Re: [PHP-DB] session management
Here I have a blog I setup but have not finished regarding web application authentication which includes source code and classes you can utilize. Unfortunately I have not been able to finish writing the article due to three jobs and school work. I can however assist you in getting it up and running via this message board. http://wtf-jas.blogspot.com/2010/04/web-application-authentication.html Richard Quadling wrote: On 22 April 2010 18:56, Vinay Kannan viny...@gmail.com wrote: Hey Guys, I need some help on an effficient session management, right now what I do is check if the user has loggedin using his username, and create a SESSION['logged']=1, setting a login flag actually, I am not sure if this is the best way ? What do you guys use for sessions, and which is the best possible way ? Thanks, Vinay https://code.google.com/p/loginsystem-rd/ This was developed as an easy drop-in secure login facility. It may give you some mileage. -- Jas -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] session management
How secure would you want it? Is this is a public facing web application? Are you in a shared hosting environment vs. a dedicated hosting environment? Do you require alternative session management such as database or mcache vs. flat file session support? Have you thought about cross site request forgery's? session hijacking etc? There are tons of things to take into consideration but setting a flag per user session is indeed one method of ensuring a user has authenticated. Vinay Kannan wrote: Hey Guys, I need some help on an effficient session management, right now what I do is check if the user has loggedin using his username, and create a SESSION['logged']=1, setting a login flag actually, I am not sure if this is the best way ? What do you guys use for sessions, and which is the best possible way ? Thanks, Vinay -- Jas -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] php, session_set_save_handler disappearing session vars
( $query, $this-dbconn ), $this-dbconn ) . br; if( ( is_resource( $result ) ) ( $handles['db']-dbNumRowsAffected( $this-dbconn ) 0 ) ) { $fields = $handles['db']-dbArrayResultsAssoc( $result ); return stripslashes( $fields[session_data] ); } return ; } public function destroy( $id ) { echo DESTROY CALLEDBR; global $handles; global $defined; $this-dbconn = $handles['db']-dbConnect( $defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname'] ); $query = DELETE FROM `admin_sessions` WHERE `session_id` = \ . $id . \ LIMIT 1; $result = $handles['db']-dbQuery($handles['val']-ValidateSQL($query, $this-dbconn), $this-dbconn); if( ( is_resource( $result ) ) ( $handles['db']-dbNumRowsAffected( $this-dbconn ) !== -1 ) ) { return true; } return false; } public function gc( $max_time ) { echo GC CALLEDBR; global $handles; $this-dbconn = $handles['db']-dbConnect( $defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname'] ); $query = DELETE FROM `admin_sessions` WHERE `session_expire` \ . time() - $this-max_time . \; $result = $handles['db']-dbQuery($handles['val']-ValidateSQL($query, $this-dbconn), $this-dbconn); if( ( is_resource( $result ) ) ( $handles['db']-dbNumRowsAffected( $this-dbconn ) !== -1 ) ) { return true; } return false; } } And of course the usage: require 'class.dbsessions.php'; if( empty( $_SESSION['token'] ) ) { $handles['session'] = new dbSession( $defined['timeout'] ); } Then once the user has passed a valid authentication mechanism the users session token is set with: $handles['session']-register( 'token', $token ); -- Jason Gerfen Systems Administration/Web application development jason.ger...@scl.utah.edu Marriott Library Lab Systems PC 295 South 1500 East Salt Lake City, Utah 84112-0806 Ext 5-9810 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Storing Images #2
If its outside the html root you would need to create a symlink pointing to the appropriate folder % ln -s /path/to/hidden /path/to/public *however this is very insecure Then if your wise you could create a simple image serving script to prevent direct navigation by checking the referring page request vs. an array of allowed script names, the folder and filename being requested etc. Kind of like an intermediary to ensure your (*assumed world readable and writable) images directory is somewhat unusable except by your scripts. If you did it in this manner you could simply call the image as you would regularly.. img src=image/image.jpg Of course this is all theoretical as I have never done this before but if you also block your upload script (*an assumption based on the question) you could limit it using apache hosts_allow and hosts_deny directives. Or you could use your upload script to copy the files to the server, then once the application publishes the site you could use it to copy the image files from the writable directory (above the web root) into the public images directory. The best method would require the following: 1. a sub domain with limited access using apaches hosts_allow and hosts_deny directives 2. a world read/writable folder located outside of the web root 3. script prevention by checking referring scripts as well as perhaps an internal allowed ip range directive 4. a command line, crontab entry to move image files from the world read/writable folder into the public/images folder You should look into linux folder and file permissions vs. the user and group that is running as your web server. Just a few suggestions. Keep in mind that the only real way to keep your stuff secure is to cut the cord. elk dolk wrote: On 3 February 2010 16:07, wrote: I currently have all my images referenced by url in my database and stored in a folder/s and I think I will keep it that way... .. If you put the images OUTSIDE of the webroot/docroot/public_html folder (whatever you have), then a user cannot directly navigate to the file. e.g. /home/sites/your_site/public_html/images/image1.jpg http://www.yoursite.com/images/image1.jpg would probably work. But ... /home/sites/your_site/public_html/getImage.php /home/sites/your_site/hidden_images/image1.jpg Now, there is no way I can load image1.jpg from my browser. I have to use getImage.php, which I assume would require me to login or authenticate myself in some way. -- I have my photos in /public_html/img/gid directory and with this path: img src='http://www.mydomain.com/img/{$gid}/{$photoFileName}' in getImage.php the server displays the photos. Now if I put my photos outside of the public_html like this: /hidden_images/img/gid what would be the correct path to the photos in the getImage.php script? -- Jas -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] PHP Update query
$query = UPDATE `clients` SET `company` = '$company', `contact` = '$contact', `phone` = '$phone', `city` = '$city' WHERE `clients`.`reference` =$client LIMIT 1; $client_result=mysql_query($query); // now check for errors mysql_error() mysql_errno() Sudheer Satyanarayana wrote: On Tuesday 03 November 2009 11:29 AM, Ron Piggott wrote: How do I test if an UPDATE query worked $query = UPDATE `clients` SET `company` = '$company', `contact` = '$contact', `phone` = '$phone', `city` = '$city' WHERE `clients`.`reference` =$client LIMIT 1; $client_result=mysql_query($query); ??? Ron From the manual page: For other type of SQL statements, INSERT, UPDATE, DELETE, DROP, etc, *mysql_query()* returns *TRUE* on success or *FALSE* on error. If $client_result == true you know the query was successful. -- Jason Gerfen Systems Administration/Web application development jason.ger...@scl.utah.edu Marriott Library Lab Systems PC 295 South 1500 East Salt Lake City, Utah 84112-0806 Ext 5-9810 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] DATETIME
Go look at dev.mysql.com and search for DATETIME. There are plenty of examples of how to do comparison searching using the UNIX datestamps. Dan Shirah wrote: Hi All, I have a DB that is storing the date/time an event happens in DATETIME format, i.e. 1254252889, which translates to Tue, 29 Sep 2009 19:34:49 UTC I am trying to write a query in PHP that will look for any row that falls within a range of dates, i.e. between Sep 1 and Oct 1, but there doesn't seem to be a way to search, since you would never be able to specify a match between what date range you put in, and the time stamps?? I created a form that allows them to select a date, but even converting a date string to a timestamp, you'll never be able to get a match in the db...? Any thoughts appreciated, Edward I'm not sure I'm following you. 1) What database are you using? MSSQL/Informix/MySQL? 2) The data type for your event date/time column is just DATETIME? Or is it DATETIME YEAR TO FRACTION or anything like that? 3) Wouldn't your query be written in SQL and just executed from PHP? If you are using DATETIME YEAR TO FRACTION your query should look something like: SELECT * FROM my_table WHERE event_date BETWEEN ('2009-09-01 00:00:00.000' AND '2009-10-01 23:59:59.999') -- Jason Gerfen Systems Administration/Web application development jason.ger...@scl.utah.edu Marriott Library Lab Systems PC 295 South 1500 East Salt Lake City, Utah 84112-0806 Ext 5-9810 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] DATETIME
Sorry I should have included a simple example: SELECT (`field_01`, `field_02`) FROM `table` WHERE DATETIME('2009-09-01 00:00:00.000') DATETIME('2009-10-01 23:59:59.999'); Dan Shirah wrote: Hi All, I have a DB that is storing the date/time an event happens in DATETIME format, i.e. 1254252889, which translates to Tue, 29 Sep 2009 19:34:49 UTC I am trying to write a query in PHP that will look for any row that falls within a range of dates, i.e. between Sep 1 and Oct 1, but there doesn't seem to be a way to search, since you would never be able to specify a match between what date range you put in, and the time stamps?? I created a form that allows them to select a date, but even converting a date string to a timestamp, you'll never be able to get a match in the db...? Any thoughts appreciated, Edward I'm not sure I'm following you. 1) What database are you using? MSSQL/Informix/MySQL? 2) The data type for your event date/time column is just DATETIME? Or is it DATETIME YEAR TO FRACTION or anything like that? 3) Wouldn't your query be written in SQL and just executed from PHP? If you are using DATETIME YEAR TO FRACTION your query should look something like: SELECT * FROM my_table WHERE event_date BETWEEN ('2009-09-01 00:00:00.000' AND '2009-10-01 23:59:59.999') -- Jason Gerfen Systems Administration/Web application development jason.ger...@scl.utah.edu Marriott Library Lab Systems PC 295 South 1500 East Salt Lake City, Utah 84112-0806 Ext 5-9810 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Need help with the code
nagendra prasad wrote: Hi All, I need some help with the below code. I have this login code with me and its working fine with my *localhost 'WAMP' *server. But when I tried to run the same script on my web host server its not working. Every time its giving me the same message *please enter a username and a password* which is a condition within the script. ?php session_start(); echo var_dump(print_r($_POST)); Are the $_POST['username'] and $_POST['password'] variables present? You didn't post any html form information so I think you could start there. $username = $_POST['username']; $password = $_POST['password']; if ($username$password) { $connect = mysql_connect(localhost, tutor_root, admin) or die(couldn't connect); mysql_select_db(tutor_register) or die(couldn't find db); $query = mysql_query(SELECT * FROM register WHERE username ='$username'); $numrows = mysql_num_rows($query); if ($numrows!=1) { //code to login while ($row =mysql_fetch_assoc($query)) { $dbusername = $row['username']; $dbpassword= $row['password']; } //check to see if they match if ($username==$dbusername$password==$dbpassword) { echo you are in a href='member.php'click/a here to enter the members page; $_SESSION['username']=$username; } else echo incorrect password; } else die(That user dosen't exist); } else die(pelase enter a username and a password); ? -- Jason Gerfen Systems Administration/Web application development jason.ger...@scl.utah.edu Marriott Library Lab Systems PC 295 South 1500 East Salt Lake City, Utah 84112-0806 Ext 5-9810 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Need help with the code
nagendra prasad wrote: OK so here is the form for the below code: html form action='mem_login.php' method='POST' Username: input type='text' name='username'br Password: input type='password' name='password'br input type='submit' value='Log in' /form /html Did you try looking at the $_POST array data? echo var_dump(print_r($_POST)); -- Jason Gerfen Systems Administration/Web application development jason.ger...@scl.utah.edu Marriott Library Lab Systems PC 295 South 1500 East Salt Lake City, Utah 84112-0806 Ext 5-9810 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Need help with the code
Add this to your script and just copy and paste it back. Seriously, you are not going to get any help if you don't show anyone the output of your problem. echo pre; var_dump(print_r($_GET)); var_dump(print_r($_POST)); echo /pre; If you are not getting anything in the post try changing the method of your html form to 'get' vs. 'post' *IE: form method=get action=mem_login.php And copy and paste the results so we can see where the problem is. If you are feeling weird about an authentication script contents then filter the data but don't just leave out parts of the output. nagendra prasad wrote: Yes I did but still its not working on my web server however its working fine with my WAMP server locally. On Fri, Oct 2, 2009 at 9:17 PM, Jason Gerfen jason.ger...@scl.utah.edu mailto:jason.ger...@scl.utah.edu wrote: nagendra prasad wrote: OK so here is the form for the below code: html form action='mem_login.php' method='POST' Username: input type='text' name='username'br Password: input type='password' name='password'br input type='submit' value='Log in' /form /html Did you try looking at the $_POST array data? echo var_dump(print_r($_POST)); -- Jason Gerfen Systems Administration/Web application development jason.ger...@scl.utah.edu mailto:jason.ger...@scl.utah.edu Marriott Library Lab Systems PC 295 South 1500 East Salt Lake City, Utah 84112-0806 Ext 5-9810 -- Guru Prasad Ubuntu Voice GTK+ Forum -- Jason Gerfen Systems Administration/Web application development jason.ger...@scl.utah.edu Marriott Library Lab Systems PC 295 South 1500 East Salt Lake City, Utah 84112-0806 Ext 5-9810 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Need help with the code
Maybe you should google for information regarding the php.ini and error reporting. nagendra prasad wrote: Yes I did but still its not working on my web server however its working fine with my WAMP server locally. On Fri, Oct 2, 2009 at 9:17 PM, Jason Gerfen jason.ger...@scl.utah.eduwrote: nagendra prasad wrote: OK so here is the form for the below code: html form action='mem_login.php' method='POST' Username: input type='text' name='username'br Password: input type='password' name='password'br input type='submit' value='Log in' /form /html Did you try looking at the $_POST array data? echo var_dump(print_r($_POST)); -- Jason Gerfen Systems Administration/Web application development jason.ger...@scl.utah.edu Marriott Library Lab Systems PC 295 South 1500 East Salt Lake City, Utah 84112-0806 Ext 5-9810 -- Jason Gerfen Systems Administration/Web application development jason.ger...@scl.utah.edu Marriott Library Lab Systems PC 295 South 1500 East Salt Lake City, Utah 84112-0806 Ext 5-9810 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysqli error
Kevin Castiglia wrote: Whenever I run the following code, I get the error: Commands out of sync; you can't run this command now as I try to execute my prepared Update statement. ?php $fpiDataAddr = fopen('outputAddr.txt','r') or die(can not open In File ); //Connect to mySQL server $mysqli = new mysqli('localhost', 'user', 'pswd', 'db'); Google... http://dev.mysql.com/doc/refman/5.0/en/commands-out-of-sync.html if ($mysqli-connect_error) { die('Could not connect: '.$mysqli-connect_error); } else{ echo Connected successfully\n; } $seqno = 0; $k = 'Kev'; $sql1 = 'SELECT UNIQUE_NUM, AM_CITY FROM db.kb_addr WHERE UNIQUE_NUM = ?'; $sth1 = $mysqli-prepare($sql1); $sql2 = 'UPDATE db.kb_addr SET AM_CITY = ? WHERE UNIQUE_NUM = ?'; $sth2 = $mysqli-prepare($sql2); while($inrec = fgetcsv($fpiDataAddr,0,',','')){ if($seqno == 0){ $x= count($inrec); $arrFields = array(); for ($y = 0; $y $x; $y++) { $arrFields[$inrec[$y]] = $y; //creates associative array that associates fields with the index in $inrec } echo Array of Field Names From Header Record in Input data is \n; print_r($arrFields); $seqno++; continue;} $key = 0+$inrec[$arrFields['Unique #']]; //Select Statement $sth1-bind_param('i',$key); $sth1-execute(); $sth1-bind_result($un,$ac); $sth1-fetch(); //Update Statement $sth2-bind_param('si',$k,$key); echo after bind: .$sth2-error.\nThe object error is: $mysqli-error\n; $sth2-execute(); echo after execute: .$sth2-error.\nThe object error is: $mysqli-error\n; if($seqno 1000) break; $seqno++; } fclose($fpiDataAddr) or die(can not close file); //disconnect $sth1-close(); $sth2-close(); $mysqli-close(); ? However, if I close $sth1 (the select statement) before executing $sth2 (the update statement), it works, but since I just closed $sth1, I have to prepare it again. This is pretty inefficient considering the large data set that I'm working with and the fact that I have to prepare and close my select statement every single time I loop through. Is there any way that I can run these statements error-free without having to close the select statement ($sth1) every single time I want to execute my update statement ($sth2)? Thanks, Kevin -- Jas Tomorrow isn't promised so we live for today -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysqli error
Jason Gerfen wrote: Kevin Castiglia wrote: Whenever I run the following code, I get the error: Commands out of sync; you can't run this command now as I try to execute my prepared Update statement. ?php $fpiDataAddr = fopen('outputAddr.txt','r') or die(can not open In File ); //Connect to mySQL server $mysqli = new mysqli('localhost', 'user', 'pswd', 'db'); Google... http://dev.mysql.com/doc/refman/5.0/en/commands-out-of-sync.html if ($mysqli-connect_error) { die('Could not connect: '.$mysqli-connect_error); } else{ echo Connected successfully\n; } $seqno = 0; $k = 'Kev'; $sql1 = 'SELECT UNIQUE_NUM, AM_CITY FROM db.kb_addr WHERE UNIQUE_NUM = ?'; $sth1 = $mysqli-prepare($sql1); $sql2 = 'UPDATE db.kb_addr SET AM_CITY = ? WHERE UNIQUE_NUM = ?'; $sth2 = $mysqli-prepare($sql2); while($inrec = fgetcsv($fpiDataAddr,0,',','')){ if($seqno == 0){ $x= count($inrec); $arrFields = array(); for ($y = 0; $y $x; $y++) { $arrFields[$inrec[$y]] = $y; //creates associative array that associates fields with the index in $inrec } echo Array of Field Names From Header Record in Input data is \n; print_r($arrFields); $seqno++; continue;} $key = 0+$inrec[$arrFields['Unique #']]; //Select Statement $sth1-bind_param('i',$key); $sth1-execute(); $sth1-bind_result($un,$ac); $sth1-fetch(); //Update Statement $sth2-bind_param('si',$k,$key); echo after bind: .$sth2-error.\nThe object error is: $mysqli-error\n; $sth2-execute(); echo after execute: .$sth2-error.\nThe object error is: $mysqli-error\n; if($seqno 1000) break; $seqno++; } fclose($fpiDataAddr) or die(can not close file); //disconnect $sth1-close(); $sth2-close(); $mysqli-close(); ? However, if I close $sth1 (the select statement) before executing $sth2 (the update statement), it works, but since I just closed $sth1, I have to prepare it again. This is pretty inefficient considering the large data set that I'm working with and the fact that I have to prepare and close my select statement every single time I loop through. Is there any way that I can run these statements error-free without having to close the select statement ($sth1) every single time I want to execute my update statement ($sth2)? I am unaccustomed to utilizing the mysqli functionality but the older mysql functions allow you to do something within your loops without the need to close then prepare a new connection/query each time. mysql_pconnect() mysql_select_db() for( $x $y ) { mysql_query() mysql_fetch_array() mysql_free_result() } mysql_close() These functions may be more appropriate for your datasets Thanks, Kevin -- Jas Tomorrow isn't promised so we live for today -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] multiple finder
Emiliano Boragina wrote: Hi, I must do e finder for properties... I know do a simple search but not a search like this with more one possibility, with all or some fields full... How do it? Thanks a lot Example database table to search: TableName Field001 Field002 Field003 Example SQL to search fields with some or all of the fields matching: SELECT * FROM `TableName` WHERE `Field001` LIKE 'string' OR `Field002` LIKE 'string' OR `Field003`; For future reference the PHP website as well as the MySQL website have examples for any type of functionality you wish to locate. I would suggest researching a the 'select' command from the MySQL website: http://dev.mysql.com/doc/refman/5.0/en/select.html -- +_ Emiliano Boragina // DiseƱo y ComunicaciĆ³n / +_ emiliano.borag...@gmail.com 15 40 58 60 02 // +_ -- Jas Tomorrow isn't promised so we live for today -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] postgres - pg_query works; pg_query_params doesn't
Carol Walter wrote: Hello, I have a php 5 and PostgreSQL 8.3.6. I wrote the original program using pg_query. Now, I need to replace pg_query with pg_query_params. I'm having trouble doing so. In this code pg_query works but pg_query_params doesn't work. The code snippet is as follows: if ($submit_info2 == Submit) { include connect_km_tezt.php; // Connect to database if ($get_name == Submit) { /* Query using pg_query */ /* $query2 = SELECT \fName\,\mName\,\lName\ FROM \tblPeople\ WHERE \peopleId\ = '$choose_name'; $result2 = pg_query($query2) or die(Can't execute query); */ / Query using pg_query_params ***/ $query2 = pg_query_params('SELECT fName,mName,lName FROM tblPeople WHERE peopleId = $1', array($choose_name)); /* Process query result */ $rows2 = pg_num_rows($result2); echo $rows2 . rows returned. br /; while ($row2 = pg_fetch_array($result2)) { $f_name_new = $row2['fName']; $m_name_new = $row2['mName']; $l_name_new = $row2['lName']; echo $fName $mName $lName br /; } while (list($fName, $mName, $lName) = pg_fetch_row($result2)) { echo $fName $mName $lName br /; } } if ($Info2 != None) { echo h2You're entering a . $Info2 . for nbsp; $f_name_new nbsp; $m_name_new nbsp; $l_name_new /h2 ; } The error message I get is as follows: Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, r...@slis.indiana.edu and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. Question #1. Do you see why this isn't working. Question #2. Is there some way I can see the query that is being passed to the PostgreSQL server. Question #3. Can I put an or die clause on pg_query_params. I'm not sure how to debug this code. Thanks, Carol pg_error() will tell you why. more then likely you should test the valid resource coming from the pg_connect function. -- Jas Tomorrow isn't promised so we live for today -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] numeric string to single digit array
Evert Lammerts wrote: This is my code. The only error is at line 15 as I stated above. 1 ?PHP 2 DEFINE (host,localhost); 3 DEFINE (user,root); 4 DEFINE (password,password); 5 DEFINE (database,questions); 6 7 $connection=mysql_connect(host,user,password) or die ('Could not connect' .mysql_error() ); 8 9 $dbConnect=mysql_select_db('questions',$connection); 10 if (!$dbConnect) {die ('Could not connect to database' . mysql_error() );} 11 12 $query =Select answer from answers where studentID ='A123456789'; 13 $result = mysql_query($query,$connection); 14 $count=0; 15 while($row = mysql_fetch_assoc($result)); remove the semi-colon at the end of line 15 16 { 17 $count++; 18 } 19 echo $count; 20 ? Turn line 13 into $result = mysql_query($query) or die(mysql_error()); , so leave out the connection parameter and append the die() function, and see what error that produces. -- Jason Gerfen I practice my religion while stepping on your toes... ~The Ditty Bops -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] md5() function
Steven Cruz wrote: Hello; I maybe wrong, but I believe it is one way. What you need to do is take your input and encrypt it and check if matches your current encrypted value. :) peace and hugs. Miguel Guirao wrote: Hi!! I'm using the md5() function to encrypt a password and store it into a database. Now I want to retrieve that MD5 password and convert it into it's human readable condition. Is there a function opposite to md5()?? Best Regards, M Guirao If you want to do a comparison on the md5() hash you just created you could always run your SQL query like: SELECT * FROM `table` WHERE `password` = md5( $password ) LIMIT 1; That will return a true or false value based on the md5() hash of the $password var. But you cannot reverse the md5 hash to obtain the original value unless you perform a crack on it using software available software. I think what you are looking for is the base64_encode() and base64_decode() functions which will perform a simple encoding of data. -- Jason Gerfen I practice my religion while stepping on your toes... ~The Ditty Bops -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Credit Card Encryption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I got messaged off list which I don't appreciate. But, yes PHP5 only or you could replace the lines for PHP4 and on: $keys[] = mhash( MHASH_SHA1, sha1( $array[$x] ) ); With: if( !function_exists( mhash ) ) { $keys[] = sha1( sha1( $array[$x] ) ); } elseif( !function_exists( sha1 ) ) { $keys[] = md5( md5( $array[$x] ) ); } else { $keys[] = mhash( MHASH_SHA1, sha1( $array[$x] ) ); } That will look to see if the 'mhash()', 'sha1()' functions exist and use them accordingly. HTH. Jason Gerfen wrote: Jason Gerfen wrote: Daniel Brown wrote: On Dec 19, 2007 2:41 AM, Keith Spiller [EMAIL PROTECTED] wrote: Ok I've done some research and some thinking. What about storing orders in the database (product info and customer info) and then using GnuPG or PGP to send the credit card info to the merchant? This way the credit card information is not stored on the server or in the database but only in printed format by the merchant. Since my client processes all of the credit card orders by hand this seems like an ideal solution. I had a client that did offline (manual) processing of credit card orders as well. With liability issues and the problems that others have already pointed out, storing the credit card information was not an option, yet my client still needed some way of having the data available offline. Consider the following: ISSUERLENGTH Diner's Club/Carte Blanche 14 American Express 15 VISA 13 or 16 MasterCard16 Discover 16 Security checks aside (like making sure they selected the type of card and that it matched the algorithm - VISA beginning with 4 and being strlen($_POST['cardnum']) == 13 or 16, MasterCard being 16, beginning with 51xx to 55xx, et cetera), I then had a hybrid of storage and delivery. Mail the first ? rand(4,6); ? digits to the sales email address(es) on file. Three addresses on two domains were used for redundancy in this case. Store the remaining digits in the database. You could write your own encryption algorithm or use one that is publicly-available and reversible (Blowfish is what I was using, at 128, key length of 56 lower ASCII characters, padded with 7 on the key and four on the output - MD5, SHA1, et al are NOT options here). The sales department then received the first digits of the credit card number via email, which stated it was an order key. Again, in my Using the order number as the key is bad practice. Here is a random key generator that you could use for your public/private keys and still use the blowfish cipher as your method of encrypting: ?PHP function ReadFolder( $folder ) { if( ( empty( $folder ) ) || ( !is_dir( $folder ) ) ) { $rand_image = GenerateError( Couldn't open directory ); } else { $rand_image = array(); if( $handle = opendir( $folder ) ) { while( false !== ( $file = readdir( $handle ) ) ) { if( $file != . $file != .. $file != index.html !is_dir( $file ) ) { $rand_image[] = $file; } } closedir( $handle ); } } return $rand_image; } function MakeSuperRandom() { return srand( ( double ) microtime( time() ) * 10 ); } function PickRandomImages( $array ) { $num1 = count( $array ); $num1 = $num1 - 1; MakeSuperRandom(); $img_num = rand( 3, $num1 ); $image[] = $array[$img_num]; $num2 = count( $array ); $num2 = $num2 - 1; MakeSuperRandom(); $img_num = rand( 3, $num2 ); $image[] = $array[$img_num]; $num3 = count( $array ); $num3 = $num3 - 1; MakeSuperRandom(); $img_num = rand( 3, $num3 ); $image[] = $array[$img_num]; return $image; } function ChkArray( $array ) { if( ( empty( $array ) ) || ( count( $array ) 3 ) ) { $data = 1; } else { $data = 0; } return $data; } function GeneratePrivKey( $array ) { if( empty( $array ) ) { $data = GenerateError( Missing data for GeneratePrivKey function. ); } else { for( $x = 0; $x count( $array ); $x++ ) { $keys[] = mhash( MHASH_SHA1, sha1( $array[$x] ) ); } for( $y = 0; $y count( $keys ); $y++ ) { if( count( $keys ) == $keys[$y] ) { $data .= $keys[$y]; } else { $data .= $keys[$y] . :; } } } return $data; } function GeneratePubKey( $data ) { return md5( $data ); } function EncData( $data, $key ) { $td = mcrypt_module_open( 'rijndael-256', '', 'ofb', '' ); $iv = mcrypt_create_iv( mcrypt_enc_get_iv_size( $td ), MCRYPT_DEV_RANDOM ); $ks = mcrypt_enc_get_key_size( $td ); @mcrypt_generic_init( $td, $key, $iv ); $encrypted = mcrypt_generic( $td, $data ); echo brbCiphered Text using Random Image Hash as Key:/bpre . $encrypted . /prebr; @mcrypt_generic_deinit( $td ); @mcrypt_generic_init( $td, $key, $iv ); $decrypted = mdecrypt_generic
Re: [PHP-DB] Credit Card Encryption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 What I wrote there will work but I would highly recommend recompiling PHP with the --with-mcrypt --with-mhash switches. The mcrypt libraries can be found on sourceforge. http://libmcrypt.sourceforge.net Jason Gerfen wrote: I got messaged off list which I don't appreciate. But, yes PHP5 only or you could replace the lines for PHP4 and on: $keys[] = mhash( MHASH_SHA1, sha1( $array[$x] ) ); With: if( !function_exists( mhash ) ) { $keys[] = sha1( sha1( $array[$x] ) ); } elseif( !function_exists( sha1 ) ) { $keys[] = md5( md5( $array[$x] ) ); } else { $keys[] = mhash( MHASH_SHA1, sha1( $array[$x] ) ); } That will look to see if the 'mhash()', 'sha1()' functions exist and use them accordingly. HTH. Jason Gerfen wrote: Jason Gerfen wrote: Daniel Brown wrote: On Dec 19, 2007 2:41 AM, Keith Spiller [EMAIL PROTECTED] wrote: Ok I've done some research and some thinking. What about storing orders in the database (product info and customer info) and then using GnuPG or PGP to send the credit card info to the merchant? This way the credit card information is not stored on the server or in the database but only in printed format by the merchant. Since my client processes all of the credit card orders by hand this seems like an ideal solution. I had a client that did offline (manual) processing of credit card orders as well. With liability issues and the problems that others have already pointed out, storing the credit card information was not an option, yet my client still needed some way of having the data available offline. Consider the following: ISSUERLENGTH Diner's Club/Carte Blanche 14 American Express 15 VISA 13 or 16 MasterCard16 Discover 16 Security checks aside (like making sure they selected the type of card and that it matched the algorithm - VISA beginning with 4 and being strlen($_POST['cardnum']) == 13 or 16, MasterCard being 16, beginning with 51xx to 55xx, et cetera), I then had a hybrid of storage and delivery. Mail the first ? rand(4,6); ? digits to the sales email address(es) on file. Three addresses on two domains were used for redundancy in this case. Store the remaining digits in the database. You could write your own encryption algorithm or use one that is publicly-available and reversible (Blowfish is what I was using, at 128, key length of 56 lower ASCII characters, padded with 7 on the key and four on the output - MD5, SHA1, et al are NOT options here). The sales department then received the first digits of the credit card number via email, which stated it was an order key. Again, in my Using the order number as the key is bad practice. Here is a random key generator that you could use for your public/private keys and still use the blowfish cipher as your method of encrypting: ?PHP function ReadFolder( $folder ) { if( ( empty( $folder ) ) || ( !is_dir( $folder ) ) ) { $rand_image = GenerateError( Couldn't open directory ); } else { $rand_image = array(); if( $handle = opendir( $folder ) ) { while( false !== ( $file = readdir( $handle ) ) ) { if( $file != . $file != .. $file != index.html !is_dir( $file ) ) { $rand_image[] = $file; } } closedir( $handle ); } } return $rand_image; } function MakeSuperRandom() { return srand( ( double ) microtime( time() ) * 10 ); } function PickRandomImages( $array ) { $num1 = count( $array ); $num1 = $num1 - 1; MakeSuperRandom(); $img_num = rand( 3, $num1 ); $image[] = $array[$img_num]; $num2 = count( $array ); $num2 = $num2 - 1; MakeSuperRandom(); $img_num = rand( 3, $num2 ); $image[] = $array[$img_num]; $num3 = count( $array ); $num3 = $num3 - 1; MakeSuperRandom(); $img_num = rand( 3, $num3 ); $image[] = $array[$img_num]; return $image; } function ChkArray( $array ) { if( ( empty( $array ) ) || ( count( $array ) 3 ) ) { $data = 1; } else { $data = 0; } return $data; } function GeneratePrivKey( $array ) { if( empty( $array ) ) { $data = GenerateError( Missing data for GeneratePrivKey function. ); } else { for( $x = 0; $x count( $array ); $x++ ) { $keys[] = mhash( MHASH_SHA1, sha1( $array[$x] ) ); } for( $y = 0; $y count( $keys ); $y++ ) { if( count( $keys ) == $keys[$y] ) { $data .= $keys[$y]; } else { $data .= $keys[$y] . :; } } } return $data; } function GeneratePubKey( $data ) { return md5( $data ); } function EncData( $data, $key ) { $td = mcrypt_module_open( 'rijndael-256', '', 'ofb', '' ); $iv = mcrypt_create_iv( mcrypt_enc_get_iv_size( $td ), MCRYPT_DEV_RANDOM ); $ks = mcrypt_enc_get_key_size( $td ); @mcrypt_generic_init( $td, $key, $iv ); $encrypted
Re: [PHP-DB] Credit Card Encryption
. And on another note why not use a different delivery method altogether such as using java-script to encrypt the data prior to transmission, store the private key inside the local network, use the public key and associate it with the purchase within the database and develop a method of authentication for the users to retrieve the data and then, and only then use the private key to decrypt the data. Just a thought. case, I wrote an algorithm that would encrypt these digits prior to sending, using the actual order number as a key. The accounting software I wrote (all in PHP) would then retrieve the latter half of the credit card number from the database, decrypt the first part of the credit card number from the email (entered by the sales team on an SSL-encrypted page), and the credit card number would be displayed in full on the screen, to print, process, or verify. The downside is that, if there are any problems with email and delivery, the first $n digits of the card might not be received by the sales department. While, to date, I'm not aware of this having been a problem for my client (knock on wood), it's still a possibility. For this reason, you need to be sure to either have the email address confirmed prior to processing the order, or require a valid telephone number, so that you can reach the customer in the event of a failure. To assure the customer that you are calling legitimately, you will still have the last digits of the credit card, as well as the expiration data and CVV number (also stored in the database), the billing address, and the date and time the order was placed. It may not work for you, but that's how I created the system for my client in 2004, and it's still being used today, with almost $8 Million in online sales. [pats self on back] ;-P Now if I could just go back and renegotiate my contract for that gig - -- Jason Gerfen I practice my religion while stepping on your toes... ~The Ditty Bops -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHaUTR5vk8bwKVAaIRAlPOAJoCUbI6rVCvhG6pvuIzWTkbiyLVQgCfdE26 tJf77knhJ3p6q7DHsvZTWQc= =wSva -END PGP SIGNATURE- -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Credit Card Encryption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jason Gerfen wrote: Daniel Brown wrote: On Dec 19, 2007 2:41 AM, Keith Spiller [EMAIL PROTECTED] wrote: Ok I've done some research and some thinking. What about storing orders in the database (product info and customer info) and then using GnuPG or PGP to send the credit card info to the merchant? This way the credit card information is not stored on the server or in the database but only in printed format by the merchant. Since my client processes all of the credit card orders by hand this seems like an ideal solution. I had a client that did offline (manual) processing of credit card orders as well. With liability issues and the problems that others have already pointed out, storing the credit card information was not an option, yet my client still needed some way of having the data available offline. Consider the following: ISSUERLENGTH Diner's Club/Carte Blanche 14 American Express 15 VISA 13 or 16 MasterCard16 Discover 16 Security checks aside (like making sure they selected the type of card and that it matched the algorithm - VISA beginning with 4 and being strlen($_POST['cardnum']) == 13 or 16, MasterCard being 16, beginning with 51xx to 55xx, et cetera), I then had a hybrid of storage and delivery. Mail the first ? rand(4,6); ? digits to the sales email address(es) on file. Three addresses on two domains were used for redundancy in this case. Store the remaining digits in the database. You could write your own encryption algorithm or use one that is publicly-available and reversible (Blowfish is what I was using, at 128, key length of 56 lower ASCII characters, padded with 7 on the key and four on the output - MD5, SHA1, et al are NOT options here). The sales department then received the first digits of the credit card number via email, which stated it was an order key. Again, in my Using the order number as the key is bad practice. Here is a random key generator that you could use for your public/private keys and still use the blowfish cipher as your method of encrypting: ?PHP function ReadFolder( $folder ) { if( ( empty( $folder ) ) || ( !is_dir( $folder ) ) ) { $rand_image = GenerateError( Couldn't open directory ); } else { $rand_image = array(); if( $handle = opendir( $folder ) ) { while( false !== ( $file = readdir( $handle ) ) ) { if( $file != . $file != .. $file != index.html !is_dir( $file ) ) { $rand_image[] = $file; } } closedir( $handle ); } } return $rand_image; } function MakeSuperRandom() { return srand( ( double ) microtime( time() ) * 10 ); } function PickRandomImages( $array ) { $num1 = count( $array ); $num1 = $num1 - 1; MakeSuperRandom(); $img_num = rand( 3, $num1 ); $image[] = $array[$img_num]; $num2 = count( $array ); $num2 = $num2 - 1; MakeSuperRandom(); $img_num = rand( 3, $num2 ); $image[] = $array[$img_num]; $num3 = count( $array ); $num3 = $num3 - 1; MakeSuperRandom(); $img_num = rand( 3, $num3 ); $image[] = $array[$img_num]; return $image; } function ChkArray( $array ) { if( ( empty( $array ) ) || ( count( $array ) 3 ) ) { $data = 1; } else { $data = 0; } return $data; } function GeneratePrivKey( $array ) { if( empty( $array ) ) { $data = GenerateError( Missing data for GeneratePrivKey function. ); } else { for( $x = 0; $x count( $array ); $x++ ) { $keys[] = mhash( MHASH_SHA1, sha1( $array[$x] ) ); } for( $y = 0; $y count( $keys ); $y++ ) { if( count( $keys ) == $keys[$y] ) { $data .= $keys[$y]; } else { $data .= $keys[$y] . :; } } } return $data; } function GeneratePubKey( $data ) { return md5( $data ); } function EncData( $data, $key ) { $td = mcrypt_module_open( 'rijndael-256', '', 'ofb', '' ); $iv = mcrypt_create_iv( mcrypt_enc_get_iv_size( $td ), MCRYPT_DEV_RANDOM ); $ks = mcrypt_enc_get_key_size( $td ); @mcrypt_generic_init( $td, $key, $iv ); $encrypted = mcrypt_generic( $td, $data ); echo brbCiphered Text using Random Image Hash as Key:/bpre . $encrypted . /prebr; @mcrypt_generic_deinit( $td ); @mcrypt_generic_init( $td, $key, $iv ); $decrypted = mdecrypt_generic( $td, $encrypted ); echo brbDe-Ciphered Text using Random Image Hash as Key:/bpre . $decrypted . /pre; @mcrypt_generic_deinit( $td ); @mcrypt_module_close( $td ); } // to use functions $x = ReadFolder( images/ ); $y = PickRandomImages( $x ); $b = GeneratePrivKey( $y ); echo bPrivate Key data:/bpre . $b . /pre; $data = br . GeneratePubKey( $b ); echo bPublic Key data:/bpre; print_r( $data ); echo /pre; echo EncData( $credit_card_data, $b ); ? With that code you will have
Re: [PHP-DB] Sending value to another page...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 VanBuskirk, Patricia wrote: I am trying to send an order number from a confirmation page to another form and insert it into the order number field on the new form. Can anyone tell me what I am doing wrong??!! Here's the portion of my code that has the link (it passes http://www2.otc.fsu.edu/Forms/TEST/cellreg.php?'OrderNumber'=TEST222808) : It should be http://www2.otc.fsu.edu/Forms/TEST/cellreg.php?OrderNumber=TEST222808 Notice the missing single quotes? If you encapsulate a global $_GET var php will not look at anything between '' it will skip that and search for an varname=value or ?varname=value string. Then $_GET['varname'] will contain something. ?php if(isset($_POST['Cellular_Service'])) { echo (table width='100%' border='3' cellpadding='0' cellspacing='0' bordercolor='#99' bgcolor='#CC' tr class='style5' td align='center'bfont size='3'In order to complete your cellular phone request, you are REQUIRED to REGISTER the cell phone(s) with the FSU employees through their FSUID. Please go to the a href=\http://www2.otc.fsu.edu/Forms/TEST/cellreg.php?'OrderNumber'=.$o rder['Order_Number'].\Cell Phone Registration Form/a to complete your order. Thank you! /font/b/td /tr /tablebr); } ? Here's the page it goes to (it puts nothing in the Order Number field): HTML HEAD TITLECell Phone Registration/TITLE LINK href=tsr.css rel=stylesheet type=text/css /HEAD BODY class=style13 TABLE width=500 border=0 cellpadding=5 cellspacing=0 FORM action=thankyou.php method=post name=cellform TR class=style13 TD height=57 colspan=4 align=center valign=topH2IMG src=images/OTC.jpg width=300 height=75/H2 H2Cell Phone Information/H2/TD /TR TR valign=bottom class=style13 TD align=centerINPUT type=text name=OrderNumber value=?php echo (['OrderNumber']); ? size=15 //TD TD align=centerINPUT type=text name=FSUID value= size=20 //TD TD align=centerINPUT type=text name=UserName value= size=25 //TD TD align=centerINPUT type=text name=PhoneNumber value= size=15 //TD /TR TR class=style13 TD align=center valign=topOrder # /TD TD align=center valign=topFSUID/TD TD align=center valign=topUser Name/TD TD align=center valign=topPhone #/TD /TR TR TD colspan=4 align=centernbsp; INPUT type=submit name=new_record value=Add Line /nbsp;nbsp; INPUT type=reset name=clear value=Clear //TD /TR /FORM /TABLE /BODY /HTML - -- Jason Gerfen I practice my religion while stepping on your toes... ~The Ditty Bops -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHTwb+5vk8bwKVAaIRAs6cAJ9fy+tyXH74q2mlwmm5o6Pn1HEBjQCdHMOs Sxf5BdnaJOAmun2XG2LEbW8= =w5lq -END PGP SIGNATURE- -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] array issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Clare Media wrote: Guys really in need of some assistance here. I am reading an xml file and want to loop through the entire file and display the information. Unfortunately I am only showing 1 item. how can I go about showing all news item? I've tried array and loop however I am not versed with any of them. Thanks in advance eg. - item titletitle 1/title descriptionDescription 1/description /item item titletitle 2/title descriptionDescription 2/description /item item titletitle 3/title descriptionDescription 3/description /item - My current code + function getNews() { $file = NEWS_FILE..xml; if(!file_exists($file) || filemtime($file) time() - 43200) { $this-data = @file_get_contents(http://feeds.mydomain.com/dailynews;); $fp = @fopen($file, 'w'); @fwrite($fp, $this-data); @fclose($fd); } else $this-data = @file_get_contents($file); if(strlen($this-data) = 0) return; Count the elements in $this-data = @file_get_contents( $file ); If more then one then loop else use the code below: ex: if( count( $this-data = @file_get_contents( $file ) 1 ) ) { foreach( $this-data as $key = $value ) { // show your titles etc. } } else { // get the location $attr = explode('', $this-tag('item')); $return['title'] = $attr[1]; $return['title'] = substr($return['title'], 6); $return['description'] = $attr[7]; $return['description'] = substr($return['description'], 2); return $return; } function view_news() { $currentNews = newsfeed::getNews(); $NEWS= 'strong'.$currentNews['title'].'/strongbr'.$currentNews['description'] ..'br/'; return $NEWS; } function tag($tag, $skip=0) { $start = -1; for($i = 0; $i = $skip; $i++) $start = strpos($this-data, {$tag}, $start + 1); if($start === false) return false; $start += strlen($tag) + 1; $end = strpos($this-data, /{$tag}, $start); if($end === false) $end = strpos($this-data, '/', $start); return trim(substr($this-data, $start, $end - $start)); } - -- Jason Gerfen I practice my religion while stepping on your toes... ~The Ditty Bops -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHTGMM5vk8bwKVAaIRAhAjAJ9FklveFH1PORVl0HC9nCb+klgcUACeOren RgXSIP0bl/bt9rI6g9a/6Uk= =y9XX -END PGP SIGNATURE- -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Unique fields, grabbing errors
I am having a problem trying to use 3 unique fields in a database table and grabbing the errors that may result, any help is appreciated. $update = @mysql_query( UPDATE hosts SET hostname='$host', mac='$mac', ip='$ip', vlan='$vlan', group='$group' WHERE hostname=\$host\, $db ); $error = @mysql_error( $update ); @preg_match( /\'(.*)\'/, $error, $matches ); $find = @mysql_query( SELECT * FROM hosts WHERE hostname = '$matches[0]' OR mac = '$matches[0]' OR ip = '$matches[0]', $db ); $checks = @mysql_num_rows( $find ); if( ( $checks == 1 ) ( !empty( $error ) ) ) { ... } else { ... } -- Jason Gerfen You will never be ready for me. ~ Me -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] problem with mysql_error()
I am not sure why this is not returning any values but it should be. The database structure CREATE TABLE `hosts` ( `id` int(11) NOT NULL auto_increment, `hostname` varchar(100) NOT NULL default '', `mac` varchar(100) NOT NULL default '', `ip` varchar(100) NOT NULL default '', `vlan` varchar(100) NOT NULL default '', PRIMARY KEY (`id`), UNIQUE KEY `mac` (`mac`), UNIQUE KEY `ip` (`ip`), UNIQUE KEY `hostname` (`hostname`), UNIQUE KEY `id` (`id`) ) TYPE=MyISAM AUTO_INCREMENT=4705 ; And the code: $update = @mysql_query( UPDATE hosts SET hostname=\$host\, mac=\$mac\, ip=\$ip\, vlan=\$vlan\ WHERE id=\$id\, $db )or die( img src=\images/error.jpg\nbsp;nbsp;bError: /bProblem occured while updating host records for $host./bbrError Message: . @mysql_error( $update ) . br . Error Number: . @mysql_errno( $update ) . brEmail Administrator: a href=\mailto:$defined[mail]\;$defined[mail]/a ); Because I have set a couple of the fields to unique I should be recieving an error of 'duplicate entry' but i am getting an empty result for mysql_error(). Any help is appreciated. -- Jason Gerfen Student Computing Labs, University Of Utah [EMAIL PROTECTED] J. Willard Marriott Library 295 S 1500 E, Salt Lake City, UT 84112-0860 801-585-9810 My girlfriend threated to leave me if I went boarding... I will miss her. ~ DIATRIBE aka FBITKK -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] multiple fields all unique?
John W. Holmes wrote: From: Jas [EMAIL PROTECTED] Has anyone every performed such a feat as to check for matching fields before updating? And if so could you show me some code that used to accomplish this. I have written my own but the if - else statements are getting ridiculous. Are the columns actually declared UNIQUE in your database? That's the first step. Then you can just do the update, and if it fails with a specific error, you know you've hit a duplicate. The long way to do it is to just SELECT the data first, then update if there are no matches (assuming MySQL, here, but the concept is the same) $query = SELECT mac, ip FROM table WHERE mac = '{$_POST['mac']}' OR ip = '{$_POST['ip']}'; $result = mysql_query($query) or die(mysql_error()); if($row = mysql_fetch_assoc($result)) { if($_POST['mac'] == $row['mac']) { echo {$row['mac']} is already being used. ; } elseif($_POST['ip'] == $row['ip']) { echo {$row['ip'] is already being used. ; } } else { $query = UPDATE table SET mac = '{$_POST['mac']}', ip = '{$_POST['ip']}' WHERE hostname = '{$_POST['hostname']}'; $result = mysql_query($query) or die(mysql_error)); echo Record updated!; } If you want an example of the first (and better) method, let me know. ---John Holmes... Yeah, I have never used a unique field for the database, and you are right it is a mysql db. Jas -- Jason Gerfen Student Computing Group Marriott Library University of Utah (801) 585-9810 [EMAIL PROTECTED] I'm not a robot like you. I don't like having disks crammed into me... unless they're Oreos, and then only in the mouth. ~Phillip J. Fry -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php