[PHP] session class driving me nuts
hi , gallerie.php: --- session_start(); class ABCD { function add_pic($picture,$galerie) { code here } } $artego = new ABCD; $artego-add_pic(Santiego,Humstein); -- line XX . more code when i run this script i get: Fatal error: Call to a member function on a non-object in /home/sites/site76/web/galerie/shop.php on line XX if i remove session_start(); THEN IT WORKS ! but i need the session WHATS GOING ON ? thank you andreas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] database
hi, where can i get a database with the postal codes from germany ? i need to doublecheck the entries posted on our website andre
[PHP] allow_call_time_pass_reference
someone got a documentation for this ? andreas
[PHP] mysql error
hi all, my script was now working for month but now suddenly get this error: The table 'SQL90cb_0' is full SELECT DISTINCT t1.id,t1.textd FROM tblEntry AS t1,tblTopic AS t2 ORDER BY t2.named,t1.textd anyone know whats the problem ? thank you andreas
[PHP] Re: [PHP-DB] PhpMyAdmin phpPgAdmin Security Issues
Dear Paul, ive got 3 servers (dedicated) with mysql 3.22.32 and above and phpMyAdmin 2.1.0 but i cant reproduce the vulnerability http://ip/phpMyAdmin/sql.php?server=000cfgServers[000][host]=hellobtnDrop=N ogoto=/etc/passwd is not working Warning: MySQL Connection Failed: Access denied for user: 'httpd@localhost' (Using password: NO) in /home/sites/siteX/web/phpMyAdmin/sql.php3 on line 56 Warning: MySQL: A link to the server could not be established in /home/sites/siteX/web/phpMyAdmin/sql.php3 on line 56 Error i use advanced uthentication thank you andreas - Original Message - From: Paul Burney [EMAIL PROTECTED] To: php mailing list [EMAIL PROTECTED] Sent: Monday, July 02, 2001 9:42 PM Subject: [PHP-DB] PhpMyAdmin phpPgAdmin Security Issues I don't know how many of you on this list are also on Bugtraq, but there were some *very* interesting posts there this morning by Shaun Clowes. You can see them at: http://www.securereality.com.au/archives.html The relevant links to look at are A Study in Scarlet: http://www.securereality.com.au/studyinscarlet.txt And: (SRPRE1) phpMyAdmin 2.1.0 and phpPgAdmin 2.2.1 http://www.securereality.com.au/srpre1.html I imagine that many on this list do use phpMyAdmin or phpPgAdmin so this post is very important. Basically, depending on configuration, any user on the web can use phpMyAdmin to view sensitive files (/etc/passwd), etc. There is a patch available. The Study in Scarlet goes into details about other common PHP security breaches, and a little about how to avoid them. The problems aren't *so* bad if you're running your own server and access is only given to a few trusted developers. You could probably retrain everyone to use $HTTP_GET_VARS, etc. However, there could be a multitude of problems on hosts with multiple virtual users. For example, the above exploit could be used to get a list of the users and home directories in /etc/passwd and then a malicious user could view directory listings and file contents from another user's directory. That could lead to database passwords escaping and other local users modifying your data. And that's only the tip of the iceberg. I look forward to seeing Rasmus, Andi, Zeev, Stig etc. respond to this. Sincerely, Paul Burney +-+-+ | Paul Burney | P: 310.825.8365 | | Webmaster Programmer | E: [EMAIL PROTECTED] | | UCLA - GSEIS - ETU | W: http://www.gseis.ucla.edu/ | +-+-+ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: [PHP-DB] PhpMyAdmin phpPgAdmin Security Issues
hi chris, server is running mysql and php are working perfekt on all the servers the correct url is http://www.mydomain.com/phpMyAdmin/sql.php?server=000cfgServers[000][host]= hellobtnDrop=Nogoto=/etc/passwd and we tried that exploid now on 10 different dedicated servers all with default phpMyAdmin istallation [ advanced authentication ] [ freebsd // linux ] but all of them still ask for authentication so we are just worried that we do something wrong or the url specifeid is wrong thank yuo andreas - Original Message - From: Chris Anderson [EMAIL PROTECTED] To: Paul Burney [EMAIL PROTECTED]; andreas (@work) [EMAIL PROTECTED] Cc: php mailing list 2 [EMAIL PROTECTED] Sent: Tuesday, July 03, 2001 6:40 PM Subject: Re: [PHP] Re: [PHP-DB] PhpMyAdmin phpPgAdmin Security Issues btw, that error looks more like a mysql setup / runtime problem. IE..is the server running? - Original Message - From: Paul Burney [EMAIL PROTECTED] To: andreas (@work) [EMAIL PROTECTED] Cc: php mailing list 2 [EMAIL PROTECTED] Sent: Tuesday, July 03, 2001 11:51 AM Subject: [PHP] Re: [PHP-DB] PhpMyAdmin phpPgAdmin Security Issues on 7/3/01 5:47 AM, andreas (@work) ([EMAIL PROTECTED]) wrote: ive got 3 servers (dedicated) with mysql 3.22.32 and above and phpMyAdmin 2.1.0 but i cant reproduce the vulnerability i use advanced uthentication http://ip/phpMyAdmin/sql.php?server=000cfgServers[000][host]=hellobtnDrop=N ogoto=/etc/passwd If that URL is copied correctly, it might be because there's no between the server=000 and the cfgServers[000][host]. If not, maybe your particular configuration isn't vulnerable. If you use a Apache Auth for access to the folder and normal auth in phpmyadmin, you are not vulnerable to outsiders but *you* can still view a server's sensitive files which can be really dangerous in a shared server environment. Sincerely, Paul Burney +-+-+ | Paul Burney | P: 310.825.8365 | | Webmaster Programmer | E: [EMAIL PROTECTED] | | UCLA - GSEIS - ETU | W: http://www.gseis.ucla.edu/ | +-+-+ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] mysql - SUBSTRING
hi, if i use SUBSTRING(field,pos,len) in a SELECT statement it works fine but i cant work it out how to use this function in the WHERE clause ... WHERE SUBSTRING(field,pos,len) LIKE ABC ... WHERE SUBSTRING(field,pos,len) = 'ABC' ... WHERE SUBSTRING(field,pos,len) LIKE 'ABC' none of them work is this not possible or whats wrong ? thank you andreas
Re: [PHP] Website production tool in PHP
Hi, search google or have a look at http://sourceforge.net/ http://www.phpgroupware.org/ maybe you find something and dont need to start from zero greetings andreas p.s: nice page ;-) - Original Message - From: Michael O'Neal [EMAIL PROTECTED] To: php [EMAIL PROTECTED] Sent: Wednesday, May 02, 2001 7:26 PM Subject: [PHP] Website production tool in PHP Hi, I am wondering if a website planning/production tool exists already in PHP? This would be something that the agency and the client could use as a central meeting place about the project, with deadlines, comps, project brief, etc... Unix based, PHP/MySQL setup is preferred. I thought I'd mail the list before I built one from scratch. Please email me directly at [EMAIL PROTECTED], as I am on the digest. Thanks! mto Michael O'Neal Web Producer/ Autocrosser ST 28 '89 Civic Si - M A N G O B O U L D E R - http://www.thinkmango.com [EMAIL PROTECTED] p-303.442.1821 f-303.938.8507 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: [PHP-DB] super simple....... but!
try HTMLBODY ?php echo "starting..."; if ( mysql_connect("localhost","php","php") ) { echo "ok"; } else { echo "error!"; } ? /BODY/HTML - Original Message - From: "Francois Boucher" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, April 21, 2001 10:34 PM Subject: [PHP-DB] super simple... but! I wrote this code but nothing append. If i look de code in the browser it's stopping to starting! What is the problme? HTMLBODY ?php echo "starting..."; if ( mysql_connect("localhost","php","php") ) { echo "ok"; } else echo "error!"; ? /BODY/HTML -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- -= Franois Boucher =- -= [EMAIL PROTECTED]=- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: [PHP-DB] super simple....... but!
try HTMLBODY ?php echo "starting..."; if ( mysql_connect("localhost","php","php") ) { echo "ok"; } else { echo "error!"; } ? /BODY/HTML - Original Message - From: "Francois Boucher" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, April 21, 2001 10:34 PM Subject: [PHP-DB] super simple... but! I wrote this code but nothing append. If i look de code in the browser it's stopping to starting! What is the problme? HTMLBODY ?php echo "starting..."; if ( mysql_connect("localhost","php","php") ) { echo "ok"; } else echo "error!"; ? /BODY/HTML -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- -= Franois Boucher =- -= [EMAIL PROTECTED]=- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: [PHP-DB] Re: How to print last row in an array using WHILE?
hi, $myrow = mysql_fetch_array($result); // erase this line while ($myrow = mysql_fetch_array($result)) { greetings andreas - Original Message - From: "Jon Valvatne" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, March 27, 2001 1:28 PM Subject: [PHP-DB] Re: How to print last row in an array using WHILE? What you are missing is the first row, not the last row. To explain: mysql_fetch_row() operates with an internal pointer which moves one step down the result set with each call to the function. The first time it is called, it returns the first row, and moves its pointer to the second row. The second time it is called, it returns the second row, and moves its pointer to the third row. And so on. When it gets to the end, it returns false. Your while() structure is exactly what's needed to iterate through the result set. But because you call mysql_fetch_row() once before starting the while loop, the first row disappears. When the while loop starts, the internal pointer points to the second row. So just remove the first mysql_fetch_row() call, and it should work fine. Jon Valvatne On Mon, 26 Mar 2001, Bob Stone wrote: Dear PHP Helpers, I have an array created by an mysql select statement. I have the code to display the "rows" from the select statement. Everything works fine except that only n-1 rows from the array will display. For example if the array contains four rows only three will display. If the array contains one row, nothing displays on the screen. I understand that a WHILE loop will count down to zero and then since it becomes false will quit, but how do I get the last (or first) row to print? Here is the code: HTML HEAD TITLE/TITLE /HEAD BODY BGCOLOR="#FF" TEXT="#00" LINK="#FF" VLINK="#800080" ?php $db = mysql_connect("localhost" , "phpuser" , "phpuser"); mysql_select_db("SVT",$db); // display individual record if ($user_name) { $result = mysql_query("SELECT * FROM svt_members WHERE user_name='$user_name'",$db); $myrow = mysql_fetch_array($result); while ($myrow = mysql_fetch_array($result)) { printf("Full Name: bfont color=\"green\" size=\"5\"%s %s %s %s\nbr/b/font", $myrow["salutation"], $myrow["first_name"], $myrow["mid_name"], $myrow["user_name"]); printf("Credentials and Degrees: bfont color=\"blue\" size=\3\"%s/font/b Job Title: bfont color=\"blue\" size=\3\"%s/font/bbrCompany/Institution: bfont color=\"blue\" size=\3\"%sbr/font/bAddress: bfont color=\"blue\" size=\3\"%s %sbr/font/bCity: bfont color=\"blue\" size=\3\"%s/font/b State/Provence: bfont color=\"blue\" size=\3\"%sbr/font/bCountry: bfont color=\"blue\" size=\3\"%s/font/b Postal Code: bfont color=\"blue\" size=\3\"%sbr/font/bVoice: bfont color=\"blue\" size=\3\"%s/font/b Fax: bfont color=\"blue\" size=\3\"%sbr/font/bE-mail: bfont color=\"blue\" size=\3\"%s\nP/b/font", $myrow["cert_deg"], $myrow["job_title"], $myrow["institution"], $myrow["address_1"], $myrow["address_2"], $myrow["geo_loc"], $myrow["state"], $myrow["country"], $myrow["zip"], $myrow["phone"], $myrow["fax"], $myrow["e_mail"]); } } ? form method="post" action="?php echo $PHP_SELF ?" Enter Last Name To Search: input type="Text" name="user_name"p input type="Submit" name="submit" value="Click To Search" /form /BODY /HTML Thank you very much for your help. Best regards, Bob Stone __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/?.refer=text -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: [PHP-DB] How do I keep the selected showing...
hi dave, i usually do this from entries in a database but it should also work this way with an array // first make an array holding all the cities $myTowns = array("London","New York","HongKong","Johannesburg"); $ArrayElements = 4; this is now creating the dropdown-box: select name="town" ? for ($i=0;$i$ArrayElements;$i++) { $selma=""; $tacco = $myTowns[$i]; if ($tacco == $town) { $selma = "selected";} $item="option value=\"$tacco\" ".$selma."".$tacco."/option"; echo $item; } ? /select greetinx andre viva technologies - Original Message - From: "Dave Carrera" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, March 03, 2001 8:29 AM Subject: [PHP-DB] How do I keep the selected showing... Hi All I have a fully functional db site which uses 2 sqls and 1 page to give our visitors info they need. That works fine, but some users have remarked that it would be nice that the selected item from our drop down list stays shown when the page gives the info instead of going back to the top of the list. http://www.angelettes.co.uk/dates/index.php3 is the url in action and choosing different towns will show you what I mean. Its not the end of the world, as our visitors have said, but would be nice. Any help is full appreciated. Dave C -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] array
hi, is there a function to delete an item of an array "1","7","14","33","99","A1","A12" id like to delete the "33" thank you andreas
[PHP] array - too stupid
hi, how can i store an array in mysql ? what i do now ( works fine ) a) transform the array to a delimeted string // $tempItem is a dlimited stringexample: 4321117A12342WQ1243 b) $tempItem = serialize($tempItem); c) store it in mysql-table and i get my array back with d) $myItems = explode("",unserialize($myValueFromDB)); but i think theres an easier way out there any solutions greetings andreas
[PHP] ssl
hi all, is there anything we should be aware of if we like that our php/mysql pages are working with an ssl-server ? thank you andre -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] solution
hi all, we need to have a solution for the following stuff: each member of the community should get his own page something like www.domain.com/tacco www.domain.com/micco www.domain.com/sicco . and we dont liek to build this structure as webfolders so what we are thinking of is: a 404 php-file which extracts the path and generates a page for that out of mysql so, if someone likes to access www.domain.com/tacco theres no file but our 404php document will extract tacco and generate the page tacco from the database === possible ? or is there a better solution out there ? greetings andreas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] flash and php
hi, see www.artfuntasy.com just flash4, php3, mysql greetings andreas - Original Message - From: "Jacky@lilst" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, January 18, 2001 11:23 PM Subject: [PHP] flash and php Hi people, Can PHP3 work with flash movie? I mean, something like using Php3 to run flash content from db? If so, is there anywhere I can find out more information? cheers Jack [EMAIL PROTECTED] "There is nothing more rewarding than reaching the goal you set for yourself" -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] I love/hate FrontPage - need another HTML editor. - Dreamweaver 4
hi, here you see our FLASHBOOK its just flash4, php and mysql www.artfuntasy.com greetings andre - Original Message - From: "Murph" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, January 17, 2001 3:45 AM Subject: Re: [PHP] I love/hate FrontPage - need another HTML editor. - Dreamweaver 4 I use Macromedia Dreamweaver 4 - it's the best ever for HTML and others. It recognizes the PHP extension and checks for syntax errors though it doesn't check for errors in the PHP-languages. It seems like there's an awful lot of people jumping on the Macromedia editor bandwagon and after visiting their site, I can see why! Holy smoke! There's an awful lot there to recommend that product. My thanks to Kath for helping me get FrontPage up and running for my immediate needs and to everyone else who recommended their favorite editor. Dreamweaver is on the pricey side at $300 bucks for their basic version but to buy the editor AND have access to the flashy Flash technology for a few more bucks really makes it rather attractive. Has anyone gone whole-hog and developed a site with Flash graphics AND a database? THAT would be something to see. Hell, I'd pimp my mother to be able to do something like THAT! Only kidding, Mom! I love you! Yours, Murph -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]