[PHP] Search/Replace in entire database?
Hi everyone, I am in the middle of creating an editor where you can search and replace on an individual column in a single table then I came across something I need to be able to do but not sure how. Is it posible (And if so please how :-) to search an entire database and all tables within a database and do a find/replace on keywords without having to specify each table/column within that table? The people I am working for have made some big changes and one of them is changing the names of one of their products, but this product name appears EVERYWHERE in many tables and in lots of different column names, and it would save so much time if I could do a single query that would just search EVERYTHING within the database. Thanks for any advice you can give me. Regards Chris Payne -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Users Online?
Hi everyone, I have a login system that allows a user to login to my control panel, is there an easy way so that I can tell how many users / what users are logged into my system? What would I need to do to add this with the minimum of hassle? Would I just have to look at the sessions that are currently active and if so, how? I really want to add this feature as it will help with creating a messaging system. It might be simple but if you've never done it before it's the hardest thing in the world :-) Thank you Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] HELP SQL INJECTION
Hi everyone, My server appears to be the victim of a chinese hack-attack and I believe they managed to change pages via SQL Injection, do any of you have any ideas how to lock down my forms so MySQL cannot be used from my forms? Thanks everyone Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HELP SQL INJECTION
Hi everyone, Hmmm i'm not sure it is an SQL Injection now, done a lot more checking and it is inserting code at the end of every index.htm index.html default.html and index.php pages on my site. Ooooh what fun :-) Chris On Fri, Jul 10, 2009 at 2:22 PM, Govinda wrote: > > On Jul 10, 2009, at 1:50 PM, Daniel Brown wrote: > >> On Fri, Jul 10, 2009 at 15:48, Chris Payne >> wrote: >>> >>> Hi everyone, >>> >>> My server appears to be the victim of a chinese hack-attack and I >>> believe they managed to change pages via SQL Injection, do any of you >>> have any ideas how to lock down my forms so MySQL cannot be used from >>> my forms? >> >> First and foremost: >> >> http://php.net/mysql_real_escape_string > > I am total newbie here, but I can say I would recommend getting a good PHP > book or at least reading some articles on preventing XSS attacks (if I said > that right) and also SQL injection. > > for inserting data in to your db, use placeholders. > > for printing data coming from the db, use htmlentities() > > for retrieving data from your db via form/user input, use > mysql_real_escape_string and strtr() to escape SQL wildcards (%) and the _ > char. > > If I mis-guide the OP, please correct me! > > > Govinda > govinda.webdnat...@gmail.com > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HELP SQL INJECTION
Hi, Yes their IP is from Russia by Chinese in origin. How can this be prevented? Thank you all SO much for your help, it is very appreciated. Chris On Fri, Jul 10, 2009 at 2:40 PM, Daniel Brown wrote: > On Fri, Jul 10, 2009 at 17:37, Chris Payne wrote: >> Hi everyone, >> >> Hmmm i'm not sure it is an SQL Injection now, done a lot more checking >> and it is inserting code at the end of every index.htm index.html >> default.html and index.php pages on my site. >> >> Ooooh what fun :-) > > Wouldn't happen to be in Chinese, would it? It sounds quite > reminiscent of the regular JavaScript and XSS stuff. > > -- > > daniel.br...@parasane.net || danbr...@php.net > http://www.parasane.net/ || http://www.pilotpig.net/ > Check out our great hosting and dedicated server deals at > http://twitter.com/pilotpig > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HELP SQL INJECTION
>> Thank you all SO much for your help, it is very appreciated. > > So would be your move to bottom-posting (with nods to the jihad > that was the longest thread of the list so far this month) as per the > mailing list rules. ;-P > > What's the URL to your site, if you feel comfortable in providing it here? Sorry I post at the top because i'm legally blind and it's easier but i'll try to post at the bottom :-) This is the main site on my server: http://www.oxyge.net I just took out the offending code at the end of the index page to get it back up and running. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] pre-screening pages before served?
Hi everyone, Is it possible to have the system pre-screen a page before it is sent to a user? What I mean is, if someone requests index.php could I have a script scan the file before I serves it? The reason I ask is this way I could check for patterns on the script to make sure the page hasn't been tampered with live, so to speak. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] pre-screening pages before served?
On Mon, Jul 20, 2009 at 12:30 PM, Per Jessen wrote: > Chris Payne wrote: > >> Hi everyone, >> >> Is it possible to have the system pre-screen a page before it is sent >> to a user? What I mean is, if someone requests index.php could I have >> a script scan the file before I serves it? > > Yes, apache has an output filter that can be set up as the last stage > just before serving a page. > > > /Per > > -- > Per Jessen, Zürich (19.8°C) Thank you, i'll look into that this evening as it would solve some problems i've had. I want my system to check local copies of a page against a cache I have of the same page and if they are different it won't serve the page and will automatically send me a copy of the page via email and restore it to what it should be. A way of protecting against attacks. Just 1 stage but I want to be pro-active and always be ontop of things. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] pre-screening pages before served?
> Really? This is an actual problem for you? It sounds too me that you have a > malicious user on your server and if so, fire them. If you suspect you've > been hacked from externally, then I would format and re-install -- or use a > backup from a known good date. I've been coding PHP since 1996, and have > NEVER heard of a man-in-the-middle attack like this. It just sounds like you > have other problems and this isn't a solution, it's a band-aid. Hi There, There were MANY servers this past month had the same attack. At the end of every index page on the website some malicious PHP code was added linking to an iframe etc . first thing i did (Of course) was change all FTP and user account passwords on my server and LUCKILY it hasn't happened since even though friends of mine have had it happen a couple of times on their servers since. I just want to have an extra layer of protection in place and i'm also going to go through every single script I have written and lock them down tightly as I don't know if they did this with FTP or some other way to be honest. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] File download question
Hi Everyone,
I've setup a filedownload which works but i'm having an issue, i've
left out but when it downloads it, while it has the correct file it
doesn't have a file extension associated with it, I need the .7z
extension associated with the filename, can anyone see why that would
do this below?
I'm sure it's something obvious but i'm new to doing file downloads.
Thank you everyone
Chris
$file = "SOMEFILE.7Z";
$speed = 60; // i.e. 60 kb/s download rate
if(file_exists($file) && is_file($file)) {
header("Cache-control: private");
header("Content-Type: application/octet-stream");
header("Content-Length: ".filesize($file));
header("Content-Disposition: filename=$file" . "%20");
flush();
$fd = fopen($file, "r");
while(!feof($fd)) {
echo fread($fd, round($speed*1024)); // $speed kb at a time
flush();
sleep(1);
}
fclose ($fd);
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Downloader help needed :-(
HI everyone,
Thanks for those of you in the past that helped me with my downloader
not displaying the filename. Someone gave me a link to the downloader
below which works GREAT but i've tried and tried to limit the data
transfer to 60KB a second andI can't get it to work, can any of you
see what I could add to get it to work? The first peice of code the
code I WANT to use as it lets me download with the correct filename
etc .. but the second piece of code allows me to limit the speed
of the transfer but when I try to merge the second with the first it
craps out on me.
Any help would REALLY be appreciated on this one.
Thanks everyone.
Piece of code 1 (Code I WANT to use)
function forceDownload($file) {
/**
* Function forceDownload:
* download any type of file if it exists and is readable
* -
* @author Andrea Giammarchi
* @date18/01/2005 [17/05/2006]
* @compatibility PHP >= 4.3.0
*/
if(file_exists($file) && is_readable($file)) {
$filename = basename($file);
if(strpos(strtoupper($_SERVER['HTTP_USER_AGENT']), 'MSIE') !==
false
&& strpos($filename, '.') !== false) {
$parsename = explode('.', $filename);
$last = count($parsename) - 1;
$filename = implode('%2E', array_slice($parsename, 0,
$last));
$filename .= '.'.$parsename[$last];
};
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment;
filename="'.$filename.'"');
header('Content-Length:'.filesize($file));
header('Content-Transfer-Encoding: binary');
if(@$file = fopen($file, "rb")) {
while(!feof($file))
echo fread($file, 8192);
fclose($file);
};
exit(0);
};
};
Piece of code 2 (Which limits nice but has other issues)
$speed = 60; // i.e. 60 kb/s download rate
if(file_exists($file) && is_file($file)) {
header("Cache-control: private");
header("Content-Type: application/octet-stream");
header("Content-Length: ".filesize($file));
//header("Content-Disposition: filename=$file" . "%20");
header("Content-Disposition: attachment; filename=\"$file\"");
flush();
$fd = fopen($file, "r");
while(!feof($fd)) {
echo fread($fd, round($speed*1024)); // $speed kb at a time
flush();
sleep(1);
}
fclose ($fd);
}
Thank you everyone, it's really appreciated.
Chris
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Downloader help needed :-(
Hi there, Thank you Tommy, I will look at this when my little 3 year old devil is in bed, I appreciate your help :-) Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] What method is best for generating thumbnails in PHP from PDF's?
Hi Everyone, I have been asked to create thumbnails from the first page of a PDF document on the fly with PHP, I have looked online but am confused as there doesn't seem 1 simple solution. What would you all recommend as an easy way to do this? Any help would be really appreciated. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Help needed with calculation
Hi everyone, I'm not sure of the correct formula for this, if I have a file - just for example, that is 10245458756 bytes long and the download speed is 60KB a second, what formula would I use to calculate how many seconds/minutes/hours it would take to download the file? Maths really isn't my strong point and formulas go over my head otherwise I wouldn't ask :-( Thanks everyone Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Best way to read first 20 characters of a string?
Hi everyone, I'm pulling data from a mysql database, but need only the first 20 characters of each string for a short description, what is the best method to just grab the first 20 characters from a string regardless of whether they are letters or numbers? Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Best way to read first 20 characters of a string?
Thank you everyone, I REALLY appreciate it. Sorry my head isn't in place today and I couldn't think. Chris On Wed, Dec 2, 2009 at 10:18 AM, Devendra Jadhav wrote: > mysql substr function > http://dev.mysql.com/doc/refman/5.0/en/string-functions.html#function_substr > > On Wed, Dec 2, 2009 at 8:41 PM, Chris Payne > wrote: >> >> Hi everyone, >> >> I'm pulling data from a mysql database, but need only the first 20 >> characters of each string for a short description, what is the best >> method to just grab the first 20 characters from a string regardless >> of whether they are letters or numbers? >> >> Chris >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> > > > > -- > Devendra Jadhav > दà¥à¤µà¥à¤à¤¦à¥à¤° à¤à¤¾à¤§à¤µ > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Numeric help needed
Hi Jason, I've tried lots of different things, including: echo "" . round(68500, 1000) . " ROUNDED"; thinking that might be it, but i'm stumped This is the example I was given (And have to go by): "If the loan amount is $68500.00, the insurace will be based on $69000.00 as the amount is always rounded up to the next $1000." Maybe i'm just looking at it wrong but i'm stumped. Chris On Sun, Jan 15, 2012 at 8:41 PM, Jason Pruim wrote: > > > Sent from my iPhone > > On Jan 15, 2012, at 8:25 PM, "Christopher J Payne" > wrote: > >> Hi everyone, >> >> >> >> I am having a hard time with a numerical problem. >> >> >> >> I need to round some numbers up and I've tried $round($number) and it >> doesn't work so I'm misunderstanding something. >> >> >> >> For example, if a user inputs 685000 I need it to round up to 69 or if >> they input 149560 I need it to round up to 15. What is the correct way >> to do this as everything I have tried doesn't seem to affect the user >> inputted figure at all. >> >> >> >> Anyway help would REALLY be appreciated, I'm sure it's really simple but for >> the life of me I'm stumped on why it's not working. >> > > Maybe it's just a typo in your email but you put a $ infront of round() try > removing that and see if it helps. If not are there any error messages that > are showing up? >> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Thank you all for your help
Hi there, A big thank you to all of you who took time to help me with my numeric problem from earlier, it's been a huge help :-) Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
