Re: [PHP] MySql Injection advice
2009/7/12 Haig Dedeyan hdede...@videotron.ca On July 11, 2009 08:21:34 pm Haig Dedeyan wrote: On Sun, Jul 12, 2009 at 4:09 AM, Haig Dedeyan hdede...@videotron.ca wrote: On July 11, 2009 10:57:14 am Haig Dedeyan wrote: At 10:12 PM -0400 7/10/09, Haig Dedeyan wrote: [1] $fname = mysql_real_escape_string($fname); $lname = mysql_real_escape_string($lname); $sql = UPDATE phonedir SET fname = '$fname',lname = '$lname' WHERE id=$id; $result = mysql_query($sql); echo mysql_error() . \n; This will result in the addition of the slashes. [2] If I do the following, there are no slashes. Just wondering if I'm on the right path with the 1st code set.. $sql = UPDATE phonedir SET fname = '.mysql_real_escape_string($fname).',lname = '.mysql_real_escape_string($lname).' WHERE id=$id; $result = mysql_query($sql); echo mysql_error() . \n; Haig: Interesting, I did not know that -- that sounds like a bug to me -- both should be the same. However, I commonly do [1] and when I have to display the data to a browser, then I use htmlentities() and stripslashes() before displaying the data. That way names like O'Brian appear correctly -- else they appear 0\'Brian. Now maybe I'm doing something wrong, but this way works for me. If there is a better way, I would like to here it. Cheers, tedd Thanks Tedd. I did more testing and here's what I have found. @PHPSter - magic quotes are off Just entering simple data where an apostrophe is part of the data. The following code is entering the slash but that's becuase I am escaping it twice since mysql_num_rows is throwing an error if an apostrophe is in its search: 1 - $new_fname = mysql_real_escape_string($new_fname); $new_lname = mysql_real_escape_string($new_lname); $result = mysql_query(SELECT * FROM phonedir WHERE fname = '$new_fname' lname = '$new_lname'); $num_rows = mysql_num_rows($result); The error message may be saying the mysql_num_rows is throwing an error but actual error is on mysql_query function level (Not a correct query) if($num_rows 0) { echo $fname. .$lname. already exists; } else { mysql_query(INSERT INTO phonedir (fname, lname) VALUES('.mysql_real_escape_string($new_fname).','.mysql_real_escape_st ring($new_lname).')) or die(mysql_error()); BTW twice escaping is not good 2 - If I do the same code above without the mysql_num_rows and no escaping, the data doesn't get entered. I think this is normal behaviour. Welcome to hell of quotes :( 3 - If I do any of the 2 following sets of code where there is 1 instance of escaping, the data gets entered with the apostrophe but I don't see any back slash entered. The part that I am concerned about is if I should be seeing the backslash entered without having to double escape, Please see magic_quotes_runtime setting configuration... http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-runtim e If it is enables it will automatically removed the slashes from any external source including databases... It was there to make the life of developer somewhat easier ()... magic quotes things are deprecated and completely will be removed in PHP 6 $new_fname = mysql_real_escape_string($new_fname); $new_lname = mysql_real_escape_string($new_lname); $result = mysql_query(SELECT * FROM phonedir WHERE fname = '$new_fname' lname = '$new_lname'); $num_rows = mysql_num_rows($result); if($num_rows 0) { echo $fname. .$lname. already exists; } else { mysql_query(INSERT INTO phonedir (fname, lname) VALUES('$new_fname','$new_lname')) or die(mysql_error()); or mysql_query(INSERT INTO phonedir (fname, lname) VALUES('.mysql_real_escape_string($new_fname).','.mysql_real_escape_st ring($new_lname).')) or die(mysql_error()); Thansk Zareef. Magic quotes are off. This is what my php ini says: ; Magic quotes for incoming GET/POST/Cookie data. magic_quotes_gpc = Off ; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc. magic_quotes_runtime = Off ; Use Sybase-style magic quotes (escape ' with '' instead of \'). magic_quotes_sybase = Off This is fine, But just for final confirmation of actual values at the runtime can you try to get the value of function get_magic_quotes_runtime function in your script. var_dump(get_magic_quotes_runtime); possibility of using a different php.ini or modifying values of variables at runtime is also there :) I won;t be using 2x escapes but I just need to know if I should be seeing the backslash in the dbase. @Tedd - I will be looking into prepared statements
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
On Sun, Jul 12, 2009 at 6:49 AM, Daniel Brown danbr...@php.net wrote: Sorry for TOP posting This mailing list also don't force us to be good :) FORCE, no. ENCOURAGE, yes. Particularly in long threads like this one. Check the rules. They're not just there to take up space on the paper. ;-P If I reply from my Nokia 6020's wap (as gmail app would hang now due to less memory) and I include the receiver's text I cant choose to place it at top or bottom. So, that way it would always be top posting. Also from that wap device you will have REAL difficulty if mails are not TOP posted. Because, then you'd have to scroll all the pages by clicking next message next message blah blah blah. Of course it is better for reading if mails are written bottom posted or inline answered. Regards Lenin
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
On Sun, Jul 12, 2009 at 3:05 AM, Leninle...@phpxperts.net wrote: On Sun, Jul 12, 2009 at 6:49 AM, Daniel Brown danbr...@php.net wrote: Sorry for TOP posting This mailing list also don't force us to be good :) FORCE, no. ENCOURAGE, yes. Particularly in long threads like this one. Check the rules. They're not just there to take up space on the paper. ;-P If I reply from my Nokia 6020's wap (as gmail app would hang now due to less memory) and I include the receiver's text I cant choose to place it at top or bottom. So, that way it would always be top posting. Also from that wap device you will have REAL difficulty if mails are not TOP posted. Because, then you'd have to scroll all the pages by clicking next message next message blah blah blah. Of course it is better for reading if mails are written bottom posted or inline answered. Regards Lenin Two things: 1) I've never head of an email list changing their rules to cater to a fringe crowd, like Nokia 6020 users. 2) Why does every thread lately degrade into chatter about top/bottom posting? *looks RIGHT AT D. Brown* -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A prepared statements question
On Sun, Jul 12, 2009 at 10:01 AM, Jason Carson ja...@jasoncarson.ca wrote: Hello everyone, I am having a problem getting my prepared statements working. Here is my setup... index.php - authenticate.php - admin.php 1)index.php has a login form on it so when someone enters their username the form redirects to another page I call authenticate.php. 2)In the authenticate.php file I want to use prepared statements to interact with the MySQL database. I want to compare the username submitted from the form with the username in the database. 3)If the login username was legitimate then you are forwarded to admin.php Its step 2 I am having problems with. Here is what I have but I don't think it makes any sense and it doesn't work. $link = mysqli_connect($hostname, $dbusername, $password, $database); $stmt = mysqli_prepare($link, SELECT * FROM administrators WHERE adminusers=?); No Password ? I hope you are only using the statement for determining the role of already logged in user. mysqli_stmt_bind_param($stmt, 's', $username); $result = mysqli_stmt_execute($stmt); $count=mysqli_num_rows($result); if($count==1){ header(location:admin.php); } else { echo Failure; } Any help is appreciated. You forgot to mention the about the problem you are facing :), I am having problem statement is not good enough. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Zareef Ahmed :: A PHP Developer in India ( Delhi ) Homepage :: http://www.zareef.net
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
On Sun, Jul 12, 2009 at 2:08 PM, Eddie Drapkin oorza...@gmail.com wrote: 2) Why does every thread lately degrade into chatter about top/bottom posting? *looks RIGHT AT D. Brown* Ask him :D :P
Re: [PHP] RFC/Survey for Our Newer Folks (Including Lurkers)
I was using the php.net website for ages for syntax reference, saw the mailing list and figured why not. No amazing story, but now you're all stuck with me :p -- Thanks, Ash http://www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HTTP headers and include()
On Fri, Jul 10, 2009 at 12:49 PM, Michael A. Peters mpet...@mac.com wrote: James Colannino wrote: White space can cause this - make sure your code has ?php as the very top and ? at the very bottom, or the white space may trigger the web server to send a header and the white space as data before the cookie for session_start() is sent. Well, at the end of the file dont put a ? on your php files especially which files you are gonna include at others. It would save you some dreadfull buggy times. Its also practiced in the framework programming.
Re: [PHP] HTTP headers and include()
On Sunday 12 July 2009 12:01:12 Lenin wrote: On Fri, Jul 10, 2009 at 12:49 PM, Michael A. Peters mpet...@mac.com wrote: James Colannino wrote: White space can cause this - make sure your code has ?php as the very top and ? at the very bottom, or the white space may trigger the web server to send a header and the white space as data before the cookie for session_start() is sent. Well, at the end of the file dont put a ? on your php files especially which files you are gonna include at others. It would save you some dreadfull buggy times. Its also practiced in the framework programming. Well, some frameworks insist on it being in there. I tend to always include them, but I use a text editor that I know won't add characters to the end after the final ? -- Thanks, Ash http://www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HTTP headers and include()
At 12:09 PM +0100 7/12/09, Ashley Sheridan wrote: On Sunday 12 July 2009 12:01:12 Lenin wrote: On Fri, Jul 10, 2009 at 12:49 PM, Michael A. Peters mpet...@mac.com wrote: James Colannino wrote: White space can cause this - make sure your code has ?php as the very top and ? at the very bottom, or the white space may trigger the web server to send a header and the white space as data before the cookie for session_start() is sent. Well, at the end of the file dont put a ? on your php files especially which files you are gonna include at others. It would save you some dreadfull buggy times. Its also practiced in the framework programming. Well, some frameworks insist on it being in there. I tend to always include them, but I use a text editor that I know won't add characters to the end after the final ? -- Thanks, Ash Ash: I do the same. It would brother me (lack of symmetry) if I didn't include a ? at the end of my scripts. As for additional characters after the ?, I make sure my terminations don't have any. Just because characters can be white space doesn't mean you can't detect them. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
At 5:16 AM +0530 7/12/09, Zareef Ahmed wrote: I always said : Being good and Being FORCED to be good are two different things... and PHP normally don't force us to be good that why PHP is the most popular programming language with a large code base which WORKS but not as per the standard or recommended way ; so keep you old code as long as it works Sorry for TOP posting This mailing list also don't force us to be good :) Zareef Ahmed Yes, and unfortunately mailing list also don't force people to trim their post as well. You know I have difficulty understanding the rudeness and lack of respect that a few people have with just following the simple rules of a mailing list. They post to this list as if they can say and do anything without it mattering. They don't care if others have to wade through their nonsense in an attempt to find the point. They don't care if their post don't help others for posterity. They even don't care that their posts are of public record displaying their rudeness and lack of professionalism for all to see, including potential employers and clients. I don't understand such lack of respect for themselves and others. While I have no control over what people do on this list, I do have control over what I do. So, when I encounter people who create more problems than they are worth, then I stop posting answers to their questions. I figure that if they don't get their questions answered, then they can go elsewhere, which improves the quality of this list. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySql Injection advice
At 6:39 PM -0400 7/11/09, Haig Dedeyan wrote: [1] mysql_query(INSERT INTO phonedir (fname, lname) VALUES('$new_fname','$new_lname')) or die(mysql_error()); or [2] mysql_query(INSERT INTO phonedir (fname, lname) VALUES('.mysql_real_escape_string($new_fname).','.mysql_real_escape_string($new_lname).')) or die(mysql_error()); I always do [1] and NOT [2]. The reason for this is that when I clean and scrub data prior to insertion, I may do more than pass it through a mysql_real_escape_string() function. For example, I may want to trim() it; or check if it's a valid email address; or check if it's a number; or do any number of other checks prior to insertion. I don't want to place all those functions into a query, so why place one? Lastly, I think [1] is easier to read than [2]. That's my take. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySql Injection advice
Hi gang: I am top posting only to show that the following post makes no sense as to who said what. At what point here Zareef, did you think you were helping anyone? Or is this more of your I'm going to do whatever I want attitude? I would hate to review code with such lack of forethought and consideration for others to read. tedd -- totally useless post follows: At 5:51 AM +0530 7/12/09, Zareef Ahmed wrote: On Sun, Jul 12, 2009 at 4:09 AM, Haig Dedeyan mailto:hdede...@videotron.cahdede...@videotron.ca wrote: On July 11, 2009 10:57:14 am Haig Dedeyan wrote: At 10:12 PM -0400 7/10/09, Haig Dedeyan wrote: [1] $fname = mysql_real_escape_string($fname); $lname = mysql_real_escape_string($lname); $sql = UPDATE phonedir SET fname = '$fname',lname = '$lname' WHERE id=$id; $result = mysql_query($sql); echo mysql_error() . \n; This will result in the addition of the slashes. [2] If I do the following, there are no slashes. Just wondering if I'm on the right path with the 1st code set.. $sql = UPDATE phonedir SET fname = '.mysql_real_escape_string($fname).',lname = '.mysql_real_escape_string($lname).' WHERE id=$id; $result = mysql_query($sql); echo mysql_error() . \n; Haig: Interesting, I did not know that -- that sounds like a bug to me -- both should be the same. However, I commonly do [1] and when I have to display the data to a browser, then I use htmlentities() and stripslashes() before displaying the data. That way names like O'Brian appear correctly -- else they appear 0\'Brian. Now maybe I'm doing something wrong, but this way works for me. If there is a better way, I would like to here it. Cheers, tedd Thanks Tedd. I did more testing and here's what I have found. @PHPSter - magic quotes are off Just entering simple data where an apostrophe is part of the data. The following code is entering the slash but that's becuase I am escaping it twice since mysql_num_rows is throwing an error if an apostrophe is in its search: 1 - $new_fname = mysql_real_escape_string($new_fname); $new_lname = mysql_real_escape_string($new_lname); $result = mysql_query(SELECT * FROM phonedir WHERE fname = '$new_fname' lname = '$new_lname'); $num_rows = mysql_num_rows($result); The error message may be saying the mysql_num_rows is throwing an error but actual error is on mysql_query function level (Not a correct query) if($num_rows 0) { echo $fname. .$lname. already exists; } else { mysql_query(INSERT INTO phonedir (fname, lname) VALUES('.mysql_real_escape_string($new_fname).','.mysql_real_escape_string($new_lname).')) or die(mysql_error()); BTW twice escaping is not good 2 - If I do the same code above without the mysql_num_rows and no escaping, the data doesn't get entered. I think this is normal behaviour. Welcome to hell of quotes :( 3 - If I do any of the 2 following sets of code where there is 1 instance of escaping, the data gets entered with the apostrophe but I don't see any back slash entered. The part that I am concerned about is if I should be seeing the backslash entered without having to double escape, Please see magic_quotes_runtime setting configuration... http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-runtimehttp://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-runtime If it is enables it will automatically removed the slashes from any external source including databases... It was there to make the life of developer somewhat easier ()... magic quotes things are deprecated and completely will be removed in PHP 6 $new_fname = mysql_real_escape_string($new_fname); $new_lname = mysql_real_escape_string($new_lname); $result = mysql_query(SELECT * FROM phonedir WHERE fname = '$new_fname' lname = '$new_lname'); $num_rows = mysql_num_rows($result); if($num_rows 0) { echo $fname. .$lname. already exists; } else { mysql_query(INSERT INTO phonedir (fname, lname) VALUES('$new_fname','$new_lname')) or die(mysql_error()); or mysql_query(INSERT INTO phonedir (fname, lname) VALUES('.mysql_real_escape_string($new_fname).','.mysql_real_escape_string($new_lname).')) or die(mysql_error()); -- Zareef Ahmed :: A PHP Developer in India ( Delhi ) Homepage :: http://www.zareef.nethttp://www.zareef.net -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySql Injection advice
At 9:26 PM -0400 7/11/09, Haig Dedeyan wrote: @Tedd - I will be looking into prepared statements eventually but I still want to understand escaping. Haig: I'm not the one pushing the prepared statements, that's someone else. However, I can see how you might think that considering how people have responded to your post. Mailing list rules have purpose and if people don't follow them, then confusion does. As for prepared statements, I'm no authority on them, but from what I've read they are not going to be something I'll be practicing anytime soon. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: RFC/Survey for Our Newer Folks (Including Lurkers)
At 11:11 PM -0400 7/11/09, D.M.Jackson wrote: I'll try not to be a nuisance with frivolous questions and go to the docs and search engines first. Mark: First, welcome to the list. Second, there are no frivolous questions. If you have a question, just ask. Third, searching the docs and SE first is good, but sometimes you may not know what to search for, if so we can help. Fourth, don't be embarrassed by something you don't know -- because you're not alone. I often ask question on this list as well. I'm never held back by my ignorance, as I am sure some here will testify. The only dumb question is the one that isn't asked. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: RFC/Survey for Our Newer Folks (Including Lurkers)
At 11:17 PM -0500 7/11/09, Adam Shannon wrote: Hello, I've been a developer for a little over a year now (I started when I just turned 16), frankly I love coding and helping out others. I joined the list as my second mailing list (WHATWG is first), mailing lists just provide a different atmosphere than forums, blogs or message boards. I found the list by the link on php.net (lists.php.net), I mainly joined to grow in my experience with PHP. -- - Adam Shannon ( http://ashannon.us ) Adam: 16! I have underwear older than that. :-) But when I was 16, computers hadn't been invented yet, so you're ahead of the game in my book. Welcome to the list. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] RFC/Survey for Our Newer Folks (Including Lurkers)
At 8:54 AM +0100 7/12/09, Ashley Sheridan wrote: I was using the php.net website for ages for syntax reference, saw the mailing list and figured why not. No amazing story, but now you're all stuck with me :p -- Thanks, Ash Ash: You've been here longer than 90 days, right? Apparently your reading and retention skills are fading like mine. Old age is a bitch. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] RFC/Survey for Our Newer Folks (Including Lurkers)
On Sunday 12 July 2009 14:32:01 tedd wrote: At 8:54 AM +0100 7/12/09, Ashley Sheridan wrote: I was using the php.net website for ages for syntax reference, saw the mailing list and figured why not. No amazing story, but now you're all stuck with me :p -- Thanks, Ash Ash: You've been here longer than 90 days, right? Apparently your reading and retention skills are fading like mine. Old age is a bitch. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com Yeah, I'll put it down to old age and not my reading laziness! -- Thanks, Ash http://www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] RFC/Survey for Our Newer Folks (Including Lurkers)
On Sun, Jul 12, 2009 at 09:45, Ashley Sheridana...@ashleysheridan.co.uk wrote: Yeah, I'll put it down to old age and not my reading laziness! You're just lucky Tedd got to you first, Ash. I was going to fairy-slap you for messing up the rotation! You've been here, what, about a year now? ;-P And here's hoping there will be more to come. -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySql Injection advice
On Sun, Jul 12, 2009 at 6:32 PM, tedd tedd.sperl...@gmail.com wrote: Hi gang: I am top posting only to show that the following post makes no sense as to who said what. At what point here Zareef, did you think you were helping anyone? Or is this more of your I'm going to do whatever I want attitude? As far as I understand the main problem was the original poster was NOT SEEING slashes in the output from database after successful insertion ( with only single use of mysql_real_escape_string), so I put my 50 cent on the magic quotes runtime.. (My understanding of the actual problem may be wrong thus the suggestion in context) I am sorry if I offended anyone I would hate to review code with such lack of forethought and consideration for others to read. tedd -- totally useless post follows: At 5:51 AM +0530 7/12/09, Zareef Ahmed wrote: On Sun, Jul 12, 2009 at 4:09 AM, Haig Dedeyan mailto: hdede...@videotron.cahdede...@videotron.ca wrote: On July 11, 2009 10:57:14 am Haig Dedeyan wrote: At 10:12 PM -0400 7/10/09, Haig Dedeyan wrote: [1] $fname = mysql_real_escape_string($fname); $lname = mysql_real_escape_string($lname); $sql = UPDATE phonedir SET fname = '$fname',lname = '$lname' WHERE id=$id; $result = mysql_query($sql); echo mysql_error() . \n; This will result in the addition of the slashes. [2] If I do the following, there are no slashes. Just wondering if I'm on the right path with the 1st code set.. $sql = UPDATE phonedir SET fname = '.mysql_real_escape_string($fname).',lname = '.mysql_real_escape_string($lname).' WHERE id=$id; $result = mysql_query($sql); echo mysql_error() . \n; Haig: Interesting, I did not know that -- that sounds like a bug to me -- both should be the same. However, I commonly do [1] and when I have to display the data to a browser, then I use htmlentities() and stripslashes() before displaying the data. That way names like O'Brian appear correctly -- else they appear 0\'Brian. Now maybe I'm doing something wrong, but this way works for me. If there is a better way, I would like to here it. Cheers, tedd Thanks Tedd. I did more testing and here's what I have found. @PHPSter - magic quotes are off Just entering simple data where an apostrophe is part of the data. The following code is entering the slash but that's becuase I am escaping it twice since mysql_num_rows is throwing an error if an apostrophe is in its search: 1 - $new_fname = mysql_real_escape_string($new_fname); $new_lname = mysql_real_escape_string($new_lname); $result = mysql_query(SELECT * FROM phonedir WHERE fname = '$new_fname' lname = '$new_lname'); $num_rows = mysql_num_rows($result); The error message may be saying the mysql_num_rows is throwing an error but actual error is on mysql_query function level (Not a correct query) if($num_rows 0) { echo $fname. .$lname. already exists; } else { mysql_query(INSERT INTO phonedir (fname, lname) VALUES('.mysql_real_escape_string($new_fname).','.mysql_real_escape_string($new_lname).')) or die(mysql_error()); BTW twice escaping is not good 2 - If I do the same code above without the mysql_num_rows and no escaping, the data doesn't get entered. I think this is normal behaviour. Welcome to hell of quotes :( 3 - If I do any of the 2 following sets of code where there is 1 instance of escaping, the data gets entered with the apostrophe but I don't see any back slash entered. The part that I am concerned about is if I should be seeing the backslash entered without having to double escape, Please see magic_quotes_runtime setting configuration... http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-runtime http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-runtime If it is enables it will automatically removed the slashes from any external source including databases... It was there to make the life of developer somewhat easier ()... magic quotes things are deprecated and completely will be removed in PHP 6 $new_fname = mysql_real_escape_string($new_fname); $new_lname = mysql_real_escape_string($new_lname); $result = mysql_query(SELECT * FROM phonedir WHERE fname = '$new_fname' lname = '$new_lname'); $num_rows = mysql_num_rows($result); if($num_rows 0) { echo $fname. .$lname. already exists; } else { mysql_query(INSERT INTO phonedir (fname, lname) VALUES('$new_fname','$new_lname')) or die(mysql_error()); or mysql_query(INSERT INTO phonedir (fname, lname) VALUES('.mysql_real_escape_string($new_fname).','.mysql_real_escape_string($new_lname).')) or die(mysql_error()); -- Zareef Ahmed :: A PHP Developer in India ( Delhi ) Homepage :: http://www.zareef.nethttp://www.zareef.net -- --- http://sperling.com http://ancientstones.com
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
On Sun, Jul 12, 2009 at 03:08, Eddie Drapkinoorza...@gmail.com wrote: Two things: 1) I've never head of an email list changing their rules to cater to a fringe crowd, like Nokia 6020 users. 2) Why does every thread lately degrade into chatter about top/bottom posting? *looks RIGHT AT D. Brown* Re: (2) --- Look at who put the comment out there prior to my response, and then look through the archives you'll see it's not lately. However, there are many more people posting all throughout thread positions, wherever they feel, so it garners a mention, because many may not be aware that no-top-posting is a written rule here. (Looks back at Eddie, stares him down, then blows a kiss at him, causing Eddie to throw up in his mouth a little.) -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] RFC/Survey for Our Newer Folks (Including Lurkers)
On Sunday 12 July 2009 15:54:27 Daniel Brown wrote: On Sun, Jul 12, 2009 at 09:45, Ashley Sheridana...@ashleysheridan.co.uk wrote: Yeah, I'll put it down to old age and not my reading laziness! You're just lucky Tedd got to you first, Ash. I was going to fairy-slap you for messing up the rotation! You've been here, what, about a year now? ;-P And here's hoping there will be more to come. About a year and a half now I think. -- Thanks, Ash http://www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] RFC/Survey for Our Newer Folks (Including Lurkers)
Daniel P. Brown wrote: What I would like to know is how you found out about this list. I had seen it and the others on php.net. When I decided to get serious about programming in general and PHP in particular, I signed up. Lurked for a while. Then finally posted when I had an issue I couldn't figure out on my own. SL -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySql Injection advice
At 8:24 PM +0530 7/12/09, Zareef Ahmed wrote: On Sun, Jul 12, 2009 at 6:32 PM, tedd mailto:tedd.sperl...@gmail.comtedd.sperl...@gmail.com wrote: Hi gang: I am top posting only to show that the following post makes no sense as to who said what. At what point here Zareef, did you think you were helping anyone? Or is this more of your I'm going to do whatever I want attitude? As far as I understand the main problem was the original poster was NOT SEEING slashes in the output from database after successful insertion ( with only single use of mysql_real_escape_string), so I put my 50 cent on the magic quotes runtime.. (My understanding of the actual problem may be wrong thus the suggestion in context) I am sorry if I offended anyone Zareef: You are missing the point. It's not an issue of offending anyone but rather if someone is going to contribute, it makes sense to be clear as to what you are contributing -- else -- it just becomes noise. When you are reviewing a long post and then inject your comments within it, while it may make sense to you, it may not make sense to others. As with all communication, it's better to be clear than obtuse. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySql Injection advice
On Sun, Jul 12, 2009 at 8:42 PM, tedd tedd.sperl...@gmail.com wrote: At 8:24 PM +0530 7/12/09, Zareef Ahmed wrote: On Sun, Jul 12, 2009 at 6:32 PM, tedd mailto:tedd.sperl...@gmail.com tedd.sperl...@gmail.com wrote: Hi gang: I am top posting only to show that the following post makes no sense as to who said what. At what point here Zareef, did you think you were helping anyone? Or is this more of your I'm going to do whatever I want attitude? As far as I understand the main problem was the original poster was NOT SEEING slashes in the output from database after successful insertion ( with only single use of mysql_real_escape_string), so I put my 50 cent on the magic quotes runtime.. (My understanding of the actual problem may be wrong thus the suggestion in context) I am sorry if I offended anyone Zareef: You are missing the point. It's not an issue of offending anyone but rather if someone is going to contribute, it makes sense to be clear as to what you are contributing -- else -- it just becomes noise. 100% Agree When you are reviewing a long post and then inject your comments within it, while it may make sense to you, it may not make sense to others. Yes injecting comments within a long post can lead to many misunderstanding about the purpose of suggestion. As with all communication, it's better to be clear than obtuse. Agree, but I believe obtuse word meaning is contextual and depends :) This is my last post in this thread. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- Zareef Ahmed :: A PHP Developer in India ( Delhi ) Homepage :: http://www.zareef.net
Re: [PHP] HTTP headers and include()
On Fri, Jul 10, 2009 at 12:54 PM, James Colannino ja...@colannino.orgwrote: Eddie Drapkin wrote: HTTP headers are sent and finalized after the first bit of output. I had the same problem before and it turned out to be because I had a close tag ? at the end of a file followed by some whitespace. The solution was to remove the ? from the end of all the files and I haven't closed an entire file since. Perhaps that might be it? Hmm... In fact, I did close all my include files with the ? tag, and per Michael's observation in another response, there is a line of whitespace after the closing tag in my include files. I tried getting rid of the trailing whitespace, and removed the closing tags. Unfortunately, even after that, when I place my include files before session_start, I get the same problem. There's no leading whitespace before the starting ?php tag, so I'm still a little at a loss. It's not too big of a deal though; I simply placed my include files after the call to session_start(). That seems to solve the problem. That's a good practice, (Although not optimal is some application setups ) but I am wondering why you are not getting information about exact place where output is being started. You should get a headers already sent output started at kind of error if you have enabled error reporting with display_errors ON. James -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Zareef Ahmed :: A PHP Developer in India ( Delhi ) Homepage :: http://www.zareef.net
[PHP] Re: RFC/Survey for Our Newer Folks (Including Lurkers)
Daniel P. Brown wrote: What I would like to know is how you found out about this list. Hi, I've been using php in a unix enviroment from the beginning and always found sufficient and useful information without using news.php.net . Recently I've begun maintaining a mixed OS system and have a need to use php on windows (mostly to encourage the shop to move everything off windows) . The information and support of php on windows is not as good. Thus, I sought more sources and decided to use news.php.net. Not much for the MS platform and I have no answer to the owners when they suggest getting rid of all the freebsd/apache/php/mysql boxes. They are aware of all the pecl extensions and also aware that the windows.php.net site has not yet supported binary extension builds. Urgh ! What do I tell them? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Establishing PHP Session From a Different Host
Hello, How does one continue a php session on a different domain (domain B) than the domain (domain A) that started the session? That is, I want to hand-off a session to another domain, but I do not see how to do this as one cannot set a cookie for another domain (for valid reasons). I was thinking I could pass a one-time-access token in the url of domain B, but i'm dissatisfied with this solution as it gets unwieldy if there are a high volume of requests (such as a document server). Otherwise, I would think the user would have to re-identify (enter username/password) themselves on domain B. I am wondering if someone can enlighten me on how to have seemless session integration across multiple domains. I realize that if the domain has a different php engine, then i'd have to manage the session data outside of php's internal session data store (ie...with something like MySQL). Also, the domains are not subdomains of each other. 1) An example where one might want to do this is to establish a document/asset server on domain B to deliver content of different access levels to domain A's page (and also possibly domain C, D, E, etc...). Maybe I could do some server to server work passing the contents of a readfile(), where domain B always trusts requests from domain A. 2) But what about in situations where I literally want to migrate the user's session from one domain and hand it off to another domain, where both domains have access to the same data tables. How does one do this? Maybe I need to do some reading on load balancing to help me understand how state is maintained across several servers, but i was hoping this community might be able to guide/point me in the proper direction. Thanks, dK ` -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Establishing PHP Session From a Different Host
On Sun, Jul 12, 2009 at 12:37, Daniel Kolbokolb0...@umn.edu wrote: Hello, How does one continue a php session on a different domain (domain B) than the domain (domain A) that started the session? Simple answer: you don't. Extended answer: you can, but only if the domains reside on the same physical host, or in a setup where one domain can read the physical files of another across hosts. When you store information in a $_SESSION array, it stores one key (the PHPSESSID value) in a cookie on the client side, and then stores what is supposed to be a more-secure version of the cookie - containing all of the stored data - as a flat file on the server side (usually in /tmp or ~/tmp). As such, you shouldn't be able to read them from a different domain unless your host is insecure, in which you won't have to worry only about this, but also full cross-site-scripting vulnerabilities. Other options would be parking or doing an addon domain, or something of the like. However, this all gets more into operating system and network security, and HTTP server configurations. Combined answer: you can, but you should really re-evaluate your code and current capabilities before trying to do so. You may even want to consider setting up a trust relationship with a centralized database such as MySQL to allow the second domain to READ ONLY from the first. Check in the database on the first domain to see if a user is logged in, if they were active within the last x (seconds|minutes|hours), and from what IP they were logged in. If things seem to match up, write the $_SESSION variables for login without prompting the user to re-authenticate manually. -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HTTP headers and include()
Zareef Ahmed wrote: You should get a headers already sent output started at kind of error if you have enabled error reporting with display_errors ON. Actually, I did. I just didn't think to mention it in my first post. The thing was that it said it was coming from one of my includes, even though I wasn't yet printing anything to the browser. That's why I was so confused. I've been following what tedd said in an earlier post (to make session_start() your first line of code) and haven't had a problem since. James -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: RFC/Survey for Our Newer Folks (Including Lurkers)
pan wrote: Recently I've begun maintaining a mixed OS system and have a need to use php on windows (mostly to encourage the shop to move everything off windows) . The information and support of php on windows is not as good. Thus, I sought more sources and decided to use news.php.net. Not much for the MS platform and I have no answer to the owners when they suggest getting rid of all the freebsd/apache/php/mysql boxes. They are aware of all the pecl extensions and also aware that the windows.php.net site has not yet supported binary extension builds. Urgh ! What do I tell them? How about what you started with here: The information and support of php on windows is not as good. /Per -- Per Jessen, Zürich (20.4°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HTTP headers and include()
On Sun, Jul 12, 2009 at 11:27 PM, James Colannino ja...@colannino.orgwrote: Zareef Ahmed wrote: You should get a headers already sent output started at kind of error if you have enabled error reporting with display_errors ON. Actually, I did. I just didn't think to mention it in my first post. The thing was that it said it was coming from one of my includes, even though I wasn't yet printing anything to the browser. That's why I was so confused. Its not only print or echo command which may output. As Michael was pointing even a space can cause this problem. Your error message will tell you about exact location of the problem spot with line number. (If you are only getting this problem after uploading your code to server then your FTP client may be culprit) I've been following what tedd said in an earlier post (to make session_start() your first line of code) and haven't had a problem since. Yes, its a good practice for almost all applications and you should do it always unless you have a reason to do otherwise. If its really hard to maintain (like working with older codebase with lots of references to session_start in the middle of application process) then just putting ob_start at very start of application can also solve the problem. James -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Zareef Ahmed :: A PHP Developer in India ( Delhi ) Homepage :: http://www.zareef.net
Re: [PHP] Establishing PHP Session From a Different Host
Daniel Brown wrote: On Sun, Jul 12, 2009 at 12:37, Daniel Kolbokolb0...@umn.edu wrote: Hello, How does one continue a php session on a different domain (domain B) than the domain (domain A) that started the session? Simple answer: you don't. Extended answer: you can, but only if the domains reside on the same physical host, or in a setup where one domain can read the physical files of another across hosts. When you store information in a $_SESSION array, it stores one key (the PHPSESSID value) in a cookie on the client side, and then stores what is supposed to be a more-secure version of the cookie - containing all of the stored data - as a flat file on the server side (usually in /tmp or ~/tmp). As such, you shouldn't be able to read them from a different domain unless your host is insecure, in which you won't have to worry only about this, but also full cross-site-scripting vulnerabilities. Other options would be parking or doing an addon domain, or something of the like. However, this all gets more into operating system and network security, and HTTP server configurations. Combined answer: you can, but you should really re-evaluate your code and current capabilities before trying to do so. You may even want to consider setting up a trust relationship with a centralized database such as MySQL to allow the second domain to READ ONLY from the first. Check in the database on the first domain to see if a user is logged in, if they were active within the last x (seconds|minutes|hours), and from what IP they were logged in. If things seem to match up, write the $_SESSION variables for login without prompting the user to re-authenticate manually. Thanks for the responses. Re: Simple answer I thought of another example. My bank's website. I sign-in and authenticate with bank.com. Then, i click credit card from bank.com and i'm redirected to creditcard.com without me having to reinput user/pass. They clearly do it (granted they have a lot more resources then I do, but i'd still like to know how they are doing it). Re: extended answer Not that i'd be able to do this, but what type of software is required to set up two remote physical hosts that can share files? Can this be accomplished through apache or perhaps plugging in some network app into apache? I don't fully understand how 'parking/addon' domains would accomplish the goal. Would you explain this option a bit more thoroughly please? Re: combined answer The trust relationship idea is what i have to work with. However, i am not using IP addresses for authentication as I was told this could alienate legitimate users and that IPs may be easily masked. Thus, i was thinking about using a one-time-access token passed in the url (essentially the same idea as the password verification links sent to email in-boxes). Once the user enters domain B with the one time access token, compare this token with last activity time via MySQL. Then if all looks okay to set a cookie with the same sesion ID as was established on domain A. As request time on domain A and subsequent request time on domain B are very close together I could require that the IPs stay consistent during that short-lived time frame. Does the above all seem reasonable (though headache prone)? I'm curious to hear your two cents. I am also curious to know how the big boys do this type of thing. Do you have any links, software applications names, or other types of keywords i could use to research about this type of thing? Thanks for your time, dK ` -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A prepared statements question
Hello everyone, I am having a problem getting my prepared statements working. Here is my setup... index.php - authenticate.php - admin.php 1)index.php has a login form on it so when someone enters their username the form redirects to another page I call authenticate.php. 2)In the authenticate.php file I want to use prepared statements to interact with the MySQL database. I want to compare the username submitted from the form with the username in the database. 3)If the login username was legitimate then you are forwarded to admin.php Its step 2 I am having problems with. Here is what I have but I don't think it makes any sense and it doesn't work. $link = mysqli_connect($hostname, $dbusername, $password, $database); $stmt = mysqli_prepare($link, SELECT * FROM administrators WHERE adminusers=?); mysqli_stmt_bind_param($stmt, 's', $username); $result = mysqli_stmt_execute($stmt); $count=mysqli_num_rows($result); if($count==1){ header(location:admin.php); } else { echo Failure; } Any help is appreciated. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php For anyone reading this thread, here is the final code that I used... $link = mysqli_connect($hostname, $username, $password, $database); $stmt = mysqli_prepare($link, SELECT * FROM administrators WHERE adminusers=?); mysqli_stmt_bind_param($stmt, s, $adminuser); mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); $count = mysqli_stmt_num_rows($stmt); if($count==1){ header(location:admin.php); } else { echo Failure; } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySql Injection advice
On Sat, 11 Jul 2009 21:26:36 -0400, Haig Dedeyan wrote: On Sun, Jul 12, 2009 at 4:09 AM, Haig Dedeyan hdede...@videotron.ca wrote: mysql_query(INSERT INTO phonedir (fname, lname) VALUES('$new_fname','$new_lname')) or die(mysql_error()); I won;t be using 2x escapes but I just need to know if I should be seeing the backslash in the dbase. No, the backslashes should not be stored in the database. They are only there to tell the database engine how to separate data from the SQL syntax. /Nisse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySql Injection advice
On Sun, Jul 12, 2009 at 09:07:45AM -0400, tedd wrote: snip As for prepared statements, I'm no authority on them, but from what I've read they are not going to be something I'll be practicing anytime soon. Aside from Stuart's comments about slowness, what else have you read that makes you discount the use of prepared statements? The PDO class emphasizes that you're safe from SQL injection exploits, which seems a big plus. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A prepared statements question
On Sun, 12 Jul 2009 15:25:15 -0400 (EDT), Jason Carson wrote: For anyone reading this thread, here is the final code that I used... $link = mysqli_connect($hostname, $username, $password, $database); $stmt = mysqli_prepare($link, SELECT * FROM administrators WHERE adminusers=?); mysqli_stmt_bind_param($stmt, s, $adminuser); mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); $count = mysqli_stmt_num_rows($stmt); if($count==1){ header(location:admin.php); } else { echo Failure; } You should always check for errors, so... /* without actually testing or checking against the manual */ $q = SELECT * FROM administrators WHERE adminusers=?; if ( $link = mysqli_connect($hostname, $username, $password, $database) $stmt = mysqli_prepare($link, $q) mysqli_stmt_bind_param($stmt, s, $adminuser) mysqli_stmt_execute($stmt) mysqli_stmt_store_result($stmt)) { $count = mysqli_stmt_num_rows($stmt); } else { /* Of course, at this point it would be nice to know which function failed. I don't think there is a neat way to find that out, and checking every function for errors would make the code look much much worse than using the old mysql[i]_query functions. Bleah. */ } /Nisse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A prepared statements question
if ( $link = mysqli_connect($hostname, $username, $password, $database) $stmt = mysqli_prepare($link, $q) mysqli_stmt_bind_param($stmt, s, $adminuser) mysqli_stmt_execute($stmt) mysqli_stmt_store_result($stmt)) { $count = mysqli_stmt_num_rows($stmt); } else { /* Of course, at this point it would be nice to know which function failed. I don't think there is a neat way to find that out, and checking every function for errors would make the code look much much worse than using the old mysql[i]_query functions. Bleah. */ } /Nisse Not to sort of start (another) holy war on this list, but it's ugly blocks of code like this that pushed me into using PDO. This, IMO, is so much easier to read: try { $stmt = $pdo-prepare(); $stmt-bindValue(); $stmt-execute(); $stmt-numRows(); } catch (PDOException $p) { //do stuff } I would much rather try/catch exceptions than clutter up code with hundreds of if/elseif/else statements. This is just my opinion, of course :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP/mysql equivalent of PEAR's tableInfo()??
On Sat, Jul 11, 2009 at 19:57, Govindagovinda.webdnat...@gmail.com wrote: I have been using PEAR's tableInfo() to remind myself about the columns in the table.. but now I want to see as much data as possible about the table and its contents *without* using PEAR. (I.e. just using built in stuff for mysqli.) This is not mysqli_#() directly, but just mocked up here in this email. Not guaranteed to work, but should give you the right idea at least. ;-P ?php include('inc/config.php'); // Your configuration include('inc/db.php'); // Your database connection info $sql = SHOW TABLES; $result = mysql_query($sql); foreach(mysql_fetch_assoc($result) as $k = $v) { $ssql = DESCRIBE .mysql_real_escape_string($v); $rresult = mysql_query($ssql); echo b.$k./b:br /\n; echo pre\n; print_r(mysql_fetch_assoc($rresult)); echo /pre\n; echo br /\n; } ? Dan I get roughly the idea, but alas I am stumped so easily in this new ocean.. it frustrates me. I have this code: $db_billing=mysqli_connect(localhost,metheuser,mypass,billing); if (mysqli_connect_error()) { die(Can't connect: . mysqli_connect_error()); } //$dbname = 'billing'; $sql = SHOW TABLES; $result = mysql_query($sql); // line 53 foreach(mysql_fetch_assoc($result) as $k = $v) { // line 55 $ssql = DESCRIBE .mysql_real_escape_string($v); $rresult = mysql_query($ssql); echo b.$k./b:br /\n; echo pre\n; print_r(mysql_fetch_assoc($rresult)); echo /pre\n; echo br /\n; } Which is just giving these errors: Warning: mysql_query() [function.mysql-query]: Access denied for user 'meee'@'localhost' (using password: NO) in /home/meee/public_html/ somedir/test.php on line 53 Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/meee/public_html/somedir/test.php on line 53 Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/meee/public_html/somedir/test.php on line 55 Warning: Invalid argument supplied for foreach() in /home/meee/ public_html/somedir/test.php on line 55 -- I am looking forward to when I have enough of my bearings that I can just cruise around all the various docs and figure out my own answers. Now there are just so many unknowns, I often can't tell which way to even look to solve the issues. -G -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I am RTFM, but still stumbling on how to get built-in functions parsed in heredoc
On Sat, Jul 11, 2009 at 11:23:11AM -0400, Daniel Brown wrote: snip I used $html =HTML because it then syntax-highlights as HTML+PHP in Vim, and as many know, almost everything I do is from the command line and Vim. Vim FTW! (And mutt for the pwnage!) Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP/mysql equivalent of PEAR's tableInfo()??
Top-posting. This would be an excellent question for Prune (CC'd) to field, based on the error message. Prune? On Sun, Jul 12, 2009 at 17:49, Govindagovinda.webdnat...@gmail.com wrote: On Sat, Jul 11, 2009 at 19:57, Govindagovinda.webdnat...@gmail.com wrote: I have been using PEAR's tableInfo() to remind myself about the columns in the table.. but now I want to see as much data as possible about the table and its contents *without* using PEAR. (I.e. just using built in stuff for mysqli.) This is not mysqli_#() directly, but just mocked up here in this email. Not guaranteed to work, but should give you the right idea at least. ;-P ?php include('inc/config.php'); // Your configuration include('inc/db.php'); // Your database connection info $sql = SHOW TABLES; $result = mysql_query($sql); foreach(mysql_fetch_assoc($result) as $k = $v) { $ssql = DESCRIBE .mysql_real_escape_string($v); $rresult = mysql_query($ssql); echo b.$k./b:br /\n; echo pre\n; print_r(mysql_fetch_assoc($rresult)); echo /pre\n; echo br /\n; } ? Dan I get roughly the idea, but alas I am stumped so easily in this new ocean.. it frustrates me. I have this code: $db_billing=mysqli_connect(localhost,metheuser,mypass,billing); if (mysqli_connect_error()) { die(Can't connect: . mysqli_connect_error()); } //$dbname = 'billing'; $sql = SHOW TABLES; $result = mysql_query($sql); // line 53 foreach(mysql_fetch_assoc($result) as $k = $v) { // line 55 $ssql = DESCRIBE .mysql_real_escape_string($v); $rresult = mysql_query($ssql); echo b.$k./b:br /\n; echo pre\n; print_r(mysql_fetch_assoc($rresult)); echo /pre\n; echo br /\n; } Which is just giving these errors: Warning: mysql_query() [function.mysql-query]: Access denied for user 'meee'@'localhost' (using password: NO) in /home/meee/public_html/somedir/test.php on line 53 Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/meee/public_html/somedir/test.php on line 53 Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/meee/public_html/somedir/test.php on line 55 Warning: Invalid argument supplied for foreach() in /home/meee/public_html/somedir/test.php on line 55 -- I am looking forward to when I have enough of my bearings that I can just cruise around all the various docs and figure out my own answers. Now there are just so many unknowns, I often can't tell which way to even look to solve the issues. -G -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A prepared statements question
2009/7/12 Eddie Drapkin oorza...@gmail.com: This is just my opinion, of course :) Which is welcome. Preferrably, on the php-db@ list, but welcome nonetheless. ;-P -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] phpscriptor.com
On Sat, Jul 11, 2009 at 08:14:35AM -0700, PHPScriptor wrote: Ok this may look like spam but what the hell... I'm the owner of phpscriptor.com, I had bigg plans with this domainname but... well yes, no time. So I'm selling it. I don't want to make profit out of it. So for, lets say 200 dollar, you can have to domainname. And if you want, you get the website free with it. You don't want to make a profit, yet you're selling it for $200? Those two statements are contradictory. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP/mysql equivalent of PEAR's tableInfo()??
On Mon, Jul 13, 2009 at 3:19 AM, Govinda govinda.webdnat...@gmail.comwrote: On Sat, Jul 11, 2009 at 19:57, Govindagovinda.webdnat...@gmail.com wrote: I have been using PEAR's tableInfo() to remind myself about the columns in the table.. but now I want to see as much data as possible about the table and its contents *without* using PEAR. (I.e. just using built in stuff for mysqli.) This is not mysqli_#() directly, but just mocked up here in this email. Not guaranteed to work, but should give you the right idea at least. ;-P ?php include('inc/config.php'); // Your configuration include('inc/db.php'); // Your database connection info $sql = SHOW TABLES; $result = mysql_query($sql); foreach(mysql_fetch_assoc($result) as $k = $v) { $ssql = DESCRIBE .mysql_real_escape_string($v); $rresult = mysql_query($ssql); echo b.$k./b:br /\n; echo pre\n; print_r(mysql_fetch_assoc($rresult)); echo /pre\n; echo br /\n; } ? Dan I get roughly the idea, but alas I am stumped so easily in this new ocean.. it frustrates me. I have this code: $db_billing=mysqli_connect(localhost,metheuser,mypass,billing); if (mysqli_connect_error()) { die(Can't connect: . mysqli_connect_error()); } mysqli //$dbname = 'billing'; $sql = SHOW TABLES; $result = mysql_query($sql); // line 53 Now mysql, What are you doing? foreach(mysql_fetch_assoc($result) as $k = $v) { // line 55 $ssql = DESCRIBE .mysql_real_escape_string($v); $rresult = mysql_query($ssql); echo b.$k./b:br /\n; echo pre\n; print_r(mysql_fetch_assoc($rresult)); echo /pre\n; echo br /\n; } Which is just giving these errors: Warning: mysql_query() [function.mysql-query]: Access denied for user 'meee'@'localhost' (using password: NO) in /home/meee/public_html/somedir/test.php on line 53 Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/meee/public_html/somedir/test.php on line 53 Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/meee/public_html/somedir/test.php on line 55 Warning: Invalid argument supplied for foreach() in /home/meee/public_html/somedir/test.php on line 55 -- I am looking forward to when I have enough of my bearings that I can just cruise around all the various docs and figure out my own answers. Now there are just so many unknowns, I often can't tell which way to even look to solve the issues. -G -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Zareef Ahmed :: A PHP Developer in India ( Delhi ) Homepage :: http://www.zareef.net