|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
php-general-digest-help
lists.php.net
Date: Fri May 11 2007 - 09:15:29 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
php-general Digest 11 May 2007 14:15:29 -0000 Issue 4785
Topics (messages 254770 through 254805):
reading private properties (print_r)
254770 by: Hendrik van Arragon
What is the best way to protect the PHP page that returns the AJAX data?
254771 by: Daevid Vincent
254774 by: heavyccasey.gmail.com
254795 by: Rangel Reale
254797 by: Robert Cummings
254800 by: Rangel Reale
254801 by: Robert Cummings
254803 by: Eric Butera
Re: One class, many methods: PHP4.x: Q's
254772 by: Micky Hulse
254773 by: Micky Hulse
254802 by: Eric Butera
Re: sorting via PHP or MySQL?
254775 by: Larry Garfield
Re: Need a new shared host with php
254776 by: Larry Garfield
254782 by: clive
254788 by: Richard Davey
254790 by: Joker7
254791 by: Joker7
Re: What is the best way to protect the PHP page that returns the AJAX data? [solved]
254777 by: Daevid Vincent
254778 by: Robert Cummings
254783 by: Crayon Shin Chan
254787 by: clive
finding next and prev record in mysql
254779 by: Richard Kurth
254780 by: Chris
254785 by: Richard Kurth
254786 by: Richard Kurth
Re: PHP & MySQL
254781 by: "Miguel J. Jiménez"
Re: PhP and Java login trouble (can someone help a brother out whom is truely trying to understand?)
254784 by: Brad Sumrall
Re: GET variable unexpectedly assigned to session variable
254789 by: Crayon Shin Chan
PHP screen generator?
254792 by: Man-wai Chang
254793 by: Zoltán Németh
Re: Search function
254794 by: Ryan A
Re: php + db2
254796 by: johan.boye.latecoere.fr
import dbf files
254798 by: Bosky, Dave
254799 by: Robert Cummings
self:: vs this
254804 by: Mariano Guadagnini
254805 by: Robert Cummings
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net
To post to the list, e-mail:
php-generallists.php.net
----------------------------------------------------------------------
attached mail follows:
Hi,
I dislike the output of print_r(), so I desited write my own print_r().
I need this funktion for debugging issues, and therfor it is nice to
have the private attributs, which are normaly hidden.
attached mail follows:
Like most sites, someone needs to join up to use mine.
I'm using a wee-bit-o-AJAX to pull some results from a database and display them dynamically.
For the AJAX to work, it has to hit a script that's accessible from the htdocs tree right?
Effectively it's just a (JavaScript initiated) GET URL request correct?
For example, index.html calls http://example.com/gimmedata.php?query=foo
That in turn returns a JS formatted array which is eval() in JS and rendered on the page.
(over simplified I know)
My question is, how do you protect gimmedata.php since it's sitting out there sans normal web headers and stuff?
Can it include session_start() and do all that wonderful checking to make sure the user is logged in before just happily doling out
my precious data?
What is the proper, secure, sanctioned and AJAX/PHP blessed way to do this?
I could set up a test environment and hack up something I'm sure -- and probably will if I get too impatient, but nobody seems to
address this issue in any examples, they just do it as if information is *gasp* free. I'm a PHP guru, but I am also an AJAX novice.
From what I gather, the return is really in XML transport format and all the magic of converting to/from XML is transparent to me. I
worry that putting other headers or whatever may "corrupt" that?
attached mail follows:
That's a humongous, humongous security risk there.
What if someone goes http://example.com/gimmedata.php?query=DROP DATABASE hi?
Unless I misunderstood.
A better way would be in the script:
switch ($_GET['query']) {
case "fetch": $dbquery = 'SELECT stuff FROM stuff'; break;
case "eatsnacks": $dbquery = 'SELECT snacks FROM edibles'; break;
// ...
}
and fetch instead "http://example.com/gimmedata.php?query=eatsnacks"
On 5/10/07, Daevid Vincent <daeviddaevid.com> wrote:
> Like most sites, someone needs to join up to use mine.
>
> I'm using a wee-bit-o-AJAX to pull some results from a database and display them dynamically.
>
> For the AJAX to work, it has to hit a script that's accessible from the htdocs tree right?
> Effectively it's just a (JavaScript initiated) GET URL request correct?
>
> For example, index.html calls http://example.com/gimmedata.php?query=foo
> That in turn returns a JS formatted array which is eval() in JS and rendered on the page.
>
> (over simplified I know)
>
> My question is, how do you protect gimmedata.php since it's sitting out there sans normal web headers and stuff?
> Can it include session_start() and do all that wonderful checking to make sure the user is logged in before just happily doling out
> my precious data?
>
> What is the proper, secure, sanctioned and AJAX/PHP blessed way to do this?
>
> I could set up a test environment and hack up something I'm sure -- and probably will if I get too impatient, but nobody seems to
> address this issue in any examples, they just do it as if information is *gasp* free. I'm a PHP guru, but I am also an AJAX novice.
> From what I gather, the return is really in XML transport format and all the magic of converting to/from XML is transparent to me. I
> worry that putting other headers or whatever may "corrupt" that?
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
attached mail follows:
I would also like to know how people are dealing with this, how to you make
sure people don't steal your data, sometimes it can be something simple like
state names, but sometimes it can be your entire user/email database, who
knows?
And OF COURSE he is not passing a query on the url, a dumb user like this
wouldn't know how to enter a mailing list :P
Thanks,
Rangel
----- Original Message -----
From: "Daevid Vincent" <daeviddaevid.com>
To: <php-generallists.php.net>
Sent: Friday, May 11, 2007 12:18 AM
Subject: [PHP] What is the best way to protect the PHP page that returns the
AJAX data?
> Like most sites, someone needs to join up to use mine.
>
> I'm using a wee-bit-o-AJAX to pull some results from a database and
> display them dynamically.
>
> For the AJAX to work, it has to hit a script that's accessible from the
> htdocs tree right?
> Effectively it's just a (JavaScript initiated) GET URL request correct?
>
> For example, index.html calls http://example.com/gimmedata.php?query=foo
> That in turn returns a JS formatted array which is eval() in JS and
> rendered on the page.
>
> (over simplified I know)
>
> My question is, how do you protect gimmedata.php since it's sitting out
> there sans normal web headers and stuff?
> Can it include session_start() and do all that wonderful checking to make
> sure the user is logged in before just happily doling out
> my precious data?
>
> What is the proper, secure, sanctioned and AJAX/PHP blessed way to do
> this?
>
> I could set up a test environment and hack up something I'm sure -- and
> probably will if I get too impatient, but nobody seems to
> address this issue in any examples, they just do it as if information is
> *gasp* free. I'm a PHP guru, but I am also an AJAX novice.
> From what I gather, the return is really in XML transport format and all
> the magic of converting to/from XML is transparent to me. I
> worry that putting other headers or whatever may "corrupt" that?
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.467 / Virus Database: 269.6.4/790 - Release Date: 5/5/2007
> 10:34
>
>
attached mail follows:
On Fri, 2007-05-11 at 09:01 -0300, Rangel Reale wrote:
> I would also like to know how people are dealing with this, how to you make
> sure people don't steal your data, sometimes it can be something simple like
> state names, but sometimes it can be your entire user/email database, who
> knows?
State names and your entire user list are two different issues. State
names are almost certainly shown completely due to the need for state
selector lists. But I can't see any reason why you would have your
entire user list available.
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
attached mail follows:
That was only an example, the question is, how do I protect possibly
sensitive data sent by AJAX, so one user can't access other user's data?
Is the anwser just "don't do this with AJAX"?
----- Original Message -----
From: "Robert Cummings" <robertinterjinn.com>
To: "Rangel Reale" <listasrangelreale.com>
Cc: <php-generallists.php.net>
Sent: Friday, May 11, 2007 10:13 AM
Subject: Re: [PHP] What is the best way to protect the PHP page thatreturns
the AJAX data?
> On Fri, 2007-05-11 at 09:01 -0300, Rangel Reale wrote:
>> I would also like to know how people are dealing with this, how to you
>> make
>> sure people don't steal your data, sometimes it can be something simple
>> like
>> state names, but sometimes it can be your entire user/email database, who
>> knows?
>
> State names and your entire user list are two different issues. State
> names are almost certainly shown completely due to the need for state
> selector lists. But I can't see any reason why you would have your
> entire user list available.
>
> Cheers,
> Rob.
> --
> .------------------------------------------------------------.
> | InterJinn Application Framework - http://www.interjinn.com |
> :------------------------------------------------------------:
> | An application and templating framework for PHP. Boasting |
> | a powerful, scalable system for accessing system services |
> | such as forms, properties, sessions, and caches. InterJinn |
> | also provides an extremely flexible architecture for |
> | creating re-usable components quickly and easily. |
> `------------------------------------------------------------'
>
>
>
>
> --
> Internal Virus Database is out-of-date.
> Checked by AVG Free Edition.
> Version: 7.5.467 / Virus Database: 269.6.1/776 - Release Date: 25/4/2007
> 12:19
>
>
attached mail follows:
On Fri, 2007-05-11 at 10:33 -0300, Rangel Reale wrote:
> That was only an example, the question is, how do I protect possibly
> sensitive data sent by AJAX, so one user can't access other user's data?
>
> Is the anwser just "don't do this with AJAX"?
No, do what you would normally do. Filter access to data based on the
user's permissions. Ajax requests are like any other http request.
Cookies are sent. If you aren't using cookies and relying exclusively on
PHP trans SID or something similar, then just make sure the ID is sent
in the Ajax request. Then as with any request, check permissions and
dole out information appropriately.
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
attached mail follows:
On 5/10/07, Daevid Vincent <daeviddaevid.com> wrote:
> I'm a PHP guru
Then this question shouldn't have been asked. :)
attached mail follows:
Micky Hulse wrote:
> Seems like I have always read/heard that it is best to explicitly pass
> variables as function parameters... vs throwing around "globals."
Ah, well Chapter 6, page 144-145 have helped clear-up a little bit of my
confusion:
"
...<snip>...
Here's a simple class definition of the Person class that shows the
$this variable in action:
class Person {
var $name;
function get_name() {
return $this->name;
}
function set_name($new_name) {
$this->name = $new_name;
}
}
As you can see, the get_name() and set_name() methods use $this to
access and set the $name property of the current object.
...<snip>...
Declaring Properties
In the previous definition of the Person class, we explicityly declared
the $name property. Property declaration are optional and are simply a
courtesy to whoever maintains your program. It's good PHP style to
declare your properties, but you can add new properties at any time.
...<snip>...
You can assign default values to properties, but those default values
must be simple constants:
var $name = 'J Doe'; // Works
var $age = 0; // Works
var $day = 60*60*60; // Doesn't work.
...<snip>...
"
So, I think I was getting a bit confused with the var variables... But
now it looks like it is not bad practice to get and set object
"properties", and it almost sounds like it is good practice (though, not
required) to declare these properties (var variables) for other
eyeballs/programmers.
Man, I love programming in PHP. I just wish I were better at it! :D
K, gonna go practice some on these new techniques.
Cheers,
Micky
--
Wishlists: <http://snipurl.com/1gqpj>
Switch: <http://browsehappy.com/>
BCC?: <http://snipurl.com/w6f8>
My: <http://del.icio.us/mhulse>
attached mail follows:
Micky Hulse wrote:
> Ah, well Chapter 6, page 144-145 have helped clear-up a little bit of my
> confusion:
Sorry, forgot to mention what book I was refering to:
O'Reilly Programming PHP By Rasmus Lerdorf & Kevin Tatroe
<http://snipurl.com/1k4ug>
--
Wishlists: <http://snipurl.com/1gqpj>
Switch: <http://browsehappy.com/>
BCC?: <http://snipurl.com/w6f8>
My: <http://del.icio.us/mhulse>
attached mail follows:
On 5/10/07, Micky Hulse <mickyambiguism.com> wrote:
> Micky Hulse wrote:
> > Ah, well Chapter 6, page 144-145 have helped clear-up a little bit of my
> > confusion:
>
> Sorry, forgot to mention what book I was refering to:
>
> O'Reilly Programming PHP By Rasmus Lerdorf & Kevin Tatroe
> <http://snipurl.com/1k4ug>
>
>
> --
> Wishlists: <http://snipurl.com/1gqpj>
> Switch: <http://browsehappy.com/>
> BCC?: <http://snipurl.com/w6f8>
> My: <http://del.icio.us/mhulse>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
If at all possible you're going to want to use PHP5 if you're doing
OOP. I use it all the time in 4, but you're going to have to deal
with references until you are sick and it is just annoying when most
of those "problems" have been alleviated.
Also I would recommend always defining all of the class variables that
it will possibly use. Some of the code I write lives for years and
working over dozens of different projects it is impossible to remember
everything completely. Also it will help avoid bugs such as undefined
variables and all of that.
The get and set method's you wrote are part of the concept of
encapulation. Read this:
http://en.wikipedia.org/wiki/Information_hiding for more information.
attached mail follows:
A somewhat more extensible version of the 1 query method:
http://www.garfieldtech.com/blog/php-group-by
If you will only ever have 2 values there, then either method is probably
fine. The "php group by" method (above) is more extensible if you're going
to have a variable or arbitrary number of groups, though.
Cheers.
On Thursday 10 May 2007, James Tu wrote:
> (I've cross posted at the MySQL list as well)
>
> Here's an example with a simple table:
>
> describe collection;
>
> +------------------+---------------------+------+-----
> +---------------------+----------------+
>
> | Field | Type | Null | Key |
>
> Default | Extra |
> +------------------+---------------------+------+-----
> +---------------------+----------------+
>
> | id | bigint(20) unsigned | | PRI |
>
> NULL | auto_increment |
>
> | receiver_id | bigint(20) unsigned | | MUL |
>
> 0 | |
>
> | set_type_id | int(2) unsigned | | |
>
> 0 | |
>
> | card_id | int(3) unsigned | | |
>
> 0 | |
>
> | completed_set_id | bigint(20) unsigned | | |
>
> 0 | |
>
> | created_on_gmt | datetime | | | 0000-00-00
>
> 00:00:00 | |
> +------------------+---------------------+------+-----
> +---------------------+----------------+
>
>
> I want to end up with two PHP arrays. One for set_type_id = 22 and
> one for set_type_id=21.
>
> (1) one query method:
> SELECT * from collection WHERE set_type_id=22 OR set_type_id=21;
> ...do query...
> while( $row = $this->db->fetch_array_row() ){
> if ($row['set_type_id'] == 21){
> $array_a[] = $row;
> } else {
> $array_b[] = $row;
> }
> }
>
>
> (2) two query method:
> SELECT * from collection WHERE set_type_id=22;
> ...do query...
> while( $row = $this->db->fetch_array_row() ){
> $array_a[] = $row;
> }
>
> SELECT * from collection WHERE set_type_id=21;
> ...do query...
> while( $row = $this->db->fetch_array_row() ){
> $array_b[] = $row;
> }
>
>
> Which method is better? Take a hit using MySQL or take a hit using PHP?
>
> -James
--
Larry Garfield AIM: LOLG42
larrygarfieldtech.com ICQ: 6817012
"If nature has made any one thing less susceptible than all others of
exclusive property, it is the action of the thinking power called an idea,
which an individual may exclusively possess as long as he keeps it to
himself; but the moment it is divulged, it forces itself into the possession
of every one, and the receiver cannot dispossess himself of it." -- Thomas
Jefferson
attached mail follows:
On Thursday 10 May 2007, Richard Davey wrote:
> Al wrote:
> > I'm looking for a shared host with an up-to-date php5, and one who at
> > least tries to keep it relatively current.
> >
> > Needs are modest. Just need good ftp access, cgi-bin, shell, etc.
>
> I'll throw my plug in here for Pair Networks too. Sure, you can get
> cheaper, but they run a really tight ship there - great network, great
> servers, great support. Have been with them since 1996 (!!) and they've
> been brilliant all this time and I've now plans on leaving.
>
> They're about to roll-out PHP 5.2.2 across all of their servers too. And
> if their 'usual' accounts are too expensive, they've just launched this:
Where did you hear that? I'm a Pair customer of many many years myself, and
I've been considering jumping ship because of their old PHP version (latest
PHP 4, but still PHP 4). If they're going to be upgrading to a real PHP
platform, that would kick ass.
Now, if I could get APC without a dedicated box... :-)
--
Larry Garfield AIM: LOLG42
larrygarfieldtech.com ICQ: 6817012
"If nature has made any one thing less susceptible than all others of
exclusive property, it is the action of the thinking power called an idea,
which an individual may exclusively possess as long as he keeps it to
himself; but the moment it is divulged, it forces itself into the possession
of every one, and the receiver cannot dispossess himself of it." -- Thomas
Jefferson
attached mail follows:
Edward Kay wrote:
>>
> Check out http://www.webhostingtalk.com for both discussions and
> searching on any possible hosts before signing up.
>
> If you can stretch your budget a bit more, go for a VPS. Shared hosting
> is a real pain when other users write poor code that hog the server. I
> use ServInt and would recommend them.
I 2nd Servint,
--
Regards,
Clive.
Real Time Travel Connections
{No electrons were harmed in the creation, transmission or reading of
this email. However, many were excited and some may well have enjoyed
the experience.}
attached mail follows:
Larry Garfield wrote:
>> They're about to roll-out PHP 5.2.2 across all of their servers too. And
>> if their 'usual' accounts are too expensive, they've just launched this:
>
> Where did you hear that? I'm a Pair customer of many many years myself, and
> I've been considering jumping ship because of their old PHP version (latest
> PHP 4, but still PHP 4). If they're going to be upgrading to a real PHP
> platform, that would kick ass.
It's been possible to locally compile and run PHP 5 on shared Pair
accounts since, well.. since PHP 5 was released. So you could always
have done that. Or if that didn't appeal, they offer PHP 5 in CGI form
which you can copy to your local cgi-bin and use. Again this has been
around for years now.
But re: your question, if you read the Insider newsletter they send out
(http://insider.pair.com) it tells you all about their new FreeBSD 6.2
roll-out plans, and the hundreds (if not thousands) of new enhancements
it'll bring to all servers, including PHP 5.2.2 (and 4.4.7 as CGI), new
MySQL upgrades, SVN, Perl updates, hundreds of new CPAN modules, etc.
Have a read, I think you'll like what you see. They estimate roll-out in
the next 2 to 4 weeks.
Cheers,
Rich
--
Zend Certified Engineer
http://www.corephp.co.uk
"Never trust a computer you can't throw out of a window"
attached mail follows:
In news: 6C.8F.20961.72773464pb1.pair.com - Al wrote :
>> I'm looking for a shared host with an up-to-date php5, and one who
>> at least tries to keep it relatively current.
>>
>> Needs are modest. Just need good ftp access, cgi-bin, shell, etc.
>>
>> Any suggestions. I'm looking at Host Monster, anyone have experience
>> with them?
>>
>> Thanks...
Take a look at http://host.kick-butt.co.uk I feel this will cover all your
needs.
Chris
--
Cheap As Chips Broadband http://yeah.kick-butt.co.uk
Superb hosting & domain name deals http://host.kick-butt.co.uk
attached mail follows:
In news: 7A.43.20961.3AF44464pb1.pair.com - "Joker7" wrote :
>> In news: 6C.8F.20961.72773464pb1.pair.com - Al wrote :
>>>> I'm looking for a shared host with an up-to-date php5, and one who
>>>> at least tries to keep it relatively current.
>>>>
>>>> Needs are modest. Just need good ftp access, cgi-bin, shell, etc.
>>>>
>>>> Any suggestions. I'm looking at Host Monster, anyone have
>>>> experience with them?
>>>>
>>>> Thanks...
>>
>> Take a look at http://host.kick-butt.co.uk I feel this will cover
>> all your needs.
>>
>> Chris
>>
>> --
>> Cheap As Chips Broadband http://yeah.kick-butt.co.uk
>> Superb hosting & domain name deals http://host.kick-butt.co.uk
Whoops just taken a look and reread your post most server only have PHP
v4.4.3 sorry.
Chris
--
Cheap As Chips Broadband http://yeah.kick-butt.co.uk
Superb hosting & domain name deals http://host.kick-butt.co.uk
attached mail follows:
Thanks for the suggestion and concern. Fear not, I'm a PHP Guru as mentioned. I never said that I execute the code directly like
that. Perhaps my "query" keyname was a bit misleading. Would http://example.com/gimmedata.php?id=3&foo=bar&map=on have been more
clear? I also am not so silly as to run unchecked variables into my SQL queries, nor do I not check for mismatched ' ; and other
injection attempts in my database wrapper. ;-)
Anyways none of that is the point. I wanted to know how to prevent a random person from hitting that same gimmedata.php using their
own parameters (valid or not)
Since I wrote this initial email, I've done some testing, and much to my glee, it seems they work just like any other page, so
therefore putting a simple session_start() and testing if the user is logged in, etc is quite effective.
d
> -----Original Message-----
> From: heavyccaseygmail.com [mailto:heavyccaseygmail.com]
> Sent: Thursday, May 10, 2007 8:28 PM
> To: Daevid Vincent
> Cc: php-generallists.php.net
> Subject: Re: [PHP] What is the best way to protect the PHP
> page that returns the AJAX data?
>
> That's a humongous, humongous security risk there.
>
> What if someone goes
> http://example.com/gimmedata.php?query=DROP DATABASE hi?
> Unless I misunderstood.
>
> A better way would be in the script:
>
> switch ($_GET['query']) {
> case "fetch": $dbquery = 'SELECT stuff FROM stuff'; break;
> case "eatsnacks": $dbquery = 'SELECT snacks FROM edibles'; break;
> // ...
> }
>
> and fetch instead "http://example.com/gimmedata.php?query=eatsnacks"
>
> On 5/10/07, Daevid Vincent <daeviddaevid.com> wrote:
> > Like most sites, someone needs to join up to use mine.
> >
> > I'm using a wee-bit-o-AJAX to pull some results from a
> database and display them dynamically.
> >
> > For the AJAX to work, it has to hit a script that's
> accessible from the htdocs tree right?
> > Effectively it's just a (JavaScript initiated) GET URL
> request correct?
> >
> > For example, index.html calls
> http://example.com/gimmedata.php?query=foo
> > That in turn returns a JS formatted array which is eval()
> in JS and rendered on the page.
> >
> > (over simplified I know)
> >
> > My question is, how do you protect gimmedata.php since it's
> sitting out there sans normal web headers and stuff?
> > Can it include session_start() and do all that wonderful
> checking to make sure the user is logged in before just
> happily doling out
> > my precious data?
> >
> > What is the proper, secure, sanctioned and AJAX/PHP blessed
> way to do this?
> >
> > I could set up a test environment and hack up something I'm
> sure -- and probably will if I get too impatient, but nobody seems to
> > address this issue in any examples, they just do it as if
> information is *gasp* free. I'm a PHP guru, but I am also an
> AJAX novice.
> > From what I gather, the return is really in XML transport
> format and all the magic of converting to/from XML is
> transparent to me. I
> > worry that putting other headers or whatever may "corrupt" that?
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
attached mail follows:
On Thu, 2007-05-10 at 21:23 -0700, Daevid Vincent wrote:
> Thanks for the suggestion and concern. Fear not, I'm a PHP Guru as mentioned.
A Guru would have spent 60 seconds testing to see if the session_start()
scenario worked BEFORE posting to the list :B
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
attached mail follows:
On Friday 11 May 2007 12:45, Robert Cummings wrote:
> On Thu, 2007-05-10 at 21:23 -0700, Daevid Vincent wrote:
> > Thanks for the suggestion and concern. Fear not, I'm a PHP Guru as
> > mentioned.
>
> A Guru would have spent 60 seconds testing to see if the
> session_start() scenario worked BEFORE posting to the list :B
A guru would've KNOWN it :)
--
Crayon
attached mail follows:
Robert Cummings wrote:
> A Guru would have spent 60 seconds testing to see if the session_start()
> scenario worked BEFORE posting to the list :B
/me was thinking the same
--
Regards,
Clive.
Real Time Travel Connections
{No electrons were harmed in the creation, transmission or reading of
this email. However, many were excited and some may well have enjoyed
the experience.}
attached mail follows:
How would I find the next id and the prev id in sql statement like the one
below. The id number is not going to be in order so I can't do a < or >
limit 1 on the search
SELECT id FROM contacts WHERE category = '5' AND subcategory = '1' AND
members_id= '8' ORDER BY lastname
attached mail follows:
Richard Kurth wrote:
> How would I find the next id and the prev id in sql statement like the one
> below. The id number is not going to be in order so I can't do a < or >
> limit 1 on the search
>
> SELECT id FROM contacts WHERE category = '5' AND subcategory = '1' AND
> members_id= '8' ORDER BY lastname
Ask the mysql list: http://lists.mysql.com/
I'm sure they have been asked a similar thing many times in the past.
--
Postgresql & php tutorials
http://www.designmagick.com/
attached mail follows:
-----Original Message-----
From: Chris [mailto:dmagickgmail.com]
Sent: Thursday, May 10, 2007 10:09 PM
To: Richard Kurth
Cc: php-generallists.php.net
Subject: Re: [PHP] finding next and prev record in mysql
Richard Kurth wrote:
> How would I find the next id and the prev id in sql statement like the
> one below. The id number is not going to be in order so I can't do a <
> or > limit 1 on the search
>
> SELECT id FROM contacts WHERE category = '5' AND subcategory = '1' AND
> members_id= '8' ORDER BY lastname
Ask the mysql list: http://lists.mysql.com/
I'm sure they have been asked a similar thing many times in the past.
I did but have not received any awes
attached mail follows:
-----Original Message-----
From: Chris [mailto:dmagickgmail.com]
Sent: Thursday, May 10, 2007 10:09 PM
To: Richard Kurth
Cc: php-generallists.php.net
Subject: Re: [PHP] finding next and prev record in mysql
Richard Kurth wrote:
> How would I find the next id and the prev id in sql statement like the
> one below. The id number is not going to be in order so I can't do a <
> or > limit 1 on the search
>
> SELECT id FROM contacts WHERE category = '5' AND subcategory = '1' AND
> members_id= '8' ORDER BY lastname
Ask the mysql list: http://lists.mysql.com/
I'm sure they have been asked a similar thing many times in the past.
I did but have not received any reply at all
attached mail follows:
Jason Pruim escribió:
> Hi Everyone,
>
> I know this isn't strictly a PHP question, and I apologize in advance
> for that. I'm trying to setup a website for some of my customers that
> would allow them to update a database on their schedule, making it
> easier for us to have the most up to date info, and taking some of the
> work off of us.
>
> Right now, the question I have is, how would I be able to select
> certain records to be deleted (Or moved to another table called
> "deleted")? Is it as simple as looping through the database, having
> them check a checkbox, and then hit a "remove" button?
>
> As I go, I will be adding a login screen to it, and hopefully
> protecting against SQL injection attacks... But right now, I'm still
> just learning and trying.
>
> The SQL syntax is easy enough for me to figure out, but the php is
> throwing me off right now...
>
> I'm running PHP 5.2.0
> MySQL 5.0.24A
>
> Any points to the right documents are greatly appreciated as well as
> sample code :)
>
> Currently here is the code I'm working with on the page to display it:
>
> $link = mysql_connect($server, $username, $password)
> or die('Could not connect: ' . mysql_error());
> echo 'Connected successfully <BR>';
> mysql_select_db('legion') or die('Could not select database' .
> mysql_error());
> echo 'DB selected <BR>';
>
>
>
> $result = mysql_query("SELECT * FROM current") or die(mysql_error());
> while($row = mysql_fetch_array($result)) {
> $FName = $row["FName"];
> $LName = $row["LName"];
> $Add1 = $row["Add1"];
> $Add2 = $row["Add2"];
> $City = $row["City"];
> $State = $row["State"];
> $Zip = $row["Zip"];
> $Date = $row["Date"];
>
>
> echo "$FName, $LName, $Add1, $Add2, $City, $State, $Zip, $Date<BR>";
> };
>
> I'm sure there is an easier way to do that as well... But this way
> worked :)
>
> Jason
>
Well, first of all you need to get the IDs of the rows you want to
remove and then you will do something like:
DELETE FROM <table> WHERE id IN (<list of IDs to remove>)
You will need to show a list of removable records to the client as a
list; for example:
John Doe #1
John Doe #2
.
.
John Doe #n
with a checkbox every one of them. The when you hit submit in the form
you just send the IDs to the php script...
--
Miguel J. Jiménez
Programador Senior
Área de Internet/XSL/PHP
migueljose.jimenezisotrol.com
----------------------------------------------------
ISOTROL
Edificio BLUENET, Avda. Isaac Newton nº3, 4ª planta.
Parque Tecnológico Cartuja '93, 41092 Sevilla (ESP).
Teléfono: +34 955 036 800 - Fax: +34 955 036 849
http://www.isotrol.com
"You let a political fight come between you and your best friend you have in all the world. Do you realize how foolish that is? How ominous? How can this country survive if friends can't rise above the quarrel".
Constance Hazard, North & South (book I)
attached mail follows:
I have these to independently working scripts. 1 is php, the other is
javascript. For obvious reason, to separate logins are not appropriate.
It has been recommended to make a separate function, not sure how to do
this....
Common sense says, "carry the variable from php to javascripting". I am
clueless on where to look on this common sense solution.
I am 2.5 weeks into this madness. I know when I find the solution, it will
be the one that was biting me on the nose.
I want to learn and understand this, but desperately need help from friends!
I will post the 2 complete code pages below..
Input, suggestion or solutions would truly be appreciated.
The first will be the original code that is javascripting friendly.
The second will be my own php working code.
Number one works fine for loging into a FCKEditor application, but is
failing with phpbb.
Number two works perfectly with phpbb applications and outside php pages
requiring phpbb related session controls, but fails sessions with the
javascripting based FCKEditor.
Sincerely,
Brad
#1 Working php/phpbb code:
<?php
if(!isset($_SESSION["userid"]))
{
?>
<form action="/phpbb/login.php" method="post" target="_top">
<table width="200" cellpadding="4" cellspacing="1" border="0"
class="forumline" align="center">
<tr>
<th background="images/login_top2.jpg" height="30"
class="thHead" nowrap="nowrap"></th>
</tr>
<tr>
<td class="row1"><table border="0" cellpadding="3"
cellspacing="1" width="100%">
<tr>
<td width="11%" align="right"><div
align="left"><span class="gen">Username:</span></div></td>
</tr>
<tr>
<td align="right"><input type="text" class="post"
name="username" size="25" maxlength="40" value="" /></td>
</tr>
<tr>
<td align="right"><div align="left"><span
class="gen">Password</span></div></td>
</tr>
<tr>
<td align="right"><span class="gen">
<input type="password" class="post" name="password" size="25" maxlength="32"
/>
:</span></td>
</tr>
<tr align="center">
<td colspan="2"><span class="gen">Log me on
automatically:
<input type="checkbox" name="autologin" /></span></td>
</tr>
<tr align="center">
<td colspan="2"><input type="hidden" name="redirect"
value="" /><input type="submit" name="login" class="mainoption value="Log
in" /> </td>
</tr>
<tr align="center">
<td colspan="2"><span class="gensmall"><a
href="forgot_password.php" class="gensmall">I forgot my
password</a></span></td>
</tr>
</table>
</td>
</tr>
<?php
}else{
?>
<tr>
<td width="207" height="32" background="images/login_top2.jpg"
class="headerlogout" align="center">
<table width="100%">
<tr>
<td width="30" height="27"></td>
<td align="left"><a href="javascript:logout()"
class="link1">Log out</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="center" class="logincenterbg">
<table width="88%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td height="10" align="left" class="bluetext"></td>
</tr>
<tr>
<td align="left" class="link2">Welcome : <?php echo
$_SESSION["userid"] ?></td>
</tr>
<tr>
<td height="22" align="left" class="bluetext"></td>
</tr>
<tr>
<td height="20" align="left"><a class="link1"
href="editaccount.php">Manage Account</a></td>
</tr>
<tr>
<td height="20" align="left"><a class="link1"
href="editprofile.php">Manage Profile</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="left" valign="top"><img
src="images/login_bottom.jpg" width="200" height="8" alt="" /></td>
</tr>
</table>
</form>
<?php
}
?>
</table></td>
</tr>
<tr>
<td height="5"></td>
</tr>
<tr>
<td align="center" valign="top"><table width="211"
border="0" cellspacing="0" cellpadding="0">
<tr>
<td><img src="images/contest_top.jpg" width="211" height="36"
alt="" /></td>
</tr>
<tr>
<td><a href="contest.php"><img src="images/contest_middle.jpg"
width="211" height="169" border="0" alt="" /></a></td>
</tr>
</table></td>
</tr>
<tr>
<td height="5"></td>
</tr>
<tr>
<td align="center" valign="top"><table width="211"
border="0" cellspacing="0" cellpadding="0">
<tr>
<td><img src="images/review_head.jpg" width="211" height="36"
alt="" /></td>
</tr>
<tr>
<td height="89" align="center" class="reviewbg"><table
width="85%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="112" height="46" align="left" valign="middle"
class="bluetext2">Read about any beauty product...</td>
<td width="67" rowspan="2" align="right"> </td>
</tr>
<tr>
<td align="right" valign="middle" ><a
href="/rating/index.php"><img border="0" src="images/go_btn2.jpg" width="56"
height="21" alt="" /></a></td>
</tr>
</table></td>
</tr>
</table></td>
</tr>
<tr>
<td height="5"></td>
</tr>
<tr>
<td align="center" valign="top"><table width="210"
border="0" cellspacing="0" cellpadding="0">
<tr>
<td><img src="images/photos_top.jpg" width="210" height="39"
alt="" /></td>
</tr>
<tr>
<td align="center" class="photobg"><table width="85%" border="0"
cellspacing="0" cellpadding="0">
<tr>
<td height="46" align="left" valign="middle"
class="bluetext2">Add photos to our gallery...</td>
<td width="83" rowspan="2" align="right"><img
src="images/photo1.jpg" width="83" height="81" alt="" /></td>
</tr>
<tr>
<td align="center" valign="middle" ><a
href="photopost2/index.php"><img src="images/more_btn.jpg" width="59"
height="22" alt="" border="0" /></a></td>
</tr>
</table></td>
</tr>
<tr>
<td align="left" valign="top"><img
src="images/photos_bottom.jpg" width="210" height="12" alt="" /></td>
</tr>
</table></td>
</tr>
</table>
#2 Working javascripting, but fails php/phpbb:
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><img src="images/right_img.jpg" width="221" height="68" alt=""
/></td>
</tr>
<tr>
<td align="center"><table width="207" border="0" cellspacing="0"
cellpadding="0">
<?php
if(!isset($_SESSION["userid"]))
{
?>
<tr>
<td><img src="images/login_top.jpg"
width="207" height="32" alt="" /></td>
</tr>
<tr>
<td align="center"
class="logincenterbg">
<form
name="frmlogin" method="post" onsubmit="return validatelogin()">
<input
type="hidden" name="login" value="">
<table
width="88%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td
height="22" align="left" class="bluetext">Username : </td>
</tr>
<tr>
<td
align="left"><input name="txtusername" type="text" size="25"
class="textfield" /></td>
</tr>
<tr>
<td
height="22" align="left" class="bluetext">Password : </td>
</tr>
<tr>
<td
align="left"><input name="txtpwd" type="password" size="25"
class="textfield" /></td>
</tr>
<tr>
<td
height="5"></td>
</tr>
<tr>
<td
height="25" align="left" valign="top">
<input type="image" src="images/login_btn.jpg" title="Login" name="login">
<a
href="register.php"><img src="images/new_user_btn.jpg" border="0"></a>
</td>
</tr>
<tr>
<td
height="25" align="left">
<a
href="forgot_password.php" class="link4">Forgot Password</a>
</td>
</tr>
</table>
</form>
</td>
</tr>
<tr>
<td align="left"
valign="top"><img src="images/login_bottom.jpg" width="207" height="8"
alt="" /></td>
</tr>
<?php
}
else
{
?>
<tr>
<td width="207" height="32"
background="images/login_top2.jpg" class="headerlogout" align="center">
<table width="100%">
<tr>
<td
width="30"></td>
<td
align="left"><a href="javascript:logout()" class="link1">Log out</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="center"
class="logincenterbg">
<table width="88%"
border="0" cellspacing="0" cellpadding="0">
<tr>
<td
height="10" align="left" class="bluetext"></td>
</tr>
<tr>
<td
align="left" class="link2">Welcome : <?php echo $_SESSION["userid"] ?></td>
</tr>
<tr>
<td
height="22" align="left" class="bluetext"></td>
</tr>
<tr>
<td
height="20" align="left"><a class="link1" href="editaccount.php">Manage
Account</a></td>
</tr>
<tr>
<td
height="20" align="left"><a class="link1" href="editprofile.php">Manage
Profile</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="left"
valign="top"><img src="images/login_bottom.jpg" width="207" height="8"
alt="" /></td>
</tr>
<?php
}
?>
</table></td>
</tr>
<tr>
<td height="5"></td>
</tr>
<tr>
<td align="center" valign="top"><table width="211" border="0"
cellspacing="0" cellpadding="0">
<tr>
<td><img src="images/contest_top.jpg" width="211" height="36"
alt="" /></td>
</tr>
<tr>
<td><a href="contest.php"><img src="images/contest_middle.jpg"
width="211" height="169" border="0" alt="" /></a></td>
</tr>
</table></td>
</tr>
<tr>
<td height="5"></td>
</tr>
<tr>
<td align="center" valign="top"><table width="211" border="0"
cellspacing="0" cellpadding="0">
<tr>
<td><img src="images/review_head.jpg" width="211" height="36"
alt="" /></td>
</tr>
<tr>
<td height="89" align="center" class="reviewbg"><table
width="85%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="112" height="46" align="left" valign="middle"
class="bluetext2">Read about any beauty product...</td>
<td width="67" rowspan="2" align="right"> </td>
</tr>
<tr>
<td align="right" valign="middle" ><a
href="/rating/index.php"><img border="0" src="images/go_btn2.jpg" width="56"
height="21" alt="" /></a></td>
</tr>
</table></td>
</tr>
</table></td>
</tr>
<tr>
<td height="5"></td>
</tr>
<tr>
<td align="center" valign="top"><table width="210" border="0"
cellspacing="0" cellpadding="0">
<tr>
<td><img src="images/photos_top.jpg" width="210" height="39"
alt="" /></td>
</tr>
<tr>
<td align="center" class="photobg"><table width="85%" border="0"
cellspacing="0" cellpadding="0">
<tr>
<td height="46" align="left" valign="middle"
class="bluetext2">Add photos to our gallery...</td>
<td width="83" rowspan="2" align="right"><img
src="images/photo1.jpg" width="83" height="81" alt="" /></td>
</tr>
<tr>
<td align="center" valign="middle" ><a
href="photopost2/index.php"><img src="images/more_btn.jpg" width="59"
height="22" alt="" border="0" /></a></td>
</tr>
</table></td>
</tr>
<tr>
<td align="left" valign="top"><img
src="images/photos_bottom.jpg" width="210" height="12" alt="" /></td>
</tr>
</table></td>
</tr>
</table>
<script language="javascript">
function validatelogin()
{
if(document.frmlogin.txtusername.value=="")
{
alert("Please Enter Username.");
document.frmlogin.txtusername.focus();
return false;
}
if(document.frmlogin.txtpwd.value=="")
{
alert("Please Enter Password.");
document.frmlogin.txtpwd.focus();
return false;
}
document.frmlogin.login.value="Success";
document.frmlogin.action="operation.php?mode=login";
return true;
}
function logout()
{
if(window.confirm("Are you sure you want to log out."))
{
window.location.href="operation.php?mode=logout";
}
}
</script>
attached mail follows:
On Friday 11 May 2007 03:08, Dave Goodchild wrote:
> Another small and unrelated point - you don't need to use double quotes
> inside the array brackets - you're not processing them at all.
You seemed to have left out:
"use single quotes instead".
--
Crayon
attached mail follows:
I meant I could drop some controls into a form freely and the tool would
automatically generate the HTML+CSS to produce the screen.
--
.~. Might, Courage, Vision, SINCERITY. http://www.linux-sxs.org
/ v \ Simplicity is Beauty! May the Force and Farce be with you!
/( _ )\ (Ubuntu 6.10) Linux 2.6.21.1
^ ^ 19:19:01 up 13 days 4:12 0 users load average: 0.00 0.01 0.00
news://news.3home.net news://news.hkpcug.org news://news.newsgroup.com.hk
attached mail follows:
what screen? you mean the client's screen? I think that's basically
nonsense since php is server side.
if I misunderstood what you want then please explain it more clearly
greets
Zoltán Németh
2007. 05. 11, péntek keltezéssel 19.21-kor Man-wai Chang ezt Ãrta:
> I meant I could drop some controls into a form freely and the tool would
> automatically generate the HTML+CSS to produce the screen.
>
> --
> .~. Might, Courage, Vision, SINCERITY. http://www.linux-sxs.org
> / v \ Simplicity is Beauty! May the Force and Farce be with you!
> /( _ )\ (Ubuntu 6.10) Linux 2.6.21.1
> ^ ^ 19:19:01 up 13 days 4:12 0 users load average: 0.00 0.01 0.00
> news://news.3home.net news://news.hkpcug.org news://news.newsgroup.com.hk
>
attached mail follows:
Thanks for your input guys, will go through the links you gave me and get back to ya if I run into any problems.
Have a nice weekend!
Cheers!
R
------
- The faulty interface lies between the chair and the keyboard.
- Creativity is great, but plagiarism is faster!
- Smile, everyone loves a moron. :-)
---------------------------------
Get the free Yahoo! toolbar and rest assured with the added security of spyware protection.
attached mail follows:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I saw this problem on the http mail archive, I hope it will help :
Howto install Oracle and/or IBM db2 support for PHP 4 ou 5 or both on the cleanest way
1.1. Installation Oracle module for PHP 4 & 5
1.1.1. Download from
http://www.oracle.com/technology/software/tech/oci/instantclient/htdocs/linuxsoft.html
è Instant Client Package - Basic (instantclient-basic-linux32-10.2.0.2-20060331.zip)
è Instant Client Package - SDK (instantclient-sdk-linux32-10.2.0.2-20060331.zip)
è Instant Client Package - SQL*Plus (instantclient-sqlplus-linux32-10.2.0.2-20060331.zip)
Run this :
mkdir -p /opt/oracle/instantclient
cd /opt/oracle/instantclient
unzip instantclient-basic-linux32-10.2.0.1-20050713.zip
unzip instantclient-sdk-linux32-10.2.0.1-20050713.zip
unzip instantclient-sqlplus-linux32-10.2.0.2-20060331.zip
echo /opt/oracle/instantclient >> /etc/ld.so.conf
ldconfig
Create some missing symlinks libclntsh.so et libocci.so :
cd /opt/oracle/instantclient/
ln -s libclntsh.so.10.1 libclntsh.so
ln -s libocci.so.10.1 libocci.so
Environnement vars : (check out the PATH according to your install)
cat /etc/environment
ORACLE_HOME=/opt/oracle/instantclient
ORA_NLS33=/opt/oracle/instantclient/ocommon/nls/admin/data
TNS_ADMIN=/opt/oracle/instantclient/network/admin
NLS_LANG=AMERICAN_AMERICA.WE8ISO8859P15
TNS_ADMIN=/opt/oracle/instantclient
Apache side : /etc/apache2/envvars
ORACLE_HOME=/opt/oracle/instantclient
ORA_NLS33=/opt/oracle/instantclient/ocommon/nls/admin/data
TNS_ADMIN=/opt/oracle/instantclient/network/admin
NLS_LANG=AMERICAN_AMERICA.WE8ISO8859P15
export TNS_ADMIN
export NLS_LANG
export ORACLE_HOME
export ORA_NLS33
1.1.2. PHP oci8 et uncompress it :
http://pecl.php.net/package/oci8
è oci8-1.2.1.tgz (http://pecl.php.net/get/oci8-1.2.1.tgz)
1.1.3. Compilation for PHP4 with the Instant client for the example
phpize4 ; ./configure --with-php-config=/usr/bin/php-config4 --with-oci8=shared,instantclient,/opt/oracle/instantclient ; make clean ; make ; make install
1.1.4. Compilation for PHP5 with the heavy full Oracle client for exemple
phpize5 ; ./configure --with-php-config=/usr/bin/php-config5 --with-oci8=shared,$ORACLE_HOME; make clean ; make ; make install
1.1.5. Edit /etc/phpX/apacheX/php.ini for the Oracle support
# Support oracle
extension=oci8.so
1.2. Installation IBM DB2 modules for PHP 4 & 5
1.2.1. Installation IBM DB2 client
tar zxvf db2exc_LNX_26x86.tar.gz
Installation of Alien
apt-get install alien
Edit of the file : db2/linux/db2_install
Original :
( rpm -ivh ${INSTDEV?}/${pkg?}${RPMEXTN?} 2>&1; echo $? > ${TMPRC?} ) | tee -a ${DB2INSTLOG?}