RE: [PHP-DB] Question: Copy and paste text into mysql text column
> I have a textarea field that will allow users to copy > and paste text into , it might be plain text, or it > might come out of word. > I'm wondering what type of validations I should > perform on this field ? > > Any suggestions / ideas ? Hi Stuart, Check out the strip_tags and mysql_escape_string commands. They allow you to filter misc. code that might be imbedded in the data and also prepare the data for insertion into the database (if you're going to store it). Ed Lazor, President http://RPGStore.com Up to 50% off. Over 20,000 items in stock -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Rand()
Hrm. Dunno then. I just manually tested it in MySQL and both approaches worked. Are you able to test directly in MySQL? Might have to go to the mysql list for this. -Ed > -Original Message- > > Yeah, I had tried that earlier but it doesn't work. It does generate > a new value for temp each time but they are still in the same order as > the first one always has a lower temp value > > > On Thu, 7 Oct 2004 06:40:23 -0700, Ed Lazor <[EMAIL PROTECTED]> wrote: > > > > > > select id, fname, lname, RAND() as temp from clients where featured=1 > order > > by temp > > > > > -Original Message- > > > I have the following query: > > > > > > Select id, fname, lname from clients where featured=1 order by RAND() > > > > > > At any time, there should only be three clients where featured =1. > > > Problem is I have run this query several times yet it always returns > > > them in the same order. Not sure it makes a difference but the > > > primary key is on the id column. What am I doing wrong? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Rand()
select id, fname, lname, RAND() as temp from clients where featured=1 order by temp > -Original Message- > I have the following query: > > Select id, fname, lname from clients where featured=1 order by RAND() > > At any time, there should only be three clients where featured =1. > Problem is I have run this query several times yet it always returns > them in the same order. Not sure it makes a difference but the > primary key is on the id column. What am I doing wrong? > > > Thanks! > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Dynamic pull down menus with PHP/Mysql
> -Original Message- > This may be a more javascript related topic, but it's also php/mysql. > Apologies in advance if this is too far off topic. > > I'm trying to pull data from MySQL using PHP to sort the results into a > form with a pull down menu. That works fine; I can do that. > > But I have a second pull down menu whose items need to display based on > the item chosen from the first pull down menu. > > I can do two lists seperately, but I need the second pull down menu to be > a result of the first, and I can't figure a way to do it in PHP without > reloading the page, which I don't really want to do. > > Is this a javascript-dependent function, in that a js will have to make > the call to the database via some sort of scripted php/mysql request? I > really like to avoid javascript if possible, but I'm unsure there's an > alternative. You're describing what I think is called "Dynamic Options". Doing a Google for "javascript dynamic option" or "javascript dynamic select" will pull-up a few examples. Most of these solutions will expect you to load all data into javascript arrays. In other words, you don't have to reload the page, because all of the data is already present. This approach doesn't work well when dealing with large amounts of data. If you're running into this, use javascript's window.opener feature. It allows you to spawn a second window that retrieves data and sends it to the first window. -Ed -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Addslashes / DB Sort
> Use the more specific mysql_escape_string() (or friend) instead. > You're not supposed to use stripslashes() on data coming from the database Kk, thanks Jason =) -Ed -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Addslashes / DB Sort
PHP / MySQL I'm using PHP to retrieve user input and store it in MySQL. PHP's addslashes function is used on data going into the database and PHP's stripslashes function is being used on data coming from the database. This is allowing me to store and retrieve data with no problems, but it's causing problems when trying to sort data. In particular, data with double or single quotes is getting escaped, which changes it's position in the sort. For example, without using addslashes, I can sort by Title and end up with the following results: 'Pizza' For Techies Drinking Beer The OOP Way The World According To Linus But. if I use addslashes and try to sort by Title, I end up with: Drinking Beer The OOP Way The World According To Linus \'Pizza\' For Techies Is there a way to account for this? Thanks, Ed
RE: [PHP-DB] Using PHP to generate SQL statement
> -Original Message- > Seems to me we've just answered a very similar question to this (and I'd > be > surprised it there weren't several relevant threads in the list archives). > Nonetheless: I was so tired last night that I don't even remember if I checked the archives first - my bad. Thanks for helping Mike. And thanks to Manuel and Eduardo. I'll explore these options and go from there. -Ed -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Using PHP to generate SQL statement
I keep looking at the following code and thinking there's gotta be a better
way. I've been in front of the computer all day tho and I'm drawing a
blank. Any ideas?
Thanks,
-Ed
$sql = "select ID from products where ";
if ($webpage->parameter_isset("CategoryID")) {
if ($webpage->parameter_isset("CompanyID")) {
if ($webpage->parameter_isset("SettingID")) {
if
($webpage->parameter_isset("SystemID")) {
$sql .= "CategoryID =
'{$webpage->CategoryID}' AND CompanyID = '{$webpage->CompanyID}' AND
SettingID = '{$webpage->SettingID}' AND SystemID = '{$webpage->SystemID}' ";
} else { // No SystemID
$sql .= "CategoryID =
'{$webpage->CategoryID}' AND CompanyID = '{$webpage->CompanyID}' AND
SettingID = '{$webpage->SettingID}' ";
}
} else { // No SettingID
if
($webpage->parameter_isset("SystemID")) {
$sql .= "CategoryID =
'{$webpage->CategoryID}' AND CompanyID = '{$webpage->CompanyID}' AND
SystemID = '{$webpage->SystemID}' ";
} else { // no SystemID
$sql .= "CategoryID =
'{$webpage->CategoryID}' AND CompanyID = '{$webpage->CompanyID}' ";
}
}
} else { // no CompanyID
if ($webpage->parameter_isset("SettingID")) {
if
($webpage->parameter_isset("SystemID")) {
$sql .= "CategoryID =
'{$webpage->CategoryID}' AND SettingID = '{$webpage->SettingID}' AND
SystemID = '{$webpage->SystemID}' ";
} else { // No SystemID
$sql .= "CategoryID =
'{$webpage->CategoryID}' AND SettingID = '{$webpage->SettingID}' ";
}
} else {
if
($webpage->parameter_isset("SystemID")) {
$sql .= "CategoryID =
'{$webpage->CategoryID}' AND SystemID = '{$webpage->SystemID}' ";
} else { // No System ID
$sql .= "CategoryID =
'{$webpage->CategoryID}' ";
}
}
}
} else { // no CategoryID
if ($webpage->parameter_isset("CompanyID")) {
if ($webpage->parameter_isset("SettingID")) {
if
($webpage->parameter_isset("SystemID")) {
$sql .= "CompanyID =
'{$webpage->CompanyID}' AND SettingID = '{$webpage->SettingID}' AND SystemID
= '{$webpage->SystemID}' ";
} else { // No SystemID
$sql .= "CompanyID =
'{$webpage->CompanyID}' AND SettingID = '{$webpage->SettingID}' ";
}
} else { // No SettingID
if
($webpage->parameter_isset("SystemID")) {
$sql .= "CompanyID =
'{$webpage->CompanyID}' AND SystemID = '{$webpage->SystemID}' ";
} else { // no SystemID
$sql .= "CompanyID =
'{$webpage->CompanyID}' ";
}
}
} else { // no CompanyID
if ($webpage->parameter_isset("SettingID")) {
if
($webpage->parameter_isset("SystemID")) {
$sql .= "SettingID =
'{$webpage->SettingID}' AND SystemID = '{$webpage->SystemID}' ";
} else { // No SystemID
$sql .= "SettingID =
'{$webpage->SettingID}' ";
}
} else {
if
($webpage->parameter_isset("SystemID")) {
$sql .= "SystemID =
'{$webpage->SystemID}' ";
} else { // No System ID
return false; // major
error
}
}
}
}
$sql .= "limit 10";
return $sql;
Re: [PHP-DB] Dates - adding to unix 86400 seconds not equal nextday
Quoting ioannes <[EMAIL PROTECTED]>: > The answer seems to be DATE_ADD but I haven't got it to work yet...asking > the MySQL people. Check your version of MySQL... I think that's a newer function. -Ed This message was sent using IMP, the Internet Messaging Program. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Which Database Abstraction Layer ?
Has any performance testing been done between ADOdb and PEARdb? > -Original Message- > PEARdb does seem to have caught up, but lots of third party applications > are already available that use ADOdb or have moved to it (or are moving) > in later updates. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] SQLite security
> Shared hosting vulnerabilities have nothing to do with SQLite security. > phpMyAdmin seems to be a popular choice for MySQL admin and I reckon > there must be a few people who use it in shared hosting situations. Most of the shared hosting options I've seen lately list phpMyAdmin as one of the benefits of going with their service... -Ed -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] MySQL to EXCEL?
> -Original Message- > > You can use > > > > > and each tr becomes an excel row and each td becomes a cell. This may or > may not work in/before excel97?? > > If you're looking to create true excel files, then i highly suggest > spreadsheetwrite_excel, > It is an excellent codeset, enabling you to use many features of excel > such > as colors, math, formats, etc. > > doing it this way, is little to no different from exporting in csv format, > but it does work > as described. > > HTH > Jeff Wow, that's pretty interesting. I'll play around with it =) -Ed -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] MySQL to EXCEL?
> -Original Message-
> From: Daniel Brunner [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, August 17, 2004 2:45 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [PHP-DB] MySQL to EXCEL?
>
> I don't know how you have it setup.
>
> But you can create a XLS file on the fly using PHP
>
> By using header...
>
> header("Content-Type: application/vnd.ms-excel");
> header("Content-Dispostion: attachemnt; filename='Project.xls'");
> header("Pragma: no-cache");
> header("Expires: 0");
>
>
> Then just echo your results from your query, like normal...
Could you expound on this? What field delimiter are you using?
>
>
> You have just created a XLS from PHP...Which can be saved to a XLS
> Workbook...
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] MySQL to EXCEL?
> -Original Message- > either output the data as a csv which you are doing (on windoze name > the file with a .csv extension) or take a look at > http://pear.php.net/package/Spreadsheet_Excel_Writer I have another option that might work for you also. Go to MySQL's website and grab their ODBC driver and use that to pull data directly into Excel. That's what I do and the end result tends to be a lot cleaner than going through cvs or other MySQL exports. -Ed -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] MAILING LIST QUESTION
> -Original Message- > I don't have smtp server running on my computer. Any suggestions for smtp > server, please. Those settings will depend entirely on your Internet Service Provider. You'll need to call them and ask what you'd use for your outgoing SMTP server for sending email. -Ed -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Re: Basic MySQL Query Question
Is it just me or is this a very bad thing from a security standpoint? It seems to me that user input should always be filtered before use. Otherwise there's nothing stopping a hacker from embedding sql into the value of the name variable. > -Original Message- > Insert into members (name) values ($_POST['name']); -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Limiting persistant connections with IIS
php.ini ; Maximum number of persistent links. -1 means no limit. mysql.max_persistent = -1 > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 11, 2004 8:33 AM > To: [EMAIL PROTECTED] > Subject: [PHP-DB] Limiting persistant connections with IIS > > I'm running a PHP app on windows 2000 / IIS using unified ODBC to > connect to MS-SQL. I would like to connect to the database using > persistant connections but need to limit the total number of > connections to avoid swamping the database. It seems that a new > connection is created for every request made to the webserver at > least for the first few tens of requests - presumably a new php > thread is being created for each request. > > I've tried limiting the maximum connections allowed by IIS for > the website - but this does not appear to affect the number of PHP > threads holding persistant connections to the db. > I have set odbc.max_links in the php.ini file in case it is a bug > in my program opening lots of connections but with maximum connections > for IIS being set to 20 and max_links 4 I still end up with several > hundred database connections after a few hundred page requests. > > If I was implementing this on apache (which I have much more experience > of using) I would use the MaxClients directive to achieve this... > > Does anyone know how to limit the number of persistant database > connections on windows/IIS/PHP? > > cheer Simon > > > -- > ~ > Simon Rees | [EMAIL PROTECTED] | > ORA-03113: end-of-file on communication channel > ~ > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Intellectual property rights
You're asking a legal question and should contact an attorney. > -Original Message- > From: Vincent Jordan [mailto:[EMAIL PROTECTED] > Sent: Monday, August 09, 2004 4:03 PM > To: [EMAIL PROTECTED] > Subject: [PHP-DB] Intellectual property rights > > This is a bit off topic however it may be something people here have or > will have the unpleasant opportunity to deal with. The company I work > for has been having a problem tracking our customers warranty > information and have used paper for items sent in for repair. I on my > own time had created a web based application in php that would make both > issues paperless, and in my own opinion getter overall. Once complete I > informed my supervisor of the application and asked if It could be shown > to the vice president for review, with the condition that this is my > application and I own all source and design of the application. My > supervisor said he would need our IT department to look it over before > it went to the VP. At the request of the IT department head I downloaded > the files and sql dump of the database to the company's server. The next > day I wad in the IT office talking with the director of IT and a 3rd > party company about the functions and design of the application. Because > they are all Microsoft weenies and cant admin a server unless they can > point and click their way to a fix they said php would not be an > acceptable language and mysql is not a proper database to run an > application on. I informed them I could rewrite this in asp.net and > place it on a mssql database. The IT director said they will be having > the 3rd party company just take what I have made, convert it to asp and > build off of it. > > I approached my supervisor about compensation for the work that was done > since they are using my design. I was told "you gave it to IT, there is > nothing I can do about it" I explained that this was given on the > condition that it would be shown to the VP and in hopes that I would > either gain a transfer to IT, be awarded a contract to provide the > solution and maintenance, or maintain my current position with a slight > raise and I will maintain and built onto the application. > > I went up the chain to my supervisors boss and explained to them what > had happened and that since they are using my design and altering it to > another language that I would like to be compensated for my work. I was > told that I did nothing but give them an idea and they were really doing > all the work since what I did was not good enough and their computers > could not understand what I wrote. > > The IT dept refuses to run anything besides Win Servers using IIS. They > will not install PHP ( too many hacker problems they say). > > Did I just screw myself? Do I have any protection of my design? Can I do > anything? > > > Thanks, > > Vinny -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] PHP Max execution time
Check out the ini_set command in PHP. It'll let you set this option from within your specific script. > -Original Message- > I am running a script (called through a browser) that checks entries in a > table one at a time. As the table has grown, the script takes longer to > run > than is allowed - 30 seconds. > > Two questions: > 1) I am on a virtual host so I'm not sure I have access to php.ini, but > can > I change this using .htaccess? Do I need any special permission for this? > > 2) Is there a way to change this just for one script, i.e. I did find the > set_time_limit() function but can I use something like set_time_limit(300) > or does it have to be less than 30? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Re: Hold System
Hold refers to the period of time when a student is waiting to be matched with a host family. - You have three groups: students, coordinators, and host families. - Coordinators match students with host families. - Students go through different stages of processing. The goals are to: - provide each host family with a student - keep each coordinator busy with three students - make sure each student has a coordinator - make sure students don't get stuck indefinitely in any particular stage Basically, this can end up being a fairly involved project... > -Original Message- > Could I get a plain-language explanation of the process of a 'hold'? I'm > not entirely clear what is happening, and what an 'expiry' means in the > context of the hold and what a '#1 position' would represent for a > student. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Security Issues
> so I've been doing a little thinking about web server security.. > > #1. Since all files on the web are 644, what is to stop someone on the > same server from copying your files to their own directory? > (specifically your database connection info) > #2. if a folder if 777, what's to stop someone from writing to that > folder? Virtual Servers http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci213304,00.html People can only see their own directories and files. PHP Safe Mode http://us2.php.net/features.safe-mode Check the section titled Safe Mode in the php.ini file. It has settings that help lock things down. Apache open_basedir Also detailed in the PHP Safe Mode documentation. There are a few other things that can be done to limit the scope of access, but all of it really depends on how the server is setup. I've seen many situations where hosting providers set accounts up with basic Virtual Hosting without doing any sort of lock down. If you're not careful and chose one of those providers, then you're definitely open to the sort of security breach that you've described. -Ed -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Re: addslashes replacement?
Thanks everyone. I ended up using a combination of the htmlspecialchars and the stripslashes commands. The htmlspecialchars function has an example about halfway down that I ended up using. Thanks =) > -Original Message- > Take a look at the php website on the function addslashes. > You will find an example with the functions reslash and reslash. > You might have some problems regarding magic_quotes. > Ive been using the reslash and deslash for some time now without > any problems. > > It might solve your problems. > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] addslashes replacement?
I'm using php addslashes to store data into MySQL and php stripslashes when pulling it back out, but I'm running into trouble when people enter HTML code. Do you have any recommendations? Here's an example of what I'm talking about: "> An error occurs if the entry has a value of: this is a test. Are we having FUN yet? Any ideas or recommendations? Thanks, -Ed -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
