|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
php-general-digest-help
lists.php.net
Date: Sun Feb 10 2008 - 20:19:17 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
php-general Digest 11 Feb 2008 02:19:17 -0000 Issue 5286
Topics (messages 269023 through 269063):
Re: strtotime
269023 by: Per Jessen
269026 by: Per Jessen
269028 by: Ron Piggott
269036 by: Floor Terra
269038 by: Ron Piggott
Re: Better DB Class MySQL
269024 by: Richard Heyes
269025 by: Richard Heyes
269031 by: Andrew Ballard
269034 by: Jochem Maas
269035 by: Richard Heyes
269047 by: Jason Pruim
269048 by: Nathan Nobbe
269060 by: Chris
Gzipped output
269027 by: Jakub
269030 by: Per Jessen
269032 by: Jakub
269033 by: Per Jessen
269052 by: Jakub
269054 by: Andrés Robinet
269055 by: Per Jessen
Re: Hex Strings Appended to Pathnames
269029 by: Mick
269037 by: Nathan Nobbe
Re: urgent !!! Please Help preg_replace !!!!!!!!!!!!!!!!!!!!!
269039 by: Robert Cummings
269042 by: tedd
269044 by: Nathan Nobbe
269045 by: Robert Cummings
mysql question
269040 by: nihilism machine
269041 by: Per Jessen
269043 by: Nathan Nobbe
269046 by: Per Jessen
mysql question #2
269049 by: nihilism machine
269050 by: Nathan Nobbe
269051 by: Shawn McKenzie
269053 by: Zoltán Németh
How to Protect Against SQL Injection Attacks While Using SQLite?
269056 by: NotReally GonnaTell
269057 by: Nathan Nobbe
269058 by: NotReally GonnaTell
269059 by: Nathan Nobbe
PHP variable values
269061 by: Ron Piggott
269062 by: Nathan Nobbe
Ajax, an HTML form being saved in mySQL
269063 by: Ron Piggott
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net
To post to the list, e-mail:
php-generallists.php.net
----------------------------------------------------------------------
attached mail follows:
Ron Piggott wrote:
>
> I am trying to calculate what was the date 18 months ago. When I give
> the command:
>
> $18_months_ago = strtotime("-18 months");
>
> It comes back with:
>
> Parse error: parse error, unexpected T_LNUMBER, expecting T_VARIABLE
That's a plain syntactical error, it's not related to strtotime(). Your
variable name of '18_months_ago' is not valid in PHP.
/Per Jessen, Zürich
attached mail follows:
Ron Piggott wrote:
> I see I broke a rule. The variable can't start with a number. Still
> strtotime doesn't work with -18 months How would you handle this?
> Ron
Uh, it works fine here:
php5 -r '$a=strtotime("-18 months"); print strftime("%Y%m%d",$a); ':
20060810
/Per Jessen, Zürich
attached mail follows:
I figured out what went wrong. Ron
attached mail follows:
On 2/10/08, Ron Piggott <ron.phpactsministries.org> wrote:
> I figured out what went wrong. Ron
>
Care to share it with us?
Floor
attached mail follows:
The date value I was assigning was for a mySQL query ... a date range
query. I was running my query when I hadn't assigned a date to the
other date range variable. I didn't realized I hadn't copied my DATE()
syntax to this area of my code. Ron
On Sun, 2008-02-10 at 18:22 +0100, Floor Terra wrote:
> On 2/10/08, Ron Piggott <ron.phpactsministries.org> wrote:
> > I figured out what went wrong. Ron
> >
> Care to share it with us?
>
> Floor
attached mail follows:
Larry Garfield wrote:
> http://www.php.net/pdo
>
> All the cool kids are doing it.
Except that converting to converting PDO is, undoubtedly, far more work
and will entail far more gotchas than the original poster wanted
--
Richard Heyes
http://www.websupportsolutions.co.uk
Knowledge Base and Helpdesk software for £299 hosted for you -
no installation, no maintenance, new features automatic and free
** New Helpdesk demo now available **
attached mail follows:
> // Terminator Style Function simply in coolness
> public function Terminator($tbl) {
> }
"Terminator"? Is this something I don't know about or is it simply a
method that goes around killing other methods?
Anyhoo, you may want to look at this:
http://www.phpguru.org/article.php?ne_id=121
http://www.phpguru.org/pear_db_replacement/
It's a MySQL only database wrapper that mimics the PEAR::DB API, (which
is, as I've been reminded a million times (roughly), obsolete), but is
one sixth the size. Important if one of of your goals is speed. You
could say if your goal is speed why use a wrapper at all? But it has the
following advantages:
1. If you start off with PEAR::DB (for example) and then need to squeeze
extra performance out of your site, the database wrapper is a good
place to start (since it is generally used a lot).
2. It has useful methods (ie the get* methods) which speed up
development time greatly.
3. I thought of others, but then subsequently forgot them. Doh.
--
Richard Heyes
http://www.websupportsolutions.co.uk
Knowledge Base and Helpdesk software for £299 hosted for you -
no installation, no maintenance, new features automatic and free
** New Helpdesk demo now available **
attached mail follows:
On Feb 9, 2008 7:39 PM, Larry Garfield <larrygarfieldtech.com> wrote:
> http://www.php.net/pdo
>
> All the cool kids are doing it.
>
>
Tried it. (Actually, I am using it for some stuff.) But I seriously hope it
works better for MySQL than it does for SQL Server.
Andrew
attached mail follows:
Larry Garfield schreef:
> http://www.php.net/pdo
>
> All the cool kids are doing it.
not true - some of them use firebird ;-)
>
> On Saturday 09 February 2008, nihilism machine wrote:
>> Looking to really beef up my DB class, any suggestions for functions
>> to add that will be more time saving for a web 2.0 app, or ways to
>> improve existing methods? thank you everyone in advance.
>>
>> <?php
>>
>> class db {
>>
>> // Members
>> public $db_user = "";
>> public $db_pass = "";
>> public $db_name = "";
>> public $db_server = "";
>> public $link;
>> public $result_id;
>>
>> // Methods
>> public function __construct() {
>> $this->connect();
>> }
>>
>> // Connect to MySQL Server
>> public function connect() {
>> $this->link = mysql_connect($this->db_server,$this->db_user,$this-
>>
>> >db_pass) or die("Error: Cannot Connect to DataBase");
>>
>> mysql_select_db($this->db_name,$this->link) or die("Error: Cannot
>> Select Database (" . $this->db_name . ")");
>> }
>>
>> // MySQL Query
>> public function query($sql) {
>> $this->result_id = mysql_query($sql);
>> return $this->fetch_rows();
>> }
>>
>> // MySQL Query
>> public function insert($sql) {
>> $this->result_id = mysql_query($sql);
>> return $this->select_id;
>> }
>>
>> // MySQL Fetch Rows
>> public function fetch_rows() {
>> $rows = array();
>> if($this->result_id){
>> while($row = mysql_fetch_object($this->result_id)) {
>> $rows[] = $row;
>> }
>> }
>> return $rows;
>> }
>>
>> // MySQL Affected Rows
>> public function num_rows() {
>> return mysql_num_rows($this->link);
>> }
>>
>> // MySQL Affected Rows
>> public function select_id() {
>> return mysql_insert_id($this->link);
>> }
>>
>> // Disconnect from MySQL Server
>> public function disconnect() {
>> mysql_close($this->link);
>> }
>>
>> // Terminator Style Function simply in coolness
>> public function Terminator($tbl) {
>> }
>>
>> // Destruct!
>> public function __destruct() {
>> $this->disconnect();
>> }
>> }
>>
>> ?>
>
>
attached mail follows:
Jochem Maas wrote:
> Larry Garfield schreef:
>> http://www.php.net/pdo
>>
>> All the cool kids are doing it.
>
> not true - some of them use firebird ;-)
Fire - what? :-)
--
Richard Heyes
http://www.websupportsolutions.co.uk
Knowledge Base and Helpdesk software for £299 hosted for you -
no installation, no maintenance, new features automatic and free
** New Helpdesk demo now available **
attached mail follows:
On Feb 10, 2008, at 10:39 AM, Richard Heyes wrote:
> Jochem Maas wrote:
>> Larry Garfield schreef:
>>> http://www.php.net/pdo
>>>
>>> All the cool kids are doing it.
>> not true - some of them use firebird ;-)
>
> Fire - what? :-)
Isn't that a car?
:)
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424
www.raoset.com
japruimraoset.com
attached mail follows:
On Feb 10, 2008 1:08 PM, Jason Pruim <japruimraoset.com> wrote:
> > Fire - what? :-)
>
> Isn't that a car?
> :)
ya; but mustangs are cooler :)
-nathan
attached mail follows:
Nathan Nobbe wrote:
> On Feb 9, 2008 7:03 PM, nihilism machine <nihilismmachinegmail.com> wrote:
>
>> Looking to really beef up my DB class, any suggestions for functions
>> to add that will be more time saving for a web 2.0 app, or ways to
>> improve existing methods? thank you everyone in advance.
>
>
> first of all, as a matter of style, its conventional to capitalize class
> names. so
> you would change the name to Db. also, conventionally, member functions are
> not capitalized; so Terminator(), becomes terminator().
>
> next thing is you have no escaping of the queries. you should be wrapping
> the
> $sql that gets passed into your query method in mysql_real_escape_string().
You don't escape the whole query.
You want something like this:
public function quote($string='') {
return mysql_real_escape_string($string);
}
and call it like this:
$query = "select blah from table where username='",
$db->quote($_POST['username']), "' and password='",
$db->quote($_POST['password']), "'";
> im not sure why you would name a call to mysql_insert_id(), select_id(); it
> seems
> better to preserve the original name.
because dropping in a replacement to use sqlite/postgres/other db will
still call 'mysql_insert_id()' ? Seems a bit strange.
--
Postgresql & php tutorials
http://www.designmagick.com/
attached mail follows:
Hello,
is it possible to make something like "gzipped echo"?.
My idea was:
$gzOut = gzopen('php://output','w');
but it fails with an error: <b>Warning</b>: gzopen(php://output) [<a
href='function.gzopen'>function.gzopen</a>]: could not make seekable -
php://output
That script generates a large text file to download, so I thought I can
gzip it somehow to make the downloads faster. The buffered way (to load
all the output to some $buffer and then echo gzencode($buffer,6);)
consumes too much memory.
Can anyone help me with this?
Best regards
Jakub Cermak
attached mail follows:
Jakub wrote:
> That script generates a large text file to download, so I thought I
> can gzip it somehow to make the downloads faster. The buffered way (to
> load all the output to some $buffer and then echo
> gzencode($buffer,6);) consumes too much memory.
You could write it to a local file, then do:
header("Content-Type: application/x-gzip");
Header("Content-Disposition: attached; filename=\"\"")
passthru("gzip -c <file>");
/Per Jessen, Zürich
attached mail follows:
Yes, I thought about this, but this has a big disadvantage - the client
must wait for the file to be fully processed and compressed and then he
can start downloading. I'd like to let the client start downloading the
compressed parts while the further parts are still being processed and
compressed - it's similar to streaming concept. I hope you can see what
I mean.
Jakub Čermák
ja.cermicentrum.cz
ICQ 159971304
Per Jessen napsal(a):
> Jakub wrote:
>
>
>> That script generates a large text file to download, so I thought I
>> can gzip it somehow to make the downloads faster. The buffered way (to
>> load all the output to some $buffer and then echo
>> gzencode($buffer,6);) consumes too much memory.
>>
>
> You could write it to a local file, then do:
>
> header("Content-Type: application/x-gzip");
> Header("Content-Disposition: attached; filename=\"\"")
>
> passthru("gzip -c <file>");
>
>
> /Per Jessen, Zürich
>
>
attached mail follows:
Jakub wrote:
> Yes, I thought about this, but this has a big disadvantage - the
> client must wait for the file to be fully processed and compressed and
> then he can start downloading. I'd like to let the client start
> downloading the compressed parts while the further parts are still
> being processed and compressed - it's similar to streaming concept. I
> hope you can see what I mean.
Maybe apaches mod_deflate is what you're after? That will do in-flight
compression.
/Per Jessen, Zürich
attached mail follows:
That would do the trick if it was allowed at the server .... but it
isn't :( And it's not my server and I can't change its settings.
Jakub Čermák
ja.cermicentrum.cz
ICQ 159971304
Per Jessen napsal(a):
> Jakub wrote:
>
>
>> Yes, I thought about this, but this has a big disadvantage - the
>> client must wait for the file to be fully processed and compressed and
>> then he can start downloading. I'd like to let the client start
>> downloading the compressed parts while the further parts are still
>> being processed and compressed - it's similar to streaming concept. I
>> hope you can see what I mean.
>>
>
> Maybe apaches mod_deflate is what you're after? That will do in-flight
> compression.
>
>
> /Per Jessen, Zürich
>
>
attached mail follows:
> -----Original Message-----
> From: Jakub [mailto:ja.cermicentrum.cz]
> Sent: Sunday, February 10, 2008 1:36 PM
> To: php-generallists.php.net
> Subject: Re: [PHP] Gzipped output
>
> That would do the trick if it was allowed at the server .... but it
> isn't :( And it's not my server and I can't change its settings.
>
> Jakub Čermák
> ja.cermicentrum.cz
> ICQ 159971304
>
>
>
> Per Jessen napsal(a):
> > Jakub wrote:
> >
> >
> >> Yes, I thought about this, but this has a big disadvantage - the
> >> client must wait for the file to be fully processed and compressed and
> >> then he can start downloading. I'd like to let the client start
> >> downloading the compressed parts while the further parts are still
> >> being processed and compressed - it's similar to streaming concept. I
> >> hope you can see what I mean.
> >>
> >
> > Maybe apaches mod_deflate is what you're after? That will do in-flight
> > compression.
> >
> >
> > /Per Jessen, Zürich
How about something like this? (Needs debugging and testing, but... just a hint after all)
<?php
ob_start("ob_gzhandler");
while ($someString = getTheNextPartOfTheLargeFile()) {
echo $someString;
ob_flush();
}
?>
Regards,
Rob
Andrés Robinet | Lead Developer | BESTPLACE CORPORATION
5100 Bayview Drive 206, Royal Lauderdale Landings, Fort Lauderdale, FL 33308 | TEL 954-607-4207 | FAX 954-337-2695 |
Email: infobestplace.net | MSN Chat: bestbestplace.net | SKYPE: bestplace | Web: bestplace.biz | Web: seo-diy.com
attached mail follows:
Andrés Robinet wrote:
> How about something like this? (Needs debugging and testing, but...
> just a hint after all)
>
> <?php
>
> ob_start("ob_gzhandler");
>
> while ($someString = getTheNextPartOfTheLargeFile()) {
> echo $someString;
> ob_flush();
> }
>
> ?>
I like it from a coding point of view (it's neat and elegant), but I
don't think it achieves anything else than my initial suggestion of
using exec(gzip -c).
/Per Jessen, Zürich
attached mail follows:
Richard Lynch wrote:
> I don't know if it's before/after, but PHP can't change the GET
> request to something it wasn't...
>
> So THAT was the URL requested.
>
> You might have some kind of funky mod_rewrite rule messing you up...
>
>
>
> On Tue, January 29, 2008 5:22 am, Mick wrote:
>
>> Richard Lynch wrote:
>>
>>> On Sun, January 27, 2008 7:57 am, Mick wrote:
>>>
>>>
>>>> Operating System: CentOS 4.6
>>>> PHP Version: 4.3.9-3.22.9
>>>> Zend Optimizer (free) version: 3.2.6
>>>>
>>>> Hello.
>>>>
>>>> I've got somewhat of a strange problem here involving Squirrelmail.
>>>> Basically, what is happening is that one of our customers is logged
>>>> out
>>>> of his Squirrelmail session at random intervals. This can occur
>>>> when
>>>> he goes to read an email or, after composing an email, when he
>>>> clicks
>>>> on the Send button.
>>>>
>>>> The following log entries correspond with those times that the
>>>> customer
>>>> is logged out.
>>>>
>>>> [error] [client X.X.X.X] File does not exist:
>>>> /var/www/squirrelmail/src/redirect.php3a5def33
>>>> [error] [client X.X.X.X] File does not exist:
>>>> /var/www/squirrelmail/src/redirect.php29e09f87
>>>> [error] [client X.X.X.X] File does not exist:
>>>> /var/www/squirrelmail/src/move_messages.phpf9f96dfb
>>>> [error] [client X.X.X.X] File does not exist:
>>>> /var/www/squirrelmail/src/redirect.phpdc6cc80a
>>>>
>>>> So what would be the cause of appending those hex strings to those
>>>> pathnames?
>>>>
>>>>
>>> You'll probably have to ask the squirrelMail guy...
>>>
>>> Unless you can reproduce it with other applications, it's not in PHP
>>> itself, probably.
>>>
>>> PS
>>> I'm a squirrelMail user, and I get logged out a lot too. :-(
>>>
>>>
>>>
>> Hi Richard.
>>
>> Thank you for your reply.
>>
>>
>>> You'll probably have to ask the squirrelMail guy...
>>>
>> I've already asked him, and he referred me to the PHP/Zend guys i.e.
>> to
>> here. ;)
>>
>> Actually, what the access logs show for these events is this for
>> example:
>>
>> "GET /squirrelmail/src/compose.php9e99b821 HTTP/1.1" 404
>> "GET /squirrelmail/src/redirect.php3a5def33 HTTP/1.1" 404
>>
>> Do you know if logging for the access log is performed before or after
>> the URL is passed through to php?
>>
>> Cheers,
>> Mick.
>>
>>
>>
>>
>
>
>
Hi Richard.
> So THAT was the URL requested.
>
As I had suspected.
> You might have some kind of funky mod_rewrite rule messing you up...
>
There is no rewrite rule. It's an extremely strange problem.
Cheers,
Mick.
attached mail follows:
On Feb 10, 2008 9:09 AM, Mick <asurferiinet.net.au> wrote:
> There is no rewrite rule. It's an extremely strange problem.
is this a production box; or more specifically, are you adverse to
throwing xdebug on there?
i suspect you could use the function tracing in xdebug to at least
find out where these strange paths are coming from.
-nathan
attached mail follows:
On Sun, 2008-02-10 at 16:46 +0800, LKSunny wrote:
> this i know already, but i think can do it single regex
Considering you marked the email as urgent, perhaps you have better
things to do than try to squeeze your problem into a regex. Feel free to
post your single regex when you find it... a side note of how much time
you wasted would be most informative too.
Cheers,
Rob.
> "Robert Cummings" <robertinterjinn.com> glsD:1202628949.6351.246.camelblobule...
> >
> > On Sun, 2008-02-10 at 14:33 +0800, LKSunny wrote:
> >> //please run this script, you can get what problem i got
> >>
> >> $html = <<<eof
> >> <a href="aaa.html">aaa</a>
> >>
> >> <a href="bbb.html">cfdfd</a>
> >>
> >> <a href="aaa.html">sfs
> >> sfsrbbb
> >> sfds</a>
> >>
> >> <a href="aaa.html">cc
> >> gd
> >> c</a>
> >>
> >> <a href="aaa.html">ddd
> >> 123</a>
> >> eof;
> >>
> >> /*
> >> i want replace any |<a.has bbb.</a>|, like
> >> <a href="bbb.html">cfdfd</a>
> >>
> >> <a href="aaa.html">sfs
> >> sfsrbbb
> >> sfds</a>
> >> */
> >>
> >
> > <?php
> >
> > $reps = array
> > (
> > array
> > (
> > 'match' => '#<a.*</a>#Uims',
> > 'check' => '#bbb#',
> > 'replace' => 'X',
> > ),
> > );
> >
> > foreach( $reps as $criteria )
> > {
> > if( preg_match_all( $criteria['match'], $html, $matches ) )
> > {
> > foreach( $matches[0] as $match )
> > {
> > if( preg_match( $criteria['check'], $match ) )
> > {
> > $html = str_replace( $match, $criteria['replace'], $html );
> > }
> > }
> > }
> > }
> >
> > ?>
> >
> > This does what you want to $html, but it doesn't do it in a single
> > regex. I'm not sure it can be done with a single regex, and if it can, I
> > doubt it's simple. I don't feel like investigating too far :)
> >
> > Cheers,
> > Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
attached mail follows:
At 12:38 PM -0500 2/10/08, Robert Cummings wrote:
>On Sun, 2008-02-10 at 16:46 +0800, LKSunny wrote:
> > this i know already, but i think can do it single regex
>
>Considering you marked the email as urgent, perhaps you have better
>things to do than try to squeeze your problem into a regex. Feel free to
>post your single regex when you find it... a side note of how much time
>you wasted would be most informative too.
>
>Cheers,
>Rob.
Rob:
It's exchanges like this that piss me off.
The OP marked his post as urgent meaning that he needed an answer
immediately. You in turn, provide him elegant code that solves his
problem, and he replies "this i know already".
If the OP knew this already, then it wasn't urgent!
He certainly could have said "Here's my code -- can anyone reduce it
to a single regex?" But no, he takes advantage of our time by stating
a falsehood. I for one, won't be answering any of LKSunny's post.
Where do we get people like this?
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
attached mail follows:
On Feb 10, 2008 12:55 PM, tedd <tedd.sperlinggmail.com> wrote:
> Where do we get people like this?
>
the late-night homework challenge?
-nathan
attached mail follows:
On Sun, 2008-02-10 at 12:55 -0500, tedd wrote:
> At 12:38 PM -0500 2/10/08, Robert Cummings wrote:
> >On Sun, 2008-02-10 at 16:46 +0800, LKSunny wrote:
> > > this i know already, but i think can do it single regex
> >
> >Considering you marked the email as urgent, perhaps you have better
> >things to do than try to squeeze your problem into a regex. Feel free to
> >post your single regex when you find it... a side note of how much time
> >you wasted would be most informative too.
> >
> >Cheers,
> >Rob.
>
> Rob:
>
> It's exchanges like this that piss me off.
>
> The OP marked his post as urgent meaning that he needed an answer
> immediately. You in turn, provide him elegant code that solves his
> problem, and he replies "this i know already".
>
> If the OP knew this already, then it wasn't urgent!
>
> He certainly could have said "Here's my code -- can anyone reduce it
> to a single regex?" But no, he takes advantage of our time by stating
> a falsehood. I for one, won't be answering any of LKSunny's post.
>
> Where do we get people like this?
There's a colony of them living under the really big rock at the end of
the yard :|
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
attached mail follows:
i have this functuon:
public function select_one($sql) {
$this->last_query = $sql;
$r = mysql_query($sql);
if (!$r) {
$this->last_error = mysql_error();
return false;
}
if (mysql_num_rows($r) != 1) {
return false;
}
$ret = mysql_result($r, 0);
mysql_free_result($r);
if ($this->auto_slashes) return stripslashes($ret);
else return $ret;
}
what is $ret, an array? if so how can i access the individual rows in
it?
attached mail follows:
nihilism machine wrote:
> $ret = mysql_result($r, 0);
> mysql_free_result($r);
> if ($this->auto_slashes) return stripslashes($ret);
> else return $ret;
> }
>
>
> what is $ret, an array?
No, it's a mysql result object.
> if so how can i access the individual rows in it?
Look up mysql_fetch_assoc().
/Per Jessen, Zürich
attached mail follows:
On Feb 10, 2008 12:52 PM, Per Jessen <percomputer.org> wrote:
> nihilism machine wrote:
>
> > $ret = mysql_result($r, 0);
> > mysql_free_result($r);
> > if ($this->auto_slashes) return stripslashes($ret);
> > else return $ret;
> > }
> >
> >
> > what is $ret, an array?
>
> No, it's a mysql result object.
>
no, its the contents of the first cell in the first record of the
result set; from the doc on mysql_result(),
http://www.php.net/manual/en/function.mysql-result.php
which is what the function is using.
> > if so how can i access the individual rows in it?
>
this method does not return a result set to the caller.
-nathan
attached mail follows:
Nathan Nobbe wrote:
>> > what is $ret, an array?
>>
>> No, it's a mysql result object.
>>
>
> no, its the contents of the first cell in the first record of the
> result set; from the doc on mysql_result(),
> http://www.php.net/manual/en/function.mysql-result.php
> which is what the function is using.
Yep, you're right - I read mysql_query where the OP said mysql_result.
Ignore the rest of my previous answer too.
/Per Jessen, Zürich
attached mail follows:
Ok, I read the php.net info. so with this function though:
public function select_one($sql) {
$this->last_query = $sql;
$r = mysql_query($sql);
if (!$r) {
$this->last_error = mysql_error();
return false;
}
if (mysql_num_rows($r) != 1) {
return false;
}
$ret = mysql_result($r, 0);
mysql_free_result($r);
if ($this->auto_slashes) {
return stripslashes($ret);
} else {
return $ret;
}
}
how can i get the contents of a column in the returned row say for
something called "Email" as the column name. here is my code now:
// Attempt to login a user
public function CheckValidUser($Email, $Password) {
$PasswordEncoded = $this->encode($Password);
$sql = "SELECT * FROM CMS_Users WHERE Email='$Email' AND
Password='$PasswordEncoded'";
$result = $this->DB->select_one($sql);
if ($result) {
// User info stored in Sessions
$_SESSION['Status'] = "loggedIn";
$_SESSION['ID'] = $row['ID'];
$_SESSION['Email'] = $row['Email'];
$_SESSION['AdminLevel'] = $row['AdminLevel'];
$_SESSION['FirstName'] = $row['FirstName'];
$_SESSION['LastName'] = $row['LastName'];
return true;
} else {
return false;
}
}
attached mail follows:
On Feb 10, 2008 1:12 PM, nihilism machine <nihilismmachinegmail.com> wrote:
> Ok, I read the php.net info. so with this function though:
>
> public function select_one($sql) {
> $this->last_query = $sql;
> $r = mysql_query($sql);
> if (!$r) {
> $this->last_error = mysql_error();
> return false;
> }
> if (mysql_num_rows($r) != 1) {
> return false;
> }
> $ret = mysql_result($r, 0);
> mysql_free_result($r);
> if ($this->auto_slashes) {
> return stripslashes($ret);
> } else {
> return $ret;
> }
> }
as the function stands you wont be able to. you can alter it
though:
public function select_one($sql, $columnName) {
$this->last_query = $sql;
$r = mysql_query($sql);
$ret = false; /// default return value is
false
if (!$r) {
$this->last_error = mysql_error();
return false;
}
if (mysql_num_rows($r) != 1) {
return false;
}
$result = mysql_fetch_assoc($r);
if(isset($result[$columnName])) {
$ret = $result[$columnName]);
}
mysql_free_result($r);
if ($this->auto_slashes) {
return stripslashes($ret);
} else {
return $ret;
}
}
note: i just hacked that together in my mail client :)
-nathan
attached mail follows:
nihilism machine wrote:
> Ok, I read the php.net info. so with this function though:
>
> public function select_one($sql) {
> $this->last_query = $sql;
> $r = mysql_query($sql);
> if (!$r) {
> $this->last_error = mysql_error();
> return false;
> }
> if (mysql_num_rows($r) != 1) {
> return false;
> }
> $ret = mysql_result($r, 0);
> mysql_free_result($r);
> if ($this->auto_slashes) {
> return stripslashes($ret);
> } else {
> return $ret;
> }
> }
>
>
> how can i get the contents of a column in the returned row say for
> something called "Email" as the column name. here is my code now:
HUH?
>
> // Attempt to login a user
> public function CheckValidUser($Email, $Password) {
> $PasswordEncoded = $this->encode($Password);
> $sql = "SELECT * FROM CMS_Users WHERE Email='$Email' AND
> Password='$PasswordEncoded'";
> $result = $this->DB->select_one($sql);
> if ($result) {
> // User info stored in Sessions
> $_SESSION['Status'] = "loggedIn";
> $_SESSION['ID'] = $row['ID'];
> $_SESSION['Email'] = $row['Email'];
> $_SESSION['AdminLevel'] = $row['AdminLevel'];
> $_SESSION['FirstName'] = $row['FirstName'];
> $_SESSION['LastName'] = $row['LastName'];
> return true;
> } else {
> return false;
> }
> }
attached mail follows:
2008. 02. 10, vasárnap keltezéssel 13.12-kor nihilism machine ezt Ãrta:
> Ok, I read the php.net info. so with this function though:
>
> public function select_one($sql) {
> $this->last_query = $sql;
> $r = mysql_query($sql);
> if (!$r) {
> $this->last_error = mysql_error();
> return false;
> }
> if (mysql_num_rows($r) != 1) {
> return false;
> }
> $ret = mysql_result($r, 0);
> mysql_free_result($r);
> if ($this->auto_slashes) {
> return stripslashes($ret);
> } else {
> return $ret;
> }
> }
>
>
> how can i get the contents of a column in the returned row say for
> something called "Email" as the column name. here is my code now:
>
> // Attempt to login a user
> public function CheckValidUser($Email, $Password) {
> $PasswordEncoded = $this->encode($Password);
> $sql = "SELECT * FROM CMS_Users WHERE Email='$Email' AND
> Password='$PasswordEncoded'";
> $result = $this->DB->select_one($sql);
> if ($result) {
> // User info stored in Sessions
> $_SESSION['Status'] = "loggedIn";
> $_SESSION['ID'] = $row['ID'];
> $_SESSION['Email'] = $row['Email'];
> $_SESSION['AdminLevel'] = $row['AdminLevel'];
> $_SESSION['FirstName'] = $row['FirstName'];
> $_SESSION['LastName'] = $row['LastName'];
> return true;
> } else {
> return false;
> }
> }
>
it seems to me you do not want a real 'select_one' but instead a
'select_one_row'
like this:
public function select_one_row($sql) {
$this->last_query = $sql;
$r = mysql_query($sql);
if (!$r) {
$this->last_error = mysql_error();
return false;
}
if (mysql_num_rows($r) != 1) {
return false;
}
$ret = mysql_fetch_assoc($r);
mysql_free_result($r);
if ($this->auto_slashes) {
return array_map('stripslashes', $ret);
} else {
return $ret;
}
}
and then you would call it in your code like:
public function CheckValidUser($Email, $Password) {
$PasswordEncoded = $this->encode($Password);
$sql = "SELECT * FROM CMS_Users WHERE Email='$Email'
AND
Password='$PasswordEncoded'";
$row = $this->DB->select_one_row($sql);
if ($row) {
// User info stored in Sessions
$_SESSION['Status'] = "loggedIn";
$_SESSION['ID'] = $row['ID'];
$_SESSION['Email'] = $row['Email'];
$_SESSION['AdminLevel'] = $row['AdminLevel'];
$_SESSION['FirstName'] = $row['FirstName'];
$_SESSION['LastName'] = $row['LastName'];
return true;
} else {
return false;
}
}
note the changes:
- use of mysql_fetch_assoc in the select_one_row function
- putting the return value of the function into $row and then using that
between the if function
// this above might contain bugs as I just wrote it up here in my mailer
greets
Zoltán Németh
attached mail follows:
Hello all, I am wondering how I should prevent SQL injection attacks while
using SQLite, MySQL has the trusted mysqli_real_escape_string,
but SQLite doesn't have it's own custom function, i've tried str_replace in
my code, but SQLite returns an error whenever I use a '. I've tried googling
around, but I haven't found anything useful.
attached mail follows:
On Feb 10, 2008 2:38 PM, NotReally GonnaTell <lithlistgmail.com> wrote:
> Hello all, I am wondering how I should prevent SQL injection attacks while
> using SQLite, MySQL has the trusted mysqli_real_escape_string,
> but SQLite doesn't have it's own custom function, i've tried str_replace
> in
> my code, but SQLite returns an error whenever I use a '. I've tried
> googling
> around, but I haven't found anything useful.
>
you can use PDO, and its prepared statements.
-nathan
attached mail follows:
Is there any other way to do this? I'd rather not use PDO.
On Feb 10, 2008 2:46 PM, Nathan Nobbe <quickshiftingmail.com> wrote:
> On Feb 10, 2008 2:38 PM, NotReally GonnaTell <lithlistgmail.com> wrote:
>
> > Hello all, I am wondering how I should prevent SQL injection attacks
> > while
> > using SQLite, MySQL has the trusted mysqli_real_escape_string,
> > but SQLite doesn't have it's own custom function, i've tried str_replace
> > in
> > my code, but SQLite returns an error whenever I use a '. I've tried
> > googling
> > around, but I haven't found anything useful.
> >
>
> you can use PDO, and its prepared statements.
>
> -nathan
>
attached mail follows:
On Feb 10, 2008 3:14 PM, NotReally GonnaTell <lithlistgmail.com> wrote:
> Is there any other way to do this? I'd rather not use PDO.
what version of php are you using and what version of sqlite?
this relevant info from the manual:
Moreover, since PHP 5.1.0 SQLite depends on
PDO<http://www.php.net/manual/en/ref.pdo.php>
and
SQLite 3 is supported through PDO
SQLite<http://www.php.net/manual/en/ref.pdo-sqlite.php>
.
sqlite3 is quite a bit better than 2, and anyway if you dont want to use
pdo there is sqlite_escape_string().
http://www.php.net/manual/en/function.sqlite-escape-string.php
-nathan
attached mail follows:
What is the command which shows the value of all the variables in
memory? Ron
attached mail follows:
On Feb 10, 2008 6:30 PM, Ron Piggott <ron.phpactsministries.org> wrote:
> What is the command which shows the value of all the variables in
> memory? Ron
get_defined_vars()
-nathan
attached mail follows:
I am trying to bring my programming skills together ... but I have hit a
road block.
I am writing my own ledger (accounting) software.
I am needing help to pass 2 variables generated by Ajax through my form
to be saved in a mySQL table.
A sample of what ledger_select_account.js outputs is as follows --- the
PHP script it accesses queries a table and then echo's this to the
screen.
<SELECT name="account_reference">
<OPTION value ="1">PayPal (REF: 1)</OPTION>
<OPTION value ="3">Receiver General (REF: 3)</OPTION>
<OPTION value ="2">TD Canada Trust (REF: 2)</OPTION>
</SELECT>
The source code for ledger_select_account.js is:
var xmlHttp
function showCustomer(str)
{
xmlHttp=GetXmlHttpObject();
if (xmlHttp==null)
{
alert ("Your browser does not support AJAX!");
return;
}
var url="ledger_account_details.php";
url=url+"?account_source="+str;
url=url+"&sid="+Math.random();
xmlHttp.onreadystatechange=stateChanged;
xmlHttp.open("GET",url,true);
xmlHttp.send(null);
}
function stateChanged () {
if (xmlHttp.readyState == 4) {
document.getElementById("txtHint").innerHTML=xmlHttp.responseText;
} else {
//alert(xmlHttp.readyState)
}
}
function GetXmlHttpObject()
{
var xmlHttp=null;
try
{
// Firefox, Opera 8.0+, Safari
xmlHttp=new XMLHttpRequest();
}
catch (e)
{
// Internet Explorer
try
{
xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
}
catch (e)
{
xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
}
}
return xmlHttp;
}
A sample of what ledger_select_gifi.js outputs is as follows --- the PHP
script it accesses queries a table and then echo's this to the screen.
<SELECT NAME="gifi_reference">
<OPTION VALUE="9">Bank Charges (8715: Bank Charges)</OPTION>
<OPTION VALUE="10">Benevolent Fund (9270: Other Expenses)</OPTION>
<OPTION VALUE="13">Computer Equipment / Software (1774: Computer
Equipment / Software)</OPTION>
<OPTION VALUE="4">Office Expenses (8811: Office stationery and
supplies)</OPTION>
<OPTION VALUE="12">Our Advertising Campaign Expenses (8521:
Advertising)</OPTION>
<OPTION VALUE="8">Photocopying (8810: Photocopying)</OPTION>
<OPTION VALUE="7">Postage (9275: Delivery, Freight and Express)</OPTION>
<OPTION VALUE="5">Telephone Expenses (9225: Telephone and
Communications)</OPTION>
<OPTION VALUE="6">Web Site Hosting (9152: Internet)</OPTION>
</SELECT>
The source code for ledger_select_gifi.js is:
var xmlHttp2
function showGIFI(str)
{
xmlHttp2=GetXmlHttpObject();
if (xmlHttp2==null)
{
alert ("Your browser does not support AJAX!");
return;
}
var url="ledger_gifi_details.php";
url=url+"?transaction_type="+str;
url=url+"&sid="+Math.random();
xmlHttp2.onreadystatechange=stateChanged2;
xmlHttp2.open("GET",url,true);
xmlHttp2.send(null);
}
function stateChanged2 () {
if (xmlHttp2.readyState == 4) {
document.getElementById("txtGIFI").innerHTML=xmlHttp2.responseText;
} else {
//alert(xmlHttp.readyState)
}
}
function GetXmlHttpObject()
{
var xmlHttp=null;
try
{
// Firefox, Opera 8.0+, Safari
xmlHttp=new XMLHttpRequest();
}
catch (e)
{
// Internet Explorer
try
{
xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
}
catch (e)
{
xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
}
}
return xmlHttp;
}
The form which submits the ledger entry is this:
<head>
<script src="ledger_select_account.js"></script>
<script src="ledger_select_gifi.js"></script>
</head>
<center>
<table>
<tr><td width=800>
<font face="times new roman">
<center><u>New Ledger Entry</u></center><p>
<center>
<table>
<form method=POST action="index.php?request=receive_ledger_entry_record">
<tr><td align="right"><font face="times new roman">Name Record Source:</td>
<td>
<SELECT NAME="account_source" onchange="showCustomer(this.value)">
<OPTION VALUE="0">MAKE YOUR SELECTION</OPTION>
<OPTION VALUE="1">Member Services Account</OPTION>
<OPTION VALUE="2">Ledger Account</OPTION>
<OPTION VALUE="3">Supplier</OPTION>
<OPTION VALUE="4">Advertiser Account</OPTION>
</SELECT>
</td></tr>
<tr><td align="right"><font face="times new roman">Account Reference:</td>
<td>
<div id="txtHint"><b>Account holder information will be listed here.</b></div>
</td></tr>
<tr><td align="right"><font face="times new roman">Transaction Type:</td>
<td>
<SELECT NAME="transaction_type" onchange="showGIFI(this.value)">
<OPTION VALUE="0">MAKE YOUR SELECTION</OPTION>
<OPTION VALUE="1">Donation</OPTION>
<OPTION VALUE="2">Expense</OPTION>
<OPTION VALUE="3">Income</OPTION>
<OPTION VALUE="4">PayPal Funds Transfer</OPTION>
<OPTION VALUE="5">Payroll</OPTION>
</SELECT>
</td></tr>
<tr><td align="right"><font face="times new roman">GIFI Reference:</td>
<td>
<div id="txtGIFI"><b>GIFI information will be listed here.</b></div>
</td></tr>
<tr><td align="right"><font face="times new roman">Transaction Date (YYYY-MM-DD):</td>
<td>
<input type=text name="transaction_date" size=40 maxlength=10>
</td></tr>
<tr><td></td><td>
<table>
<tr><td align="right"><font face="times new roman">Foreign Currency Received:</td>
<td>
<font face="times new roman">$ <input type=text name="foreign_currency_dollar_value" size=20 maxlength=12>
</td></tr>
<tr><td align="right"><font face="times new roman">Foreign Currency Identifier:</td>
<td>
<SELECT NAME="foreign_currency_identifier">
<OPTION VALUE="0"></OPTION>
<OPTION VALUE="1">U.S. Funds</OPTION>
</SELECT>
</td></tr>
<tr><td align="right"><font face="times new roman">Foreign Currency Exchange Rate:</td>
<td>
<font face="times new roman">$ <input type=text name="foreign_currency_exchange_rate" size=20 maxlength=14>
</td></tr>
</table>
</td></tr>
<tr><td align="right"><font face="times new roman">Dollar Value:</td>
<td>
<font face="times new roman">$ <input type=text name="dollar_value" size=20 maxlength=11>
</td></tr>
<tr><td align="right"><font face="times new roman">Bank Account Reference:</td>
<td>
<SELECT NAME="bank_account_reference">
<OPTION VALUE="2">PayPal</OPTION>
<OPTION VALUE="1">TD Canada Trust</OPTION>
</SELECT>
</td></tr>
<tr><td align="right"><font face="times new roman">Cheque Reference:</td>
<td>
<input type=text name="cheque_reference" size=10 maxlength=5>
</td></tr>
<tr><td align="right"><font face="times new roman">Bank Account Balance:</td>
<td>
<font face="times new roman">$ <input type=text name="bank_account_balance" size=20 maxlength=8>
</td></tr>
<tr><td align="right"><font face="times new roman">Notepad:</td>
<td>
<textarea COLS=40 ROWS=5 name="notepad"></textarea>
</td></tr>
<tr><td></td>
<td>
<input type="submit" name="submit" value="Submit Ledger Entry">
</form>
</td></tr>
</table>
</center><p>
The form processes and goes into this INSERT INTO statement:
mysql_select_db($database) or die( "Unable to select database");
mysql_query("INSERT INTO `ledger_entry`
(`reference` ,`account_source` ,`account_reference` ,`transaction_type` ,`gifi_reference` ,`transaction_date` ,`foreign_currency_dollar_value` ,`foreign_currency_identifier` ,`foreign_currency_exchange_rate` ,`dollar_value` ,`bank_account_reference` ,`cheque_reference` ,`bank_account_balance` ,`created_by` ,`notepad` ,`entry_date`)VALUES (NULL , '$account_source', '$account_reference', '$transaction_type', '$gifi_reference', '$transaction_date', '$foreign_currency_dollar_value', '$foreign_currency_identifier', '$foreign_currency_exchange_rate', '$dollar_value', '$bank_account_reference', '$cheque_reference', '$bank_account_balance', '$record', '$notepad', '$entry_date');");
$created_ledger_record_reference = mysql_insert_id();
mysql_close();
All the variables, but the two ajax ones ( $account_reference &
$gifi_reference ) make it into the table.
I initially just had 1 ajax set up ( ledger_select_account.js ) . When
there was just the one the value of $account_reference was inserted into
the ledger_entry table. At that point I was still displaying all of the
possible GIFI codes which could be selected.
I am now only wanting to display the GIFI codes which are relevant.
I am able to make the selects ... so I know the ajax works; but some
where between my form and when it is submitted the numerical values
aren't being passed on.
I don't know where to post this for help; would you help me get this
sorted out? Please make sure all responses are e-mailed to me directly
ron.phpactsministries.org .
Thanks for helping get me through this,
Ron
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]