RE: [PHP] Looking for help with forms/variables and an array!
I got a little bit further, but still feel like the monkey with a light-bulb! OPTION value=1Over $2 million/OPTION -Original Message- From: BSumrall [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 12, 2007 4:21 AM To: php-general@lists.php.net Subject: [PHP] Looking for help with forms/variables and an array! Dreamweaver help me with a good part of this, but now I am in the nitty gritty code and trying to figure out. General concept: A selection box has 4 options, php queries the Mysql database for matching options. Then a second options box with another 4 options filters the query even more. Aspects I am a little stuck on. 1 associating options (in drop down box) with a variable 2 carrying the result set over two the second drop down box Producing my final result set. Here are some snippets of where I am at. First selection box: form id=form1 name=form1 method=post action= labelmarket select name=select OPTIONoption1/OPTION OPTIONoption2/OPTION OPTIONoption3/OPTION OPTIONoption4/OPTION /select Second selection box: form id=form2 name=form2 method=post action= labelmarket select name=select OPTIONoption1/OPTION OPTIONoption2/OPTION OPTIONoption3/OPTION OPTIONoption4/OPTION /select $query_Recordset1 = SELECT * FROM lstng_tbl WHERE range = '1'; The number one is what the first set of just above is what form one is supposed to change. After that, how is the world am I going to do it twice for the second part of the query? Some good literature on how to do it TWICE would really help understand this. I find tons of stuff on doing it once! Thank you kindly for any guidance you can provide. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Looking for help with forms/variables and an array!
I am game for anything that works and works fast and easy. I am just wondering if I am opening up a whole new can of worms? Cheers! Brad -Original Message- From: George Pitcher [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 12, 2007 6:06 AM To: BSumrall Subject: RE: [PHP] Looking for help with forms/variables and an array! Hi, I use Javascript. I also use Firefox. I use Apache as my server on WinNT, but Ajax also works on Linux servers (mainly because its a client-side application). Let me know if you need help setting up Ajax and/or testing. Cheers George -Original Message- From: BSumrall [mailto:[EMAIL PROTECTED] Sent: 12 June 2007 10:54 am To: 'George Pitcher' Subject: RE: [PHP] Looking for help with forms/variables and an array! Interesting suggestion. I though ajax was mainly gear towards microsoft and javascripting applications? -Original Message- From: George Pitcher [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 12, 2007 5:42 AM To: BSumrall Subject: RE: [PHP] Looking for help with forms/variables and an array! Hi, Have you looked at Ajax? This will do just what you have described. When the user makes their first choice, Ajax queries the database to return the options for the secont drop-down box. George -Original Message- From: BSumrall [mailto:[EMAIL PROTECTED] Sent: 12 June 2007 9:34 am To: php-general@lists.php.net Subject: RE: [PHP] Looking for help with forms/variables and an array! I got a little bit further, but still feel like the monkey with a light-bulb! OPTION value=1Over $2 million/OPTION -Original Message- From: BSumrall [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 12, 2007 4:21 AM To: php-general@lists.php.net Subject: [PHP] Looking for help with forms/variables and an array! Dreamweaver help me with a good part of this, but now I am in the nitty gritty code and trying to figure out. General concept: A selection box has 4 options, php queries the Mysql database for matching options. Then a second options box with another 4 options filters the query even more. Aspects I am a little stuck on. 1 associating options (in drop down box) with a variable 2 carrying the result set over two the second drop down box Producing my final result set. Here are some snippets of where I am at. First selection box: form id=form1 name=form1 method=post action= labelmarket select name=select OPTIONoption1/OPTION OPTIONoption2/OPTION OPTIONoption3/OPTION OPTIONoption4/OPTION /select Second selection box: form id=form2 name=form2 method=post action= labelmarket select name=select OPTIONoption1/OPTION OPTIONoption2/OPTION OPTIONoption3/OPTION OPTIONoption4/OPTION /select $query_Recordset1 = SELECT * FROM lstng_tbl WHERE range = '1'; The number one is what the first set of just above is what form one is supposed to change. After that, how is the world am I going to do it twice for the second part of the query? Some good literature on how to do it TWICE would really help understand this. I find tons of stuff on doing it once! Thank you kindly for any guidance you can provide. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Looking for help with forms/variables and an array!
Is it a GUI based application? Brad -Original Message- From: George Pitcher [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 12, 2007 6:06 AM To: BSumrall Subject: RE: [PHP] Looking for help with forms/variables and an array! Hi, I use Javascript. I also use Firefox. I use Apache as my server on WinNT, but Ajax also works on Linux servers (mainly because its a client-side application). Let me know if you need help setting up Ajax and/or testing. Cheers George -Original Message- From: BSumrall [mailto:[EMAIL PROTECTED] Sent: 12 June 2007 10:54 am To: 'George Pitcher' Subject: RE: [PHP] Looking for help with forms/variables and an array! Interesting suggestion. I though ajax was mainly gear towards microsoft and javascripting applications? -Original Message- From: George Pitcher [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 12, 2007 5:42 AM To: BSumrall Subject: RE: [PHP] Looking for help with forms/variables and an array! Hi, Have you looked at Ajax? This will do just what you have described. When the user makes their first choice, Ajax queries the database to return the options for the secont drop-down box. George -Original Message- From: BSumrall [mailto:[EMAIL PROTECTED] Sent: 12 June 2007 9:34 am To: php-general@lists.php.net Subject: RE: [PHP] Looking for help with forms/variables and an array! I got a little bit further, but still feel like the monkey with a light-bulb! OPTION value=1Over $2 million/OPTION -Original Message- From: BSumrall [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 12, 2007 4:21 AM To: php-general@lists.php.net Subject: [PHP] Looking for help with forms/variables and an array! Dreamweaver help me with a good part of this, but now I am in the nitty gritty code and trying to figure out. General concept: A selection box has 4 options, php queries the Mysql database for matching options. Then a second options box with another 4 options filters the query even more. Aspects I am a little stuck on. 1 associating options (in drop down box) with a variable 2 carrying the result set over two the second drop down box Producing my final result set. Here are some snippets of where I am at. First selection box: form id=form1 name=form1 method=post action= labelmarket select name=select OPTIONoption1/OPTION OPTIONoption2/OPTION OPTIONoption3/OPTION OPTIONoption4/OPTION /select Second selection box: form id=form2 name=form2 method=post action= labelmarket select name=select OPTIONoption1/OPTION OPTIONoption2/OPTION OPTIONoption3/OPTION OPTIONoption4/OPTION /select $query_Recordset1 = SELECT * FROM lstng_tbl WHERE range = '1'; The number one is what the first set of just above is what form one is supposed to change. After that, how is the world am I going to do it twice for the second part of the query? Some good literature on how to do it TWICE would really help understand this. I find tons of stuff on doing it once! Thank you kindly for any guidance you can provide. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Looking for help with forms/variables and an array!
-Original Message- From: BSumrall [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 12, 2007 5:54 AM To: 'George Pitcher' Subject: RE: [PHP] Looking for help with forms/variables and an array! Interesting suggestion. I though ajax was mainly gear towards microsoft and javascripting applications? -Original Message- From: George Pitcher [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 12, 2007 5:42 AM To: BSumrall Subject: RE: [PHP] Looking for help with forms/variables and an array! Hi, Have you looked at Ajax? This will do just what you have described. When the user makes their first choice, Ajax queries the database to return the options for the secont drop-down box. George -Original Message- From: BSumrall [mailto:[EMAIL PROTECTED] Sent: 12 June 2007 9:34 am To: php-general@lists.php.net Subject: RE: [PHP] Looking for help with forms/variables and an array! I got a little bit further, but still feel like the monkey with a light-bulb! OPTION value=1Over $2 million/OPTION -Original Message- From: BSumrall [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 12, 2007 4:21 AM To: php-general@lists.php.net Subject: [PHP] Looking for help with forms/variables and an array! Dreamweaver help me with a good part of this, but now I am in the nitty gritty code and trying to figure out. General concept: A selection box has 4 options, php queries the Mysql database for matching options. Then a second options box with another 4 options filters the query even more. Aspects I am a little stuck on. 1 associating options (in drop down box) with a variable 2 carrying the result set over two the second drop down box Producing my final result set. Here are some snippets of where I am at. First selection box: form id=form1 name=form1 method=post action= labelmarket select name=select OPTIONoption1/OPTION OPTIONoption2/OPTION OPTIONoption3/OPTION OPTIONoption4/OPTION /select Second selection box: form id=form2 name=form2 method=post action= labelmarket select name=select OPTIONoption1/OPTION OPTIONoption2/OPTION OPTIONoption3/OPTION OPTIONoption4/OPTION /select $query_Recordset1 = SELECT * FROM lstng_tbl WHERE range = '1'; The number one is what the first set of just above is what form one is supposed to change. After that, how is the world am I going to do it twice for the second part of the query? Some good literature on how to do it TWICE would really help understand this. I find tons of stuff on doing it once! Thank you kindly for any guidance you can provide. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
At 6:22 PM +0200 6/11/07, Tijnema wrote: Server builds up a database of pictures, client does the same with MD5 check, and problem solved...:) Tijnema Tijnema: Not exactly, I don't think you could MD5 this: http://sperling.com/examples/dot-captcha/ To make variations of the theme. I can place any type of picture, any number of pictures, anywhere and ask the user to click on one (i.e., click on the apple) -- there's nothing to MD5, is there? Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] efficient log system
Hi, I would like to create a log system to keep a trace of all users' actions (log-in, remove, change or update data, and so on...). What should i do or to what should i take care to not have problem ? I was thinking to create a folder on my server where log files will be stored, but what is the best practice. thanks a lot, -- Alain Windows XP SP2 PostgreSQL 8.1.4 Apache 2.2.4 PHP 5.2.1
Re: [PHP] Going from simple to super CAPTCHA
At 7:38 PM +0200 6/11/07, Tijnema wrote: Well, if you think this is the uncrackable* solution, create it and i'll see if I can crack it ;) Tijnema * I hope you don't mean the same uncrackable as AACS did: HD-DVD is uncrackable ;) As I provided in another post, try cracking this: http://sperling.com/examples/dot-captcha/ Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: efficient log system
Alain Roger wrote: Hi, I would like to create a log system to keep a trace of all users' actions (log-in, remove, change or update data, and so on...). What should i do or to what should i take care to not have problem ? I was thinking to create a folder on my server where log files will be stored, but what is the best practice. Very open ended question! You should just approach this like any other design decision tho', look at why you are keeping it, how you are going to query it, what you will use it for etc. then design it appropriately. First thought is stick it in a database with a user_id, date and a description of the change (perhaps include a unified diff if it's appropriate so that the actual change is quite obvious - this may impose a fairly large amount of overhead tho). It all depends on you application, how you design your general storage backend, and how you use it. Col -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: efficient log system
Hello Alain, I can just tell you from my experience. I have recently created a, in my eyes, pretty big project, and wanted to track everything, starting from user navigation over search queries to login/out times, article printout times and count, photo views and everything your mind can imagine. I didn't do this for just the fun of it, but to see what our users do on our website and to improve the handling of the site. Anyhow, I think you get the idea. Now, what I've done, was to write all that into a mySQL database... and by now I think I shouldn't have done that. I did a DB-backup today (after 4 weeks of having the site up), and already the size of the DB is 10+ MB of textual data. What will it be after a year... So I guess it really depends on what you have in mind. I do store a lot of text data, so you might not even come up with 15% of what I'm saving. I think you should do some planning and try to see how many users will visit your page, and then calculate the amount of data your might be writing to files or a database. From my point of view, a database solution is just fine, until you have to restore that database from your local computer with a dump (uploading and all :oP) Just to show you what I dod and what amount of data I'm getting :o) Cheerio! Chris Alain Roger [EMAIL PROTECTED] schrieb im Newsbeitrag news:[EMAIL PROTECTED] Hi, I would like to create a log system to keep a trace of all users' actions (log-in, remove, change or update data, and so on...). What should i do or to what should i take care to not have problem ? I was thinking to create a folder on my server where log files will be stored, but what is the best practice. thanks a lot, -- Alain Windows XP SP2 PostgreSQL 8.1.4 Apache 2.2.4 PHP 5.2.1 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
At 7:51 PM +0200 6/11/07, Tijnema wrote: It would definitly be an interesting challenge, but you don't have time, or is that an excuse..? :P What about you tedd? Tijnema Eager Beaver, huh? Good for you! After you crack my dot-captcha, I'll make up another. :-) Rob provided an interesting direction with his Sesame Street theme CAPTCHA. After all, we're trying to get a correct answer from a very elementary data-set. Variations on that theme might prove rewarding. If my dot-captcha holds up against Tijnema, we could think of various ways to combine both. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
tedd wrote: At 7:38 PM +0200 6/11/07, Tijnema wrote: Well, if you think this is the uncrackable* solution, create it and i'll see if I can crack it ;) Tijnema * I hope you don't mean the same uncrackable as AACS did: HD-DVD is uncrackable ;) As I provided in another post, try cracking this: http://sperling.com/examples/dot-captcha/ I've not written code to do it but that seems pretty simple to me. You get the image from circle.php, detect where the circle is - pretty simple - and pass those coords through when posting the form. Or have I missed something? -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
At 3:02 PM -0400 6/11/07, Robert Cummings wrote: OCR is extremely fast. I've done work in the past using OCR and while it was simple text in documents, the OCR program could extract the text from the image of a magazine page in about a second. For simplistic displays of text, or even only slight noise, the OCR will beat human hands down every time. Cheers, Rob. Rob: I was thinking about this the other day -- computers are fast and people are generally slow. So, instead of making the time short, examine how fast the answer was obtained. Immediate = computer; delayed = human. Even an easy LETTER CAPTCHA takes time for a human, but a computer can recognize and respond much quicker. I know, spammy can delay his bot's response, but it's just a difference between computer/human to consider. For example, what if a LETTER CAPTCHA provided letters in a timed sequence? Such as: A then .6 seconds (time delay random from .1 to 2 seconds) AS then 1.1 seconds ASD Would there be a consistent time difference between the way a computer would read/respond to the letters as compared to a human? I dunno, but it's food for thought. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] any security problems with this?
I have a page of functions that I include in my page head. In this I have a
function to connect. I can then just call this on each page when i need it.
Does doing it this way cause any potential security risks?
function connect() {
$host=localhost;
$user=x;
$password=xx;
$dbname=x;
$link = mysql_connect($host, $user, $password) or die ('somethng went
wrong:' .mysql_error() );
mysql_select_db($dbname, $link) or die ('somethng went wrong, DB error:'
.mysql_error() );
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
At 4:37 PM -0400 6/11/07, Daniel Brown wrote: I'm going to try to knock out a proof-of-concept later this week if I can to bring some of it together. -- Daniel P. Brown Daniel et al: While thinking about proof-of-concepts, think also of optical illusions -- perhaps there's some opportunity there. After all, computers don't see the illusions we see. For example, when we are shown two boxes exactly the same size but different colors, we have difficulty determining if the boxes ARE the same size. When an item is shown by it's self or next to something, we assign different sizes for the item -- the moon is a good example of that (i.e., close to the horizon is larger than high in the night sky). These are just food for thought. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
At 12:42 PM +0100 6/12/07, Stut wrote: tedd wrote: At 7:38 PM +0200 6/11/07, Tijnema wrote: Well, if you think this is the uncrackable* solution, create it and i'll see if I can crack it ;) Tijnema * I hope you don't mean the same uncrackable as AACS did: HD-DVD is uncrackable ;) As I provided in another post, try cracking this: http://sperling.com/examples/dot-captcha/ I've not written code to do it but that seems pretty simple to me. You get the image from circle.php, detect where the circle is - pretty simple - and pass those coords through when posting the form. Or have I missed something? -Stut Oh well, if you put it that way. :-) No I was talking about his MD5'ing everything. I wanted to see how he would MD5 that. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On 6/12/07, tedd [EMAIL PROTECTED] wrote: At 12:42 PM +0100 6/12/07, Stut wrote: tedd wrote: At 7:38 PM +0200 6/11/07, Tijnema wrote: Well, if you think this is the uncrackable* solution, create it and i'll see if I can crack it ;) Tijnema * I hope you don't mean the same uncrackable as AACS did: HD-DVD is uncrackable ;) As I provided in another post, try cracking this: http://sperling.com/examples/dot-captcha/ I've not written code to do it but that seems pretty simple to me. You get the image from circle.php, detect where the circle is - pretty simple - and pass those coords through when posting the form. Or have I missed something? -Stut Oh well, if you put it that way. :-) No I was talking about his MD5'ing everything. I wanted to see how he would MD5 that. Cheers, tedd Cracking this is done by the way Stut explained, atleast that's what I was planning to do, If you place random images on it, I would simply remove the empty pixels, and get the picture only. Then MD5 sum it. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: any security problems with this?
Ross wrote:
I have a page of functions that I include in my page head. In this I have a
function to connect. I can then just call this on each page when i need it.
Does doing it this way cause any potential security risks?
function connect() {
$host=localhost;
$user=x;
$password=xx;
$dbname=x;
$link = mysql_connect($host, $user, $password) or die ('somethng went
wrong:' .mysql_error() );
mysql_select_db($dbname, $link) or die ('somethng went wrong, DB error:'
..mysql_error() );
}
The function can only be run if you call it in one of your scripts, when
the database is needed. The user has no way of calling the function or
seeing the code, so there shouldnt be any security risks at all.
Darren
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: any security problems with this?
Unless some server config error causes that stuff to be output on the page? I tend to put such functions in a .inc file and amend the .htaccess to prevent download.
RE: [PHP] Re: any security problems with this?
Ross wrote:
I have a page of functions that I include in my page head.
In this I have a
function to connect. I can then just call this on each page
when i need it.
Does doing it this way cause any potential security risks?
function connect() {
$host=localhost;
$user=x;
$password=xx;
$dbname=x;
$link = mysql_connect($host, $user, $password) or die
('somethng went
wrong:' .mysql_error() );
mysql_select_db($dbname, $link) or die ('somethng went
wrong, DB error:'
..mysql_error() );
}
The function can only be run if you call it in one of your
scripts, when
the database is needed. The user has no way of calling the
function or
seeing the code, so there shouldnt be any security risks at all.
Unless, of course, his page of functions is named 'readme.txt' and lives in
document root.
JM
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: any security problems with this?
Dave Goodchild wrote: Unless some server config error causes that stuff to be output on the page? I tend to put such functions in a .inc file and amend the .htaccess to prevent download. If you were to include or require the .inc page and an error was to occur, it would still be printed out. All error printing should be turned off an a production server anyhow. Darren -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: any security problems with this?
Dave Goodchild wrote: Unless some server config error causes that stuff to be output on the page? I tend to put such functions in a .inc file and amend the .htaccess to prevent download. Unless some server config error causes it to ignore .htaccess. The basic rule when it comes to securing this stuff is to stick it outside the web root. That way only a monumentally stupid server admin or developer can make it possible for the average web user to get at it. Oh, hang on...! -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: any security problems with this?
On 6/12/07, Stut [EMAIL PROTECTED] wrote: Dave Goodchild wrote: Unless some server config error causes that stuff to be output on the page? I tend to put such functions in a .inc file and amend the .htaccess to prevent download. Unless some server config error causes it to ignore .htaccess. The basic rule when it comes to securing this stuff is to stick it outside the web root. That way only a monumentally stupid server admin or developer can make it possible for the average web user to get at it. Oh, hang on...! -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Just to throw this out there, you can put your information in the Apache config too and get the values from $_SERVER. This way it can be owned by root. See http://ilia.ws/files/quebec_security.pdf slide 59. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On Tue, 2007-06-12 at 07:25 -0400, tedd wrote: At 6:22 PM +0200 6/11/07, Tijnema wrote: Server builds up a database of pictures, client does the same with MD5 check, and problem solved...:) Tijnema Tijnema: Not exactly, I don't think you could MD5 this: http://sperling.com/examples/dot-captcha/ To make variations of the theme. I can place any type of picture, any number of pictures, anywhere and ask the user to click on one (i.e., click on the apple) -- there's nothing to MD5, is there? Yeah, but a bot isn't going to click on it.. it's going to go oh look, a form... POST!. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On Tue, 2007-06-12 at 07:29 -0400, tedd wrote: At 7:38 PM +0200 6/11/07, Tijnema wrote: Well, if you think this is the uncrackable* solution, create it and i'll see if I can crack it ;) Tijnema * I hope you don't mean the same uncrackable as AACS did: HD-DVD is uncrackable ;) As I provided in another post, try cracking this: http://sperling.com/examples/dot-captcha/ Ummm, there's absolutely nothing to crack... ?php $post = 'Submit'; $ch = curl_init( '/examples/dot-captcha/index.php' ); curl_setopt( $ch, CURLOPT_HEADER, 0 ); curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1 ); curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); curl_setopt( $ch, CURLOPT_TIMEOUT, 15 ); curl_setopt( $ch, CURLOPT_POSTFIELDS, $post ); $result = curl_exec( $ch ) ? Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: any security problems with this?
Sure, I usually put these files outside the docroot - unless I am in some f**ked-up hosting environment that doesn't let me change the include path...
Re: [PHP] Going from simple to super CAPTCHA
On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 07:29 -0400, tedd wrote: At 7:38 PM +0200 6/11/07, Tijnema wrote: Well, if you think this is the uncrackable* solution, create it and i'll see if I can crack it ;) Tijnema * I hope you don't mean the same uncrackable as AACS did: HD-DVD is uncrackable ;) As I provided in another post, try cracking this: http://sperling.com/examples/dot-captcha/ Ummm, there's absolutely nothing to crack... ?php $post = 'Submit'; $ch = curl_init( '/examples/dot-captcha/index.php' ); curl_setopt( $ch, CURLOPT_HEADER, 0 ); curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1 ); curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); curl_setopt( $ch, CURLOPT_TIMEOUT, 15 ); curl_setopt( $ch, CURLOPT_POSTFIELDS, $post ); $result = curl_exec( $ch ) ? Cheers, Rob. Did you try this code? I don't think so as you don''t even connect to www.sperling.com ... Second, Tedd checks for the actual point clicked. You should've taken a look at it before making such comments. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On Tue, 2007-06-12 at 09:05 -0400, Robert Cummings wrote: On Tue, 2007-06-12 at 07:29 -0400, tedd wrote: At 7:38 PM +0200 6/11/07, Tijnema wrote: Well, if you think this is the uncrackable* solution, create it and i'll see if I can crack it ;) Tijnema * I hope you don't mean the same uncrackable as AACS did: HD-DVD is uncrackable ;) As I provided in another post, try cracking this: http://sperling.com/examples/dot-captcha/ Ummm, there's absolutely nothing to crack... Bleh, I missed the image in the submit trick. Even still, all one needs to do is find the first pixel of colour in the image. That's trivial for any captcha cracker. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On Tue, 2007-06-12 at 08:01 -0400, tedd wrote: At 3:02 PM -0400 6/11/07, Robert Cummings wrote: OCR is extremely fast. I've done work in the past using OCR and while it was simple text in documents, the OCR program could extract the text from the image of a magazine page in about a second. For simplistic displays of text, or even only slight noise, the OCR will beat human hands down every time. Cheers, Rob. Rob: I was thinking about this the other day -- computers are fast and people are generally slow. So, instead of making the time short, examine how fast the answer was obtained. Immediate = computer; delayed = human. Even an easy LETTER CAPTCHA takes time for a human, but a computer can recognize and respond much quicker. I know, spammy can delay his bot's response, but it's just a difference between computer/human to consider. For example, what if a LETTER CAPTCHA provided letters in a timed sequence? Such as: A then .6 seconds (time delay random from .1 to 2 seconds) AS then 1.1 seconds ASD Would there be a consistent time difference between the way a computer would read/respond to the letters as compared to a human? I dunno, but it's food for thought. Human times are only predicatable beyond a certain speed. But computers can easily mimic a delay: ?php usleep( 50 + rand( 1, 300 ) ); ? Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
Robert Cummings wrote: On Tue, 2007-06-12 at 07:29 -0400, tedd wrote: At 7:38 PM +0200 6/11/07, Tijnema wrote: Well, if you think this is the uncrackable* solution, create it and i'll see if I can crack it ;) Tijnema * I hope you don't mean the same uncrackable as AACS did: HD-DVD is uncrackable ;) As I provided in another post, try cracking this: http://sperling.com/examples/dot-captcha/ Ummm, there's absolutely nothing to crack... ?php $post = 'Submit'; $ch = curl_init( '/examples/dot-captcha/index.php' ); curl_setopt( $ch, CURLOPT_HEADER, 0 ); curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1 ); curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); curl_setopt( $ch, CURLOPT_TIMEOUT, 15 ); curl_setopt( $ch, CURLOPT_POSTFIELDS, $post ); $result = curl_exec( $ch ) ? The submit image is bigger than the circle, and I'm guessing Tedd is checking the coords passed through. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On 6/12/07, Stut [EMAIL PROTECTED] wrote: tedd wrote: At 7:38 PM +0200 6/11/07, Tijnema wrote: Well, if you think this is the uncrackable* solution, create it and i'll see if I can crack it ;) Tijnema * I hope you don't mean the same uncrackable as AACS did: HD-DVD is uncrackable ;) As I provided in another post, try cracking this: http://sperling.com/examples/dot-captcha/ I've not written code to do it but that seems pretty simple to me. You get the image from circle.php, detect where the circle is - pretty simple - and pass those coords through when posting the form. Or have I missed something? -Stut Yup, it's as simpel like that, but I found an even simpler way,because there is a bug in Tedd's code :P You didn't check if the session variable is empty, so if i Pass an empty variable Submit.x and Submit.y to your script, it generates 2 warnings, but tells me, Congratulations, you made it... To see the result, go here: http://86.86.80.41/dev/debug/tedd3.php To see the source of the code, go here: http://86.86.80.41/dev/debug/tedd3.phps Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 15:23 +0200, Tijnema wrote: On 6/12/07, Stut [EMAIL PROTECTED] wrote: tedd wrote: At 7:38 PM +0200 6/11/07, Tijnema wrote: Well, if you think this is the uncrackable* solution, create it and i'll see if I can crack it ;) Tijnema * I hope you don't mean the same uncrackable as AACS did: HD-DVD is uncrackable ;) As I provided in another post, try cracking this: http://sperling.com/examples/dot-captcha/ I've not written code to do it but that seems pretty simple to me. You get the image from circle.php, detect where the circle is - pretty simple - and pass those coords through when posting the form. Or have I missed something? -Stut Yup, it's as simpel like that, but I found an even simpler way,because there is a bug in Tedd's code :P You didn't check if the session variable is empty, so if i Pass an empty variable Submit.x and Submit.y to your script, it generates 2 warnings, but tells me, Congratulations, you made it... To see the result, go here: http://86.86.80.41/dev/debug/tedd3.php To see the source of the code, go here: http://86.86.80.41/dev/debug/tedd3.phps Does it check specifically for Submit.x and Submit.y? or does my goof script work if I put in the full URL? *heheeh*. I noticed he had that bug too when I used wget to grab circle.php (the circle center was at the origin), but wasn't sure if his validation code checked it (this was after I sent my goof response :) Cheers, Rob. Nope, it does actually check for Submit.x and Submit.y ;) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 15:09 +0200, Tijnema wrote: On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 07:29 -0400, tedd wrote: At 7:38 PM +0200 6/11/07, Tijnema wrote: Well, if you think this is the uncrackable* solution, create it and i'll see if I can crack it ;) Tijnema * I hope you don't mean the same uncrackable as AACS did: HD-DVD is uncrackable ;) As I provided in another post, try cracking this: http://sperling.com/examples/dot-captcha/ Ummm, there's absolutely nothing to crack... ?php $post = 'Submit'; $ch = curl_init( '/examples/dot-captcha/index.php' ); curl_setopt( $ch, CURLOPT_HEADER, 0 ); curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1 ); curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); curl_setopt( $ch, CURLOPT_TIMEOUT, 15 ); curl_setopt( $ch, CURLOPT_POSTFIELDS, $post ); $result = curl_exec( $ch ) ? Cheers, Rob. Did you try this code? I don't think so as you don''t even connect to www.sperling.com ... Second, Tedd checks for the actual point clicked. You should've taken a look at it before making such comments. Tijnema, Did you actually wait for my goof apology email? Did you? I didn't think so. You should have waited 2 minutes to see if I realized I was being an idiot ;) Cheers, Rob. -- Nope, I was a little bit too fast ;) Sorry, should have waited a few minutes for grandfather ;) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] any security problems with this?
On 6/12/07, Ross [EMAIL PROTECTED] wrote:
I have a page of functions that I include in my page head. In this I have a
function to connect. I can then just call this on each page when i need it.
Does doing it this way cause any potential security risks?
function connect() {
$host=localhost;
$user=x;
$password=xx;
$dbname=x;
$link = mysql_connect($host, $user, $password) or die ('somethng went
wrong:' .mysql_error() );
mysql_select_db($dbname, $link) or die ('somethng went wrong, DB error:'
.mysql_error() );
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Get rid of the mysql_error() part. If you leave that in and somehow
it is unable to connect, you'll get this: somethng went wrong:Access
denied for user 'x'@'localhost' (using password: YES). It isn't a
good idea to show people your DB username.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On Tue, 2007-06-12 at 15:09 +0200, Tijnema wrote: On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 07:29 -0400, tedd wrote: At 7:38 PM +0200 6/11/07, Tijnema wrote: Well, if you think this is the uncrackable* solution, create it and i'll see if I can crack it ;) Tijnema * I hope you don't mean the same uncrackable as AACS did: HD-DVD is uncrackable ;) As I provided in another post, try cracking this: http://sperling.com/examples/dot-captcha/ Ummm, there's absolutely nothing to crack... ?php $post = 'Submit'; $ch = curl_init( '/examples/dot-captcha/index.php' ); curl_setopt( $ch, CURLOPT_HEADER, 0 ); curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1 ); curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); curl_setopt( $ch, CURLOPT_TIMEOUT, 15 ); curl_setopt( $ch, CURLOPT_POSTFIELDS, $post ); $result = curl_exec( $ch ) ? Cheers, Rob. Did you try this code? I don't think so as you don''t even connect to www.sperling.com ... Second, Tedd checks for the actual point clicked. You should've taken a look at it before making such comments. Tijnema, Did you actually wait for my goof apology email? Did you? I didn't think so. You should have waited 2 minutes to see if I realized I was being an idiot ;) Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On Tue, 2007-06-12 at 15:23 +0200, Tijnema wrote: On 6/12/07, Stut [EMAIL PROTECTED] wrote: tedd wrote: At 7:38 PM +0200 6/11/07, Tijnema wrote: Well, if you think this is the uncrackable* solution, create it and i'll see if I can crack it ;) Tijnema * I hope you don't mean the same uncrackable as AACS did: HD-DVD is uncrackable ;) As I provided in another post, try cracking this: http://sperling.com/examples/dot-captcha/ I've not written code to do it but that seems pretty simple to me. You get the image from circle.php, detect where the circle is - pretty simple - and pass those coords through when posting the form. Or have I missed something? -Stut Yup, it's as simpel like that, but I found an even simpler way,because there is a bug in Tedd's code :P You didn't check if the session variable is empty, so if i Pass an empty variable Submit.x and Submit.y to your script, it generates 2 warnings, but tells me, Congratulations, you made it... To see the result, go here: http://86.86.80.41/dev/debug/tedd3.php To see the source of the code, go here: http://86.86.80.41/dev/debug/tedd3.phps Does it check specifically for Submit.x and Submit.y? or does my goof script work if I put in the full URL? *heheeh*. I noticed he had that bug too when I used wget to grab circle.php (the circle center was at the origin), but wasn't sure if his validation code checked it (this was after I sent my goof response :) Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Question on Connecting to Microsoft SQL Server from PHP
All: I can't seem to connect to a SQL Server database with PHP. I have read the php.net documentation and so many other forums on the Internet that my eyes were literally blood shot. Today I thought I would try this route. I have PHP and Apache installed on my local machine. They work fine as I created another application with them (and MySQL) that worked as expected/designed. I want to connect to MS SQL Server 2000 that rests on another machine here at work. I can reach the tables and do whatever I want with them from my machine through SQL Query Analyzer. (The other machine runs a Windows Server. So I am trying to connect from one Windows box to another Windows box.) So I know that I can connect to the tables (and the machine that they rest on) from my machine. It is just that I get the following error when I load my PHP page: Warning: mssql_connect() [[ http://localhost/development_files/ordertrackno/where_is_it.php/function.mssql-connect ]function.mssql-connect]: Unable to connect to server: . . . In my PHP page I have the following: $sql = mssql_connect (xx.xx.xx.xx:, xx, xx); $conn=mssql_select_db(xx, $sql); etc I have tried replacing the semicolon with a comma as some have said. I get the same error. I have tried replacing the quotation marks with an apostrophe and I get the same error. I have the Client tools installed on my machine. (I should mention that they are not installed on the Apache on my machine as I could not get them to install from the SQL Server disk to that location--only to the hardrive.). Again, they connect to the database. I can query the database from my machine. I have the latest ntwdblib.dllinstalled in the php, php\extension, apache\bin, and system 32 directories. What else . . . I have tried setting the msssql.secure_connection to both off and on and I still get the same error. I have ensured that TCP/IP and Named Pipes are enabled in the SQL Configuration tool. I have asked the network guy to help out but no luck there. Again, I am at a loss and need to get this up and running. Any suggestions would be appreciated. Thanks. Tommy
Re: [PHP] Going from simple to super CAPTCHA
On Tue, 2007-06-12 at 15:46 +0200, Tijnema wrote: On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 15:23 +0200, Tijnema wrote: On 6/12/07, Stut [EMAIL PROTECTED] wrote: tedd wrote: At 7:38 PM +0200 6/11/07, Tijnema wrote: Well, if you think this is the uncrackable* solution, create it and i'll see if I can crack it ;) Tijnema * I hope you don't mean the same uncrackable as AACS did: HD-DVD is uncrackable ;) As I provided in another post, try cracking this: http://sperling.com/examples/dot-captcha/ I've not written code to do it but that seems pretty simple to me. You get the image from circle.php, detect where the circle is - pretty simple - and pass those coords through when posting the form. Or have I missed something? -Stut Yup, it's as simpel like that, but I found an even simpler way,because there is a bug in Tedd's code :P You didn't check if the session variable is empty, so if i Pass an empty variable Submit.x and Submit.y to your script, it generates 2 warnings, but tells me, Congratulations, you made it... To see the result, go here: http://86.86.80.41/dev/debug/tedd3.php To see the source of the code, go here: http://86.86.80.41/dev/debug/tedd3.phps Does it check specifically for Submit.x and Submit.y? or does my goof script work if I put in the full URL? *heheeh*. I noticed he had that bug too when I used wget to grab circle.php (the circle center was at the origin), but wasn't sure if his validation code checked it (this was after I sent my goof response :) Cheers, Rob. Nope, it does actually check for Submit.x and Submit.y ;) DOH! :) Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 15:46 +0200, Tijnema wrote: On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 15:23 +0200, Tijnema wrote: On 6/12/07, Stut [EMAIL PROTECTED] wrote: tedd wrote: At 7:38 PM +0200 6/11/07, Tijnema wrote: Well, if you think this is the uncrackable* solution, create it and i'll see if I can crack it ;) Tijnema * I hope you don't mean the same uncrackable as AACS did: HD-DVD is uncrackable ;) As I provided in another post, try cracking this: http://sperling.com/examples/dot-captcha/ I've not written code to do it but that seems pretty simple to me. You get the image from circle.php, detect where the circle is - pretty simple - and pass those coords through when posting the form. Or have I missed something? -Stut Yup, it's as simpel like that, but I found an even simpler way,because there is a bug in Tedd's code :P You didn't check if the session variable is empty, so if i Pass an empty variable Submit.x and Submit.y to your script, it generates 2 warnings, but tells me, Congratulations, you made it... To see the result, go here: http://86.86.80.41/dev/debug/tedd3.php To see the source of the code, go here: http://86.86.80.41/dev/debug/tedd3.phps Does it check specifically for Submit.x and Submit.y? or does my goof script work if I put in the full URL? *heheeh*. I noticed he had that bug too when I used wget to grab circle.php (the circle center was at the origin), but wasn't sure if his validation code checked it (this was after I sent my goof response :) Cheers, Rob. Nope, it does actually check for Submit.x and Submit.y ;) DOH! :) Cheers, Rob. You seem pretty sure about it, what if he checks for Submit.y and Submit.x? :P:P Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On Tue, 2007-06-12 at 16:23 +0200, Tijnema wrote: On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 15:46 +0200, Tijnema wrote: Nope, it does actually check for Submit.x and Submit.y ;) DOH! :) Cheers, Rob. You seem pretty sure about it, what if he checks for Submit.y and Submit.x? :P:P Tijnema ??? Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 16:23 +0200, Tijnema wrote: On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 15:46 +0200, Tijnema wrote: Nope, it does actually check for Submit.x and Submit.y ;) DOH! :) Cheers, Rob. You seem pretty sure about it, what if he checks for Submit.y and Submit.x? :P:P Tijnema ??? Cheers, Rob. -- I meant reverse order :P Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On 10/06/07, Dave M G [EMAIL PROTECTED] wrote: PHP General List, With a little help from the web, and help from this list, I have a simple CAPTCHA image that works within the content system I'm building. But it's *really* simple. Basically white text on a black background, with a couple of white lines to obscure the text a little. I'm pretty sure that in its current state, my CAPTCHA image could be cracked by OCR software from the 1950s. So I'm hoping to take it up to the next level. How about using the spammers' own tricks against them? They try hard to make image spam pass through filters and resist OCR analysis. http://csoonline.com/read/040107/fea_spam.html -robin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On Tue, 2007-06-12 at 16:33 +0200, Tijnema wrote: On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 16:23 +0200, Tijnema wrote: On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 15:46 +0200, Tijnema wrote: Nope, it does actually check for Submit.x and Submit.y ;) DOH! :) Cheers, Rob. You seem pretty sure about it, what if he checks for Submit.y and Submit.x? :P:P Tijnema ??? I meant reverse order :P Oh, hehehe :D Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What can cause session_destroy to fail?
Jim Lucas wrote: Mattias Thorslund wrote: Hi, One of my clients just received a PHP warning that session_destroy() failed. Using the default session handler (with tmp files), what are the most likely things that can cause session_destroy() to return false? Thanks for any suggestions. Mattias The session was never initiated on that page with session_start() ?? on this page http://us.php.net/manual/en/function.session-destroy.php the first couple comments talk about different ways that the session_destroy() function call mail fail? Any sound close? I read that too, but (as I read it) it talks about what the function does, and what you must do to to kill the session properly. But I can't see what might actually cause the function to return false. Mattias -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On Tue, 2007-06-12 at 15:35 +0100, Robin Vickery wrote: On 10/06/07, Dave M G [EMAIL PROTECTED] wrote: PHP General List, With a little help from the web, and help from this list, I have a simple CAPTCHA image that works within the content system I'm building. But it's *really* simple. Basically white text on a black background, with a couple of white lines to obscure the text a little. I'm pretty sure that in its current state, my CAPTCHA image could be cracked by OCR software from the 1950s. So I'm hoping to take it up to the next level. How about using the spammers' own tricks against them? They try hard to make image spam pass through filters and resist OCR analysis. http://csoonline.com/read/040107/fea_spam.html The problem is that spammers don't care about the 10% or so of people that don't understand their images. They are playing a statistics game where they only rely on a tiny fraction of people understanding the obfuscated image and enquiring further. Web sites on the other hand often care about the people that don't understand the contents of the image. This is why CAPTCHA is a less than perfect solution. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
This is another intersting example of CAPTCHA, from - Carnegie Mellon University: http://recaptcha.net/ -- zerof http://www.educar.pro.br/ Apache - PHP - MySQL - Boolean Logics - Project Management -- Você deve, sempre, consultar uma segunda opinião! -- Deixe todos saberem se esta informação foi-lhe útil. -- You must hear, always, one second opinion! In all cases. -- Let the people know if this info was useful for you! -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question on Connecting to Microsoft SQL Server from PHP
All: I can't seem to connect to a SQL Server database with PHP. I have read the php.net documentation and so many other forums on the Internet that my eyes were literally blood shot. Today I thought I would try this route. I have PHP and Apache installed on my local machine. They work fine as I created another application with them (and MySQL) that worked as expected/designed. I want to connect to MS SQL Server 2000 that rests on another machine here at work. I can reach the tables and do whatever I want with them from my machine through SQL Query Analyzer. (The other machine runs a Windows Server. So I am trying to connect from one Windows box to another Windows box.) So I know that I can connect to the tables (and the machine that they rest on) from my machine. It is just that I get the following error when I load my PHP page: Warning: mssql_connect() [[ http://localhost/development_files/ordertrackno/where_is_it.php/fu nction.mssql-connect ]function.mssql-connect]: Unable to connect to server: . . . In my PHP page I have the following: $sql = mssql_connect (xx.xx.xx.xx:, xx, xx); $conn=mssql_select_db(xx, $sql); etc I have tried replacing the semicolon with a comma as some have said. I get the same error. I have tried replacing the quotation marks with an apostrophe and I get the same error. I have the Client tools installed on my machine. (I should mention that they are not installed on the Apache on my machine as I could not get them to install from the SQL Server disk to that location--only to the hardrive.). Again, they connect to the database. I can query the database from my machine. I have the latest ntwdblib.dllinstalled in the php, php\extension, apache\bin, and system 32 directories. What else . . . I have tried setting the msssql.secure_connection to both off and on and I still get the same error. I have ensured that TCP/IP and Named Pipes are enabled in the SQL Configuration tool. I have asked the network guy to help out but no luck there. Again, I am at a loss and need to get this up and running. Any suggestions would be appreciated. Thanks. Tommy Do you have any firewall software running on your local PC? (e.g. ZoneAlarm) This could be blocking the connection from Apache but allowing it for your other SQL client tools... Edward -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What can cause session_destroy to fail?
Mattias Thorslund wrote: Jim Lucas wrote: Mattias Thorslund wrote: Hi, One of my clients just received a PHP warning that session_destroy() failed. Using the default session handler (with tmp files), what are the most likely things that can cause session_destroy() to return false? Thanks for any suggestions. Mattias The session was never initiated on that page with session_start() ?? on this page http://us.php.net/manual/en/function.session-destroy.php the first couple comments talk about different ways that the session_destroy() function call mail fail? Any sound close? I read that too, but (as I read it) it talks about what the function does, and what you must do to to kill the session properly. But I can't see what might actually cause the function to return false. Mattias maybe the fact that the session was never started in the first place first off, define failed. Does it give a fatal error, return false, etc... ?? -- Jim Lucas Some men are born to greatness, some achieve greatness, and some have greatness thrust upon them. Twelfth Night, Act II, Scene V by William Shakespeare -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On Tue, 2007-06-12 at 11:53 -0300, zerof wrote: This is another intersting example of CAPTCHA, from - Carnegie Mellon University: http://recaptcha.net/ That's a pretty cool idea... doesn't necessarily improve CAPTCHA per se, but it does give it some usefulness beyond preventing spam. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What can cause session_destroy to fail?
Jim Lucas wrote: Mattias Thorslund wrote: Jim Lucas wrote: Mattias Thorslund wrote: Hi, One of my clients just received a PHP warning that session_destroy() failed. Using the default session handler (with tmp files), what are the most likely things that can cause session_destroy() to return false? Thanks for any suggestions. Mattias The session was never initiated on that page with session_start() ?? on this page http://us.php.net/manual/en/function.session-destroy.php the first couple comments talk about different ways that the session_destroy() function call mail fail? Any sound close? I read that too, but (as I read it) it talks about what the function does, and what you must do to to kill the session properly. But I can't see what might actually cause the function to return false. Mattias maybe the fact that the session was never started in the first place first off, define failed. Does it give a fatal error, return false, etc... ?? Returns false, as I mentioned twice above. Also returns a PHP warning. I got some more info now. The error message they get is session_destroy(): Session object destruction failed. On my test page, with simply a session_destroy() before any session_start(), the error (warning) message is Trying to destroy uninitialized session. This happens both on PHP 4.4.4 and 5.2.1. So, these are different... Mattias -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: efficient log system
Christian Hänsel wrote: Hello Alain, I can just tell you from my experience. I have recently created a, in my eyes, pretty big project, and wanted to track everything, starting from user navigation over search queries to login/out times, article printout times and count, photo views and everything your mind can imagine. I didn't do this for just the fun of it, but to see what our users do on our website and to improve the handling of the site. Anyhow, I think you get the idea. Now, what I've done, was to write all that into a mySQL database... and by now I think I shouldn't have done that. I did a DB-backup today (after 4 weeks of having the site up), and already the size of the DB is 10+ MB of textual data. What will it be after a year... 245.23 megs (3%+/-) given a 10% increase each 4 week set how do you have your table indexed? I once worked on a project that we had add banner displays/clicks tracking. we found that by turning off the indexing on the table, things went much faster and the size of the DB didn't get crazy. For your something changed from 'this' to 'that' are you doing a full copy of each bit of information, or are you doing a diff on the data and storing only the difference? So I guess it really depends on what you have in mind. I do store a lot of text data, so you might not even come up with 15% of what I'm saving. I think you should do some planning and try to see how many users will visit your page, and then calculate the amount of data your might be writing to files or a database. From my point of view, a database solution is just fine, until you have to restore that database from your local computer with a dump (uploading and all :oP) Just to show you what I dod and what amount of data I'm getting :o) Cheerio! Chris Alain Roger [EMAIL PROTECTED] schrieb im Newsbeitrag news:[EMAIL PROTECTED] Hi, I would like to create a log system to keep a trace of all users' actions (log-in, remove, change or update data, and so on...). What should i do or to what should i take care to not have problem ? I was thinking to create a folder on my server where log files will be stored, but what is the best practice. thanks a lot, -- Alain Windows XP SP2 PostgreSQL 8.1.4 Apache 2.2.4 PHP 5.2.1 -- Jim Lucas Some men are born to greatness, some achieve greatness, and some have greatness thrust upon them. Twelfth Night, Act II, Scene V by William Shakespeare -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
At 2:12 PM +0100 6/12/07, Stut wrote: The submit image is bigger than the circle, and I'm guessing Tedd is checking the coords passed through. -Stut Yes, that's all the technique does for now. It just checks the submit x and submit y and determines if those coordinates lie within the circle. I fixed the empty submit x/y that Tijnema Rob found, but that was my fault for not validating input -- but that doesn't invalidate the method. Please pardon my ignorance, but what I'm trying to understand is -- how can a bot click and determine the correct x/y coordinates to pass the test -- how do they do that? If it's just find the dot, then I could just as easily throw up other images (pig, chicken, diamond, heart) and have the use click the correct image (i.e., please click the heart). And, I could even morph the key image and provide it among others asking the user to click the image that comes close to the key image. Now, how is a bot going to figure that out? Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On Tue, 2007-06-12 at 11:49 -0400, tedd wrote: At 2:12 PM +0100 6/12/07, Stut wrote: The submit image is bigger than the circle, and I'm guessing Tedd is checking the coords passed through. -Stut Yes, that's all the technique does for now. It just checks the submit x and submit y and determines if those coordinates lie within the circle. I fixed the empty submit x/y that Tijnema Rob found, but that was my fault for not validating input -- but that doesn't invalidate the method. Please pardon my ignorance, but what I'm trying to understand is -- how can a bot click and determine the correct x/y coordinates to pass the test -- how do they do that? If it's just find the dot, then I could just as easily throw up other images (pig, chicken, diamond, heart) and have the use click the correct image (i.e., please click the heart). And, I could even morph the key image and provide it among others asking the user to click the image that comes close to the key image. Now, how is a bot going to figure that out? Finding a circle on a white background is easy. Finding a circle on a random background is fairly easy if it's the only circle. Find an arbitrary image within an image is a lot harder, but the same is true for humans unless it can in some way be clearly distinguished. However, you have another problem. let's say your image is 1000 x 1000 pixels. And you're random whatever shape sub-image is 100 x 100 pixels. This means you have 100 px^2 universe area, and 1 px^2 image area. As such, a random guess at a correct pixel will succeed: (1 * 100) / 100 = .10 = 10% of the time :) So this technique is weak to spamming. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On Tue, 2007-06-12 at 11:56 -0400, Robert Cummings wrote: On Tue, 2007-06-12 at 11:49 -0400, tedd wrote: At 2:12 PM +0100 6/12/07, Stut wrote: The submit image is bigger than the circle, and I'm guessing Tedd is checking the coords passed through. -Stut Yes, that's all the technique does for now. It just checks the submit x and submit y and determines if those coordinates lie within the circle. I fixed the empty submit x/y that Tijnema Rob found, but that was my fault for not validating input -- but that doesn't invalidate the method. Please pardon my ignorance, but what I'm trying to understand is -- how can a bot click and determine the correct x/y coordinates to pass the test -- how do they do that? If it's just find the dot, then I could just as easily throw up other images (pig, chicken, diamond, heart) and have the use click the correct image (i.e., please click the heart). And, I could even morph the key image and provide it among others asking the user to click the image that comes close to the key image. Now, how is a bot going to figure that out? Finding a circle on a white background is easy. Finding a circle on a random background is fairly easy if it's the only circle. Find an arbitrary image within an image is a lot harder, but the same is true for humans unless it can in some way be clearly distinguished. However, you have another problem. let's say your image is 1000 x 1000 pixels. And you're random whatever shape sub-image is 100 x 100 pixels. This means you have 100 px^2 universe area, and 1 px^2 image area. As such, a random guess at a correct pixel will succeed: (1 * 100) / 100 = .10 = 10% of the time Bad math alert... (1 * 100) / 100 = 10;) Still the same answer though, was just mixing what I wrote with what I was thinking :) Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On Tue, 2007-06-12 at 12:01 -0400, Robert Cummings wrote: On Tue, 2007-06-12 at 11:56 -0400, Robert Cummings wrote: (1 * 100) / 100 = .10 = 10% of the time Bad math alert... (1 * 100) / 100 = 10;) Still the same answer though, was just mixing what I wrote with what I was thinking :) Bleh, what's wrong with me today... it's 1% not 10%. Still within reason for a spammer. *smacks head to clear the fog* Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] efficient log system
On 6/12/07, Alain Roger [EMAIL PROTECTED] wrote: Hi, I would like to create a log system to keep a trace of all users' actions (log-in, remove, change or update data, and so on...). What should i do or to what should i take care to not have problem ? I was thinking to create a folder on my server where log files will be stored, but what is the best practice. thanks a lot, -- Alain Windows XP SP2 PostgreSQL 8.1.4 Apache 2.2.4 PHP 5.2.1 If you have access to the servers Apache access logs you can sort of get some of this information yourself. If you know that /admin/edit.php?id=4 is showing a record and a POST follows you know someone edited the record. This way you can just parse the logs in any way you can think of while keeping the actual code to your site clean. I'd imagine you want more detailed information based on user id's and all that, but this is an option. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 12:01 -0400, Robert Cummings wrote: On Tue, 2007-06-12 at 11:56 -0400, Robert Cummings wrote: (1 * 100) / 100 = .10 = 10% of the time Bad math alert... (1 * 100) / 100 = 10;) Still the same answer though, was just mixing what I wrote with what I was thinking :) Bleh, what's wrong with me today... it's 1% not 10%. Still within reason for a spammer. *smacks head to clear the fog* Cheers, Rob. So, that means that you need to allow maximum of 10 attempts per few minutes, so that there will be 0,1% change ;) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Looking for help with forms/variables and an array!
I am sure I am on the right track. Register globals is turned on! I am getting the following error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[''] LIMIT 0, 1' at line 1 mysql_select_db($database_ftn, $ftn); @extract($_POST); $query_Recordset1 = SELECT * FROM lstng_tbl WHERE price_range= '[$select1]'; I am trying to get a php form variable into the above sql query. '[$select1]' if changed back to the number 1 will bring up a record just fine. Putting in a variable produces the error. How do I get a php form variable into a sql query? Below is my form form id=form1 name=form1 method=post action=index_dev.php labelmarket select name=select1 OPTION value=1Indiana/OPTION OPTION value=2Wisconsin/OPTION OPTION value=3Illinois/OPTION OPTION value=4Michigan/OPTION OPTION value=5Georgia/OPTION OPTION value=6Florida/OPTION /select /label /form Brad Interesting suggestion. I though ajax was mainly gear towards microsoft and javascripting applications? -Original Message- From: George Pitcher [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 12, 2007 5:42 AM To: BSumrall Subject: RE: [PHP] Looking for help with forms/variables and an array! Hi, Have you looked at Ajax? This will do just what you have described. When the user makes their first choice, Ajax queries the database to return the options for the secont drop-down box. George -Original Message- From: BSumrall [mailto:[EMAIL PROTECTED] Sent: 12 June 2007 9:34 am To: php-general@lists.php.net Subject: RE: [PHP] Looking for help with forms/variables and an array! I got a little bit further, but still feel like the monkey with a light-bulb! OPTION value=1Over $2 million/OPTION -Original Message- From: BSumrall [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 12, 2007 4:21 AM To: php-general@lists.php.net Subject: [PHP] Looking for help with forms/variables and an array! Dreamweaver help me with a good part of this, but now I am in the nitty gritty code and trying to figure out. General concept: A selection box has 4 options, php queries the Mysql database for matching options. Then a second options box with another 4 options filters the query even more. Aspects I am a little stuck on. 1 associating options (in drop down box) with a variable 2 carrying the result set over two the second drop down box Producing my final result set. Here are some snippets of where I am at. First selection box: form id=form1 name=form1 method=post action= labelmarket select name=select OPTIONoption1/OPTION OPTIONoption2/OPTION OPTIONoption3/OPTION OPTIONoption4/OPTION /select Second selection box: form id=form2 name=form2 method=post action= labelmarket select name=select OPTIONoption1/OPTION OPTIONoption2/OPTION OPTIONoption3/OPTION OPTIONoption4/OPTION /select $query_Recordset1 = SELECT * FROM lstng_tbl WHERE range = '1'; The number one is what the first set of just above is what form one is supposed to change. After that, how is the world am I going to do it twice for the second part of the query? Some good literature on how to do it TWICE would really help understand this. I find tons of stuff on doing it once! Thank you kindly for any guidance you can provide. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On Tue, 2007-06-12 at 18:19 +0200, Tijnema wrote: On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 12:01 -0400, Robert Cummings wrote: On Tue, 2007-06-12 at 11:56 -0400, Robert Cummings wrote: (1 * 100) / 100 = .10 = 10% of the time Bad math alert... (1 * 100) / 100 = 10;) Still the same answer though, was just mixing what I wrote with what I was thinking :) Bleh, what's wrong with me today... it's 1% not 10%. Still within reason for a spammer. *smacks head to clear the fog* So, that means that you need to allow maximum of 10 attempts per few minutes, so that there will be 0,1% change ;) Using Ted's technique I've found the perfect CAPTCHA -- and it's fun too: http://shorl.com/nomojeryprafri Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php script from bat file
What's the syntax I need to use to execute a PHP script from a batch file? PHP is installed in 'C:\PHP' and the script I want to run is in 'C:\Inetpub\scripts\run.php'. I've created a Windows batch file which executes from the 'C:\PHP' directory and contains a single line 'php.exe C:\Inetpub\scripts\run.php'. It seems to run ok but nothing happens. Any ideas? Thanks, Dave ** HTC Disclaimer: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. **
RE: [PHP] php script from bat file
[snip] What's the syntax I need to use to execute a PHP script from a batch file? PHP is installed in 'C:\PHP' and the script I want to run is in 'C:\Inetpub\scripts\run.php'. I've created a Windows batch file which executes from the 'C:\PHP' directory and contains a single line 'php.exe C:\Inetpub\scripts\run.php'. It seems to run ok but nothing happens. Any ideas? [/snip] Is php.exe in your path? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Looking for help with forms/variables and an array!
On Tue, 2007-06-12 at 12:19 -0400, BSumrall wrote: I am sure I am on the right track. Register globals is turned on! I am getting the following error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[''] LIMIT 0, 1' at line 1 mysql_select_db($database_ftn, $ftn); @extract($_POST); BAD!!! BAD DOG!!! This is probably worse than register globals since it allows clobbering of variables AFTER you've defined any other local scope vars. Besides, it's redundant if you have register_globals on as you say above. But having register_globals is BAD! BAD DOG!! GO TO YOUR KENNEL! $query_Recordset1 = SELECT * FROM lstng_tbl WHERE price_range= '[$select1]'; What's with the square brackets? Why haven't your escaped the $select value before using it in a query? Are you using the magic quotes GPC? If so... BAD!!! BAD DOG!! What the hell is lstng_tbl?? Or are you allergic to the readability enahcning properties of vowels? If so... BAD DOG!! BAAAD DG! Go play with traffic! Why do you post fix it with _tpl? Of course it's a friggin' table. I am trying to get a php form variable into the above sql query. '[$select1]' if changed back to the number 1 will bring up a record just fine. Putting in a variable produces the error. Who's putting in the variables? you or your visitors? *lol* How do I get a php form variable into a sql query? Below is my form form id=form1 name=form1 method=post action=index_dev.php labelmarket select name=select1 OPTION value=1Indiana/OPTION OPTION value=2Wisconsin/OPTION OPTION value=3Illinois/OPTION OPTION value=4Michigan/OPTION OPTION value=5Georgia/OPTION OPTION value=6Florida/OPTION /select /label /form $query = SELECT .* .FROM .listing .WHERE .price_range = '.mysql_real_escape_string( $_POST['select1'] ).' ; Cheers, Rob. Ps. BAD DOG!! :) -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Looking for help with forms/variables and an array!
BSumrall wrote:
I am sure I am on the right track.
Register globals is turned on!
I am getting the following error:
You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near '[''] LIMIT 0, 1'
at line 1
mysql_select_db($database_ftn, $ftn);
@extract($_POST);
$query_Recordset1 = SELECT * FROM lstng_tbl WHERE price_range=
'[$select1]';
$query_Recordset1 = SELECT * FROM lstng_tbl WHERE price_range = '[$select1]';
Why do you have brackets in this statement? Are they actually in the data that
way?
Try this, curly braces:
$query_Recordset1 = SELECT * FROM lstng_tbl WHERE price_range = '{$select1}';
I am trying to get a php form variable into the above sql query.
'[$select1]' if changed back to the number 1 will bring up a record just
fine.
Putting in a variable produces the error.
How do I get a php form variable into a sql query?
Below is my form
form id=form1 name=form1 method=post action=index_dev.php
labelmarket
select name=select1
OPTION value=1Indiana/OPTION
OPTION value=2Wisconsin/OPTION
OPTION value=3Illinois/OPTION
OPTION value=4Michigan/OPTION
OPTION value=5Georgia/OPTION
OPTION value=6Florida/OPTION
/select
/label
/form
Brad
Interesting suggestion.
I though ajax was mainly gear towards microsoft and javascripting
applications?
-Original Message-
From: George Pitcher [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 12, 2007 5:42 AM
To: BSumrall
Subject: RE: [PHP] Looking for help with forms/variables and an array!
Hi,
Have you looked at Ajax? This will do just what you have
described. When the
user makes their first choice, Ajax queries the database to return the
options for the secont drop-down box.
George
-Original Message-
From: BSumrall [mailto:[EMAIL PROTECTED]
Sent: 12 June 2007 9:34 am
To: php-general@lists.php.net
Subject: RE: [PHP] Looking for help with forms/variables and an array!
I got a little bit further, but still feel like the monkey with a
light-bulb!
OPTION value=1Over $2 million/OPTION
-Original Message-
From: BSumrall [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 12, 2007 4:21 AM
To: php-general@lists.php.net
Subject: [PHP] Looking for help with forms/variables and an array!
Dreamweaver help me with a good part of this, but now I am in the nitty
gritty code and trying to figure out.
General concept:
A selection box has 4 options, php queries the Mysql database
for matching
options.
Then a second options box with another 4 options filters the query even
more.
Aspects I am a little stuck on.
1 associating options (in drop down box) with a variable
2 carrying the result set over two the second drop down box
Producing my final result set.
Here are some snippets of where I am at.
First selection box:
form id=form1 name=form1 method=post action=
labelmarket
select name=select
OPTIONoption1/OPTION
OPTIONoption2/OPTION
OPTIONoption3/OPTION
OPTIONoption4/OPTION
/select
Second selection box:
form id=form2 name=form2 method=post action=
labelmarket
select name=select
OPTIONoption1/OPTION
OPTIONoption2/OPTION
OPTIONoption3/OPTION
OPTIONoption4/OPTION
/select
$query_Recordset1 = SELECT * FROM lstng_tbl WHERE range = '1';
The number one is what the first set of just above is what form one is
supposed to change.
After that, how is the world am I going to do it twice for the
second part
of the query?
Some good literature on how to do it TWICE would really help understand
this.
I find tons of stuff on doing it once!
Thank you kindly for any guidance you can provide.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Jim Lucas
Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them.
Twelfth Night, Act II, Scene V
by William Shakespeare
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Looking for help with forms/variables and an array!
The purpose for register_globals is for testing and functionality purposes only. Every single example on the internet is for register_globals = on. I am very aware of the security risk of it. Get it working and then change it back. There is plenty of literature on how to edit existing working code once you disable it. Just working with the tools I have! As far as _tbl instead of table, I picked that one up in the military, just a preference. As far as the brackets, I tried with or without; price_range='[$select1]'; price_range='$select1'; price_range=select1; All the same miserable error! Any suggestions on how to get select1 - price_range= would truly be appreciated, and if your suggestion it more secure than what I am working with. This would be the icing on the cake! Brad -Original Message- From: Robert Cummings [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 12, 2007 12:38 PM To: BSumrall Cc: php-general@lists.php.net Subject: RE: [PHP] Looking for help with forms/variables and an array! On Tue, 2007-06-12 at 12:19 -0400, BSumrall wrote: I am sure I am on the right track. Register globals is turned on! I am getting the following error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[''] LIMIT 0, 1' at line 1 mysql_select_db($database_ftn, $ftn); @extract($_POST); BAD!!! BAD DOG!!! This is probably worse than register globals since it allows clobbering of variables AFTER you've defined any other local scope vars. Besides, it's redundant if you have register_globals on as you say above. But having register_globals is BAD! BAD DOG!! GO TO YOUR KENNEL! $query_Recordset1 = SELECT * FROM lstng_tbl WHERE price_range= '[$select1]'; What's with the square brackets? Why haven't your escaped the $select value before using it in a query? Are you using the magic quotes GPC? If so... BAD!!! BAD DOG!! What the hell is lstng_tbl?? Or are you allergic to the readability enahcning properties of vowels? If so... BAD DOG!! BAAAD DG! Go play with traffic! Why do you post fix it with _tpl? Of course it's a friggin' table. I am trying to get a php form variable into the above sql query. '[$select1]' if changed back to the number 1 will bring up a record just fine. Putting in a variable produces the error. Who's putting in the variables? you or your visitors? *lol* How do I get a php form variable into a sql query? Below is my form form id=form1 name=form1 method=post action=index_dev.php labelmarket select name=select1 OPTION value=1Indiana/OPTION OPTION value=2Wisconsin/OPTION OPTION value=3Illinois/OPTION OPTION value=4Michigan/OPTION OPTION value=5Georgia/OPTION OPTION value=6Florida/OPTION /select /label /form $query = SELECT .* .FROM .listing .WHERE .price_range = '.mysql_real_escape_string( $_POST['select1'] ).' ; Cheers, Rob. Ps. BAD DOG!! :) -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Looking for help with forms/variables and an array!
It doesn't like the curly brackets either!
Brad
-Original Message-
From: Jim Lucas [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 12, 2007 12:39 PM
To: BSumrall
Cc: php-general@lists.php.net
Subject: Re: [PHP] Looking for help with forms/variables and an array!
BSumrall wrote:
I am sure I am on the right track.
Register globals is turned on!
I am getting the following error:
You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near '[''] LIMIT 0,
1'
at line 1
mysql_select_db($database_ftn, $ftn);
@extract($_POST);
$query_Recordset1 = SELECT * FROM lstng_tbl WHERE price_range=
'[$select1]';
$query_Recordset1 = SELECT * FROM lstng_tbl WHERE price_range =
'[$select1]';
Why do you have brackets in this statement? Are they actually in the data
that way?
Try this, curly braces:
$query_Recordset1 = SELECT * FROM lstng_tbl WHERE price_range =
'{$select1}';
I am trying to get a php form variable into the above sql query.
'[$select1]' if changed back to the number 1 will bring up a record just
fine.
Putting in a variable produces the error.
How do I get a php form variable into a sql query?
Below is my form
form id=form1 name=form1 method=post action=index_dev.php
labelmarket
select name=select1
OPTION value=1Indiana/OPTION
OPTION value=2Wisconsin/OPTION
OPTION value=3Illinois/OPTION
OPTION value=4Michigan/OPTION
OPTION value=5Georgia/OPTION
OPTION value=6Florida/OPTION
/select
/label
/form
Brad
Interesting suggestion.
I though ajax was mainly gear towards microsoft and javascripting
applications?
-Original Message-
From: George Pitcher [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 12, 2007 5:42 AM
To: BSumrall
Subject: RE: [PHP] Looking for help with forms/variables and an array!
Hi,
Have you looked at Ajax? This will do just what you have
described. When the
user makes their first choice, Ajax queries the database to return the
options for the secont drop-down box.
George
-Original Message-
From: BSumrall [mailto:[EMAIL PROTECTED]
Sent: 12 June 2007 9:34 am
To: php-general@lists.php.net
Subject: RE: [PHP] Looking for help with forms/variables and an array!
I got a little bit further, but still feel like the monkey with a
light-bulb!
OPTION value=1Over $2 million/OPTION
-Original Message-
From: BSumrall [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 12, 2007 4:21 AM
To: php-general@lists.php.net
Subject: [PHP] Looking for help with forms/variables and an array!
Dreamweaver help me with a good part of this, but now I am in the nitty
gritty code and trying to figure out.
General concept:
A selection box has 4 options, php queries the Mysql database
for matching
options.
Then a second options box with another 4 options filters the query even
more.
Aspects I am a little stuck on.
1 associating options (in drop down box) with a variable
2 carrying the result set over two the second drop down box
Producing my final result set.
Here are some snippets of where I am at.
First selection box:
form id=form1 name=form1 method=post action=
labelmarket
select name=select
OPTIONoption1/OPTION
OPTIONoption2/OPTION
OPTIONoption3/OPTION
OPTIONoption4/OPTION
/select
Second selection box:
form id=form2 name=form2 method=post action=
labelmarket
select name=select
OPTIONoption1/OPTION
OPTIONoption2/OPTION
OPTIONoption3/OPTION
OPTIONoption4/OPTION
/select
$query_Recordset1 = SELECT * FROM lstng_tbl WHERE range = '1';
The number one is what the first set of just above is what form one is
supposed to change.
After that, how is the world am I going to do it twice for the
second part
of the query?
Some good literature on how to do it TWICE would really help understand
this.
I find tons of stuff on doing it once!
Thank you kindly for any guidance you can provide.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Jim Lucas
Some men are born to
Re: [PHP] Going from simple to super CAPTCHA
On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 18:19 +0200, Tijnema wrote: On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 12:01 -0400, Robert Cummings wrote: On Tue, 2007-06-12 at 11:56 -0400, Robert Cummings wrote: (1 * 100) / 100 = .10 = 10% of the time Bad math alert... (1 * 100) / 100 = 10;) Still the same answer though, was just mixing what I wrote with what I was thinking :) Bleh, what's wrong with me today... it's 1% not 10%. Still within reason for a spammer. *smacks head to clear the fog* So, that means that you need to allow maximum of 10 attempts per few minutes, so that there will be 0,1% change ;) Using Ted's technique I've found the perfect CAPTCHA -- and it's fun too: http://shorl.com/nomojeryprafri Cheers, Rob. Hmm, LOL Ok, found him ;) He's under the ground ... :P Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Looking for help with forms/variables and an array!
On Tue, 2007-06-12 at 13:02 -0400, BSumrall wrote: The purpose for register_globals is for testing and functionality purposes only. Every single example on the internet is for register_globals = on. That's no excuse... and you're wrong. I am very aware of the security risk of it. Ok... and magic_quotes? You don't seem to be escaping your data that goes into the query either. You don't seem very aware of the security risk. Get it working and then change it back. There is plenty of literature on how to edit existing working code once you disable it. Why do it twice? Why risk forgetting something after the fact? Coding securely requires that you practice coding securely and not just hope you can apply a coat of armorall afterwards. Just working with the tools I have! The same tools I have, if not then you have more. As far as _tbl instead of table, I picked that one up in the military, just a preference. As far as the brackets, I tried with or without; price_range='[$select1]'; price_range='$select1'; price_range=select1; All the same miserable error! Any suggestions on how to get select1 - price_range= would truly be appreciated, and if your suggestion it more secure than what I am working with. This would be the icing on the cake! I gave you an example at the bottom of my post. Are you passing the $query string directly to the mysql_query() function? Maybe do the following just before running the query: echo $query.\n; Then check it to see that it's what you expect. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On Tue, 2007-06-12 at 19:23 +0200, Tijnema wrote: On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 18:19 +0200, Tijnema wrote: On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 12:01 -0400, Robert Cummings wrote: On Tue, 2007-06-12 at 11:56 -0400, Robert Cummings wrote: (1 * 100) / 100 = .10 = 10% of the time Bad math alert... (1 * 100) / 100 = 10;) Still the same answer though, was just mixing what I wrote with what I was thinking :) Bleh, what's wrong with me today... it's 1% not 10%. Still within reason for a spammer. *smacks head to clear the fog* So, that means that you need to allow maximum of 10 attempts per few minutes, so that there will be 0,1% change ;) Using Ted's technique I've found the perfect CAPTCHA -- and it's fun too: http://shorl.com/nomojeryprafri Cheers, Rob. Hmm, LOL Ok, found him ;) He's under the ground ... :P Heheh, nah, not this time... he's in one of the bumper cars :) Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 19:23 +0200, Tijnema wrote: On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 18:19 +0200, Tijnema wrote: On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 12:01 -0400, Robert Cummings wrote: On Tue, 2007-06-12 at 11:56 -0400, Robert Cummings wrote: (1 * 100) / 100 = .10 = 10% of the time Bad math alert... (1 * 100) / 100 = 10;) Still the same answer though, was just mixing what I wrote with what I was thinking :) Bleh, what's wrong with me today... it's 1% not 10%. Still within reason for a spammer. *smacks head to clear the fog* So, that means that you need to allow maximum of 10 attempts per few minutes, so that there will be 0,1% change ;) Using Ted's technique I've found the perfect CAPTCHA -- and it's fun too: http://shorl.com/nomojeryprafri Cheers, Rob. Hmm, LOL Ok, found him ;) He's under the ground ... :P Heheh, nah, not this time... he's in one of the bumper cars :) Cheers, Rob. I see ;) So you want to take this picture, change the position of bin laden randomly, and then just let every user before they post find bin laden ;) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Looking for help with forms/variables and an array!
BSumrall wrote:
It doesn't like the curly brackets either!
Brad
if this is within PHP, the '{' and '}' are within double quotes (which they
seem to be),
These examples should all do the same thing.
$query_Recordset1 = SELECT * FROM lstng_tbl WHERE price_range = '$select1';
$query_Recordset1 = SELECT * FROM lstng_tbl WHERE price_range = '{$select1}';
$query_Recordset1 = SELECT * FROM lstng_tbl WHERE price_range =
'.$select1.';
echo $query_Recordset1;
place an echo just after including the variable and see if you see the brackets
in the statement.
--
Jim Lucas
Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them.
Twelfth Night, Act II, Scene V
by William Shakespeare
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On Tue, 2007-06-12 at 19:34 +0200, Tijnema wrote: On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 19:23 +0200, Tijnema wrote: On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 18:19 +0200, Tijnema wrote: On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 12:01 -0400, Robert Cummings wrote: On Tue, 2007-06-12 at 11:56 -0400, Robert Cummings wrote: (1 * 100) / 100 = .10 = 10% of the time Bad math alert... (1 * 100) / 100 = 10;) Still the same answer though, was just mixing what I wrote with what I was thinking :) Bleh, what's wrong with me today... it's 1% not 10%. Still within reason for a spammer. *smacks head to clear the fog* So, that means that you need to allow maximum of 10 attempts per few minutes, so that there will be 0,1% change ;) Using Ted's technique I've found the perfect CAPTCHA -- and it's fun too: http://shorl.com/nomojeryprafri Cheers, Rob. Hmm, LOL Ok, found him ;) He's under the ground ... :P Heheh, nah, not this time... he's in one of the bumper cars :) Cheers, Rob. I see ;) So you want to take this picture, change the position of bin laden randomly, and then just let every user before they post find bin laden ;) Of course not... I posted it as a joke :) Besides, it would be weak against pattern matching of Bin Laden's head or if different heads were used then would be able to compare images to find where differences occur... but I know you knew that already :) Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php script from bat file
On 6/12/07, Bosky, Dave [EMAIL PROTECTED] wrote: What's the syntax I need to use to execute a PHP script from a batch file? PHP is installed in 'C:\PHP' and the script I want to run is in 'C:\Inetpub\scripts\run.php'. I've created a Windows batch file which executes from the 'C:\PHP' directory and contains a single line 'php.exe C:\Inetpub\scripts\run.php'. It seems to run ok but nothing happens. Any ideas? Thanks, Dave Try using the full path to the php.exe binary, I don't have PHP on windows, but I guess it is c:\PHP\bin\php.exe in your example, so that would become C:\PHP\bin\php.exe C:\Inetpub\scripts\run.php Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Going from simple to super CAPTCHA
-Original Message- From: Tijnema [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 12, 2007 1:34 PM To: Robert Cummings Cc: tedd; Stut; Jim Lucas; php-general@lists.php.net Subject: Re: [PHP] Going from simple to super CAPTCHA On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 19:23 +0200, Tijnema wrote: On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 18:19 +0200, Tijnema wrote: On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 12:01 -0400, Robert Cummings wrote: On Tue, 2007-06-12 at 11:56 -0400, Robert Cummings wrote: (1 * 100) / 100 = .10 = 10% of the time Bad math alert... (1 * 100) / 100 = 10;) Still the same answer though, was just mixing what I wrote with what I was thinking :) Bleh, what's wrong with me today... it's 1% not 10%. Still within reason for a spammer. *smacks head to clear the fog* So, that means that you need to allow maximum of 10 attempts per few minutes, so that there will be 0,1% change ;) Using Ted's technique I've found the perfect CAPTCHA -- and it's fun too: http://shorl.com/nomojeryprafri Cheers, Rob. Hmm, LOL Ok, found him ;) He's under the ground ... :P Heheh, nah, not this time... he's in one of the bumper cars :) Cheers, Rob. I see ;) So you want to take this picture, change the position of bin laden randomly, and then just let every user before they post find bin laden ;) At least you don't have to worry about 'W' posting in your forums. He'll still be looking 5 years from now. ;) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question on Connecting to Microsoft SQL Server from PHP
In my PHP page I have the following:
$sql = mssql_connect (xx.xx.xx.xx:, xx, xx);
$conn=mssql_select_db(xx, $sql);
Since both servers are within your local network, you should be able to
connect as follows:
$connection = mssql_connect('SERVERNAME','username','password') or die
('Cannot connect to server');
$database = mssql_select_db(my_database_name, $mssql_connection) or die
('DB selection failed');
Possible SQL Server issues:
Unless your internal network does not trust your other servers, you
should not have to use ip:port. Just use the servers actual name.
I would also put in the or die statements so you know if you are failing
connecting to the server or to the DB.
Also, make sure the username/password you are using to connect is setup in
MSSQL Server as a valid user for your database.
Possible PHP issues:
In your php.ini file make sure that extension=php_mssql.dll is uncommented
You should only have mssql.secure_connection = Off set to On if you are
trying to use NT Authentification.
On 6/12/07, Edward Kay [EMAIL PROTECTED] wrote:
All:
I can't seem to connect to a SQL Server database with PHP. I have read
the
php.net documentation and so many other forums on the Internet that my
eyes were literally blood shot. Today I thought I would try this route.
I have PHP and Apache installed on my local machine. They work fine as I
created another application with them (and MySQL) that worked as
expected/designed. I want to connect to MS SQL Server 2000 that rests on
another machine here at work. I can reach the tables and do whatever I
want with them from my machine through SQL Query Analyzer. (The other
machine runs a Windows Server. So I am trying to connect from one
Windows
box to another Windows box.) So I know that I can connect to the tables
(and the machine that they rest on) from my machine. It is just that I
get
the following error when I load my PHP page: Warning: mssql_connect()
[[
http://localhost/development_files/ordertrackno/where_is_it.php/fu
nction.mssql-connect
]function.mssql-connect]: Unable to connect to server: . . .
In my PHP page I have the following:
$sql = mssql_connect (xx.xx.xx.xx:, xx, xx);
$conn=mssql_select_db(xx, $sql);
etc
I have tried replacing the semicolon with a comma as some have said. I
get
the same error. I have tried replacing the quotation marks with an
apostrophe and I get the same error.
I have the Client tools installed on my machine. (I should mention that
they are not installed on the Apache on my machine as I could not get
them
to install from the SQL Server disk to that location--only to the
hardrive.). Again, they connect to the database. I can query the
database
from my machine. I have the latest ntwdblib.dllinstalled in the php,
php\extension, apache\bin, and system 32 directories.
What else . . .
I have tried setting the msssql.secure_connection to both off and on and
I
still get the same error.
I have ensured that TCP/IP and Named Pipes are enabled in the SQL
Configuration tool.
I have asked the network guy to help out but no luck there.
Again, I am at a loss and need to get this up and running. Any
suggestions
would be appreciated.
Thanks.
Tommy
Do you have any firewall software running on your local PC? (e.g.
ZoneAlarm)
This could be blocking the connection from Apache but allowing it for your
other SQL client tools...
Edward
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php script from bat file
php.exe expects a PHP script as an argument, usually. You can run it interactively with -a or use -i to get phpinfo output and so on, but php.exe with nothing at all will run and not do much of anything. On Tue, June 12, 2007 11:30 am, Bosky, Dave wrote: What's the syntax I need to use to execute a PHP script from a batch file? PHP is installed in 'C:\PHP' and the script I want to run is in 'C:\Inetpub\scripts\run.php'. I've created a Windows batch file which executes from the 'C:\PHP' directory and contains a single line 'php.exe C:\Inetpub\scripts\run.php'. It seems to run ok but nothing happens. Any ideas? Thanks, Dave ** HTC Disclaimer: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. ** -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP list as a blog
I have set up our new Chisimba blog system (GPL, http://avoir.uwc.ac.za) to blog all of the posts to this list. Please check it out at http://196.21.45.50/fsiu/chisimba_framework/app/index.php?module=blogaction=allblogs and let me know what you think! Thanks --Paul All Email originating from UWC is covered by disclaimer http://www.uwc.ac.za/portal/uwc2006/content/mail_disclaimer/index.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question on Connecting to Microsoft SQL Server from PHP
You may want to try using the Sybase drivers. MS basically bought Sybase and re-named it MS SQL and then broke a lot of stuff :-) One of the things they haven't broken (yet) is the basic Sybase driver functionality to send queries. For sure, ' versus won't make any difference. You may want to take out he : port info -- unless you've worked hard to set up the server on some weird port or something, the default should just work. Also see if there are any error messages available: in Apache error log in MS SQL error logs (good luck!) in mssql_error() or whatever it is in $php_errormsg or whatever it is (turn it on in php.ini) You might also want to try running ethereal or netstat or whatever it is that will tell you what traffic is happening across your ethernet... On Tue, June 12, 2007 9:00 am, Tommy Peterson wrote: All: I can't seem to connect to a SQL Server database with PHP. I have read the php.net documentation and so many other forums on the Internet that my eyes were literally blood shot. Today I thought I would try this route. I have PHP and Apache installed on my local machine. They work fine as I created another application with them (and MySQL) that worked as expected/designed. I want to connect to MS SQL Server 2000 that rests on another machine here at work. I can reach the tables and do whatever I want with them from my machine through SQL Query Analyzer. (The other machine runs a Windows Server. So I am trying to connect from one Windows box to another Windows box.) So I know that I can connect to the tables (and the machine that they rest on) from my machine. It is just that I get the following error when I load my PHP page: Warning: mssql_connect() [[ http://localhost/development_files/ordertrackno/where_is_it.php/function.mssql-connect ]function.mssql-connect]: Unable to connect to server: . . . In my PHP page I have the following: $sql = mssql_connect (xx.xx.xx.xx:, xx, xx); $conn=mssql_select_db(xx, $sql); etc I have tried replacing the semicolon with a comma as some have said. I get the same error. I have tried replacing the quotation marks with an apostrophe and I get the same error. I have the Client tools installed on my machine. (I should mention that they are not installed on the Apache on my machine as I could not get them to install from the SQL Server disk to that location--only to the hardrive.). Again, they connect to the database. I can query the database from my machine. I have the latest ntwdblib.dllinstalled in the php, php\extension, apache\bin, and system 32 directories. What else . . . I have tried setting the msssql.secure_connection to both off and on and I still get the same error. I have ensured that TCP/IP and Named Pipes are enabled in the SQL Configuration tool. I have asked the network guy to help out but no luck there. Again, I am at a loss and need to get this up and running. Any suggestions would be appreciated. Thanks. Tommy -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] any security problems with this?
On Tue, June 12, 2007 7:01 am, Ross wrote: I have a page of functions that I include in my page head. In this I have a function to connect. I can then just call this on each page when i need it. Does doing it this way cause any potential security risks? Of course there is risk. Everything involves risk. That it is a NECESSARY risk does not make it not a risk. The risk is that you now have your password written down somewhere. The questions to ask yourself are: Who can now read this password that shouldn't What can they do with that password that they shouldn't You can REDUCE the risk by making it difficult for people to read the file. In particularl, it should not be in the web tree with all your .htm and .php files, but in a separate directory, outside the web tree, so that nobody could possibly surf directly to it and read it as text. Start reading here: http://phpsec.org/ -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Effect of syntax error in php.ini
Hi I have come across some very strange behavior with php-4.3.9-3.22.5 when using Moodle 1.8+ on a CentOS 4.5 Linux platform. If I accidentally corrupt the php.ini file as follows and restart Apache all is well and admin/index.php displays correctly. The corrupt section in php.ini is shown below: ; Resource Limits ; ;;; max_execution_time = 30 max_input_time = 60 memory_limit = 60M ; Maximum amount of memory a script may consume If I correct the comment line by removing the carriage return after the word script and restart Apache the page admin/index.php just comes up blank. The uncorrupted section in php.ini is shown below: ; Resource Limits ; ;;; max_execution_time = 30 max_input_time = 60 memory_limit = 60M ; Maximum amount of memory a script may consume What effect does introducing a syntax error into php.ini have? Anyone any idea what on earth is happening here??? Any suggestions most welcome... Clive Clive Gould HE PAL ICT Bromley College -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: any security problems with this?
On Tue, June 12, 2007 7:58 am, Eric Butera wrote: On 6/12/07, Stut [EMAIL PROTECTED] wrote: Dave Goodchild wrote: Unless some server config error causes that stuff to be output on the page? I tend to put such functions in a .inc file and amend the .htaccess to prevent download. Unless some server config error causes it to ignore .htaccess. The basic rule when it comes to securing this stuff is to stick it outside the web root. That way only a monumentally stupid server admin or developer can make it possible for the average web user to get at it. Oh, hang on...! -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Just to throw this out there, you can put your information in the Apache config too and get the values from $_SERVER. This way it can be owned by root. See http://ilia.ws/files/quebec_security.pdf slide 59. The downside of that is that something as simple as: ?php phpinfo();? will dump your password out as part of $_ENV or $_SERVER That's probably NOT a good idea in many environments, but an excellent idea in some. Security cannot be evaluated in isolation. And, of course, many users won't have access to httpd.conf, so that's not an option at all in those environments. One has to look at the Big Picture to make the final decision between: outside web tree in .php (or .inc) file in httpd.conf There are probably other arcane solutions out there but probably not very practical for most uses. I really can't recommend to keep it in the webtree with only .htaccess protecting it, personally, though many seem to think that's fine... I guess they never did anything bone-headed like: tar -cvzf export.tar httpdocs and then untar-ed it on another server, forgetting that .htaccess and other hidden files wouldn't be caught by tar that way, and then the password was just siting out there for the public to snarf... Until I ran across the images that didn't work because the ForceType in .htaccess wasn't there. So for a good 10 minutes [shudder] my database password was available on the Internet... I'm sure nobody else in the course of history will make this same bone-headed mistake. No. Never. :-) -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: any security problems with this?
On Tue, June 12, 2007 8:08 am, Dave Goodchild wrote: Sure, I usually put these files outside the docroot - unless I am in some f**ked-up hosting environment that doesn't let me change the include path... If one finds oneself in such an environment, or one in which there *IS* no directory outside the webtree... Honestly, there are only a few thousand other webhosts out there with less f-ed up environments. Move. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Looking for help with forms/variables and an array!
Wouldn't a little javascript solve this problem??
Have your first dropdown menu, then when an option is selected use a
javascript Onchange function to refresh (post) the page to itself. This
would set the selected option as your form1 value. Then just write a
simple query using that value to return the options you want for dropdown
#2.
Something like this:
select name=states onchange=this.submit();
option value=AL Alabama
option value=FL Florida
option value=WA Washington
option value=MI Michigan
/select
if (!isset($_POST['submit'])) {
$state = $_POST['states'];
Then put your result in an array and populate your second dropdown.
td width=43 align=rightCity:/td
td width=135 align=left class=tblcell_sm
SELECT name=city
?php
$database = mssql_select_db(database, $connection) or die ('DB selection
failed');
// Query the table and load all of the records into an array.
$q_cities = SELECT * FROM cities WHERE state_name = '$state';
$r_cities = mssql_query($q_cities) or die(mssql_error());
while ($rec_cities = mssql_fetch_assoc($r_cities)) $c_city[] =
$rec_cities;
echo OPTION value=\\--SELECT--/OPTION\n;
foreach ($c_city as $s_city)
{
if ($s_city['state_name'] == $_POST['states'])
echo OPTION value=\{$s_city['city_code']}\
SELECTED{$s_city['city_name']}/OPTION\n;
else
echo OPTION
value=\{$s_city['city_code']}\{$s_cc['city_name']}/OPTION\n;
}
?
/SELECT
/td
Hope that helps?? lol
On 6/12/07, Jim Lucas [EMAIL PROTECTED] wrote:
BSumrall wrote:
It doesn't like the curly brackets either!
Brad
if this is within PHP, the '{' and '}' are within double quotes (which
they seem to be),
These examples should all do the same thing.
$query_Recordset1 = SELECT * FROM lstng_tbl WHERE price_range =
'$select1';
$query_Recordset1 = SELECT * FROM lstng_tbl WHERE price_range =
'{$select1}';
$query_Recordset1 = SELECT * FROM lstng_tbl WHERE price_range =
'.$select1.';
echo $query_Recordset1;
place an echo just after including the variable and see if you see the
brackets in the statement.
--
Jim Lucas
Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them.
Twelfth Night, Act II, Scene V
by William Shakespeare
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] efficient log system
On Tue, June 12, 2007 6:26 am, Alain Roger wrote: I would like to create a log system to keep a trace of all users' actions (log-in, remove, change or update data, and so on...). What should i do or to what should i take care to not have problem ? I was thinking to create a folder on my server where log files will be stored, but what is the best practice. You probably can't get too much more efficient/reliable than a simple http://php.net/error_log wrapped inside your own function to make it easier to hit the file you want. You could dink around with logging into a database, perhaps, and that has some benefits in terms of analysis queries. If Performance is way more important than anything else, perhaps log to a ram disk and sync that to a real hard drive in a cron job... But you'd lose any recent activity in a crash or a really savvy attacker might be able to hide activity by forcing the ram disk to fail or... I wouldn't go down this route unless the other two have already failed miserably. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 19:34 +0200, Tijnema wrote: On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 19:23 +0200, Tijnema wrote: On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 18:19 +0200, Tijnema wrote: On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 12:01 -0400, Robert Cummings wrote: On Tue, 2007-06-12 at 11:56 -0400, Robert Cummings wrote: (1 * 100) / 100 = .10 = 10% of the time Bad math alert... (1 * 100) / 100 = 10;) Still the same answer though, was just mixing what I wrote with what I was thinking :) Bleh, what's wrong with me today... it's 1% not 10%. Still within reason for a spammer. *smacks head to clear the fog* So, that means that you need to allow maximum of 10 attempts per few minutes, so that there will be 0,1% change ;) Using Ted's technique I've found the perfect CAPTCHA -- and it's fun too: http://shorl.com/nomojeryprafri Cheers, Rob. Hmm, LOL Ok, found him ;) He's under the ground ... :P Heheh, nah, not this time... he's in one of the bumper cars :) Cheers, Rob. I see ;) So you want to take this picture, change the position of bin laden randomly, and then just let every user before they post find bin laden ;) Of course not... I posted it as a joke :) Besides, it would be weak against pattern matching of Bin Laden's head or if different heads were used then would be able to compare images to find where differences occur... but I know you knew that already :) Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Okay, here's something I whipped up today: http://pilotpig.com/captcha/index.php Works pretty well, but keep in mind that it's in the very early stages. I randomized the position and size to assist in throwing off Turing detection, and added color not only to screw with the color-detection schemes, but also in case it overlays the target bubble. It's 600x400, so that's 240,000 potential spots to click, with random size, location, and area coordinates thrown in the mix. -- Daniel P. Brown [office] (570-) 587-7080 Ext. 272 [mobile] (570-) 766-8107 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On Tue, 2007-06-12 at 15:06 -0400, Daniel Brown wrote: Okay, here's something I whipped up today: http://pilotpig.com/captcha/index.php Works pretty well, but keep in mind that it's in the very early stages. I randomized the position and size to assist in throwing off Turing detection, and added color not only to screw with the color-detection schemes, but also in case it overlays the target bubble. It's 600x400, so that's 240,000 potential spots to click, with random size, location, and area coordinates thrown in the mix. Nice, one problem though... the text is unreadable on some backgrounds. I suggest you outline it or something. Easy to do by drawing the font 5 times. 4 times for the outline where you offset the drawing location by: (-1, 0), (0,1), (1,0), (0,1) Then change colour and draw the font at the original location. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: efficient log system
Since there are probably a very limited number of actions a user can take, you could probably easily reduce this by numbering each action: define(1, 'logged in'); define(2, 'logged out'); define(3, 'uploaded photo'); Your DB then table might then look like: user_id action_id notes 42 1 NULL 42 3 'whatever.jpg' 42 2 NULL This could save a LOT of storage space over what it sounds like what you are doing. You also would want to write routines to aggregate and purge older data. Whoops! I forgot a time-stamp in the table. Well, you'd have figured that out on your own anyway. :-) On Tue, June 12, 2007 6:40 am, Christian Hänsel wrote: Hello Alain, I can just tell you from my experience. I have recently created a, in my eyes, pretty big project, and wanted to track everything, starting from user navigation over search queries to login/out times, article printout times and count, photo views and everything your mind can imagine. I didn't do this for just the fun of it, but to see what our users do on our website and to improve the handling of the site. Anyhow, I think you get the idea. Now, what I've done, was to write all that into a mySQL database... and by now I think I shouldn't have done that. I did a DB-backup today (after 4 weeks of having the site up), and already the size of the DB is 10+ MB of textual data. What will it be after a year... So I guess it really depends on what you have in mind. I do store a lot of text data, so you might not even come up with 15% of what I'm saving. I think you should do some planning and try to see how many users will visit your page, and then calculate the amount of data your might be writing to files or a database. From my point of view, a database solution is just fine, until you have to restore that database from your local computer with a dump (uploading and all :oP) Just to show you what I dod and what amount of data I'm getting :o) Cheerio! Chris Alain Roger [EMAIL PROTECTED] schrieb im Newsbeitrag news:[EMAIL PROTECTED] Hi, I would like to create a log system to keep a trace of all users' actions (log-in, remove, change or update data, and so on...). What should i do or to what should i take care to not have problem ? I was thinking to create a folder on my server where log files will be stored, but what is the best practice. thanks a lot, -- Alain Windows XP SP2 PostgreSQL 8.1.4 Apache 2.2.4 PHP 5.2.1 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: any security problems with this?
On Tue, June 12, 2007 7:47 am, Stut wrote: Dave Goodchild wrote: Unless some server config error causes that stuff to be output on the page? I tend to put such functions in a .inc file and amend the .htaccess to prevent download. Unless some server config error causes it to ignore .htaccess. The basic rule when it comes to securing this stuff is to stick it outside the web root. That way only a monumentally stupid server admin or developer can make it possible for the average web user to get at it. Oh, hang on...! Or, on a shared host, any other PHP user can write a script to fread the file and dump it out, unless your webhost has gone to extra lengths to set up different username/groups for every client, and set up separate Apache pools for each and... This gets quite expensive and drastically affects the number of clients one can cram into a single box, so it is rarely done this way in Real Life. This is not to say that you should never ever do this on a shared host; only that you ARE risking the password and everything in the DB to any other client on the same host, and you should Architect your project accordingly. E.g., using the same password as for your bank account is probably a Bad Idea :-) -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question on Connecting to Microsoft SQL Server from PHP
Tommy, Since SQL Server may loom on my horizon, I've tried connecting to a SQL Server 2000 db on my network. I got it to work _without_ any port after the IP in mssql_connect(). I'm using PHP 5.2.0 from windows XP to a Windows 2000 box running SQL Server. I used SQL Server Authentication to create the login. Are you sure your login is working? David
Re: [PHP] Re: any security problems with this?
On 6/12/07, Richard Lynch [EMAIL PROTECTED] wrote: The downside of that is that something as simple as: ?php phpinfo();? will dump your password out as part of $_ENV or $_SERVER That's probably NOT a good idea in many environments, but an excellent idea in some. Security cannot be evaluated in isolation. And, of course, many users won't have access to httpd.conf, so that's not an option at all in those environments. One has to look at the Big Picture to make the final decision between: outside web tree in .php (or .inc) file in httpd.conf There are probably other arcane solutions out there but probably not very practical for most uses. I really can't recommend to keep it in the webtree with only .htaccess protecting it, personally, though many seem to think that's fine... I guess they never did anything bone-headed like: tar -cvzf export.tar httpdocs and then untar-ed it on another server, forgetting that .htaccess and other hidden files wouldn't be caught by tar that way, and then the password was just siting out there for the public to snarf... Until I ran across the images that didn't work because the ForceType in .htaccess wasn't there. So for a good 10 minutes [shudder] my database password was available on the Internet... I'm sure nobody else in the course of history will make this same bone-headed mistake. No. Never. :-) -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? I figured this wasn't an option for most people, but thought I'd throw it out there. It works great at my company since we own our server to host client sites on. Hopefully nobody has phpinfo just sitting out on a production server. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Effect of syntax error in php.ini
Check Apache error logs. PHP probably just quits reading the php.ini and starts up with the default settings. On Tue, June 12, 2007 1:55 pm, Clive Gould wrote: Hi I have come across some very strange behavior with php-4.3.9-3.22.5 when using Moodle 1.8+ on a CentOS 4.5 Linux platform. If I accidentally corrupt the php.ini file as follows and restart Apache all is well and admin/index.php displays correctly. The corrupt section in php.ini is shown below: ; Resource Limits ; ;;; max_execution_time = 30 max_input_time = 60 memory_limit = 60M ; Maximum amount of memory a script may consume If I correct the comment line by removing the carriage return after the word script and restart Apache the page admin/index.php just comes up blank. The uncorrupted section in php.ini is shown below: ; Resource Limits ; ;;; max_execution_time = 30 max_input_time = 60 memory_limit = 60M ; Maximum amount of memory a script may consume What effect does introducing a syntax error into php.ini have? Anyone any idea what on earth is happening here??? Any suggestions most welcome... Clive Clive Gould HE PAL ICT Bromley College -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 15:06 -0400, Daniel Brown wrote: Okay, here's something I whipped up today: http://pilotpig.com/captcha/index.php Works pretty well, but keep in mind that it's in the very early stages. I randomized the position and size to assist in throwing off Turing detection, and added color not only to screw with the color-detection schemes, but also in case it overlays the target bubble. It's 600x400, so that's 240,000 potential spots to click, with random size, location, and area coordinates thrown in the mix. Nice, one problem though... the text is unreadable on some backgrounds. I suggest you outline it or something. Easy to do by drawing the font 5 times. 4 times for the outline where you offset the drawing location by: (-1, 0), (0,1), (1,0), (0,1) Then change colour and draw the font at the original location. Cheers, Rob. Yes noticed that problem too, but this seems quite easy to crack, Get the text from the image, get the color of the text and search for tha tcolor circle. Tijnema Btw, I clicked the pixel in the middle, and did 10 refreshes, and I had 5 right -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP list as a blog
On Tue, June 12, 2007 1:52 pm, Paul Scott wrote: I have set up our new Chisimba blog system (GPL, http://avoir.uwc.ac.za) to blog all of the posts to this list. Please check it out at http://196.21.45.50/fsiu/chisimba_framework/app/index.php?module=blogaction=allblogs and let me know what you think! I think you should take it DOWN until you can obfuscate the emails. I don't really need yet another place for my email address to be spam-harvested, thank you very much. :-) :-) :-) PS And you've only got 16 Tidy HTML warnings to get rid of before it's valid HTML, so you might as well do that too. :-) -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On Tue, June 12, 2007 6:25 am, tedd wrote: At 6:22 PM +0200 6/11/07, Tijnema wrote: Server builds up a database of pictures, client does the same with MD5 check, and problem solved...:) Tijnema Tijnema: Not exactly, I don't think you could MD5 this: http://sperling.com/examples/dot-captcha/ To make variations of the theme. I can place any type of picture, any number of pictures, anywhere and ask the user to click on one (i.e., click on the apple) -- there's nothing to MD5, is there? Nothing to MD5, but the edge detection to find the blue dot would probably be trivial. Haven't we beat this horse to death yet? *ANY* CAPTCHA at all is going to stop the bulk of the spam. If your CAPTCHA is not the same (or very similar to) one that's employed on a large-market-share system, then it's unlikely anybody will take the effort to OCR/MD5/crack it. If somebody has enought time to OCR/MD5/crack it, you probably aren't going to be able to stop them, no matter what your CAPTCHA is. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On Tue, 2007-06-12 at 21:46 +0200, Tijnema wrote: On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 15:06 -0400, Daniel Brown wrote: Okay, here's something I whipped up today: http://pilotpig.com/captcha/index.php Works pretty well, but keep in mind that it's in the very early stages. I randomized the position and size to assist in throwing off Turing detection, and added color not only to screw with the color-detection schemes, but also in case it overlays the target bubble. It's 600x400, so that's 240,000 potential spots to click, with random size, location, and area coordinates thrown in the mix. Nice, one problem though... the text is unreadable on some backgrounds. I suggest you outline it or something. Easy to do by drawing the font 5 times. 4 times for the outline where you offset the drawing location by: (-1, 0), (0,1), (1,0), (0,1) Then change colour and draw the font at the original location. Cheers, Rob. Yes noticed that problem too, but this seems quite easy to crack, Get the text from the image, get the color of the text and search for tha tcolor circle. Tijnema Btw, I clicked the pixel in the middle, and did 10 refreshes, and I had 5 right *lol* Yeah, some of the circles are pretty big... not sure he accounted for the circle in question being completely hidden by other circles. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP list as a blog
[snip] I think you should take it DOWN until you can obfuscate the emails. I don't really need yet another place for my email address to be spam-harvested, thank you very much. :-) :-) :-) PS And you've only got 16 Tidy HTML warnings to get rid of before it's valid HTML, so you might as well do that too. :-) [/snip] + 10*12^23, I don't want to be that famous. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Looking for help with forms/variables and an array!
On Tue, June 12, 2007 3:20 am, BSumrall wrote:
Dreamweaver help me with a good part of this,
No comment...
A selection box has 4 options, php queries the Mysql database for
matching
options.
Then a second options box with another 4 options filters the query
even
more.
When the user picks from the first 4, do the second 4 change?
If so, you have to do that in JavaScript, because PHP is long gone
from the picture by the time the use chooses.
1 associating options (in drop down box) with a variable
The name=select part forms an association between the user choice and:
$_POST['select']
2 carrying the result set over two the second drop down box
If you want to do this while the user is clicking, it's JavaScript,
not PHP.
Producing my final result set.
Here are some snippets of where I am at.
First selection box:
form id=form1 name=form1 method=post action=
labelmarket
select name=select
OPTIONoption1/OPTION
OPTIONoption2/OPTION
OPTIONoption3/OPTION
OPTIONoption4/OPTION
/select
Second selection box:
form id=form2 name=form2 method=post action=
labelmarket
select name=select
Use a different name for this one.
Call it select2 perhaps.
Or name the first one select[1] and this one is select[2]
$_POST['select'] will then be an array with indexes 1 and 2.
$query_Recordset1 = SELECT * FROM lstng_tbl WHERE range = '1';
The number one is what the first set of just above is what form one is
supposed to change.
After that, how is the world am I going to do it twice for the second
part
of the query?
if (isset($_POST['select']) isset($_POST['select'][1])
isset($_POST['select'][2])){
$range1 = (int) S_POST['select'][1];
$range2 = (int) $_POST['select'][2];
$query = SELECT * FROM lstng_tbl WHERE range1 = $range1 and range2
= $range2;
}
Or, perhaps you want:
$query = SELECT * FROM lstng_tbl WHERE range BETWEEN $range1 and
$range2;
Or... I dunno what you might want. Could be almost anything.
--
Some people have a gift link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP list as a blog
On Tue, 2007-06-12 at 14:48 -0500, Richard Lynch wrote: I think you should take it DOWN until you can obfuscate the emails. I am working on it at the moment. It seems that it only shows some people's addresses - presumably those that have the reply to thing set? --Paul All Email originating from UWC is covered by disclaimer http://www.uwc.ac.za/portal/uwc2006/content/mail_disclaimer/index.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Looking for help with forms/variables and an array!
On Tue, June 12, 2007 3:34 am, BSumrall wrote: I got a little bit further, but still feel like the monkey with a light-bulb! Could be worse. You could be a monkey with an army. [as in 'W'] :-v -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going from simple to super CAPTCHA
On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 21:46 +0200, Tijnema wrote: On 6/12/07, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2007-06-12 at 15:06 -0400, Daniel Brown wrote: Okay, here's something I whipped up today: http://pilotpig.com/captcha/index.php Works pretty well, but keep in mind that it's in the very early stages. I randomized the position and size to assist in throwing off Turing detection, and added color not only to screw with the color-detection schemes, but also in case it overlays the target bubble. It's 600x400, so that's 240,000 potential spots to click, with random size, location, and area coordinates thrown in the mix. Nice, one problem though... the text is unreadable on some backgrounds. I suggest you outline it or something. Easy to do by drawing the font 5 times. 4 times for the outline where you offset the drawing location by: (-1, 0), (0,1), (1,0), (0,1) Then change colour and draw the font at the original location. Cheers, Rob. Yes noticed that problem too, but this seems quite easy to crack, Get the text from the image, get the color of the text and search for tha tcolor circle. Tijnema Btw, I clicked the pixel in the middle, and did 10 refreshes, and I had 5 right *lol* Yeah, some of the circles are pretty big... not sure he accounted for the circle in question being completely hidden by other circles. Cheers, Rob. Well, that gives me a more easier way to crack it, The top-most circle is the one to be clicked :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Looking for help with forms/variables and an array!
AJAX simply creates an HTTP dialog between the browser and a server (probably your server) for an ongoing interactive user experience. There is nothing specific to Microsoft about it, other than that Microsoft actually did first create the XmlHttpRequest object for some other stupid purpose, before people realized how cool it would be for AJAX, and re-purposed it. On Tue, June 12, 2007 4:54 am, BSumrall wrote: -Original Message- From: BSumrall [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 12, 2007 5:54 AM To: 'George Pitcher' Subject: RE: [PHP] Looking for help with forms/variables and an array! Interesting suggestion. I though ajax was mainly gear towards microsoft and javascripting applications? -Original Message- From: George Pitcher [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 12, 2007 5:42 AM To: BSumrall Subject: RE: [PHP] Looking for help with forms/variables and an array! Hi, Have you looked at Ajax? This will do just what you have described. When the user makes their first choice, Ajax queries the database to return the options for the secont drop-down box. George -Original Message- From: BSumrall [mailto:[EMAIL PROTECTED] Sent: 12 June 2007 9:34 am To: php-general@lists.php.net Subject: RE: [PHP] Looking for help with forms/variables and an array! I got a little bit further, but still feel like the monkey with a light-bulb! OPTION value=1Over $2 million/OPTION -Original Message- From: BSumrall [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 12, 2007 4:21 AM To: php-general@lists.php.net Subject: [PHP] Looking for help with forms/variables and an array! Dreamweaver help me with a good part of this, but now I am in the nitty gritty code and trying to figure out. General concept: A selection box has 4 options, php queries the Mysql database for matching options. Then a second options box with another 4 options filters the query even more. Aspects I am a little stuck on. 1 associating options (in drop down box) with a variable 2 carrying the result set over two the second drop down box Producing my final result set. Here are some snippets of where I am at. First selection box: form id=form1 name=form1 method=post action= labelmarket select name=select OPTIONoption1/OPTION OPTIONoption2/OPTION OPTIONoption3/OPTION OPTIONoption4/OPTION /select Second selection box: form id=form2 name=form2 method=post action= labelmarket select name=select OPTIONoption1/OPTION OPTIONoption2/OPTION OPTIONoption3/OPTION OPTIONoption4/OPTION /select $query_Recordset1 = SELECT * FROM lstng_tbl WHERE range = '1'; The number one is what the first set of just above is what form one is supposed to change. After that, how is the world am I going to do it twice for the second part of the query? Some good literature on how to do it TWICE would really help understand this. I find tons of stuff on doing it once! Thank you kindly for any guidance you can provide. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP list as a blog
On Tue, 2007-06-12 at 14:56 -0500, Jay Blanchard wrote: + 10*12^23, I don't want to be that famous. OK, downed it. Will figure out a regular expression to strip out the email addresses when I have had some coffee in the morning --Paul All Email originating from UWC is covered by disclaimer http://www.uwc.ac.za/portal/uwc2006/content/mail_disclaimer/index.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
