Re: [PHP] performance suggestions
$sql = "SELECT u.*, s.*, p.*
FROM URL u, session s, page p
WHERE u.url_id = s.url_id
AND s.section_id = p.section";
if (!$result = mysql_query($sql))
{
die('Could not obtain results');
}
while ($row = mysql_fetch_array($result))
{
$url = $row['url_name'];
..
..
and what ever else you want to do here;
}
"James Benson" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Thanks
>
>
>
>
> Richard Lynch wrote:
> > On Thu, November 3, 2005 8:29 am, James Benson wrote:
> >
> >>Dear group, can someone suggest the best way to do the following
> >>without
> >>writing some lengthy script that (possibly) could lead to performance
> >>issues,
> >>
> >>
> >>I have three DB fields in MySQL, each has a unique ID, I cannot think
> >>of
> >>any ways other than pulling each tables record then looping through to
> >>determine which one each belongs to which group then maybe placing
> >>into
> >>an array,
> >>the association between them all goes like this,
> >>
> >>
> >>URL:-
> >>url_id
> >>url_name
> >>
> >>section:-
> >>section_id
> >>url_id
> >>section_name
> >>
> >>page:-
> >>page_id
> >>section_id
> >>page_name
> >
> >
> > http://info.com/mysql+join
> >
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendations for the Zend PHP Certification
Hi, i mean http://www.phparch.com/cert/ :) -- Marco > Aren't they the same books? > > I mean, I see the same authors, the same titles and the same pictures. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendations for the Zend PHP Certification
On 12 Nov 2005, at 16:29, Gustavo Narea wrote: - Zend PHP Certification Study Guide. This book would be good if it were not so full of errors. With a bit of luck it's been revised since my edition (July 2004 printing); I noticed quite a few problems and then found a huge errata list on their site. Marcus -- Marcus Bointon Synchromedia Limited: Putting you in the picture [EMAIL PROTECTED] | http://www.synchromedia.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Printing to a buffer
On 13 Nov 2005, at 00:17, Jasper Bryant-Greene wrote: seem to do that. I just tried "application/text" since I use "application/pdf" for other applications. Whatever it's giving the user the ability to do, it's probably because the browser doesn't recognise the (invalid) MIME-Type. Quite - it's right up there with 'application/force-download'. If you want to suggest (the final choice is not yours to make) that a browser might download something instead of displaying it, set an appropriate content-disposition header instead of setting the wrong type. Marcus -- Marcus Bointon Synchromedia Limited: Putting you in the picture [EMAIL PROTECTED] | http://www.synchromedia.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendations for the Zend PHP Certification
Hello. Alright, I get it. Thanks! Marco Kaiser wrote: Hi, i mean http://www.phparch.com/cert/ :) -- Marco Aren't they the same books? I mean, I see the same authors, the same titles and the same pictures. -- Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Printing to a buffer
Marcus - Many thanks! I did not know that MIME-Type. Change duly made! Todd Marcus Bointon wrote: On 13 Nov 2005, at 00:17, Jasper Bryant-Greene wrote: seem to do that. I just tried "application/text" since I use "application/pdf" for other applications. Whatever it's giving the user the ability to do, it's probably because the browser doesn't recognise the (invalid) MIME-Type. Quite - it's right up there with 'application/force-download'. If you want to suggest (the final choice is not yours to make) that a browser might download something instead of displaying it, set an appropriate content-disposition header instead of setting the wrong type. Marcus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Printing to a buffer
Todd Cary wrote: Marcus - Many thanks! I did not know that MIME-Type. Change duly made! You're not suggesting that you actually set the MIME-Type to application/force-download, are you? Todd Marcus Bointon wrote: On 13 Nov 2005, at 00:17, Jasper Bryant-Greene wrote: seem to do that. I just tried "application/text" since I use "application/pdf" for other applications. Whatever it's giving the user the ability to do, it's probably because the browser doesn't recognise the (invalid) MIME-Type. Quite - it's right up there with 'application/force-download'. If you want to suggest (the final choice is not yours to make) that a browser might download something instead of displaying it, set an appropriate content-disposition header instead of setting the wrong type. Marcus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Printing to a buffer
On 13 Nov 2005, at 19:27, Jasper Bryant-Greene wrote: Many thanks! I did not know that MIME-Type. Change duly made! You're not suggesting that you actually set the MIME-Type to application/force-download, are you? I think he is. I've called the MIME-type police and they'll be round later. Todd, I think you should read this: http://support.microsoft.com/kb/ q260519/ There's a PHP example just before the user notes here: http:// www.php.net/header Marcus -- Marcus Bointon Synchromedia Limited: Putting you in the picture [EMAIL PROTECTED] | http://www.synchromedia.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] mod_rewrite and include paths
This seems like a simple problem... I have a rewrite like this: RewriteRule ^x/([0-9]+) x.php?x=$1 [PT,L] This maps a url like http://www.example.com/x/123 to http:// www.example.com/x.php?x=123 x.php contains a line to include some class like: require_once 'x.class.php'; My include path contains '.' (plus paths to pear, etc), and the class file is in the top level directory. This configuration will fail with a file not found error. Because of the rewrite, PHP ends up looking for x/x.class.php instead of just x.class.php. If I change the PT option to R (AKA ugly mode), it works fine as PHP gets to know about the real URL. So how can I get PHP to look in /? I can set include_path with a php_value in .htaccess, but I can only set it absolutely (losing existing values), not add to it (AFAIK?). I don't want to add an absolute path to my global include_path as there may be multiple independent deployments of the same scripts on the server, and I don't want them including each others files. Adding .. to the path would work but is a security risk. Any other ideas? Marcus -- Marcus Bointon Synchromedia Limited: Putting you in the picture [EMAIL PROTECTED] | http://www.synchromedia.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mod_rewrite and include paths
Hi Marcus, try to use realpath, dirname and other related funktion to resolv the real path. dirname(__FILE__) ? -- Marco -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Printing to a buffer
Just before the police knocked at my door, I made a few changes!
";
$buf = ob_get_contents();
$len = strlen($buf);
ob_end_clean();
header("Content-type: text/plain");
header("Content-Length: $len");
header("Content-Disposition: attachment; filename=sfyc.html");
print($buf);
?>
Todd
Marcus Bointon wrote:
On 13 Nov 2005, at 19:27, Jasper Bryant-Greene wrote:
Many thanks! I did not know that MIME-Type. Change duly made!
You're not suggesting that you actually set the MIME-Type to
application/force-download, are you?
I think he is. I've called the MIME-type police and they'll be round
later.
Todd, I think you should read this: http://support.microsoft.com/kb/
q260519/
There's a PHP example just before the user notes here: http://
www.php.net/header
Marcus
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Output_Buffer problem
My client has switched to a shared server, so direct access to the
php.ini is not availble. Our calendar program expects to have
output_buffering set to On ("1").
Currently, I get the expected error of
Warning: Cannot modify header information - headers already sent by
(output started at
/home/content/s/f/y/sfycadmin/html/php/calendar/private/ltw_config.php:375)
in
/home/content/s/f/y/sfycadmin/html/php/calendar/private/ltwdisplaymonth.php
on line 283
At the top of ltwdisplaymonth.php, I tried ini_set(output_buffering,
"1"), but that does not appear to have an effect.
Have I missed something?
Todd
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Printing to a buffer
call me stupid, but why don't you do it like this:
$buf = "This is a test";
header("Content-type: text/plain");
header("Content-Length: ".strlen($buf));
header("Content-Disposition: attachment; filename=sfyc.html");
echo $buf;
??
looks easier to me... no output buffering required...
Todd Cary wrote:
Just before the police knocked at my door, I made a few changes!
";
$buf = ob_get_contents();
$len = strlen($buf);
ob_end_clean();
header("Content-type: text/plain");
header("Content-Length: $len");
header("Content-Disposition: attachment; filename=sfyc.html");
print($buf);
?>
Todd
Marcus Bointon wrote:
On 13 Nov 2005, at 19:27, Jasper Bryant-Greene wrote:
Many thanks! I did not know that MIME-Type. Change duly made!
You're not suggesting that you actually set the MIME-Type to
application/force-download, are you?
I think he is. I've called the MIME-type police and they'll be round
later.
Todd, I think you should read this: http://support.microsoft.com/kb/
q260519/
There's a PHP example just before the user notes here: http://
www.php.net/header
Marcus
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Output_Buffer problem
The documentation[1] lists output_buffering as changeable PERDIR. This
means you can't set it in the file. Instead you should look into
setting it in the apache .htaccess file.
1: http://php.net/manual/en/ref.outcontrol.php
Todd Cary wrote:
> My client has switched to a shared server, so direct access to the
> php.ini is not availble. Our calendar program expects to have
> output_buffering set to On ("1").
>
> Currently, I get the expected error of
>
> Warning: Cannot modify header information - headers already sent by
> (output started at
> /home/content/s/f/y/sfycadmin/html/php/calendar/private/ltw_config.php:375)
> in
> /home/content/s/f/y/sfycadmin/html/php/calendar/private/ltwdisplaymonth.php
> on line 283
>
> At the top of ltwdisplaymonth.php, I tried ini_set(output_buffering,
> "1"), but that does not appear to have an effect.
>
> Have I missed something?
>
> Todd
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Printing to a buffer
Because this was just a test of what will be many "print" lines. The
original application used a file to hold the data and upon request by
the user, it was emailed. But with my client's shared server, files
cannot be opened...a pain.
If you have a better solution, I am open to other ideas.
Todd
M. Sokolewicz wrote:
call me stupid, but why don't you do it like this:
$buf = "This is a test";
header("Content-type: text/plain");
header("Content-Length: ".strlen($buf));
header("Content-Disposition: attachment; filename=sfyc.html");
echo $buf;
??
looks easier to me... no output buffering required...
Todd Cary wrote:
Just before the police knocked at my door, I made a few changes!
";
$buf = ob_get_contents();
$len = strlen($buf);
ob_end_clean();
header("Content-type: text/plain");
header("Content-Length: $len");
header("Content-Disposition: attachment; filename=sfyc.html");
print($buf);
?>
Todd
Marcus Bointon wrote:
On 13 Nov 2005, at 19:27, Jasper Bryant-Greene wrote:
Many thanks! I did not know that MIME-Type. Change duly made!
You're not suggesting that you actually set the MIME-Type to
application/force-download, are you?
I think he is. I've called the MIME-type police and they'll be round
later.
Todd, I think you should read this: http://support.microsoft.com/kb/
q260519/
There's a PHP example just before the user notes here: http://
www.php.net/header
Marcus
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mod_rewrite and include paths
On 13 Nov 2005, at 22:15, Marco Kaiser wrote: try to use realpath, dirname and other related funktion to resolv the real path. dirname(__FILE__) ? Good point (you can tell I've been up too long). I've just had a play with that - I appended the current path to my include_path, but it seems it's not inherited, so sub-includes are not found. I also tried chdir(dirname(__FILE__)) which had the same results and interferes with the operation of require_once (the same file found by a different path doesn't get counted as the same file). Incidentally doing just 'echo getcwd();' seems to fail completely when called via a rewrite. After all that, smarty still can't find its templates_c for some reason. I'm sure there must be something simple and elegant I'm missing. Probably a good night's sleep. Marcus -- Marcus Bointon Synchromedia Limited: Putting you in the picture [EMAIL PROTECTED] | http://www.synchromedia.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] please shed some light on SQLsyntax error
I am trying to set up a contact list database using guidance from a
PHP/MySQL book I recenty purchased, and not aving done this before I
am not sure what the following error means or where I shoudl look for
this kind of error. I have a table set up in MySQL using PHPMyadmin,
and I am thinking it may be something in my table? Please let me know
if anyone lese is familiar of this type of error below:
"You have an error in your SQL syntax. Check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'List values ('', 'firstname', 'lastname', 'address', '
thanks in advance,
Bruce Gilbert
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Zend + Eclipse + Standized Framework
Just found this article via phpeclipse.de stating Zend will be including Eclipse framework in their development schedules :) http://www.zend.com/news/zendpr.php?id=109 Id like to know more about this standardized application framework. I wonder if it includes the pear framework, or compiled OO based extensions ? Personally, i am trying to avoid all these frameworks until everyones ideas are collabroated into one as i think they only work for some or for the developers purposes only. I use phpeclipse and find it a nice app to use. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] please shed some light on SQLsyntax error
Bruce Gilbert wrote:
I am trying to set up a contact list database using guidance from a
PHP/MySQL book I recenty purchased, and not aving done this before I
am not sure what the following error means or where I shoudl look for
this kind of error. I have a table set up in MySQL using PHPMyadmin,
and I am thinking it may be something in my table? Please let me know
if anyone lese is familiar of this type of error below:
"You have an error in your SQL syntax. Check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'List values ('', 'firstname', 'lastname', 'address', '
You would need to show us the SQL that was causing that error. Otherwise
it is fairly meaningless.
Jasper
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: please shed some light on SQLsyntax error
>You would need to show us the SQL that was causing that error. Otherwise
>it is fairly meaningless.
hope this helps...
http://www.inspired-evolution.com/show_addcontact.php";);
exit;
}else {
//if form variables are present,start a session
session_start();
}
//check for validity of user
if ($_SESSION[valid] != "yes") {
header("Location:http://www.inspired-evolution.com/contact_menu.php";);
exit;
}
//set up table and database names
$db_name ="bruceg_contactlist";
$table_name ="Contact List";
//connect to server and select database
$connection = @mysql_connect("69.90.6.198","database_username","password")
or die(mysql_error());
$db = @mysql_select_db($db_name,$connection) or die(mysql_error());
//build and issue query
$sql = "INSERT INTO $table_name values ('', '$_POST[f_name]',
'$_POST[l_name]', '$_POST[address1]', '$_POST[address2]',
'$_POST[address3]', '$_POST[postcode]', '$_POST[country]',
'$_POST[prim_tel]', '$_POST[sec_tel]', '$_POST[email]',
'$_POST[birthday]')";
$result = @mysql_query($sql,$connection)or die(mysql_error());
?>
On 11/13/05, Jasper Bryant-Greene <[EMAIL PROTECTED]> wrote:
> Bruce Gilbert wrote:
> > I am trying to set up a contact list database using guidance from a
> > PHP/MySQL book I recenty purchased, and not aving done this before I
> > am not sure what the following error means or where I shoudl look for
> > this kind of error. I have a table set up in MySQL using PHPMyadmin,
> > and I am thinking it may be something in my table? Please let me know
> > if anyone lese is familiar of this type of error below:
> >
> > "You have an error in your SQL syntax. Check the manual that
> > corresponds to your MySQL server version for the right syntax to use
> > near 'List values ('', 'firstname', 'lastname', 'address', '
>
> You would need to show us the SQL that was causing that error. Otherwise
> it is fairly meaningless.
>
> Jasper
>
--
::Bruce::
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: please shed some light on SQLsyntax error
Bruce Gilbert wrote:
You would need to show us the SQL that was causing that error. Otherwise
it is fairly meaningless.
hope this helps...
Unrelated, but you should have quotes here. Like $_POST['f_name']
header("Location:http://www.inspired-evolution.com/show_addcontact.php";);
There should also probably be a space between the : and the start of the
URL here.
exit;
}else {
//if form variables are present,start a session
session_start();
}
//check for validity of user
if ($_SESSION[valid] != "yes") {
Again, quotes on the array subscript.
header("Location:http://www.inspired-evolution.com/contact_menu.php";);
And space between colon and URL here.
exit;
}
//set up table and database names
$db_name ="bruceg_contactlist";
$table_name ="Contact List";
//connect to server and select database
$connection = @mysql_connect("69.90.6.198","database_username","password")
or die(mysql_error());
$db = @mysql_select_db($db_name,$connection) or die(mysql_error());
//build and issue query
$sql = "INSERT INTO $table_name values ('', '$_POST[f_name]',
You'll be wanting to put backticks (`) around the table name, because it
contains a space.
Jasper
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: please shed some light on SQLsyntax error
for the table name you mean like this?
$table_name =" 'Contact List' ";
On 11/13/05, Jasper Bryant-Greene <[EMAIL PROTECTED]> wrote:
> Bruce Gilbert wrote:
> >> You would need to show us the SQL that was causing that error. Otherwise
> >> it is fairly meaningless.
> >
> > hope this helps...
> >
> > >
> > //check for required form variables
> > if ((!$_POST[f_name]) || (!$_POST[l_name])) {
>
> Unrelated, but you should have quotes here. Like $_POST['f_name']
>
> >
>
> header("Location:http://www.inspired-evolution.com/show_addcontact.php";);
>
> There should also probably be a space between the : and the start of the
> URL here.
>
> > exit;
> > }else {
> > //if form variables are present,start a session
> > session_start();
> > }
> >
> > //check for validity of user
> > if ($_SESSION[valid] != "yes") {
>
> Again, quotes on the array subscript.
>
> > header("Location:http://www.inspired-evolution.com/contact_menu.php";);
>
> And space between colon and URL here.
>
> > exit;
> > }
> >
> > //set up table and database names
> > $db_name ="bruceg_contactlist";
> > $table_name ="Contact List";
> >
> > //connect to server and select database
> > $connection =
> @mysql_connect("69.90.6.198","database_username","password")
> > or die(mysql_error());
> > $db = @mysql_select_db($db_name,$connection) or die(mysql_error());
> >
> > //build and issue query
> > $sql = "INSERT INTO $table_name values ('', '$_POST[f_name]',
>
> You'll be wanting to put backticks (`) around the table name, because it
> contains a space.
>
> Jasper
>
--
::Bruce::
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: please shed some light on SQLsyntax error
Bruce Gilbert wrote:
for the table name you mean like this?
$table_name =" 'Contact List' ";
No, backticks. I gave an example of the backtick in my email (in
brackets). It is on the same key as the tilde, and looks like this: `
Also, I would probably left $table_name as it was and put the backticks
in the SQL statement, like this:
$sql = "INSERT INTO `$table_name` values ('', '$_POST[f_name]', [...]
Jasper
On 11/13/05, Jasper Bryant-Greene <[EMAIL PROTECTED]> wrote:
Bruce Gilbert wrote:
You would need to show us the SQL that was causing that error. Otherwise
it is fairly meaningless.
hope this helps...
Unrelated, but you should have quotes here. Like $_POST['f_name']
header("Location:http://www.inspired-evolution.com/show_addcontact.php";);
There should also probably be a space between the : and the start of the
URL here.
exit;
}else {
//if form variables are present,start a session
session_start();
}
//check for validity of user
if ($_SESSION[valid] != "yes") {
Again, quotes on the array subscript.
header("Location:http://www.inspired-evolution.com/contact_menu.php";);
And space between colon and URL here.
exit;
}
//set up table and database names
$db_name ="bruceg_contactlist";
$table_name ="Contact List";
//connect to server and select database
$connection =
@mysql_connect("69.90.6.198","database_username","password")
or die(mysql_error());
$db = @mysql_select_db($db_name,$connection) or die(mysql_error());
//build and issue query
$sql = "INSERT INTO $table_name values ('', '$_POST[f_name]',
You'll be wanting to put backticks (`) around the table name, because it
contains a space.
Jasper
--
::Bruce::
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend + Eclipse + Standized Framework
Hi Dan, there are no details right now. Check frequently zend.com for updates about the framework and upcomming zend eclipse stuff. -- Marco -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Page Update Script
Anyone know of a script out there already which will read directories on a site and display a list of files updated within the last month? Just thought I would ask before I invented the wheel! R -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Good user comment system?
Hi all, Anyone familiar with a good user-comment system for PHP, preferably one that works with adodb and has thread-like design (where users can answer each other). Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Savant question
I am trying to use savant and having a few odd problems. I plan on
making a simple DB driven site where the majority of the content is held
in the DB. I have created a basic template (header, footer, nav and
content) to just echo out the content (the content will have a html to
format it the way I want). Simple right.
Problem: All the html mark up is being ignored and the content is just
"dumping" there. Check for htmlentities you say... did and they are
there. So I try to get rid of it with html_entity_decode - thus giving
me my html formating back right? Wrong. Same problem. Am I missing
something?
index.php
// here we get content. Normally this will be by pulling it out of
the DB
$savant->content = '
This is a test of the Emergency Broadcasting System
This is ONLY a test.
If this was a real emergancy information would be provided here. This
is a test.
';
$savant->display('page.tpl.php');
page.tpl.php
content))
{
echo "{$this->_($this->content)}";
echo '<--- Break --->';
echo html_entity_decode($this->_($this->content));
}
?>
displayed in browser page:
This is a test of the Emergency Broadcasting System
This is ONLY a test.
<--- Break --->
This is a test of the Emergency Broadcasting System
This is ONLY a test.
browser page source:
This is a test of the Emergency Broadcasting System
This is ONLY a test.
<--- Break --->
This is a test of the Emergency Broadcasting System
This is ONLY a test.
--
Respectfully,
Ligaya Turmelle
"Life is a game so have fun"
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: please shed some light on SQLsyntax error
I believe it's proper SQL syntax to use a double quote " tho for column names.
I've heard of backtick working.. but in any example I've ever seen both in
classes and on mysql and postgresql sites they always use "" I don't use ``
so I'm not sure how widely they are accepted.
Just ran a test in sqlite and postgresql `` are not accepted.
On Sunday 13 November 2005 06:31 pm, Jasper Bryant-Greene wrote:
> Bruce Gilbert wrote:
> > for the table name you mean like this?
> >
> > $table_name =" 'Contact List' ";
>
> No, backticks. I gave an example of the backtick in my email (in
> brackets). It is on the same key as the tilde, and looks like this: `
>
> Also, I would probably left $table_name as it was and put the backticks
> in the SQL statement, like this:
>
> $sql = "INSERT INTO `$table_name` values ('', '$_POST[f_name]', [...]
>
> Jasper
>
> > On 11/13/05, Jasper Bryant-Greene <[EMAIL PROTECTED]> wrote:
> >> Bruce Gilbert wrote:
> You would need to show us the SQL that was causing that error.
> Otherwise it is fairly meaningless.
> >>>
> >>> hope this helps...
> >>>
> >>> >>>
> >>> //check for required form variables
> >>> if ((!$_POST[f_name]) || (!$_POST[l_name])) {
> >>
> >> Unrelated, but you should have quotes here. Like $_POST['f_name']
> >>
> >>header("Location:http://www.inspired-evolution.com/show_addcontact.php";
> >>);
> >>
> >> There should also probably be a space between the : and the start of the
> >> URL here.
> >>
> >>> exit;
> >>> }else {
> >>> //if form variables are present,start a session
> >>> session_start();
> >>> }
> >>>
> >>> //check for validity of user
> >>> if ($_SESSION[valid] != "yes") {
> >>
> >> Again, quotes on the array subscript.
> >>
> >>> header("Location:http://www.inspired-evolution.com/contact_menu.php";);
> >>
> >> And space between colon and URL here.
> >>
> >>> exit;
> >>> }
> >>>
> >>> //set up table and database names
> >>> $db_name ="bruceg_contactlist";
> >>> $table_name ="Contact List";
> >>>
> >>> //connect to server and select database
> >>> $connection =
> >>
> >> @mysql_connect("69.90.6.198","database_username","password")
> >>
> >>> or die(mysql_error());
> >>> $db = @mysql_select_db($db_name,$connection) or die(mysql_error());
> >>>
> >>> //build and issue query
> >>> $sql = "INSERT INTO $table_name values ('', '$_POST[f_name]',
> >>
> >> You'll be wanting to put backticks (`) around the table name, because it
> >> contains a space.
> >>
> >> Jasper
> >
> > --
> >
> > ::Bruce::
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: please shed some light on SQLsyntax error
Bruce Gilbert wrote:
//build and issue query
$sql = "INSERT INTO $table_name values ('', '$_POST[f_name]',
'$_POST[l_name]', '$_POST[address1]', '$_POST[address2]',
'$_POST[address3]', '$_POST[postcode]', '$_POST[country]',
'$_POST[prim_tel]', '$_POST[sec_tel]', '$_POST[email]',
'$_POST[birthday]')";
Holy riddled-with-security-holes batman! Strange that no one has jumped
on this. That code could be easily hijacked to do nasty things to your
server. Google "sql injection php" or something like that and you'll
get lots of resources. E.g.:
http://dev.mysql.com/tech-resources/articles/guide-to-php-security.html
PS - Hello all! This is my first post to the list; I've been lurking
for a week or two.
--
Max Schwanekamp
http://www.neptunewebworks.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
