php-general Digest 21 Dec 2010 16:07:30 -0000 Issue 7097
Topics (messages 310170 through 310196):
PDO Prepared Statements and stripslashes
310170 by: Rico Secada
310171 by: Paul M Foster
310173 by: Rico Secada
310174 by: Ravi Gehlot
310195 by: Adam Richardson
Re: Problems w/ goto
310172 by: David Harkness
Re: Common session for all subdomains?
310175 by: Ravi Gehlot
310192 by: Daniel Brown
Re: Problem with Include
310176 by: Ravi Gehlot
310178 by: David Hutto
310182 by: Ravi Gehlot
310183 by: David Hutto
310188 by: Daniel P. Brown
310189 by: David Hutto
310190 by: David Hutto
310191 by: Paul M Foster
Re: All records not displaying...
310177 by: Ravi Gehlot
Re: array question
310179 by: Ravi Gehlot
Re: PHPInfo disabled due to security
310180 by: Ravi Gehlot
310187 by: Daniel Brown
Re: Error Querying Database
310181 by: Ravi Gehlot
Session problem
310184 by: Walter Caielli
Ways to attend usergroups meeting
310185 by: vikash.iitb.gmail.com
310193 by: Daniel Brown
310196 by: vikash.iitb.gmail.com
Re: PHPmailer.. best way to send to many recipients?
310186 by: Ian
310194 by: Govinda
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
Hi.
In an article about SQL Injection by Chris Shiflett he mentions the
following in a comment: "The process of escaping should preserve data,
so it should never be necessary to reverse it. When I'm auditing an
application, things like stripslashes() alert me to design problems."
Now, I'm always using PHP PDO with prepared statements and as such data
with quotes gets slashed automatically by PDO when inserted into the
database.
When I need to pull out the data something might be slashed and I need
to use stripslashes() or some str_replace() to make sure that the
slashes are removed.
So what's the mistake here and what's the correct way to do it?
Kind regards
Rico
--- End Message ---
--- Begin Message ---
On Tue, Dec 21, 2010 at 05:31:15AM +0100, Rico Secada wrote:
> Hi.
>
> In an article about SQL Injection by Chris Shiflett he mentions the
> following in a comment: "The process of escaping should preserve data,
> so it should never be necessary to reverse it. When I'm auditing an
> application, things like stripslashes() alert me to design problems."
>
> Now, I'm always using PHP PDO with prepared statements and as such data
> with quotes gets slashed automatically by PDO when inserted into the
> database.
Just out of idle curiosity, are you using MySQL? PDO shouldn't be
backslashing quotes for PostgreSQL, as the PostgreSQL convention for
values containing single quotes is to double the quotes, as: ''.
>
> When I need to pull out the data something might be slashed and I need
> to use stripslashes() or some str_replace() to make sure that the
> slashes are removed.
>
> So what's the mistake here and what's the correct way to do it?
I don't see a mistake. If the values come out of the database
backslashed, then you need to remove them to work with the data. My only
question would be whether you're sure the data is backslashed before
PDO ever sees it. In which case, yes, you have a problem.
Paul
--
Paul M. Foster
--- End Message ---
--- Begin Message ---
On Tue, 21 Dec 2010 00:32:19 -0500
Paul M Foster <pa...@quillandmouse.com> wrote:
> On Tue, Dec 21, 2010 at 05:31:15AM +0100, Rico Secada wrote:
>
> > Hi.
> >
> > In an article about SQL Injection by Chris Shiflett he mentions the
> > following in a comment: "The process of escaping should preserve
> > data, so it should never be necessary to reverse it. When I'm
> > auditing an application, things like stripslashes() alert me to
> > design problems."
> >
> > Now, I'm always using PHP PDO with prepared statements and as such
> > data with quotes gets slashed automatically by PDO when inserted
> > into the database.
>
> Just out of idle curiosity, are you using MySQL? PDO shouldn't be
> backslashing quotes for PostgreSQL, as the PostgreSQL convention for
> values containing single quotes is to double the quotes, as: ''.
Currently I'm working with MySQL, but I have just tested PDO with
PostgreSQL 8.3 and in this case PDO backslashes PostgreSQL as well.
> > When I need to pull out the data something might be slashed and I
> > need to use stripslashes() or some str_replace() to make sure that
> > the slashes are removed.
> >
> > So what's the mistake here and what's the correct way to do it?
>
> I don't see a mistake. If the values come out of the database
> backslashed, then you need to remove them to work with the data. My
> only question would be whether you're sure the data is backslashed
> before PDO ever sees it. In which case, yes, you have a problem.
No, the data is not slashed before PDO sees them.
I didn't see a mistake either, but then what does Chris mean? Stripping
slashes from output from the DB alerts him to a design problem, and
I'm just wondering if there another way of doing things I just haven't
heard of then.
> Paul
>
> --
> Paul M. Foster
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
Hello,
The plug-in PDO has nothing to do with the backslashes being inserted into
the database. The backslashes are used to escape characters like in D's...it
would show D'////////////s. That's the safe behavior of it. You can change
your programming code to fix that.
Ravi.
On Tue, Dec 21, 2010 at 12:59 AM, Rico Secada <coolz...@it.dk> wrote:
> On Tue, 21 Dec 2010 00:32:19 -0500
> Paul M Foster <pa...@quillandmouse.com> wrote:
>
> > On Tue, Dec 21, 2010 at 05:31:15AM +0100, Rico Secada wrote:
> >
> > > Hi.
> > >
> > > In an article about SQL Injection by Chris Shiflett he mentions the
> > > following in a comment: "The process of escaping should preserve
> > > data, so it should never be necessary to reverse it. When I'm
> > > auditing an application, things like stripslashes() alert me to
> > > design problems."
> > >
> > > Now, I'm always using PHP PDO with prepared statements and as such
> > > data with quotes gets slashed automatically by PDO when inserted
> > > into the database.
> >
> > Just out of idle curiosity, are you using MySQL? PDO shouldn't be
> > backslashing quotes for PostgreSQL, as the PostgreSQL convention for
> > values containing single quotes is to double the quotes, as: ''.
>
> Currently I'm working with MySQL, but I have just tested PDO with
> PostgreSQL 8.3 and in this case PDO backslashes PostgreSQL as well.
>
> > > When I need to pull out the data something might be slashed and I
> > > need to use stripslashes() or some str_replace() to make sure that
> > > the slashes are removed.
> > >
> > > So what's the mistake here and what's the correct way to do it?
> >
> > I don't see a mistake. If the values come out of the database
> > backslashed, then you need to remove them to work with the data. My
> > only question would be whether you're sure the data is backslashed
> > before PDO ever sees it. In which case, yes, you have a problem.
>
> No, the data is not slashed before PDO sees them.
>
> I didn't see a mistake either, but then what does Chris mean? Stripping
> slashes from output from the DB alerts him to a design problem, and
> I'm just wondering if there another way of doing things I just haven't
> heard of then.
>
> > Paul
> >
> > --
> > Paul M. Foster
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
On Mon, Dec 20, 2010 at 11:31 PM, Rico Secada <coolz...@it.dk> wrote:
> Hi.
>
> In an article about SQL Injection by Chris Shiflett he mentions the
> following in a comment: "The process of escaping should preserve data,
> so it should never be necessary to reverse it. When I'm auditing an
> application, things like stripslashes() alert me to design problems."
>
Adding slashes to variables isn't needed for actually storing the values in
the DB, but rather for their safe use in a SQL statement. If you use
addslashes() on data going into a DB, you'll have to make sure you call
stripslashes() on data coming out of the DB.
His statement "The process of escaping should preserve data, so it should
never be necessary to reverse it", conveys that you shouldn't need to know
if a value has been escaped down the line. The escaping operation should be
done in such a way that it doesn't matter how you handle the data afterwards
(your code shouldn't have to keep track of whether it has to call
stripslashes(), with one notable problem being that calling stripslashes()
twice on the same data can lead to a value that differs from the original.)
> Now, I'm always using PHP PDO with prepared statements and as such data
> with quotes gets slashed automatically by PDO when inserted into the
> database.
>
In most languages I'm familiar with, prepared statements don't imply that
values are automatically slashed. Rather, the statement is compiled with
placeholders. Through use of placeholders, it's impossible for the DB to
interpret any of the values inserted into any of the placeholders in a way
that could lead to SQL injection.
>
> When I need to pull out the data something might be slashed and I need
> to use stripslashes() or some str_replace() to make sure that the
> slashes are removed.
>
NO, using prepared statements does not require that you call stripslashes()
when retrieving data from the DB. If you're noticing slashes, you've got
them coming from other source (magic_quotes_gpc might be on, and if so, I
recommend turning it off.)
>
> So what's the mistake here and what's the correct way to do it?
>
1. Turn off magic_quotes_gpc if on, as its use has been deprecated.
2. Use prepared statements.
3. Don't worry about stripping slashes ever again :)
Adam
--
Nephtali: A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com
--- End Message ---
--- Begin Message ---
On Mon, Dec 20, 2010 at 7:45 PM, David Hutto <smokefl...@gmail.com> wrote:
> Is the problem with using the goto convolutedness(as I've seen other
> senior programmers in other languages when explaining, or 'showing
> off'), or is their an actual functional problem with it?
It works perfectly well and is a great solution in extremely limited cases.
The problem is that it can be used in many cases where other control flow
statements are more clear. It was more of a problem before because people
came from languages that had goto but not the other high-level control flow
statements. Using goto often leads to hard-to-follow code.
For example, rearranging the above code yields
do {
if (!acquireTarget()) {
break;
fireMainCannon();
fireMissiles();
} while (enemiesInView());
Even this doesn't get away from using break--a special form of goto for
loops. One way around that is to introduce a loop variable like $done, but I
think break is cleaner here. Sometimes goto, break, and continue are simply
the best tools for the job. I wouldn't say "never use goto," but I do feel
that 99 times out of 100 you're probably better off using something else.
One thing to keep in mind is that under the hood the PHP interpreter turns
while(), for(), etc. into a bunch of gotos.
for ( <init> ; <check> ; <increment> ) <block>
is just a shorter way to write
<init>
goto check;
loop:
<block>
<increment>
check:
if (<check>)
goto loop;
The same can be done for all the other control flow statements.
David
--- End Message ---
--- Begin Message ---
That's a good question.
There should be a setting on php.ini to allow cross session.
Ravi.
On Mon, Dec 20, 2010 at 7:05 PM, Jonathan Tapicer <tapi...@gmail.com> wrote:
> Hi!
>
> You should use the function session_set_cookie_params to set the
> session cookie domain to ".oire.org" like this comment explains:
> php.net/manual/en/function.session-set-cookie-params.php#94961
>
> Regards,
> Jonathan
>
> On Mon, Dec 20, 2010 at 7:18 PM, Andre Polykanine <an...@oire.org> wrote:
> > Hello php-general,
> > I've got a question: I have a site http://oire.org/. Then we started
> > developing some applications at http://apps.oire.org/.
> > How can I manage it in the way so the session valid at
> > http://oire.org/ would be also valid at http://apps.oire.org/?
> > Thanks!
> > --
> > With best regards from Ukraine,
> > Andre
> > Skype: Francophile
> > Twitter: http://twitter.com/m_elensule
> > Facebook: http://facebook.com/menelion
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
On Tue, Dec 21, 2010 at 02:27, Ravi Gehlot <r...@ravigehlot.net> wrote:
> That's a good question.
>
> There should be a setting on php.ini to allow cross session.
Right. Because who needs to teach folks about computer security
when we can just disable it for them anyway?
Like Jonathan pointed out, it's a matter of adjusting the cookie
parameters to match wildcard subdomains by preceding the part of the
domain (usually the SLD, but some ccTLD or FQDN situations can be
different) with a dot, like so: .example.com
--
</Daniel P. Brown>
Network Infrastructure Manager
Documentation, Webmaster Teams
http://www.php.net/
--- End Message ---
--- Begin Message ---
Why mess with something that is already working? If you are trying to make
it pretty then you are not solving a problem. You are creating one.
Ravi.
On Mon, Dec 20, 2010 at 7:40 AM, Daniel P. Brown
<daniel.br...@parasane.net>wrote:
> On Mon, Dec 20, 2010 at 02:49, Simcha Younger <sim...@syounger.com> wrote:
> >
> > Since it is being included by PHP, and not served by Apache, the
> extension is not important.
>
> Correct, but keep in mind that it will likely be served as plain
> text if accessed directly, if the web server is not properly
> configured (which, by default, it isn't).
>
> --
> </Daniel P. Brown>
> Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
> (866-) 725-4321
> http://www.parasane.net/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
On Tue, Dec 21, 2010 at 2:29 AM, Ravi Gehlot <r...@ravigehlot.net> wrote:
> Why mess with something that is already working? If you are trying to make
> it pretty then you are not solving a problem. You are creating one.
Define working. I've had programs 'work', but more experienced would
say it's flawed in some respect. Does it perform the immediate task?
Now define pretty. Is it aesthetically pleasing to you, or to someone
else with less, or maybe more experience.
By defining the two above, you then define whether it's a problem. To
you, or to them, or to the original designer?
>
> Ravi.
>
>
> On Mon, Dec 20, 2010 at 7:40 AM, Daniel P. Brown
> <daniel.br...@parasane.net>wrote:
>
>> On Mon, Dec 20, 2010 at 02:49, Simcha Younger <sim...@syounger.com> wrote:
>> >
>> > Since it is being included by PHP, and not served by Apache, the
>> extension is not important.
>>
>> Correct, but keep in mind that it will likely be served as plain
>> text if accessed directly, if the web server is not properly
>> configured (which, by default, it isn't).
>>
>> --
>> </Daniel P. Brown>
>> Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
>> (866-) 725-4321
>> http://www.parasane.net/
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>
--
They're installing the breathalyzer on my email account next week.
--- End Message ---
--- Begin Message ---
My point is that you tried to take code from one page and put it all
"organized" in another page and the include that page of includes back into
the pages that you want it to feed off from. If stuff works the way that it
does then there a reason for it to have been done that way. That's why
documenting code is so important. 99% doesn't do it (including me).
Ravi.
On Tue, Dec 21, 2010 at 2:35 AM, David Hutto <smokefl...@gmail.com> wrote:
> On Tue, Dec 21, 2010 at 2:29 AM, Ravi Gehlot <r...@ravigehlot.net> wrote:
> > Why mess with something that is already working? If you are trying to
> make
> > it pretty then you are not solving a problem. You are creating one.
>
>
> Define working. I've had programs 'work', but more experienced would
> say it's flawed in some respect. Does it perform the immediate task?
>
> Now define pretty. Is it aesthetically pleasing to you, or to someone
> else with less, or maybe more experience.
>
> By defining the two above, you then define whether it's a problem. To
> you, or to them, or to the original designer?
>
> >
> > Ravi.
> >
> >
> > On Mon, Dec 20, 2010 at 7:40 AM, Daniel P. Brown
> > <daniel.br...@parasane.net>wrote:
> >
> >> On Mon, Dec 20, 2010 at 02:49, Simcha Younger <sim...@syounger.com>
> wrote:
> >> >
> >> > Since it is being included by PHP, and not served by Apache, the
> >> extension is not important.
> >>
> >> Correct, but keep in mind that it will likely be served as plain
> >> text if accessed directly, if the web server is not properly
> >> configured (which, by default, it isn't).
> >>
> >> --
> >> </Daniel P. Brown>
> >> Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
> >> (866-) 725-4321
> >> http://www.parasane.net/
> >>
> >> --
> >> PHP General Mailing List (http://www.php.net/)
> >> To unsubscribe, visit: http://www.php.net/unsub.php
> >>
> >>
> >
>
>
>
> --
> They're installing the breathalyzer on my email account next week.
>
--- End Message ---
--- Begin Message ---
On Tue, Dec 21, 2010 at 2:48 AM, Ravi Gehlot <r...@ravigehlot.net> wrote:
> My point is that you tried to
Not me personally.
take code from one page and put it all
> "organized" in another page and the include that page of includes back into
> the pages that you want it to feed off from. If stuff works the way that it
> does then there a reason for it to have been done that way.
By the original designer, but maybe not the OP.
That's why
> documenting code is so important. 99% doesn't do it (including me).
>
For you, others, and for self, it's more than important, it can be
essential, especially if you're trying to keep up with multiple
languages, OS's, and platforms.
> Ravi.
>
>
> On Tue, Dec 21, 2010 at 2:35 AM, David Hutto <smokefl...@gmail.com> wrote:
>>
>> On Tue, Dec 21, 2010 at 2:29 AM, Ravi Gehlot <r...@ravigehlot.net> wrote:
>> > Why mess with something that is already working? If you are trying to
>> > make
>> > it pretty then you are not solving a problem. You are creating one.
>>
>>
>> Define working. I've had programs 'work', but more experienced would
>> say it's flawed in some respect. Does it perform the immediate task?
>>
>> Now define pretty. Is it aesthetically pleasing to you, or to someone
>> else with less, or maybe more experience.
>>
>> By defining the two above, you then define whether it's a problem. To
>> you, or to them, or to the original designer?
>>
>> >
>> > Ravi.
>> >
>> >
>> > On Mon, Dec 20, 2010 at 7:40 AM, Daniel P. Brown
>> > <daniel.br...@parasane.net>wrote:
>> >
>> >> On Mon, Dec 20, 2010 at 02:49, Simcha Younger <sim...@syounger.com>
>> >> wrote:
>> >> >
>> >> > Since it is being included by PHP, and not served by Apache, the
>> >> extension is not important.
>> >>
>> >> Correct, but keep in mind that it will likely be served as plain
>> >> text if accessed directly, if the web server is not properly
>> >> configured (which, by default, it isn't).
>> >>
>> >> --
>> >> </Daniel P. Brown>
>> >> Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
>> >> (866-) 725-4321
>> >> http://www.parasane.net/
>> >>
>> >> --
>> >> PHP General Mailing List (http://www.php.net/)
>> >> To unsubscribe, visit: http://www.php.net/unsub.php
>> >>
>> >>
>> >
>>
>>
>>
>> --
>> They're installing the breathalyzer on my email account next week.
>
>
--
They're installing the breathalyzer on my email account next week.
--- End Message ---
--- Begin Message ---
On Tue, Dec 21, 2010 at 02:48, Ravi Gehlot <r...@ravigehlot.net> wrote:
> My point is that you tried to take code from one page and put it all
> "organized" in another page and the include that page of includes back into
> the pages that you want it to feed off from. If stuff works the way that it
> does then there a reason for it to have been done that way.
So you think no one should ever do that because it's only making
it look pretty? Ever hear of maintainability?
> That's why documenting code is so important. 99% doesn't do it (including me).
Please cite your source.
--
</Daniel P. Brown>
Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
(866-) 725-4321
http://www.parasane.net/
--- End Message ---
--- Begin Message ---
On Tue, Dec 21, 2010 at 9:50 AM, Daniel P. Brown
<daniel.br...@parasane.net> wrote:
> On Tue, Dec 21, 2010 at 02:48, Ravi Gehlot <r...@ravigehlot.net> wrote:
>> My point is that you tried to take code from one page and put it all
>> "organized" in another page and the include that page of includes back into
>> the pages that you want it to feed off from. If stuff works the way that it
>> does then there a reason for it to have been done that way.
>
> So you think no one should ever do that because it's only making
> it look pretty? Ever hear of maintainability?
>
>> That's why documenting code is so important. 99% doesn't do it (including
>> me).
>
> Please cite your source.
Personally, I'd even have to admit mine was less than 99% compatible
with what I'd like it to be.
>
> --
> </Daniel P. Brown>
> Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
> (866-) 725-4321
> http://www.parasane.net/
>
--
They're installing the breathalyzer on my email account next week.
--- End Message ---
--- Begin Message ---
On Tue, Dec 21, 2010 at 9:54 AM, David Hutto <smokefl...@gmail.com> wrote:
> On Tue, Dec 21, 2010 at 9:50 AM, Daniel P. Brown
> <daniel.br...@parasane.net> wrote:
>> On Tue, Dec 21, 2010 at 02:48, Ravi Gehlot <r...@ravigehlot.net> wrote:
>>> My point is that you tried to take code from one page and put it all
>>> "organized" in another page and the include that page of includes back into
>>> the pages that you want it to feed off from. If stuff works the way that it
>>> does then there a reason for it to have been done that way.
>>
>> So you think no one should ever do that because it's only making
>> it look pretty? Ever hear of maintainability?
>>
>>> That's why documenting code is so important. 99% doesn't do it (including
>>> me).
>>
>> Please cite your source.
>
>
> Personally, I'd even have to admit mine was(and is) less than 99% compatible
> with what I'd like it to be.
>
>>
>> --
>> </Daniel P. Brown>
>> Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
>> (866-) 725-4321
>> http://www.parasane.net/
>>
>
>
>
> --
> They're installing the breathalyzer on my email account next week.
>
--
They're installing the breathalyzer on my email account next week.
--- End Message ---
--- Begin Message ---
On Tue, Dec 21, 2010 at 02:35:33AM -0500, David Hutto wrote:
> On Tue, Dec 21, 2010 at 2:29 AM, Ravi Gehlot <r...@ravigehlot.net> wrote:
> > Why mess with something that is already working? If you are trying to make
> > it pretty then you are not solving a problem. You are creating one.
>
>
> Define working. I've had programs 'work', but more experienced would
> say it's flawed in some respect. Does it perform the immediate task?
>
> Now define pretty. Is it aesthetically pleasing to you, or to someone
> else with less, or maybe more experience.
>
> By defining the two above, you then define whether it's a problem. To
> you, or to them, or to the original designer?
Beware of "more experienced" programmers. I recently talked to an
ex-boss of mine who had a programmer flake out on him. One of his
customers threatened to take this flaky code to another company and get
their opinion about whether it was good code or not. My ex-boss
explained that, of course, they'd shoot it down. Because that's what
programmers do-- they complain about other programmers' code. I'd never
heard that idea expressed aloud. But when I thought about it, I realized
it was true. Hell, look at the content of this list. ;-}
Paul
--
Paul M. Foster
--- End Message ---
--- Begin Message ---
I would say enabled error_reporting(E_ALL); error_reporting(-1);
Then use die(mysql_error()); with your mysql function to get some debugging
data.
Also use var_dump($query_name) to find out what is spits out.
Debugging is your best friend here. If you don't use die() or
error_reporting() then you will see a blank screen.
Ravi.
On Sun, Dec 19, 2010 at 9:01 PM, Gary <gp...@paulgdesigns.com> wrote:
>
> "Tamara Temple" <tamouse.li...@gmail.com> wrote in message
> news:c6993909-dd90-4f52-bf6b-ab888c281...@gmail.com...
> >
> > On Dec 19, 2010, at 9:46 AM, Gary wrote:
> >
> >> I have an issue that the first record in a query is not being
> displayed.
> >> It
> >> seems that the first row in alphabetical order is not being brought to
> >> the
> >> screen.
> >>
> >> I have run the query in the DB and it displays the correct result, so
> it
> >> has
> >> to be in the php.
> >>
> >> I have a MySQL DB that lists beers. I have a column for 'type' of beer
> >> (imported, domestic, craft, light). The queries:
> >>
> >> $result = MySQL_query("SELECT * FROM beer WHERE type = 'imported' AND
> >> stock
> >> = 'YES' ORDER by beername ");
> >>
> >> When I run the query
> >>
> >> if (mysql_num_rows($result) == !'0') {
> >> $row = mysql_fetch_array($result);
> >>
> >> echo '<h3>Imported Beers</h3>';
> >> echo '<table width="100%" border="0" cellspacing="1" cellpadding="1"
> >> id="tableone" summary="">
> >>
> >> <th>Beer</th>
> >> <th>Maker</th>
> >> <th>Type</th>
> >> <th>Singles</th>
> >> <th>6-Packs</th>
> >> <th>Cans</th>
> >> <th>Bottles</th>
> >> <th>Draft</th>
> >> <th>Size</th>
> >> <th>Description</th>';
> >>
> >> while ($row = mysql_fetch_array($result)) {
> >>
> >> echo '<tr ><td>' . $row['beername'].'</td>';
> >> echo '<td>' . $row['manu'] . '</td>';
> >> echo '<td>' . $row['type'] . '</td>';
> >> echo '<td width="40">' . $row['singles'] . '</td>';
> >> echo '<td width="20">' . $row['six'] . '</td>';
> >> echo '<td width="40">' . $row['can'] . '</td>';
> >> echo '<td width="20">' . $row['bottles'] . '</td>';
> >> echo '<td width="40">' . $row['tap'] . '</td>';
> >> echo '<td>' . $row['size'] . '</td>';
> >> echo '<td>' . $row['descrip'] . '</td>';
> >> '</tr>';
> >> }
> >> echo '</table><br />';
> >>
> >> }
> >>
> >> All but the first row in alphabetical order are displayed properly.
> >>
> >> Can anyone tell me where I am going wrong?
> >> --
> >> Gary
> >>
> >> BTW, I do have a bonus question that is about javascript in this same
> >> file,
> >> so if anyone want to take a stab at that, I'll be happy to post it.
> >>
> >
> > This code will totally eliminate the first row of data.
> >
> >> if (mysql_num_rows($result) == !'0') {
> >> $row = mysql_fetch_array($result);
> >
> > Fetches the first row, but is not output. Because:
> >
> >> while ($row = mysql_fetch_array($result)) {
> >
> > Fetches the second row before you do any output of the data.
> >
> > Eliminate the first fetch_array and you're code should work fine.
> >
> > BTW, if you put the <td> attributes 'width="n"' in the preceding <th>
> > tags, you won't have to output them for each row. You should also put
> the
> > units those numbers are associated with.
> >
> >
> Tamara
>
> Thank you for your help and thank you for the explaination. I removed the
> line and it works fine. I dont remember where or why I had that line in
> there, it is code that I have "recycled" for a while now.
>
> Gary
>
>
>
> __________ Information from ESET Smart Security, version of virus signature
> database 5716 (20101219) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
Jim Lucas has it. You can use the preg_match function to find it. I would
use regexp for that reason. regexp is good for making sure things are typed
the way they need to (mostly used for).
Ravi.
On Sat, Dec 18, 2010 at 5:17 PM, Jim Lucas <li...@cmsws.com> wrote:
> On 12/17/2010 12:52 PM, Sorin Buturugeanu wrote:
>
>> Hello all!
>>
>> I have a question regarding arrays and the way I can use a value.
>>
>> Let's say I have this string:
>>
>> $s = 'banana,apple,mellon,grape,nut,orange'
>>
>> I want to explode it, and get the third value. For this I would normally
>> do:
>>
>> $a = explode(',', $s);
>> echo $s[2];
>>
>> That's all fine, but is there a way to get the value directly, without
>> having to write another line in my script. I mean something like this:
>>
>> echo explode(',', $s)[2];
>>
>> or
>>
>> echo {explode(',', $s)}[2];
>>
>> I couldn't find out this answer anywhere, that's why I posted here.
>>
>> Cheers and thanks!
>>
>>
> Sure it CAN be done. Nobody laugh too loud here... But...
>
> <?php
>
> $s = 'banana,apple,mellon,grape,nut,orange';
> echo preg_replace('/([^,]+,){3}([^,]+).*/', '$2', $s);
>
> ?>
> Outputs: grape
>
> The {3} part is equivalent to the array position. Change that number, and
> you change which word will get displayed.
>
> Jim Lucas
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
Hello there,
If you have a small to medium size web site then go to GoDaddy. Do not
believe all that you see from php_info(). I will give you an example. The
memory_limit it gives on shared hosting does not reflect the one intended
for your shared account. It shows what was set for overall use. But blocking
php_info() isn't right (at least I don't think so).
Ravi.
On Fri, Dec 17, 2010 at 10:25 AM, Daniel Brown <danbr...@php.net> wrote:
> On Thu, Dec 16, 2010 at 23:39, Paul S <pau...@roadrunner.com> wrote:
> >
> > Well, I was hoping for stronger arguments to get that DONE. I would think
> > there be something in the PHP license
> > that would FORBID disabling functionality.
>
> Really? You would really think that? Because we wouldn't.
>
> > After all, 'phpinfo' is essential, really, to achieving secure
> > applications, isn't it?
>
> No. Writing good code is essential.
>
> --
> </Daniel P. Brown>
> Network Infrastructure Manager
> Documentation, Webmaster Teams
> http://www.php.net/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
On Tue, Dec 21, 2010 at 02:40, Ravi Gehlot <r...@ravigehlot.net> wrote:
> Hello there,
>
> If you have a small to medium size web site then go to GoDaddy. Do not
> believe all that you see from php_info(). I will give you an example. The
> memory_limit it gives on shared hosting does not reflect the one intended
> for your shared account. It shows what was set for overall use. But blocking
> php_info() isn't right (at least I don't think so).
Please don't top-post in addition to giving incorrect information like this.
--
</Daniel P. Brown>
Network Infrastructure Manager
Documentation, Webmaster Teams
http://www.php.net/
--- End Message ---
--- Begin Message ---
Trying to connect to the database can involve setting up your database. Make
sure that you have a valid login/password that is recognized by MySQL.
Please keep in mind that MySQL works on permission by hosts. So your host IP
must be matched with the username/password on the database for a successful
authentication. One way to know that you can connect successfully to your
remote database is to actually test it. Download MySQL Workbench from
Mysql.com and then try to connect to remote from the same host that your php
application is sitting at. If it works, thumbs up. If it does not then you
have a permission issue there. Add your username/host appropriately.
If you can connect without a hitch then you are doing something wrong on
your code. Use mysql_connect(), mysql_select_db() and then send an statement
and use the resource to see if it returns TRUE or FALSE. At this point, on
FALSE it means that you have a bad written statement.
There is so much that can go wrong. Debug step by step.
Ravi.
On Thu, Dec 16, 2010 at 9:26 PM, Phred White <phpl...@planetphred.com>wrote:
> It seems like there are several questions emerging, but ...
>
> Try echoing your query to the page by putting echo $query in your code
> before you call mysql, then copy it and run it in phpmyadmin. If it runs
> then you know your problem is somewhere else like the connection. This can
> really help you find typos that can cause mysterious results.
>
> If you want to use the same page to process the form (my preference) then
> put a hidden field in your form like:
>
> <input type="hidden" name="phpaction" id="phpaction" value="process" />
>
> and wrap the form processing code like so:
>
> if (isset($_POST['phpaction'])) {
> //process submitted form data
> } else {
> //processing for initial form entry
> }
>
> When the form is initially loaded it will ignore the first part
> There are a 1000 ways to do this, but this is pretty straightforward.
>
> On Dec 15, 2010, at 1:34 PM, Gary wrote:
>
> >
> > "Steve Staples" <sstap...@mnsi.net> wrote in message
> > news:1292440837.5460.8.ca...@webdev01...
> >> On Wed, 2010-12-15 at 13:42 -0500, Gary wrote:
> >>> I cant seem to get this to connect. This is to my local testing
> server,
> >>> which is on, so we need not worry that I have posted the UN/PW.
> >>>
> >>> This is a duplicate of a script I have used countless times and it
> >>> worked.
> >>> The error message is 'Error querying database.'
> >>>
> >>> Some one point out the error of my ways?
> >>>
> >>> Gary
> >>>
> >>>
> >>> <form action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post">
> >>> <tr>
> >>> <td>
> >>> <label>Name of Beer</label></td><td><input name="beername" type="text"
> />
> >>> </td>
> >>> </tr>
> >>> <tr>
> >>> <td>
> >>> <label>Maker of Beer</label></td><td><input name="manu" type="text" />
> >>> </td>
> >>> </tr>
> >>> <tr>
> >>> <td>
> >>> <label>Type of Beer</label></td>
> >>> <td><select name="type" size="1" id="type">
> >>> <option>Imported</option>
> >>> <option>Domestic</option>
> >>> <option>Craft</option>
> >>> <option>Light</option>
> >>> </select>
> >>> <!--<select name="avail" size="1" id="avail">
> >>> <option>Available</option>
> >>> <option>Sold</option>
> >>> </select>-->
> >>> </td>
> >>> </tr>
> >>> <tr>
> >>> <td><label>Sold in</label>
> >>> </td><td><input type="checkbox" name="singles" value="Yes" />
> Singles<br
> >>> />
> >>> <input type="checkbox" name="six" value="Yes" /> Six Packs <br />
> >>> <input type="checkbox" name="can" value="Yes" /> Cans<br />
> >>> <input type="checkbox" name="bottles" value="Yes" /> Bottles <br />
> >>> <input type="checkbox" name="tap" value="Yes" /> Draft <br />
> >>> <tr>
> >>> <td>
> >>> <label>Size</label></td><td><input name="size" type="text" />
> >>> </td></tr>
> >>> <tr><td>
> >>> <label>Description</label></td><td><textarea name="desc" cols="40"
> >>> rows="5"></textarea>
> >>> </td></tr>
> >>> <tr><td>
> >>> <input name="submit" type="submit" value="Submit" /></td></tr>
> >>> </form>
> >>> </table>
> >>> </div>
> >>> <div id="list">
> >>> <?php
> >>> $beername = $_POST['beername'];
> >>> $manu = $_POST['manu'];
> >>> $type = $_POST['type'];
> >>> $singles = $_POST['singles'];
> >>> $six = $_POST['six'];
> >>> $can = $_POST['can'];
> >>> $bottles = $_POST['bottles'];
> >>> $tap = $_POST['tap'];
> >>> $size = $_POST['size'];
> >>> $desc = $_POST['desc'];
> >>> $ip= $_SERVER['REMOTE_ADDR'];
> >>>
> >>> $dbc = mysqli_connect('localhost','root','','rr')or die('Error
> connecting
> >>> with MySQL Database');
> >>>
> >>> $query = "INSERT INTO beer (beername, manu, type, singles, six, can,
> >>> bottles, tap, size, desc, ip )"." VALUES ('$beername', '$manu',
> '$type',
> >>> '$singles', '$six', '$can', '$bottles', '$tap', '$size', '$desc',
> >>> '$ip' )";
> >>>
> >>> $result = mysqli_query($dbc, $query)
> >>> or die('Error querying database.');
> >>>
> >>>
> >>> mysqli_close($dbc);
> >>>
> >>>
> >>>
> >>> --
> >>> Gary
> >>
> >>
> >> Read Ash's reply... but basically, you're running the query with POST
> >> variables, and inserting them on page display as well as on form submit.
> >>
> >> can you ensure that you can connect from the command line?
> >>
> >>
> >> if you may take some criticism, you should rethink your database design,
> >> as well as the page flow/design... you should either post the form to a
> >> new page, or if it is back to itself, you should check to see that you
> >> have in fact posted it before just blindly inserting into the database
> >> (as currently, every time you view the page, you will insert into the
> >> database, even if completely empty values).
> >>
> >
> > Steve
> >
> > Thank you for your reply.
> >
> > I did not see a reply from Ashley, but I would love to read it.
> >
> > I always welcome criticism, however this form is for the owner of a bar
> > where he will inputing his list of beer that he sells. The rest of the
> code
> > that is not there is I will have the list then echo to screen below the
> > form. This is an internal list only, no customers will be seeing
> it....if
> > that makes any difference to your suggestion.
> >
> > On your one point
> >
> > <<(as currently, every time you view the page, you will insert into the
> > database, even if completely empty values).>>
> >
> > Is this always the case when you process a form onto itself? Or is there
> a
> > fix?
> >
> > I did just create a new page, inserted the script onto it, and got the
> same
> > error message.
> >
> > Again, thank you for your help.
> >
> > Gary
> >
> >
> >
> > __________ Information from ESET Smart Security, version of virus
> signature database 5706 (20101215) __________
> >
> > The message was checked by ESET Smart Security.
> >
> > http://www.eset.com
> >
> >
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
>
>
--- End Message ---
--- Begin Message ---
I'm facing the following basic problem:
I have made two simple sample files to explain it:
1st file:
<?php
session_start();
$_SESSION['SS_user'] = "user000";
echo $_SESSION['SS_user'];
echo SID;
echo "<br>".session_id();
echo '<br /><a href="home.php">page 1</a>';
?>
2nd file
<?php
session_start();
echo "file Home<br>";
echo session_name().'+'.session_id();
echo $_SESSION['SS_user'];
?>
$_SESSION seems to be empty. Nothing is print. Session Name and session ID
are the same but it seems that $_SESSION is not shared across the two files.
No HTML is made before sessioni_start().
Why?
I'm using PHP 5.3.4 on IIS, windows XP SP3. Tested as localhost or from
another PC inside a LAN.
Many thanks
Walter
--- End Message ---
--- Begin Message ---
Hi,
I want to know if there is a central repo of all the php usergroups and its
activities. wiki.php.net page is empty on this topic. Anyone aware of a php
group meetings in Mumbai, India? If not, how to go about starting it?
Thanks,
Vikash Kumar
--
http://vika.sh
--- End Message ---
--- Begin Message ---
On Tue, Dec 21, 2010 at 05:35, <vikash.i...@gmail.com> wrote:
> Hi,
>
> I want to know if there is a central repo of all the php usergroups and its
> activities. wiki.php.net page is empty on this topic. Anyone aware of a php
> group meetings in Mumbai, India? If not, how to go about starting it?
http://links.parasane.net/nrmb
The first result should be exactly what you want.
--
</Daniel P. Brown>
Network Infrastructure Manager
Documentation, Webmaster Teams
http://www.php.net/
--- End Message ---
--- Begin Message ---
Thanks for the link.
I already been through the given link. But, it is filled with inactive and
non-responsive groups. I was hoping to get in touch with an active one.
Thanks,
Vikash Kumar
--
http://vika.sh
On 21 December 2010 21:00, Daniel Brown <danbr...@php.net> wrote:
> On Tue, Dec 21, 2010 at 05:35, <vikash.i...@gmail.com> wrote:
> > Hi,
> >
> > I want to know if there is a central repo of all the php usergroups and
> its
> > activities. wiki.php.net page is empty on this topic. Anyone aware of a
> php
> > group meetings in Mumbai, India? If not, how to go about starting it?
>
> http://links.parasane.net/nrmb
>
> The first result should be exactly what you want.
>
> --
> </Daniel P. Brown>
> Network Infrastructure Manager
> Documentation, Webmaster Teams
> http://www.php.net/
>
--- End Message ---
--- Begin Message ---
On 20/12/2010 21:33, Govinda wrote:
> followup question, please see below the OP:
>
>> I just started using PHPmailer for one project that requires SMTP
>> authentication (if I said that right).. and all is well.. but I want
>> to ask now before it might get outta hand later:
>>
>> How many comma-delim'ed addresses can I stuff in $BCC_recipients
>> before I have problems (need to restructure the design)?
>>
>> ------------------------------------------------------
>> require("php_inc/class.phpmailer.php");
>> $mail = new PHPMailer();
>> $BCC_recipients = "x...@host.com,y...@server.com"; // <---just an example
>> $arrBCC_recipients = explode(",", $BCC_recipients);
>> foreach ($arrBCC_recipients as $email2stuffInBCC) {
>> $mail->AddBcc($email2stuffInBCC);
>> }
>> if(!$mail->Send()) { // problem ....
>> ------------------------------------------------------
>>
>> For now there will be less than 100 Bcc recipients.. but later, more.
>> I don't know if/when it will ever grow past 1,000.
>
> I see from reading on a PHPmailer list that the main concern people
> expressed from this (above) approach is to not go over limits set by the
> host/server as to how many emails can go out before being marked as
> spam. OK, understood.
> Here I am just asking about the code. I mean does it make any
> difference in terms of code reliability whether I loop on $mail->Send()
> -versus- looping on/concatenating the Bcc addresses?
Hi,
I regularly use PHPMailer to send out a mailshot to two batches of 50000
and had no problems at all.
I would not use BCC. Just set the recipient, send the email, then use
the ClearAllRecipients() function and start again.
We do other things like set a custom MessageID for tracking bounces and
auto unsubscribing during this process as well.
I also do this from the command line so I don't have to worry about
timeouts / apache memory issues etc. But as long as you're aware of
these problems then you can set the values appropriately.
Regards
Ian
--
--- End Message ---
--- Begin Message ---
Hi,
I regularly use PHPMailer to send out a mailshot to two batches of
50000
and had no problems at all.
I would not use BCC. Just set the recipient, send the email, then use
the ClearAllRecipients() function and start again.
We do other things like set a custom MessageID for tracking bounces
and
auto unsubscribing during this process as well.
I also do this from the command line so I don't have to worry about
timeouts / apache memory issues etc. But as long as you're aware of
these problems then you can set the values appropriately.
Regards
Ian
--
Thank you for replying Ian!
That was just what I wanted to hear.. and I really appreciate your
taking the time to offer me your experience so I can feel secure about
using the class for multiple recipients. I'll do as you suggest and
move the mailing into a proper loop on the send function itself (out
of Bcc).
------------
Govinda
--- End Message ---
