Re: [PHP] Array problem

[Firman Wandayandi]

Hi noginn,

$columntotals[$count] = $columntotals[$count] + $sum;
 ^-^
   ERROR HERE

Seem you tried to assign columntotal[index]  with itself and you never
defined it. You should tried this one.

=> $columntotals[$count] = $sum;

Is right?

Sorry, I confuse with your words "total of totals"?

Good Luck,
Firman

- Original Message -
From: "noginn" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, March 22, 2004 12:33 AM
Subject: [PHP] Array problem


> This has been confusing me a little for a few hours now.
>
> Heres a snip of my code which is causing the problem:
>
> $content = "\n";
> $content .= "\n";
> $content .= " \n";
>
> $tasks = new dbconnect;
> $tasks->connect();
> $tasks->query("SELECT tid, tname FROM tasks");
> while(list($tid, $tname) = $tasks->fetch_rows()) {
> $content .= " class='highlight'>$tname\n";
> }
> $content .= " \n";
> $content .= "\n";
>
> $projects = new dbconnect;
> $projects->connect();
> $projects->query("SELECT pid, pname FROM projects");
>
>* $columntotals = array();*
> $colour = 0;
>
> while(list($pid, $pname) = $projects->fetch_rows()) {
> $tasks->data_seek(0);
> $rowtotal = 0;
> $count = 0;
> if ($colour % 2) {
> $bgcolour = "#FF";
> }
> else {
> $bgcolour = "#F9F9F9";
> }
> $colour++;
> $content .= "\n";
> $content .= " class='highlight'>$pname\n";
>
> while(list($tid, $tname) = $tasks->fetch_rows()) {
> $logs = new dbconnect;
> $logs->connect();
> $logs->query("SELECT SUM(hours) from logs WHERE pid = '$pid'
> AND tid = '$tid' AND date >= '$sdate' AND date <= '$edate'");
> list($sum) = $logs->fetch_rows();
>
> if (!$sum) {
> $sum = 0;
> }
>
> $rowtotal = $rowtotal + $sum;
> *$columntotals[$count] = $columntotals[$count] + $sum;*
> $count++;
>
> $content .= " align='center'>$sum\n";
> }
> $content .= "$rowtotal\n";
> }
> $content .= "\n";
> $content .= "\n";
> $content .= " \n";
>
> $sumofcolumntotals = 0;
>
> for ($i=0; $i {
> $sumofcolumntotals = $sumofcolumntotals + $columntotals[$i];
> $content .= "$columntotals[$i]\n";
> }
>
> $content .= "$sumofcolumntotals\n";
> $content .= "\n";
> $content .= "\n";
>
> I have made the lines inwhich I know are causing problems in bold.
> Basicly, I am creating a report of some data and need to count up totals
> of each column and then again total the totals if you get me.
> Here is the errors I am getting.
> *Notice*: Undefined offset: 0 in
> *C:\WWW\Apache2\htdocs\php\coursework\reports_projects.php* on line *58*
> *Notice*: Undefined offset: 1 in
> *C:\WWW\Apache2\htdocs\php\coursework\reports_projects.php* on line *58*
> *Notice*: Undefined offset: 2 in
> *C:\WWW\Apache2\htdocs\php\coursework\reports_projects.php* on line *58*
> *Notice*: Undefined offset: 3 in
> *C:\WWW\Apache2\htdocs\php\coursework\reports_projects.php* on line *58
>
> *Now I understand in a way why its happening, because im trying to
> insert into $columntotals something which isnt valid, but I can't think
> of a way to stop this at the moment.
> Hope to hear soon, thanks in advance guys.
>
> -noginn
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] SQL Injection check (mysql)

[Evan Nemerson]

On Sunday 21 March 2004 06:39 pm, Chris Shiflett wrote:
> --- Michael Rasmussen <[EMAIL PROTECTED]> wrote:
> > > To be clear: make sure the data that the user submitted only
> > > contains the characters you think are valid (don't bother trying
> > > to guess malicious characters - you're sure to miss one) and is a
> > > valid length. Once you've done this, and your design helps you to
> > > make sure that this step can't be bypassed by the user, you're
> > > protected against SQL injection.
> >
> > Or even better: Use only prepared statements.
>
> Can you explain that (and defend it)?

Maybe he's talking about stored procedures?

"Banks, for instance, use stored procedures for all common operations. This 
provides a consistent and secure environment, and procedures can ensure that 
each operation is properly logged. In such a setup, applications and users 
would not get any access to the database tables directly, but may only 
execute specific stored procedures."
- http://www.mysql.com/doc/en/Stored_Procedures.html
>
> Chris
>
> =
> Chris Shiflett - http://shiflett.org/
>
> PHP Security - O'Reilly
>  Coming mid-2004
> HTTP Developer's Handbook - Sams
>  http://httphandbook.org/
> PHP Community Site
>  http://phpcommunity.org/

-- 
Evan Nemerson
[EMAIL PROTECTED]
http://coeusgroup.com/en

--
"To achieve adjustment and sanity and the conditions that follow from them, we 
must study the structural characteristics of this world first and, then only, 
build languages of similar structure, instead of habitually ascribing to the 
world the primitive structure of our language."

-Alfred Korzybski

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] what is the best idea to make mirror for mysql database

[Burhan Khalid]

QT wrote:
Dear Sirs,

I have a web site which is keeping user data in mysql. I am afraiding that
to collapse of existing server without my control.
I want to use another server to keep in standby and I want to set new server
DNS as a third and forth server.
As far as I know if primary and secondary server will not work, internic
divert to third and forth server.
But I need to keep new server mysql database refreshed. Where can I find
best idea to make such a mirror with my existing server and new server?
This is a PHP list. You need to ask on a MySQL list.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] what is the best idea to make mirror for mysql database

[QT]

Dear Sirs,

I have a web site which is keeping user data in mysql. I am afraiding that
to collapse of existing server without my control.

I want to use another server to keep in standby and I want to set new server
DNS as a third and forth server.

As far as I know if primary and secondary server will not work, internic
divert to third and forth server.

But I need to keep new server mysql database refreshed. Where can I find
best idea to make such a mirror with my existing server and new server?

Best Regards

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Peculiar number_format() behaviour

[Paul Hopkins]

Here's the code:

");

$z = $a + ($a * $b);
echo("z: " . $a . " + ( " . $a . " * " . $b . ") = $z");

echo("number format(y)=".number_format($y, 2)."");
echo("number format(z)=".number_format($z, 2)."");
?>


Here's the output:

y: 676.6 * (1 + 0.175) = 795.005
z: 676.6 + ( 676.6 * 0.175) = 795.005
number format(y)=795.01
number format(z)=795.00


In other words, using two logically equivalent (?) formulae to derive
exactly the same result from the same two values results in somehow
different results (I guess it's not an issue with number_format() per se,
but with associativity or summat...).

Hope it's not an obvious schoolboy error - any ideas?

PHP 4.2.2
Apache 2.0.40
Redhat 7.3
---
Paul Hopkins - Senior Web Developer, Doctor Net - http://www.doc-net.com/

The information transmitted is intended only for the person or entity to
which it is
addressed and may contain confidential and/or privileged material. If you
received
this in error, please contact the sender and delete the material.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Zend Optimiser -- wide spread??

[Kim Steinhaug]

As other people mention here PHP Zend Optimizer is usually NOT installed
on any systems unless they have encountered a customer which needed it.

Were selling a shoppingcart system and *every* host were encountered did
not have it installed.

Another sollution comes up, since a lot of the hosting companies for some
reason dont want to install this, IonCube. Purchasing this is much more
affordable prize aswell. The IonCube loader however can be included and
loaded at runtime, meaning you dont have to install anything on the server,
:)
I have yet to meet a server that doesnt support the runtime loader by
default.

You should check it out, www.ioncube.com

-- 
-- 
Kim Steinhaug
--
There are 10 types of people when it comes to binary numbers:
those who understand them, and those who don't.
--
www.steinhaug.com - www.easywebshop.no - www.webkitpro.com
--

"Justin French" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hi all,
>
> I'm close to releasing my first widely distributed (I hope) PHP
> application, and I wish to protect the source with Zend Encoder.  Seems
> easy enough.
>
> However, this is a low-cost app that was intended to work on basic
> installs of PHP, running on almost any server -- it uses no external
> libraries, and required no special compiles.
>
> Is Zend Optimiser (required to run encoded PHP files) part of a base
> installation, or at the very least, is it widely spread in use
> (available on most hosts)?
>
> Seems like there's no point encoding if only half of the servers out
> there can run the scripts.  I know optimiser is available on *my* host,
> but that's not enough in this case!
>
>
> ---
> Justin French
> http://indent.com.au



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Peculiar number_format() behaviour

[Ford, Mike [LSS]]

On 22 March 2004 10:31, Paul Hopkins wrote:

> Here's the code:
> 
>  $a = 676.6;
> $b = 0.175;
> 
> $y = $a * (1 + $b);
> echo("y: " . $a . " * (1 + " . $b . ") = $y");
> 
> $z = $a + ($a * $b);
> echo("z: " . $a . " + ( " . $a . " * " . $b . ") = $z");
> 
> echo("number format(y)=".number_format($y, 2)."");
> echo("number format(z)=".number_format($z, 2)."");
> > 
> 
> 
> Here's the output:
> 
> y: 676.6 * (1 + 0.175) = 795.005
> z: 676.6 + ( 676.6 * 0.175) = 795.005
> number format(y)=795.01
> number format(z)=795.00

This is because of the inherent minor imprecision in the way floating point numbers 
are represented in a computer -- please see the big fat note headed "Floating point 
precision" at http://www.php.net/manual/en/language.types.float.php.  You should never 
rely on the absolute accuracy of floating point numbers -- even very simple 
calculations can be off by an infinitesimal but nonetheless significant amount (for 
example, 10.0/3*3 almost never equals 10.0 ;).

Cheers!

Mike

-
Mike Ford,  Electronic Information Services Adviser,
Learning Support Services, Learning & Information Services,
JG125, James Graham Building, Leeds Metropolitan University,
Beckett Park, LEEDS,  LS6 3QS,  United Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730  Fax:  +44 113 283 3211 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] building CLI version only

[neko]

Hey guys,

A server I'm using has PHP compiled into Apache, and I want to leave 
that alone and just build a CLI version of php. Can I get away with just 
going:

./configure --with-mysql --prefix=/some/home/dir
make
make install
? I dont' want to upset the existing apache installation of PHP or 
anything, just want a CLI exe in my home dir to do some stuff with.

thanks,
neko
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Decoding a URL without decoding values

[Ford, Mike [LSS]]

On 21 March 2004 16:03, Ben Ramsey wrote:

> I've got a querystring that looks like this:
> ?url=http%3A%2F%2Ftest.alpharetta.ga.us%2Findex.php%3Fm%3Dlink
> s%26category%3DRecreation%2B%2526%2BParks%26go.x%3D22%26go.y%3D7
> 
> As you can gather, I'm trying to pass a URL to another script
> for some
> processing.  Before I urlencode() the URL and pass it to the query
> string, it looks like this: 
> 
> http://test.alpharetta.ga.us/index.php?m=links&category=Recrea
> tion+%26+Parks&go.x=22&go.y=7 
> 
> As you can see, there are already encoded entities in the
> URL, which are
> further encoded when passed through urlencode().  The problem
> I'm having
>   is that when I urldecode() the string from $_GET["url"], I get the
> following string: 

Don't.  GET values are automatically urldecoded once by the Web server
before they ever reach your script.

Cheers!

Mike

-
Mike Ford,  Electronic Information Services Adviser,
Learning Support Services, Learning & Information Services,
JG125, James Graham Building, Leeds Metropolitan University,
Beckett Park, LEEDS,  LS6 3QS,  United Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730  Fax:  +44 113 283 3211 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Array problem

[noginn]

Ye that is true, however to create the totals of each columns I had to 
somehow do this.
I have fixed the problem in a way, but it was probably a very crude way 
of doing so.

   $rowtotal = $rowtotal + $sum;
   if(!empty($columntotals[$count])) {
   $columntotals[$count] = $columntotals[$count] + $sum;
   }
   else {
   $columntotals[$count] = $sum;
   }
   $count++;
So now it won't try and add itself if it is empty.
But if anyone has more ideas of how I can create a cleaner piece of code 
then please let me know! :)

-noginn

Firman Wandayandi wrote:

Hi noginn,

$columntotals[$count] = $columntotals[$count] + $sum;
^-^
  ERROR HERE
Seem you tried to assign columntotal[index]  with itself and you never
defined it. You should tried this one.
=> $columntotals[$count] = $sum;

Is right?

Sorry, I confuse with your words "total of totals"?

Good Luck,
   Firman
- Original Message -
From: "noginn" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, March 22, 2004 12:33 AM
Subject: [PHP] Array problem
 

This has been confusing me a little for a few hours now.

Heres a snip of my code which is causing the problem:

   $content = "\n";
   $content .= "\n";
   $content .= " \n";
   $tasks = new dbconnect;
   $tasks->connect();
   $tasks->query("SELECT tid, tname FROM tasks");
   while(list($tid, $tname) = $tasks->fetch_rows()) {
   $content .= "$tname\n";
   }
   $content .= " \n";
   $content .= "\n";
   $projects = new dbconnect;
   $projects->connect();
   $projects->query("SELECT pid, pname FROM projects");
  * $columntotals = array();*
   $colour = 0;
   while(list($pid, $pname) = $projects->fetch_rows()) {
   $tasks->data_seek(0);
   $rowtotal = 0;
   $count = 0;
   if ($colour % 2) {
   $bgcolour = "#FF";
   }
   else {
   $bgcolour = "#F9F9F9";
   }
   $colour++;
   $content .= "\n";
   $content .= "$pname\n";
   while(list($tid, $tname) = $tasks->fetch_rows()) {
   $logs = new dbconnect;
   $logs->connect();
   $logs->query("SELECT SUM(hours) from logs WHERE pid = '$pid'
AND tid = '$tid' AND date >= '$sdate' AND date <= '$edate'");
   list($sum) = $logs->fetch_rows();
   if (!$sum) {
   $sum = 0;
   }
   $rowtotal = $rowtotal + $sum;
   *$columntotals[$count] = $columntotals[$count] + $sum;*
   $count++;
   $content .= "$sum\n";
   }
   $content .= "$rowtotal\n";
   }
   $content .= "\n";
   $content .= "\n";
   $content .= " \n";
   $sumofcolumntotals = 0;

   for ($i=0; $i
   $content .= "$sumofcolumntotals\n";
   $content .= "\n";
   $content .= "\n";
I have made the lines inwhich I know are causing problems in bold.
Basicly, I am creating a report of some data and need to count up totals
of each column and then again total the totals if you get me.
Here is the errors I am getting.
*Notice*: Undefined offset: 0 in
*C:\WWW\Apache2\htdocs\php\coursework\reports_projects.php* on line *58*
*Notice*: Undefined offset: 1 in
*C:\WWW\Apache2\htdocs\php\coursework\reports_projects.php* on line *58*
*Notice*: Undefined offset: 2 in
*C:\WWW\Apache2\htdocs\php\coursework\reports_projects.php* on line *58*
*Notice*: Undefined offset: 3 in
*C:\WWW\Apache2\htdocs\php\coursework\reports_projects.php* on line *58
*Now I understand in a way why its happening, because im trying to
insert into $columntotals something which isnt valid, but I can't think
of a way to stop this at the moment.
Hope to hear soon, thanks in advance guys.
-noginn

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
   





 

[PHP] Question for PHP.net

[Florian Hoenl]

Dear PHP.net,
I have got a question!!!
I`ll develop a new PHP Site and threr is a problem with Hyperlinks!!!
How can I use  "index?nav=Webmaster"??

Whats the source code for this funktion

Best Regards
Florian Hoenl
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Fill strings with

[Merlin]

Hi there,

I was searching for a php function which fills empty spaces in string 
varibales with " ", but could not find one.

Is there such thing?

Thanx for any help,

Merlin

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Question for PHP.net

[Red Wingate]

Hi,

> Dear PHP.net,
> I have got a question!!!
> I`ll develop a new PHP Site and threr is a problem with Hyperlinks!!!

First of all, there is no problem with hyperlinks, you maybe have an
problem understanding how to use hyperlinks.

> How can I use  "index?nav=Webmaster"??
> Whats the source code for this funktion

How about ... RTFM ?

 -- red

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Scheduling PHP on Windows

[imran asghar]

hi,



I do this task on window thru schedule task as,



First I create BATCH file



File.bat::

@ECHO OFF

c:\php\php -q c:\dailyscript\script.php



then I added this file.bat path  into schedule Task for specify time
interval



imran







- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, March 21, 2004 9:52 PM
Subject: Re: [PHP] Scheduling PHP on Windows


> On 20 Mar 2004 Ben Ramsey wrote:
>
> > I know how to run a PHP script as a cron job on a *nix machine.  So,
> > does anyone know how to use the Task Scheduler on Windows to do the
> > same?  Or is it even possible?
>
> The fundamental idea is simple -- work out a command line from a
> regular command prompt that does what you want.  Then set it up under
> Control Panel / Scheduled Tasks.  You will have to specifically invoke
> cmd.exe if you want to redirect the output, for example here's a
> command line I just tried that worked properly:
>
> m:\winnt\system32\cmd.exe /c h:\php\cli\php.exe test4.php >> c:\x.txt
>
> --
> Tom
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Fill strings with

[Red Wingate]

Hi Merlin,

guess there is no php function which handles this,  but you can easily
use str_replace to do this.

http://php.net/str_replace

 -- red

Am Montag, 22. März 2004 13:02 schrieb Merlin:
> Hi there,
>
> I was searching for a php function which fills empty spaces in string
> varibales with " ", but could not find one.
>
> Is there such thing?
>
> Thanx for any help,
>
> Merlin

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Fill strings with

[Dave G]

> I was searching for a php function which fills empty spaces in string 
> varibales with " ", but could not find one.

Wouldn't str_replace do it?
http://jp2.php.net/str_replace

-- 
Yoroshiku!
Dave G
[EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Fill strings with

[Firman Wandayandi]

$str = str_replace(' ', ' ', $str);
$str = preg_replace('/\s+/', ' ', $str);
$str = ereg_replace('[[:space:]]+', ' ', $str);

Good Luck,
Firman

- Original Message - 
From: "Merlin" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, March 22, 2004 7:02 PM
Subject: [PHP] Fill strings with  


> Hi there,
> 
> I was searching for a php function which fills empty spaces in string 
> varibales with " ", but could not find one.
> 
> Is there such thing?
> 
> Thanx for any help,
> 
> Merlin
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Client does not support authentication protocol requested

[Khalid Judeh]

i psoted a message here before few days asking how to solve this problem, fortunately 
i found the solution on a website, i reseted the pass and all worked.
 
MySQL 4.1 uses an authentication protocal based on a password hashing algorithm that 
is incompatible with that used by older clients. If you upgrade the server to 4.1, 
attempts to connect to a it with an older client may fail with the following message: 
 shell> mysql
 Client does not support authentication protocol requested
 by server; consider upgrading MySQL client
 
To solve this problem you should do one of the following: 
Upgrade all client programs to use the 4.1.1 or newer client library. 
Use a user account with an old password when connecting from a pre 4.1 client. 
Reset the user that needs a pre-4.1 client to use an old password: 
  mysql> UPDATE user SET Password = OLD_PASSWORD('mypass')
  -> WHERE Host = 'some_host' AND User = 'some_user';
  mysql> FLUSH PRIVILEGES;
  
Tell the server to use the older password hashing algorithm: 
Start mysqld with --old-passwords. 
Set the password for all users that has a long password. You can find these users 
with: 
   SELECT * FROM mysql.user WHERE LEN(password) > 16;

Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.

[PHP] String Length ??

[gordon stewart]

Hi there

I'm new to PHP (as some may know)...

ive spotted / Found the answers to 2-3 problems
tonight - By looking through the PHP documentation..
but this problem is perplexing..


Ok - Ive got a FORM - Which basically, I put lots of
text into it (For testing purposes, I go to news
websites & copy entire articles).

The PHP script chops up the paragraphs - into one long
line of text (one line per paragraph..), & its in an
array $text.

Ok - I loop through the array, & all the text is how
it should be - displaying properly..

PROBLEM :-

Now - All I want to know - Is how long each line is -
(eg number of characters - Ive already removed
double-spaces & its now single-spacing (if any)..)

EG - Is a line 34 characters long, 127, 945 ? 

Ive looked through the PHP 'Functions' & the PHP
'documentation' for "length" (couldnt find anything..
??)

Ive found this command :-

http://nz2.php.net/strlen

Which seems perfectly fine...

Ive got this code (without the === signs)

===
foreach ($text as $color) {
   echo "SAF '$color' - ";
echo "".strlen($color)."\n";
}
===

the SAF is only for my reference - See it on the
screen..


QUESTION :-

Is this the right code to use ? to find the length of
each line ? ($color)   - No worries - Ive just copied
code from the web..)

PROBLEM :-

It looks fine - EXCEPT when I see a 3-line paragraph -
& the PHP code is telling me its over 1,200 characters
long..

(assuming  80 characters per line, 100 AT MAXIMUM) -
thats only 240 -300 characters... 

If the paragraph were 1200 characters - That would
need 8-10 lines of text...

So - Im asking here (see above)... - If Ive got the
correct code / Command...


Thanks for the help...

G


__
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
http://taxes.yahoo.com/filing.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] String Length ??

[Filip de Waard]

On Mar 22, 2004, at 1:46 PM, gordon stewart wrote:
===
foreach ($text as $color) {
   echo "SAF '$color' - ";
echo "".strlen($color)."\n";
}
===
QUESTION :-

Is this the right code to use ? to find the length of
each line ? ($color)   - No worries - Ive just copied
code from the web
strlen() is the correct function to use here. Use it like:

echo strlen($_POST['input_name']);

Where $_POST['input_name'] should be replaced by the variable you want 
to check. strlen() is always right, but it counts the actual charactars 
of the string (which may differ from those who are shown in the 
browser, please look at the HTML source instead).

Secondly, please use lowercase for HTML tags and use  instead of 
...

Regards,

Filip de Waard

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] String Length ??

[gordon stewart]

--- Filip de Waard <[EMAIL PROTECTED]> wrote:
> strlen() is the correct function to use here. Use it
> like:
> 
> echo strlen($_POST['input_name']);

Thanks...

> Where $_POST['input_name'] should be replaced by the
> variable you want 
> to check. strlen() is always right, but it counts
> the actual charactars 
> of the string (which may differ from those who are
> shown in the 
> browser, please look at the HTML source instead).

Ok - Will do... 

> Secondly, please use lowercase for HTML tags and use
>  instead of 
> ...

Hmm - why  ???

Is that PHP code - or HTML code ? - Ive seen it around
a few places - But havnt bothered to ask (till now)

- Or is there a 'hidden' process that PHP
 uses the " / " for ??

- Ok - Off to look at HTML source, then off to bed...

Thanks

G


__
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
http://taxes.yahoo.com/filing.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] SQL Injection check (mysql)

[trlists]

On 21 Mar 2004 Chris Shiflett wrote:

> I would never argue that something is an absolute defense, but I would
> characterize my recommendation as a best practice.

Fair enough.

> > I agree with you that checking for valid characters is safer than 
> > checking for malicious characters, but even the former is not absolute.
> 
> Not absolute in what sense? Making sure something is valid is pretty
> absolute; 

Yes, agreed.  It just that validation against input criteria doesn't 
guarantee that it's not an attack.

> the only possible flaws are flaws in "making sure something is
> valid." For example, I feel confident that no one can show me a string
> that I would consider a valid first name that is also an SQL injection
> attack.

I'm sure that's correct.  However I'm not sure the algorithm to 
definitively decide which is which is so obvious.

> http://phundamentals.nyphp.org/PH_storingretrieving.php

FYI, this site seems to be down.  I've tried it several times over the 
last few days and it always times out.

> This doesn't work for everyone. I can think of several examples where
> users would be submitting HTML and/or PHP code. I wouldn't want to delete
> some of their data.

Of course.  I was only referring to my specific case, where that's not 
an issue.

> I applaud your efforts in data filtering, because almost all PHP
> vulnerabilities that I read about are a result of the author completely
> failing to perform any data filtering at all (which is inexcusable).
> However, might I suggest that you take a slightly different approach.
> Verify that the data is exactly what you expect it to be, and then escape
> and/or encode it when necessary.

Just to clarify ... are you saying that you feel it's better to 
specifically validate and encode each field according to its own 
requirements rather than use a global algorithm?  I can understand that 
... right now I do both, global checks first followed by field-specific 
validation and encoding / escaping.

> For unvalidated data, do nothing with it until you have validated it with
> your data filtering logic. A good software architecture should make it
> easy for the developer to keep up with this (naming conventions are also
> very helpful for this).

Good point on the naming conventions.  I tend to keep the raw data in 
_POST and the validated data inside an array of "control" objects 
within my data entry "form" object, so the differentiation is 
structural rather than by name.

> This actually sounds like a strong approach to me. I assume that you
> surround all data in an SQL statement with single quotes (not just integer
> values). In fact, this is almost exactly what I am suggesting. I do not
> think you have an SQL injection vulnerability, unless what your code does
> strays from this description somehow.

Yes, I use single quotes on everything.  I was doing it only for 
strings and dates, but after reading some of the MySQL security info I 
added single quotes to the numeric values as well.

> Also, if your applications never allow the user to submit HTML or PHP,
> stripping tags is fine. But, you might be interested in letting your
> regular expression catch this, so that you can log attacks. Attackers
> certainly profile your applications - why not profile their attacks? It
> can potentially help us all.

Good point ... but then I am vulnerable to errors in my own algorithm, 
I figured the folks writing PHP were likely to have more experience 
with it than I did.  However it would be fairly easy to check if 
strip_tags did anything by comparing string lengths, and log the change 
if there was one.
 
> > I also haven't looked at what this does to nested attacks of various
> > kinds and whether there is a way to use multiple iterations or escapes
> > in the input data to bypass the filtering (pointers to articles which
> > discuss this would be welcome).
> 
> The point of escaping or encoding would be lost if it didn't work for all
> possible data. I know of no articles for this, nor can I think of anyone
> who would bother writing one. :-)

That's true, but as there is no mention in the documentation, I have no 
idea whether functions like mysql_escape_string properly handle things 
like strings which have already been escaped, whether strip_tags will 
take care of something like http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] what is the best idea to make mirror for mysql database

[QT]

do you know best mysql newsgroup address?

"Burhan Khalid" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> QT wrote:
> > Dear Sirs,
> >
> > I have a web site which is keeping user data in mysql. I am afraiding
that
> > to collapse of existing server without my control.
> >
> > I want to use another server to keep in standby and I want to set new
server
> > DNS as a third and forth server.
> >
> > As far as I know if primary and secondary server will not work, internic
> > divert to third and forth server.
> >
> > But I need to keep new server mysql database refreshed. Where can I find
> > best idea to make such a mirror with my existing server and new server?
>
> This is a PHP list. You need to ask on a MySQL list.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

php-general Digest 22 Mar 2004 13:23:02 -0000 Issue 2661

[php-general-digest-help]

php-general Digest 22 Mar 2004 13:23:02 - Issue 2661

Topics (messages 181109 through 181135):

Re: Zend Optimiser -- wide spread??
181109 by: Filip de Waard
181118 by: Kim Steinhaug

Re: SQL Injection check (mysql)
181110 by: Chris Shiflett
18 by: trlists.clayst.com
181112 by: Chris Shiflett
181114 by: Evan Nemerson
181134 by: trlists.clayst.com

Re: Array problem
181113 by: Firman Wandayandi
181122 by: noginn

what is the best idea to make mirror for mysql database
181115 by: QT
181116 by: Burhan Khalid
181135 by: QT

Peculiar number_format() behaviour
181117 by: Paul Hopkins
181119 by: Ford, Mike   [LSS]

building CLI version only
181120 by: neko

Re: Decoding a URL without decoding values
181121 by: Ford, Mike   [LSS]

Question for PHP.net
181123 by: Florian Hoenl
181125 by: Red Wingate

Fill strings with  
181124 by: Merlin
181127 by: Red Wingate
181128 by: Dave G
181129 by: Firman Wandayandi

Re: Scheduling PHP on Windows
181126 by: imran asghar

Client does not support authentication protocol requested
181130 by: Khalid Judeh

String Length ??
181131 by: gordon stewart
181132 by: Filip de Waard
181133 by: gordon stewart

Administrivia:

To subscribe to the digest, e-mail:
[EMAIL PROTECTED]

To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]

To post to the list, e-mail:
[EMAIL PROTECTED]


--
--- Begin Message ---
On Mar 22, 2004, at 1:16 AM, Justin French wrote:

Hi all,

I'm close to releasing my first widely distributed (I hope) PHP 
application, and I wish to protect the source with Zend Encoder.  
Seems easy enough.

However, this is a low-cost app that was intended to work on basic 
installs of PHP, running on almost any server -- it uses no external 
libraries, and required no special compiles.

Is Zend Optimiser (required to run encoded PHP files) part of a base 
installation, or at the very least, is it widely spread in use 
(available on most hosts)?

Seems like there's no point encoding if only half of the servers out 
there can run the scripts.  I know optimiser is available on *my* 
host, but that's not enough in this case!
It's not available on every PHP aware webserver, since it's not part of 
PHP itself.

You can give your clients two options: a. encoded file (cheaper) and b. 
source code (expensive). If you don't want to give them your source you 
can always make an reseller arrangement with a specific hosting company 
and forward clients who's current provider doesn't support the Zend 
Optimizer to that reseller account :-)

Regards,

Filip de Waard
--- End Message ---
--- Begin Message ---
As other people mention here PHP Zend Optimizer is usually NOT installed
on any systems unless they have encountered a customer which needed it.

Were selling a shoppingcart system and *every* host were encountered did
not have it installed.

Another sollution comes up, since a lot of the hosting companies for some
reason dont want to install this, IonCube. Purchasing this is much more
affordable prize aswell. The IonCube loader however can be included and
loaded at runtime, meaning you dont have to install anything on the server,
:)
I have yet to meet a server that doesnt support the runtime loader by
default.

You should check it out, www.ioncube.com

-- 
-- 
Kim Steinhaug
--
There are 10 types of people when it comes to binary numbers:
those who understand them, and those who don't.
--
www.steinhaug.com - www.easywebshop.no - www.webkitpro.com
--

"Justin French" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hi all,
>
> I'm close to releasing my first widely distributed (I hope) PHP
> application, and I wish to protect the source with Zend Encoder.  Seems
> easy enough.
>
> However, this is a low-cost app that was intended to work on basic
> installs of PHP, running on almost any server -- it uses no external
> libraries, and required no special compiles.
>
> Is Zend Optimiser (required to run encoded PHP files) part of a base
> installation, or at the very least, is it widely spread in use
> (available on most hosts)?
>
> Seems like there's no point encoding if only half of the servers out
> there can run the scripts.  I know optimiser is available on *my* host,
> but that's not enough in this case!
>
>
> ---
> Justin French
> http://indent.com.au


--- End Message ---
--- Begin Message ---
--- Michael Rasmussen <[EMAIL PROTECTED]> wrote:
> > To be clear: make sure the data that the user submitted only
> > contains the characters you 

Re: [PHP] what is the best idea to make mirror for mysql database

[Duncan Hill]

On Monday 22 March 2004 23:20, QT wrote:
> do you know best mysql newsgroup address?

http://lists.mysql.com/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Question for PHP.net

[Burhan Khalid]

Florian Hoenl wrote:
Dear PHP.net,
I have got a question!!!
I`ll develop a new PHP Site and threr is a problem with Hyperlinks!!!
How can I use  "index?nav=Webmaster"??

Whats the source code for this funktion
Florian :

  1. Please don't end all lines with multiple puncuation marks. !!! is 
not necessary, and will trigger spam filters.

  2. If the problem is with HTML, then check your HTML source, and the 
functions that are outputting HTML code. Hyperlinks are part of HTML, 
and thusly, if you have a problem with hyperlinks, it is not something 
that PHP caused.

  3. Please read the manual first, and search the archives of this list 
(http://www.google.com/groups?as_ugroup=php.general). Most questions 
like yours have already been answered more than once.

  4. Please use a more descriptive subject. Question for PHP.net. I 
thought your question was about the php.net website.

Regards,
Burhan Khalid
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Thanks : Re: [PHP] String Length ??

[gordon stewart]

--- Filip de Waard <[EMAIL PROTECTED]> wrote:
> strlen() is the correct function to use here. Use it
> like:
> 
> echo strlen($_POST['input_name']);
> 
> Where $_POST['input_name'] should be replaced by the
> variable you want 
> to check. strlen() is always right, but it counts
> the actual charactars 
> of the string (which may differ from those who are
> shown in the 
> browser, please look at the HTML source instead).

Thanks - Yep - Lots of spaces in  my output...

Ive added a small regex & its got rid of the lines :)

$pattern = "/\s+/i";
$replacement = " ";
$texta= preg_replace($pattern, $replacement, $texta);

G



__
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
http://taxes.yahoo.com/filing.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] what can be wrong here?

[Mike Mapsnac]

Hello

In CSS file all links are black:
/* Part from CSS file  */
a:link{color:#00; text-decoration: none;} /*unvisited link*/
a:visited{color:#00; text-decoration: none;} /*visited link*/
a:hover {color:#00; text-decoration: none;} /*mouse over link*/
a:active { color:#00}
On the page also all links are black (visited or unvisited). In the PHP code
I print the image and link to medium image:
$thumb = "";
In the Mozilla the Image frame/border is black but on IE it is (blue unvisit 
and red  visit).

When I try to print just image
echo "";
The image frame is black on IE and Mozilla. Any ideas why the image frame is 
blue or red when I print
$thumb = "";
I want to make the image fram "black";
Thanks

_
FREE pop-up blocking with the new MSN Toolbar – get it now! 
http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] what can be wrong here?

[Richard Davey]

Hello Mike,

Monday, March 22, 2004, 1:45:24 PM, you wrote:

MM> Hello

MM> In CSS file all links are black:
MM> /* Part from CSS file  */
MM> a:link{color:#00; text-decoration: none;} /*unvisited link*/
MM> a:visited{color:#00; text-decoration: none;} /*visited link*/
MM> a:hover {color:#00; text-decoration: none;} /*mouse over link*/
MM> a:active { color:#00}

MM> On the page also all links are black (visited or unvisited). In the PHP code
MM> I print the image and link to medium image:
MM> $thumb = " href=\"showPictures.php?image_id=$id&image_size=$medium\"> src=$image_small border=1>";
MM> In the Mozilla the Image frame/border is black but on IE it is (blue unvisit
MM> and red  visit).

MM> When I try to print just image
MM> echo "";
MM> The image frame is black on IE and Mozilla. Any ideas why the image frame is
MM> blue or red when I print
MM> $thumb = " href=\"showPictures.php?image_id=$id&image_size=$medium\"> src=$image_small border=1>";
MM> I want to make the image fram "black";

This isn't a PHP question.

(Although, it's a simple solution - you are not setting the border
colour in your CSS a:hover attribute, you're setting the text colour.
Just add "border: 1px solid black" to it. Note this will apply to any
link now though, so perhaps creating a new "ImageLink" class with a
hover state would be more sensible.

-- 
Best regards,
 Richard Davey
 http://www.phpcommunity.org/wiki/296.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] what can be wrong here?{OT}

[Jay Blanchard]

[snip]
In CSS file all links are black:
/* Part from CSS file  */
a:link{color:#00; text-decoration: none;} /*unvisited link*/
a:visited{color:#00; text-decoration: none;} /*visited link*/
a:hover {color:#00; text-decoration: none;} /*mouse over link*/
a:active { color:#00}
[/snip]

Actually the is a CSS question and how it affects differewnt browsers.
Your PHP code is OK. This is OT, but it has to do with the order of your
a: statements in the CSS code (an issue that first cropped up a couple
of years ago IIRC). I do not remember the order exactly, but I think
that 'visited' must be first and 'hover' second. You will probably have
to play around with it.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Problems with PHP5 RC1

[memoimyself]

On 19 Mar 2004 at 19:23, Lester Caine wrote:

> [EMAIL PROTECTED] wrote:
> 
> > I'm trying to run PHP5 RC1 on a Windows 2000 test server with Apache 2.0.47.
> 
> Mines 2.0.48, but no problem.
> 
> > Upon installation, when I first started Apache again, I got an error message to 
> > the effect 
> > that php4ts.dll could not be found in the c:\winnt\system32 directory. This is 
> > curious for 
> > two reasons: first and foremost, if anything is missing, it should be php5ts.dll, 
> > not 
> > php4ts.dll; second, php4ts.dll never used to be in the system32 directory and that 
> > never 
> > caused any problems. But it's no use cursing PHP5, so I copied php4ts.dll to the 
> > system32 directory and stopped getting the error message. Not a pretty solution, 
> > though.
> 
> First - you did change httpd.conf to point at the new module?
> Second option, is there something 'extra' in your setup that 
> is from PHP4?

Yes, certainly, to the first question, and no to the second. I went over httpd.conf 
very 
carefully a couple of times to make sure nothing else in the file refers to PHP 4 or 
to an 
old directory.


On 19 Mar 2004 at 20:28, Red Wingate wrote:  

> I'm running RC1 on Win2k 2.0.47 without any problems. Make sure u updated
> your PATH settings as some folders got renamed or moved. Add /path/to/php
> and /path/to/php/dlls to your PATH setup. Switch 'extensions' to 'ext' in your
> php.ini as well if you still have an old version from an old PHP5 beta or PHP4
> release.

I simply copy all needed DLLs to my system32 directory, so there's no need to add 
anything to my system paths. Also, I went over php.ini with ExamDiff to make sure I 
wouldn't miss any changes; the "extensions" directory is properly set.
 
> Otherwise consult the updated install.txt for more information

As I said, the installation instructions haven't changed much. Mostly, it seems that 
PHP5 was simply substituted for PHP4 in the text. There's even a bit about it not 
being 
safe to use PHP as a module because it's "new", which is later contradicted by the 
statement "Now that version 4.1 introduces a safer sapi module, we recommend that 
you configure PHP as a module in Apache". I'm not complaining because of course 
these instructions are provided free of charge etc, but you can't really rely on them 
as 
being accurate for the latest release of PHP.

Thanks anyway,

Erik

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Problems compiling PHP with ImageMagick

[Paul Hopkins]

First, cheers to Mike Ward for the quick response to my maiden post this
morning (about floating point vars).

Next prob: I'm trying to recompile PHP 4.3.4 (on Redhat 7.3) with
ImageMagick support. I've installed ImageMagick 5.5.7 and the PECL imagick
package (0.9.8). I'm running Apache 1.3.29 with PHP compiled as a module.

These are the steps I've been following:

1. cd to the Apache dir
make clean
./configure

2. cd to the PHP dir
make clean
./configure --with-sablot --with-mysql=/usr/local/mysql --with-gd --enable-t
rack-vars --with-xml --with-dom --with-zlib --with-jpeg-dir --with-png-dir -
-with-apache=../apache_1.3.29 --enable-ftp --with-imap --with-curl --with-xs
lt --with-ssl --enable-wddx --with-imagick=/usr/local/src/php-4.3.4/ext/imag
ick (same configure line as original install but with adding the last bit
for imagick)
make
make install

3. cd to the Apache dir
rm src/modules/php4/libphp4.a
./configure --activate-module=src/modules/php4/libphp4.a
make
make install

4. Restart Apache


All appears to run OK, but the PHP installation I end up with seems to be
exactly the same as what I started out with - phpinfo() shows my original
build date and configure line from months ago, and the imagick_* functions
aren't available.

I ran across the file config.cache in my PHP directory and tried removing
it - no difference.

I changed the path to imagick in the configure line to a non-existent path,
and added a nonsensical option, --with- ; no complaints, which I suppose
indicates that there's some more deep-seated problem which has nowt to do
with the ImageMagick-specific stuff.

I'm sure I'm missing something pretty obvious, but just can't put my finger
on what it is - anyone got any ideas?

Cheers,
Paul

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Problems compiling PHP with ImageMagick

[Paul Hopkins]

I wrote:
>First, cheers to Mike Ward for the quick response to my maiden post this
>morning (about floating point vars).

Second, apologies for getting Mike Ford's name wrong in my second-to-maiden
post... :(

Paul

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] outputting php file

[Ryan A]

Hi,
I have a set of scripts that read off a config_inc.php file (eg: database,
username,password, admin_username,admin_pass etc), instead of the client
manually making the changes (with mistakes sometimes) I have made a form
where the client can pick most of the values via a drop down box and then
submits the form and the config file gets built...

I have gotten as far as building the HTML form and according to the input,
set the variables, how do I create the php file and force a download so the
client simply downloads the file, then uploads it to the programs directory?

Anybody have any prewritten code you are willing to share?
if not, links, suggestions,references to the manual and comments would be
appreciated.

Thanks,
-Ryan

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] outputting php file

[John W. Holmes]

From: "Ryan A" <[EMAIL PROTECTED]>

> I have a set of scripts that read off a config_inc.php file (eg: database,
> username,password, admin_username,admin_pass etc), instead of the client
> manually making the changes (with mistakes sometimes) I have made a form
> where the client can pick most of the values via a drop down box and then
> submits the form and the config file gets built...
>
> I have gotten as far as building the HTML form and according to the input,
> set the variables, how do I create the php file and force a download so
the
> client simply downloads the file, then uploads it to the programs
directory?

Same as you write any other file, fopen, fwrite, fclose, etc, then send the
appropriate headers to trigger a download of the file (discussed on here
plenty of times).

");
// etc... (add in quotes around strings, of course)

fclose($fp);

You don't even have to actually write the file if you're just going to send
them the data. You can send the download headers and then echo out what you
would have written to the file. The end result to the user will look like
they're downloading a file, although one never really existed on the server.

---John Holmes...

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] outputting php file

[Ryan A]

Hey John,

> Same as you write any other file, fopen, fwrite, fclose, etc, then send
> the
> appropriate headers to trigger a download of the file (discussed on
> here
> plenty of times).

Yep, I got the working code to force a download from the list itself, but
was outputting
a file via readfile..

> 
> $fp = fopen('config.php');
>
> fwrite(" $somevalue2 . ";\n?>");
> // etc... (add in quotes around strings, of course)
>
> fclose($fp);

Cool, got it.


> You don't even have to actually write the file if you're just going to
> send
> them the data. You can send the download headers and then echo out what
you
>would have written to the file. The end result to the user will look like
>they're downloading a file, although one never really existed on the
server.

Great, didnt think of that, will try it and post code back here if I run
into problems.

Thanks again,
-Ryan

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Unit test

[Andres Ferrando]

Hi!

which Unit Test tool for PHP do you recomend?

bye

--
Andrés Ferrando <[EMAIL PROTECTED]>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Problems compiling PHP with ImageMagick

[Jason Wong]

On Monday 22 March 2004 23:11, Paul Hopkins wrote:

> Next prob: I'm trying to recompile PHP 4.3.4 (on Redhat 7.3) with
> ImageMagick support. I've installed ImageMagick 5.5.7 and the PECL imagick
> package (0.9.8). I'm running Apache 1.3.29 with PHP compiled as a module.
>
> These are the steps I've been following:
>
> 1. cd to the Apache dir
> make clean

Try:
  make distclean 

>
> 2. cd to the PHP dir
> make clean

Ditto ...

> All appears to run OK, but the PHP installation I end up with seems to be
> exactly the same as what I started out with - phpinfo() shows my original
> build date and configure line from months ago, and the imagick_* functions
> aren't available.
>
> I ran across the file config.cache in my PHP directory and tried removing
> it - no difference.

... better still, remove the original source directory and untar a fresh one.

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
/*
If Microsoft built cars, the oil, gas, and alternator warning lights would
be replaced by a single "general car fault" warning light.
*/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] building CLI version only

[Jason Wong]

On Monday 22 March 2004 19:25, neko wrote:

> A server I'm using has PHP compiled into Apache, and I want to leave
> that alone and just build a CLI version of php. Can I get away with just
> going:
>
> ./configure --with-mysql --prefix=/some/home/dir
> make
> make install
>
> ? I dont' want to upset the existing apache installation of PHP or
> anything, just want a CLI exe in my home dir to do some stuff with.

If you only want the CLI version then use:

  --disable-cgi --enable-cli ...

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
/*
QOTD:
"He's on the same bus, but he's sure as hell got a different
ticket."
*/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] eregi for alpha-numeric, punctuation & whitespace?

[Jas]

Not sure how to accomplish this, and not completely familiar with all 
the options available with regular expressions.

I need to sanitize input data by only allowing alpha-numeric characters, 
whitespace, punctuation (,.;:) and of course carrige returns.

here is what I have so far...
eregi("^[0-9a-zA-Z]{1,40}$",$_POST['input'])
Any help is appreciated, right now anything with a space, period, comma 
etc gets flagged.

Jas

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Zend Optimiser -- wide spread??

[Richard Čepas]

It isn't on most hosts, though it isn't difficult to install it on request.  You may 
also look at alternatives:
http://turck-mmcache.sourceforge.net/#bench

On Monday 22 March 2004 02:16, Justin French <[EMAIL PROTECTED]> wrote:
> Hi all,
> 
> I'm close to releasing my first widely distributed (I hope) PHP 
> application, and I wish to protect the source with Zend Encoder.  Seems 
> easy enough.
> 
> However, this is a low-cost app that was intended to work on basic 
> installs of PHP, running on almost any server -- it uses no external 
> libraries, and required no special compiles.
> 
> Is Zend Optimiser (required to run encoded PHP files) part of a base 
> installation, or at the very least, is it widely spread in use 
> (available on most hosts)?
> 
> Seems like there's no point encoding if only half of the servers out 
> there can run the scripts.  I know optimiser is available on *my* host, 
> but that's not enough in this case!
> 
> 
> ---
> Justin French
> http://indent.com.au
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] receiving ndr for each email sent to list

[Chris W. Parker]

hey everyone,

i imagine other people are experiencing this also but i'm receiving the
following email every time i send a message to the list.

==

Subject: Undeliverable: Delivery Report (failure) for
[EMAIL PROTECTED]
Message:

Your message did not reach some or all of the intended recipients.

  Subject:  RE: [PHP] Simple: Whats wrong with this?
  Sent: 3/17/2004 9:44 AM

The following recipient(s) could not be reached:

  [EMAIL PROTECTED] on 3/22/2004 10:07 AM
Could not deliver the message in the time limit specified.
Please retry or contact your administrator.
< mta dswu231-hme1 in /ADMD= /C=WW/ #4.4.7 Reason 1
(Unable-To-Transfer); Diagnostic 5 (Maximum-Time-Expired)>

==

anyone else receiving these and can anyone tell me a solution to
stopping these or do i just need to block them?



thanks,
chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] receiving ndr for each email sent to list

[Jay Blanchard]

[snip]
i imagine other people are experiencing this also but i'm receiving the
following email every time i send a message to the list.
[/snip]

ROFL! Sorry Chris...had to laugh. :) 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] receiving ndr for each email sent to list

[Chris W. Parker]

Jay Blanchard 
on Monday, March 22, 2004 10:51 AM said:

> [snip]
> i imagine other people are experiencing this also but i'm receiving
> the following email every time i send a message to the list.
> [/snip]
> 
> ROFL! Sorry Chris...had to laugh. :)

hey i like a good laugh just like anyone else... but i don't have any
idea what you're talking about!! :(

oh and on a separate note, i don't get the *exact* same email each time.
it has the same subject each time, but is always in regards to what
thread i just responded to.



chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Bogus headers returned by firewalls

[Pablo Gosse]

Hi folks.  Has anyone out there ever had any issues with a user's
personal firewall munging up the HTTP_REFERER for a page?

I've got a mailer script which is accessed from a few domains within our
network of sites, and sometimes users have been getting an error which
informs them the script has been illegally accessed from outside of our
domain.  The error occurs when the string 'unbc.ca' is not found in the
HTTP_REFERER.

However, after adding some checking I've found that for users who
encounter this error when on a valid form, there is no HTTP_REFERER in
the $_SERVER array and instead there is an HTTP_WEFERER:

HTTP_WEFERERNQEMSFDULHPQQWOYIYZUNNYCGPKYLEJGDGVCJVTLBXFGGMEPYOQKED

I've googled this and this was the most informative piece I came up
with:

http://lists.evolt.org/archive/Week-of-Mon-20030901/147671.html

It seems from this post and the links to the norton site within it that
it is the firewall that is munging up the headers and that there is no
way for me to avoid this.

Am I mistaken in thinking this?  Does anyone out there have any
knowledge as to whether this can be dealt with?

Cheers and TIA,

Pablo

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] read file help ....

[Mooki]

I am trying to read a file from a remote server using a URL. I have done 
this :

* $html = implode('', file($url));
* echo $html
the $url is the address

with some pages like www.mooki.de/index.html ist works without a problem 
but with the address that i intend to use it only reads about 30 lines 
or so and then nothing. It is as if the file ends there but it does't.

the URL is ==
$url = 
'http://myplanetside.station.sony.com/outfit.jsp?outfitId=6607&worldId=21';

I am trying to get the list of players on that site for a private homepage.

I tried the funtion fopen and using streams but it always stopps at the 
same line.

I am thankfull for all the help :)

mfG Mooki

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] receiving ndr for each email sent to list

[Red Wingate]

Same here, but even without replying :-/

Chris W. Parker wrote:

Jay Blanchard 
on Monday, March 22, 2004 10:51 AM said:

[snip]
i imagine other people are experiencing this also but i'm receiving
the following email every time i send a message to the list.
[/snip]
ROFL! Sorry Chris...had to laugh. :)


hey i like a good laugh just like anyone else... but i don't have any
idea what you're talking about!! :(
oh and on a separate note, i don't get the *exact* same email each time.
it has the same subject each time, but is always in regards to what
thread i just responded to.


chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Bogus headers returned by firewalls

[John W. Holmes]

From: "Pablo Gosse" <[EMAIL PROTECTED]>

> Hi folks.

Hi.

> Has anyone out there ever had any issues with a user's
> personal firewall munging up the HTTP_REFERER for a page?

Yes. Some firewalls will do this for "privacy" reasons so you can't tell
where they came from. You can't do anything about it, but the user may be
able to turn the feature on or off (if they have control of the firewall).

---John Holmes...

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] SQL Injection check (mysql)

[Michael Rasmussen]

On Sun, 21 Mar 2004 18:39:39 -0800, Chris Shiflett wrote:

> 
> Can you explain that (and defend it)?
> 
The reason is security. A prepared statement cannot comprimize the
security of our database because all sql-statements are precompiled in the
DBMS. An example using pear:

$res = & DB:connect('mysql://someuser:[EMAIL PROTECTED]/thedb');
$sth = $res->prepare('select * from sometable where id > ?');
$sth->execute(10);

As the example demonstrates the request is hardcoded which means it cannot
be manipulated by any user supplied input. A beneficial side effect is
that all characters which need exscaping is automatically handled by the
DBMS. E.g the string O'leary would not cause any problems.

Another argument is, that it theoretically should run faster.

-- 
Hilsen/Regards
Michael Rasmussen
--
Be careful!  Is it classified?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Transparent Image Help

[Nick Hird]

I am trying to create an image in php. I need a little better description 
then whats in the manual. Anyone know a good tutorial / article on creating 
transparent images in PHP. Using another picture and adding text would be 
helpful as well. Go gentle, i am sorta new to php.

Nick Hird
[EMAIL PROTECTED]
_
Get rid of annoying pop-up ads with the new MSN Toolbar – FREE! 
http://clk.atdmt.com/AVE/go/onm00200414ave/direct/01/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] receiving ndr for each email sent to list

[Chris Shiflett]

--- "Chris W. Parker" <[EMAIL PROTECTED]> wrote:
> > ROFL! Sorry Chris...had to laugh. :)
> 
> hey i like a good laugh just like anyone else... but i don't have
> any idea what you're talking about!! :(

That makes two of us. :-)

Chris

=
Chris Shiflett - http://shiflett.org/

PHP Security - O'Reilly
 Coming mid-2004
HTTP Developer's Handbook - Sams
 http://httphandbook.org/
PHP Community Site
 http://phpcommunity.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] receiving ndr for each email sent to list

[Jay Blanchard]

[snip]
> [snip]
> i imagine other people are experiencing this also but i'm receiving
> the following email every time i send a message to the list.
> [/snip]
> 
> ROFL! Sorry Chris...had to laugh. :)

hey i like a good laugh just like anyone else... but i don't have any
idea what you're talking about!! :(
[/snip]

You imagine this is happening to others, know it is happening to you and
you send out an e-mail which will cause it to undoubtedly to do it
again. Just caught me funny I guess..

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Clearing Post Data with IE

[Chris Thomas]

Hey,
Im writing a script for a poll, and im trying to figure out how to clear the
_post.
Right now  i post the response that the user selected from the poll, back to
the poll page, which then displays the results

The way it works right now, if i try to refresh the page, IE will pop a
dialog back asking me if i want to resubmit the post.

Is there a way to get it so that i can clear _post and get it so they arent
in the header??

Chris

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] sessions...how to use not clear?

[Andy B]

>From what I understand about sessions you can give a session a particular name like 
>doing:
session_start("SessionName");

So in practicle means I can do this: 


now my question is this: will i have to declare session_start($name); at the top of 
every file that needs to use that session name? or  how does that work exactly (the 
docs didnt quite explain how to carry session names from file to file very well)..

tnx

[PHP] Session_destroy() questions

[Elliot J. Balanza]

Ok, I know that session_destroy wont delete all my session data, but just
delete the variables with it... but for instance the session_id() will be
the same.
So my question is how can i make it so that let's say one people enter my
site, and then decides to leave... but doesn't closes the browser window,
then come back right in and wants to do other functions in the site but with
a different session_id()?

vamp

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] receiving ndr for each email sent to list

[Elliot J. Balanza]

Actually there is another funny part to it.
The reazon you are getting this is because some of the people on the list,
bounces mail... that is fact, hence you can get all kind of notifications
that the mail wasn't deliverable... and it was true.

But I thought anyone would know that... once again, i often tend to think
people knows a lot of shit i just take for granted...

Your mail did bring a smile to my face.  TWICE

LOL Vamp



"Jay Blanchard" <[EMAIL PROTECTED]> escribió en el mensaje
news:[EMAIL PROTECTED]
[snip]
> [snip]
> i imagine other people are experiencing this also but i'm receiving
> the following email every time i send a message to the list.
> [/snip]
>
> ROFL! Sorry Chris...had to laugh. :)

hey i like a good laugh just like anyone else... but i don't have any
idea what you're talking about!! :(
[/snip]

You imagine this is happening to others, know it is happening to you and
you send out an e-mail which will cause it to undoubtedly to do it
again. Just caught me funny I guess..

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Backup of a MySQL database.

[Elliot J. Balanza]

Can anyone post a link to a good reference material on how to do this...
evidentely mysqldump is not working here... and i need to do this via php
programming.

thanks

vamp

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] sessions...how to use not clear?

[John W. Holmes]

From: "Andy B" <[EMAIL PROTECTED]>


> From what I understand about sessions you can
> give a session a particular name like doing:
> session_start("SessionName");

You can give it a name, but you don't have to. PHP will use the default name
if you don't and you'll just need to use session_start();

> So in practicle means I can do this:
>  session_start($name);
> $_SESSION[name]=$name;
> $_SESSION[email]=$email;
> /*.*/
> ?>
>
> now my question is this: will i have to declare
> session_start($name); at the top of every file that
> needs to use that session name?

If you give the session a custom name, then, yes, you'll have to use that
name on every page. $name can be something that in an include file or a
constant, etc, though. Again, you don't _have_ to give a name, though.
There's no real advantage to using another name, though, as it's going to be
sent to the user in a cookie or the URL, anyhow.

---John Holmes...

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] SQL Injection check (mysql)

[Pablo Gosse]

> The reason is security. A prepared statement cannot comprimize the
> security of our database because all sql-statements are precompiled
> in the DBMS. An example using pear:  
> 
> $res = & DB:connect('mysql://someuser:[EMAIL PROTECTED]/thedb');
> $sth = $res->prepare('select * from sometable where id > ?');
> $sth->execute(10); 
> 
> As the example demonstrates the request is hardcoded which means it
> cannot be manipulated by any user supplied input. A beneficial side
> effect is that all characters which need exscaping is automatically
> handled by the DBMS. E.g the string O'leary would not cause any
> problems.


Huh?  How does this accommodate for a dynamically generated query which
is based upon user input?

For example,

$query  = 'select p.name, a.location, p.editable ';
$query .= 'from cms_pages p, cms_areas a ';
$query .= 'where p.p_id = '.$p_id.' and p.a_id = a.a_id';

In this query the value against which p_id is tested would have to be
supplied by the user and as such would not be hard coded as in your
example above.

It is validated and its type set before it is inserted into the query,
so how does what you state above deal with this?

Cheers and TIA.

Pablo

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session_destroy() questions

[Chris Shiflett]

--- "Elliot J. Balanza" <[EMAIL PROTECTED]> wrote:
> how can i make it so that let's say one people enter my site, and
> then decides to leave... but doesn't closes the browser window,
> then come back right in and wants to do other functions in the site
> but with a different session_id()?

http://www.php.net/session_regenerate_id

Chris

=
Chris Shiflett - http://shiflett.org/

PHP Security - O'Reilly
 Coming Fall 2004
HTTP Developer's Handbook - Sams
 http://httphandbook.org/
PHP Community Site
 http://phpcommunity.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] receiving ndr for each email sent to list

[Chris Shiflett]

--- "Elliot J. Balanza" <[EMAIL PROTECTED]> wrote:
> Actually there is another funny part to it. The reazon you are
> getting this is because some of the people on the list, bounces
> mail... that is fact, hence you can get all kind of notifications
> that the mail wasn't deliverable... and it was true.
> 
> But I thought anyone would know that... once again, i often tend
> to think people knows a lot of shit i just take for granted...
> 
> Your mail did bring a smile to my face. TWICE
> 
> LOL Vamp

1. Chris (Parker) asks if anyone else's messages to this list are getting
bounced.
2. You assume this is because he doesn't know that people can bounce
messages (this assumption makes no sense, otherwise he wouldn't know to
ask about it).
3. This is funny.

My sense of humor must be turned off today. :-)

Chris

=
Chris Shiflett - http://shiflett.org/

PHP Security - O'Reilly
 Coming Fall 2004
HTTP Developer's Handbook - Sams
 http://httphandbook.org/
PHP Community Site
 http://phpcommunity.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Clearing Post Data with IE

[Scott Fletcher]

Using "Pragma: private" instead of no-cache would elminate that message
about cache expired and asking if you want to resubmit.   However, based on
your questions.  It's not the answer you're looking for.  So, there is a
better way around.  Just do Webpage #1 for form and submit it to Webpage #2
for processing the form like the database or session for example, then use
the header("Location: ") to get to Webpage #3 where you can display the
result.  That way, Webpage #2 was never reached to the web-browser and was
never cached.

FletchSOD

"Chris Thomas" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hey,
> Im writing a script for a poll, and im trying to figure out how to clear
the
> _post.
> Right now  i post the response that the user selected from the poll, back
to
> the poll page, which then displays the results
>
> The way it works right now, if i try to refresh the page, IE will pop a
> dialog back asking me if i want to resubmit the post.
>
> Is there a way to get it so that i can clear _post and get it so they
arent
> in the header??
>
> Chris

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Backup of a MySQL database.

[Filip de Waard]

On Mar 22, 2004, at 11:34 PM, Elliot J. Balanza wrote:

Can anyone post a link to a good reference material on how to do 
this...
evidentely mysqldump is not working here... and i need to do this via 
php
programming.
I'm sure you will find prewritten scripts with Google and I know 
phpmyadmin does it to.

Without giving it much though my first reaction to your question is 
pretty straigtforward: use SHOW TABLES to find out which tables are in 
the DB and then just do SHOW COLUMNS FROM table for each table. Then 
you can query the table using SELECT * FROM table and create the insert 
using the knowledge you have gained about the columns in that table.

However, I would like to suggest looking for a prewritten solution, 
since it's probably not necessary to reinvent the wheel here...

Regards,

Filip de Waard

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] receiving ndr for each email sent to list

[Chris W. Parker]

Elliot J. Balanza 
on Monday, March 22, 2004 2:33 PM said:

> Actually there is another funny part to it.
> The reazon you are getting this is because some of the people on the
> list, bounces mail... that is fact, hence you can get all kind of
> notifications that the mail wasn't deliverable... and it was true.

actually i don't think that's true. if that were the case i should be
getting the bounces from the individuals and not the php servers (just
like with our friend(s) @hanmir.com). AND another thing, if that were
the case i should be receiving multiple bounces per message since there
are 100's of subscribers to this list and if there's one person bouncing
there has also go to be at least one more.

but if with your take-for-granted-genius you can explain to me what's
happening i would appreciate it much.


thanks,
chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] fsockopen to spit out the HTTP's Location...

[Scott Fletcher]

Hi!

I haven't found the right wording to spit out the HTTP scripts to the
web browser through the fsockopen.  In this case, the "Location: "
script.  I can not use the php header() function because of the FPDF strict
checking.  (Freeware PDF).  All I did was to create a PDF and put it on the
webserver with nothing being outputted but FPDF have no way of knowing this
and think I'm spitting out the PDF data because I'm using hte "Location:
", so I'm using fsockopen() instead.   For now, when I tried to spit out
the "Location: " from fsockopen(), nothing happen.  So, what exactly
should the HTTP script be??

Thanks,
 FletchSOD

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] What is the best way to backup a MySQL Database

[Elliot J. Balanza]

Hi

I've been trying to use MySQL dump with a php query (since we dont have like
a mysql_dump function) but it's not working.

Can anyone please point me to a page so i can read a method to backup MySQL
databases to an .sql file using php?

thanks.

Vamp

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] What is the best way to backup a MySQL Database

[Pablo Gosse]

Elliot J. Balanza wrote:
> Hi
> 
> I've been trying to use MySQL dump with a php query (since we dont
> have like a mysql_dump function) but it's not working. 
> 
> Can anyone please point me to a page so i can read a method to backup
> MySQL databases to an .sql file using php? 
> 
> thanks.
> 
> Vamp

Why can't you use mysqldump?  If you don't have command-line access, how
are you managing your DB (I would assume PHPMyAdmin or MySQL-Front)?  I
haven't used any of the PHPMyAdmin or PHPPGAdmin (or MySQL-Front) for
some time now, but there should be a way to back up your database within
them.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] fsockopen to spit out the HTTP's Location...

[Chris Shiflett]

--- Scott Fletcher <[EMAIL PROTECTED]> wrote:
> I haven't found the right wording to spit out the HTTP scripts to
> the web browser through the fsockopen.

I feel certain that I can help you, but unfortunately I can't seem to
understand your question at all. Please understand that I'm not trying to
criticize your question, but there are some things that confuse me.

For example, HTTP is a protocol, and I must assume that you mean HTTP
headers (rather than scripts). More importantly, unless you really know
what you're doing and have a very specific environment, there is no way
you can connect to the user using fsockopen().

> In this case, the "Location: " script. I can not use the php
> header() function because of the FPDF strict checking.

Can you explain this? Why can you not use header()? I think your
assumption is wrong.

I can't erally make out the rest of your message, but I think that if you
can explain these statements, the rest might make more sense.

Chris

=
Chris Shiflett - http://shiflett.org/

PHP Security - O'Reilly
 Coming Fall 2004
HTTP Developer's Handbook - Sams
 http://httphandbook.org/
PHP Community Site
 http://phpcommunity.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] RE:[PHP] sessions...how to use not clear?

[Andy B]

[snip]
If you give the session a custom name, then, yes, you'll have to use that
name on every page. $name can be something that in an include file or a
constant, etc, though. Again, you don't _have_ to give a name, though.
There's no real advantage to using another name, though, as it's going to be
sent to the user in a cookie or the URL, anyhow.
[end snip]

well this is true but in the event that the server creates a default name
for that particular session (very large random strings). I am trying to
avoid running into the same session being used twice by 2 seperate people at
the same time.

so the theory is: if i require that the session be named after the persons
login name there is probably 1 out of 2 million chances that it will mess up
the names and get confused (specially if there are only a few users
allowed)...

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Backup of a MySQL database.

[Elliot J. Balanza]

I was looking something more like a MySQL dump class or function...

I think since i can't do any phpmyadmin or anything like that, that i will
simply write my own code... yuk i was hoping to save 1-2 days work... thanks

vamp

"Filip De Waard" <[EMAIL PROTECTED]> escribió en el mensaje
news:[EMAIL PROTECTED]
> On Mar 22, 2004, at 11:34 PM, Elliot J. Balanza wrote:
>
> > Can anyone post a link to a good reference material on how to do
> > this...
> > evidentely mysqldump is not working here... and i need to do this via
> > php
> > programming.
>
> I'm sure you will find prewritten scripts with Google and I know
> phpmyadmin does it to.
>
> Without giving it much though my first reaction to your question is
> pretty straigtforward: use SHOW TABLES to find out which tables are in
> the DB and then just do SHOW COLUMNS FROM table for each table. Then
> you can query the table using SELECT * FROM table and create the insert
> using the knowledge you have gained about the columns in that table.
>
> However, I would like to suggest looking for a prewritten solution,
> since it's probably not necessary to reinvent the wheel here...
>
> Regards,
>
> Filip de Waard

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] RE:[PHP] sessions...how to use not clear?

[Chris W. Parker]

Andy B 
on Monday, March 22, 2004 3:19 PM said:

> so the theory is: if i require that the session be named after the
> persons login name there is probably 1 out of 2 million chances that
> it will mess up the names and get confused (specially if there are
> only a few users allowed)...

as long as your usernames are unique you should never have a problem.
(assuming everything else works as planned.)



chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] RE:[PHP] sessions...how to use not clear?

[Elliot J. Balanza]

What are the chances of two people getting the same session number in a
thousends of day operation?
When you down the size of that to a couple hundeed a day...

WHy do we need to have a session name for that?

Vamp


"Chris W. Parker" <[EMAIL PROTECTED]> escribió en el mensaje
news:[EMAIL PROTECTED]
Andy B 
on Monday, March 22, 2004 3:19 PM said:

> so the theory is: if i require that the session be named after the
> persons login name there is probably 1 out of 2 million chances that
> it will mess up the names and get confused (specially if there are
> only a few users allowed)...

as long as your usernames are unique you should never have a problem.
(assuming everything else works as planned.)



chris.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] RE:[PHP] sessions...how to use not clear?

[Andy B]

as long as your usernames are unique you should never have a problem.
(assuming everything else works as planned.)

it should...

i want to use sessions for a login system and stuff too but i want it to
check to see if the person is logged in before going to the login section...
if the session isnt valid then require a login...

is this code valid??
http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] RE:[PHP] sessions...how to use not clear?

[Andy B]

What are the chances of two people getting the same session number in a
thousends of day operation?
When you down the size of that to a couple hundeed a day...

WHy do we need to have a session name for that?
because eventually i want to take the user name (session name/variables/user
info) and create a preferences section of the website im doing and that
would require a constant session name from visit to visit

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] RE:[PHP] sessions...how to use not clear?

[Chris W. Parker]

Elliot J. Balanza 
on Monday, March 22, 2004 3:43 PM said:

> What are the chances of two people getting the same session number in
> a thousends of day operation?
> When you down the size of that to a couple hundeed a day...
> 
> WHy do we need to have a session name for that?

gah.

what i was trying to say (although maybe i should have elaborated a
little) is that if within his database his usernames are unique, he
won't have any problems at all.

i don't think the op should be concerned with duplicating session id's
as there are an almost infinite number of them. much more than 2mil.



chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] RE:[PHP] sessions...how to use not clear?

[Chris W. Parker]

Andy B 
on Monday, March 22, 2004 3:43 PM said:

> as long as your usernames are unique you should never have a problem.
> (assuming everything else works as planned.)
> 
> it should...

it will. a unique value is a unique value.

> is this code valid??
>  if(session_start($name)) {/*do whatever if person is logged in
> already*/ }
> else {
> /*do whatever if session doesnt exist*/
> }
> 
> if that does work then all i need to do is figure out how to do a
> session_distroy() to delete it after logged out...
> 
> any ideas?

personally i've never named a session (let alone knew that it was
possible) so i don't know if that code is valid as i don't know what, if
anything, session_start returns.

that code assumes session_start() returns a value at all. i suggest you
read the manual. try www.php.net/session_start and it will tell you what
that function returns if anything. you can work from there.



chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Any Ideas?

[Matthew Oatham]

Hi,

Sorry to ask this question, I am fairly new to PHP and wanted to ask for some help 
with the following.

I have a MySQL table which uses a auto_increment int as the primary key - when I do an 
insert I want to create another id based on the primary key and insert this into the 
same table i.e. if I do an insert and the primary key is 3 I want to generate the ID 
CR-003, if the primary key was 34 I would want to generate the id CR-034. So I guess I 
need to know the following. 

are there any functions that retrieve the last primary key created in the MySQL table?
are there any math functions that will turn 1 into 001 or 34 into 034 or keep 213 as 
213 etc...
what would be the best implementation i.e. do an insert, get the primary key then do 
an update or lock the table use a function to get the next availible primary key 
generate the additional key and then do 1 insert? Guess this implementation depends on 
how / if I can lock the MySQL table.

Sorry its a long one! 

Cheers

Matt

[PHP] RE: Randomly expired session cookies

[Ben Ford]

I have noticed behavior like yours with our server setup.  It is not a locally 
run (or owned) server so I cannot poke around to much.  

The session is timing out Randomly, causing our users to have to login again.
It doesn't happen all the time either.  In a rare case, less than a minute 
after login, I'll be forced to login again.

Just to be sure I've set the following HUGE timeouts:
session_set_cookie_params( 21600 ); 
session_cache_expire( 21600 );

This is ridicules I know, but I left it just for kicks.

I don't know the load averages of the server and I'm very curious to find out 
if this is part of the issue.

The server has PHP Version 4.2.3 installed on Linux w/ Apache.
I'm not sure what version of Apache is installed.

One last tidbit. I run the same site ( a mirror) locally while developing, and 
It never times out.

Disclaimer: I'm not an expert (yet) so my problem could be caused by some 
completely unrelated setting.  If someone knows of this mystery setting, 
please let me know.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] RE:[PHP] sessions...how to use not clear?

[Chris W. Parker]

Andy B 
on Monday, March 22, 2004 3:49 PM said:

> because eventually i want to take the user name (session
> name/variables/user info) and create a preferences section of the
> website im doing and that would require a constant session name from
> visit to visit

yeah you're right. except that you're missing a key point.

you've already got that unique identifier. it's the username. the
username will stay unique visit to visit, therefore you don't need to go
against the design of the session id. the session id is not meant to
keep uniqueness across multiple visits, only the current visit.

are we/me misunderstanding you?


chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Backup of a MySQL database.

[Chris W. Parker]

Elliot J. Balanza 
on Monday, March 22, 2004 3:05 PM said:

> I was looking something more like a MySQL dump class or function...

this may not be as robust a solution as you require but can you not
simply backtick the mysqldump command from within php?

 file_$date.dump`;

?>

or even create a shell script that does all the dumping and handling of
dump files and then just execute that.


hth,
chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Any Ideas?

[Robert Cummings]

On Mon, 2004-03-22 at 18:51, Matthew Oatham wrote:
> Hi,
> 
> are there any functions that retrieve the last primary key created in
> the MySQL table?

http://www.php.net/manual/en/function.mysql-insert-id.php

Cheers,
Rob.
-- 
..
| InterJinn Application Framework - http://www.interjinn.com |
::
| An application and templating framework for PHP. Boasting  |
| a powerful, scalable system for accessing system services  |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for   |
| creating re-usable components quickly and easily.  |
`'

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Any Ideas?

[John W. Holmes]

Matthew Oatham wrote:

I have a MySQL table which uses a auto_increment 
int as the primary key - when I do an insert I want 
to create another id based on the primary key and 
insert this into the same table i.e. if I do an 
insert and the primary key is 3 I want to generate 
the ID CR-003, if the primary key was 34 I would 
want to generate the id CR-034. So I guess I need 
to know the following. 
You don't want or need to do this. You're just repeating data. The "34" 
is already there in one column, why repeat it (especially if the "CR" 
bit never changes).

Just select out when you need in the query or use PHP to make the 
combination.

SELECT CONCAT('CR-',id) AS formatted_number FROM table WHERE ...

Or use PHP, where $id is the primary key

$formatted_number = 'CR-' . $id;

You can use a ZEROFILL attribute on your column to ensure the leading 
zeros get returned or use sprintf() in PHP to format the number.

Even if the "CR" changes, then just put that bit in another column and 
join them together later.

--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Any Ideas?

[Geir Pedersen - Activio AS]

Matt,

this is not a direct answer to your question, more a tip on how
you design your database: You should avoid storing the same
information twice. You only risk inconsistencies. In your case
I suggest you compute the textual ID from the primary key value
using the PHP sprintf function whenever you need it, e.g
sprintf ( "CR %03d", $primaryKey ). sprintf is the function to
use for the type of number to text conversion you are looking
for.

---

Geir Pedersen
http://www.activio.com/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] RE:[PHP] sessions...how to use not clear?

[Andy B]

you've already got that unique identifier. it's the username. the
username will stay unique visit to visit, therefore you don't need to go
against the design of the session id. the session id is not meant to
keep uniqueness across multiple visits, only the current visit.

are we/me misunderstanding you?

yes the username is a thing different from anybody elses login but how will
you collect preferences and the like in variables and dump them into a sql
table without using a session to define them from everybody elses??

figure this:

1. if you just used a login page and sql table to verify the existance of a
username/pwd and once "logged in" you had this code:

http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Backup of a MySQL database.

[Filip de Waard]

On Mar 23, 2004, at 1:10 AM, Chris W. Parker wrote:

Elliot J. Balanza 
on Monday, March 22, 2004 3:05 PM said:
I was looking something more like a MySQL dump class or function...
this may not be as robust a solution as you require but can you not
simply backtick the mysqldump command from within php?


  $date = date();

  $output = `mysqldump --opt --quote-names -u root --password=daword
database > file_$date.dump`;
?>

or even create a shell script that does all the dumping and handling of
dump files and then just execute that.
I thought of that to, but I would prefer to write some PHP code to do 
this (like I suggested in my previous message). That is indeed a little 
more robust and works on windows to.

I'm sure that there are pre-written functions on the net that do it 
using PHP code inside of mysqldump, so it's not necessary to chose this 
solution when you need a easy way out.

Regards,

Filip de Waard

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session_destroy() questions

[John W. Holmes]

Elliot J. Balanza wrote:

Ok, I know that session_destroy wont delete all my session data, but just
delete the variables with it... but for instance the session_id() will be
the same.
So my question is how can i make it so that let's say one people enter my
site, and then decides to leave... but doesn't closes the browser window,
then come back right in and wants to do other functions in the site but with
a different session_id()?
Why do they need a different session id? It shouldn't matter whether 
they come back with the same session ID or not, as the session will be 
empty (you should clear it when they log out... no real need to 
"destroy" it).

That being said, it is a good idea to set the session ID from within 
your program after a successful login to prevent Session Fixation 
Attacks. This is where a malicious user will include a link to your site 
with the session_name in the URL. If you then start a session, PHP will 
use the value passed in the URL. Now, instead of the session ID being a 
one-in-two-million ID, they've fixed what it should be. It's now easy 
for them to hijack the session and pretend to be the other person (a 
little work involved in that, but you get the idea, I hope).

--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] RE:[PHP] sessions...how to use not clear?

[John W. Holmes]

Andy B wrote:

as long as your usernames are unique you should never have a problem.
(assuming everything else works as planned.)
it should...

i want to use sessions for a login system and stuff too but i want it to
check to see if the person is logged in before going to the login section...
if the session isnt valid then require a login...
is this code valid??

if that does work then all i need to do is figure out how to do a
session_distroy() to delete it after logged out...
You shouldn't rely on whether a valid session exists to determine if 
user is logged in. You should depend upon a certain variable within the 
session. session_start(), with or without $name, is going to be TRUE 
because it just starts a session. If a session did not exist, it'll 
start one. When a use logs in correctly, start a session and set a 
$_SESSION['loggedin'] = TRUE, variable.

Then on any page you want "protected", simply check for the variable

if(isset($_SESSION['loggedin']))
{ //person is logged in }
else
{ //person is not logged in }
When the person wants to log out, simply unset() or set to FALSE the 
$_SESSION['loggedin'] variable. Now you force them to log in again. Even 
if they keep the same session name, it doesn't matter b/c that variable 
is not set.

--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] What is the best way to backup a MySQL Database

[Brian V Bonini]

On Mon, 2004-03-22 at 14:35, Elliot J. Balanza wrote:
> Hi
> 
> I've been trying to use MySQL dump with a php query (since we dont have like
> a mysql_dump function) but it's not working.
> 
> Can anyone please point me to a page so i can read a method to backup MySQL
> databases to an .sql file using php?
> 

Will exec() with mysqldump work? Do you need to get tabel structure as
well or are you just after the data?

You can do SELECT * INTO OUTFILE 'file_name' FROM tbl_name if your just
after data.

-- 
BrianGnuPG -> KeyID: 0x04A4F0DC | Key Server: pgp.mit.edu
==
gpg --keyserver pgp.mit.edu --recv-keys 04A4F0DC
Key Info: http://gfx-design.com/keys
Linux Registered User #339825 at http://counter.li.org

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Any Ideas?

[John W. Holmes]

Robert Cummings wrote:

On Mon, 2004-03-22 at 18:51, Matthew Oatham wrote:

Hi,

are there any functions that retrieve the last primary key created in
the MySQL table?


http://www.php.net/manual/en/function.mysql-insert-id.php
If you read the whole question, though, the poster wanted to use the ID 
in the same query, just in another column. mysql_insert_id() or 
LAST_INSERT_ID() wouldn't help in this case.

--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] RE:[PHP] sessions...how to use not clear?

[John W. Holmes]

Andy B wrote:

WHy do we need to have a session name for that?
because eventually i want to take the user name (session name/variables/user
info) and create a preferences section of the website im doing and that
would require a constant session name from visit to visit
Ummm... that's why you set a $_SESSION['username'] value. You really
don't need to worry about the name or id of the session (other than 
resetting it upon login to prevent Session Fixation Attacks).

Sessions are for the current visit, page to page, not to "remember" 
things across multiple visits. Cookies are used for that (but be aware 
of security issues there, also, depending on how you implement them).

--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Passing by conditional IF statement...why?

[Ryan A]

Hi,
I have this simple code in my php script:

* * * * *
$res = mysql_query("SELECT product_id, now()-1 FROM ".$tc."_prods where
cno=$cno AND product_id='$product_id' LIMIT 1");

if($res)
 {
 $r = mysql_fetch_row($res);
 $product_id2   = $r[0];
 $th_pres= $r[1];
echo "debug echo";
 }else {echo "No results, sorry";}
* * * * *

its working great when the data actually exists but when there are no
matches it still executes the "if($res)" part instead of
displaying "No results, sorry".
Why is that? or am I using the syntax wrong?

Thanks,
-Ryan

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] RE:[PHP] sessions...how to use not clear?

[John W. Holmes]

Andy B wrote:

[snip]
If you give the session a custom name, then, yes, you'll have to use that
name on every page. $name can be something that in an include file or a
constant, etc, though. Again, you don't _have_ to give a name, though.
There's no real advantage to using another name, though, as it's going to be
sent to the user in a cookie or the URL, anyhow.
[end snip]
well this is true but in the event that the server creates a default name
for that particular session (very large random strings). I am trying to
avoid running into the same session being used twice by 2 seperate people at
the same time.
I think you're confusing session_name and session_id. session_name is 
(generally) the same for everyone and is the name PHP uses in the cookie 
or URL to store the session_id. The session_id is a 128 bit, 32 
character code that uniquely (sp?) identifies your individual session. 
You do not have to worry about two users getting the same session_id 
unless you just have a tremendous amount of traffic or have extended the 
session life.

so the theory is: if i require that the session be named after the persons
login name there is probably 1 out of 2 million chances that it will mess up
the names and get confused (specially if there are only a few users
allowed)...
I think I get what you're saying here. In the very remote chance that 
two people get the same session_id, you're saying that at least they'll 
have different session_names, so there won't be any contention? I don't 
think so, though, as the default session handler for PHP bases the name 
of the file to hold the session data on the session_id. It doesn't use 
the session_name for anything knowing what cookie or URL variable to 
retrieve the session_id from.

--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Passing by conditional IF statement...why?

[Pablo Gosse]

Ryan A wrote:
> Hi,
> I have this simple code in my php script:
> 
> * * * * *
> $res = mysql_query("SELECT product_id, now()-1 FROM ".$tc."_prods
> where cno=$cno AND product_id='$product_id' LIMIT 1"); 
> 
> if($res)
>  {
>  $r = mysql_fetch_row($res);
>  $product_id2   = $r[0];
>  $th_pres= $r[1];
> echo "debug echo";
>  }else {echo "No results, sorry";}
> * * * * *
> 
> its working great when the data actually exists but when there are no
> matches it still executes the "if($res)" part instead of displaying
> "No results, sorry". Why is that? or am I using the syntax wrong?  
> 
> Thanks,
> -Ryan

You need to test the number of records being returned.

By just using "if ($res)" you're simply ensuring that it is returning a
valid resource.

It is, but it's just that the resource has zero rows.

Change the test such that it check the number of results to be >= 1 and
it should work.

Cheers,
Pablo

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Passing by conditional IF statement...why?

[Martin Towell]

Ryan

Because you are actually getting a result, a result with no records...
Might be better to use
http://au2.php.net/manual/en/function.mysql-num-rows.php instead

Martin

> -Original Message-
> From: Ryan A [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, 23 March 2004 11:37 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP] Passing by conditional IF statement...why?
> 
> 
> Hi,
> I have this simple code in my php script:
> 
> * * * * *
> $res = mysql_query("SELECT product_id, now()-1 FROM 
> ".$tc."_prods where
> cno=$cno AND product_id='$product_id' LIMIT 1");
> 
> if($res)
>  {
>  $r = mysql_fetch_row($res);
>  $product_id2   = $r[0];
>  $th_pres= $r[1];
> echo "debug echo";
>  }else {echo "No results, sorry";}
> * * * * *
> 
> its working great when the data actually exists but when there are no
> matches it still executes the "if($res)" part instead of
> displaying "No results, sorry".
> Why is that? or am I using the syntax wrong?
> 
> Thanks,
> -Ryan

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Any Ideas?

[Matthew Oatham]

The idea was that the user uploads a file and I insert details about the
file into the mysql table and rename the file using the generated id.

so if the next primary key is 4 I generate the file id CR-004 and rename the
uploaded file to CR-004 whilst also storing CR-004 in the table.

Thanks for your ideas so far - very useful! How do you get to know about all
these useful functions?

Cheers

Matt
- Original Message - 
From: "John W. Holmes" <[EMAIL PROTECTED]>
To: "Robert Cummings" <[EMAIL PROTECTED]>
Cc: "Matthew Oatham" <[EMAIL PROTECTED]>; "PHP-General"
<[EMAIL PROTECTED]>
Sent: Tuesday, March 23, 2004 12:25 AM
Subject: Re: [PHP] Any Ideas?


> Robert Cummings wrote:
>
> > On Mon, 2004-03-22 at 18:51, Matthew Oatham wrote:
> >
> >>Hi,
> >>
> >>are there any functions that retrieve the last primary key created in
> >>the MySQL table?
> >
> >
> > http://www.php.net/manual/en/function.mysql-insert-id.php
>
> If you read the whole question, though, the poster wanted to use the ID
> in the same query, just in another column. mysql_insert_id() or
> LAST_INSERT_ID() wouldn't help in this case.
>
> -- 
> ---John Holmes...
>
> Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
>
> php|architect: The Magazine for PHP Professionals – www.phparch.com
>
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] RE:[PHP] sessions...how to use not clear?

[John W. Holmes]

Andy B wrote:

> you've already got that unique identifier. it's the username. the
> username will stay unique visit to visit, therefore you don't need to go
> against the design of the session id. the session id is not meant to
> keep uniqueness across multiple visits, only the current visit.
> 
> are we/me misunderstanding you?
Please quote your messages or put a divider between the original content 
(above) and what you write (below).

yes the username is a thing different from anybody elses login but how will
you collect preferences and the like in variables and dump them into a sql
table without using a session to define them from everybody elses??
figure this:

1. if you just used a login page and sql table to verify the existance of a
username/pwd and once "logged in" you had this code:

now somebody else logges in:
$color="yellow";
$show_time="1";
(both users are logged in at the same time)?? theory is the variables will
conflict with each other...
You're confused here. $color loaded from a database in one script is not 
going to change when another script is run and $color is loaded for 
another user. The variable is unique to the request.

2. using sessions:



will be totally different from user1.
This is true and how you want to do it, but using $user inside of 
session_name() is unecessary. They'll be different because each user has 
a different session_id by design and that's what's used to identify one 
users $_SESSION['color'] from anther user's $_SESSION['color'].

--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] SQL Injection check (mysql)

[Michael Rasmussen]

On Mon, 22 Mar 2004 14:36:44 -0800, Pablo Gosse wrote:

> 
> Huh?  How does this accommodate for a dynamically generated query which is
> based upon user input?
> 
Have you read my arguments? A prepared statement cannot be dynamically
generated!

> 
> It is validated and its type set before it is inserted into the query, so
> how does what you state above deal with this?
> 
The idea is exactly not to do any queries dynamically generated based on
user input! In the rare cases where this is needed you should not
allow any unparsed input. 

-- 
Hilsen/Regards
Michael Rasmussen
--
You have a will that can be influenced by all with whom you come in contact.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Any Ideas?

[Raditha Dissanayake]

Matthew Oatham wrote:

The idea was that the user uploads a file and I insert details about the
file into the mysql table and rename the file using the generated id.
 

Even with this scenario you probably can do with out the extra column as 
John has suggested.

so if the next primary key is 4 I generate the file id CR-004 and rename the
uploaded file to CR-004 whilst also storing CR-004 in the table.
 

You are still following a pattern. COuld you perhaps clarify if CR is 
common for all users or do you choose a different prefix for different 
users. If you do use different combinations of letters yes you might 
need a different field and then the solution would be what Robert 
suggested mysql_insert_id() you will need to use an update an update 
query where the condition has the insert id returned by this call.

Thanks for your ideas so far - very useful! How do you get to know about all
these useful functions?
 

by RTFM. :-)

Cheers

Matt
-
--
Raditha Dissanayake.
-
http://www.radinks.com/print/upload.php
SFTP, FTP and HTTP File Upload solutions 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Any Ideas?

[Matthew Oatham]

Bit rough at the moment but I have come up with the following - it doesn't
rename the file using the new ID yet but I am more concerned about my method
for creating the new ID - can anyone see any potential problems such as
database problems, i.e duplicate keys, bad coding practices etc... cheers
matt

if(!empty($_FILES["cr"])) {
$uploaddir = "cr/"; // set this to wherever
//copy the file to some permanent location
if (move_uploaded_file($_FILES["cr"]["tmp_name"], $uploaddir .
$_FILES["cr"]["name"])) {
echo("file uploaded\n");
echo(generateCrId(insertChangeRequest()));
} else {
echo ("error!");
}
}

function insertChangeRequest() {

$sql = mysql_query("INSERT INTO dis_status(status, description)
VALUES('status1', 'status1 description')") or die (mysql_error());

return mysql_insert_id();
}

function generateCrId($key) {

$crId = sprintf("CR-%03d", $key);

return $crId;
}


- Original Message - 
From: "John W. Holmes" <[EMAIL PROTECTED]>
To: "Robert Cummings" <[EMAIL PROTECTED]>
Cc: "Matthew Oatham" <[EMAIL PROTECTED]>; "PHP-General"
<[EMAIL PROTECTED]>
Sent: Tuesday, March 23, 2004 12:25 AM
Subject: Re: [PHP] Any Ideas?


> Robert Cummings wrote:
>
> > On Mon, 2004-03-22 at 18:51, Matthew Oatham wrote:
> >
> >>Hi,
> >>
> >>are there any functions that retrieve the last primary key created in
> >>the MySQL table?
> >
> >
> > http://www.php.net/manual/en/function.mysql-insert-id.php
>
> If you read the whole question, though, the poster wanted to use the ID
> in the same query, just in another column. mysql_insert_id() or
> LAST_INSERT_ID() wouldn't help in this case.
>
> -- 
> ---John Holmes...
>
> Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
>
> php|architect: The Magazine for PHP Professionals – www.phparch.com
>
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Any Ideas?

[Chris W. Parker]

Matthew Oatham 
on Monday, March 22, 2004 4:56 PM said:

> can anyone see any
> potential problems such as database problems, i.e duplicate keys, bad
> coding practices etc... cheers matt
> 
> if(!empty($_FILES["cr"])) {
> $uploaddir = "cr/"; // set this to wherever
> //copy the file to some permanent location
> if (move_uploaded_file($_FILES["cr"]["tmp_name"], $uploaddir .
> $_FILES["cr"]["name"])) {
> echo("file uploaded\n");
> echo(generateCrId(insertChangeRequest()));
> } else {
> echo ("error!");
> }
> }

yeah i see a few already. the following is better:

if(!empty($_FILES["cr"]))
{
// code
}
else
{
// other code
}

:P


chris.

p.s. no rebuttals please. there's nothing to say. kthxbye.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php