[PHP-DB] Re: Upload images with minimun effort from final user
Matthias, The md5 approach is just added security, which is something I always use in situations like this. All it really does is mask it, so a user can't see what the ID is (or that it's a sequential number at all) and therefore view images they were not intended to see. For example, if the URL for viewing an image is as follows: /getimage.php?image=15 A user could guess that there are 14 other images, and could retrieve them by replacing the 15 with any other number. If you use the md5 approach, the url becomes this: /getimage.php?image=9bf31c7ff062936a96d3c8bd1f8f2ff3 This makes it harder for them to guess the image ID, and view images they are not inteded to see. Of course, this is not necessary by any means, and only applies when you're concerned with an image being viewed unintentionally. It's VERY usefull if you also have a public script which a user can delete an image using a similar url as above as well. Using the first example, if my page is /delete_image.php?image=15, a malicious user could delete EVERY image by just replacing the number. Sincerely, A.J. Brown BitNotion Technologies [EMAIL PROTECTED] - Original Message - From: "Matthias Willerich" <[EMAIL PROTECTED]> To: "A.J. Brown" <[EMAIL PROTECTED]> Cc: Sent: Wednesday, September 28, 2005 2:23 AM Subject: RE: Upload images with minimun effort from final user A.J. Brown: A better solution is to rename the image to the unique ID of the news article it's associated with (assuming there is only one image allowed per article). This helps eliminate the chances of overwriting an existing image without bothering the user with error messages. When I do this, I usually use the md5sum of the unique ID instead of the actual number. For example: $image_name = md5($article_id) . ".jpg"; is there a reason for this md5 approach? As you don't add any information, the news id is probably in the querystring anyway, how does it improve anything? I'm in the middle of writing an article about piecing together an imagebank prototype, and I've found so far that most people would like to add extra information, and store the image not connected to news or any listed articles. Like this, they can be reused, without uploading them again. A good filename approach is something still to do. Does it really matter, if the filename is something identifiable? Is it not even nicer if it was 'image_title_'.$id.'.jpg'? more readable than a checksum? Cheers, Matthias -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] strange ldap bind to a Sun DIrectory Server 5.2
Hello, One of my php script works no more after an upgrade to a 5.2 Directory Server. In fact everthing is ok but the ldap_modify function. This function returns : Warning: ldap_modify(): Modify: Insufficient access My local ldap admin has sent me the log for the transaction : [27/Sep/2005:14:23:09 +0200] conn=4413 op=0 msgId=4 - BIND dn="" method=128 version=2 The bind which is Ok (the script can reach specific attributes in the ldap_get_entries function) turns into an anonymous bind on the ldap server ! In console mode the account used for the bind performs the modification without any difficulties. I've tried the directive : ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3); but it makes no change... php-cli-4.3.10-7.2.102mdk libphp_common432-4.3.10-7.2.102mdk php-ldap-4.3.10-6mdk Any idea ? Thanks. Nicolas Guilmain Orléans France -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Duplicating return records?
I am having a very strange problem with the function below. It creates a
comma delimited list of property owner names and address. It could return
several thousand results. The problem I am having is that it displays the
correct name and address for the first 650 or so results and then returns
duplicate name and addresses for the next 650 or so and then back to the
correct name and address for about another 650. Any Ideas at why this might
be happening?
Example of correct name and addresses:
LINDSAY SHARON ,8006-0625-10,1459 E 96TH ST ,BROOKLYN NY , ,11236
DELTONA CORPORATION ,8006-0625-11,8014 SW 135TH STREET RD ,OCALA FL ,
,344736807
GEDDES MICHAEL R ,8006-0625-12,28444 TALL GRASS DR ,WESLEY CHAPEL FL ,
,33543
FIVE POINTS TITLE SERVICES ,8006-0625-13,C/O BETH SMITH ,8014 SW 135TH
STREET ROAD ,OCALA FL ,344736807
WADE ANTHONY A & MARGARET M ,8006-0625-14,3007 ROCKVILLE LN ,ROYAL PALM
BEACH FL , ,33411
VILLARONGA ROBERTO G MOSCOSO ,8006-0625-15,PO BOX 361928 ,SAN JUAN PR
Example of duplicated name and addresses (note that the ID number is
changing, but the name and addresses are duplicated and this is not the way
the data is):
GRANT MARK S & LUISA E ,8006-0627-02,797 MARION OAKS LN ,OCALA FL , ,34473
GRANT MARK S & LUISA E ,8006-0627-03,797 MARION OAKS LN ,OCALA FL , ,34473
FIVE POINTS TITLE SERVICES ,8006-0627-04,C/O BETH SMITH ,8014 SW 135TH
STREET ROAD ,OCALA FL ,344736807
FIVE POINTS TITLE SERVICES ,8006-0627-05,C/O BETH SMITH ,8014 SW 135TH
STREET ROAD ,OCALA FL ,344736807
LOPEZ MANUEL & SOLOME CASTILLO,8006-0627-06,1871 W 7TH AVE APT 7A ,NEW YORK
NY , ,100262800
LOPEZ MANUEL & SOLOME CASTILLO,8006-0627-07,1871 W 7TH AVE APT 7A ,NEW YORK
NY
function Label(){
global $search, $name, $roll, $rollyear, $rypart, $conn;
$dbname = 'MARION';
$user = 'OASIS';
$pass = 'OASISPWD';
$conn = odbc_connect( $dbname, $user, $pass );
$sql = "SELECT * FROM O$rollyear.MCSEARCH WHERE PARCEL LIKE '$name%' AND
CONF = ' ' AND ROLL = 1 AND STATUS = '0' AND SPEC_USE_CODE = ' ' ORDER BY
PARCEL WITH UR";
$result = odbc_exec($conn, $sql);
$x = 0;
print '';
print '';
print 'MCPA-Comma Delimited Data';
print '';
print '';
print "";
print 'Click here for old style labels.';
print '';
while (odbc_fetch_into($result, $rows)) {
$x++;
/* $rows[0] Altkey */
/* $rows[1] Roll */
/* $rows[2] Parcel */
$prlyear = substr($rollyear,1,3);
$sql = "SELECT * FROM O$rollyear.D27$prlyear WHERE ALTKEY = {$rows[0]}";
$r2 = odbc_exec($conn, $sql);
odbc_fetch_into($r2, $addr);
print str_pad($addr[1],30,' ');
print ',';
print str_pad($rows[2],12,' ');
print ',';
print str_pad($addr[2],30,' ');
print ',';
print str_pad($addr[3],30,' ');
print ',';
print str_pad($addr[4],30,' ');
print ',';
print str_pad($addr[5],10,' ');
print "\n";
flush();
ob_flush();
}
print '';
print '';
print '';
odbc_close($conn);
}
Thanks,
Lee Herbst
RE: [PHP-DB] Re: Upload images with minimun effort from final user. .
Security through obscurity is a prominent placebo these days. If you don't want users deleting the wrong images, make the class/function/script that deletes them check for permission. Don't have your security dependant on the client. cheers, - Martin Norland, Sys Admin / Database / Web Developer, International Outreach x3257 The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital. -Original Message- From: A.J. Brown [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 28, 2005 7:48 AM To: Matthias Willerich Cc: php-db@lists.php.net Subject: [PHP-DB] Re: Upload images with minimun effort from final user. . Matthias, The md5 approach is just added security, which is something I always use in situations like this. All it really does is mask it, so a user can't see what the ID is (or that it's a sequential number at all) and therefore view images they were not intended to see. For example, if the URL for viewing an image is as follows: /getimage.php?image=15 A user could guess that there are 14 other images, and could retrieve them by replacing the 15 with any other number. If you use the md5 approach, the url becomes this: /getimage.php?image=9bf31c7ff062936a96d3c8bd1f8f2ff3 This makes it harder for them to guess the image ID, and view images they are not inteded to see. Of course, this is not necessary by any means, and only applies when you're concerned with an image being viewed unintentionally. It's VERY usefull if you also have a public script which a user can delete an image using a similar url as above as well. Using the first example, if my page is /delete_image.php?image=15, a malicious user could delete EVERY image by just replacing the number. Sincerely, A.J. Brown BitNotion Technologies [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] oracle complex type and oci_new_collection
Is it possible to use a complex collection in PHP as shown below? Oci_new_collection is successful, but the OCI-Collection->getElem(i) returns false for each record returned. If we change from a complex type to a simple type, the data returns as expected. - -- COMPLEX TYPE - create or replace type aud_cl_clu_row as object ( channel_line_up varchar2(50), audit_status varchar2(20) ); create or replace type aud_cl_clu_tbl is table of aud_cl_clu_row; - -- SIMPLE TYPE - create or replace type aud_cl_clu_tbl is table of varchar2(50); -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] PHP vs. ASP
Hi! (1) How does PHP compare to ASP? (2) Does ASP interact with MySQL? Thanks! Anthony (Tony) Rodriguez ([EMAIL PROTECTED])
[PHP-DB] oci_new_collection and complex type
Is it possible to use a complex collection in PHP as shown below? Oci_new_collection is successful, but the OCI-Collection->getElem(i) returns false for each record returned. If we change from a complex type to a simple type, the data returns as expected. - -- COMPLEX TYPE - create or replace type aud_cl_clu_row as object ( channel_line_up varchar2(50), audit_status varchar2(20) ); create or replace type aud_cl_clu_tbl is table of aud_cl_clu_row; - -- SIMPLE TYPE - create or replace type aud_cl_clu_tbl is table of varchar2(50); -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] PHP vs. ASP
Google: php vs asp Just south of 4 Million results. Plenty of information there. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 28, 2005 9:56 AM To: php-db@lists.php.net Subject: [PHP-DB] PHP vs. ASP Hi! (1) How does PHP compare to ASP? (2) Does ASP interact with MySQL? Thanks! Anthony (Tony) Rodriguez ([EMAIL PROTECTED]) -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] PHP vs. ASP
google php vs asp 2,570,000,000 vs 1,170,000,000 2 vs 1 2005/9/28, Hutchins, Richard <[EMAIL PROTECTED]>: > Google: php vs asp > > Just south of 4 Million results. > > Plenty of information there. > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Wednesday, September 28, 2005 9:56 AM > To: php-db@lists.php.net > Subject: [PHP-DB] PHP vs. ASP > > > Hi! > > (1) How does PHP compare to ASP? > > (2) Does ASP interact with MySQL? > > Thanks! > > Anthony (Tony) Rodriguez > ([EMAIL PROTECTED]) > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Lendy Chen -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] PHP vs. ASP
PHP has way way way more functionality and is still being supported and developed by the folks at Zend and the OS community. ASP works nicely with MySQL thru the myODBC connector driver from MySQL. Its not perfect though and has some issues. ASP is also no longer supported or developed by MS (they want everyone to use .NET) bastien From: [EMAIL PROTECTED] To: Subject: [PHP-DB] PHP vs. ASP Date: Wed, 28 Sep 2005 13:55:40 + Hi! (1) How does PHP compare to ASP? (2) Does ASP interact with MySQL? Thanks! Anthony (Tony) Rodriguez ([EMAIL PROTECTED]) -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] oracle complex type and oci_new_collection
Seriously, how many times are you going to send this email to the list? I've seen it at least 5 times now in the past day, all the same email under slightly different FROM and subjects. Send an email once. If someone can answer, they will. On Sep 28, 2005, at 10:18 AM, Hal McFarlane wrote: Is it possible to use a complex collection in PHP as shown below? Oci_new_collection is successful, but the OCI-Collection->getElem(i) returns false for each record returned. If we change from a complex type to a simple type, the data returns as expected. -- --- -- COMPLEX TYPE -- --- create or replace type aud_cl_clu_row as object ( channel_line_up varchar2(50), audit_status varchar2(20) ); create or replace type aud_cl_clu_tbl is table of aud_cl_clu_row; -- --- -- SIMPLE TYPE -- --- create or replace type aud_cl_clu_tbl is table of varchar2(50); -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] oracle complex type and oci_new_collection
Sorry, weird issue with my newsgroup client. It seemed like the post was being dropped. I thought it was a verification issue with the server so I tried sending from different accounts. Larry E. Ullman wrote: Seriously, how many times are you going to send this email to the list? I've seen it at least 5 times now in the past day, all the same email under slightly different FROM and subjects. Send an email once. If someone can answer, they will. On Sep 28, 2005, at 10:18 AM, Hal McFarlane wrote: Is it possible to use a complex collection in PHP as shown below? Oci_new_collection is successful, but the OCI-Collection->getElem(i) returns false for each record returned. If we change from a complex type to a simple type, the data returns as expected. -- --- -- COMPLEX TYPE -- --- create or replace type aud_cl_clu_row as object ( channel_line_up varchar2(50), audit_status varchar2(20) ); create or replace type aud_cl_clu_tbl is table of aud_cl_clu_row; -- --- -- SIMPLE TYPE -- --- create or replace type aud_cl_clu_tbl is table of varchar2(50); -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] passing DOMDocument Object to another function
I am accessing information in my database. If the format is set to be
html, I echo out the variables just fine. If the format is
set to be xml, I create a DOMDocument.
The problem is that in processing the result set, it calls several
other functions. How do I pass the DOMDocument Object to these other
functions? Do I need to pass the DOMElement Object to this other
function? The "normal" ways don't seem to be working. I even just
global'd the DOMDocument and DOMElement and that also didn't work.
sample code:
if($this->format=='xml')
{
$dom=new DOMDocument('1.0', 'utf-8');
$menu_top=$dom->appendChild($dom->createElement
('menu'));
print_r($dom);
print_r($menu_top);
}
else
{
echo $row['menu_name'] . "";
}
$this->renderChildrenMenu($row['id']);
}
if($this->format=='xml')
{
echo $dom->saveXML();
}
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] If (test against a regex)
Is there a way to test a variable against a regex similar to the way Perl uses the binding operator =~ ? e.g. if ($envLine =~ /^* information:/) Will match: Environment information: Plugin information: Etc information: Thanks in advance, Paul -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] If (test against a regex)
www.php.net/preg_match -Micah On Wednesday 28 September 2005 3:10 pm, Paul Ohashi wrote: > Is there a way to test a variable against a regex similar to the way > Perl uses the binding operator =~ ? > > e.g. > if ($envLine =~ /^* information:/) > > Will match: > Environment information: > Plugin information: > Etc information: > > > Thanks in advance, > Paul -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
