[PHP-DB] Re: Sessions help needed !!!

2006-02-18 Thread Neil Smith [MVP, Digital media] 

At 22:19 17/02/2006, you wrote:

From: Chris Payne [EMAIL PROTECTED]
To: php-db@lists.php.net
Date: Fri, 17 Feb 2006 17:18:57 -0500
Message-ID: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary==_NextPart_000_000F_01C633E6.3C6626A0
Subject: Sessions help needed !!!

Hi there everyone,

OK this script worked perfectly on my own apache webserver and I had to move
it to the main live server, but for some reason it's not passing session
values in the same way and i'm positive it's something damn obvious.

On my server I can use:

echo $credits_system;
echo $credits_left;
echo $foldername;



Does it work if you ask for $_SESSION[credits_system] etc ?

The reason I ask is from the code above, you're using globally scoped 
variables, which would require you to be using either an old version 
of PHP on your test server, or have to manually enabled register_globals.


Register globals is of course a major security risk in that it 
pollutes your variable namespace with whatever the user feels like 
sending to your server in $_GET, $_POST, $_COOKIE etc etc. So your 
code can be easily manipulated into undefined behaviours unless you 
declare and initialise every variable it uses.




To display the information to make sure it is being passed, but it returns
blank on their server (Same versions of everything except I didn't install
it so it may have something turned off in the config - which i don't have


I think you need to look at phpinfo() for that server. Check 
register_globals, it will be 'off'.
Turn it 'off' on your test server so it mirrors the live environment 
and see if your code still works (it probably won't).


The other check to make with the hosting company - I've only seen 
this once or twice on cheap hosting :
See if they're using multiple servers. The session handler by default 
uses files, which are local to an individual server.


If you visit the 'page' again, you may well be being server from 
another web server in a cluster. Of course that server knows nothing 
about the local session files on the server you initially got sent 
the page from, cause they're on another machines' filesystem, thus 
replicating your problem.


The answer in that case is to register your own session handler (such 
as a DB) which resides on a known server.




control over, sigh).  The thing is, the last one - $foldername I MUST have
access to as the database uses this as a reference for searches and without


I don't understand what you mean by that, can you expand some more ?
It's not clear how the database uses 'foldername' - is it 
concatenated as part of a query ?




this working I can't pull the data I need ($foldername is an ID and also
refers to physical folders/directories on the apache webserver for video



If as noted above your host clusters servers, then you're SOL and 
will have to manage a central file repository or call across servers 
with fopen() etc to get at the [distributed] data in the $foldername path.


Cheers - Neil  


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DB] apostrophes everywhere

2006-02-18 Thread Andrew Darrow 
Having a weird problem.

Here's the call:

DBAddBlog($blog, $today);


And here's the function
/***
 * FUNCTION: DBAddBlog($blog, $today)
 *
 * DESCRIPTION: adds the blog
 *
 * RETURNED: nothing
 **/
function DBAddBlog($blog, $today)
{
mysql_query(UPDATE `table` SET `id` = '3' WHERE `id` =2);
mysql_query(UPDATE `table` SET `id` = '2' WHERE `id` =1);
mysql_query(INSERT INTO `table` ( `id` , `date` , `blog` ) VALUES ('1',
'$today', '$blog'));
mysql_query(DELETE FROM `table` WHERE `id` ='3' );
}



Everything get's run except for the INSERT INTO if there is an apostrophe in
the value $blog. If I replace the apostrophe with #39; it works fine.

On my server I'm running PHP 4.4 and mySQL 4.1.16. I design there and
publish elsewere. On my server everything works fine all the time, but on
the production server I'm running PHP 4.3.11  and MySQL 4.1.12 that's where
i'm having problems with the apostrophe.

~Drew
www.drewpydraws.com

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DB] apostrophe nightmare

2006-02-18 Thread sub 
Having a weird problem.

Here's the call:

DBAddBlog($blog, $today);


And here's the function
/***
 * FUNCTION: DBAddBlog($blog, $today)
 *
 * DESCRIPTION: adds the blog
 *
 * RETURNED: nothing
 **/
function DBAddBlog($blog, $today)
{
mysql_query(UPDATE `table` SET `id` = '3' WHERE `id` =2);
mysql_query(UPDATE `table` SET `id` = '2' WHERE `id` =1);
mysql_query(INSERT INTO `table` ( `id` , `date` , `blog` ) VALUES ('1',
'$today', '$blog'));
mysql_query(DELETE FROM `table` WHERE `id` ='3' );
}



Everything get's run except for the INSERT INTO if there is an apostrophe in
the value $blog. If I replace the apostrophe with #39; it works fine.

On my server I'm running PHP 4.4 and mySQL 4.1.16. I design there and
publish elsewere. On my server everything works fine all the time, but on
the production server I'm running PHP 4.3.11  and MySQL 4.1.12 that's where
i'm having problems with the apostrophe.

~Drew
www.drewpydraws.com

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] apostrophes everywhere

2006-02-18 Thread Stut 

Andrew Darrow wrote:

Everything get's run except for the INSERT INTO if there is an apostrophe in
the value $blog. If I replace the apostrophe with #39; it works fine.

On my server I'm running PHP 4.4 and mySQL 4.1.16. I design there and
publish elsewere. On my server everything works fine all the time, but on
the production server I'm running PHP 4.3.11  and MySQL 4.1.12 that's where
i'm having problems with the apostrophe.


RTFM: http://php.net/mysql_real_escape_string and 
http://php.net/magic_quotes


-Stut

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php