Re: [PHP-DB] Is my Hosting service full of it?
On Sat, Feb 08, 2003 at 01:13:28PM -0500, pthes wrote: Here are some claims from the hosting service: ... It is exceptionally PHP and MySQL heavy and unfortunately not the kind of application you can safely run in a shared-hosting environment. It is never safe to allow customers to upload their own scripts in a shared hosting environment. I can't count the number of times I've had to step in and disable an account (or at least a CGI) because a customer wrote or uploaded something that consumed too many resources. So you suggest leaving the db open? What happens when someone bails out before the end? Would that then cause another problem? - You should be able to initiate a db close after a certain amount of time. Without seeing the code, it's hard to determine what you're doing wrong; if you're using a CREATE TEMPORARY TABLE, the table will automatically be deleted shortly after the database connection is closed. This would obviously consume memory in the database server for every temporary table created. Are concurrent connects with mysql the problem? - They certainly don't help. The MySQL server is shared amongst other sites on this same server and obviously can only handle so much happening at once. If you're using mysql_pconnect() to talk to the server, remember that each persistent connection is tied to just one web server process. If the web server has MaxClients 150 set, then there can be a maximum of 150 persistent database connections, even if there's just one PHP script opening them all. Comment 5: response to I don't believe php is worse than perl CGI scripts are called once a form has been completed, the script then runs quickly and closes itself. A pHp page May open a connection to mySQL at the opening of the page, or later in it: either way instead of having the information passed to mysql in a separate place, it is done in the same place. It gives the impression of being more efficient(since a step is skipped) but for high traffic operations it can bog down a mySQL server, Especially if it is a shared one. This is legitimate. I've seen serious degradation of MySQL performance with much lower load than you're generating, always caused by programming with a complete lack of regard for the database server's resource limits. If you don't know how to make your code more database friendly, you might want to consider hiring a programmer to do it for you. Or if you prefer, spend the money on a dedicated server, and watch *it* grind to a halt as well. :) I wondering if anyone has an opinion of whether I'm dealing with people who don't know what they're doing. Do any of their comments make sense. I'd be glad to provide further clarification if desired. I just have a real feeling that I'm not getting knowledgable answers. You are, they do, and you are. -- Paul Chvostek [EMAIL PROTECTED] Operations / Abuse / Whatever it.canada, hosting and development http://www.it.ca/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Is my Hosting service full of it?
Thanks for the comments,. I'm putting some code here to hopefully get an idea of what is considered inefficient when dealing with mysql. I'm confused because all I'm doing is collecting the data from a form and writing it to the db. I have about 30 pages in the survey, so a script similar to this is called after each page. ?php session_start(); include(loginfile.inc); $connection = mysql_connect($host,$user,$password) or die (couldn't connect to server); $db = mysql_select_db($database,$connection) or die (Couldn't select database); $intable = tablename; /* this is the duplicate check section */ $sql = SELECT * FROM $intable WHERE datein = '$datein' AND itemID='$itemID' ; $mysql_result = mysql_query($sql,$connection); $num_rows = mysql_num_rows($mysql_result); if ($num_rows == 0) { /* insert if no dupes */ $query = INSERT INTO itemsread (itemread,itemID,datein) VALUES ('$itemread','$itemID','$datein'); $result = mysql_query($query); } else { /* update if existing timestamp */ $query = UPDATE $intable SET itemread='$itemread' WHERE datein='$datein' AND itemID='$itemID' ; $result = mysql_query($query); } # end else mysql_close($connection); It seems pretty simple to me. What am I missing? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Is my Hosting service full of it?
Beyond inspecting the posted code, are there any quality FREE tools that can monitor MySQL resource usage? I searched Google using mysql resource tools and came up with a number of tools, but all required payment. I'm figuring that if you run a monitor while testing your code locally, you'll be able to pinpoint precisely what causes the recources to be chewed up. Just a thought. -Original Message- From: pthes [mailto:[EMAIL PROTECTED]] Sent: Sunday, February 09, 2003 11:42 AM To: [EMAIL PROTECTED] Subject: Re: [PHP-DB] Is my Hosting service full of it? Thanks for the comments,. I'm putting some code here to hopefully get an idea of what is considered inefficient when dealing with mysql. I'm confused because all I'm doing is collecting the data from a form and writing it to the db. I have about 30 pages in the survey, so a script similar to this is called after each page. ?php session_start(); include(loginfile.inc); $connection = mysql_connect($host,$user,$password) or die (couldn't connect to server); $db = mysql_select_db($database,$connection) or die (Couldn't select database); $intable = tablename; /* this is the duplicate check section */ $sql = SELECT * FROM $intable WHERE datein = '$datein' AND itemID='$itemID' ; $mysql_result = mysql_query($sql,$connection); $num_rows = mysql_num_rows($mysql_result); if ($num_rows == 0) { /* insert if no dupes */ $query = INSERT INTO itemsread (itemread,itemID,datein) VALUES ('$itemread','$itemID','$datein'); $result = mysql_query($query); } else { /* update if existing timestamp */ $query = UPDATE $intable SET itemread='$itemread' WHERE datein='$datein' AND itemID='$itemID' ; $result = mysql_query($query); } # end else mysql_close($connection); It seems pretty simple to me. What am I missing? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Confirmation e-mail
this is what i use. hope it helps, addison /* send email to new member */ $emess1=Thank you...\n; $emess2=Your Member ID and password are:\n; $emess3=\n\n\tID:$email\n\tPassword:$password\n\n; $emess4=Each time you submit an ad, please use your existing ID and password.\n\n; $emess5=Please e-mail ?@?.com with questions or comments.; $emess = $emess1.$emess2.$emess3.$emess4.$emess5; $ehead=From: ?@?.com\r\n; $subject = this appears in the subject of the email to the new member; $mailsend=mail($email,$subject,$emess,$ehead); header(Location: index.php (where you want them directed after they sign in. it could be a welcome page.); Hello people., I am developing a website with a user login system, i would like to send an confirmation e-mail to the user when he/she registers for the site, asking for confirmation...for instance click on a link to activate thier account. My question is what would be the best approach to achieve this? How is this usualy done? Any thoughts and help is appreciated. Best regards, Davy Obdam -- Davy Obdam - Obdam webdesign© mailto:[EMAIL PROTECTED] web: www.davyobdam.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Addison Ellis small independent publishing co. 114 B 29th Avenue North Nashville, TN 37203 (615) 321-1791 [EMAIL PROTECTED] [EMAIL PROTECTED] subsidiaries of small independent publishing co. [EMAIL PROTECTED] [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] validate list menu selection
hello, what do i need to do to make sure someone has made a selection from a list menu. my foreach($HTTP_POST_VARS as $value) { if ($value == ) { unset($do); $message_new = font face=verdana size=1 color=redRequired information missing.\n Please try again./font; include(place_ad.php); exit(); } } is checking everything but my list menu. thank you and i have searched, to no avail. best, addison -- Addison Ellis small independent publishing co. 114 B 29th Avenue North Nashville, TN 37203 (615) 321-1791 [EMAIL PROTECTED] [EMAIL PROTECTED] subsidiaries of small independent publishing co. [EMAIL PROTECTED] [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
WG: [PHP-DB] Confirmation e-mail
hi, the best way for this is optin and optout method. so you can referrer if the users email exist. if the users email exists you can to assume the user is the user who would like the registration for your website. in the email you can set a link to a modul of your website. in this link you can take an accesskey, wich you generated by a new account. this key is the users unique id. now not all users given there right email and the email will send back to you. first choice you select the incoming returns or you can write a script who will checked a emailaccount for returned emails. in this programm you can select the to-field and check it in your database. is any user in the email true then you can delete them and you database will be clean. you can lookup this: http://www.smtphost.de/smtp.auth please insert your emailaddress, it will be generat an email for you. then you click the link in this email. this way is optin. if you want to unregister you can delete your account from the same formular what you are registered. okthis is my way.any other ideas? andreas van loock -Ursprüngliche Nachricht- Von: Davy Obdam [mailto:[EMAIL PROTECTED]] Gesendet: Sonntag, 9. Februar 2003 20:04 An: PHP; PHP-WIN; PHP-DB Betreff: [PHP-DB] Confirmation e-mail Hello people., I am developing a website with a user login system, i would like to send an confirmation e-mail to the user when he/she registers for the site, asking for confirmation...for instance click on a link to activate thier account. My question is what would be the best approach to achieve this? How is this usualy done? Any thoughts and help is appreciated. Best regards, Davy Obdam -- Davy Obdam - Obdam webdesign© mailto:[EMAIL PROTECTED] web: www.davyobdam.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
WG: [PHP-DB] Confirmation e-mail
hi, too please don't send password over the internet. better you ask the user if they click the link below your email. then the user get a formular and there you can ask him for his password. then you can make sure the emails wasn't read by other user. this is a secure method. andreas van loock -Ursprüngliche Nachricht- Von: info@phpken [mailto:[EMAIL PROTECTED]] Gesendet: Sonntag, 9. Februar 2003 20:34 An: Php-Db Betreff: WG: [PHP-DB] Confirmation e-mail hi, the best way for this is optin and optout method. so you can referrer if the users email exist. if the users email exists you can to assume the user is the user who would like the registration for your website. in the email you can set a link to a modul of your website. in this link you can take an accesskey, wich you generated by a new account. this key is the users unique id. now not all users given there right email and the email will send back to you. first choice you select the incoming returns or you can write a script who will checked a emailaccount for returned emails. in this programm you can select the to-field and check it in your database. is any user in the email true then you can delete them and you database will be clean. you can lookup this: http://www.smtphost.de/smtp.auth please insert your emailaddress, it will be generat an email for you. then you click the link in this email. this way is optin. if you want to unregister you can delete your account from the same formular what you are registered. okthis is my way.any other ideas? andreas van loock -Ursprüngliche Nachricht- Von: Davy Obdam [mailto:[EMAIL PROTECTED]] Gesendet: Sonntag, 9. Februar 2003 20:04 An: PHP; PHP-WIN; PHP-DB Betreff: [PHP-DB] Confirmation e-mail Hello people., I am developing a website with a user login system, i would like to send an confirmation e-mail to the user when he/she registers for the site, asking for confirmation...for instance click on a link to activate thier account. My question is what would be the best approach to achieve this? How is this usualy done? Any thoughts and help is appreciated. Best regards, Davy Obdam -- Davy Obdam - Obdam webdesign© mailto:[EMAIL PROTECTED] web: www.davyobdam.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: WG: [PHP-DB] Confirmation e-mail
Hi Andreas, Thanks for you responce. I am also wondering how you would do that in the database, i have a table users in my MySQL database containing the users information that submitted when they registerd. Now i want to activate thier account only after they have clicked on the confirmation link... if possible without any additional tables in my db. I users do not confirm thier account i wanna remove thier data from the database after 48hours. Thanks for your time.. Best regards, Davy Obdam info@phpken wrote: hi, too please don't send password over the internet. better you ask the user if they click the link below your email. then the user get a formular and there you can ask him for his password. then you can make sure the emails wasn't read by other user. this is a secure method. andreas van loock -Ursprüngliche Nachricht- Von: info@phpken [mailto:[EMAIL PROTECTED]] Gesendet: Sonntag, 9. Februar 2003 20:34 An: Php-Db Betreff: WG: [PHP-DB] Confirmation e-mail hi, the best way for this is optin and optout method. so you can referrer if the users email exist. if the users email exists you can to assume the user is the user who would like the registration for your website. in the email you can set a link to a modul of your website. in this link you can take an accesskey, wich you generated by a new account. this key is the users unique id. now not all users given there right email and the email will send back to you. first choice you select the incoming returns or you can write a script who will checked a emailaccount for returned emails. in this programm you can select the to-field and check it in your database. is any user in the email true then you can delete them and you database will be clean. you can lookup this: http://www.smtphost.de/smtp.auth please insert your emailaddress, it will be generat an email for you. then you click the link in this email. this way is optin. if you want to unregister you can delete your account from the same formular what you are registered. okthis is my way.any other ideas? andreas van loock -Ursprüngliche Nachricht- Von: Davy Obdam [mailto:[EMAIL PROTECTED]] Gesendet: Sonntag, 9. Februar 2003 20:04 An: PHP; PHP-WIN; PHP-DB Betreff: [PHP-DB] Confirmation e-mail Hello people., I am developing a website with a user login system, i would like to send an confirmation e-mail to the user when he/she registers for the site, asking for confirmation...for instance click on a link to activate thier account. My question is what would be the best approach to achieve this? How is this usualy done? Any thoughts and help is appreciated. Best regards, Davy Obdam -- Davy Obdam - Obdam webdesign© mailto:[EMAIL PROTECTED] web: www.davyobdam.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Davy Obdam - Obdam webdesign© mailto:[EMAIL PROTECTED] web: www.davyobdam.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] RE: [PHP-WIN] Confirmation e-mail
Hi Matt Hillebrand, That sounds mighty secure, but I think he's trying to verify that the email address does indeed belong to the person creating an account. I don't think so. Normaly you identify you by typing username and password into the textfields. Sometimes the username is identical with your email. I suggested the way via ssl because of the password-problem. I've heart that for epayment and transactions with onlinebanking it is based on law that the connection must be encrypted/ssl. I use the following two functions to create a random number, and then I insert it into the DB. Then I send a URL inside the confirmation email that points to a script for verification of the random number. (The parameters of the URL are the random number and username for that particular account.) function seed() { list($usec,$sec)=explode(' ',microtime()); mt_srand($sec * $usec); } function mk_random($size) { // $size is the number of digits in $num $num = ''; seed(); for($i=0; $i$size; $i++) { $num .= mt_rand(0, 9); } return $num; } Matt Regards, Ruprecht -- Ruprecht Helms IT-Service und Softwareentwicklung Tel/Fax.: +49[0]7621 16 99 16 Homepage: http://www.rheyn.de email: [EMAIL PROTECTED] -- -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Using CURDATE, DATE_SUB and DATE_ADD
I am using the query below in attempting to control access to a web site. The idea is that today's date must be between 1 month before the start date and 1 month after the finish date. $query1 = SELECT VFT_name FROM `vft` WHERE CURDATE() DATE_SUB(VFT_date_start, INTERVAL 1 month) AND CURDATE() DATE_ADD(VFT_date_finish, INTERVAL 1 month) ; It seems that if a start date is say March 31, then any date in February (even Feb 01) is going to return true. I tried using days (28, 29, .. 35 etc) instead of 1 month in the query but that doesn't seem to work. For a start-date of March 11 how can I deny access on Feb 10 but allow access starting on Feb 11? Thanks for any help. Barrie --- Barrie Matthews, Webmaster Heurisko Ltd, Learning Technology Specialists Spark House, 5 Durham St, PO Box 8577, Christchurch, New Zealand P +64 3 353-7360F +64 3 366-5488 [EMAIL PROTECTED]www.heurisko.co.nz Heurisko services: - LEARNZ, NZ's award winning online education programme www.learnz.org.nz/ - TheSchoolDaily - daily education news and features www.theschooldaily.com/ - NZ agent for TextHELP! products - award winning learning disability software www.texthelp.co.nz/ - Suppliers of digital cameras, scanners, printers and POLYCOMS www.heurisko.co.nz/teachingtools/ - Web server hosting and internet/intranet solutions www.heurisko.co.nz/webservices/ --- -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Efficienty of PEAR DB
Hi everyone, I have a question. How efficient a PEAR DB is? I found this information from adodb related website. http://phplens.com/lens/adodb/ I want to start implementing database abstraction layer in my applications. So i want to know which one is more efficient (PEAR DB or ADOdb?) thanks Hardik Doshi __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] c binary for (more securely) connecting to oracle
Hi It's the old question all over again: How can I make my user / pass impossible to read for those who shouldn't? I've been thinking a lot the past few years about how to do this, and I've thought that one solution, a little better than keeping the information in a file in plain text, would be to put them in a small c program, compile it and restrict access to execute (by the server). This would still mean that others can run the program through the web server, so if there could be a way of checking for which script is the callee of the program, that would be best, but i doubt there is... :þ Nevertheless, if anybody has any idea to whether this is possible or not (and how), please let me know. I've started looking into this and made a small program that makes a connection to oracle. The rest isn't quite trivial. As far as I've understood, PHP uses it's own structs for representing the oracle connection, and I don't really know how one would go about trying to return this to PHP. Other than that there might be someone out there who has done this before or someone who can tell me that this isn't possible for some reason I haven't thought about. I'm not too experienced in c programming, so any hints would be greatly appreciated. :-) Hints? Comments? Solutions? Thanks in advance. -- --Fredrik Life to you is a bold and dashing responsibility -- a Mary Chung's fortune cookie -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: [PEAR-DEV] Efficienty of PEAR DB
On Sun Feb 09, 2003 at 04:1120PM -0800, Hardik Doshi wrote: I have a question. How efficient a PEAR DB is? I found this information from adodb related website. http://phplens.com/lens/adodb/ I want to start implementing database abstraction layer in my applications. So i want to know which one is more efficient (PEAR DB or ADOdb?) This topic has been discussed several times on this list. Please search the archives [1] for more information. [1] http://marc.theaimsgroup.com/?l=pear-devr=1w=2 -- - Martin Martin Jansen http://martinjansen.com/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Confirmation e-mail
Hi Davy Obdam, [...] My question is what would be the best approach to achieve this? How is this usualy done? Storing the password in encrypted form in a database. The confirmationmail you can write with the normal mailcommand using addslashes. The securest way if the password was randomly generated is to presend the resultpage via a ssl-connection and without sending a mail or the mail must be protected. So a hacker can't sniff the password. Regards, Ruprecht -- Ruprecht Helms IT-Service und Softwareentwicklung Tel/Fax.: +49[0]7621 16 99 16 Homepage: http://www.rheyn.de email: [EMAIL PROTECTED] -- -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php