[PHP] session class driving me nuts

2001-09-30 Thread andreas \(@work\) 

hi ,

gallerie.php:
---

session_start();

class ABCD {
function add_pic($picture,$galerie) {
 code here
   }
}



$artego = new ABCD;

$artego-add_pic(Santiego,Humstein);   -- line XX

. more code





when i run this script i get:

Fatal error: Call to a member function on a non-object in
/home/sites/site76/web/galerie/shop.php on line XX


if i remove

session_start();


THEN IT WORKS !



but i need the session


WHATS GOING ON ?



thank you

andreas



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP] database

2001-09-12 Thread andreas \(@work\) 

hi,

where can i get a database with the 

postal codes  from germany ?

i need to doublecheck the entries posted on our website


andre

[PHP] allow_call_time_pass_reference

2001-07-26 Thread andreas \(@work\) 

someone got a documentation for this ?


andreas

[PHP] mysql error

2001-07-13 Thread andreas \(@work\) 

hi all,

my script was now working for month but now 
suddenly get this error:


The table 'SQL90cb_0' is full

SELECT DISTINCT t1.id,t1.textd FROM tblEntry AS t1,tblTopic AS t2 ORDER BY 
t2.named,t1.textd
anyone know whats the problem ?

thank you

andreas

[PHP] Re: [PHP-DB] PhpMyAdmin phpPgAdmin Security Issues

2001-07-03 Thread andreas \(@work\) 

Dear Paul,

ive got 3 servers (dedicated) with mysql 3.22.32 and above and phpMyAdmin
2.1.0
but i cant reproduce the vulnerability

http://ip/phpMyAdmin/sql.php?server=000cfgServers[000][host]=hellobtnDrop=N
ogoto=/etc/passwd

is not working


Warning: MySQL Connection Failed: Access denied for user: 'httpd@localhost'
(Using password: NO) in /home/sites/siteX/web/phpMyAdmin/sql.php3 on line 56

Warning: MySQL: A link to the server could not be established in
/home/sites/siteX/web/phpMyAdmin/sql.php3 on line 56
Error


i use advanced uthentication



thank you

andreas







- Original Message -
From: Paul Burney [EMAIL PROTECTED]
To: php mailing list [EMAIL PROTECTED]
Sent: Monday, July 02, 2001 9:42 PM
Subject: [PHP-DB] PhpMyAdmin phpPgAdmin Security Issues


I don't know how many of you on this list are also on Bugtraq, but there
were some *very* interesting posts there this morning by Shaun Clowes.  You
can see them at:

http://www.securereality.com.au/archives.html

The relevant links to look at are A Study in Scarlet:
http://www.securereality.com.au/studyinscarlet.txt

And:

(SRPRE1) phpMyAdmin 2.1.0 and phpPgAdmin 2.2.1
http://www.securereality.com.au/srpre1.html

I imagine that many on this list do use phpMyAdmin or phpPgAdmin so this
post is very important.

Basically, depending on configuration, any user on the web can use
phpMyAdmin to view sensitive files (/etc/passwd), etc.  There is a patch
available.

The Study in Scarlet goes into details about other common PHP security
breaches, and a little about how to avoid them.  The problems aren't *so*
bad if you're running your own server and access is only given to a few
trusted developers.  You could probably retrain everyone to use
$HTTP_GET_VARS, etc.

However, there could be a multitude of problems on hosts with multiple
virtual users.  For example, the above exploit could be used to get a list
of the users and home directories in /etc/passwd and then a malicious user
could view directory listings and file contents from another user's
directory.  That could lead to database passwords escaping and other local
users modifying your data.  And that's only the tip of the iceberg.

I look forward to seeing Rasmus, Andi, Zeev, Stig etc. respond to this.

Sincerely,

Paul Burney

+-+-+
| Paul Burney | P: 310.825.8365 |
| Webmaster  Programmer | E: [EMAIL PROTECTED]   |
| UCLA - GSEIS - ETU   | W: http://www.gseis.ucla.edu/ |
+-+-+


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Re: [PHP-DB] PhpMyAdmin phpPgAdmin Security Issues

2001-07-03 Thread andreas \(@work\) 

hi chris,

server is running
mysql and php are working perfekt on all the servers


the correct url is

http://www.mydomain.com/phpMyAdmin/sql.php?server=000cfgServers[000][host]=
hellobtnDrop=Nogoto=/etc/passwd


and we tried that exploid now on  10 different dedicated servers
all with default phpMyAdmin istallation [ advanced authentication ]
[ freebsd // linux ]


but all of them still ask for authentication

so we are just worried that we do something wrong
or the url specifeid is wrong


thank yuo

andreas





- Original Message -
From: Chris Anderson [EMAIL PROTECTED]
To: Paul Burney [EMAIL PROTECTED]; andreas (@work)
[EMAIL PROTECTED]
Cc: php mailing list 2 [EMAIL PROTECTED]
Sent: Tuesday, July 03, 2001 6:40 PM
Subject: Re: [PHP] Re: [PHP-DB] PhpMyAdmin phpPgAdmin Security Issues


btw, that error looks more like a mysql setup / runtime problem. IE..is the
server running?
- Original Message -
From: Paul Burney [EMAIL PROTECTED]
To: andreas (@work) [EMAIL PROTECTED]
Cc: php mailing list 2 [EMAIL PROTECTED]
Sent: Tuesday, July 03, 2001 11:51 AM
Subject: [PHP] Re: [PHP-DB] PhpMyAdmin phpPgAdmin Security Issues


 on 7/3/01 5:47 AM, andreas (@work) ([EMAIL PROTECTED]) wrote:

  ive got 3 servers (dedicated) with mysql 3.22.32 and above and
phpMyAdmin
  2.1.0 but i cant reproduce the vulnerability

  i use advanced uthentication

 
http://ip/phpMyAdmin/sql.php?server=000cfgServers[000][host]=hellobtnDrop=N
  ogoto=/etc/passwd

 If that URL is copied correctly, it might be because there's no 
between
 the server=000 and the cfgServers[000][host].

 If not, maybe your particular configuration isn't vulnerable.

 If you use a Apache Auth for access to the folder and normal auth in
 phpmyadmin, you are not vulnerable to outsiders but *you* can still view a
 server's sensitive files which can be really dangerous in a shared server
 environment.

 Sincerely,

 Paul Burney

 +-+-+
 | Paul Burney | P: 310.825.8365 |
 | Webmaster  Programmer | E: [EMAIL PROTECTED]   |
 | UCLA - GSEIS - ETU   | W: http://www.gseis.ucla.edu/ |
 +-+-+


 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP] mysql - SUBSTRING

2001-05-12 Thread andreas \(@work\) 

hi,

if i use SUBSTRING(field,pos,len) in a SELECT statement it works fine

but i cant work it out how to use this function in the WHERE clause 

 ... WHERE  SUBSTRING(field,pos,len) LIKE ABC
 ... WHERE SUBSTRING(field,pos,len) = 'ABC'
 ... WHERE SUBSTRING(field,pos,len) LIKE 'ABC'

none of them work

is this not possible or whats wrong ?


thank you

andreas

Re: [PHP] Website production tool in PHP

2001-05-02 Thread andreas \(@work\) 

Hi,

search google or have a look at http://sourceforge.net/


http://www.phpgroupware.org/


maybe you find something 
and dont need to start from zero


greetings

andreas

p.s:  nice page ;-)


- Original Message - 
From: Michael O'Neal [EMAIL PROTECTED]
To: php [EMAIL PROTECTED]
Sent: Wednesday, May 02, 2001 7:26 PM
Subject: [PHP] Website production tool in PHP


Hi,

I am wondering if a website planning/production tool exists already in 
PHP?  This would be something that the agency and the client could use as 
a central meeting place about the project, with deadlines, comps, 
project brief, etc...

Unix based, PHP/MySQL setup is preferred.

I thought I'd mail the list before I built one from scratch.

Please email me directly at [EMAIL PROTECTED], as I am on the digest.  
Thanks!


mto

Michael O'Neal
Web Producer/ Autocrosser
ST 28 '89 Civic Si
-
 M   A   N   G   O
B  O  U  L  D  E  R 
-
http://www.thinkmango.com
[EMAIL PROTECTED]
p-303.442.1821
f-303.938.8507



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP] Re: [PHP-DB] super simple....... but!

2001-04-21 Thread andreas \(@work\) 


try


HTMLBODY
?php
echo "starting...";
if ( mysql_connect("localhost","php","php") )
  { echo "ok"; }
else {
echo "error!";
}
?
/BODY/HTML



- Original Message -
From: "Francois Boucher" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, April 21, 2001 10:34 PM
Subject: [PHP-DB] super simple... but!


I wrote this code but nothing append.  If i look de code in the browser it's
stopping to starting!

What is the problme?


HTMLBODY
?php
echo "starting...";
if ( mysql_connect("localhost","php","php") )
  { echo "ok"; }
else
echo "error!";

?
/BODY/HTML

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=   Franois Boucher  =-
-=  [EMAIL PROTECTED]=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-



--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP] Re: [PHP-DB] super simple....... but!

2001-04-21 Thread andreas \(@work\) 


try


HTMLBODY
?php
echo "starting...";
if ( mysql_connect("localhost","php","php") )
  { echo "ok"; }
else {
echo "error!";
}
?
/BODY/HTML



- Original Message -
From: "Francois Boucher" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, April 21, 2001 10:34 PM
Subject: [PHP-DB] super simple... but!


I wrote this code but nothing append.  If i look de code in the browser it's
stopping to starting!

What is the problme?


HTMLBODY
?php
echo "starting...";
if ( mysql_connect("localhost","php","php") )
  { echo "ok"; }
else
echo "error!";

?
/BODY/HTML

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=   Franois Boucher  =-
-=  [EMAIL PROTECTED]=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-



--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP] Re: [PHP-DB] Re: How to print last row in an array using WHILE?

2001-03-27 Thread andreas \(@work\) 

hi,

$myrow = mysql_fetch_array($result); // erase this line

while ($myrow = mysql_fetch_array($result)) { 


greetings 

andreas








- Original Message - 
From: "Jon Valvatne" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Tuesday, March 27, 2001 1:28 PM
Subject: [PHP-DB] Re: How to print last row in an array using WHILE?


What you are missing is the first row, not the last row.

To explain:

mysql_fetch_row() operates with an internal pointer which moves one step
down the result set with each call to the function. The first time it is
called, it returns the first row, and moves its pointer to the second row.
The second time it is called, it returns the second row, and moves its
pointer to the third row. And so on. When it gets to the end, it returns
false.

Your while() structure is exactly what's needed to iterate through the
result set. But because you call mysql_fetch_row() once before starting
the while loop, the first row disappears. When the while loop starts, the
internal pointer points to the second row.

So just remove the first mysql_fetch_row() call, and it should work fine.


Jon Valvatne


On Mon, 26 Mar 2001, Bob Stone wrote:

 Dear PHP Helpers,

 I have an array created by an mysql select statement.

 I have the code to display the "rows" from the select
 statement.

 Everything works fine except that only n-1 rows from
 the array will display.

 For example if the array contains four rows only three
 will display. If the array contains one row, nothing
 displays on the screen.

 I understand that a WHILE loop will count down to zero
 and then since it becomes false will quit, but how do
 I get the last (or first) row to print?

 Here is the code:

 HTML

 HEAD

 TITLE/TITLE

 /HEAD

 BODY BGCOLOR="#FF" TEXT="#00" LINK="#FF"
 VLINK="#800080"

 ?php

 $db = mysql_connect("localhost" , "phpuser" ,
 "phpuser");

 mysql_select_db("SVT",$db);

 // display individual record

 if ($user_name) {

$result = mysql_query("SELECT * FROM svt_members
 WHERE user_name='$user_name'",$db);

$myrow = mysql_fetch_array($result);

   while ($myrow = mysql_fetch_array($result)) {

 printf("Full Name: bfont color=\"green\"
 size=\"5\"%s %s %s %s\nbr/b/font",
 $myrow["salutation"], $myrow["first_name"],
 $myrow["mid_name"], $myrow["user_name"]);

 printf("Credentials and Degrees: bfont
 color=\"blue\" size=\3\"%s/font/b   Job Title:
 bfont color=\"blue\"
 size=\3\"%s/font/bbrCompany/Institution:
 bfont color=\"blue\"
 size=\3\"%sbr/font/bAddress: bfont
 color=\"blue\" size=\3\"%s %sbr/font/bCity:
 bfont color=\"blue\" size=\3\"%s/font/b
 State/Provence: bfont color=\"blue\"
 size=\3\"%sbr/font/bCountry: bfont
 color=\"blue\" size=\3\"%s/font/b   Postal Code:
 bfont color=\"blue\"
 size=\3\"%sbr/font/bVoice: bfont
 color=\"blue\" size=\3\"%s/font/b   Fax: bfont
 color=\"blue\" size=\3\"%sbr/font/bE-mail:
 bfont color=\"blue\" size=\3\"%s\nP/b/font",
 $myrow["cert_deg"], $myrow["job_title"],
 $myrow["institution"], $myrow["address_1"],
 $myrow["address_2"], $myrow["geo_loc"],
 $myrow["state"], $myrow["country"], $myrow["zip"],
 $myrow["phone"], $myrow["fax"], $myrow["e_mail"]);

 }

 }
 ?

 form method="post" action="?php echo $PHP_SELF ?"

 Enter Last Name To Search:  input type="Text"
 name="user_name"p

 input type="Submit" name="submit" value="Click To
 Search"

 /form

 /BODY

 /HTML

 Thank you very much for your help.

 Best regards,

 Bob Stone

 __
 Do You Yahoo!?
 Get email at your own domain with Yahoo! Mail.
 http://personal.mail.yahoo.com/?.refer=text



-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP] Re: [PHP-DB] How do I keep the selected showing...

2001-03-02 Thread andreas \(@work\) 

hi dave,


i usually do this from entries in a database

but it should also work this way with an array




// first make an array holding all the cities
$myTowns = array("London","New York","HongKong","Johannesburg");
$ArrayElements = 4;


this is now creating the dropdown-box:

select name="town"
?
for ($i=0;$i$ArrayElements;$i++) {
 $selma="";
 $tacco = $myTowns[$i];
 if ($tacco == $town) { $selma = "selected";}
 $item="option value=\"$tacco\" ".$selma."".$tacco."/option";
 echo $item;
}
?
/select



greetinx

andre
viva technologies


- Original Message -
From: "Dave Carrera" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, March 03, 2001 8:29 AM
Subject: [PHP-DB] How do I keep the selected showing...


 Hi All
 I have a fully functional db site which uses 2 sqls and 1 page to give our
 visitors info they need.

 That works fine, but some users have remarked that it would be nice that
the
 selected item from our drop down list stays shown when the page gives the
 info instead of going back to the top of the list.

 http://www.angelettes.co.uk/dates/index.php3 is the url in action and
 choosing different towns will show you what I mean.

 Its not the end of the world, as our visitors have said, but would be
nice.

 Any help is full appreciated.

 Dave C


 --
 PHP Database Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP] array

2001-02-19 Thread andreas \(@work\) 

hi,

is there a function to delete an item of an array

"1","7","14","33","99","A1","A12"

id like to delete the "33"


thank you

andreas

[PHP] array - too stupid

2001-02-18 Thread andreas \(@work\) 

hi,

how can i store an array in mysql ?


what i do now ( works fine  )



a) transform the array to a  delimeted string 
// $tempItem is a  dlimited stringexample: 4321117A12342WQ1243  
b) $tempItem = serialize($tempItem);

c) store it in mysql-table



and i get my array back with


d) $myItems = explode("",unserialize($myValueFromDB));



but i think theres an easier way out there
any solutions


greetings

andreas

[PHP] ssl

2001-02-12 Thread andreas \(@work\) 

hi all,

is there anything we should be aware of
if we like that our php/mysql pages
are working with an ssl-server ?


thank you

andre


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP] solution

2001-02-05 Thread andreas \(@work\) 

hi all,

we need to have a solution for the following stuff:

each member of the community should get his own page

something like

www.domain.com/tacco
www.domain.com/micco
www.domain.com/sicco


.


and we dont liek to build this structure as webfolders


so what we are thinking of is:

a 404 php-file which extracts the path  and generates a page for that out of
mysql


so, if someone likes to access

www.domain.com/tacco

theres no file but our 404php document will extract

tacco

and generate the page tacco from the database


===

possible ?

or is there a better solution out there ?


greetings

andreas


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] flash and php

2001-01-18 Thread andreas \(@work\) 

hi,

see   www.artfuntasy.com

just flash4, php3, mysql


greetings

andreas

- Original Message -
From: "Jacky@lilst" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, January 18, 2001 11:23 PM
Subject: [PHP] flash and php


Hi people,
Can PHP3 work with flash movie? I mean, something like using Php3 to run
flash content from db? If so, is there anywhere I can find out more
information?
cheers
Jack
[EMAIL PROTECTED]
"There is nothing more rewarding than reaching the goal you set for
yourself"



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] I love/hate FrontPage - need another HTML editor. - Dreamweaver 4

2001-01-16 Thread andreas \(@work\) 

hi,

here you see our FLASHBOOK

its just flash4, php and mysql

www.artfuntasy.com

greetings

andre

- Original Message -
From: "Murph" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, January 17, 2001 3:45 AM
Subject: Re: [PHP] I love/hate FrontPage - need another HTML editor. -
Dreamweaver 4


  I use Macromedia Dreamweaver 4 - it's the best ever for HTML and others.
 It
  recognizes the PHP extension and checks for syntax errors though it
 doesn't
  check for errors in the PHP-languages.


 It seems like there's an awful lot of people jumping on the Macromedia
 editor bandwagon and after visiting their site, I can see why! Holy smoke!
 There's an awful lot there to recommend that product.

 My thanks to Kath for helping me get FrontPage up and running for my
 immediate needs and to everyone else who recommended their favorite
editor.

 Dreamweaver is on the pricey side at $300 bucks for their basic version
but
 to buy the editor AND have access to the flashy Flash technology for a few
 more bucks really makes it rather attractive.

 Has anyone gone whole-hog and developed a site with Flash graphics AND a
 database? THAT would be something to see. Hell, I'd pimp my mother to be
 able to do something like THAT!

 Only kidding, Mom! I love you!

 Yours,
 Murph


 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]