Re: [PHP] HELP SQL INJECTION
On Saturday 11 July 2009 01:17:28 Zareef Ahmed wrote: Hi, First of all change your FTP password and stop storing your password in your FTP client. This type of attacks are very common with the people who use insecure FTP client. My previous experience with your kind of problem tell me that chances of a FTP attack are really higher in the pattern of your case. Zareef Ahmed On Sat, Jul 11, 2009 at 3:50 AM, Daniel Brown danbr...@php.net wrote: On Fri, Jul 10, 2009 at 18:11, Chris Paynechris_pa...@danmangames.com wrote: Sorry I post at the top because i'm legally blind and it's easier but i'll try to post at the bottom :-) This is the main site on my server: http://www.oxyge.net I just took out the offending code at the end of the index page to get it back up and running. Check the /blog/ as well. Parse error. -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Another way that they hackers get in in the first place is by exploiting a vulnerability in software you have on the server. Have you installed something pre-built, like a forum, blog, etc? Sometimes, these have holes, which can be an open door if left unpatched. -- Thanks, Ash http://www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
On Sat, Jul 11, 2009 at 6:14 AM, Govinda govinda.webdnat...@gmail.comwrote: On Jul 10, 2009, at 6:34 PM, Zareef Ahmed wrote: heredoc was there to work with the strings... why you want to use functions into that? I'm lazy. Like to type less. ;-) It is well known fact that normally only lazy people end up being a good programmer. BTW template system like smarty and many MVC pattern framework solved such issues But those are only useful if you are planning something big (read more than a single page ) and want to put the logic not just for less typing but also for less complication; I hope I sound less complicated :) But now I know. Thanks guys. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Zareef Ahmed :: A PHP Developer in India ( Delhi ) Homepage :: http://www.zareef.net
Re: [PHP] MySql Injection advice
On Jul 10, 2009, at 10:12 PM, Haig Dedeyan hdede...@videotron.ca wrote: Hi everyone, I'm starting to experiment with an edit form and I am seeing the following behaviour: $fname = mysql_real_escape_string($fname); $lname = mysql_real_escape_string($lname); $sql = UPDATE phonedir SET fname = '$fname',lname = '$lname' WHERE id=$id; $result = mysql_query($sql); echo mysql_error() . \n; This will result in the addition of the slashes. If I do the following, there are no slashes. Just wondering if I'm on the right path with the 1st code set.. $sql = UPDATE phonedir SET fname = '.mysql_real_escape_string($fname).',lname = '.mysql_real_escape_string($lname).' WHERE id=$id; $result = mysql_query($sql); echo mysql_error() . \n; Cheers Haig Check that magic_quotes are turned off. Bastien Sent from my iPod -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
At 8:34 PM -0400 7/10/09, Daniel Brown wrote: On Fri, Jul 10, 2009 at 20:25, Govindagovinda.webdnat...@gmail.com wrote: How do I get basename(__FILE__) or htmlentities($somevar) to be evaluated in a heredoc? You don't. Instead, you have to store the output from those in a variable (or array), then place it into the HEREDOC it. ?php $somevar = htmlentities($somevar); $filedata = array('name' = basename(__FILE__), 'size' = filesize(__FILE__)); $html =HTML bFile Name:/b {$filedata['name']}br / bFile Size:/b {$filedata['size']}br / b\$somevar/b: {$somevar}br / HTML; echo $html; ? Daniel: Why the braces? Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] How to authnticate and use contents from ${HOME}
Hello, My name ich Chantale, I am 15years old and in a german Lycee. I like to study Informatic in two years and now try to code my first applications. I am new to php and like to code my own Intranet Web-Interface which should run on my FileServer at home. I have installed libapache2-mod-suphp and php5-auth-pam, but it seems to be not the thing I need. What I need is, that a ${USER} can login and work on her/his ${HOME}. And NO, the /~${USER} thing is definitively not what I want. How can I archive this? Thank you Chantale #adBox3 {display:none;} -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
On Saturday 11 July 2009 15:23:55 tedd wrote: At 8:34 PM -0400 7/10/09, Daniel Brown wrote: On Fri, Jul 10, 2009 at 20:25, Govindagovinda.webdnat...@gmail.com wrote: How do I get basename(__FILE__) or htmlentities($somevar) to be evaluated in a heredoc? You don't. Instead, you have to store the output from those in a variable (or array), then place it into the HEREDOC it. ?php $somevar = htmlentities($somevar); $filedata = array('name' = basename(__FILE__), 'size' = filesize(__FILE__)); $html =HTML bFile Name:/b {$filedata['name']}br / bFile Size:/b {$filedata['size']}br / b\$somevar/b: {$somevar}br / HTML; echo $html; ? Daniel: Why the braces? Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com The braces ensure that PHP doesn't stop parsing the variable name once it reaches the [. By default, it will only match a variable name up to the [ sign, so you couldn't access arrays without the braces. -- Thanks, Ash http://www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] How to authnticate and use contents from ${HOME}
What is xamp? I have my own webinterface and need only to authenticate the loginuser to let him/her work on the ${HOME} Thanks Chantale - original Nachricht Betreff: Re: [PHP] How to authnticate and use contents from ${HOME} Gesendet: Mo 06 Jul 2009 15:14:16 CEST Von: Bastien Koertphps...@gmail.com Try xamp or one of the preconfigured packages bastien #adBox3 {display:none;} -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] How to authnticate and use contents from ${HOME}
Hello Isaac, http://en.wikipedia.org/wiki/List_of_LAMP_Packages I am not interested in LDAP and MySQL stuff. This is overkill for my Intranet Server. What are you wanting to build in your interface? And as I have written, I am learning PHP-Coding. So ready-to-use-stuff where no one know how it works is no option. I have installed php5-auth-pam and it works already, speak, I get the correct ExitStatus if one try to authenticate. But this works only (in conjunction with suPHP) if the script run as root which should not be. Greetings Chantale #adBox3 {display:none;} -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] How to authnticate and use contents from ${HOME}
On Sat, Jul 11, 2009 at 9:41 PM, schneider.chant...@freenet.de wrote: What is xamp? XAMPP is a preconfigured package for using apache, mysql, php/perl/python on any platform like linux, mac OS or Windows. Look at www.apachefriends.de
[PHP] Re: How to authnticate and use contents from ${HOME}
Hi Isaac, Installing LAMP is not a good idea for productive servers. Always stick with the Packages of your distribution to get all upgrades. Ack! I use Debian/Lenny Activating a module isn't hard at all, so... there's not really a need for packages like LAMP on a unix-like OS. The point in not using such Packages like LAMP on a system which isn't productive is learning to set up a productive server. You decide. mod_auth_pam might be a way fo accomplish what you want. Hmmm, I have installed php5-auth-pam but it give only an ExitStatus. So if my script run as root :-/ I can check, whether php5-auth-pam say it is OK and then I can act on... But is there another option as running the script as root? Thanks Chantale #adBox3 {display:none;} -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySql Injection advice
At 10:12 PM -0400 7/10/09, Haig Dedeyan wrote: [1] $fname = mysql_real_escape_string($fname); $lname = mysql_real_escape_string($lname); $sql = UPDATE phonedir SET fname = '$fname',lname = '$lname' WHERE id=$id; $result = mysql_query($sql); echo mysql_error() . \n; This will result in the addition of the slashes. [2] If I do the following, there are no slashes. Just wondering if I'm on the right path with the 1st code set.. $sql = UPDATE phonedir SET fname = '.mysql_real_escape_string($fname).',lname = '.mysql_real_escape_string($lname).' WHERE id=$id; $result = mysql_query($sql); echo mysql_error() . \n; Haig: Interesting, I did not know that -- that sounds like a bug to me -- both should be the same. However, I commonly do [1] and when I have to display the data to a browser, then I use htmlentities() and stripslashes() before displaying the data. That way names like O'Brian appear correctly -- else they appear 0\'Brian. Now maybe I'm doing something wrong, but this way works for me. If there is a better way, I would like to here it. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: How to authnticate and use contents from ${HOME}
Hello Carl, PHP may not be the thing to do this.. because it sounds like you want the users to chroot to ${HOME} which php especially on a vhost does not do. It is not a VHost. It is a full blown machine. with apache2, php5, libapache2-mod-suphp, courier-imap/mta If you want users to access an nfs or ftp I would use either samba or Windows? Me? -- It is already enough, if I have to use it @school. vsftp or some other scp/ftp software. Ehm no, this require a second computer whith such tools installed... I like to connect the intranet server to my ADSL line and then access it from everywhere in the world. Chantale #adBox3 {display:none;} -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: How to authnticate and use contents from ${HOME}
Sorry for the second mail, but my first one was rejected and the rest from the list was gone diirectly into the Spamfolder from Freenet... Chantale #adBox3 {display:none;} -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
On Sat, Jul 11, 2009 at 10:42, Ashley Sheridana...@ashleysheridan.co.uk wrote: The braces ensure that PHP doesn't stop parsing the variable name once it reaches the [. By default, it will only match a variable name up to the [ sign, so you couldn't access arrays without the braces. Couldn't have said it better myself. As for the braces in the HEREDOC around {$somevar}, while it works absolutely fine, it was a typo on my part: I intended to show all manner of usage and processing of variables within the HEREDOC syntax. However, in my own code, I generally include all variables between {braces} when inside a HEREDOC block. Sheer preference for readability in a large HEREDOC: because I don't normally use curly braces around variables, when I see that on the page, I instantly recognize that I'm still in the block (if all other clues miraculously fail --- and we all know that they sometimes do). -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
At 3:42 PM +0100 7/11/09, Ashley Sheridan wrote: On Saturday 11 July 2009 15:23:55 tedd wrote: At 8:34 PM -0400 7/10/09, Daniel Brown wrote: -snip- $html =HTML bFile Name:/b {$filedata['name']}br / bFile Size:/b {$filedata['size']}br / b\$somevar/b: {$somevar}br / HTML; echo $html; ? Daniel: Why the braces? tedd The braces ensure that PHP doesn't stop parsing the variable name once it reaches the [. By default, it will only match a variable name up to the [ sign, so you couldn't access arrays without the braces. Ash Ash: Ahhh, the arrays -- I should have looked further up. I just noticed: b\$somevar/b: {$somevar}br / and wondered why, because: b\$somevar/b: $somevarbr / will work. Side note: Paul Novitski showed me using an underscore for heredocs: $html =_ whatever _; That I thought was kind of neat. To me it makes heredocs stand out and are more uniform. In any event, thanks, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: How to authnticate and use contents from ${HOME}
On Sat, Jul 11, 2009 at 10:52, schneider.chant...@freenet.de wrote: Hi Isaac, Installing LAMP is not a good idea for productive servers. Always stick with the Packages of your distribution to get all upgrades. No offense toward the poster of this information, but this is probably the most ludicrous advice I've seen given in quite some time. I advise against following it --- not necessarily against using your distribution's packages, but certainly against *only* using them. It's a very bad, very useless idea. -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] phpscriptor.com
Ok this may look like spam but what the hell... I'm the owner of phpscriptor.com, I had bigg plans with this domainname but... well yes, no time. So I'm selling it. I don't want to make profit out of it. So for, lets say 200 dollar, you can have to domainname. And if you want, you get the website free with it. I hope I can do someone a pleasure with it. So that someone else can make something great out of it. If you 're interested in it, just send me a mail cont...@phpscriptor.com Greetings - visit my website at http://www.phpscriptor.com/ http://www.phpscriptor.com/ -- View this message in context: http://www.nabble.com/phpscriptor.com-tp24441087p24441087.html Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: How to authnticate and use contents from ${HOME}
First time I've ever seen LAMP described as a language... __ Information from ESET Smart Security, version of virus signature database 4234 (20090711) __ The message was checked by ESET Smart Security. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
On Sat, Jul 11, 2009 at 11:05, teddtedd.sperl...@gmail.com wrote: Side note: Paul Novitski showed me using an underscore for heredocs: $html =_ whatever _; That I thought was kind of neat. To me it makes heredocs stand out and are more uniform. I used $html =HTML because it then syntax-highlights as HTML+PHP in Vim, and as many know, almost everything I do is from the command line and Vim. -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
On Saturday 11 July 2009 16:05:55 tedd wrote: At 3:42 PM +0100 7/11/09, Ashley Sheridan wrote: On Saturday 11 July 2009 15:23:55 tedd wrote: At 8:34 PM -0400 7/10/09, Daniel Brown wrote: -snip- $html =HTML bFile Name:/b {$filedata['name']}br / bFile Size:/b {$filedata['size']}br / b\$somevar/b: {$somevar}br / HTML; echo $html; ? Daniel: Why the braces? tedd The braces ensure that PHP doesn't stop parsing the variable name once it reaches the [. By default, it will only match a variable name up to the [ sign, so you couldn't access arrays without the braces. Ash Ash: Ahhh, the arrays -- I should have looked further up. I just noticed: b\$somevar/b: {$somevar}br / and wondered why, because: b\$somevar/b: $somevarbr / will work. Side note: Paul Novitski showed me using an underscore for heredocs: $html =_ whatever _; That I thought was kind of neat. To me it makes heredocs stand out and are more uniform. In any event, thanks, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com I would try to avoid heredoc delimiters of a single character, just in case ;) What I tend to do is to use EOC where the last letter changes depending on what content I'm outputting. It makes no difference, but reading back later it helos me understand what I was doing. So I'd use EOX for XML, EOF for forms, OEC for general content, etc. I only do it this way because I remember reading somewhere (If forget exactly where now) that it is better to use 3 or more characters in uppercase so they stand out well from the rest of the code. -- Thanks, Ash http://www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
On Saturday 11 July 2009 16:23:11 Daniel Brown wrote: On Sat, Jul 11, 2009 at 11:05, teddtedd.sperl...@gmail.com wrote: Side note: Paul Novitski showed me using an underscore for heredocs: $html =_ whatever _; That I thought was kind of neat. To me it makes heredocs stand out and are more uniform. I used $html =HTML because it then syntax-highlights as HTML+PHP in Vim, and as many know, almost everything I do is from the command line and Vim. -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig Now that is very useful to know! I'm going to try that out to see if other *nix editors handle it the same way -- Thanks, Ash http://www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: How to authnticate and use contents from ${HOME}
On Saturday 11 July 2009 15:57:30 schneider.chant...@freenet.de wrote: Hello Carl, PHP may not be the thing to do this.. because it sounds like you want the users to chroot to ${HOME} which php especially on a vhost does not do. It is not a VHost. It is a full blown machine. with apache2, php5, libapache2-mod-suphp, courier-imap/mta If you want users to access an nfs or ftp I would use either samba or Windows? Me? -- It is already enough, if I have to use it @school. vsftp or some other scp/ftp software. Ehm no, this require a second computer whith such tools installed... I like to connect the intranet server to my ADSL line and then access it from everywhere in the world. Chantale #adBox3 {display:none;} This really seems like you would be best off doing this with a simple SSH connection. I see you use Linux, so that makes things easier. You can manipulate files as if they were in your local file system with KDE IO slaves (assuming you use the KDE window manager of course). This pretty much lets you do what you want. You can even run program on the remote machine with the -X parameter of the ssh command. -- Thanks, Ash http://www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] Re: How to authnticate and use contents from ${HOME}
Hello Ashley, This really seems like you would be best off doing this with a simple SSH connection. I see you use Linux, so that makes things easier. Ehm, no, I use office.freenet.de and the Webinterface. You can manipulate files as if they were in your local file system with KDE IO slaves (assuming you use the KDE window manager of course). No, only FVWM. :-) KDE/GNOME would kill my machine. This pretty much lets you do what you want. You can even run program on the remote machine with the -X parameter of the ssh command. SInce I have no Laptop and do not like to take it with me all the time, my Webinterface must be accessibel from everywhere in the world. Chantale #adBox3 {display:none;} -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] Re: How to authnticate and use contents from ${HOME}
Hi back, - original Nachricht Betreff: Re: [PHP] Re: How to authnticate and use contents from ${HOME} Gesendet: Sa 11 Jul 2009 17:55:24 CEST Von: Ashley Sheridana...@ashleysheridan.co.uk Have you looked at other online solutions for this? For someone who is just learning PHP, you could potentially be opening yourself up to all sorts of hacking by doing what you want to here. I have to learn how to make it secure... ;-) Afaik, you won't be able to do this easily with PHP. What sort of files were I am trying to code a whole intranet Interface from Web-Mail to Online-Filemanager, Callendar and more. you thinking of being able to edit anyway? I do not have to edit anything... I need only to access the private Diskspace for upload/download files, creating/removing subdirectories and give permissions WHO can get stuff from it If I use suPHP and use root, it works as expected but I think, if someone authenticate the session must be SUID to that user. Note: The Web-accesibel folder is NOT ${HOME} but a subdirectory and the webinterface can not break out... because I have already secured it. (No ../../ or such will work) Chantale #adBox3 {display:none;} -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: How to authnticate and use contents from ${HOME}
On Saturday 11 July 2009 16:41:21 schneider.chant...@freenet.de wrote: Hello Ashley, This really seems like you would be best off doing this with a simple SSH connection. I see you use Linux, so that makes things easier. Ehm, no, I use office.freenet.de and the Webinterface. You can manipulate files as if they were in your local file system with KDE IO slaves (assuming you use the KDE window manager of course). No, only FVWM. :-) KDE/GNOME would kill my machine. This pretty much lets you do what you want. You can even run program on the remote machine with the -X parameter of the ssh command. SInce I have no Laptop and do not like to take it with me all the time, my Webinterface must be accessibel from everywhere in the world. Chantale #adBox3 {display:none;} Have you looked at other online solutions for this? For someone who is just learning PHP, you could potentially be opening yourself up to all sorts of hacking by doing what you want to here. Afaik, you won't be able to do this easily with PHP. What sort of files were you thinking of being able to edit anyway? -- Thanks, Ash http://www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
At 11:23 AM -0400 7/11/09, Daniel Brown wrote: and as many know, almost everything I do is from the command line I stopped using the command-line when I moved from my old Apple ][ to the Mac. I know I should get back into it, but there is so much there it's overwhelming. Using the terminal command-line on the Mac is one of those things I have on my list of things to learn. Right now, I have my hands/head full learning Eclipse for PHP -- boy, there's a lot there. It seems the more I learn, the more I need to learn. I said a long time ago: I've learned something new everyday of my life -- and I'm getting damned tried of it. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] XAMMP-Mysql Crashing
I have an issue that Mysql will not start on my local machine. I noticed a few days ago on a restart that I got an error saying that Mysqld had encountered a problem and had to close. I did not pay any attention to it because I was not working in it for a bit. I then tried to start it today and got the same error message saying mysqld.exe has encountered a problem and had to close. + Apache 2.2.11 + MySQL 5.1.30 (Community Server) + PHP 5.2.8 + PEAR (Support for PHP 4 has been discontinued) + PHP-Switch win32 1.0 (use php-switch.bat in the xampp main directory) + XAMPP Control Version 2.5 from www.nat32.com + XAMPP Security 1.0 + SQLite 2.8.15 + OpenSSL 0.9.8i + phpMyAdmin 3.1.1 + ADOdb 4.990 + Mercury Mail Transport System v4.52 + FileZilla FTP Server 0.9.29 + Webalizer 2.01-10 + Zend Optimizer 3.3.0 + eAccelerator 0.9.5.3 für PHP 5.2.8 (but not activated in the php.ini) Anyone have an idea to where I should start to look? Thanks Gary __ Information from ESET NOD32 Antivirus, version of virus signature database 4234 (20090711) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [PHP-DB] Checking Special Characters
On Sat, Jul 11, 2009 at 02:41, Manu Guptamanugu...@gmail.com wrote: Dear All, I have to design a databse where I need to check for date using date as datatype in mysql I am having problems while inserting it Can you help me with it?? Google. Also I am having problems with eregi(), erege(); This is a serious issue, and one that you will continue to experience: because there's no such function as erege(). PLUS can i know various ways to secure password in a db Sure! See: http://tinyurl.com/ljrvzt -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] XAMMP-Mysql Crashing
On Sat, Jul 11, 2009 at 11:47, Garyg...@paulgdesigns.com wrote: I have an issue that Mysql will not start on my local machine. I noticed a few days ago on a restart that I got an error saying that Mysqld had encountered a problem and had to close. I did not pay any attention to it because I was not working in it for a bit. Is it just me or do I see nothing at all related to PHP anywhere in your message? ;-P Check with the fine folks at XAMPP[1] and MySQL (Windows)[2][3]. They bite less than we do sometimes. ^1: http://www.apachefriends.org/f/viewforum.php?f=34 ^2: http://lists.mysql.com/win32 (Very, very low-traffic list.) ^3: http://lists.mysql.com/ (All lists.) -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] XAMMP-Mysql Crashing
Ahh the list of responses is endless 1. Its just you 2. Please, if you want to see people bite, go over the the adobe/dreamweaver group, there are some people over there that are very proud of their ability to type numbers letters and charactors in the correct order. 3. Let me rephrase, as it relates to PHP,MySQL keeps crashing, I have. Alright, so not really all that endless... Thanks for the links, I have signed up for the mysql group, waiting to get the super secret handshake so I can post Thanks Gary Daniel Brown danbr...@php.net wrote in message news:ab5568160907110940o7cfbc1f0m6369e3d261f4d...@mail.gmail.com... On Sat, Jul 11, 2009 at 11:47, Garyg...@paulgdesigns.com wrote: I have an issue that Mysql will not start on my local machine. I noticed a few days ago on a restart that I got an error saying that Mysqld had encountered a problem and had to close. I did not pay any attention to it because I was not working in it for a bit. Is it just me or do I see nothing at all related to PHP anywhere in your message? ;-P Check with the fine folks at XAMPP[1] and MySQL (Windows)[2][3]. They bite less than we do sometimes. ^1: http://www.apachefriends.org/f/viewforum.php?f=34 ^2: http://lists.mysql.com/win32 (Very, very low-traffic list.) ^3: http://lists.mysql.com/ (All lists.) -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] XAMMP-Mysql Crashing
On Sat, Jul 11, 2009 at 13:07, Garygwp...@ptd.net wrote: Ahh the list of responses is endless 1. Its just you My wife keeps telling me the same thing, so you're in good company, Gary. 2. Please, if you want to see people bite, go over the the adobe/dreamweaver group, there are some people over there that are very proud of their ability to type numbers letters and charactors in the correct order. I've heard much the same. I've never had a need to get involved there, but at the risk of getting some (probably well-deserved) flames for saying this, but compared to developers, who are a bit more nerdly-rugged, designers (particularly many friends of mine who tout Dreamweaver as the end-all, be-all) are complete divas about their work and arsenal of tools. 3. Let me rephrase, as it relates to PHP,MySQL keeps crashing, I have. Alright, so not really all that endless... Thanks for the links, I have signed up for the mysql group, waiting to get the super secret handshake so I can post Question for you: is that a stock installation of XAMPP? And, if so, did you get it from apachefriends.de? I noticed the German language for the version banner. Doing it old-school with the Pennsylvania Dutch, eh? ;-P -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
On Sat, Jul 11, 2009 at 13:45, Eddie Drapkinoorza...@gmail.com wrote: If that's true, then we've found an error reporting bug! I've never seen an error/warning raised, even with my usual error_reporting(E_ALL | E_STRICT | E_DEPRACATED)! The warning is raised here, though: $foo = $bar[hello]; but not here: $foo = $bar[hello] No, we're crossing subjects here, actually. The error would be raised in something such as the following: ?php $bar['hello'] = 'World!'; $bar['world'] = 'Hello,'; $foo = EOT $bar['world'] $bar['hello'] EOT; echo $foo.\n; ? Sorry if I sound like an ass, just trying to defend myself from having to go change several thousand array items referenced from doublequotes / HEREDOC. You don't sound like an ass at all (quite the contrary, actually), and not changing them certainly isn't the end of the world. -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] XAMMP-Mysql Crashing
On Sat, Jul 11, 2009 at 13:30, Garygwp...@ptd.net wrote: It is a bit freindlier here, those folks over at dreamweaver have a lot in common with pipe-smokers, fly fisherman and sail boat captains... I dont really recall where I got the XAMMP from, so I dont really understand the german reference. I did just start getting a message from a newgroup posting that I needed to DL some special language drivers to send my message in Arabichope its not all related.. Time to brush-up on your Farsi. -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] XAMMP-Mysql Crashing
Oy vey... Reminds me, did you hear that the president of iran called Rush Limbaugh.. Told rush that he had a dream about the United State, that all of the houses in America had banners on them, claiming The United State of Iran, Rush replied, you know thats funny, but I had a dream about Iran, and all the houses had banners on them And the president replied what did the banners say? And rush replied I dont know, I dont speak hebrew. Daniel Brown danbr...@php.net wrote in message news:ab5568160907111046y6a432cfaq55b118ebd46da...@mail.gmail.com... On Sat, Jul 11, 2009 at 13:30, Garygwp...@ptd.net wrote: It is a bit freindlier here, those folks over at dreamweaver have a lot in common with pipe-smokers, fly fisherman and sail boat captains... I dont really recall where I got the XAMMP from, so I dont really understand the german reference. I did just start getting a message from a newgroup posting that I needed to DL some special language drivers to send my message in Arabichope its not all related.. Time to brush-up on your Farsi. -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
On Sat, Jul 11, 2009 at 2:01 PM, Daniel Browndanbr...@php.net wrote: On Sat, Jul 11, 2009 at 13:45, Eddie Drapkinoorza...@gmail.com wrote: If that's true, then we've found an error reporting bug! I've never seen an error/warning raised, even with my usual error_reporting(E_ALL | E_STRICT | E_DEPRACATED)! The warning is raised here, though: $foo = $bar[hello]; but not here: $foo = $bar[hello] No, we're crossing subjects here, actually. The error would be raised in something such as the following: ?php $bar['hello'] = 'World!'; $bar['world'] = 'Hello,'; $foo = EOT $bar['world'] $bar['hello'] EOT; echo $foo.\n; ? Yeah, that (echo $bar['hello']) would raise an error the same way as if you had said: echo $bar['\'hello\'']; because, as far as my understand goes, the array key word inside the doublequotes/heredoc is literally evaluated, so it'll look for the literal 'hello' key instead of the literal hello key, if that makes sense given the lack of formatting on my part. It looks like, when in lexing mode inside of doublequotes/heredoc, the lexer stops lexing at the first ] after a $ and inside the square bracketed word, it interprets it as a hash table key, rather than as the literal word, which would be cast to a string (as an undefined constant) and then used as a hash table key outside of lexing mode (which is probably not the right way to describe what's going on inside heredoc or doublequotes). You don't sound like an ass at all (quite the contrary, actually), and not changing them certainly isn't the end of the world. Alright, was just a tad worried ;) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
On Sat, Jul 11, 2009 at 11:03 AM, Daniel Browndanbr...@php.net wrote: On Sat, Jul 11, 2009 at 10:42, Ashley Sheridana...@ashleysheridan.co.uk wrote: The braces ensure that PHP doesn't stop parsing the variable name once it reaches the [. By default, it will only match a variable name up to the [ sign, so you couldn't access arrays without the braces. Couldn't have said it better myself. As for the braces in the HEREDOC around {$somevar}, while it works absolutely fine, it was a typo on my part: I intended to show all manner of usage and processing of variables within the HEREDOC syntax. However, in my own code, I generally include all variables between {braces} when inside a HEREDOC block. Sheer preference for readability in a large HEREDOC: because I don't normally use curly braces around variables, when I see that on the page, I instantly recognize that I'm still in the block (if all other clues miraculously fail --- and we all know that they sometimes do). -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Uhm you don't need braces around arrays unless you're using more than one dimension in the array. This works perfectly fine for me: ?php $bar = array('hello' = goodbye); $foo = EOT $bar[hello] EOT; echo $foo; //echos out goodbye ? Something this simple should be common knowledge :X but I still agree with Daniel that you ought to use {} around variables in HEREDOC (or double-quotes) as it makes your code much more readable. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] XAMMP-Mysql Crashing
It is a bit freindlier here, those folks over at dreamweaver have a lot in common with pipe-smokers, fly fisherman and sail boat captains... I dont really recall where I got the XAMMP from, so I dont really understand the german reference. I did just start getting a message from a newgroup posting that I needed to DL some special language drivers to send my message in Arabichope its not all related.. Gary Daniel Brown danbr...@php.net wrote in message news:ab5568160907111018t3f080423q82303952e7c5b...@mail.gmail.com... On Sat, Jul 11, 2009 at 13:07, Garygwp...@ptd.net wrote: Ahh the list of responses is endless 1. Its just you My wife keeps telling me the same thing, so you're in good company, Gary. 2. Please, if you want to see people bite, go over the the adobe/dreamweaver group, there are some people over there that are very proud of their ability to type numbers letters and charactors in the correct order. I've heard much the same. I've never had a need to get involved there, but at the risk of getting some (probably well-deserved) flames for saying this, but compared to developers, who are a bit more nerdly-rugged, designers (particularly many friends of mine who tout Dreamweaver as the end-all, be-all) are complete divas about their work and arsenal of tools. 3. Let me rephrase, as it relates to PHP,MySQL keeps crashing, I have. Alright, so not really all that endless... Thanks for the links, I have signed up for the mysql group, waiting to get the super secret handshake so I can post Question for you: is that a stock installation of XAMPP? And, if so, did you get it from apachefriends.de? I noticed the German language for the version banner. Doing it old-school with the Pennsylvania Dutch, eh? ;-P -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
On Sat, Jul 11, 2009 at 1:41 PM, Daniel Browndanbr...@php.net wrote: On Sat, Jul 11, 2009 at 13:35, Daniel Browndanbr...@php.net wrote: It works fine because you're forcing PHP to cast 'hello' in your array from a simple boolean TRUE to the string equivalent. sed s/string equivalent/literal 'hello' string/g (The way I'd worded it before seemed to me, upon re-reading it, like I was implying it would cast the boolean TRUE to the string 'TRUE'.) -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig If that's true, then we've found an error reporting bug! I've never seen an error/warning raised, even with my usual error_reporting(E_ALL | E_STRICT | E_DEPRACATED)! The warning is raised here, though: $foo = $bar[hello]; but not here: $foo = $bar[hello] At the risk of sounding like an inane ass, I quote, from php.net/strings: With array indices, the closing square bracket (]) marks the end of the index. The same rules apply to object properties as to simple variables. Sorry if I sound like an ass, just trying to defend myself from having to go change several thousand array items referenced from doublequotes / HEREDOC. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
On Sat, Jul 11, 2009 at 13:26, Eddie Drapkinoorza...@gmail.com wrote: Uhm you don't need braces around arrays unless you're using more than one dimension in the array. This works perfectly fine for me: ?php $bar = array('hello' = goodbye); $foo = EOT $bar[hello] EOT; echo $foo; //echos out goodbye ? It works fine because you're forcing PHP to cast 'hello' in your array from a simple boolean TRUE to the string equivalent. Bad, Eddie! Stay off the couch! Something this simple should be common knowledge :X but I still agree with Daniel that you ought to use {} around variables in HEREDOC (or double-quotes) as it makes your code much more readable. It also works similar to the method in which double quotes (translatable) work as opposed to single quotes (literal), though instead of printing the literal $bar['hello'] it will give you a parse error (T_ENCAPSED_AND_WHITESPACE, if memory serves correctly for once, but don't quote me on that). -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
On Jul 11, 2009, at 11:26 AM, Eddie Drapkin wrote: $foo = EOT $bar[hello] EOT; what does EOT stand for? (I realize that string can be anything.. but I am just asking what EOT means to everyone? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
On Sat, Jul 11, 2009 at 3:53 PM, Govindagovinda.webdnat...@gmail.com wrote: On Jul 11, 2009, at 11:26 AM, Eddie Drapkin wrote: $foo = EOT $bar[hello] EOT; what does EOT stand for? (I realize that string can be anything.. but I am just asking what EOT means to everyone? I just use it as End of Term because I'm used to EOF as End of File -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
On Sun, Jul 12, 2009 at 2:56 AM, Eddie Drapkin oorza...@gmail.com wrote: On Sat, Jul 11, 2009 at 3:53 PM, Govindagovinda.webdnat...@gmail.com wrote: On Jul 11, 2009, at 11:26 AM, Eddie Drapkin wrote: $foo = EOT $bar[hello] EOT; what does EOT stand for? (I realize that string can be anything.. but I am just asking what EOT means to everyone? I just use it as End of Term because I'm used to EOF as End of File EOT used to mean End of Text. reference ASCII-7 notatioin
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
At 3:34 AM +0700 7/12/09, Lenin wrote: On Sun, Jul 12, 2009 at 2:56 AM, Eddie Drapkin oorza...@gmail.com wrote: On Sat, Jul 11, 2009 at 3:53 PM, Govindagovinda.webdnat...@gmail.com wrote: what does EOT stand for? (I realize that string can be anything.. but I am just asking what EOT means to everyone? I just use it as End of Term because I'm used to EOF as End of File EOT used to mean End of Text. reference ASCII-7 notatioin Yes, but in both cases the operator is used at both the beginning AND at the end of the heredoc. I normally don't start anything with an End term. That's what I liked about the underscore (_) -- there's no inference that it's an acronym. $whatever = _ whatever _; However with that said, one could come up with a dual purpose acronym like: TO = (TEXT On or TEXT Off) or if you need three characters. HDO = (HEREDOC ON or HEREDOC OFF) I'm sure some clever person could come up with something better. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] mysql_real_escape_string wants a string or a resource?
This code: $maybeDeleteClient=($_GET[maybeDeleteClient]); $maybeDeleteClient=mysql_real_escape_string($db_billing, $maybeDeleteClient); // this is line 53 gives this error: Warning: mysql_real_escape_string() expects parameter 2 to be resource, string given in /home/metheuser/public_html/somedir/ billing_manageClients.php on line 53 but the docs here: http://us2.php.net/manual/en/mysqli.real-escape-string.php say: Procedural style: string mysqli_real_escape_string ( mysqli $link , string $escapestr ) ..and even go on to give an example using a string for that 2nd param. Why is it complaining to me? p.s. what is a resource compared to a string? Govinda govinda.webdnat...@gmail.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql_real_escape_string wants a string or a resource?
2009/7/11 Govinda govinda.webdnat...@gmail.com: This code: $maybeDeleteClient=($_GET[maybeDeleteClient]); $maybeDeleteClient=mysql_real_escape_string($db_billing, $maybeDeleteClient); // this is line 53 gives this error: Warning: mysql_real_escape_string() expects parameter 2 to be resource, string given in /home/metheuser/public_html/somedir/billing_manageClients.php on line 53 but the docs here: http://us2.php.net/manual/en/mysqli.real-escape-string.php say: Procedural style: string mysqli_real_escape_string ( mysqli $link , string $escapestr ) ..and even go on to give an example using a string for that 2nd param. Why is it complaining to me? You're looking at the documentation for mysqli_real_escape_string but using mysql_real_escape_string - notice the i in mysqli in the first function name. p.s. what is a resource compared to a string? A resource is a variable type. See http://php.net/language.types.resource -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql_real_escape_string wants a string or a resource?
2009/7/11 Govinda govinda.webdnat...@gmail.com: You're looking at the documentation for mysqli_real_escape_string but using mysql_real_escape_string - notice the i in mysqli in the first function name. right. Thanks. p.s. what is a resource compared to a string? A resource is a variable type. See http://php.net/language.types.resource as in a db connection That's one example of a resource, but in general terms it's a reference to an external resource of some sort, specific to a particular extension. -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql_real_escape_string wants a string or a resource?
On Sat, Jul 11, 2009 at 17:51, Govindagovinda.webdnat...@gmail.com wrote: as in a db connection That's essentially a resource in reference to an object. -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql_real_escape_string wants a string or a resource?
For the longest time, we were having a problem in the docs where some mirrors were erroneously redirecting references to mysqli_real_escape_string() to mysql_real_escape_string(). Should all be fixed now (and certainly is on the US2 mirror). In my case, I had somehow got the idea that the docs were the same for both functions. I.e. I knew I was looking at mysqli_real_escape_string but thought the syntax was the same as for mysql_real_escape_string -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySql Injection advice
On July 11, 2009 10:57:14 am Haig Dedeyan wrote: At 10:12 PM -0400 7/10/09, Haig Dedeyan wrote: [1] $fname = mysql_real_escape_string($fname); $lname = mysql_real_escape_string($lname); $sql = UPDATE phonedir SET fname = '$fname',lname = '$lname' WHERE id=$id; $result = mysql_query($sql); echo mysql_error() . \n; This will result in the addition of the slashes. [2] If I do the following, there are no slashes. Just wondering if I'm on the right path with the 1st code set.. $sql = UPDATE phonedir SET fname = '.mysql_real_escape_string($fname).',lname = '.mysql_real_escape_string($lname).' WHERE id=$id; $result = mysql_query($sql); echo mysql_error() . \n; Haig: Interesting, I did not know that -- that sounds like a bug to me -- both should be the same. However, I commonly do [1] and when I have to display the data to a browser, then I use htmlentities() and stripslashes() before displaying the data. That way names like O'Brian appear correctly -- else they appear 0\'Brian. Now maybe I'm doing something wrong, but this way works for me. If there is a better way, I would like to here it. Cheers, tedd Thanks Tedd. I did more testing and here's what I have found. @PHPSter - magic quotes are off Just entering simple data where an apostrophe is part of the data. The following code is entering the slash but that's becuase I am escaping it twice since mysql_num_rows is throwing an error if an apostrophe is in its search: 1 - $new_fname = mysql_real_escape_string($new_fname); $new_lname = mysql_real_escape_string($new_lname); $result = mysql_query(SELECT * FROM phonedir WHERE fname = '$new_fname' lname = '$new_lname'); $num_rows = mysql_num_rows($result); if($num_rows 0) { echo $fname. .$lname. already exists; } else { mysql_query(INSERT INTO phonedir (fname, lname) VALUES('.mysql_real_escape_string($new_fname).','.mysql_real_escape_string($new_lname).')) or die(mysql_error()); 2 - If I do the same code above without the mysql_num_rows and no escaping, the data doesn't get entered. I think this is normal behaviour. 3 - If I do any of the 2 following sets of code where there is 1 instance of escaping, the data gets entered with the apostrophe but I don't see any back slash entered. The part that I am concerned about is if I should be seeing the backslash entered without having to double escape, $new_fname = mysql_real_escape_string($new_fname); $new_lname = mysql_real_escape_string($new_lname); $result = mysql_query(SELECT * FROM phonedir WHERE fname = '$new_fname' lname = '$new_lname'); $num_rows = mysql_num_rows($result); if($num_rows 0) { echo $fname. .$lname. already exists; } else { mysql_query(INSERT INTO phonedir (fname, lname) VALUES('$new_fname','$new_lname')) or die(mysql_error()); or mysql_query(INSERT INTO phonedir (fname, lname) VALUES('.mysql_real_escape_string($new_fname).','.mysql_real_escape_string($new_lname).')) or die(mysql_error());
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
On Sat, Jul 11, 2009 at 5:37 PM, teddtedd.sperl...@gmail.com wrote: At 3:34 AM +0700 7/12/09, Lenin wrote: On Sun, Jul 12, 2009 at 2:56 AM, Eddie Drapkin oorza...@gmail.com wrote: On Sat, Jul 11, 2009 at 3:53 PM, Govindagovinda.webdnat...@gmail.com wrote: what does EOT stand for? (I realize that string can be anything.. but I am just asking what EOT means to everyone? I just use it as End of Term because I'm used to EOF as End of File EOT used to mean End of Text. reference ASCII-7 notatioin Yes, but in both cases the operator is used at both the beginning AND at the end of the heredoc. I normally don't start anything with an End term. That's what I liked about the underscore (_) -- there's no inference that it's an acronym. $whatever = _ whatever _; However with that said, one could come up with a dual purpose acronym like: TO = (TEXT On or TEXT Off) or if you need three characters. HDO = (HEREDOC ON or HEREDOC OFF) I'm sure some clever person could come up with something better. Cheers, tedd When I see something like $foo = EOT //stuff EOT; I always read EOT as until EOT or, until End of Text/Term. So, the whole statement, in my head, would be $foo is equal to everything following until End of Text. Although, less generic names like HTML, or XML, or ROW can also be fine, too. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySql Injection advice
On Sat, Jul 11, 2009 at 6:39 PM, Haig Dedeyanhdede...@videotron.ca wrote: On July 11, 2009 10:57:14 am Haig Dedeyan wrote: At 10:12 PM -0400 7/10/09, Haig Dedeyan wrote: [1] $fname = mysql_real_escape_string($fname); $lname = mysql_real_escape_string($lname); $sql = UPDATE phonedir SET fname = '$fname',lname = '$lname' WHERE id=$id; $result = mysql_query($sql); echo mysql_error() . \n; This will result in the addition of the slashes. [2] If I do the following, there are no slashes. Just wondering if I'm on the right path with the 1st code set.. $sql = UPDATE phonedir SET fname = '.mysql_real_escape_string($fname).',lname = '.mysql_real_escape_string($lname).' WHERE id=$id; $result = mysql_query($sql); echo mysql_error() . \n; Haig: Interesting, I did not know that -- that sounds like a bug to me -- both should be the same. However, I commonly do [1] and when I have to display the data to a browser, then I use htmlentities() and stripslashes() before displaying the data. That way names like O'Brian appear correctly -- else they appear 0\'Brian. Now maybe I'm doing something wrong, but this way works for me. If there is a better way, I would like to here it. Cheers, tedd Thanks Tedd. I did more testing and here's what I have found. @PHPSter - magic quotes are off Just entering simple data where an apostrophe is part of the data. The following code is entering the slash but that's becuase I am escaping it twice since mysql_num_rows is throwing an error if an apostrophe is in its search: 1 - $new_fname = mysql_real_escape_string($new_fname); $new_lname = mysql_real_escape_string($new_lname); $result = mysql_query(SELECT * FROM phonedir WHERE fname = '$new_fname' lname = '$new_lname'); $num_rows = mysql_num_rows($result); if($num_rows 0) { echo $fname. .$lname. already exists; } else { mysql_query(INSERT INTO phonedir (fname, lname) VALUES('.mysql_real_escape_string($new_fname).','.mysql_real_escape_string($new_lname).')) or die(mysql_error()); 2 - If I do the same code above without the mysql_num_rows and no escaping, the data doesn't get entered. I think this is normal behaviour. 3 - If I do any of the 2 following sets of code where there is 1 instance of escaping, the data gets entered with the apostrophe but I don't see any back slash entered. The part that I am concerned about is if I should be seeing the backslash entered without having to double escape, $new_fname = mysql_real_escape_string($new_fname); $new_lname = mysql_real_escape_string($new_lname); $result = mysql_query(SELECT * FROM phonedir WHERE fname = '$new_fname' lname = '$new_lname'); $num_rows = mysql_num_rows($result); if($num_rows 0) { echo $fname. .$lname. already exists; } else { mysql_query(INSERT INTO phonedir (fname, lname) VALUES('$new_fname','$new_lname')) or die(mysql_error()); or mysql_query(INSERT INTO phonedir (fname, lname) VALUES('.mysql_real_escape_string($new_fname).','.mysql_real_escape_string($new_lname).')) or die(mysql_error()); No offense or anything, but all of this work you've done is immediately mode obsolete the second you switch to prepared statements. They're easier to use and more secure, as well as making code more readable. I don't understand why it's so hard for them to catch on among PHP developers when they're so popular in other languages. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySql Injection advice
2009/7/12 Eddie Drapkin oorza...@gmail.com: No offense or anything, but all of this work you've done is immediately mode obsolete the second you switch to prepared statements. They're easier to use and more secure, as well as making code more readable. I don't understand why it's so hard for them to catch on among PHP developers when they're so popular in other languages. They are also a *lot* slower for statements you're only going to execute once as they involve two round trips to the DB server instead of one. If your DB is local and not very heavily loaded then you probably won't notice this, but for those of us working on sites with substantial traffic they can kill site performance dead if applied unconditionally. Prepared statements have their uses, but they are not universally applicable, which is something that the MySQL documentation also clearly states. As far as security goes prepared statements offer nothing more than a reasonable and, IMHO, necessary amount of due diligence on the part of the developer will also achieve. -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
I always said : Being good and Being FORCED to be good are two different things... and PHP normally don't force us to be good that why PHP is the most popular programming language with a large code base which WORKS but not as per the standard or recommended way ; so keep you old code as long as it works Sorry for TOP posting This mailing list also don't force us to be good :) Zareef Ahmed On Sun, Jul 12, 2009 at 4:50 AM, Eddie Drapkin oorza...@gmail.com wrote: On Sat, Jul 11, 2009 at 5:37 PM, teddtedd.sperl...@gmail.com wrote: At 3:34 AM +0700 7/12/09, Lenin wrote: On Sun, Jul 12, 2009 at 2:56 AM, Eddie Drapkin oorza...@gmail.com wrote: On Sat, Jul 11, 2009 at 3:53 PM, Govindagovinda.webdnat...@gmail.com wrote: what does EOT stand for? (I realize that string can be anything.. but I am just asking what EOT means to everyone? I just use it as End of Term because I'm used to EOF as End of File EOT used to mean End of Text. reference ASCII-7 notatioin Yes, but in both cases the operator is used at both the beginning AND at the end of the heredoc. I normally don't start anything with an End term. That's what I liked about the underscore (_) -- there's no inference that it's an acronym. $whatever = _ whatever _; However with that said, one could come up with a dual purpose acronym like: TO = (TEXT On or TEXT Off) or if you need three characters. HDO = (HEREDOC ON or HEREDOC OFF) I'm sure some clever person could come up with something better. Cheers, tedd When I see something like $foo = EOT //stuff EOT; I always read EOT as until EOT or, until End of Text/Term. So, the whole statement, in my head, would be $foo is equal to everything following until End of Text. Although, less generic names like HTML, or XML, or ROW can also be fine, too. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Zareef Ahmed :: A PHP Developer in India ( Delhi ) Homepage :: http://www.zareef.net
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
On Sat, Jul 11, 2009 at 19:46, Zareef Ahmedzareef.ah...@gmail.com wrote: I always said : Being good and Being FORCED to be good are two different things... and PHP normally don't force us to be good that why PHP is the most popular programming language with a large code base which WORKS but not as per the standard or recommended way ; so keep you old code as long as it works Well, it's not the most popular, but it's right up at the top. Sorry for TOP posting This mailing list also don't force us to be good :) FORCE, no. ENCOURAGE, yes. Particularly in long threads like this one. Check the rules. They're not just there to take up space on the paper. ;-P -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP/mysql equivalent of PEAR's tableInfo()??
I have been using PEAR's tableInfo() to remind myself about the columns in the table.. but now I want to see as much data as possible about the table and its contents *without* using PEAR. (I.e. just using built in stuff for mysqli.) I have been looking through the manuals, even tried this: $info = mysqli_query($db_billing,SHOW FULL COLUMNS IN billing_clients IN billing); echo 'pre'. print_r($info) .'/pre'; which returns just: mysqli_result Object ( ) pre1/pre ?? .. and anyway SO much time gets wasted. I always aim to find things myself.. but something so easy and quick.. it seems a shame to not just ask. Should I be asking this Q on another list? I see there are lists for just [mysql] General Discussion, and also for MySQL and PHP on the http://lists.mysql.com/ site.. I don't need super deep stuff. just the basics, all with respect to doing it from PHP. What are you guys using to dump 'everything-you-always-wanted-to-know- about-your-table'? Govinda govinda.webdnat...@gmail.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] RFC/Survey for Our Newer Folks (Including Lurkers)
Ladies and Gentlemen: First of all, if you're new to the list, welcome. At the risk of bragging about our collective talents, you are now a member of a community that is home to what may be some of the best talent in web development you'll find on the Internet. I'm not speaking of myself, but of your peers on this list. I could mention names, but that's beyond the scope of this particular request. What I would like to know is how you found out about this list. For example, did you go out of your way to find a support channel for PHP? Did you come to the source website, find out about the mailing list, and decide to subscribe? Did you submit a note to the php.net website requesting assistance and have your note rejected, and follow the instructions in the email that myself or another PHP Group member sent? Were you referred here by a friend, website, or publication? I would like to hear from all of you, and if you don't want your email address or words to be publicly archived, you're more than welcome to reply to me personally. I'd like to speak particularly with folks who joined this list because of submitting a note to the site and having it rejected, but I want all opinions. So if you've been here for less than 90 days or so, how did you wind up here, and did you have any problems in joining or complaints about the subscription process? If you've never posted and wanted a chance to introduce yourself, here's your chance. Breaking the ice and getting that first email out of the way may be all that's between you and immortality as the next great contributor to the project. Just remember the little people when you reach fame and fortune. ;-P -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP/mysql equivalent of PEAR's tableInfo()??
On Sat, Jul 11, 2009 at 19:57, Govindagovinda.webdnat...@gmail.com wrote: I have been using PEAR's tableInfo() to remind myself about the columns in the table.. but now I want to see as much data as possible about the table and its contents *without* using PEAR. (I.e. just using built in stuff for mysqli.) This is not mysqli_#() directly, but just mocked up here in this email. Not guaranteed to work, but should give you the right idea at least. ;-P ?php include('inc/config.php'); // Your configuration include('inc/db.php'); // Your database connection info $sql = SHOW TABLES; $result = mysql_query($sql); foreach(mysql_fetch_assoc($result) as $k = $v) { $ssql = DESCRIBE .mysql_real_escape_string($v); $rresult = mysql_query($ssql); echo b.$k./b:br /\n; echo pre\n; print_r(mysql_fetch_assoc($rresult)); echo /pre\n; echo br /\n; } ? -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySql Injection advice
On Sun, Jul 12, 2009 at 4:09 AM, Haig Dedeyan hdede...@videotron.ca wrote: On July 11, 2009 10:57:14 am Haig Dedeyan wrote: At 10:12 PM -0400 7/10/09, Haig Dedeyan wrote: [1] $fname = mysql_real_escape_string($fname); $lname = mysql_real_escape_string($lname); $sql = UPDATE phonedir SET fname = '$fname',lname = '$lname' WHERE id=$id; $result = mysql_query($sql); echo mysql_error() . \n; This will result in the addition of the slashes. [2] If I do the following, there are no slashes. Just wondering if I'm on the right path with the 1st code set.. $sql = UPDATE phonedir SET fname = '.mysql_real_escape_string($fname).',lname = '.mysql_real_escape_string($lname).' WHERE id=$id; $result = mysql_query($sql); echo mysql_error() . \n; Haig: Interesting, I did not know that -- that sounds like a bug to me -- both should be the same. However, I commonly do [1] and when I have to display the data to a browser, then I use htmlentities() and stripslashes() before displaying the data. That way names like O'Brian appear correctly -- else they appear 0\'Brian. Now maybe I'm doing something wrong, but this way works for me. If there is a better way, I would like to here it. Cheers, tedd Thanks Tedd. I did more testing and here's what I have found. @PHPSter - magic quotes are off Just entering simple data where an apostrophe is part of the data. The following code is entering the slash but that's becuase I am escaping it twice since mysql_num_rows is throwing an error if an apostrophe is in its search: 1 - $new_fname = mysql_real_escape_string($new_fname); $new_lname = mysql_real_escape_string($new_lname); $result = mysql_query(SELECT * FROM phonedir WHERE fname = '$new_fname' lname = '$new_lname'); $num_rows = mysql_num_rows($result); The error message may be saying the mysql_num_rows is throwing an error but actual error is on mysql_query function level (Not a correct query) if($num_rows 0) { echo $fname. .$lname. already exists; } else { mysql_query(INSERT INTO phonedir (fname, lname) VALUES('.mysql_real_escape_string($new_fname).','.mysql_real_escape_string($new_lname).')) or die(mysql_error()); BTW twice escaping is not good 2 - If I do the same code above without the mysql_num_rows and no escaping, the data doesn't get entered. I think this is normal behaviour. Welcome to hell of quotes :( 3 - If I do any of the 2 following sets of code where there is 1 instance of escaping, the data gets entered with the apostrophe but I don't see any back slash entered. The part that I am concerned about is if I should be seeing the backslash entered without having to double escape, Please see magic_quotes_runtime setting configuration... http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-runtime If it is enables it will automatically removed the slashes from any external source including databases... It was there to make the life of developer somewhat easier ()... magic quotes things are deprecated and completely will be removed in PHP 6 $new_fname = mysql_real_escape_string($new_fname); $new_lname = mysql_real_escape_string($new_lname); $result = mysql_query(SELECT * FROM phonedir WHERE fname = '$new_fname' lname = '$new_lname'); $num_rows = mysql_num_rows($result); if($num_rows 0) { echo $fname. .$lname. already exists; } else { mysql_query(INSERT INTO phonedir (fname, lname) VALUES('$new_fname','$new_lname')) or die(mysql_error()); or mysql_query(INSERT INTO phonedir (fname, lname) VALUES('.mysql_real_escape_string($new_fname).','.mysql_real_escape_string($new_lname).')) or die(mysql_error()); -- Zareef Ahmed :: A PHP Developer in India ( Delhi ) Homepage :: http://www.zareef.net
Re: [PHP] MySql Injection advice
On July 11, 2009 08:21:34 pm Haig Dedeyan wrote: On Sun, Jul 12, 2009 at 4:09 AM, Haig Dedeyan hdede...@videotron.ca wrote: On July 11, 2009 10:57:14 am Haig Dedeyan wrote: At 10:12 PM -0400 7/10/09, Haig Dedeyan wrote: [1] $fname = mysql_real_escape_string($fname); $lname = mysql_real_escape_string($lname); $sql = UPDATE phonedir SET fname = '$fname',lname = '$lname' WHERE id=$id; $result = mysql_query($sql); echo mysql_error() . \n; This will result in the addition of the slashes. [2] If I do the following, there are no slashes. Just wondering if I'm on the right path with the 1st code set.. $sql = UPDATE phonedir SET fname = '.mysql_real_escape_string($fname).',lname = '.mysql_real_escape_string($lname).' WHERE id=$id; $result = mysql_query($sql); echo mysql_error() . \n; Haig: Interesting, I did not know that -- that sounds like a bug to me -- both should be the same. However, I commonly do [1] and when I have to display the data to a browser, then I use htmlentities() and stripslashes() before displaying the data. That way names like O'Brian appear correctly -- else they appear 0\'Brian. Now maybe I'm doing something wrong, but this way works for me. If there is a better way, I would like to here it. Cheers, tedd Thanks Tedd. I did more testing and here's what I have found. @PHPSter - magic quotes are off Just entering simple data where an apostrophe is part of the data. The following code is entering the slash but that's becuase I am escaping it twice since mysql_num_rows is throwing an error if an apostrophe is in its search: 1 - $new_fname = mysql_real_escape_string($new_fname); $new_lname = mysql_real_escape_string($new_lname); $result = mysql_query(SELECT * FROM phonedir WHERE fname = '$new_fname' lname = '$new_lname'); $num_rows = mysql_num_rows($result); The error message may be saying the mysql_num_rows is throwing an error but actual error is on mysql_query function level (Not a correct query) if($num_rows 0) { echo $fname. .$lname. already exists; } else { mysql_query(INSERT INTO phonedir (fname, lname) VALUES('.mysql_real_escape_string($new_fname).','.mysql_real_escape_st ring($new_lname).')) or die(mysql_error()); BTW twice escaping is not good 2 - If I do the same code above without the mysql_num_rows and no escaping, the data doesn't get entered. I think this is normal behaviour. Welcome to hell of quotes :( 3 - If I do any of the 2 following sets of code where there is 1 instance of escaping, the data gets entered with the apostrophe but I don't see any back slash entered. The part that I am concerned about is if I should be seeing the backslash entered without having to double escape, Please see magic_quotes_runtime setting configuration... http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-runtim e If it is enables it will automatically removed the slashes from any external source including databases... It was there to make the life of developer somewhat easier ()... magic quotes things are deprecated and completely will be removed in PHP 6 $new_fname = mysql_real_escape_string($new_fname); $new_lname = mysql_real_escape_string($new_lname); $result = mysql_query(SELECT * FROM phonedir WHERE fname = '$new_fname' lname = '$new_lname'); $num_rows = mysql_num_rows($result); if($num_rows 0) { echo $fname. .$lname. already exists; } else { mysql_query(INSERT INTO phonedir (fname, lname) VALUES('$new_fname','$new_lname')) or die(mysql_error()); or mysql_query(INSERT INTO phonedir (fname, lname) VALUES('.mysql_real_escape_string($new_fname).','.mysql_real_escape_st ring($new_lname).')) or die(mysql_error()); Thansk Zareef. Magic quotes are off. This is what my php ini says: ; Magic quotes for incoming GET/POST/Cookie data. magic_quotes_gpc = Off ; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc. magic_quotes_runtime = Off ; Use Sybase-style magic quotes (escape ' with '' instead of \'). magic_quotes_sybase = Off I won;t be using 2x escapes but I just need to know if I should be seeing the backslash in the dbase. @Tedd - I will be looking into prepared statements eventually but I still want to understand escaping. Cheers Haig
[PHP] Re: RFC/Survey for Our Newer Folks (Including Lurkers)
Howdy Daniel and Group, I'm new here, in fact, my first post was just a few days ago. I'm a computer hobbiest hoping to transition myself into the IT world at some point in the near future, having spent most of my life working in building construction. (Guess, I'm just getting too old and tired to cut the mustard there.. ;-) I've just started trying to learn web development with php, but I've done alot of reading and poking around in a few other languages, but nothing in a big way. I came upon this newsgroup after looking around on the main php documentation site and finding a notice there about it. My coming here was brought about by me posting on a couple of forums and waiting for days for an answer of any kind, if I were to get an answer at all. I am glad to have found this place since the members seem to be quite knowledgable and most of all, willing to share that knowledge. I'll try not to be a nuisance with frivolous questions and go to the docs and search engines first. Thanks you all for being here and for being so willing to help. Mark Daniel P. Brown daniel.br...@parasane.net wrote in message news:ab5568160907111706h5e4fe72ck8fe6155220464...@mail.gmail.com... Ladies and Gentlemen: First of all, if you're new to the list, welcome. At the risk of bragging about our collective talents, you are now a member of a community that is home to what may be some of the best talent in web development you'll find on the Internet. I'm not speaking of myself, but of your peers on this list. I could mention names, but that's beyond the scope of this particular request. What I would like to know is how you found out about this list. For example, did you go out of your way to find a support channel for PHP? Did you come to the source website, find out about the mailing list, and decide to subscribe? Did you submit a note to the php.net website requesting assistance and have your note rejected, and follow the instructions in the email that myself or another PHP Group member sent? Were you referred here by a friend, website, or publication? I would like to hear from all of you, and if you don't want your email address or words to be publicly archived, you're more than welcome to reply to me personally. I'd like to speak particularly with folks who joined this list because of submitting a note to the site and having it rejected, but I want all opinions. So if you've been here for less than 90 days or so, how did you wind up here, and did you have any problems in joining or complaints about the subscription process? If you've never posted and wanted a chance to introduce yourself, here's your chance. Breaking the ice and getting that first email out of the way may be all that's between you and immortality as the next great contributor to the project. Just remember the little people when you reach fame and fortune. ;-P -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: RFC/Survey for Our Newer Folks (Including Lurkers)
Hello, I've been a developer for a little over a year now (I started when I just turned 16), frankly I love coding and helping out others. I joined the list as my second mailing list (WHATWG is first), mailing lists just provide a different atmosphere than forums, blogs or message boards. I found the list by the link on php.net (lists.php.net), I mainly joined to grow in my experience with PHP. -- - Adam Shannon ( http://ashannon.us )
[PHP] A prepared statements question
Hello everyone, I am having a problem getting my prepared statements working. Here is my setup... index.php - authenticate.php - admin.php 1)index.php has a login form on it so when someone enters their username the form redirects to another page I call authenticate.php. 2)In the authenticate.php file I want to use prepared statements to interact with the MySQL database. I want to compare the username submitted from the form with the username in the database. 3)If the login username was legitimate then you are forwarded to admin.php Its step 2 I am having problems with. Here is what I have but I don't think it makes any sense and it doesn't work. $link = mysqli_connect($hostname, $dbusername, $password, $database); $stmt = mysqli_prepare($link, SELECT * FROM administrators WHERE adminusers=?); mysqli_stmt_bind_param($stmt, 's', $username); $result = mysqli_stmt_execute($stmt); $count=mysqli_num_rows($result); if($count==1){ header(location:admin.php); } else { echo Failure; } Any help is appreciated. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A prepared statements question
[Redirected to PHP-DB: php...@lists.php.net] On Sun, Jul 12, 2009 at 00:31, Jason Carsonja...@jasoncarson.ca wrote: Hello everyone, I am having a problem getting my prepared statements working. Here is my setup... index.php - authenticate.php - admin.php 1)index.php has a login form on it so when someone enters their username the form redirects to another page I call authenticate.php. 2)In the authenticate.php file I want to use prepared statements to interact with the MySQL database. I want to compare the username submitted from the form with the username in the database. 3)If the login username was legitimate then you are forwarded to admin.php Its step 2 I am having problems with. Here is what I have but I don't think it makes any sense and it doesn't work. $link = mysqli_connect($hostname, $dbusername, $password, $database); $stmt = mysqli_prepare($link, SELECT * FROM administrators WHERE adminusers=?); mysqli_stmt_bind_param($stmt, 's', $username); $result = mysqli_stmt_execute($stmt); $count=mysqli_num_rows($result); if($count==1){ header(location:admin.php); } else { echo Failure; } Any help is appreciated. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php