php-general Digest 1 Mar 2010 11:14:25 -0000 Issue 6615
Topics (messages 302430 through 302434):
Re: Wondering if anyone has experince with lastRSS
302430 by: Rene Veerman
mysqli_connect problem
302431 by: Thomas H. George
302432 by: Rene Veerman
Re: Header function
302433 by: Ashley Sheridan
302434 by: Kim Madsen
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
yea, google for "lastrss".. or get wild and google for "lastrss
example or tutorial"
On Sun, Feb 28, 2010 at 12:05 AM, Watson Blair <bestudios...@gmail.com> wrote:
> Hey all,
> I'm looking at lastRSS as a solution for displaying an Ebay RSS feed on a
> website, however i'm having a hard time wrapping my head around it, could
> you guys suggest a good tutorial? also, if there are better solutions for
> what i'm trying to do, bring it on.
> Thanks,
> Watson
>
--- End Message ---
--- Begin Message ---
I am a newbie. The following script works but the second one (below)
loads the variables from an html form and then fails. The connection
command in the second sript are identical as the first script was copied
from the first. Only the variable values have been changed.
#!/usr/bin/php
#
<?php
$first_name = 'Harry';
$last_name = 'Potter';
$when_it_happened = 'This morning';
$how_long = '6 ms';
$how_many = 'millions';
$alien_description = 'angels';
$what_they_did = 'danced on the head of a pin';
$fang_spotted = 'No';
$other = 'There were bright flashing lights';
$email = 'ha...@aol.com';
$dbc = mysqli_connect('localhost', 'tom', 'fog^horn9', 'aliendatabase')
or die('Error connecting to MySQL server');
$query = "INSERT INTO aliens_abduction (first_name, last_name,
when_it_happened, how_long, " .
"how_many, alien_description, what_they_did, fang_spotted,
other, email) " .
"VALUES ('$first_name', '$last_name', '$when_it_happened',
'$how_long', '$how_many', " .
"'$alien_description', '$what_they_did', '$fang_spotted',
'$other', '$email')";
$result = mysqli_query($dbc,$query)
or die('Error Querying the database');
mysqli_close($dbc);
?>
The following program successfully loads the variables from an html form
and then fails.
<?php
$first_name = $_POST['firstname'];
$last_name = $_POST['lastname'];
$when_it_happened = $_POST['whenithappened'];
$how_long =$_POST['howlong'];
$how_many = $_POST['howmany'];
$alien_description = $_POST['aliendescription'];
$what_they_did = $_POST['whattheydid'];
$fang_spotted = $_POST['fangspotted'];
$other = $_POST['other'];
$email = $_POST['email'];
echo 'got to here, ';
echo "$last_name\n\n";
$dbc = mysqli_connect('localhost', 'tom', 'fog^horn9', 'aliendatabase')
or die('Error connecting to MySQL server');
$query = "INSERT INTO aliens_abduction (first_name, last_name,
when_it_happened, how_long, " .
"how_many, alien_description, what_they_did, fang_spotted,
other, email) " .
"VALUES ('$first_name', '$last_name', '$when_it_happened',
'$how_long', '$how_many', " .
"'$alien_description', '$what_they_did', '$fang_spotted',
'$other', '$email')";
$result = mysqli_query($dbc,$query)
or die('Error Querying the database');
mysqli_close($dbc);
?>
The echo entries confirm the variables a have been loaded from an html
form. The program just stops after the echo entries - no die message,
nothing in /var/log/mysql.err or mysql.log.
I believe the problem is a permissions problem. I had to make the first
script executable so of course I also made the second executable but
this did not help.
My system is Debian Squeeze, 64 bit. I found I had to install php5-mysql
to use the mysqli_connect command.
Tom
--- End Message ---
--- Begin Message ---
ok, couple of things;
- if you're using user input in SQL queries, you have to push 'm
through a function that sanitizes the input against sql-insertions.
For now, let that be function antiSQLinsertion ($var) { return
mysql_real_escape($var); };
- if you're going to output values from the DB into HTML that have
been put there by the user, you have to also guard against HTML-level
insertions (malicious html/js/flash to name a few). however, this is
not easy, and i havent found a "good" way of doing this, save
stripping all js,<iframe>,<img> and flash.. :(
- you may want to add adodb.sf.net as a database abstraction layer. it
will help if you ever want to switch mysql to another rdbms.
as for your actual problem;
- you could be right about the permissions issue, connect to the
database as root instead and execute a GRANT statement to allow tom xs
to the db.
http://dev.mysql.com/doc/refman/5.1/en/grant.html
google "debian mysql change root password" if you can't get in as root..
it's just strange to me that it works from 1 env, but not another..
On Sun, Feb 28, 2010 at 10:48 PM, Thomas H. George <li...@tomgeorge.info> wrote:
> I am a newbie. The following script works but the second one (below)
> loads the variables from an html form and then fails. The connection
> command in the second sript are identical as the first script was copied
> from the first. Only the variable values have been changed.
>
> #!/usr/bin/php
> #
> <?php
> $first_name = 'Harry';
> $last_name = 'Potter';
> $when_it_happened = 'This morning';
> $how_long = '6 ms';
> $how_many = 'millions';
> $alien_description = 'angels';
> $what_they_did = 'danced on the head of a pin';
> $fang_spotted = 'No';
> $other = 'There were bright flashing lights';
> $email = 'ha...@aol.com';
>
> $dbc = mysqli_connect('localhost', 'tom', 'fog^horn9', 'aliendatabase')
> or die('Error connecting to MySQL server');
>
> $query = "INSERT INTO aliens_abduction (first_name, last_name,
> when_it_happened, how_long, " .
> "how_many, alien_description, what_they_did, fang_spotted,
> other, email) " .
> "VALUES ('$first_name', '$last_name', '$when_it_happened',
> '$how_long', '$how_many', " .
> "'$alien_description', '$what_they_did', '$fang_spotted',
> '$other', '$email')";
>
> $result = mysqli_query($dbc,$query)
> or die('Error Querying the database');
>
> mysqli_close($dbc);
>
> ?>
>
> The following program successfully loads the variables from an html form
> and then fails.
>
>
> <?php
> $first_name = $_POST['firstname'];
> $last_name = $_POST['lastname'];
> $when_it_happened = $_POST['whenithappened'];
> $how_long =$_POST['howlong'];
> $how_many = $_POST['howmany'];
> $alien_description = $_POST['aliendescription'];
> $what_they_did = $_POST['whattheydid'];
> $fang_spotted = $_POST['fangspotted'];
> $other = $_POST['other'];
> $email = $_POST['email'];
>
> echo 'got to here, ';
> echo "$last_name\n\n";
>
> $dbc = mysqli_connect('localhost', 'tom', 'fog^horn9', 'aliendatabase')
> or die('Error connecting to MySQL server');
>
> $query = "INSERT INTO aliens_abduction (first_name, last_name,
> when_it_happened, how_long, " .
> "how_many, alien_description, what_they_did, fang_spotted,
> other, email) " .
> "VALUES ('$first_name', '$last_name', '$when_it_happened',
> '$how_long', '$how_many', " .
> "'$alien_description', '$what_they_did', '$fang_spotted',
> '$other', '$email')";
>
> $result = mysqli_query($dbc,$query)
> or die('Error Querying the database');
>
> mysqli_close($dbc);
>
> ?>
>
> The echo entries confirm the variables a have been loaded from an html
> form. The program just stops after the echo entries - no die message,
> nothing in /var/log/mysql.err or mysql.log.
>
> I believe the problem is a permissions problem. I had to make the first
> script executable so of course I also made the second executable but
> this did not help.
>
> My system is Debian Squeeze, 64 bit. I found I had to install php5-mysql
> to use the mysqli_connect command.
>
> Tom
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
On Sat, 2010-02-27 at 23:48 +1100, Nick allan wrote:
> Interesting the following works
> Changing the " to '. If I leave the ' around the filename, the ' becomes part
> of the filename. But it seemed to be more about changing the surrounding ' to
> " that fixed it. Not sure why this is, but its working now.
>
>
> header('Content-Type: application/msword');
> header("Content-Disposition: attachment; filename=PurchaseReq.doc");
> -----Original Message-----
> From: Richard Quadling [mailto:rquadl...@googlemail.com]
> Sent: Saturday, 27 February 2010 8:45 PM
> To: Nick allan
> Cc: php-gene...@lists.php.net
> Subject: Re: [PHP] Header function
>
> On 27 February 2010 04:32, Nick allan <nal...@wdev.net> wrote:
> > Hi all
> >
> > Has anyone got any ideas why the following isn't giving me correct filename
> > in the ie save dialogue
> >
> > header('Content-Type: application/msword');
> >
> > header('Content-Disposition: attachment; filename="PurchaseReq.doc"');
> >
> >
> >
> > I get the save dialogue, but with preq.doc instead of PurchaseReq.doc
> >
> > Preq.php is the calling php file. It has worked before so I'm not sure what
> > I've changed to have it stop working.
> >
> >
> >
> >
> >
> > Thanks in advance for any suggestions.
> >
> >
> >
> > Regards Nick
> >
> >
> >
> >
>
> What happens if you drop the quotes around the filename?
>
> --
> -----
> Richard Quadling
> "Standing on the shoulders of some very clever giants!"
> EE : http://www.experts-exchange.com/M_248814.html
> EE4Free : http://www.experts-exchange.com/becomeAnExpert.jsp
> Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731
> ZOPA : http://uk.zopa.com/member/RQuadling
>
>
The HTTP header doesn't treat quoteation marks in the same way that PHP
does. It needs double quote marks to function correctly.
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
Ashley Sheridan wrote on 01/03/2010 07:13:
The HTTP header doesn't treat quoteation marks in the same way that PHP
does. It needs double quote marks to function correctly.
How do you mean? And do you have a link to this information?
Even if this is true, then the first Nick did should still be correct?
header('Content-Disposition: attachment; filename="PurchaseReq.doc"');
I'm using the same headers for downloads, allthough I use double qoutes
for the header function aswell:
header("Content-Disposition: attachment; filename=\"artist - title.mp3\"");
--
Kind regards
Kim Emax - masterminds.dk
--- End Message ---
