Re: [PHP] Sorting db entries by Year-Month
Simply wonderful news:> But again, for design work, it isn't worth the trouble. I'm using SESSION variables $_POST, $_SESSION, and as long as they don't change, there's little point upgrading until the site is on-line. However, I will inform my IP to use all the latest versions. I'm running Linux-Mandrake 8.2 and the distro's Apache, PHP, and PostgeSQL. I've rolled my own, but the distro's added features persuaded to use them. When the site is finished, I will 'roll-my-own' and upgrade. Unfortunately, PostgreSQL and PHP tend to like spreding themselves all over my hardrive. It took me quite a bit of time to get my first versions working together. So, as long as they haven't changed the functions, the vulnerablities are a moot point at this time. Good to be aware of them, however. Thanks for your concern. Regards, Andre On Tuesday 23 July 2002 10:42 pm, you wrote: > Yeah. Apache is vulneralbe to a buffer overflow in the chunked-encoding, > and PHP has (i think) a buffer overflow in the multipart/form-data POST > form handling. It might be a format string though... that just came out > this week. yesterday, i think. > > For dev you might want to consider using the CVS version- that's what I do. > And if you set up a script for the cron-tab or something you could get the > latest version overnight... Unfortunatly, Apache CVS is not open to the > public. > > On Tuesday 23 July 2002 17:58 pm, you wrote: > > Well, that would be nice! Sort of 'completes-my-day' :> > > So, both are vulnerable, eh? Great. > > > > Thanks for the warning -- but I'm using them for design only. Once the > > site is on-line, I'll be sure to use the upgraded versions. From what I > > read on-list, however, the current 'upgrades' have their problems too. > > Luckily, I'll be on-line later in the fall, so enough time might pass for > > the new PHP to stabilize. > > > > Regards, Andre > > > > On Tuesday 23 July 2002 08:47 pm, you wrote: > > > What do you guys think? Should we tell him he's running a vulnerable > > > version of PHP _and_ of Apache??? > > > > > > On Tuesday 23 July 2002 16:26 pm, Andre Dubuc wrote: > > > > Apache 1.3.23 + PHP 4.1.2 + PostgreSQl 7.2 > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sorting db entries by Year-Month
Yeah. Apache is vulneralbe to a buffer overflow in the chunked-encoding, and PHP has (i think) a buffer overflow in the multipart/form-data POST form handling. It might be a format string though... that just came out this week. yesterday, i think. For dev you might want to consider using the CVS version- that's what I do. And if you set up a script for the cron-tab or something you could get the latest version overnight... Unfortunatly, Apache CVS is not open to the public. On Tuesday 23 July 2002 17:58 pm, you wrote: > Well, that would be nice! Sort of 'completes-my-day' :> > So, both are vulnerable, eh? Great. > > Thanks for the warning -- but I'm using them for design only. Once the site > is on-line, I'll be sure to use the upgraded versions. From what I read > on-list, however, the current 'upgrades' have their problems too. Luckily, > I'll be on-line later in the fall, so enough time might pass for the new > PHP to stabilize. > > Regards, Andre > > On Tuesday 23 July 2002 08:47 pm, you wrote: > > What do you guys think? Should we tell him he's running a vulnerable > > version of PHP _and_ of Apache??? > > > > On Tuesday 23 July 2002 16:26 pm, Andre Dubuc wrote: > > > Apache 1.3.23 + PHP 4.1.2 + PostgreSQl 7.2 > > -- He who learns must suffer. Aeschylus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Sorting db entries by Year-Month
> further research indicates that for PG I could trysomething like: > > SELECT EXTRACT(MONTH FROM TIMESTAMP) I'm sure there is a NOW() or TIME() function in PG that returns the current date/time. Then you could do this: SELECT * FROM your_table WHERE EXTRACT(MONTH FROM your_column) = EXTRACT(MONTH FROM PG_CURRENT_TIME_FUNCTION()); > $today = getdate(); > $start = $today['year'] . '-' . $today['mon'] . '-' . '01'; > $end = $today['year'] . '-' . $today['mon'] . '-' . '31'; > > "SELECT * FROM guest WHERE pdate BETWEEN {$start} AND {$end}"; > > but PG doesn't like my format of $pdate as type date, since the result for > $start and $end seems to result in type integer. Sigh. I think PG uses the unix timestamp format, the number of seconds since Jan 1, 1970 or something. You could use a combination of date() and mktime() and maybe even strtotime() to figure the unix timestamp of the current month's start and end, then use the BETWEEN SQL given above... ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sorting db entries by Year-Month
Hi John, further research indicates that for PG I could trysomething like: SELECT EXTRACT(MONTH FROM TIMESTAMP) Big John has offered some advice using: $today = getdate(); $start = $today['year'] . '-' . $today['mon'] . '-' . '01'; $end = $today['year'] . '-' . $today['mon'] . '-' . '31'; "SELECT * FROM guest WHERE pdate BETWEEN {$start} AND {$end}"; but PG doesn't like my format of $pdate as type date, since the result for $start and $end seems to result in type integer. Sigh. What a pain. Such a simple task, and . . . Thanks for your advice. I'll keep hacking away at it, and maybe I'll get it to work. Regards, Andre On Tuesday 23 July 2002 09:52 pm, you wrote: > Isn't there a MONTH function in PG? > > SELECT * FROM your_table WHERE MONTH(NOW()) = MONTH(your_column) ?? > > Or if PG stores dates in the Unix timestamp format, is the an equivalent > to date() that you can extract the month from the column and compare > them?? > > ---John Holmes... > > > -Original Message- > > From: Andre Dubuc [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, July 23, 2002 7:26 PM > > To: [EMAIL PROTECTED] > > Subject: [PHP] Sorting db entries by Year-Month > > > > Apache 1.3.23 + PHP 4.1.2 + PostgreSQl 7.2 > > > > I have a guestbook that I would like to display the current month's > > entries. > > I can display all the entries before the current month, but i can't > > seem > > > to > > figure out how to extract the currrent month's. > > > > Although the code below is a db issue, I don't know whether I should > > write > > > code to extract the info before or after the db connection. Should I: > > > > 1. Set up the parameters beforehand in PHP, and then do a > > query; > > > 2. Within the query itself (as the code I tried [and didn't > > work] > > > below); > > 3. Or, somehow in PHP, after I get all the results [obviously > > without the > > db WHERE clause]. > > > > > // lots of code > > > > $db = pg_connect("dbname=rap user=postgres"); > > $query = "SELECT * FROM guest WHERE pdate = "{$_SESSION['pdate'] == > > date('Y-m')"; // pdate is formatted ('Y-m-d') > > > > // etc, etc. . . > > ?> > > > > I know this is a simple question -- but my mind's totally blotto after > > a > > > day's coding. > > > > Any help, pointers of where to look, or admonitions will be gratefully > > accepted. > > > > Tia, > > Andre > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Sorting db entries by Year-Month
Isn't there a MONTH function in PG? SELECT * FROM your_table WHERE MONTH(NOW()) = MONTH(your_column) ?? Or if PG stores dates in the Unix timestamp format, is the an equivalent to date() that you can extract the month from the column and compare them?? ---John Holmes... > -Original Message- > From: Andre Dubuc [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, July 23, 2002 7:26 PM > To: [EMAIL PROTECTED] > Subject: [PHP] Sorting db entries by Year-Month > > Apache 1.3.23 + PHP 4.1.2 + PostgreSQl 7.2 > > I have a guestbook that I would like to display the current month's > entries. > I can display all the entries before the current month, but i can't seem > to > figure out how to extract the currrent month's. > > Although the code below is a db issue, I don't know whether I should write > code to extract the info before or after the db connection. Should I: > > 1. Set up the parameters beforehand in PHP, and then do a query; > 2. Within the query itself (as the code I tried [and didn't work] > below); > 3. Or, somehow in PHP, after I get all the results [obviously > without the > db WHERE clause]. > > // lots of code > > $db = pg_connect("dbname=rap user=postgres"); > $query = "SELECT * FROM guest WHERE pdate = "{$_SESSION['pdate'] == > date('Y-m')"; // pdate is formatted ('Y-m-d') > > // etc, etc. . . > ?> > > I know this is a simple question -- but my mind's totally blotto after a > day's coding. > > Any help, pointers of where to look, or admonitions will be gratefully > accepted. > > Tia, > Andre > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sorting db entries by Year-Month
Well, that would be nice! Sort of 'completes-my-day' :> So, both are vulnerable, eh? Great. Thanks for the warning -- but I'm using them for design only. Once the site is on-line, I'll be sure to use the upgraded versions. From what I read on-list, however, the current 'upgrades' have their problems too. Luckily, I'll be on-line later in the fall, so enough time might pass for the new PHP to stabilize. Regards, Andre On Tuesday 23 July 2002 08:47 pm, you wrote: > What do you guys think? Should we tell him he's running a vulnerable > version of PHP _and_ of Apache??? > > On Tuesday 23 July 2002 16:26 pm, Andre Dubuc wrote: > > Apache 1.3.23 + PHP 4.1.2 + PostgreSQl 7.2 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sorting db entries by Year-Month
What do you guys think? Should we tell him he's running a vulnerable version of PHP _and_ of Apache??? On Tuesday 23 July 2002 16:26 pm, Andre Dubuc wrote: > Apache 1.3.23 + PHP 4.1.2 + PostgreSQl 7.2 > > I have a guestbook that I would like to display the current month's > entries. I can display all the entries before the current month, but i > can't seem to figure out how to extract the currrent month's. > > Although the code below is a db issue, I don't know whether I should write > code to extract the info before or after the db connection. Should I: > > 1. Set up the parameters beforehand in PHP, and then do a query; > 2. Within the query itself (as the code I tried [and didn't work] below); > 3. Or, somehow in PHP, after I get all the results [obviously without the > db WHERE clause]. > > // lots of code > > $db = pg_connect("dbname=rap user=postgres"); > $query = "SELECT * FROM guest WHERE pdate = "{$_SESSION['pdate'] == > date('Y-m')"; // pdate is formatted ('Y-m-d') > > // etc, etc. . . > ?> > > I know this is a simple question -- but my mind's totally blotto after a > day's coding. > > Any help, pointers of where to look, or admonitions will be gratefully > accepted. > > Tia, > Andre -- If you pick up a starving dog and make him prosperous, he will not bite you; that is the principal difference between a dog and a man. Samuel Clemens -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php