[PHP-DB] compiling php with oracle in linux shell
hi there i'm having trouble with compiling php in linux shell with oracle support. usually first i install oracle client via xwindow. but now the problem is, the machine currently need to be installed is do not have a xwindow installed. is there anyway to compile php with oracle support using only linux shell prompt??? TiA, i really need help here :p -- Ade Anom A [http://www.a3rex.info]
[PHP-DB] addslashes + stripslashes + mysql question
Hi,
My question is about the norlmal behaviour of PHP and MYSQL but I cant
explain it without a simple example. Thank you for reading:
I have the following code:
?php
print $t = $_POST['txt'];
print $t = addslashes($t);
@ $db = mysql_pconnect(xxx,xxx,xxx);
mysql_select_db('test');
$q = update ttable set ffield='$t';
mysql_query($q);
$q = select * from ttable;
$result = mysql_query($q);
$bo = mysql_fetch_array($result);
print $t = $bo['ffield'];
print $t = stripslashes($t);
?
from a HTML form I send variable:
' \ \' \\ \\\
after addshashes it becomes:
\' \\ \\\' \\
after that it gets in the database
but after I get it out it becomes:
' \ \' \\ \\\
(without the backslashes!)
and ofcourse after stripslashes it gets messed-up:
' ' \ \
So my question is if this is a normal behaviour for PHP+MYSQL or it may vary
indifferent conficurations or versions of both php or mysql.
It's not a bad thing to be like that but I wonder if my code will behave the
same at most systems.
Thank you very much
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] addslashes + stripslashes + mysql question
you might want to check to see if magic quotes GPC is turned on, if it is then you are adding slashes twice. You can either turn it off or do not use addslashes ;) -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED]
[PHP-DB] php line error
just care to know how php does the line counting when it echoes error messages like: parse error: unexpected '}' on line 129 1. does the line counting includes empty lines 2. are externally included files (using include(), require() etc) also line counted(sic)? 3. are d parts of the file that are not in php (i mean that are not contained within the php delimeters) also counted? - A passion till tomorrow, Opeyemi Obembe | ng.clawz.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: [PHP-DB] addslashes + stripslashes + mysql question
You have the string ' \
With addslashes it becomes '\ \\
When you insert it into the database
it goes into a query like this
update table set field=' '\ \\ '
But that inserts into the field only ' \ ,
in other words the original string.
It is a normal behaviour and you should
omit the stripslashes function.
Hope it helps
Firan Corneliu
On Mon, 2005-05-16 at 11:20 +0300, Petzo wrote:
Hi,
My question is about the norlmal behaviour of PHP and MYSQL but I cant
explain it without a simple example. Thank you for reading:
I have the following code:
?php
print $t = $_POST['txt'];
print $t = addslashes($t);
@ $db = mysql_pconnect(xxx,xxx,xxx);
mysql_select_db('test');
$q = update ttable set ffield='$t';
mysql_query($q);
$q = select * from ttable;
$result = mysql_query($q);
$bo = mysql_fetch_array($result);
print $t = $bo['ffield'];
print $t = stripslashes($t);
?
from a HTML form I send variable:
' \ \' \\ \\\
after addshashes it becomes:
\' \\ \\\' \\
after that it gets in the database
but after I get it out it becomes:
' \ \' \\ \\\
(without the backslashes!)
and ofcourse after stripslashes it gets messed-up:
' ' \ \
So my question is if this is a normal behaviour for PHP+MYSQL or it may vary
indifferent conficurations or versions of both php or mysql.
It's not a bad thing to be like that but I wonder if my code will behave the
same at most systems.
Thank you very much
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] addslashes + stripslashes + mysql question
Thank you very much for the reply.
That was what I needed to know.
That this is the Normal behavior and will not vary in different
configurations (exept of the magic_quotes_XXX settings that I'm aware of)
Milen
- Original Message -
From: Firan Corneliu [EMAIL PROTECTED]
To: Petzo [EMAIL PROTECTED]
Cc: php-db@lists.php.net
Sent: Monday, May 16, 2005 4:09 PM
Subject: Re: [PHP-DB] addslashes + stripslashes + mysql question
You have the string ' \
With addslashes it becomes '\ \\
When you insert it into the database
it goes into a query like this
update table set field=' '\ \\ '
But that inserts into the field only ' \ ,
in other words the original string.
It is a normal behaviour and you should
omit the stripslashes function.
Hope it helps
Firan Corneliu
On Mon, 2005-05-16 at 11:20 +0300, Petzo wrote:
Hi,
My question is about the norlmal behaviour of PHP and MYSQL but I
cant
explain it without a simple example. Thank you for reading:
I have the following code:
?php
print $t = $_POST['txt'];
print $t = addslashes($t);
@ $db = mysql_pconnect(xxx,xxx,xxx);
mysql_select_db('test');
$q = update ttable set ffield='$t';
mysql_query($q);
$q = select * from ttable;
$result = mysql_query($q);
$bo = mysql_fetch_array($result);
print $t = $bo['ffield'];
print $t = stripslashes($t);
?
from a HTML form I send variable:
' \ \' \\ \\\
after addshashes it becomes:
\' \\ \\\' \\
after that it gets in the database
but after I get it out it becomes:
' \ \' \\ \\\
(without the backslashes!)
and ofcourse after stripslashes it gets messed-up:
' ' \ \
So my question is if this is a normal behaviour for PHP+MYSQL or it may
vary
indifferent conficurations or versions of both php or mysql.
It's not a bad thing to be like that but I wonder if my code will behave
the
same at most systems.
Thank you very much
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] php line error
It does count blank lines, note that the line with the error maybe well above the line shown in the error...the only indicates where the error (whatever it may be) causes a problem in the script. Bastien From: 'Yemi Obembe [EMAIL PROTECTED] To: php-db@lists.php.net Subject: [PHP-DB] php line error Date: Mon, 16 May 2005 05:51:32 -0700 (PDT) just care to know how php does the line counting when it echoes error messages like: parse error: unexpected '}' on line 129 1. does the line counting includes empty lines 2. are externally included files (using include(), require() etc) also line counted(sic)? 3. are d parts of the file that are not in php (i mean that are not contained within the php delimeters) also counted? - A passion till tomorrow, Opeyemi Obembe | ng.clawz.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] problems with a script. .
John R. Sims, Jr. wrote:
Martin; I have taken your advice and read both of the articles, but
unfortunately I have not been able to find what needs to be changed. As I
mentioned, I am very new at this.
Could you possibly look at the script and point me in the right direction?
[snip]
/head ?php
// Set the page title and include the HTML header.
$page_title = 'Wireless Neighborhoods';
include_once ('include/header.html');
$db_connection = mysql_connect ('db.wireless-neighborhoods.org', 'scfn',
'scfn75') or die (mysql_error());
$db_select = mysql_select_db('scfn') or die (mysql_error());
// If the form was submitted, process it.
if (isset($submit)) {
$query = insert into case_note values ('0', '$id',NOW(),
NOW(),'$cmanager', '$location', '$purpose', '$present', '$subject',
'$note');
if (@mysql_query ($query)) {
echo 'A Case Note has been added.';
} else {
echo 'The case note could not be added.' . mysql_error();
}
}
?
[snip]
It looks like you are using register_globals on your development
machine. You'll likely find it easier to write safer/cleaner PHP
scripts if you don't rely on this.
http://us2.php.net/register_globals
though register globals itself isn't strictly a security issue, it is a
convenience that can cause unwanted/undue variable namespace pollution.
I'd recommend you disable it on your development machine ( in your
php.ini configuration file ) and then you'll have to set about changing
any variables that are coming from get/post - e.g.
if (isset($submit)) {
becomes
if (isset($_POST['submit'])) {
and the likes.
It's odd that your PHP 5 installation has this enabled - the default
changed to it being off in PHP 4.2.0, and certainly hasn't changed back.
cheers,
--
- Martin Norland, Sys Admin / Database / Web Developer, International
Outreach x3257
The opinion(s) contained within this email do not necessarily represent
those of St. Jude Children's Research Hospital.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] php line error. .
'Yemi Obembe wrote: just care to know how php does the line counting when it echoes error messages like: parse error: unexpected '}' on line 129 1. does the line counting includes empty lines yes. 2. are externally included files (using include(), require() etc) also line counted(sic)? no. (but the line with the include() call counts normally 3. are d parts of the file that are not in php (i mean that are not contained within the php delimeters) also counted? yes. in short, it's the line number of the script as if it were a plain text file. cheers, -- - Martin Norland, Sys Admin / Database / Web Developer, International Outreach x3257 The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] INSER INTO not working!
Acctually my problem was in that I was using the name of the table in
uppercase rather than in lowercase. So MySQL was looking for table REV
instead of rev. So for MySQL, REV and rev are very different tables!!
Regards,
Miguel Guirao
-Original Message-
From: Constantin Brinzoi [mailto:[EMAIL PROTECTED]
Sent: Jueves, 12 de Mayo de 2005 05:11 a.m.
To: Mihai Frisan
Cc: MIGUEL ANTONIO GUIRAO AGUILAR; PHP
Subject: Re: [PHP-DB] INSER INTO not working!
Please, take into consideration that in Postgresql you have to quote
table name if there are capitals in the name. Thus, if the table name is
REV then you have to quote it like:
$sqlstring = INSERT INTO \REV\ (revision) VALUES ($revision);
Aurel
On Thu, 2005-05-12 at 11:09 +0300, Mihai Frisan wrote:
Hi,
try $sqlstring = INSERT INTO REV (revision) VALUES ($revision);
Mihai
MIGUEL ANTONIO GUIRAO AGUILAR wrote:
Hi list,
I'm trying to store a data into a two-column table (id, revision).
ID is auto_increment. My table is called REV. I'm using this query:
$sqlstring = INSERT INTO REV VALUES('',$revision);
Using that same query in mysql command line works pretty good and the row
is added to the table, but is not working from my PHP page.
I echo the $sqlstring variable for troubleshooting and it is correct.
I'm using mysql_query($sqlstring, $link);
Any ideas??
--
MIGUEL GUIRAO AGUILERA
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Questions with formbuilder: is this the right list?
Hello, I have some questions about DB_DataObject and FormBuilder PK handling, should I post them here or do you know a better list? TIA -- Alessandro Pasotti ICQ# 245871392 Linux User #167502 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] novice on table design
Addresses should definitely have their own table. Have you considered using Postgres? It allows for table inheritance in much the same way that inheritance works in OOP. You could have a parent table (like a parent class) for People, and child tables (just like child classes) for Employee, non-Customer, and Customer. This is the preferred approach, but few other RDMBS solutions support this (or much SQL 99 at all). If you're not using Postgres, another way to do this would be to create a many-to-many relationship between your People tables, so that an address ID is related to a person ID. Visio balks at using a non-unique foreign key because this is bad design. A key must be unique by nature, and indexing is much faster the column is guaranteed to have unique values. If you go with your original approach, make a combined key on both the type and foreign key fields. Hope this helps, Jeremy Tony Yau wrote: Hi Tony, Miguel yes that was my intention at first, but to absorb all three, Shop, Employee, and Customer (and there may be 2 more to come) into an Address table would be inefficient both in storage space and search time,..no? having this compound keys at a separate Address table is essentially the same idea, but I know it doesn't 'feel' right, for a start in Visio I can't put a link to the Address table (because fkey can't be a foreign key to both Shop and Employee)!!! Apart from that, the tables are efficient, searching would be much quicker for non-address info. Tony Tony S. Wu [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] actually, no, Shop, Employee, and Customer are not distinct. in your instance they are the same type of entry. don't distinguish them by tables, rather use a column to hold some sort of an ID for each type. of course you'll end up with a table with many columns, and many of them will be null depending on which type an entry is. but with this approach, you can easily associate with an address table. Tony S. Wu [EMAIL PROTECTED] On May 14, 2005, at 4:49 AM, tony yau wrote: Hi Miguel, Thanks for the reply. the non-customer is actually a Shop, so Employee, Customer and Shop are distinct enough to have their own tables. Now they all have an Address, and the problem is how do I allow multiple addresses for each these 'people' (without using a lookup table) tony. Miguel Guirao [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] The schema of your table is wrong, is you do bnormalize it you will find out that you need two tables for this approach. One table for your people and another one for the n addresses of your people. If you keep your current schema, you will have as many rows for one person as many addresses for that person you have, and you will be duplicating many fields. So you must split your tables, one for your people and another for your people's addresses. -Original Message- From: tony yau [mailto:[EMAIL PROTECTED] Sent: Viernes, 13 de Mayo de 2005 09:27 a.m. To: php-db@lists.php.net Subject: [PHP-DB] novice on table design Hi all, I have the following tables EmployeeCustomernon-Customer Address ======= pkey pkeypkey pkey number type type ... payrate grantcapital I need to allow the three types of people to have n addresses, so I've added a type to distinguish the 3 types of people and their respective pkey onto address table. Address = pkey ... type(either Employee, Customer or non-Customer etc) fkey(the pkey of Employee, Customer or non-Customer etc) I know this design looks awkward but it does have the advantage of having less tables otherwise. BUT somehow it doesn't feel right. Can someone points me its pros and cons. thanks all. Tony Yau -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] sql injection attack, protection from
I'm new to PHP and would like to make certain that I have the basic
protection for the site:
Use double quotes to contain variable
Use mysql_escape_string so that query is considered part of the WHERE
clause.
$result=mysql_query('SELECT * FROM users WHERE
username='.mysql_escape_string($_GET['username']).'');
I'm pulling prices from a database and sending the item ID which has 4
characters (1001, 1002, etc.)
Is the following unnecessary with mysql_escape_string?
if (preg_match(/^\w{4,4}$/, $_GET['username'], $matches))
$result = mysql_query(SELECT * FROM items WHERE
itemID=$matches[0]);
else // we don't bother querying the database
echo itemID not accepted;
Thanks
[PHP-DB] Showing the next entry
Hi All, I have developed a script that allows me to select a students name from the client table and display the call information from the case_note table, but the report only shows the first available case_note for an individual. I want this script to display all entries for the specific client in the case_note table. Can anyone point me in the right direction. Keeping the faith in fatherhood John
[PHP-DB] Emisor de respuesta automática: [PHP-DB] Showing the next entry
We need to see your script or at least the portion where you do the query to the database. In general, you need to concatenate your different case-note for a given student as the while cycle goes thru your fetch statement for such a given student. -- MIGUEL GUIRAO AGUILERA - Mensaje original - De: John R. Sims, Jr. [EMAIL PROTECTED] Fecha: Lunes, Mayo 16, 2005 6:06 pm Asunto: [PHP-DB] Showing the next entry Hi All, I have developed a script that allows me to select a students name from the client table and display the call information from the case_note table, but the report only shows the first available case_note for an individual. I want this script to display all entries for the specific client in the case_note table. Can anyone point me in the right direction. Keeping the faith in fatherhood John -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Select
Hi!! I have this query in PHP: $items2 = mysql_query(SELECT DISTINCT * FROM rev ORDER BY rev, $link); I have three rows with the same data on it, and DISTINCT seems to be not working, since I got all the rows, any ideas of what is going wrong? -- MIGUEL GUIRAO AGUILERA Logistica R8 - Telcel -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
