[PHP] php and apache...single sign on
I would like to piggyback on an Apache realm/dialog authentication and feed these credentials to a mysql connection (or connection to anything else) in my php scripts. Is there a way using the php Apache apis (seems like no) or via apache itself to make these credentials available/visible to a php script? I'm not sure if this presents a security risk as I trust the pages in my web server to not be malevolent. mike -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] How to update url on server side...php header func?
I have written a database explorer/update program and when the user successfully updates/inserts a new record I would like to have the url updated to reflect new query (in addition to returning form w/new values). I am using url/get for all data transfer rather than post. Maybe this is a problem. Basically original url is (pseudo) "select * from table where rec=5" This url returns an editable detail form from server. User changes rec=5 to 6 in the form, and additional url parms are added via javascript so I can create an update (or insert) statement which the server then processes. If server has success with this, I want to return editable detail w/new values and additionally change original url to "select * from table where rec=6". I need to change url as if the user changes returned form values and hits update again, since I'm working off url for query and not form data, it still keys off the original query...not a modified one, which I want. I guess I could be using only posted form data for communication between client and server, right?...as server could return updated query string in hidden form fields. But before switching all my code, I thought I might be able to change/forward the url to something else (new query string). When I try to do this via header() php complains that header already sent. any ideas of how to better go about this? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] How to update url on server side...php header func?
The word (pseudo) implied that my url metadata effectively generates a sql statement. Query metadata in the url on the server side is generated as sql. This is exactly what phpMyAdmin does...my app presents no more a security problem than theirs. The script runs as guest/guest against mysql unless realm authentication has been setup on the web server, in which case it runs with credentials of whose already authenticated. Unless someone's auth'd with my personal credentials, all they can do is query a stupid quotations table in a database of mine. No deletes, inserts, or updates. mike -Original Message- From: Jay Blanchard [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 23, 2003 4:53 AM To: Mike Klein; [EMAIL PROTECTED] Subject: RE: [PHP] How to update url on server side...php header func? [snip] Basically original url is (pseudo) "select * from table where rec=5" ... any ideas of how to better go about this? [/snip] The query is in the URL? Really? You have just asked for a security problem (google for "sql injection" and you'll see what I am talking about). If you have anything that looks like http://www.yourserver.com/script.php?sql=select you need to stop what you are doing. Honestly, I believe that you need to change your code, and without seeing your current code I couldn't make any further recommendations. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
