[PHP-DB] is LIKE operator case sensitive ???
im using query SELECT * FROM table WHERE field LIKE '% $variable %' with this, i want it should not be case sensitive, and should not distinguish betn ram,Ram,RAM. but its not doing so. i don't want the case sensitive result. what can i do to overcome this ? pls suggest any other possible way. thnx and regds, smita. _ Send and receive Hotmail on your mobile device: http://mobile.msn.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] SQL guru needed!
Hiya folks: I wish to be able to select items from MySQL if a variable passed via the $_GET method to my PHP4 page is introduced thus: $sql = SELECT TourName,TourID,$_GET[CatID] IN (TourCatID) FROM tour; When I echo $sql to the page, the query looks fine but doesn't work, in as far as the wrong results are returned. MySQL doesn't throw up an error either. I'm using MySQL 3.23.49-nt-log. Can anyone enlighten me please ?? Cheers Mr Russ Michell Web Applications Developer Itomic.com Email: [EMAIL PROTECTED] Tel: +61 (0)8 9321 3844 Fax: +61 (0)8 6210 1364 Post: PO Box 228, Innaloo, WA 6918, Australia Street: Suite 24, 158 William St, Perth, WA 6000, Australia No proof of existence is not proof of non-existence. (Physicist: Stanton T. Friedman on Debunking Ufology) -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] securing directory tree and allowing PHP to work
I am trying to find out how I can secure the directory tree of my PHP scripts from the HTTP server without preventing access to my PHP scripts once in session. Right now, if I type the URL of a subdirectory of my site, I get the index of all the files and directories. Ex: http://domaine/index.html has DB access user login and password for my session authentication to enter into my scripts and run the program. If I type http://domaine/subfolder/ I can see all the PHP code I want without logging into my site. How can I protect the server from doing this without busting access to my scripts through the login from the root level index.html? Apache/1.3.26 (Unix)/Linux mod_fastcgi/2.2.12 mod_perl/1.26 PHP 4.2.2 Robert --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.381 / Virus Database: 214 - Release Date: 02/08/2002 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: securing directory tree and allowing PHP to work
Bmw [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am trying to find out how I can secure the directory tree of my PHP scripts from the HTTP server without preventing access to my PHP scripts once in session. Right now, if I type the URL of a subdirectory of my site, I get the index of all the files and directories. Ex: http://domaine/index.html has DB access user login and password for my session authentication to enter into my scripts and run the program. If I type http://domaine/subfolder/ I can see all the PHP code I want without logging into my site. How can I protect the server from doing this without busting access to my scripts through the login from the root level index.html? Apache/1.3.26 (Unix)/Linux mod_fastcgi/2.2.12 mod_perl/1.26 PHP 4.2.2 Robert - Original Message - From: Milan Reznicek [EMAIL PROTECTED] To: bmw [EMAIL PROTECTED] Sent: Tuesday, August 20, 2002 7:17 PM Subject: Re: [PHP-DB] securing directory tree and allowing PHP to work You could restrict autoindexing through apache's httpd.conf. Look it up in apache's manual. Milan This is not my personal web server. It is a remote ISP which provides PHP and MySQL support. I cannot control the HTTP or PHP server build configurations...They have autoindexing built into the Apache server. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.381 / Virus Database: 214 - Release Date: 02/08/2002 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: weird MySQL restart
for ($i=0; $i = $brute_queries_max; $i++) {
HTH
-Joni-
Florin Andrei [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I'm using:
- apache-1.3.22
- mysql-3.23.49a
- php-4.0.6
- Linux Red Hat 7.2
I have a piece of code that does this:
for ($i=0; $i $brute_queries_max; $i++) {
$q = $brute_queries[$i];
$q = SELECT COUNT(*) . $q;
$res = mysql_query($q)
or die(in $host database, cannot run query $q);
$line = mysql_fetch_row($res);
$n = $line[0];
$hits_per_table[$i] = $n;
}
Basically, it goes through a list of tables in the same database and
performs a SELECT COUNT(*) FROM $table WHERE column LIKE '%string%'
On a few databases with smallish tables, it's fine.
But i hav a database which has a couple of large tables ( 8 mil. rows).
The loop goes through the tables, i can see it in mysql with SHOW
PROCESSLIST, then it reaches the large tables. And then it starts all
over again, from the first table, and so on. If i let it run, it goes
like this for hours, until i click on the Stop button in the browser.
I'm totally puzzled. It should timeout, or send an error or something.
But to start the for() loop all over
Weird thing is, if i perform the query manually (from the mysql client)
it works fine, although slow - it takes like 120 sec to run the query on
the big table.
I cranked up all timeout parameters in PHP and MySQL, but that didn't
improved anything.
Is this a known problem? Seems like a bug to me.
--
Florin Andrei
In my view, a man's value does not depend on what he learns,
or his position or fame, or what he does, but on what he is
and inwardly becomes. - Sri Aurobindo, a note to his biographers
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] SQL guru needed!
Cheers for helping me out guys.
It proved to fiddly and kludge-like to do what I wanted in SQL (I'll
wait until MySQL 4 stable version is about)
So I did some stuff with PHP arrays which worked fine.
Thanks a lot anyway.
Russ
-Original Message-
From: Ignatius Reilly [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 20, 2002 4:13 PM
To: Russ
Subject: Re: [PHP-DB] SQL guru needed!
Is TourCatID a table? you can't do that, this is a subquery
Build first a string $string with all the values of TourCatID in it such
as ('a', 'b', ...)
And replace your query by IN $string
Also quotes needed around $_GET[CatID]
Ignatius
_
- Original Message -
From: Russ mailto:[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, August 20, 2002 9:59 AM
Subject: [PHP-DB] SQL guru needed!
Hiya folks:
I wish to be able to select items from MySQL if a variable passed via
the $_GET method to my PHP4 page is introduced thus:
$sql = SELECT TourName,TourID,$_GET[CatID] IN (TourCatID) FROM tour;
When I echo $sql to the page, the query looks fine but doesn't work, in
as far as the wrong results are returned. MySQL doesn't throw up an
error either.
I'm using MySQL 3.23.49-nt-log. Can anyone enlighten me please ??
Cheers
Mr Russ Michell
Web Applications Developer
Itomic.com
Email: [EMAIL PROTECTED]
Tel: +61 (0)8 9321 3844
Fax: +61 (0)8 6210 1364
Post: PO Box 228, Innaloo, WA 6918, Australia
Street: Suite 24, 158 William St, Perth, WA 6000, Australia
No proof of existence is not proof of non-existence.
(Physicist: Stanton T. Friedman on Debunking Ufology)
--
PHP Database Mailing List ( http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Odp: is LIKE operator case sensitive ???
im using query SELECT * FROM table WHERE field LIKE '% $variable %' with this, i want it should not be case sensitive, and should not distinguish betn ram,Ram,RAM. but its not doing so. i don't want the case sensitive result. You can do it in this way: SELECT * FROM table WHERE LOWER(field) LIKE '%.strtolower($variable).%' LOWER is an SQL function and strtolower is a PHP function. They are both doing the same thing: returning string with all alphabetic characters converted to lowercase. KS -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: securing directory tree and allowing PHP to work
On Tuesday 20 August 2002 16:30, bmw wrote: Bmw [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am trying to find out how I can secure the directory tree of my PHP scripts from the HTTP server without preventing access to my PHP scripts once in session. Right now, if I type the URL of a subdirectory of my site, I get the index of all the files and directories. Ex: http://domaine/index.html has DB access user login and password for my session authentication to enter into my scripts and run the program. If you goto http://domaine/ does that show http://domaine/index.html ? If I type http://domaine/subfolder/ I can see all the PHP code I want without logging into my site. How can I protect the server from doing If so, simply put in an empty index.html into the directories where you do not want people to the direcrtory listing. -- Jason Wong - Gremlins Associates - www.gremlins.com.hk Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * /* ... and furthermore ... I don't like your trousers. */ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: securing directory tree and allowing PHP to work
If you are running Apache and have access to the httpd.conf file. Comment out AddModule mod_autoindex.c and restart apache. if you like this for some of your directories, then I'd follow Jason's advice. If you are using IIS or another server, I'm sure the same option is available, but I'm just not sure where. Hope this helps. Jeff Jason Wong phplist@gremli To: [EMAIL PROTECTED] ns.com.hkcc: Subject: Re: [PHP-DB] Re: securing directory tree and allowing PHP to 08/20/2002 work 10:35 AM Please respond to php-db On Tuesday 20 August 2002 16:30, bmw wrote: Bmw [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am trying to find out how I can secure the directory tree of my PHP scripts from the HTTP server without preventing access to my PHP scripts once in session. Right now, if I type the URL of a subdirectory of my site, I get the index of all the files and directories. Ex: http://domaine/index.html has DB access user login and password for my session authentication to enter into my scripts and run the program. If you goto http://domaine/ does that show http://domaine/index.html ? If I type http://domaine/subfolder/ I can see all the PHP code I want without logging into my site. How can I protect the server from doing If so, simply put in an empty index.html into the directories where you do not want people to the direcrtory listing. -- Jason Wong - Gremlins Associates - www.gremlins.com.hk Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * /* ... and furthermore ... I don't like your trousers. */ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] RE: PHP, using System account
That's what I'm doing. Since we require IE 5.0 + on our workstations I can get away with Integrated Authentication only. If you want to support Netscape you'll have to allow Basic Authentication (which is not very secure but fine on an intranet). With that enabled the Win2k workstation will pass its credentials to the intranet application automatically. I have several functions written that based on the $AUTH_USER variable retrieves all kind of AD information on the user. I cache that to keep things running quickly. I have a global.inc include file for each module in which is configured the group membership (if any) required for access. I superimpose that on a simple native security scheme based on $AUTH_USER and an access level integer, and voila! The native security really only manages the special case users like administrators and such keeping the maintenance to a minimum. The users are quite happy, no user and password screens but it's still secure. Even when accessed through the internet (vs. intranet) it works normally except users do have to enter their credentials first. My only challenge now is keeping our Mac users working right. IE on the Mac didn't work for this until the versions for OSX and versions of IE for Mac are very inconsistent bug ridden. Ryan -Original Message- From: aiQa [mailto:[EMAIL PROTECTED]] Sent: Monday, August 19, 2002 11:58 PM To: Ryan Jameson (USA) Subject: PHP, using System account Hi, Our company also uses active directory and domain system on Win2000 network. Can i use windows authentication with PHP? I think the answer is yes. So how can i do it? Is there a documentation you can send or can you send an url? Thanks, Ozgur AKAN -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] what's wrong with this ereg?
I am trying an email verification function, like this:
if (empty($useremail)) || !eregi(^[A-Za-z0-9\_-]+@[A-Za-z0-9\_-]
+.[A-Za-z0-9\_-]+.*, $email))
{
$errmsg .= The email address appears to be invalid\n;
}
But it will not work, on one server I get this error:
Parse error: parse error in
/home/virtual/site109/fst/var/www/html/auth_dealers/user_input2.php on line
70
and on another server I get this error:
Parse error: parse error, unexpected T_BOOLEAN_OR in
/usr/local/apache/htdocs/auth_dealers/user_input2.php on line 70
What do I need to do to fix this?
--
Chip Wiegand
Computer Services
Simrad, Inc
www.simradusa.com
[EMAIL PROTECTED]
There is no reason anyone would want a computer in their home.
--Ken Olson, president, chairman and founder of Digital Equipment
Corporation, 1977
(They why do I have 9? Somebody help me!)
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Windows XP
Just a note for others who went through what I did, and a note of thanks.
Regranting and flushing privileges, make everything run smooth for me. :)
Joni Järvinen wrote:
Hi.
Try re-GRANTing the rights for user 'crash' and after you've done that,
run 'flush PRIVILIGES'. Atleast on my winxp box it does the trick.
-Joni-
--
// Joni Järvinen
// [EMAIL PROTECTED]
// http://www.reactorbox.org/~wandu
Gerard Samuel [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Please forgive me, but Im more versed in FreeBSD than winXP.
WinXP is on my laptop for dev purposes.
When I installed mysql, I created a database and user with the name
'crash' via the command line client like so
--
grant insert, delete, update, select, create, alter, drop on crash.* to
crash@localhost identified by 'crash';
--
And as far as I know, as long as the php script has the correct database
credentials, it should do what it needs to do. Well on my FreeBSD box
that is. But Im not sure if additional configurations are in order for
winXP.
Any guidance would be appreciated...
Thx
Miles Thompson wrote:
Gerard,
This is a shot in the dark, but does the web server (usually NOBODY,
but crash in this case? Ominous name!) have an account on the XP box
and the appropriate permissions to write to the MySQL database? That's
where I'd start, along with checking mysql_error().
Miles
At 04:18 PM 8/18/2002 -0400, Gerard Samuel wrote:
Im trying to solve a problem with windows xp.
I have 2 identical scripts with the same db schema. One on FreeBSD
running php 4.2.2/mysql 3.23.49 the other
on windows xp php 4.2.2/mysql 3.23.52.
The section of the script is supposed to update a table.
--
$sql = UPDATE users SET email='$email' WHERE uid='$uid';
$result = mysql_query($sql);
var_dump($result);
if (!$result)
{
die(mysql_error());
}
--
On the FreeBSD box, $result returns true, but returns false on the
windows box.
The error reported when it was false was Access denied for user:
'crash@localhost' to database 'crash'
But according to that error, the connection parameters are correct.
I echoed $sql and ran the output of that in the mysql client, and it
executed successfully on the windows box.
So Im stuck as to what could be causing the error with the windows box.
Anyone experienced this behaviour before???
Thx.
--
Gerard Samuel
http://www.trini0.org:81/
http://dev.trini0.org:81/
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Gerard Samuel
http://www.trini0.org:81/
http://dev.trini0.org:81/
--
Gerard Samuel
http://www.trini0.org:81/
http://dev.trini0.org:81/
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] what's wrong with this ereg?
Well, one thing is you've got mismatched parentheses. You need another
another opening paren right after the if.
Also, don't you need to escape the last hyphen in your character sets?
As well as the . before the third character set?
-Steve
On Tuesday, August 20, 2002, at 11:11 AM, [EMAIL PROTECTED] wrote:
I am trying an email verification function, like this:
if (empty($useremail)) || !eregi(^[A-Za-z0-9\_-]+@[A-Za-z0-9\_-]
+.[A-Za-z0-9\_-]+.*, $email))
{
$errmsg .= The email address appears to be invalid\n;
}
But it will not work, on one server I get this error:
Parse error: parse error in
/home/virtual/site109/fst/var/www/html/auth_dealers/user_input2.php on
line
70
and on another server I get this error:
Parse error: parse error, unexpected T_BOOLEAN_OR in
/usr/local/apache/htdocs/auth_dealers/user_input2.php on line 70
What do I need to do to fix this?
--
Chip Wiegand
Computer Services
Simrad, Inc
www.simradusa.com
[EMAIL PROTECTED]
There is no reason anyone would want a computer in their home.
--Ken Olson, president, chairman and founder of Digital Equipment
Corporation, 1977
(They why do I have 9? Somebody help me!)
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] what's wrong with this ereg?
Steve Cayford [EMAIL PROTECTED] wrote on 08/20/2002 10:28:46 AM:
Well, one thing is you've got mismatched parentheses. You need another
another opening paren right after the if.
Also, don't you need to escape the last hyphen in your character sets?
As well as the . before the third character set?
-Steve
Got it fixed like this:
if (empty($useremail) || !eregi(^[A-Za-z0-9\.\_-]+@[A-Za-z0-9\_-]
+\.[A-Za-z0-9\_-]+$, $useremail))
--
Chip
On Tuesday, August 20, 2002, at 11:11 AM, [EMAIL PROTECTED] wrote:
I am trying an email verification function, like this:
if (empty($useremail)) || !eregi(^[A-Za-z0-9\_-]+@[A-Za-z0-9\_-]
+.[A-Za-z0-9\_-]+.*, $email))
{
$errmsg .= The email address appears to be invalid\n;
}
But it will not work, on one server I get this error:
Parse error: parse error in
/home/virtual/site109/fst/var/www/html/auth_dealers/user_input2.php on
line
70
and on another server I get this error:
Parse error: parse error, unexpected T_BOOLEAN_OR in
/usr/local/apache/htdocs/auth_dealers/user_input2.php on line 70
What do I need to do to fix this?
--
Chip Wiegand
Computer Services
Simrad, Inc
www.simradusa.com
[EMAIL PROTECTED]
There is no reason anyone would want a computer in their home.
--Ken Olson, president, chairman and founder of Digital Equipment
Corporation, 1977
(They why do I have 9? Somebody help me!)
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] keeping form field data when reloading a form
I have my email checker working now, and all the other fields are checked also, but when I do enter some wrong data the form is reloaded with all blank fields. I'm sure there is a way to keep the existing data in the fields so the end-user will only have to change the incorrect fields, and not have to re-enter all the data. But how? -- Chip Wiegand Computer Services Simrad, Inc www.simradusa.com [EMAIL PROTECTED] There is no reason anyone would want a computer in their home. --Ken Olson, president, chairman and founder of Digital Equipment Corporation, 1977 (They why do I have 9? Somebody help me!) -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] sybase issue
We have installed PHP 4.2.2 in a Solaris 2.6, with Netscape Enterprise
Server 3.5.1 and Sybase SQL Server/11.0.3.3.
We compiled PHP with following options, and it was successful completed with
no errors.
./configure --with-nsapi=/opt/netscape/suitespot --enable-track-vars
--enable-libgcc --with-sybase=/opt/sybase
We're trying to execute a PHP page, but we getting the following errors
messages.
Somebody knows what is happening?
Thanks
Ronald
?php
#phpinfo();
$con = sybase_connect(MS_SQL1, tools, toolsy2k);
sybase_select_db('tcs_db');
$qry = sybase_query(select * from erbsfora, $con);
echo sybase_result($qry, 1, 1);
sybase_close($con);
?
Warning: Sybase: A link to the server could not be established in
/opt/netscape/suitespot/docs/teste.php on line 4
Warning: 0 is not a Sybase link index in
/opt/netscape/suitespot/docs/teste.php on line 5
Warning: 0 is not a Sybase result index in
/opt/netscape/suitespot/docs/teste.php on line 6
Warning: 0 is not a Sybase link index in
/opt/netscape/suitespot/docs/teste.php on line 7
_
MSN Photos é a maneira mais fácil e prática de editar e compartilhar sua
fotos: http://photos.msn.com.br
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] mssql_init using freetds
I've installed freetds 0.53, php 4.2.2 and apache 1.3.26. I have some of the mssql functions working (mssql_connect(), for example). I cannot get mssql_init() to work - I get Fatal error: Call to undefined function: mssql_init() in /var/www/html/stdFunctions.php on line 128 I saw a previous post on this from January, which received a reply stating that the CVS version had this working. Has it not been moved into the regular tarball? What do I need to do to get this working? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Multi-table update question
If you use MySQL, instead of INSERT, do a REPLACE--they use the same syntax. Read about it here: http://www.mysql.com/doc/en/REPLACE.html On Tue, 2002-05-21 at 00:32, Markus Lervik wrote: Hello all, How do you people solve the problem of multi-table updates? Consider the following scenario: You got a php-program that has, say, ten fields. You got your database that has it's data normalized (as the good database designers we all are *grin*) and split up over, say, four tables. Now, if you want to check that some of the info in the fields are already there, how do you go about it? A practical example. I've got a database of our computers. The database contains name (fqdn), ip-address, mac-address, network, what switch/hub it's connected to, rough location (ie, floor), accurate location (ie. what room) etc. I've got a php-program with the above-mentioned fields. I've got a ip_name_tbl table, a location table, a ac_loc table and a hub_switch_tbl. I wan't to check that the information entered isn't already in the database tables, but I want to be able to add, say, two ip-addresses for the servers etc. The way I solve it now is i SELECT name and other that I want to be unique and see if I get anything. If not, add. If it's there, don't. Obviously there's a problem with my approach: For each computer inserted, there's a minimum of four or five SELECTs and four or five INSERTs. I'm positive some of you have similar problems. How do you go about solving it? Cheers, Markus Lervik -- Markus Lervik | A Microsoft Certified Systems Linux-administrator | Engineer is to computing what Vaasa City Library - Regional Library | a McDonalds Certified Food +358-6-325 3589 / +358-40-832 6709| Specialist is to fine cuisine -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] securing directory tree and allowing PHP to work
Look into the PHP_AUTH_USER variable. It is assigned through basic authentication. Gary Every Sr. UNIX Administrator Ingram Entertainment (615) 287-4876 Pay It Forward mailto:[EMAIL PROTECTED] http://accessingram.com -Original Message- From: bmw [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 20, 2002 2:48 AM To: [EMAIL PROTECTED] Subject: [PHP-DB] securing directory tree and allowing PHP to work I am trying to find out how I can secure the directory tree of my PHP scripts from the HTTP server without preventing access to my PHP scripts once in session. Right now, if I type the URL of a subdirectory of my site, I get the index of all the files and directories. Ex: http://domaine/index.html has DB access user login and password for my session authentication to enter into my scripts and run the program. If I type http://domaine/subfolder/ I can see all the PHP code I want without logging into my site. How can I protect the server from doing this without busting access to my scripts through the login from the root level index.html? Apache/1.3.26 (Unix)/Linux mod_fastcgi/2.2.12 mod_perl/1.26 PHP 4.2.2 Robert --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.381 / Virus Database: 214 - Release Date: 02/08/2002 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: securing directory tree and allowing PHP to work
bmw wrote: You could restrict autoindexing through apache's httpd.conf. Look it up in apache's manual. Milan This is not my personal web server. It is a remote ISP which provides PHP and MySQL support. I cannot control the HTTP or PHP server build configurations...They have autoindexing built into the Apache server. just add an .htaccess file in that directory saying no one but LOCALHOST has access to it... http://www.javascriptkit.com/howto/htaccess5.shtml -- Leo G. Divinagracia III [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Database question
I was wondering if there were any good documents out there about good database design...I know the basics of creating tables, setting data types and such, and now i want to know how to use it to the best effect...generating logical, streamlined tables, etc. As a side-related note, i have a few tables now that call for some data which could be quite lengthly, say 3-6 paragraphs worth of text. what would be the best data style and length for this kind of field?
Re: [PHP-DB] weird MySQL restart
Ok, the restart of the loop happens after 300 seconds no matter what.
Seems to be a timeout, but then why i don't get an error instead of the
loop starting all over again?
And i don't see anything in php.ini that could be related to that.
I upgraded to php-4.1.2 and the problem is still there.
On Mon, 2002-08-19 at 17:46, Florin Andrei wrote:
I'm using:
- apache-1.3.22
- mysql-3.23.49a
- php-4.0.6
- Linux Red Hat 7.2
I have a piece of code that does this:
for ($i=0; $i $brute_queries_max; $i++) {
$q = $brute_queries[$i];
$q = SELECT COUNT(*) . $q;
$res = mysql_query($q)
or die(in $host database, cannot run query $q);
$line = mysql_fetch_row($res);
$n = $line[0];
$hits_per_table[$i] = $n;
}
Basically, it goes through a list of tables in the same database and
performs a SELECT COUNT(*) FROM $table WHERE column LIKE '%string%'
On a few databases with smallish tables, it's fine.
But i hav a database which has a couple of large tables ( 8 mil. rows).
The loop goes through the tables, i can see it in mysql with SHOW
PROCESSLIST, then it reaches the large tables. And then it starts all
over again, from the first table, and so on. If i let it run, it goes
like this for hours, until i click on the Stop button in the browser.
I'm totally puzzled. It should timeout, or send an error or something.
But to start the for() loop all over
Weird thing is, if i perform the query manually (from the mysql client)
it works fine, although slow - it takes like 120 sec to run the query on
the big table.
I cranked up all timeout parameters in PHP and MySQL, but that didn't
improved anything.
Is this a known problem? Seems like a bug to me.
--
Florin Andrei
In my view, a man's value does not depend on what he learns,
or his position or fame, or what he does, but on what he is
and inwardly becomes. - Sri Aurobindo, a note to his biographers
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Florin Andrei
In my view, a man's value does not depend on what he learns,
or his position or fame, or what he does, but on what he is
and inwardly becomes. - Sri Aurobindo, a note to his biographers
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] keeping form field data when reloading a form
Are you setting the variables in the form? Something like this - note the value field in the username field: form method=post action=index.php name=loginuser table summary=layout table to hold login data width=300 align=center cellpadding=1 cellspacing=0 border=0 bgcolor=#ff tr td align=leftp class=smallbUsername:/b/p/td td align=leftinput type=text name=username value=?php echo $username;? maxlength=50 size=15 style=width: 120px; font-size: 12px/td /tr tr td align=left p class=smallbPassword:/b/p/td td align=leftinput type=password name=password maxlength=50 size=15 style=width: 120px; font-size: 12px /tr tr td align=leftpnbsp; /p/td td align=leftpinput type=submit value=login name=login style=width: 50px; heigth: 18px; font-size: 12px/p/td /tr /table /form This way, depending on how youare refreshing the login form, if the $username variable passed your validation tests it should be set automatically into the form. Cheers Stuart - Original Message - From: [EMAIL PROTECTED] To: PHP_DB [EMAIL PROTECTED] Sent: Wednesday, August 21, 2002 12:58 AM Subject: [PHP-DB] keeping form field data when reloading a form I have my email checker working now, and all the other fields are checked also, but when I do enter some wrong data the form is reloaded with all blank fields. I'm sure there is a way to keep the existing data in the fields so the end-user will only have to change the incorrect fields, and not have to re-enter all the data. But how? -- Chip Wiegand Computer Services Simrad, Inc www.simradusa.com [EMAIL PROTECTED] There is no reason anyone would want a computer in their home. --Ken Olson, president, chairman and founder of Digital Equipment Corporation, 1977 (They why do I have 9? Somebody help me!) -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Database question
Shiloh Madsen wrote: I was wondering if there were any good documents out there about good database design...I know the basics of creating tables, setting data types and such, and now i want to know how to use it to the best effect...generating logical, streamlined tables, etc. have you got a lifetime? seriously, just google it. say relational database design and start from there. or pick up some college text book on that subject As a side-related note, i have a few tables now that call for some data which could be quite lengthly, say 3-6 paragraphs worth of text. what would be the best data style and length for this kind of field? you can use either TEXT, MEDIUMTEXT or LONGTEXT. 64K, 16 million and 4 billion bytes, respectively... the downside is the space taken up when the actual data is less than the field size. then there's VARCHAR. the downside is that it's limited to 255 bytes... good news is that it's N+1 byte size. -- Leo G. Divinagracia III [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Database question
On Wednesday 21 August 2002 09:15, leo g. divinagracia iii wrote: you can use either TEXT, MEDIUMTEXT or LONGTEXT. 64K, 16 million and 4 billion bytes, respectively... the downside is the space taken up when the actual data is less than the field size. The actual space taken up is only a few bytes more than the actual size of the data you're storing so there is really nothing to worry about. -- Jason Wong - Gremlins Associates - www.gremlins.com.hk Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * /* Satire is what closes Saturday night. -- George Kaufman */ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] keeping form field data when reloading a form
Chip: Just use the names of the fields as the values too: input type='text' name='Email' value='$Email' / HTH :-) Russ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 21, 2002 1:58 AM To: PHP_DB Subject: [PHP-DB] keeping form field data when reloading a form I have my email checker working now, and all the other fields are checked also, but when I do enter some wrong data the form is reloaded with all blank fields. I'm sure there is a way to keep the existing data in the fields so the end-user will only have to change the incorrect fields, and not have to re-enter all the data. But how? -- Chip Wiegand Computer Services Simrad, Inc www.simradusa.com [EMAIL PROTECTED] There is no reason anyone would want a computer in their home. --Ken Olson, president, chairman and founder of Digital Equipment Corporation, 1977 (They why do I have 9? Somebody help me!) -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
