RE: [PHP-DB] Security Question
Hi The page/form will be requested over a non secure connection. When the form is submitted the browser establishes a secure connection to the server and then sends the data, so the data is sent securely. Peter -Original Message- From: Micah Stevens [mailto:[EMAIL PROTECTED] Sent: 17 January 2005 03:47 To: php-db@lists.php.net Subject: Re: [PHP-DB] Security Question But what I'm saying is that if you're submitting a form from an unsecured page, to a script on a secure server, the data will still be encrypted. Anyone know this for sure to be correct? It sure makes sense this way. On Sunday 16 January 2005 07:27 pm, Peter Lovatt wrote: Hi It is better from a security point of view to have a secure login. The secure server encrypts the data between the browser and the server, making it impossible to read on its journey from you to the server. However whether it is a major security problem is another question. To view the traffic somebody must have access to the servers that route your request, which isn't easy. They then have to spot your traffic amongst all the other web traffic. If it is the login for your Swiss bank account where you hid the million you made without declaring tax then it should be secure - no question. On the other hand if it is just to login to see when your books will be delivered, with no sensitive financial information then the risk is smaller and it is unlikely that anyone is trying too hard to get your login, so an insecure login carries less risk. You could always host the login page on a non secure server but post the form to a secure server. Peter -Original Message- From: Micah Stevens [mailto:[EMAIL PROTECTED] Sent: 17 January 2005 02:46 To: php-db@lists.php.net Subject: Re: [PHP-DB] Security Question If it submits to a secure server the form data will be encrypted before transmission I believe. At least that's my understanding, and that seems to be how ebay does it for example. Once you log-in, it submits to a secure page. -Micah On Sunday 16 January 2005 06:38 pm, Chris Payne wrote: Hi everyone, I have a security question, I want to see if I am right or wrong. I have programmed a system with PHP and MySQL, the main system resides on a secure server, but the client wants the login page on a NON-Secure server for marketing purposes. Am I the only one who thinks this is a major security concern? Chris -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Input ++90 causing problems
Switching off Auto-select in the Encoding in IE did solve it. Thanks a lot. John - Original Message - From: graeme [EMAIL PROTECTED] To: ioannes [EMAIL PROTECTED] Cc: php-db@lists.php.net Sent: Friday, January 14, 2005 8:17 AM Subject: Re: [PHP-DB] Input ++90 causing problems It appears as plus sign and numbers on my computer. graeme. ioannes wrote: It appears that the code below in short has the following problematic strings: ++90 ++90-212- gives 212- on my test page below: error2.htm. A clue might be that a search on google turns up Arabic unicode, and the input here was done in Turkey. check the link: http://www.londonriverside.co.uk/error2.htm and let me know if it appears the same to you or is a function of my computer, which includes Japanese libraries. (In order to send this message I need to choose unicode formatting.) ++90 ++90 gives ++90 ++90 on error3.htm - and is correct The string ++90 came from a web input form, where someone was putting in their phone number. It was stored in a database and retrieved onto a web page, all using php, on which page it screwed up the css and caused unusual javascript errors. Although when the same person input the same phone number on the same form again, the same problem did not occur all the time but did re-occur at least twice. I cut down the HTML and finally found these few figures seemed to be the cause, though if I used my HTML editor to applyt auto-formatting to the page the error did not occur. Also if I simply deleted the ++90 characters and typed them in again and uploaded that, there were no errors. Confusingly, href links to other pages requiring a query to be run on the same record in the database - although it does not require to retrieve and show the phone number on the htm page but does use the index reference of the record - fails to retrieve any information for the record, eg my dates just default to 01/01/1970 erroneously and other info is retrieved on the record, in this case there is no css problem or javascript error in the static HTML, just no data to show within the page. Also note that when I get into the table and cut and paste all the info to a new record, the new record works - ie I can retrieve it with same tel numbers and everything works. Is there something about this string ++90 that is problematic, possibly in relation to being sent from an internet form initially? If it's simply a familiar error from Arabic unicode perhaps I should be filtering this out on all input pages? are there other such problematic strings? what am I searching for if I search for good input filtering for web input forms? John I did the following test pages: error2.htm: html head titletest/title LINK href=styles/test.css type=text/css rel=stylesheet /head body text=#00 leftmargin=0 topmargin=0 marginwidth=0 marginheight=0 bgcolor=#ff table width=1000 border=1 cellspacing=0 cellpadding=0 trtd class=textset3 colspan=12 ++90 ++90-212- /td/tr/table /body /html error3.htm: html head titletest/title LINK href=styles/enquiries_css.css type=text/css rel=stylesheet /head body text=#00 leftmargin=0 topmargin=0 marginwidth=0 marginheight=0 bgcolor=#ff table width=1000 border=1 cellspacing=0 cellpadding=0 trtd class=textset3 colspan=12 ++90 ++90 /td/tr/table /body /html -- Experience is a good teacher, but she sends in terrific bills. Minna Antrim -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] RE: Assistance on Query
Hi People, I would like some assistance on the following scenario. I have to pull out all records for a particular userid (easy enough) and then only show those entries where the follwing occurs. These records from the table will contain either an entry in the services_type field or the non_services_type field. What I need to do is show only those where the number of consecutive records that contain an entry in the non_services_type field is greater than or equal to 3 so example:- record 1 contains an entry in non_services_type record 2 contains an entry in services_type record 3 contains an entry in non_services_type record 4 contains an entry in non_services_type record 5 contains an entry in non_services_type record 6 contains an entry in services_type so I would need to display records 3,4,5 only Can anyone assist me with this? Cheers, Shannon When you do your while ($row = mysql_fetch_assoc($result)) { ... } you will need to keep a list of consecutive records. Try this: ?php $i = 0; $j = 0; while ($row = mysql_fetch_assoc($result)) { $current_string = ( !empty($row['non_services_type']) ) ? 'non_services_type' : 'services_type' ; if ($previous_string == $current_string) { $i++; if ($i = 3) { $records[$j] = $row; $j++; } } else { $i = 0; $previous_string = $current_string; } } ? Then simply echo $records. This may have some bugs to iron out, but this is a way to get the job done, please reply if you have found a better way. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Assistance with if..elseif statement
I have this block of code which checks to see if an image has been uploaded from an update form. Everything in the form works, except I can not get the the elseif statements to behave properly. See the comments below for explanation. Any help would be appreciated. $route_photo = $_FILES['image']['name']; // if no new image and no existing image put NULL in the DB if(empty($_FILES['image']['name']) ($_POST['oldimage']) == '') { $route_photo = 'NULL'; echo (No image supplied.); // if new image put the new image name in the DB } elseif ($_POST['route_photo'] || $_FILES['image']['name']) { $route_photo = $_POST['route_photo']; echo (The image has been replaced with $route_photo.); // If no new image update, use the old image } elseif ($_POST['route_photo'] = $_POST['oldimage']) { $route_photo = $_POST['oldimage']; echo(No new image supplied); } -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] RE: php-db Digest 16 Jan 2005 13:41:28 -0000 Issue 2777
From: [EMAIL PROTECTED] To: php-db@lists.php.net Subject: php-db Digest 16 Jan 2005 13:41:28 - Issue 2777 Date: 16 Jan 2005 13:41:28 - php-db Digest 16 Jan 2005 13:41:28 - Issue 2777 Topics (messages 38151 through 38154): Re: Integrating Interbase.so and PHP 38151 by: Doug Thompson Re: MySQL db sync 38152 by: Bastien Koert Adding Up MySQL Results 38153 by: Nathan Mealey Assistance on Query 38154 by: Shannon Doyle Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: php-db@lists.php.net -- php-db_38151.ezm php-db_38152.ezm php-db_38153.ezm php-db_38154.ezm -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] RE: php-db Digest 16 Jan 2005 13:41:28 -0000 Issue 2777
All, I am needing to send two attachments from my form. Both fields are called 'fileatt' and 'fileatt1'. Below is the script i wrote to attach 'fileatt' but i am unsure on how to attach 'fileatt1'. Can I just add fileatt1 or do I need to rethink how I do it? Many thanks // Obtain file upload vars $fileatt = $_FILES['fileatt']['tmp_name']; $fileatt_type = $_FILES['fileatt']['type']; $fileatt_name = $_FILES['fileatt']['name']; $headers = From: $from; if (is_uploaded_file($fileatt)) { // Read the file to be attached ('rb' = read binary) $file = fopen($fileatt,'rb'); $data = fread($file,filesize($fileatt)); fclose($file); // Generate a boundary string $semi_rand = md5(time()); $mime_boundary = ==Multipart_Boundary_x{$semi_rand}x; // Add the headers for a file attachment $headers .= \nMIME-Version: 1.0\n . Content-Type: multipart/mixed;\n . boundary=\{$mime_boundary}\; // Add a multipart boundary above the plain message $message = This is a multi-part message in MIME format.\n\n . --{$mime_boundary}\n . Content-Type: text/plain; charset=\iso-8859-1\\n . Content-Transfer-Encoding: 7bit\n\n . $message . \n\n; // Base64 encode the file data $data = chunk_split(base64_encode($data)); // Add file attachment to the message $message .= --{$mime_boundary}\n . Content-Type: {$fileatt_type};\n . name=\{$fileatt_name}\\n . //Content-Disposition: attachment;\n . // filename=\{$fileatt_name}\\n . Content-Transfer-Encoding: base64\n\n . $data . \n\n . --{$mime_boundary}--\n; } // Send the message $ok = @mail($to, $subject, $message, $headers); if ($ok) { header (Location: http://www.tlwebsolutions.co.uk/form/;); } ? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] insert into mysql-db from csv-file
Ruprecht Helms wrote: I want to read a csv-file and import the datas into a mysql-db. How do I make this. A little scriptexaple in php would be helpfull. Why not just LOAD DATA INFILE from MySQL? No need to involve PHP at all, really... -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] PHP 5.0.3 and Oracle9i on Windows 2000/Apache
Chaun Keating wrote: I am having trouble logging onto Oracle via PHP on a Windows 2000 machine. I keep getting the error: Fatal error: Call to undefined function OCILogon() in C:\Program Files\Apache Group\Apache2\htdocs\oraconnect.php on line 15 I seem to have everything set up correctly. I am running an Oracle 9i client and have set up the php.ini file with extension=php_oci8.dll uncommented, left ;extension=php_oracle.dll commented. (Although I have tried various combinations of these two. Also I have set the extension_dir = C:\Program Files\PHP\ext correctly and noted that php_oci8.dll and php_oracle.dll exist there. Now here is where it gets really weird and I could use some help: It works fine from the command line: possibly the cli version of php is using a different ini file than the apache2 module/cgi. also you made need to restart apache in order to reread the php.ini file. with regard to putenv() - you may be suffering from safe_mode being on. also, (I don't know this!), if putenv is setting env vars whose scope is server-process wide then concurrent scripts _maybe_ messing each other up: e.g. request1 starts and does some putenv()s, request2 does the same a fraction later, request1 finishes and resets stuff done by putenv(), request2 trys to connect...which fails because the env vars are empty. I type php oraconnect.php for the following code: ?php //putenv(ORACLE_SID=TESTDB); //putenv(ORACLE_HOME=C:/oracle/ora92); //putenv(TNS_ADMIN=C:/oracle/ora92/network/admin); $username = SCOTT; $passwd = TIGER; //$db=(DESCRIPTION= // (ADDRESS_LIST= // (ADDRESS=(PROTOCOL=TCP) //(HOST=orahostname1)(PORT=1621) // ) // ) // (CONNECT_DATA=(SERVICE_NAME=TESTDB)) // ); $conn = OCILogon(SCOTT,TIGER,TESTDB); if (!$conn) { echo Connection failed; echo Error Message: [ . OCIError($conn) . ]; exit; } else { echo Connected!; } ? It works either way with the env_variables in the script or with them commented out from the command line. I just can't get it to work from the browser. Can anyone out there help me with this one? I have some experience with Oracle, Perl, and a little Java but not so much with PHP. Thanks. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Import into mysql from csv-file
Hi, how do I import data stored in a csv-file (formated text) into a mysql_database. Regards, Ruprecht -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] '
Hi all, When I submit my forms, if any textfield contains a ' the result comes back with /' Is there anyway of stopping this? Thanks Ben -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: last insert ID
you can use the mysql function LAST_INSERT_ID() heres the info from the manual: http://dev.mysql.com/doc/mysql/en/ODBC_and_last_insert_id.html I was having trouble with retrieving the last insert id as well. Even after looking over the information in the link, I couldn't figure out how to make this work in PHP. Using the statement: $id = $link-query(SELECT LAST_INSERT_ID()); $id turned out to be a huge array - no part of which seemed to contain the expected 'last id'. I can't even determine if I got any part of it right. Does anyone have a more complete example? I'm lost. I'm surprised that the DB library doesn't do this. Is there some reason that it cannot or is it just waiting for someone to write the code? Thank you for any assistance, Nelson -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] '
echo stripslashes($text); bastien From: Ben [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: php-db@lists.php.net Subject: [PHP-DB] ' Date: Mon, 17 Jan 2005 16:24:47 - Hi all, When I submit my forms, if any textfield contains a ' the result comes back with /' Is there anyway of stopping this? Thanks Ben -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] '
When I submit my forms, if any textfield contains a ' the result comes back with /' Is there anyway of stopping this? Yes, either: - turn off Magic Quotes GPC or - use stripslashes() Larry -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] i am lost (php warning)
Hi ya'll, I am lost as to why I am getting this error in my script. Can anyone kindly explain why this is so. Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/cm/public_html/cell/login.php --- My script --- if($_POST['submit'] == 'Log In') { $user=$_POST[email]; $pass=$_POST[pass]; $sql_query = mysql_query(SELECT * FROM cm_customer WHERE emial='$user'); $sql_query = mysql_num_rows($sql_query); if (($sql_query) 0) { $valid = $user; session_start(); session_register(valid); } } if (session_is_registered(reg)) { echo ok; } else { echo sorry; }