[PHP] want a binary PHP for SCO OpenServer 5.0.5
I want to a binary php,used in SCO 5.0.5 ,Who can help me.
[PHP] Re: Storing binary data within a php script.
Thanks Jed,
Im just trying your method.
If i have any problems ill reply to this post
Jamie
Jed Smith [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
This is done in a few examples using base64_encode() and base64_decode().
A particular OpenGL example I can recall encoded a small (~20k) DLL
directly into the PHP source that relied upon it, then unpacked it at
runtime.
Ah, there it is:
** snip **
if ( is_file( SimpleWndProc.dll ) ? filesize( SimpleWndProc.dll ) !=
2560 : 1 )
{
$dll =
eNrtVU9IFGEUf7NpTbZue1hCYqlvQT3JslsG0clt/aho1XHNDOnguDutY+uMzh80
.
KDrYQTPJS1TUoWMEdSpYrEOEsQl66yD9gT1ILCHhIcqDML35Zla3IgO7mQ9+733v
/* ... */
.
dxBP8K4dRTzGcY6dBwcd8sBgVupS0lgfi9siXnQPAErZOyqrYXMXwO/8l7oiy5Fv
. kdWIJ8pHfdFAdH90uzf+D/QDFVAQCA==;
$dllout = fopen( SimpleWndProc.dll, wb );
if ( !$dllout )
die( Unable to extract SimpleWndProc.dll );
fwrite( $dllout, gzuncompress( base64_decode( $dll ) ) );
fclose( $dllout );
---
That's from an iridium example. You just base64 encode the data and
enclose it in a string. Of course, that's simply one way of doing it.
Jed
Jamie wrote:
Hi all,
Well so far my attempts to make this work have failed so i thought i
would try here. What i have is an installation script that has to write a
few files to the webserver. Im trying to cut down on the amount of files
that need to be uploaded/modified etc. So what im trying to do is include
all the data in one file. What the user then uploads and the physical
visual basic program activates the script what in turn sets up the web
server side. The problem comes when im trying to handle the ascii values
for the binary data. Warning: Unexpected character in input: ''
(ASCII=3) state=2.
I basicly have 3 questions.
1) Is it possible to store binary data in text form during transport and
then using php's file writing functions to output the file?
2) How would i do it as i guess i have to encode the ascii characters but
how would i do that?
3)Is there any better ways you suggest me to do this.
Im trying to this for two reasons first is to make the application usable
by anyone and the second reason is to try to push the boundarys of the
langage.
I would like anyones comments and views on this please. Any views might
help me come to a result.
Thanks
Jamie
--
_
(_)___Jed Smith, Code Monkey
| / __| [EMAIL PROTECTED] | [EMAIL PROTECTED]
| \__ \ +1 541 606-4145
_/ |___/ Signed mail preferred (PGP 0x703F9124)
|__/http://personal.jed.bz/keys/jedsmith.asc
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP 5 MySql 4.1 issue - can't connect to mysql.sock
Barley wrote: If I run the script from a shell prompt as root, it outputs Yes. If I run as any other user, it outputs No. It also gives this error: Warning: mysqli_connect(): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13) Check permissions on /var/lib/mysql. From the sockets manpage: NOTES In the Linux implementation, sockets which are visible in the filesystem honour the permissions of the directory they are in. Their owner, group and their permissions can be changed. Creation of a new socket will fail if the process does not have write and search (execute) permission on the directory the socket is created in. Connecting to the socket object requires read/write permission. This behavior differs from many BSD-derived systems which ignore permissions for Unix sockets. Portable programs should not rely on this feature for security. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: sanitizing/security
* Sebastian [EMAIL PROTECTED]:
just a question, what is the best way to sanitize your scripts when you're
using $_GET or $_REQUEST in a query?
eg, i usually just do:
if(is_numeric($_REQUEST['id']))
{
mysql_query(SELECT id FROM table WHERE
id=.intval($_REQUEST['id']).);
}
what about when the GET is text? just use htmlspecialchars?
just looking for some advice to help keep my apps secure.
The proper method for doing this is to 'whitelist' -- in other words,
assume data is tainted, and only allow it if it passes certain criteria.
For text, you'll typically want to define what is allowed, create a
regular expression, and pass the value through that expression (this is
often called 'filtering').
By the way, if you're needing an integer ID in the test above, testing
for is_numeric() will not be enough -- it returns floats as well as
integers. Try:
if ($_REQUEST['id'] == strval(intval($_REQUEST['id'])))
In terms of sanitizing data for insertion into a database -- or even for
re-display to users -- you'll typically want to use htmlentities()
and/or strip_tags() first (after you've validated that data, that is).
Then, for insertion into the database, use your database driver's
quoting method. In MySQL, this is mysql_real_escape_string().
Alternatively, use a database abstraction layer such as ADODB or
PEAR::DB/MDB2 and use its prepare() functionality (that way you don't
need to know the db's specific functions).
--
Matthew Weier O'Phinney | mailto:[EMAIL PROTECTED]
Webmaster and IT Specialist | http://www.garden.org
National Gardening Association| http://www.kidsgardening.com
802-863-5251 x156 | http://nationalgardenmonth.org
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Current Member Check
Hi everyone, I am having some issues with this script. I am making a form which registers a user. However, i want to check that the email address isnt already registered in the database. Below is the syntax which i used. Please help me figure out what I did wrong. *connects to database* $email = $_POST[email]; $checkEmail = mysql_query(SELECT * FROM memberInformation WHERE email = '$email'); Thanks in advance!! Brad Ciszewski www.BradTechnologies.com Web Services -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Current Member Check
i appologize i forgot to add the rest:
if($checkEmail != 0){
echo(centerfont color=\#99\The email address has already been
registerd with an account./font/center);
include(../includes/footer.php);
exit;
}
Thanx!
Brad Ciszewski
www.BradTechnologies.com Web Services
Brad Ciszewski [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hi everyone, I am having some issues with this script. I am making a form
which registers a user. However, i want to check that the email address
isnt
already registered in the database. Below is the syntax which i used.
Please
help me figure out what I did wrong.
*connects to database*
$email = $_POST[email];
$checkEmail = mysql_query(SELECT *
FROM memberInformation
WHERE email = '$email');
Thanks in advance!!
Brad Ciszewski
www.BradTechnologies.com Web Services
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Current Member Check
--- Brad Ciszewski [EMAIL PROTECTED] wrote: Please help me figure out what I did wrong. *connects to database* $email = $_POST[email]; $checkEmail = mysql_query(SELECT * FROM memberInformation WHERE email = '$email'); Please read this: http://php.net/manual/security.database.sql-injection.php Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming Soon http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Current Member Check
On Monday 20 December 2004 03:54, Chris Shiflett wrote: --- Brad Ciszewski [EMAIL PROTECTED] wrote: Please help me figure out what I did wrong. *connects to database* $email = $_POST[email]; $checkEmail = mysql_query(SELECT * FROM memberInformation WHERE email = '$email'); Please read this: http://php.net/manual/security.database.sql-injection.php After you've digested that, you should study the examples in manual MySQL functions to see how to connect, query, and obtain results from MySQL, and how to check for errors. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* question = ( to ) ? be : ! be; -- Wm. Shakespeare */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Performance of magic_quotes_gpc ??
Hello,
I am working on a ticket tracking system and using htmlentities and
htmlspecialchars on text that gets inserted into the database.
code I have:
--snip--
if ((isset($_POST['tentry_body'])) AND strlen($_POST['tentry_body']) 5) {
$query .= tentry_body = ' .
htmlentities(htmlspecialchars($_POST['tentry_body'])) . ';
} else {
$status=li class=errorERROR with entry -- appears to be empty
!/li\n;
$check=1;
}
--snip--
In the archives people suggest that using mysql_escape_string should be
used, I then found that you could globally enable magic_quotes_gpc.
What is the best method ? Does magic_quotes have a large performance
issue ??
Would it not just be safer to turn it on ??
Thanks.
Michael.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Performance of magic_quotes_gpc ??
On Sun, 2004-12-19 at 18:31, Michael Gale wrote:
Hello,
I am working on a ticket tracking system and using htmlentities and
htmlspecialchars on text that gets inserted into the database.
code I have:
--snip--
if ((isset($_POST['tentry_body'])) AND strlen($_POST['tentry_body']) 5) {
$query .= tentry_body = ' .
htmlentities(htmlspecialchars($_POST['tentry_body'])) . ';
} else {
$status=li class=errorERROR with entry -- appears to be empty
!/li\n;
$check=1;
}
--snip--
In the archives people suggest that using mysql_escape_string should be
used, I then found that you could globally enable magic_quotes_gpc.
What is the best method ? Does magic_quotes have a large performance
issue ??
Would it not just be safer to turn it on ??
Learn to write secure code for yourself. Magic quotes are an illusion.
Cheers,
Rob.
--
..
| InterJinn Application Framework - http://www.interjinn.com |
::
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`'
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] I really need help...
I really need help to solve this problem. Help me to solve, please do
not say to ask someone else.
My problem is i have .txt file size of 3-5 kb with long rows. I have a
mysql table and a column
type of longtext, name html. What I have to do is: I have to open
.txt and read inside and
insert the content to html. My purpose is this but the problem is: I
easily upload .txt to
server, and read inside, BUT i can not enter it's content to html. I
followed the program up to
mysql query row its working correctly but when i write
mysql_query(INSERT INTO abc
(col1,col2,html) VALUES ('$col1','$col2','$file_contents')) or
die(ERROR!); it dies and give
error. My observations: I put $file_contents instead of ERROR! message
i saw the content, i set
the type of html column to longblob, nothing changed: ERROR!, i made
another .php file which
uses a form, i copied .txt's content manually into textarea, it
succesfully inserted. Then i
made 3 steps program; i uploaded .txt in first step then in second step
i inserted the content to
a textarea as it's value and at the third step i tried to add to
mysql, message was: ERROR!
again. I tought it may be because of touching the textarea's content
and i clicked textarea
and pressed SPACE BAR :) really but of course nothing changed. One more
thing i tried to insert by
mysql_query(UPDATE abc SET html='$file_contents' WHERE col1='$col1'
and col2='$col2'); but still
it answered I can not enter this variable to html. When i delete
the long rows it achieves but
i need them and i need to this automatically by selecting the file and
inserting to mysql. Please
please help me if you can. Below i've added the codes of program. I
will go insane if i can not
solve it. I am thinking about learning Perl to do that. Thank you very
much...
?php
$html=html
head
titleHTML document/title
styleinput,textarea,td {font-family:verdana;font-size:10px;border:1px
#2D7BA2
solid;background:#BECCE7} /style
/head
body
form action='admin.php' method='POST' ENCTYPE='multipart/form-data'
table align='Center'
tr
tdMarka:/td
tdinput name='alan1' type='Text' size=30 value='$alan1'/td
/tr
tr
tdÜrün Grubu:/td
tdinput name='alan2' type='Text' size=30 value='$alan2'/td
/tr
tr
tdAlt Ürün Grubu:/td
tdinput name='alan3' type='Text' size=30 value='$alan3'/td
/tr
tr
tdResmin türü:/td
tdinput name='tur' type='Radio' value='jpg' checkedJPG input
name='tur' type='Radio'
value='gif'GIF/td
/tr
tr
tdDosya:/td
tdinput name='file' type='File'/td
/tr
tr
td colspan=2 align='Center'input type='Submit' value='Yolla'/td
/tr
/table
/form
;
if(empty($HTTP_POST_VARS)){echo $html;}
else {
$absolute_path = ../beyazesya/Del;
$size_limit = var;
$limit_size = 15;
$limit_ext = var;
$ext_count = 2;
$extensions = array(.jpg, .gif);
$geri = brbra href='#'
onclick='javascript:history.go(-1)'Geri/a;
$endresult = 'DOSYA BAÞARIYLA GÖNDERÝLDÝ..';
if ($file_name == ) {
$endresult='DOSYA SEÇMEDÝNÝZ.. $geri';
}else{
if (($size_limit == var) ($limit_size $file_size)) {
$endresult = 'DOSYA ÇOK BÜYÜK, EN FAZLA 150KB OLABÝLÝR $geri';
} else {
$ext = strrchr($file_name,'.');
if (($limit_ext == var) (!in_array($ext,$extensions))) {
$endresult = 'DOSYA TÜRÜ YALNIZCA .ZIP VEYA .RAR OLABÝLÝR.. $geri';
}else{
[EMAIL PROTECTED]($file, $absolute_path/file.txt) or die(DOSYA
KOPYALANAMADI.. $geri);
$dosyam=../beyazesya/Del/file.txt;
$fp=fopen($dosyam,r) or die(Cant open file);
while(!feof($fp)){
$buf = fgets($fp,8192);
$buffer=$buffer.$buf;
}
$buffer=eregi_replace(\t,,$buffer);
$buffer=trim($buffer);
$f_a=$file_name;
$model=str_replace(.txt,,$f_a);
$resim=$model.$tur;
mysql_connect(xxx,yyy,zzz);
mysql_select_db(aaa);
$bb=mysql_query(SELECT * FROM beyaz WHERE alan1='$alan1' AND
alan2='$alan2' AND alan3='$alan3'
AND model='$model');
$say_bb=mysql_num_rows($bb);
if($say_bb1)
{
$b=mysql_query(INSERT INTO beyaz (alan1,alan2,alan3,resim,model,html)
VALUES
('$alan1','$alan2','$alan3','$resim','$model','$buffer')) or
die(ERROR!);
if($b) {echo $html;
$yazili=mysql_query(SELECT * FROM beyaz WHERE alan1='$alan1' AND
alan2='$alan2' AND
alan3='$alan3');
echo table align=centertrtd;
$top_yaz=mysql_num_rows($yazili);
echo Toplam: b$top_yaz/bhr;
while($read=mysql_fetch_row($yazili))
{
echo $read[4]br;
}
echo /td/tr/table;
}}
else echo (this record is done before);
fclose ($fp);
unlink(../beyazesya/Del/file.txt);
$buffer=0;
?
/body
/html
__
Do you Yahoo!?
Send holiday email and support a worthy cause. Do good.
http://celebrity.mail.yahoo.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Performance of magic_quotes_gpc ??
They do not do the same thing. mysql_escape_string() is what you're after, if you're inserting data from user input into an SQL statement, regardless! Jed -- _ (_)___Jed Smith, Code Monkey | / __| [EMAIL PROTECTED] | [EMAIL PROTECTED] | \__ \ +1 541 606-4145 _/ |___/ Signed mail preferred (PGP 0x703F9124) |__/http://personal.jed.bz/keys/jedsmith.asc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Performance of magic_quotes_gpc ??
Hi, a couple of comments: --snip-- htmlentities(htmlspecialchars($_POST['tentry_body'])) . '; --snip-- Why are you using both htmlentities and htmlspecialchars? Think that html only converts some entities while htmlentities converts all ... so, for your purposes, apliying only one could do the job. In the archives people suggest that using mysql_escape_string should be used, I then found that you could globally enable magic_quotes_gpc. magic_quotes_gpc is a generic way to getting the user data escaped, but is not the recommended way. It's better to have magic_quotes_gpc disabled and use a database specific method for scaping. If you use mysql, I would recommend mysql_real_escape_string. (mysql_escape_string is deprecated since 4.3.0) Best regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Performance of magic_quotes_gpc ??
Hello, Thanks for all of the responses ... I am going to use mysql_real_escape_string. Michael. Jordi Canals wrote: Hi, a couple of comments: --snip-- htmlentities(htmlspecialchars($_POST['tentry_body'])) . '; --snip-- Why are you using both htmlentities and htmlspecialchars? Think that html only converts some entities while htmlentities converts all ... so, for your purposes, apliying only one could do the job. In the archives people suggest that using mysql_escape_string should be used, I then found that you could globally enable magic_quotes_gpc. magic_quotes_gpc is a generic way to getting the user data escaped, but is not the recommended way. It's better to have magic_quotes_gpc disabled and use a database specific method for scaping. If you use mysql, I would recommend mysql_real_escape_string. (mysql_escape_string is deprecated since 4.3.0) Best regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Uncompressing files on server
I have some PHP files from a content management system. I uploaded the compressed files to the server, but how do I un-compress them now? I am using Filezilla. Can it be done, or do I have to uncompress the file on my computer and then upload? thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
