Re: [PHP-DB] session management
Here I have a blog I setup but have not finished regarding web application authentication which includes source code and classes you can utilize. Unfortunately I have not been able to finish writing the article due to three jobs and school work. I can however assist you in getting it up and running via this message board. http://wtf-jas.blogspot.com/2010/04/web-application-authentication.html Richard Quadling wrote: On 22 April 2010 18:56, Vinay Kannan viny...@gmail.com wrote: Hey Guys, I need some help on an effficient session management, right now what I do is check if the user has loggedin using his username, and create a SESSION['logged']=1, setting a login flag actually, I am not sure if this is the best way ? What do you guys use for sessions, and which is the best possible way ? Thanks, Vinay https://code.google.com/p/loginsystem-rd/ This was developed as an easy drop-in secure login facility. It may give you some mileage. -- Jas -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] session management
How secure would you want it? Is this is a public facing web application? Are you in a shared hosting environment vs. a dedicated hosting environment? Do you require alternative session management such as database or mcache vs. flat file session support? Have you thought about cross site request forgery's? session hijacking etc? There are tons of things to take into consideration but setting a flag per user session is indeed one method of ensuring a user has authenticated. Vinay Kannan wrote: Hey Guys, I need some help on an effficient session management, right now what I do is check if the user has loggedin using his username, and create a SESSION['logged']=1, setting a login flag actually, I am not sure if this is the best way ? What do you guys use for sessions, and which is the best possible way ? Thanks, Vinay -- Jas -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] php, session_set_save_handler disappearing session vars
( $query, $this-dbconn ), $this-dbconn ) .
br;
if( ( is_resource( $result ) ) ( $handles['db']-dbNumRowsAffected(
$this-dbconn ) 0 ) ) {
$fields = $handles['db']-dbArrayResultsAssoc( $result );
return stripslashes( $fields[session_data] );
}
return ;
}
public function destroy( $id )
{ echo DESTROY CALLEDBR;
global $handles;
global $defined;
$this-dbconn = $handles['db']-dbConnect( $defined['dbhost'],
$defined['username'], $defined['password'], $defined['dbname'] );
$query = DELETE FROM `admin_sessions` WHERE `session_id` = \ . $id
. \ LIMIT 1;
$result = $handles['db']-dbQuery($handles['val']-ValidateSQL($query,
$this-dbconn), $this-dbconn);
if( ( is_resource( $result ) ) ( $handles['db']-dbNumRowsAffected(
$this-dbconn ) !== -1 ) ) {
return true;
}
return false;
}
public function gc( $max_time )
{ echo GC CALLEDBR;
global $handles;
$this-dbconn = $handles['db']-dbConnect( $defined['dbhost'],
$defined['username'], $defined['password'], $defined['dbname'] );
$query = DELETE FROM `admin_sessions` WHERE `session_expire` \ .
time() - $this-max_time . \;
$result = $handles['db']-dbQuery($handles['val']-ValidateSQL($query,
$this-dbconn), $this-dbconn);
if( ( is_resource( $result ) ) ( $handles['db']-dbNumRowsAffected(
$this-dbconn ) !== -1 ) ) {
return true;
}
return false;
}
}
And of course the usage:
require 'class.dbsessions.php';
if( empty( $_SESSION['token'] ) ) {
$handles['session'] = new dbSession( $defined['timeout'] );
}
Then once the user has passed a valid authentication mechanism the users
session token is set with:
$handles['session']-register( 'token', $token );
--
Jason Gerfen
Systems Administration/Web application development
jason.ger...@scl.utah.edu
Marriott Library
Lab Systems PC
295 South 1500 East
Salt Lake City, Utah 84112-0806
Ext 5-9810
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Storing Images #2
If its outside the html root you would need to create a symlink pointing
to the appropriate folder
% ln -s /path/to/hidden /path/to/public *however this is very insecure
Then if your wise you could create a simple image serving script to
prevent direct navigation by checking the referring page request vs. an
array of allowed script names, the folder and filename being requested
etc. Kind of like an intermediary to ensure your (*assumed world
readable and writable) images directory is somewhat unusable except by
your scripts.
If you did it in this manner you could simply call the image as you
would regularly.. img src=image/image.jpg
Of course this is all theoretical as I have never done this before but
if you also block your upload script (*an assumption based on the
question) you could limit it using apache hosts_allow and hosts_deny
directives.
Or you could use your upload script to copy the files to the server,
then once the application publishes the site you could use it to copy
the image files from the writable directory (above the web root) into
the public images directory.
The best method would require the following:
1. a sub domain with limited access using apaches hosts_allow and
hosts_deny directives
2. a world read/writable folder located outside of the web root
3. script prevention by checking referring scripts as well as perhaps an
internal allowed ip range directive
4. a command line, crontab entry to move image files from the world
read/writable folder into the public/images folder
You should look into linux folder and file permissions vs. the user and
group that is running as your web server. Just a few suggestions. Keep
in mind that the only real way to keep your stuff secure is to cut the cord.
elk dolk wrote:
On 3 February 2010 16:07, wrote:
I currently have all my images referenced by url in my database and stored
in a folder/s and I think I will keep it that way...
..
If you put the images OUTSIDE of the webroot/docroot/public_html
folder (whatever you have), then a user cannot directly navigate to
the file.
e.g.
/home/sites/your_site/public_html/images/image1.jpg
http://www.yoursite.com/images/image1.jpg would probably work.
But ...
/home/sites/your_site/public_html/getImage.php
/home/sites/your_site/hidden_images/image1.jpg
Now, there is no way I can load image1.jpg from my browser. I have to
use getImage.php, which I assume would require me to login or
authenticate myself in some way.
--
I have my photos in /public_html/img/gid directory and with this path:
img src='http://www.mydomain.com/img/{$gid}/{$photoFileName}' in getImage.php
the server displays the photos.
Now if I put my photos outside of the public_html like this:
/hidden_images/img/gid
what would be the correct path to the photos in the getImage.php script?
--
Jas
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] PHP Update query
$query = UPDATE `clients` SET `company` = '$company', `contact` = '$contact', `phone` = '$phone', `city` = '$city' WHERE `clients`.`reference` =$client LIMIT 1; $client_result=mysql_query($query); // now check for errors mysql_error() mysql_errno() Sudheer Satyanarayana wrote: On Tuesday 03 November 2009 11:29 AM, Ron Piggott wrote: How do I test if an UPDATE query worked $query = UPDATE `clients` SET `company` = '$company', `contact` = '$contact', `phone` = '$phone', `city` = '$city' WHERE `clients`.`reference` =$client LIMIT 1; $client_result=mysql_query($query); ??? Ron From the manual page: For other type of SQL statements, INSERT, UPDATE, DELETE, DROP, etc, *mysql_query()* returns *TRUE* on success or *FALSE* on error. If $client_result == true you know the query was successful. -- Jason Gerfen Systems Administration/Web application development jason.ger...@scl.utah.edu Marriott Library Lab Systems PC 295 South 1500 East Salt Lake City, Utah 84112-0806 Ext 5-9810 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] DATETIME
Go look at dev.mysql.com and search for DATETIME. There are plenty of
examples of how to do comparison searching using the UNIX datestamps.
Dan Shirah wrote:
Hi All,
I have a DB that is storing the date/time an event happens in DATETIME
format, i.e. 1254252889, which translates to Tue, 29 Sep 2009 19:34:49 UTC
I am trying to write a query in PHP that will look for any row that falls
within a range of dates, i.e. between Sep 1 and Oct 1, but there doesn't
seem to be a way to search, since you would never be able to specify a match
between what date range you put in, and the time stamps??
I created a form that allows them to select a date, but even converting a
date string to a timestamp, you'll never be able to get a match in the
db...?
Any thoughts appreciated,
Edward
I'm not sure I'm following you.
1) What database are you using? MSSQL/Informix/MySQL?
2) The data type for your event date/time column is just DATETIME? Or is it
DATETIME YEAR TO FRACTION or anything like that?
3) Wouldn't your query be written in SQL and just executed from PHP?
If you are using DATETIME YEAR TO FRACTION your query should look something
like:
SELECT * FROM my_table WHERE event_date BETWEEN ('2009-09-01 00:00:00.000'
AND '2009-10-01 23:59:59.999')
--
Jason Gerfen
Systems Administration/Web application development
jason.ger...@scl.utah.edu
Marriott Library
Lab Systems PC
295 South 1500 East
Salt Lake City, Utah 84112-0806
Ext 5-9810
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] DATETIME
Sorry I should have included a simple example:
SELECT (`field_01`, `field_02`) FROM `table` WHERE DATETIME('2009-09-01
00:00:00.000') DATETIME('2009-10-01 23:59:59.999');
Dan Shirah wrote:
Hi All,
I have a DB that is storing the date/time an event happens in DATETIME
format, i.e. 1254252889, which translates to Tue, 29 Sep 2009 19:34:49 UTC
I am trying to write a query in PHP that will look for any row that falls
within a range of dates, i.e. between Sep 1 and Oct 1, but there doesn't
seem to be a way to search, since you would never be able to specify a match
between what date range you put in, and the time stamps??
I created a form that allows them to select a date, but even converting a
date string to a timestamp, you'll never be able to get a match in the
db...?
Any thoughts appreciated,
Edward
I'm not sure I'm following you.
1) What database are you using? MSSQL/Informix/MySQL?
2) The data type for your event date/time column is just DATETIME? Or is it
DATETIME YEAR TO FRACTION or anything like that?
3) Wouldn't your query be written in SQL and just executed from PHP?
If you are using DATETIME YEAR TO FRACTION your query should look something
like:
SELECT * FROM my_table WHERE event_date BETWEEN ('2009-09-01 00:00:00.000'
AND '2009-10-01 23:59:59.999')
--
Jason Gerfen
Systems Administration/Web application development
jason.ger...@scl.utah.edu
Marriott Library
Lab Systems PC
295 South 1500 East
Salt Lake City, Utah 84112-0806
Ext 5-9810
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Need help with the code
nagendra prasad wrote:
Hi All,
I need some help with the below code. I have this login code with me and its
working fine with my *localhost 'WAMP' *server. But when I tried to run the
same script on my web host server its not working. Every time its giving me
the same message *please enter a username and a password* which is a
condition within the script.
?php
session_start();
echo var_dump(print_r($_POST));
Are the $_POST['username'] and $_POST['password'] variables present? You
didn't post any html form information so I think you could start there.
$username = $_POST['username'];
$password = $_POST['password'];
if ($username$password)
{
$connect = mysql_connect(localhost, tutor_root, admin) or
die(couldn't connect);
mysql_select_db(tutor_register) or die(couldn't find db);
$query = mysql_query(SELECT * FROM register WHERE username ='$username');
$numrows = mysql_num_rows($query);
if ($numrows!=1)
{
//code to login
while ($row =mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword= $row['password'];
}
//check to see if they match
if ($username==$dbusername$password==$dbpassword)
{
echo you are in a href='member.php'click/a here to enter the members
page;
$_SESSION['username']=$username;
}
else
echo incorrect password;
}
else
die(That user dosen't exist);
}
else
die(pelase enter a username and a password);
?
--
Jason Gerfen
Systems Administration/Web application development
jason.ger...@scl.utah.edu
Marriott Library
Lab Systems PC
295 South 1500 East
Salt Lake City, Utah 84112-0806
Ext 5-9810
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Need help with the code
nagendra prasad wrote: OK so here is the form for the below code: html form action='mem_login.php' method='POST' Username: input type='text' name='username'br Password: input type='password' name='password'br input type='submit' value='Log in' /form /html Did you try looking at the $_POST array data? echo var_dump(print_r($_POST)); -- Jason Gerfen Systems Administration/Web application development jason.ger...@scl.utah.edu Marriott Library Lab Systems PC 295 South 1500 East Salt Lake City, Utah 84112-0806 Ext 5-9810 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Need help with the code
Add this to your script and just copy and paste it back. Seriously, you are not going to get any help if you don't show anyone the output of your problem. echo pre; var_dump(print_r($_GET)); var_dump(print_r($_POST)); echo /pre; If you are not getting anything in the post try changing the method of your html form to 'get' vs. 'post' *IE: form method=get action=mem_login.php And copy and paste the results so we can see where the problem is. If you are feeling weird about an authentication script contents then filter the data but don't just leave out parts of the output. nagendra prasad wrote: Yes I did but still its not working on my web server however its working fine with my WAMP server locally. On Fri, Oct 2, 2009 at 9:17 PM, Jason Gerfen jason.ger...@scl.utah.edu mailto:jason.ger...@scl.utah.edu wrote: nagendra prasad wrote: OK so here is the form for the below code: html form action='mem_login.php' method='POST' Username: input type='text' name='username'br Password: input type='password' name='password'br input type='submit' value='Log in' /form /html Did you try looking at the $_POST array data? echo var_dump(print_r($_POST)); -- Jason Gerfen Systems Administration/Web application development jason.ger...@scl.utah.edu mailto:jason.ger...@scl.utah.edu Marriott Library Lab Systems PC 295 South 1500 East Salt Lake City, Utah 84112-0806 Ext 5-9810 -- Guru Prasad Ubuntu Voice GTK+ Forum -- Jason Gerfen Systems Administration/Web application development jason.ger...@scl.utah.edu Marriott Library Lab Systems PC 295 South 1500 East Salt Lake City, Utah 84112-0806 Ext 5-9810 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Need help with the code
Maybe you should google for information regarding the php.ini and error reporting. nagendra prasad wrote: Yes I did but still its not working on my web server however its working fine with my WAMP server locally. On Fri, Oct 2, 2009 at 9:17 PM, Jason Gerfen jason.ger...@scl.utah.eduwrote: nagendra prasad wrote: OK so here is the form for the below code: html form action='mem_login.php' method='POST' Username: input type='text' name='username'br Password: input type='password' name='password'br input type='submit' value='Log in' /form /html Did you try looking at the $_POST array data? echo var_dump(print_r($_POST)); -- Jason Gerfen Systems Administration/Web application development jason.ger...@scl.utah.edu Marriott Library Lab Systems PC 295 South 1500 East Salt Lake City, Utah 84112-0806 Ext 5-9810 -- Jason Gerfen Systems Administration/Web application development jason.ger...@scl.utah.edu Marriott Library Lab Systems PC 295 South 1500 East Salt Lake City, Utah 84112-0806 Ext 5-9810 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysqli error
Kevin Castiglia wrote:
Whenever I run the following code, I get the error: Commands out of sync;
you can't run this command now as I try to execute my prepared Update
statement.
?php
$fpiDataAddr = fopen('outputAddr.txt','r') or die(can not open In File );
//Connect to mySQL server
$mysqli = new mysqli('localhost', 'user', 'pswd', 'db');
Google... http://dev.mysql.com/doc/refman/5.0/en/commands-out-of-sync.html
if ($mysqli-connect_error) { die('Could not connect:
'.$mysqli-connect_error); }
else{ echo Connected successfully\n; }
$seqno = 0;
$k = 'Kev';
$sql1 = 'SELECT UNIQUE_NUM, AM_CITY FROM db.kb_addr WHERE UNIQUE_NUM = ?';
$sth1 = $mysqli-prepare($sql1);
$sql2 = 'UPDATE db.kb_addr SET AM_CITY = ? WHERE UNIQUE_NUM = ?';
$sth2 = $mysqli-prepare($sql2);
while($inrec = fgetcsv($fpiDataAddr,0,',','')){
if($seqno == 0){
$x= count($inrec);
$arrFields = array();
for ($y = 0; $y $x; $y++) {
$arrFields[$inrec[$y]] = $y; //creates associative array that
associates fields with the index in $inrec
}
echo Array of Field Names From Header Record in Input data is \n;
print_r($arrFields);
$seqno++;
continue;}
$key = 0+$inrec[$arrFields['Unique #']];
//Select Statement
$sth1-bind_param('i',$key);
$sth1-execute();
$sth1-bind_result($un,$ac);
$sth1-fetch();
//Update Statement
$sth2-bind_param('si',$k,$key);
echo after bind: .$sth2-error.\nThe object error is:
$mysqli-error\n;
$sth2-execute();
echo after execute: .$sth2-error.\nThe object error is:
$mysqli-error\n;
if($seqno 1000) break;
$seqno++;
}
fclose($fpiDataAddr) or die(can not close file);
//disconnect
$sth1-close();
$sth2-close();
$mysqli-close();
?
However, if I close $sth1 (the select statement) before executing $sth2 (the
update statement), it works, but since I just closed $sth1, I have to
prepare it again. This is pretty inefficient considering the large data set
that I'm working with and the fact that I have to prepare and close my
select statement every single time I loop through. Is there any way that I
can run these statements error-free without having to close the select
statement ($sth1) every single time I want to execute my update statement
($sth2)?
Thanks,
Kevin
--
Jas
Tomorrow isn't promised so we live for today
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysqli error
Jason Gerfen wrote:
Kevin Castiglia wrote:
Whenever I run the following code, I get the error: Commands out of sync;
you can't run this command now as I try to execute my prepared Update
statement.
?php
$fpiDataAddr = fopen('outputAddr.txt','r') or die(can not open In File );
//Connect to mySQL server
$mysqli = new mysqli('localhost', 'user', 'pswd', 'db');
Google... http://dev.mysql.com/doc/refman/5.0/en/commands-out-of-sync.html
if ($mysqli-connect_error) { die('Could not connect:
'.$mysqli-connect_error); }
else{ echo Connected successfully\n; }
$seqno = 0;
$k = 'Kev';
$sql1 = 'SELECT UNIQUE_NUM, AM_CITY FROM db.kb_addr WHERE UNIQUE_NUM = ?';
$sth1 = $mysqli-prepare($sql1);
$sql2 = 'UPDATE db.kb_addr SET AM_CITY = ? WHERE UNIQUE_NUM = ?';
$sth2 = $mysqli-prepare($sql2);
while($inrec = fgetcsv($fpiDataAddr,0,',','')){
if($seqno == 0){
$x= count($inrec);
$arrFields = array();
for ($y = 0; $y $x; $y++) {
$arrFields[$inrec[$y]] = $y; //creates associative array that
associates fields with the index in $inrec
}
echo Array of Field Names From Header Record in Input data is \n;
print_r($arrFields);
$seqno++;
continue;}
$key = 0+$inrec[$arrFields['Unique #']];
//Select Statement
$sth1-bind_param('i',$key);
$sth1-execute();
$sth1-bind_result($un,$ac);
$sth1-fetch();
//Update Statement
$sth2-bind_param('si',$k,$key);
echo after bind: .$sth2-error.\nThe object error is:
$mysqli-error\n;
$sth2-execute();
echo after execute: .$sth2-error.\nThe object error is:
$mysqli-error\n;
if($seqno 1000) break;
$seqno++;
}
fclose($fpiDataAddr) or die(can not close file);
//disconnect
$sth1-close();
$sth2-close();
$mysqli-close();
?
However, if I close $sth1 (the select statement) before executing $sth2 (the
update statement), it works, but since I just closed $sth1, I have to
prepare it again. This is pretty inefficient considering the large data set
that I'm working with and the fact that I have to prepare and close my
select statement every single time I loop through. Is there any way that I
can run these statements error-free without having to close the select
statement ($sth1) every single time I want to execute my update statement
($sth2)?
I am unaccustomed to utilizing the mysqli functionality but the older
mysql functions allow you to do something within your loops without the
need to close then prepare a new connection/query each time.
mysql_pconnect()
mysql_select_db()
for( $x $y ) {
mysql_query()
mysql_fetch_array()
mysql_free_result()
}
mysql_close()
These functions may be more appropriate for your datasets
Thanks,
Kevin
--
Jas
Tomorrow isn't promised so we live for today
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] multiple finder
Emiliano Boragina wrote: Hi, I must do e finder for properties... I know do a simple search but not a search like this with more one possibility, with all or some fields full... How do it? Thanks a lot Example database table to search: TableName Field001 Field002 Field003 Example SQL to search fields with some or all of the fields matching: SELECT * FROM `TableName` WHERE `Field001` LIKE 'string' OR `Field002` LIKE 'string' OR `Field003`; For future reference the PHP website as well as the MySQL website have examples for any type of functionality you wish to locate. I would suggest researching a the 'select' command from the MySQL website: http://dev.mysql.com/doc/refman/5.0/en/select.html -- +_ Emiliano Boragina // DiseƱo y ComunicaciĆ³n / +_ emiliano.borag...@gmail.com 15 40 58 60 02 // +_ -- Jas Tomorrow isn't promised so we live for today -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] postgres - pg_query works; pg_query_params doesn't
Carol Walter wrote:
Hello,
I have a php 5 and PostgreSQL 8.3.6. I wrote the original program using
pg_query. Now, I need to replace pg_query with pg_query_params. I'm
having trouble doing so. In this code pg_query works but
pg_query_params doesn't work. The code snippet is as follows:
if ($submit_info2 == Submit)
{
include connect_km_tezt.php; // Connect to database
if ($get_name == Submit)
{
/* Query using pg_query */
/* $query2 = SELECT \fName\,\mName\,\lName\
FROM \tblPeople\
WHERE \peopleId\ = '$choose_name';
$result2 = pg_query($query2) or die(Can't execute query); */
/ Query using pg_query_params ***/
$query2 = pg_query_params('SELECT fName,mName,lName
FROM tblPeople
WHERE peopleId = $1', array($choose_name));
/* Process query result */
$rows2 = pg_num_rows($result2);
echo $rows2 . rows returned. br /;
while ($row2 = pg_fetch_array($result2))
{
$f_name_new = $row2['fName'];
$m_name_new = $row2['mName'];
$l_name_new = $row2['lName'];
echo $fName $mName $lName br /;
}
while (list($fName, $mName, $lName) = pg_fetch_row($result2))
{
echo $fName $mName $lName br /;
}
}
if ($Info2 != None)
{
echo h2You're entering a . $Info2 . for
nbsp; $f_name_new nbsp; $m_name_new nbsp; $l_name_new
/h2 ;
}
The error message I get is as follows:
Internal Server Error
The server encountered an internal error or misconfiguration and was
unable to complete your request.
Please contact the server administrator, r...@slis.indiana.edu and
inform them of the time the error occurred, and anything you might have
done that may have caused the error.
More information about this error may be available in the server error log.
Question #1. Do you see why this isn't working.
Question #2. Is there some way I can see the query that is being passed
to the PostgreSQL server.
Question #3. Can I put an or die clause on pg_query_params.
I'm not sure how to debug this code.
Thanks,
Carol
pg_error() will tell you why. more then likely you should test the valid
resource coming from the pg_connect function.
--
Jas
Tomorrow isn't promised so we live for today
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] numeric string to single digit array
Evert Lammerts wrote:
This is my code. The only error is at line 15 as I stated above.
1 ?PHP
2 DEFINE (host,localhost);
3 DEFINE (user,root);
4 DEFINE (password,password);
5 DEFINE (database,questions);
6
7 $connection=mysql_connect(host,user,password) or die ('Could not
connect' .mysql_error() );
8
9 $dbConnect=mysql_select_db('questions',$connection);
10 if (!$dbConnect) {die ('Could not connect to database' .
mysql_error() );}
11
12 $query =Select answer from answers where studentID ='A123456789';
13 $result = mysql_query($query,$connection);
14 $count=0;
15 while($row = mysql_fetch_assoc($result));
remove the semi-colon at the end of line 15
16 {
17 $count++;
18 }
19 echo $count;
20 ?
Turn line 13 into
$result = mysql_query($query) or die(mysql_error());
, so leave out the connection parameter and append the die() function,
and see what error that produces.
--
Jason Gerfen
I practice my religion
while stepping on your
toes...
~The Ditty Bops
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] md5() function
Steven Cruz wrote: Hello; I maybe wrong, but I believe it is one way. What you need to do is take your input and encrypt it and check if matches your current encrypted value. :) peace and hugs. Miguel Guirao wrote: Hi!! I'm using the md5() function to encrypt a password and store it into a database. Now I want to retrieve that MD5 password and convert it into it's human readable condition. Is there a function opposite to md5()?? Best Regards, M Guirao If you want to do a comparison on the md5() hash you just created you could always run your SQL query like: SELECT * FROM `table` WHERE `password` = md5( $password ) LIMIT 1; That will return a true or false value based on the md5() hash of the $password var. But you cannot reverse the md5 hash to obtain the original value unless you perform a crack on it using software available software. I think what you are looking for is the base64_encode() and base64_decode() functions which will perform a simple encoding of data. -- Jason Gerfen I practice my religion while stepping on your toes... ~The Ditty Bops -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Credit Card Encryption
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I got messaged off list which I don't appreciate.
But, yes PHP5 only or you could replace the lines for PHP4 and on:
$keys[] = mhash( MHASH_SHA1, sha1( $array[$x] ) );
With:
if( !function_exists( mhash ) ) {
$keys[] = sha1( sha1( $array[$x] ) );
} elseif( !function_exists( sha1 ) ) {
$keys[] = md5( md5( $array[$x] ) );
} else {
$keys[] = mhash( MHASH_SHA1, sha1( $array[$x] ) );
}
That will look to see if the 'mhash()', 'sha1()' functions exist and use
them accordingly. HTH.
Jason Gerfen wrote:
Jason Gerfen wrote:
Daniel Brown wrote:
On Dec 19, 2007 2:41 AM, Keith Spiller [EMAIL PROTECTED] wrote:
Ok I've done some research and some thinking. What about storing orders in
the database (product info and customer info) and then using GnuPG or PGP
to
send the credit card info to the merchant? This way the credit card
information is not stored on the server or in the database but only in
printed format by the merchant. Since my client processes all of the
credit
card orders by hand this seems like an ideal solution.
I had a client that did offline (manual) processing of credit card
orders as well. With liability issues and the problems that others
have already pointed out, storing the credit card information was not
an option, yet my client still needed some way of having the data
available offline.
Consider the following:
ISSUERLENGTH
Diner's Club/Carte Blanche 14
American Express 15
VISA 13 or 16
MasterCard16
Discover 16
Security checks aside (like making sure they selected the type of
card and that it matched the algorithm - VISA beginning with 4 and
being strlen($_POST['cardnum']) == 13 or 16, MasterCard being 16,
beginning with 51xx to 55xx, et cetera), I then had a hybrid of
storage and delivery.
Mail the first ? rand(4,6); ? digits to the sales email
address(es) on file. Three addresses on two domains were used for
redundancy in this case. Store the remaining digits in the database.
You could write your own encryption algorithm or use one that is
publicly-available and reversible (Blowfish is what I was using, at
128, key length of 56 lower ASCII characters, padded with 7 on the key
and four on the output - MD5, SHA1, et al are NOT options here).
The sales department then received the first digits of the credit
card number via email, which stated it was an order key. Again, in my
Using the order number as the key is bad practice. Here is a random key
generator that you could use for your public/private keys and still use
the blowfish cipher as your method of encrypting:
?PHP
function ReadFolder( $folder )
{
if( ( empty( $folder ) ) || ( !is_dir( $folder ) ) ) {
$rand_image = GenerateError( Couldn't open directory );
} else {
$rand_image = array();
if( $handle = opendir( $folder ) ) {
while( false !== ( $file = readdir( $handle ) ) ) {
if( $file != . $file != .. $file != index.html
!is_dir( $file ) ) {
$rand_image[] = $file;
}
}
closedir( $handle );
}
}
return $rand_image;
}
function MakeSuperRandom()
{
return srand( ( double ) microtime( time() ) * 10 );
}
function PickRandomImages( $array )
{
$num1 = count( $array );
$num1 = $num1 - 1;
MakeSuperRandom();
$img_num = rand( 3, $num1 );
$image[] = $array[$img_num];
$num2 = count( $array );
$num2 = $num2 - 1;
MakeSuperRandom();
$img_num = rand( 3, $num2 );
$image[] = $array[$img_num];
$num3 = count( $array );
$num3 = $num3 - 1;
MakeSuperRandom();
$img_num = rand( 3, $num3 );
$image[] = $array[$img_num];
return $image;
}
function ChkArray( $array )
{
if( ( empty( $array ) ) || ( count( $array ) 3 ) ) {
$data = 1;
} else {
$data = 0;
}
return $data;
}
function GeneratePrivKey( $array )
{
if( empty( $array ) ) {
$data = GenerateError( Missing data for GeneratePrivKey function. );
} else {
for( $x = 0; $x count( $array ); $x++ ) {
$keys[] = mhash( MHASH_SHA1, sha1( $array[$x] ) );
}
for( $y = 0; $y count( $keys ); $y++ ) {
if( count( $keys ) == $keys[$y] ) {
$data .= $keys[$y];
} else {
$data .= $keys[$y] . :;
}
}
}
return $data;
}
function GeneratePubKey( $data )
{
return md5( $data );
}
function EncData( $data, $key )
{
$td = mcrypt_module_open( 'rijndael-256', '', 'ofb', '' );
$iv = mcrypt_create_iv( mcrypt_enc_get_iv_size( $td ), MCRYPT_DEV_RANDOM );
$ks = mcrypt_enc_get_key_size( $td );
@mcrypt_generic_init( $td, $key, $iv );
$encrypted = mcrypt_generic( $td, $data );
echo brbCiphered Text using Random Image Hash as Key:/bpre .
$encrypted . /prebr;
@mcrypt_generic_deinit( $td );
@mcrypt_generic_init( $td, $key, $iv );
$decrypted = mdecrypt_generic
Re: [PHP-DB] Credit Card Encryption
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
What I wrote there will work but I would highly recommend recompiling
PHP with the --with-mcrypt --with-mhash switches. The mcrypt libraries
can be found on sourceforge. http://libmcrypt.sourceforge.net
Jason Gerfen wrote:
I got messaged off list which I don't appreciate.
But, yes PHP5 only or you could replace the lines for PHP4 and on:
$keys[] = mhash( MHASH_SHA1, sha1( $array[$x] ) );
With:
if( !function_exists( mhash ) ) {
$keys[] = sha1( sha1( $array[$x] ) );
} elseif( !function_exists( sha1 ) ) {
$keys[] = md5( md5( $array[$x] ) );
} else {
$keys[] = mhash( MHASH_SHA1, sha1( $array[$x] ) );
}
That will look to see if the 'mhash()', 'sha1()' functions exist and use
them accordingly. HTH.
Jason Gerfen wrote:
Jason Gerfen wrote:
Daniel Brown wrote:
On Dec 19, 2007 2:41 AM, Keith Spiller [EMAIL PROTECTED] wrote:
Ok I've done some research and some thinking. What about storing orders
in
the database (product info and customer info) and then using GnuPG or PGP
to
send the credit card info to the merchant? This way the credit card
information is not stored on the server or in the database but only in
printed format by the merchant. Since my client processes all of the
credit
card orders by hand this seems like an ideal solution.
I had a client that did offline (manual) processing of credit card
orders as well. With liability issues and the problems that others
have already pointed out, storing the credit card information was not
an option, yet my client still needed some way of having the data
available offline.
Consider the following:
ISSUERLENGTH
Diner's Club/Carte Blanche 14
American Express 15
VISA 13 or 16
MasterCard16
Discover 16
Security checks aside (like making sure they selected the type of
card and that it matched the algorithm - VISA beginning with 4 and
being strlen($_POST['cardnum']) == 13 or 16, MasterCard being 16,
beginning with 51xx to 55xx, et cetera), I then had a hybrid of
storage and delivery.
Mail the first ? rand(4,6); ? digits to the sales email
address(es) on file. Three addresses on two domains were used for
redundancy in this case. Store the remaining digits in the database.
You could write your own encryption algorithm or use one that is
publicly-available and reversible (Blowfish is what I was using, at
128, key length of 56 lower ASCII characters, padded with 7 on the key
and four on the output - MD5, SHA1, et al are NOT options here).
The sales department then received the first digits of the credit
card number via email, which stated it was an order key. Again, in my
Using the order number as the key is bad practice. Here is a random key
generator that you could use for your public/private keys and still use
the blowfish cipher as your method of encrypting:
?PHP
function ReadFolder( $folder )
{
if( ( empty( $folder ) ) || ( !is_dir( $folder ) ) ) {
$rand_image = GenerateError( Couldn't open directory );
} else {
$rand_image = array();
if( $handle = opendir( $folder ) ) {
while( false !== ( $file = readdir( $handle ) ) ) {
if( $file != . $file != .. $file != index.html
!is_dir( $file ) ) {
$rand_image[] = $file;
}
}
closedir( $handle );
}
}
return $rand_image;
}
function MakeSuperRandom()
{
return srand( ( double ) microtime( time() ) * 10 );
}
function PickRandomImages( $array )
{
$num1 = count( $array );
$num1 = $num1 - 1;
MakeSuperRandom();
$img_num = rand( 3, $num1 );
$image[] = $array[$img_num];
$num2 = count( $array );
$num2 = $num2 - 1;
MakeSuperRandom();
$img_num = rand( 3, $num2 );
$image[] = $array[$img_num];
$num3 = count( $array );
$num3 = $num3 - 1;
MakeSuperRandom();
$img_num = rand( 3, $num3 );
$image[] = $array[$img_num];
return $image;
}
function ChkArray( $array )
{
if( ( empty( $array ) ) || ( count( $array ) 3 ) ) {
$data = 1;
} else {
$data = 0;
}
return $data;
}
function GeneratePrivKey( $array )
{
if( empty( $array ) ) {
$data = GenerateError( Missing data for GeneratePrivKey function. );
} else {
for( $x = 0; $x count( $array ); $x++ ) {
$keys[] = mhash( MHASH_SHA1, sha1( $array[$x] ) );
}
for( $y = 0; $y count( $keys ); $y++ ) {
if( count( $keys ) == $keys[$y] ) {
$data .= $keys[$y];
} else {
$data .= $keys[$y] . :;
}
}
}
return $data;
}
function GeneratePubKey( $data )
{
return md5( $data );
}
function EncData( $data, $key )
{
$td = mcrypt_module_open( 'rijndael-256', '', 'ofb', '' );
$iv = mcrypt_create_iv( mcrypt_enc_get_iv_size( $td ), MCRYPT_DEV_RANDOM );
$ks = mcrypt_enc_get_key_size( $td );
@mcrypt_generic_init( $td, $key, $iv );
$encrypted
Re: [PHP-DB] Credit Card Encryption
. And on another note why not use a different delivery method altogether such as using java-script to encrypt the data prior to transmission, store the private key inside the local network, use the public key and associate it with the purchase within the database and develop a method of authentication for the users to retrieve the data and then, and only then use the private key to decrypt the data. Just a thought. case, I wrote an algorithm that would encrypt these digits prior to sending, using the actual order number as a key. The accounting software I wrote (all in PHP) would then retrieve the latter half of the credit card number from the database, decrypt the first part of the credit card number from the email (entered by the sales team on an SSL-encrypted page), and the credit card number would be displayed in full on the screen, to print, process, or verify. The downside is that, if there are any problems with email and delivery, the first $n digits of the card might not be received by the sales department. While, to date, I'm not aware of this having been a problem for my client (knock on wood), it's still a possibility. For this reason, you need to be sure to either have the email address confirmed prior to processing the order, or require a valid telephone number, so that you can reach the customer in the event of a failure. To assure the customer that you are calling legitimately, you will still have the last digits of the credit card, as well as the expiration data and CVV number (also stored in the database), the billing address, and the date and time the order was placed. It may not work for you, but that's how I created the system for my client in 2004, and it's still being used today, with almost $8 Million in online sales. [pats self on back] ;-P Now if I could just go back and renegotiate my contract for that gig - -- Jason Gerfen I practice my religion while stepping on your toes... ~The Ditty Bops -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHaUTR5vk8bwKVAaIRAlPOAJoCUbI6rVCvhG6pvuIzWTkbiyLVQgCfdE26 tJf77knhJ3p6q7DHsvZTWQc= =wSva -END PGP SIGNATURE- -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Credit Card Encryption
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jason Gerfen wrote:
Daniel Brown wrote:
On Dec 19, 2007 2:41 AM, Keith Spiller [EMAIL PROTECTED] wrote:
Ok I've done some research and some thinking. What about storing orders in
the database (product info and customer info) and then using GnuPG or PGP to
send the credit card info to the merchant? This way the credit card
information is not stored on the server or in the database but only in
printed format by the merchant. Since my client processes all of the credit
card orders by hand this seems like an ideal solution.
I had a client that did offline (manual) processing of credit card
orders as well. With liability issues and the problems that others
have already pointed out, storing the credit card information was not
an option, yet my client still needed some way of having the data
available offline.
Consider the following:
ISSUERLENGTH
Diner's Club/Carte Blanche 14
American Express 15
VISA 13 or 16
MasterCard16
Discover 16
Security checks aside (like making sure they selected the type of
card and that it matched the algorithm - VISA beginning with 4 and
being strlen($_POST['cardnum']) == 13 or 16, MasterCard being 16,
beginning with 51xx to 55xx, et cetera), I then had a hybrid of
storage and delivery.
Mail the first ? rand(4,6); ? digits to the sales email
address(es) on file. Three addresses on two domains were used for
redundancy in this case. Store the remaining digits in the database.
You could write your own encryption algorithm or use one that is
publicly-available and reversible (Blowfish is what I was using, at
128, key length of 56 lower ASCII characters, padded with 7 on the key
and four on the output - MD5, SHA1, et al are NOT options here).
The sales department then received the first digits of the credit
card number via email, which stated it was an order key. Again, in my
Using the order number as the key is bad practice. Here is a random key
generator that you could use for your public/private keys and still use
the blowfish cipher as your method of encrypting:
?PHP
function ReadFolder( $folder )
{
if( ( empty( $folder ) ) || ( !is_dir( $folder ) ) ) {
$rand_image = GenerateError( Couldn't open directory );
} else {
$rand_image = array();
if( $handle = opendir( $folder ) ) {
while( false !== ( $file = readdir( $handle ) ) ) {
if( $file != . $file != .. $file != index.html
!is_dir( $file ) ) {
$rand_image[] = $file;
}
}
closedir( $handle );
}
}
return $rand_image;
}
function MakeSuperRandom()
{
return srand( ( double ) microtime( time() ) * 10 );
}
function PickRandomImages( $array )
{
$num1 = count( $array );
$num1 = $num1 - 1;
MakeSuperRandom();
$img_num = rand( 3, $num1 );
$image[] = $array[$img_num];
$num2 = count( $array );
$num2 = $num2 - 1;
MakeSuperRandom();
$img_num = rand( 3, $num2 );
$image[] = $array[$img_num];
$num3 = count( $array );
$num3 = $num3 - 1;
MakeSuperRandom();
$img_num = rand( 3, $num3 );
$image[] = $array[$img_num];
return $image;
}
function ChkArray( $array )
{
if( ( empty( $array ) ) || ( count( $array ) 3 ) ) {
$data = 1;
} else {
$data = 0;
}
return $data;
}
function GeneratePrivKey( $array )
{
if( empty( $array ) ) {
$data = GenerateError( Missing data for GeneratePrivKey function. );
} else {
for( $x = 0; $x count( $array ); $x++ ) {
$keys[] = mhash( MHASH_SHA1, sha1( $array[$x] ) );
}
for( $y = 0; $y count( $keys ); $y++ ) {
if( count( $keys ) == $keys[$y] ) {
$data .= $keys[$y];
} else {
$data .= $keys[$y] . :;
}
}
}
return $data;
}
function GeneratePubKey( $data )
{
return md5( $data );
}
function EncData( $data, $key )
{
$td = mcrypt_module_open( 'rijndael-256', '', 'ofb', '' );
$iv = mcrypt_create_iv( mcrypt_enc_get_iv_size( $td ), MCRYPT_DEV_RANDOM );
$ks = mcrypt_enc_get_key_size( $td );
@mcrypt_generic_init( $td, $key, $iv );
$encrypted = mcrypt_generic( $td, $data );
echo brbCiphered Text using Random Image Hash as Key:/bpre .
$encrypted . /prebr;
@mcrypt_generic_deinit( $td );
@mcrypt_generic_init( $td, $key, $iv );
$decrypted = mdecrypt_generic( $td, $encrypted );
echo brbDe-Ciphered Text using Random Image Hash as Key:/bpre
. $decrypted . /pre;
@mcrypt_generic_deinit( $td );
@mcrypt_module_close( $td );
}
// to use functions
$x = ReadFolder( images/ );
$y = PickRandomImages( $x );
$b = GeneratePrivKey( $y );
echo bPrivate Key data:/bpre . $b . /pre;
$data = br . GeneratePubKey( $b );
echo bPublic Key data:/bpre; print_r( $data ); echo /pre;
echo EncData( $credit_card_data, $b );
?
With that code you will have
Re: [PHP-DB] Sending value to another page...
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
VanBuskirk, Patricia wrote:
I am trying to send an order number from a confirmation page to another
form and insert it into the order number field on the new form. Can
anyone tell me what I am doing wrong??!!
Here's the portion of my code that has the link (it passes
http://www2.otc.fsu.edu/Forms/TEST/cellreg.php?'OrderNumber'=TEST222808)
:
It should be
http://www2.otc.fsu.edu/Forms/TEST/cellreg.php?OrderNumber=TEST222808
Notice the missing single quotes? If you encapsulate a global $_GET var
php will not look at anything between '' it will skip that and search
for an varname=value or ?varname=value string. Then $_GET['varname']
will contain something.
?php
if(isset($_POST['Cellular_Service'])) {
echo (table width='100%' border='3' cellpadding='0'
cellspacing='0' bordercolor='#99' bgcolor='#CC'
tr class='style5'
td align='center'bfont size='3'In order to complete your
cellular phone request, you are REQUIRED to REGISTER the cell phone(s)
with the FSU employees through their FSUID. Please go to the a
href=\http://www2.otc.fsu.edu/Forms/TEST/cellreg.php?'OrderNumber'=.$o
rder['Order_Number'].\Cell Phone Registration Form/a to complete
your order. Thank you! /font/b/td
/tr
/tablebr);
}
?
Here's the page it goes to (it puts nothing in the Order Number field):
HTML
HEAD
TITLECell Phone Registration/TITLE
LINK href=tsr.css rel=stylesheet type=text/css
/HEAD
BODY class=style13
TABLE width=500 border=0 cellpadding=5 cellspacing=0
FORM action=thankyou.php method=post name=cellform
TR class=style13
TD height=57 colspan=4 align=center
valign=topH2IMG src=images/OTC.jpg width=300 height=75/H2
H2Cell Phone Information/H2/TD
/TR
TR valign=bottom class=style13
TD align=centerINPUT type=text name=OrderNumber
value=?php echo (['OrderNumber']); ? size=15 //TD
TD align=centerINPUT type=text name=FSUID value=
size=20 //TD
TD align=centerINPUT type=text name=UserName
value= size=25 //TD
TD align=centerINPUT type=text name=PhoneNumber
value= size=15 //TD
/TR
TR class=style13
TD align=center valign=topOrder # /TD
TD align=center valign=topFSUID/TD
TD align=center valign=topUser Name/TD
TD align=center valign=topPhone #/TD
/TR
TR
TD colspan=4 align=centernbsp;
INPUT
type=submit name=new_record value=Add Line /nbsp;nbsp;
INPUT type=reset name=clear
value=Clear //TD
/TR
/FORM
/TABLE
/BODY
/HTML
- --
Jason Gerfen
I practice my religion
while stepping on your
toes...
~The Ditty Bops
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHTwb+5vk8bwKVAaIRAs6cAJ9fy+tyXH74q2mlwmm5o6Pn1HEBjQCdHMOs
Sxf5BdnaJOAmun2XG2LEbW8=
=w5lq
-END PGP SIGNATURE-
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] array issue
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Clare Media wrote:
Guys really in need of some assistance here.
I am reading an xml file and want to loop through the entire file and
display the information.
Unfortunately I am only showing 1 item. how can I go about showing all news
item?
I've tried array and loop however I am not versed with any of them.
Thanks in advance
eg.
-
item
titletitle 1/title
descriptionDescription 1/description
/item
item
titletitle 2/title
descriptionDescription 2/description
/item
item
titletitle 3/title
descriptionDescription 3/description
/item
-
My current code
+
function getNews()
{
$file = NEWS_FILE..xml;
if(!file_exists($file) || filemtime($file)
time() - 43200) {
$this-data =
@file_get_contents(http://feeds.mydomain.com/dailynews;);
$fp = @fopen($file, 'w');
@fwrite($fp, $this-data);
@fclose($fd);
}
else $this-data =
@file_get_contents($file);
if(strlen($this-data) = 0) return;
Count the elements in $this-data = @file_get_contents( $file );
If more then one then loop else use the code below:
ex:
if( count( $this-data = @file_get_contents( $file ) 1 ) ) {
foreach( $this-data as $key = $value ) {
// show your titles etc.
}
} else {
// get the location
$attr = explode('', $this-tag('item'));
$return['title'] = $attr[1];
$return['title'] = substr($return['title'],
6);
$return['description'] = $attr[7];
$return['description'] =
substr($return['description'], 2);
return $return;
}
function view_news()
{
$currentNews = newsfeed::getNews();
$NEWS=
'strong'.$currentNews['title'].'/strongbr'.$currentNews['description']
..'br/';
return $NEWS;
}
function tag($tag, $skip=0)
{
$start = -1;
for($i = 0; $i = $skip; $i++)
$start = strpos($this-data,
{$tag}, $start + 1);
if($start === false) return false;
$start += strlen($tag) + 1;
$end = strpos($this-data, /{$tag},
$start);
if($end === false)
$end = strpos($this-data,
'/', $start);
return trim(substr($this-data, $start, $end
- $start));
}
- --
Jason Gerfen
I practice my religion
while stepping on your
toes...
~The Ditty Bops
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHTGMM5vk8bwKVAaIRAhAjAJ9FklveFH1PORVl0HC9nCb+klgcUACeOren
RgXSIP0bl/bt9rI6g9a/6Uk=
=y9XX
-END PGP SIGNATURE-
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Unique fields, grabbing errors
I am having a problem trying to use 3 unique fields in a database table
and grabbing the errors that may result, any help is appreciated.
$update = @mysql_query( UPDATE hosts SET hostname='$host', mac='$mac',
ip='$ip', vlan='$vlan', group='$group' WHERE hostname=\$host\, $db );
$error = @mysql_error( $update );
@preg_match( /\'(.*)\'/, $error, $matches );
$find = @mysql_query( SELECT * FROM hosts WHERE hostname =
'$matches[0]' OR mac = '$matches[0]' OR ip = '$matches[0]', $db );
$checks = @mysql_num_rows( $find );
if( ( $checks == 1 ) ( !empty( $error ) ) ) {
...
} else {
...
}
--
Jason Gerfen
You will never be ready for me.
~ Me
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] problem with mysql_error()
I am not sure why this is not returning any values but it should be. The database structure CREATE TABLE `hosts` ( `id` int(11) NOT NULL auto_increment, `hostname` varchar(100) NOT NULL default '', `mac` varchar(100) NOT NULL default '', `ip` varchar(100) NOT NULL default '', `vlan` varchar(100) NOT NULL default '', PRIMARY KEY (`id`), UNIQUE KEY `mac` (`mac`), UNIQUE KEY `ip` (`ip`), UNIQUE KEY `hostname` (`hostname`), UNIQUE KEY `id` (`id`) ) TYPE=MyISAM AUTO_INCREMENT=4705 ; And the code: $update = @mysql_query( UPDATE hosts SET hostname=\$host\, mac=\$mac\, ip=\$ip\, vlan=\$vlan\ WHERE id=\$id\, $db )or die( img src=\images/error.jpg\nbsp;nbsp;bError: /bProblem occured while updating host records for $host./bbrError Message: . @mysql_error( $update ) . br . Error Number: . @mysql_errno( $update ) . brEmail Administrator: a href=\mailto:$defined[mail]\;$defined[mail]/a ); Because I have set a couple of the fields to unique I should be recieving an error of 'duplicate entry' but i am getting an empty result for mysql_error(). Any help is appreciated. -- Jason Gerfen Student Computing Labs, University Of Utah [EMAIL PROTECTED] J. Willard Marriott Library 295 S 1500 E, Salt Lake City, UT 84112-0860 801-585-9810 My girlfriend threated to leave me if I went boarding... I will miss her. ~ DIATRIBE aka FBITKK -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] multiple fields all unique?
John W. Holmes wrote:
From: Jas [EMAIL PROTECTED]
Has anyone every performed such a feat as to check for matching fields
before updating? And if so could you show me some code that used to
accomplish this. I have written my own but the if - else statements are
getting ridiculous.
Are the columns actually declared UNIQUE in your database? That's the first
step. Then you can just do the update, and if it fails with a specific
error, you know you've hit a duplicate.
The long way to do it is to just SELECT the data first, then update if there
are no matches
(assuming MySQL, here, but the concept is the same)
$query = SELECT mac, ip FROM table WHERE mac = '{$_POST['mac']}' OR ip =
'{$_POST['ip']}';
$result = mysql_query($query) or die(mysql_error());
if($row = mysql_fetch_assoc($result))
{
if($_POST['mac'] == $row['mac'])
{ echo {$row['mac']} is already being used. ; }
elseif($_POST['ip'] == $row['ip'])
{ echo {$row['ip'] is already being used. ; }
}
else
{
$query = UPDATE table SET mac = '{$_POST['mac']}', ip =
'{$_POST['ip']}' WHERE hostname = '{$_POST['hostname']}';
$result = mysql_query($query) or die(mysql_error));
echo Record updated!;
}
If you want an example of the first (and better) method, let me know.
---John Holmes...
Yeah, I have never used a unique field for the database, and you are
right it is a mysql db.
Jas
--
Jason Gerfen
Student Computing Group
Marriott Library
University of Utah
(801) 585-9810
[EMAIL PROTECTED]
I'm not a robot like you. I don't like having disks crammed into me... unless they're Oreos, and then only in the mouth. ~Phillip J. Fry
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
