trick , but still , a user can just write a
script which:
for($i=0;$i;$i++)
{
$x=$x+1;
}
or something and refresh it the whole time and really slow down everybody
else
Yes.
Allowing untrusted users to write PHP scripts on your server is a big no-no.
PHP has some crude techniques (time_limit, memory_limit) to stop the silly
mistakes of scripters.
But if you have somebody who *WANTS* to harm your server, and they can
execute a PHP script on your server... Well, for starters,
denial-of-service attacks are only the baby child of the *BIG* problems
they can cause.
If you trust the users, but think they are inexperienced, you can:
1) Enable and shorten time_limit and memory_limit in php.ini
2) Set up a development server where they must test and QA their code,
along with a reasonable QA process for code to pass *before* it goes live.
The development server *MUST* be a box that you don't give a damn if it
gets sent crawling to its knees with a script like the above, or worse,
and you have to re-boot it. If it bothers you to re-boot it, it's not a
development server, or you don't have enough development servers. Note
that each user can install Apache/PHP/MySQL/Linux on their OWN el-cheapo
desktop you buy on eBay for $50, or find in a dumpster for FREE and then
they have a development server of their own that only hurts them when
they Nuke it. A three-stage QA process, then, where they test on their
own dev server, then promote it to a shared dev server for more extensive
QA, and then *IF* it passes, it goes live
I quit my last job in part because my dev server was a live box. Sheesh!
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] alternative to mysql_real_escape_string()
On Mon, April 11, 2005 12:16 am, [EMAIL PROTECTED] said:
I have a quick question: To use a custom solution for inhibiting sql
injection attacks and not a database specific solution like
mysql_real_escape_string()
http://php.net/manual/en/function.mysql-real-escape-string.php
... that will run on any database, not just MySql, would the following be
a viable solution:
a. addslashes() to all variables and
b. remove specific unwanted characters from input including:
-- [comment sign in SQL]
' [single quote]
No.
# is the comment sign in SQL
No, wait, it's /* ... */
No, wait, there is no comment sign in SQL.
Which database are you using?
It is possible to just destroy the unwanted characters in a login form and
prohibit use of those characters in username and password fields.
That also can help, but you want some alphanumeric *AND* punctuation for
good passwords.
Would a. plus b. above provide reasonably good protection to inhibit sql
injection attacks, or what is the best database independent approach using
php and not a database function?
class PlatformIndependentDatabase () {
var $platform;
/* Constructor sets $platform to 'mysql', or 'pgsql' or 'sql-server' ... */
function escape_string ($string){
switch ($this-platform){
case 'mysql': return mysql_real_escape_string($string); break;
case 'pgsql': return pg_real_escapge_string($string); break;
default: error_log($this-platform has NO escape string?!); return
$string; break;
}
}
}
Disclaimer: I don't use platform-independent db code, cuz I don't expect
to switch any time, and I don't use objects, cuz I'm a solo author and can
write better/faster code without them, so I likely have syntax errors in
the above.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] multiple databases with one connection
On Sun, April 10, 2005 9:55 pm, Yulius Tjahjadi said:
Is there a way to change the database after a pg_connect
happens? I think in mysql, you can do mysql_select_db('newdb'),
but there isn't really an equivalent function.
In psql, I can use \connect newdb, but I think that disconnect
and reconnects to the new database.
In the psql program, it does (almost for sure) disconnect and reconnect.
But that's not how it is in PHP.
?php
$connection = @pg_connect(...);
$other_db = @pg_connect(...);
?
This will give you two different database connections to play with,
assuming you get the '...' parts right.
You can echo out $connection and $other_db and see that they are different
resources.
You can use the same technique in MySQL, but it will sometimes give you
the same connection back anyway (grrr!) unless you use the new-fangled
extra argument that requests a new separate connection.
I wasted most of two days tracking down a bug in a colleague's code-base
where he rarely called it from one place that already had my connection,
and he made a new connection, and then closed the new connection, only
it wasn't *REALLY* a new connection cuz MySQL was just giving him *MY* db
connection. G.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Limiting Cpu usage
On Apr 11, 2005 5:06 PM, Richard Lynch [EMAIL PROTECTED] wrote: I quit my last job in part because my dev server was a live box. Sheesh! I have so been there before. Sucks. Vmware, user-mode-linux, and Freebsd jails sometimes help in these situations. -- Greg Donald Zend Certified Engineer http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] shared library in php
There might even be a docmented API listing all functions and their arguments. Use that too. There is. You *PROBABLY* have some kind of exsiting interface to this .so file in the first place, or it wouldn't be useful. If you have the .h file, use that. If you have some kind of Perl or C interface, use that. No, i have to make one. If you have NONE of those, you probably are trying to violate some kind of license. Don't do that. :-v Not realy, i have to pay for the .so and the sdk, 400,00 bucks, not sheep. I guess php will be no good them, i think i will go with java for interface with so and desktop, php will be web. If i remember php is good to go with java. Just to make sure the .so reads some biometric sensor for digitals. Tks for time. Angelo - Original Message - From: Richard Lynch [EMAIL PROTECTED] To: Angelo Ayres Camargo [EMAIL PROTECTED] Cc: php-general@lists.php.net Sent: Monday, April 11, 2005 6:29 PM Subject: Re: [PHP] shared library in php On Mon, April 11, 2005 9:21 am, Angelo Ayres Camargo said: I have a shared library and i would like very much to use it in php. Do i have to do anything or i can just dl it and use? I'm pretty sure you need the wrapper functions. If you didn't then all the other libraries wouldn't have them. And they all have them. So you must need them. You may be able to get the names of the functions that are in that .so file using: strings whatever.so | less There will be a bunch of junk at the start and the end, but the function names will be there, in a block, eventually. Then you'll need some kinda documentation on what those functions do and what arguments they take. You *PROBABLY* have some kind of exsiting interface to this .so file in the first place, or it wouldn't be useful. If you have the .h file, use that. If you have some kind of Perl or C interface, use that. There might even be a docmented API listing all functions and their arguments. Use that too. If you have NONE of those, you probably are trying to violate some kind of license. Don't do that. :-v -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Creating INSERT INTO statement from dbf file
Hi,
Tuesday, April 5, 2005, 6:33:31 AM, you wrote:
RSJ Ave,
RSJ I¹ve written a code that is able to extract the Column names and Records
RSJ from a simple dbf (foxpro) file and create an INSERT INTO sql statement
RSJ which can be used to insert all those records with their corresponding
field
RSJ names in an existing mySQL table. (A CREATE TABLE code I wrote is able to
RSJ create the table from the dbf file information).
RSJ Following is the code I wrote for creating the INSERT INTO sql:
RSJ ?php
RSJ $db_path = $DATABASEFILE;
RSJ $dbh = dbase_open($db_path, 0) or die(Error! Could not open
RSJ dbase database file '$db_path'.);
RSJ if ($dbh) {
RSJ #Get the Information
RSJ $column_info = dbase_get_header_info($dbh);
RSJ $record_numbers = dbase_numrecords($dbh);
RSJ #Run the loop for all the records in the Table
RSJ for ($i = 1; $i = $record_numbers; $i++) {
RSJ $row = dbase_get_record_with_names($dbh, $i);
RSJ echo INSERT INTO
RSJ .substr($DATABASEFILE_name,0,-4). (;
RSJ #Run the loop for all the fields in the Table
RSJ foreach ($column_info as $v1) {echo $v1[name],;}
RSJ echo ) VALUES (;
RSJ #Run the loop for all the values corresponding to fields in the
RSJ Table
RSJ foreach ($column_info as $v1) {echo
RSJ '.trim($row[$v1[name]]).',;}
RSJ echo '); br;
RSJ }
RSJ }
RSJ dbase_close($dbh);
?
RSJ It works fine, except for one problem. It¹s able to create the INSERT INTO
RSJ sql statement, with all the fields and corresponding values, but as I¹m
RSJ running a loop for both the fields names, and the values corresponding to
RSJ fields names, it leaves a comma after the records are over.
RSJ So instead of having this : INSERT INTO tblname (c1,c2,c3) VALUES
RSJ (v1¹,¹v2¹,¹v3¹);
RSJ I achieve this : INSERT INTO tblname (c1,c2,c3,) VALUES (v1¹,¹v2¹,¹v3¹,¹);
RSJ Notice an additional Comma after column names, and an additional ,¹ after
RSJ the values. I¹m not quite sure what to do to get rid of those. I¹ve tried
RSJ some different combinations using different kind of logic with the echo
RSJ statements, but it¹s not working out. Would love some help.
RSJ Thanks,
RSJ Rahul S. Johari
RSJ Coordinator, Internet Administration
RSJ Informed Marketing Services Inc.
RSJ 251 River Street
RSJ Troy, NY 12180
RSJ Tel: (518) 266-0909 x154
RSJ Fax: (518) 266-0909
RSJ Email: [EMAIL PROTECTED]
RSJ http://www.informed-sources.com
I would do it this way:
?php
$db_path = $DATABASEFILE;
$dbh = dbase_open($db_path, 0)
or die(Error! Could not open dbase database file '$db_path'.);
if ($dbh) {
#Get the Information
$column_info = dbase_get_header_info($dbh);
$record_numbers = dbase_numrecords($dbh);
$table = substr($DATABASEFILE_name,0,-4);
$fields = ''; //we will fill this on the first pass
$first = true; //flag to generate field names
#Run the loop for all the records in the Table
for ($i = 1; $i = $record_numbers; $i++) {
$values = ''; //start off null values
$row = dbase_get_record_with_names($dbh, $i);
#Run the loop for all the fields in the Table
foreach ($column_info as $v1) {
$field = $v1['name'];
if($first) $fields .= (empty($fields))? $field : ,$field;
$val = mysql_escape_string(trim($row[$field]));
$values .= (empty($values))? '$val' : ,'$val';
}
$first = false; // we have a field list now
echo INSERT INTO $table ($fields) VALUES ($values) br;
}
dbase_close($dbh);
}
?
--
regards,
Tom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Installation problem of PhP5.0.4 on Fedora 2
Hi,Richard Lynch Thanks for your reply. But I can't find any line for PHP4. How to load both 4 and 5? Thanks again! Teng Wang 2005/04/11 18:36:36 At Mon, 11 Apr 2005 15:28:38 -0700 (PDT) You wrote: If your httpd.conf has a line loading PHP4 in it, comment that out. Trying to load both 4 and 5 without taking some extra steps may be the cause of your problem. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Redirection after login with security
On Sun, April 10, 2005 7:48 pm, Adam Hubscher said: In an attempt to provide the best way to limit the # of accounts per person, I assumed that this could be accomplished by placing a dummy value only used by the site itself that is the username/encoded password for them on the community, and test if... when searched for in the database, a result set of x is discovered, then they are unable to create another account. What stops the Bad Guy from creating 47 different logins on the community site, each with X accounts on the game system? Nothing. GAME OVER Only forcing them to pay a deposit for an account on the game server will stop abuse. However, the issue at hand here is, I'm not sure how secure it would be if I were to say, create a secure login form, verify the data... and then create another pseudo form that directs the person to the local-based site using hidden post variables (this is my original thought on the subject). Hidden POST variables are *NOT* secure at all. Totally useless. If you control both servers, you can securely transmit the data you need from one to the other using http://php.net/curl Given the amount of trouble an open forum can cause these days, I would say get a money deposit before you issue a game login, and then use cURL to get the user's info with a DIFFERENT username/password over to the community site. Use the different username/password because the forum code has already proven itself susceptible to a lot of security issues. Make sure you never refund a deposit to somebody who can still cause trouble -- IE, their login must be invalid before the deposit goes back. You *CAN* refund to those users who prove themselves trustworthy over time, on a selective basis. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php and javascript
On Sun, April 10, 2005 4:32 pm, Marek Kilimajer said: Assuming your form is named Selection, you will have a javascript array document.forms['Selection'].elements['distID[]'] available. You can try: alert(document.forms['Selection'].elements['distID[]'][0].value); I can GUARANTEE this will *NOT* work. You *CANNOT* use [] as part of a 'name' in JavaScript. No way, no how. No matter how you quote it, embed it in a string, or try to sneak up on it. It ain't gonna work. 'Cuz I tried every godamn reasonable (and quite a few UN-resaonable) ways to do that. * You'll just have to know that elements[7] is the one that you want. Or maybe use an ID=xxx attribute that does NOT have [] in it. But that new-fangled ID attiribute was added long after I worried about this issue, so you're on your own for that. * In retrospect, you could probably write some kind of JavaScript function that iterates through every single element, and compares its '.name' to 'distID' and to '3' (assuming you use distID[3] for a name) and then return the one object you were looking for... But that would be horribly inefficient JavaScript and would make your page dog-slow, so don't do that. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Limiting Cpu usage
On Sun, April 10, 2005 10:55 am, zini10 said: Thought about that, but its a free host that will host many many users.ill prefer them to have low cpu usage limit also if the system is free of tasks as that will never happen. any user can come, prepare a script which will do a infinite loop and will make the server slow for all other users. thought about timeouts but the user can refresh and refresh the page for ever. the only idea other than limit cpu usage is to check for users which use to much cpu power for too long, and block them for running any script at all, but an Evil user can signup many many times. Giving all and sundry un-trusted users access to PHP is akin to passing out free loaded hand-guns to every gang-banger, convicted criminal, and child under the age of 12. Don't do that. :-| Not everybody is as nice as you. Sorry. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about fsockopen
On Sun, April 10, 2005 1:00 am, [EMAIL PROTECTED] said: I have several IP in one interface (eth0) in my server and I want make connection to another server (check email, etc) using different ip for every mail server. I was read the document, and there is no way how to make this happen. Any idea? Errr, ummm, ah... I don't even know how you could do that AT ALL, much less with PHP... But if you can make it work on the command line somehow, I guess you could use http://php.net/exec to do it... *WHY* do you want to do this? -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Simple Licensing System
On Sat, April 9, 2005 6:29 pm, Bruno B B Magalhães said: And how do I generate this, and how would I check it?!?! ssh-key-gen (ssh-keygen ?) would generate your key-pair. Then there is some kind of ssh-sign function that signs a given document, but I forget its name, as I've never used it, just read the docs. I'm not super clear on the details of checking it, but that's how digital signatures WORK, so there has to be some kind of command line function for that as well. man ssh is where I would start if I was doing this. Sorry I can't provide more detail -- I know it can be done, but that don't mean I've done it. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing password in cookie
On Sat, April 9, 2005 1:37 pm, Skippy said: On Sat, 09 Apr 2005 14:51:49 -0400 [EMAIL PROTECTED] wrote: A digression to a related issue (where I did take the conservative approach): A system I'm working on now was originally set up with password hashes in the database -- the PW itself was never stored. But the client wanted an email me my password feature so we had to encrypt and store the PW. Of course if someone had access to the database they'd get a lot of other stuff probably more useful than PWs so I don't worry about this too much. But I would rather have used the hash. You could've changed the password for them to something random, mail it to them and keep the hash in the database. You could also use a not-as-random nice password generator where the user gets something like: 'babarebo' (Baa Baa Ree Bo) instead of: 'UJVHY' for a password. There are a bunch of them out there with varying degrees of Security value. Some are not-so-good as the possible number of supposedly random combinations is TOO LOW. For sure, storing passwords in clear-text in your database is a BAD IDEA. Far too many people will use their same password for your site as something important, and there you go leaking it to the world! No matter how unimportant *your* password protection might be, it's too risky to store them in plain-text. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php and javascript
On Sun, April 10, 2005 4:32 pm, Marek Kilimajer said: Assuming your form is named Selection, you will have a javascript array document.forms['Selection'].elements['distID[]'] available. You can try: alert(document.forms['Selection'].elements['distID[]'][0].value); I can GUARANTEE this will *NOT* work. You *CANNOT* use [] as part of a 'name' in JavaScript. No way, no how. No matter how you quote it, embed it in a string, or try to sneak up on it. It ain't gonna work. 'Cuz I tried every godamn reasonable (and quite a few UN-resaonable) ways to do that. * Hmm, document.forms['Selection'].elements['distID[]'][0].value is perfectly valid, and should work in any decent browser. There is also document.getElementsByName() Jared -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing password in cookie
On Sat, April 9, 2005 11:51 am, [EMAIL PROTECTED] said:
Well, just because I'm not sure it is worth the effort. What is the
point of storing a hash code as a proxy (in the colloquial sense of the
word) for an encrypted password if knowing the hash code gets you the
same access as knowing the password?
Because the hash code will change VERY frequently.
True, the hash code can have a
timeout -- but so can the cookie.
Who cares about the Cookie if they've already got the PASSWORD?!
For places where the point of the PW
is authentication only, and not control of access to significant
resources, I'm not sure there is any benefit to complicating things.
You have to assume the user of the PW has been stupid and set the PW to
the *same* PW as their bank account.
Now, do you *REALLY* want to be shlepping that back and forth in plain
text, and then just blame the user.
Sure, it *IS* their fault for being that stupid.
That ain't gonna win them back as a user when *YOUR* site wiped out their
bank balance!
I can't see where the convenience lies. For you as a developer, you've
already got the necessary code to do the token thing so there is
practically no difference whether you use a token or a password. For the
user, what are they going to do with an encrypted password -- are you
going to tell them how to decrypt in the case that they have forgotten
the password?
Hunh! The *user* never really sees their encrypted password. They've got
no use for that.
Review how it works, and think it all the way through with a User, Server,
and Bad Guy all doing their best.
A fair comment. I guess it is more just about keeping things simple
where appropriate.
But who decides where it is appropriate?
Every godamn web-site is asking me for a password these days.
It's like a need a password to fart. [Excuse the language, but that's how
bad it is.]
Am I supposed to remember a different password for 10,000 different sites
I visit?!
That is *NOT* a reasonable expectation for users.
You have to assume your password is being shared across another 1,000 sites.
Hopefully, they're all as worthless as yours.
But if they are *NOT* and they have financial data, *YOUR* site had better
not be the weak link in the chain that leaks out your user's password.
Just as an FYI, I'm partly playing devil's advocate here. I've never
written anything that stored the encrypted PW in a cookie (though I
have stored encrypted user IDs that way for a remember me feature).
I'm just reacting to the sense that there is One True Way to handle
this issue. In software development there are most often many good
options.
*WHY* would you not store some kind of hash of the user ID?!
setcookie('remember_me', md5($username));
.
.
.
select username from users where md5(username) = $_SESSION['remember_me']
Is that really any harder?
A digression to a related issue (where I did take the conservative
approach): A system I'm working on now was originally set up with
password hashes in the database -- the PW itself was never stored. But
the client wanted an email me my password feature so we had to
encrypt and store the PW. Of course if someone had access to the
database they'd get a lot of other stuff probably more useful than PWs
so I don't worry about this too much. But I would rather have used the
hash.
Please tell me what URL that is. I want to BLOCK it so I never ever ever
visit it. Thank you.
Even my lowest-level stupidest password for the 10,000 sites I don't care
about shouldn't be stored in clear-text !
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing password in cookie
On Sat, April 9, 2005 8:39 am, Ryan A said: This certainly has turned out to be an interesting discussion.I usually send the info via sessions...how bad is that? On a shared server, every other PHP scripter can read your session data, if they work at it a little bit. How bad is that? On a dedicated server, somebody has to get a login and/or upload PHP to read the session data. How likely is that? How bad is that? Depends (a bit) what you are storing in the session data. For truly sensitive stuff like a CC#, do *NOT* put that in session data. Write your script to get the CC# via SSL, process it, and throw it away, all in one single PHP script. You only need to store the Merchant Server transaction ID. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] sessions not being stored : DAY 2
On Sat, April 9, 2005 8:25 am, Yuri Huitrón Alvarado said: but then what could be causing that the sessions are not being stored in /tmp/sess ? It's POSSIBLE, but very unlikely, that 'whoami' is getting fooled into printing 'root' and you're not really 'root' I think I once saw phpinfo() print out 'root' when I knew damn well User was set to 'www' -- But I think it somehow caught 'root' during the startup phase of Apache before it forked into the User 'www' and was displaying an incorrect value. Even if you *are* (foolishly) running Apache as 'root' the session data will not get stored in /tmp/sess if those directories do not exist. Also, I suspect that if, say, 'root' gets prompted on the command line before over-writing data or violating chmod settings of the owner/group of a file (or directory) then I would not expect PHP to write to /tmp/sess I'm not real clear on how/when 'root' user gets prompted with things like Override read-only access on xyz but I've seen it in bash, so whatever causes that will likely stump PHP. This really *DOES* boil down to paths/permissions almost for sure. And whatever you do, do *NOT* run Apache as 'root'! -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php and javascript
On Mon, April 11, 2005 4:23 pm, Jared Williams said: Hmm, document.forms['Selection'].elements['distID[]'][0].value is perfectly valid, and should work in any decent browser. There is also document.getElementsByName() Didja try it? Cuz every time *I* ever tried it (back in Browser Wars 3.0/4.0 days, mind you) the JavaScript would see the [] as an array reference and *NOT* as part of the name. Didn't matter what I did to try to convince it otherwise. YMMV -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Limiting Cpu usage
On Mon, April 11, 2005 3:25 pm, Greg Donald said: On Apr 11, 2005 5:06 PM, Richard Lynch [EMAIL PROTECTED] wrote: I quit my last job in part because my dev server was a live box. Sheesh! I have so been there before. Sucks. Vmware, user-mode-linux, and Freebsd jails sometimes help in these situations. It was a Sun box. vi didn't even work right. (no arrow keys) I certainly didn't have the kind of access to install VMWare, or much of anything. No CVS/svn No bug-tracking. [I didn't even have the ability to create a database to test-drive some bug-tracking software!] No real project management. Design was all screen-based for a complex web application, with NO text defining functionality, behaviour or exceptions. Design ended up being too much like a desktop application (by a well-meaning and very nice grad student who didn't have enough experience to know better) I spent three days trying to figure out how to implement a save current state of the database so they can cancel N screens of input and my boss burst into my office and accused me of not working because I hadn't logged in to the Sun box those three days when I was researching, reading, and thinking. That pretty much put the candle on the cake right there. I banged out the code I'd been thinking about the way he wanted it (it was wrong, but that's what he wanted) and quit effective immediately. Oh well. Maybe this project will take off and I can code only for recreation :-) http://acousticdemo.com/ The above link will only be interesting to music-industry people, most likely. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php and javascript
Richard Lynch wrote: On Mon, April 11, 2005 4:23 pm, Jared Williams said: Hmm, document.forms['Selection'].elements['distID[]'][0].value is perfectly valid, and should work in any decent browser. There is also document.getElementsByName() Didja try it? Cuz every time *I* ever tried it (back in Browser Wars 3.0/4.0 days, mind you) the JavaScript would see the [] as an array reference and *NOT* as part of the name. That was a long time ago. Try it now. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] dynamic image will not print properly
On Mon, April 11, 2005 3:04 pm, DuSTiN KRySaK said: I moved the script over to another host to test, and it worked fine there. So to me that says it should be something to do with the host... now is there anything in the php.ini that could inflict this kind of behavior? anything covers a lot of ground... First: Did you use the SAME browser and computer to surf in both cases. If not, re-do the test with the SAME browser and computer. Second: Is GD even installed on the non-working server? Use ?php phpinfo();? Either you see GD in one of the mini-tables or you don't have GD and it ain't gonna work. Third: Compare the *VERSIONS* of GD on both servers. Then PHP versions. Then Apache versions. Fourth: On the broken server, take *OUT* the header() lines in your script, and surf directly to the image URL. If you see PHP messages, well, fix your script to get rid of them. If you see a bunch of weird characters, that's what it *should* be -- Pretty much the same as you would see if you opened up a real JPEG in a text editor. Fifth: Re-test on the server and desktop where it didn't work -- It's possible that between test 1 and 2 somebody updated the browser out from under you (like Microsoft auto-update, for example) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Installation problem of PhP5.0.4 on Fedora 2
On Mon, April 11, 2005 3:41 pm, Teng Wang said: Hi,Richard Lynch£º Thanks for your reply. But I can't find any line for PHP4. How to load both 4 and 5? If you want to use both PHP 4 and 5, see the thread php 4 php 5 from March 1st through March 5th. Pay particular attention to Rasmus answer, not mine, cuz he actually know what he's talking about :-) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Limiting Cpu usage
but i must give them php support or else they coulnot do anything on the server... im limiting them by functions , safe mode and more.. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Limiting Cpu usage
but i must give them php support or else they coulnot do anything on the server... im limiting them by functions , safe mode and more.. I've known atleast one hosting operation that compile their own custom PHP, to limit the impact of problematic code. The only thing I can remember that was specifically done was alter mysql_pconnect() to call mysql_connect(). Jared -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Limiting Cpu usage
Yeah . i thought about removing those entire functions by DISABLE_FUNCTIONS directive , it not that common either. is there a way to enforce declare(ticks=); automatically? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] dynamic image will not print properly
Replying below. On 11-Apr-05, at 5:05 PM, Richard Lynch wrote: On Mon, April 11, 2005 3:04 pm, DuSTiN KRySaK said: I moved the script over to another host to test, and it worked fine there. So to me that says it should be something to do with the host... now is there anything in the php.ini that could inflict this kind of behavior? anything covers a lot of ground... First: Did you use the SAME browser and computer to surf in both cases. If not, re-do the test with the SAME browser and computer. exact same computer. Second: Is GD even installed on the non-working server? Use ?php phpinfo();? Either you see GD in one of the mini-tables or you don't have GD and it ain't gonna work. It is installed - as the image displays in the browser as it should, but the print output is all messed up. Third: Compare the *VERSIONS* of GD on both servers. Then PHP versions. Then Apache versions. Checking out from the host. Fourth: On the broken server, take *OUT* the header() lines in your script, and surf directly to the image URL. If you see PHP messages, well, fix your script to get rid of them. If you see a bunch of weird characters, that's what it *should* be -- Pretty much the same as you would see if you opened up a real JPEG in a text editor. I get the proper JPG results. As I said earlier - the output is only messed in the win/ie combo while printing. Fifth: Re-test on the server and desktop where it didn't work -- It's possible that between test 1 and 2 somebody updated the browser out from under you (like Microsoft auto-update, for example) The tests were done back to back and always testing with the exact same setup. Did one test on another win/ie box just to see if it was the local machine that was fubar - however it had the same results. d -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Is there any other place to start php module?
I can't find any line in httpd.conf to load libphp4.so, so I added such a line to load it. But systems says [warn] module php4_module is already loaded, skipping So I guess there is some other place to start php4 already. Where can I find it? Thanks! eruisi 04/11/2005 20:55:49 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Limiting Cpu usage
in a brief rethinking, that is excatly what i need to do - change the php itself... now, i found the execute function but can someone please explain how can i put a usleep or sleep or somethink which doesnt take up cpu cycles (like the sleep command in linux?) thanks/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing password in cookie
Richard Lynch wrote: On a shared server, every other PHP scripter can read your session data, if they work at it a little bit. You should mention that this is assuming a default configuration. There are ways to avoid this. For truly sensitive stuff like a CC#, do *NOT* put that in session data. Write your script to get the CC# via SSL, process it, and throw it away, all in one single PHP script. This is good advice, but if there is a business need to store the credit card number (for whatever reason), it's not necessarily always best to avoid storing it in the session. Performance considerations can require that you couple its retrieval with other session data rather than incur the extra expense. It's just one of those things that is a little bit application-specific. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Split command problem
I guess you are trying to create an array by the name 'name' and assign two
elements to it by calling name($fname, $lname). Am I correct?
I think it does not work that way. Try list($fname, $lname) = ..
Then the variable $fname and $lname will contain the first and last names.
list($fname, $lname) = split('[/\s+/]', $_POST[username]);
Cheers,
Prathap
-- Original Message ---
From: Russ [EMAIL PROTECTED]
To: PHP General php-general@lists.php.net
Sent: Sun, 10 Apr 2005 18:27:34 -0700
Subject: [PHP] Split command problem
I have been trying to get the following code working. I keep getting
an error on line nine. It looks simular to the example in the PHP
online manual. If I substitute a print command for line nine I get
the correct information from $_POST[username]. I must be missing or
have an extra a quote but I cannot figure out where.
?php
//check for required fields from the form
if ((!$_POST[username]) || (!$_POST[password])) {
header(Location: memberlogin15.7.php);
exit;
}
if(preg_match(/[A-Z]/, substr($_POST[username], 0, 1)))
{
name($fname, $lname) = split('[/\s+/]', $_POST[username]);
//echo First Name: $fname; Last Name: $lname\n;
echo first letter is uppercase;
}
else
{
echo first letter is not uppercase;
}
Any help will be appreciated.
--
Russ
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End of Original Message ---
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is there any other place to start php module?
Might be under apache conf dir/modules.d/ Prathap -- Original Message --- From: Teng Wang [EMAIL PROTECTED] To: php-general@lists.php.net Sent: Mon, 11 Apr 2005 20:57:58 -0400 Subject: [PHP] Is there any other place to start php module? I can't find any line in httpd.conf to load libphp4.so, so I added such a line to load it. But systems says [warn] module php4_module is already loaded, skipping So I guess there is some other place to start php4 already. Where can I find it? Thanks! eruisi 04/11/2005 20:55:49 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php --- End of Original Message --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: alternative to mysql_real_escape_string()
[EMAIL PROTECTED] writes: Hello, I have a quick question: To use a custom solution for inhibiting sql injection attacks and not a database specific solution like mysql_real_escape_string() http://php.net/manual/en/function.mysql-real-escape-string.php ... that will run on any database, not just MySql, would the following be a viable solution: a. addslashes() to all variables and I used the Adodb (adodb.sourceforge.net) class for working with the database. It could work to a bunch of DBs (mysql, oracle, pgsql). The most interesting bit about it was that it tool care of escaping the strings before putting the data in the database. Each db had its own backend, which took care of escaping characters. For example, if you want to insert John's Old Shoppe into MS access, it has to go in like John''s Old Shoppe and not John\'s Old Shoppe. I think Pear::DB also provides this functionality. b. remove specific unwanted characters from input including: -- [comment sign in SQL] ' [single quote] It is possible to just destroy the unwanted characters in a login form and prohibit use of those characters in username and password fields. If you prohibit the use of some characters in the password field, your users will be forced to use weak passwords. In this case, your best bet is to insert the md5sum of the users password instead of the cleartext password. -- Raj Shekhar Y! : Operations Engineer MySQL DBA, programmer and slacker Y!IM : lunatech3007 home : http://rajshekhar.net blog : http://rajshekhar.net/blog/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Bulletproof POST remove
Andy,
I've done this in the past when setting a cookie for a user-defined
theme and also for a message board which used the post method. In my
case I put all of the logic into a separate page altogether. So you'd
have your form on page A, logic in page B and a landing page which can
be the same as A. The logic page (B) would perform some validation and
then redirect the browser back to page A with either a GET var in the
redirected URL indicating failure or success.
basically:
http://127.0.0.1/A.php-[form submission POST]-
http://127.0.0.1/B.php-[HTTP REDIRECT- http://127.0.0.1/A.php?exit_code=0
I know this is similar to your existing flow, but try it in a separate
page. The additional redirect seems to do the trick. Besides, it helps
keep logic separate from UI. ;-)
Andy Pieters wrote:
Hi all
I noticed some sites are able to remove POST data 100% of the time. Even if
the user presses the back button there is no more POST data pressent.
I would like to achieve the same thing and currently I use a location header
to transfer the user to the same page.
Like
check post
do action
header('Location: $thispage');
die();
But then when the user presses the back button they can still retransmit the
action.
I tried playing with the MUST-REVALIDATE, pragma-nocache header and stuff but
it doesn't seem to work. Also I notice that on some sites, when I press the
back button, there is a white page that sais Your session has expired.
It should be noticed that I do not use sessions.
It should be like POST-once, after that there should be no more remnants of
it.
With kind regards
Andy
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
