[PHP] Issue with encrypted string created with Crypt_CBC and urls and mod_rewrite
hi there im having issue decoding an encoded string created with a pear
package Crypt_CBC which i am encoding a uri into the string and sending
to a rewrite url. The query string is not returning the encoded part of
the url properly for some reason and not decoding properly.
I have already sent this to the pear list, but maybe someone here has
experienced issues with encoded strings and mod_rewrite not relocating
with a url encoded string ?
The encoded string without mod_rewrite rules is
RandomIVQ%83%80%E6%0F%E7%E4%7CdY%E7%BA%9B%14%5B%60%98%A1%1D%04%94L_%16%E
4%19%EF%F1%FE%5C%D6%CE%09%C8DI%A7%1F%04%25%A8%7B%FA%19%B51%1D%7C%0D%04%1
3%E3%21%F1%60f%C6%91%A8b%82%11YK%21l+%C5%D0W%D9%9A%2B%CD3%C3%FA%82LE%D8%
1EA%07%25%F5%BB%22%EA%B7%B8%82%F0WZ%40
With rewritten urls its from viewing source.
RandomIVQƒ€æçä|dY纛[`˜¡
”L_äïñþ\ÖÎÈDI§ %¨{úµ1
|
ã!ñ`fÆ‘¨b‚YK!l+ÅÐWÙš+Í3Ãú‚LEØ
A%õ»ê·¸‚ðWZ@
The rewrite rule is
RewriteEngine on
RewriteBase /
RewriteRule ^feeds/(.*) refer.php?$1 [L]
Any ideas why its not urlencoding the urlencoded string in the rewrite
url ?
I may have to use the request_uri instead of sending it as a query
string if this is a flaw in mod_rewrite ?? I think however if i use the
request_uri things could break a little.
Let me know.
Dan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP 5 DOM, XPath, UTF-8, and Form Input
I have been doing some testing and need confirmation that the following is correct. You have a DOMDocument that potentially contains UTF-8 encoded data (it might not however). You want to search it via DOMXpath-query() using a value that comes from a $_POST value. If the page that posts the data via a form to the search script IS NOT encoded in UTF-8, then the value must be converted to UTF-8 before it is used in the query expression. Else, if the posting page IS UTF-8 encoded, then the $_POST data does not need to be converted before being used in the expression. Is this correct? Also, if the $_POST data comes from a UTF-8 encoded page, and it needs to be sanitized before use, will the basic PHP string functions work on the data (e.g. htmlentities, stripslashes, trim, preg_replace, etc)? If not what do I have to do? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Issue with encrypted string created with Crypt_CBC and urls and mod_rewrite
It also seems that any forward slash being encoded if it encodes,
mod_rewrite doesnt like, therefore I have to split up the urls using
parse_url, but it seems it still doesnt like the query part and some
special characters like ampersands and equals ?
On 23/02/2006, at 12:30 PM, Dan Rossi wrote:
hi there im having issue decoding an encoded string created with a
pear package Crypt_CBC which i am encoding a uri into the string and
sending to a rewrite url. The query string is not returning the
encoded part of the url properly for some reason and not decoding
properly.
I have already sent this to the pear list, but maybe someone here has
experienced issues with encoded strings and mod_rewrite not relocating
with a url encoded string ?
The encoded string without mod_rewrite rules is
RandomIVQ%83%80%E6%0F%E7%E4%7CdY%E7%BA%9B%14%5B%60%98%A1%1D%04%94L_%16%
E4%19%EF%F1%FE%5C%D6%CE%09%C8DI%A7%1F%04%25%A8%7B%FA%19%B51%1D%7C%0D%04
%13%E3%21%F1%60f%C6%91%A8b%82%11YK%21l+%C5%D0W%D9%9A%2B%CD3%C3%FA%82LE%
D8%1EA%07%25%F5%BB%22%EA%B7%B8%82%F0WZ%40
With rewritten urls its from viewing source.
RandomIVQƒ€æçä|dY纛[`˜¡
”L_äïñþ\ÖÎÈDI§ %¨{úµ1
|
ã!ñ`fÆ‘¨b‚YK!l+ÅÐWÙš+Í3Ãú‚LEØ
A%õ»ê·¸‚ðWZ@
The rewrite rule is
RewriteEngine on
RewriteBase /
RewriteRule ^feeds/(.*) refer.php?$1 [L]
Any ideas why its not urlencoding the urlencoded string in the rewrite
url ?
I may have to use the request_uri instead of sending it as a query
string if this is a flaw in mod_rewrite ?? I think however if i use
the request_uri things could break a little.
Let me know.
Dan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Lions and tigers and slashes, oh my!
Jay Blanchard wrote:
[snip]
hope the kick didn't break anything. :-)
[/snip]
Nah, just having a senior moment. Since it is a query string issue I
converted the database (even though it is strictly a web database in this
case) to 'Oil Gas'. The query string sees the ampersand and doesn't show
so the DB is 'correct'. NOw it's just a case or urlencoding the value before
sticking it in the URL - that will protect the server from breaking off the
query condition/parameter at the point of the '' in 'Oil Gas'
and just in case your forced to do the urlencoding of the value on the
client side, here is one I stole earlier:
//
// URLEncode and URLDecode functions
//
// Copyright Albion Research Ltd. 2002
// http://www.albionresearch.com/
//
// The Javascript escape and unescape functions do not correspond
// with what browsers actually do...
//
// You may copy these functions providing that
// (a) you leave this copyright notice intact, and
// (b) if you use these functions on a publicly accessible
// web site you include a credit somewhere on the web site
// with a link back to http://www.albionresarch.com/
//
// If you find or fix any bugs, please let us know at albionresearch.com
//
// SpecialThanks to Neelesh Thakur for being the first to
// report a bug in URLDecode() - now fixed 2003-02-19.
//
function URLEncode(plaintext)
{
if (!plaintext || !plaintext.length) {
return plaintext;
}
var SAFECHARS = 0123456789 + // Numeric
ABCDEFGHIJKLMNOPQRSTUVWXYZ + // Alphabetic
abcdefghijklmnopqrstuvwxyz +
-_.!~*'();// RFC2396 Mark characters
var HEX = 0123456789ABCDEF;
var encoded = ;
for (var i = 0; i plaintext.length; i++ ) {
var ch = plaintext.charAt(i);
if (ch == ) {
encoded += +; // x-www-urlencoded, rather than %20
} else if (SAFECHARS.indexOf(ch) != -1) {
encoded += ch;
} else {
var charCode = ch.charCodeAt(0);
if (charCode 255) {
/*
alert( Unicode Character ' + ch + ' cannot be encoded using
standard URL encoding.\n +
(URL encoding only supports 8-bit characters.)\n +
A space (+) will be substituted. );
*/
encoded += +;
} else {
encoded += %;
encoded += HEX.charAt((charCode 4) 0xF);
encoded += HEX.charAt(charCode 0xF);
}
}
} // for
return encoded;
};
function URLDecode(encoded)
{
if (!encoded || !encoded.length) {
return encoded;
}
// Replace + with ' '
// Replace %xx with equivalent character
// Put [ERROR] in output if %xx is invalid.
var HEXCHARS = 0123456789ABCDEFabcdef;
var plaintext = ;
var i = 0;
while (i encoded.length) {
var ch = encoded.charAt(i);
if (ch == +) {
plaintext += ;
i++;
} else if (ch == %) {
if (i (encoded.length-2)
HEXCHARS.indexOf(encoded.charAt(i+1)) != -1
HEXCHARS.indexOf(encoded.charAt(i+2)) != -1 ) {
plaintext += unescape(encoded.substr(i,3));
i += 3;
} else {
/*
alert( 'Bad escape combination near ...' + encoded.substr(i) );
*/
plaintext += %[ERROR];
i++;
}
} else {
plaintext += ch;
i++;
}
} // while
return plaintext;
};
anything past that in the condirion.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: amp; in Query String
At 00:00 27.11.2002, Jonathan Rosenberg \(Tabby's Place\) said: [snip] Ok ... I take back what I said about amp; not working in a query string. It works just fine. [snip] Ahhh - and I just created a test page for all to check out... nevertheless, here it is: http://www.vogelsinger.at/test.php Simply provides a link using query parameters encoded with amp;, to check with different browsers. Maybe someone will check this outwith his browser anyway. -- O Ernest E. Vogelsinger (\)ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] URL
Bruno Santos wrote:
Im developing a couple of pages and i need to do some redirecting to
another page depending
on the choice of a user.
The problem is, to go to another page, i need to send some parameters in
the URL that are alredy present, but i need to make the redirecting
independent of the page. if i use $_SERVER['PHP_SELF'], i have only
http://some_domain/the_page
and what i want is
http://some_domain/the_page?some_parameters=valueanother_parameter=value
the ?some_parameters=value are alredy present and i need to redirect
them again...
I know that are some fuctions to manage this, or not...
any solucion ??
How about $_SERVER['QUERY_STRING']?
That _should_ contain the current query string with the values still
encoded, but I'm not sure on that. If they aren't still encoded, then
just rebuild the query string by looping through $_GET.
$url = $_SERVER['PHP_SELF'] . '?';
foreach($_GET as $key = $value)
{ $url .= '' . $key . '=' . urlencode($value); }
If you have arrays within $_GET, then you'll need a recursive function,
but hopefully one of the above will work for your needs.
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals www.phparch.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A problem about urlencode
Teng Wang wrote: I have a url containing some multi-byte characters. So I need urlencode() to change these characters into the %xx form. However, when I encode the whole url string, / is also be encoded as %2F. How to solve this problem? I don't want to analyze the url string before/after urlencode(). According to my understanding this is the correct behaviour for url encode. The fact that your string is multibyte or not has little relevence in convertin '/' to %2f. You are unly supposed to use the urlencode() function on the query string or to be more precise on each value that you pass via the query string and NOT on the whole URL. -- Raditha Dissanayake. http://www.radinks.com/sftp/ | http://www.raditha.com/megaupload Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader Graphical User Inteface. Just 128 KB | with progress bar. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Problems passing variables from Javascript to PHP
Hello =) I'm embedding an SQL query constructed in Javascript to an URL and opening it in PHP where I try to execute it. Problem is, the string arrives garbled, with all the apostrophes escaped. This must be Javascript's type of safe url encoding, but how would I go about decoding it in PHP? I thought about urldecode or rawurldecode, but Javascript doesn't seem to use RFC 1738 encoding (because of the escaped apostrophes). Then I thought about writing a Javascript function to encode the query string into RFC 1738 %-format, but then I couldn't use unicode characters in my query, right? What to do? I need to find a way so that the string can be encoded in Javascript and decoded in PHP and not get garbled. Thanks in advance, Daniel -- There are 10 kinds of people: Those who know binary and those who don't. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP 5 DOM, XPath, UTF-8, and Form Input
C Drozdowski wrote: I have been doing some testing and need confirmation that the following is correct. You have a DOMDocument that potentially contains UTF-8 encoded data (it might not however). You want to search it via DOMXpath-query() using a value that comes from a $_POST value. If the page that posts the data via a form to the search script IS NOT encoded in UTF-8, then the value must be converted to UTF-8 before it is used in the query expression. Else, if the posting page IS UTF-8 encoded, then the $_POST data does not need to be converted before being used in the expression. Is this correct? AFAIK... yes, this is correct. Also, if the $_POST data comes from a UTF-8 encoded page, and it needs to be sanitized before use, will the basic PHP string functions work on the data (e.g. htmlentities, stripslashes, trim, preg_replace, etc)? If not what do I have to do? I believe that PHP uses ISO-8859-1 as the default encoding, but there are ways around it. htmlentities() will let you specify UTF-8 encoding. Remember that your DOMDocument may / may not be whitespace-sensitive, so be careful about how / if you trim(). I don't know how well stripslashes, preg_replace, etc. work with UTF-8. Hopefully someone else will be able to help out with those... -- Teach a man to fish... NEW? | http://www.catb.org/~esr/faqs/smart-questions.html STFA | http://marc.theaimsgroup.com/?l=php-generalw=2 STFM | http://php.net/manual/en/index.php STFW | http://www.google.com/search?q=php LAZY | http://mycroft.mozdev.org/download.html?name=PHPsubmitform=Find+search+plugins signature.asc Description: OpenPGP digital signature
Re: Re: [PHP] passing variables in javascript
From: "Nicholas W. Miller" [EMAIL PROTECTED]
H ... is there anyway to do this without requiring the page
with the link to use PHP?
Well if the string you're going to urlencode() is always going to be the
same, then just run it through once, grab the encoded version and hard-code
it :)
You have to encode each part of the query string on the URL correctly:
a href="#" onClick="MM_openBrWindow('../email/popup.php??php
echo "title=" . urlencode("B2B Antitrust: Opening Moves in the
Game")
. "url=" .
urlencode("http://www.domain.com/biz/pubs.html#antitrust");
?', 'email','width=410,height=435')"Emailthis/a
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Decoding a URL without decoding values
I've got a querystring that looks like this: ?url=http%3A%2F%2Ftest.alpharetta.ga.us%2Findex.php%3Fm%3Dlinks%26category%3DRecreation%2B%2526%2BParks%26go.x%3D22%26go.y%3D7 As you can gather, I'm trying to pass a URL to another script for some processing. Before I urlencode() the URL and pass it to the query string, it looks like this: http://test.alpharetta.ga.us/index.php?m=linkscategory=Recreation+%26+Parksgo.x=22go.y=7 As you can see, there are already encoded entities in the URL, which are further encoded when passed through urlencode(). The problem I'm having is that when I urldecode() the string from $_GET[url], I get the following string: http://test.alpharetta.ga.us/index.php?m=linkscategory=Recreation Parksgo.x=22go.y=7 It's similar, but the category variable is now Recreation Parks when it needs to be Recreation+%26+Parks. When I try to use file_get_contents() on this string, I get nothing because of the ampersand and spaces in the URL. Is there a way to urldecode() $_GET[url] and still retain its original encoded entities so that I can use it again as a valid URL? -- Regards, Ben Ramsey http://benramsey.com http://www.phpcommunity.org/wiki/People/BenRamsey -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question: urldecode
--- Ford, Mike [EMAIL PROTECTED] wrote: Are you seeing the URL-encoded version *only* in your browser's Address/Location bar? If so, that's perfectly normal and nothing to worry about -- it should be automatically decoded by the Web server before being passed to PHP. If you're seeing the encoded version actually in your PHP script, that sounds like a major problem, possibly indicating a missing urldecode() or extraneous urlencode() -- in which case, please post a more detailed analysis of your problem, examples of the unwanted behaviour, and the relevant portions of script. I have no idea about what it means to see the encoded version in my script. I have only one urldecode in the script: a href=SearchJobDetails.php?JobID=?php echo urldecode($row_rsVJ['JobID']);? No urlencodes anywhere. I'll assume it's decoded properly before going to php because the script runs fine. I just know that I've seen the hex's normally converted in the browser bar. Further, I was assuming I should add the urldecode to the query string. As I had posted originally. From the example in the manual it appears I might to pass the params through a urldecode counter loop. Lastly, I wasn't concerned about the hex code, but I just made some reconnections of scripts. Users can save their search parameters. I am saving the query string. Now I had this set up before and the way it was working , is when the user wanted to view or edit their saved searches, the search page would come back with all the parameters filled in including shaded parameters in things like mult select lists and menu dropdowns. It's not working that way now , so my first suspicion is perhaps the hex is effecting it. I can post more of the script if that makes sense. Stuart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: amp; in Query String
Looks fine in Opera 6.03 hth http://www.vogelsinger.at/test.php?par1=value1par2=value2par3=value3 Opera Version 6.03 Build 1107 Platform Win32 System Windows 98 Java Sun Java Runtime Environment 1.4 Testing the query string This is the full query string ($_SERVER['QUERY_STRING']): par1=value1par2=value2 par3=value3 This is a printout of $_GET: Array ( [par1] = value1 [par2] = value2 [par3] = value3 ) I will use this string for the link below: /test.php?par1=value1amp;par2=value2 amp;par3=value3 On Wed, 27 Nov 2002 00:09:35 +0100, [EMAIL PROTECTED] (Ernest E Vogelsinger) wrote: At 00:00 27.11.2002, Jonathan Rosenberg \(Tabby's Place\) said: [snip] Ok ... I take back what I said about amp; not working in a query string. It works just fine. [snip] Ahhh - and I just created a test page for all to check out... nevertheless, here it is: http://www.vogelsinger.at/test.php Simply provides a link using query parameters encoded with amp;, to check with different browsers. Maybe someone will check this outwith his browser anyway. -- O Ernest E. Vogelsinger (\)ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] URL encode
Bruno Santos wrote: Hello. Im having some trouble when getting a query from a $_GET method the problem is, when using $_GET, i get some charaters decoded as html entities. if i submit the word %sara% (example), is ok but, if i submi the word %carlos%, i get Êrlos, witch is the translation of html entity %ca so a user is entering '%carlos%'? firstly it _looks_ like you are adding the '%' signs in order to have this affect the way a search query is performed - if this is the case maybe you should consider wrapping the search term on the server side _after_ you have recieved the string? also if you run the following: echo urlencode(%carlos%); you will see that in order to pass the '%' sign in a url it will need to be encoded as '%25'; if you create the string '%carlos%' on the server then you can perform urlencode() on it before outputting the url and it should come back as you expect... if on the otherhand this is user entered info then you may need to use javascript to encode the string before the forms values are submitted. how can i can resolve it ?? ive tryed with htmlentities, urlencode, urldecode, etc... you don't need to run any function over the incoming value - the webserver will urldecode what ever GET string is incoming... if the string is not properly encoded in the first place (i.e. before it is used as a request to the webserver) then there is no proper way of retrieving the original value AFAICS help ? cheers Bruno Santos -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question: urldecode
Stuart Felenstein wrote: In my search page, the url returned comes back with the ..err I forget what it's called, but query string looks like this: %5B%5D=3. I think the %5B and 5D should be []. What I think is needed is rawurldecode. I've looked through my code and think it belongs somewhere in this block: Don't guess. Figure out *EXACTLY* where and when the URL is being encoded to Hex -- where it first appears in your scripts/database/application as %5B. Decide if it's right for it to be in Hex at that point. If it's not right for it to be Hex at that point, change it there. You'll drive yourself crazy changing it here, where it's already in the system in a format you don't want. My *GUESS* is that you're taking the QUERY string and stuffing it into your database. Since you grab the raw query string, it's in Hex-encoded format. Maybe that's a Good Thing to store in your database. Maybe it's not. All depends what you're going to do with it in the *REST* of the application. But I cannot stress enough that you've got to understand where and how this data is coming from, in what format, and *DESIGN* your application to have the data you want in the place you want. Going about it like you are now, just sort of guessing at what's there and trying to slap in a patch to change it, is going to drive you crazy in the long run. Your solution isn't necessarily wrong: Your approach to making the decision is :-) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] 2 Qs: Passing current URL with session and how to avoid session timeout???
--- Cal Evans [EMAIL PROTECTED] wrote: I usually just pass this kind of info around on the URL. http://mypage.com/mypage.php?prevURL=http://mypage.com/lastpage.php if I have to pass a full query string then I urlencode() it first and urldecode() it on the other side. Just as a bit of advice, you should always URL encode any data you want to append to the URL like that. Also, decoding it is superfluous, because the Web server will do that for you (since URL data is supposed to be URL encoded). Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] '' Sign in _GET Parameter
From: Pushpinder Singh Garcha [EMAIL PROTECTED] I am using an application where I retrieve user profile from a MySQL DB using the Company Name . I pass the name of the company to the PHP script as a '$_GET' parameter. e.g. when the name of the company is 'IBM'. , the URL with the query string would look like : http://masterstream.com/CRM/full_profile_1.php?name=IBM Now one of the records had a name : PSG Inc. , in this case the URL with the query string would look like http://masterstream.com/CRM/full_profile_1.php?name=PSG%20%20Inc. However in the case of the latter I am not able to pull out any records from the MySQL database. It says that no records with the name were found. I went ahead and tweaked the name of the company, to remove the sign in 'PSG Inc.' Now the query works fine. Can some one throw some light here. I am sure something minor is to be done when passing the name of the company in the parent script. The character separates variables in the query string, so it must be encoded if it appears in the data. Take a look at http://us2.php.net/urlencode ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] '' Sign in _GET Parameter
Thanks for the link, $link = $row['company'];�� a href=\full_profile_1.php?name=', urlencode($link),' \�� However this does not seem to work / what am I missing ? Thanks -Pushpinder On Friday, August 22, 2003, at 03:23 PM, CPT John W. Holmes wrote: From: Pushpinder Singh Garcha [EMAIL PROTECTED] I am using an application where I retrieve user profile from a MySQL DB using the Company Name . I pass the name of the company to the PHP script as a '$_GET' parameter. e.g. when the name of the company is 'IBM'. , the URL with the query string would look like : http://masterstream.com/CRM/full_profile_1.php?name=IBM Now one of the records had a name : PSG Inc. , in this case the URL with the query string would look like http://masterstream.com/CRM/full_profile_1.php?name=PSG%20%20Inc. However in the case of the latter I am not able to pull out any records from the MySQL database. It says that no records with the name were found. I went ahead and tweaked the name of the company, to remove the sign in 'PSG Inc.' Now the query works fine. Can some one throw some light here. I am sure something minor is to be done when passing the name of the company in the parent script. The character separates variables in the query string, so it must be encoded if it appears in the data. Take a look at http://us2.php.net/urlencode ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] '' Sign in _GET Parameter
Try this : $link = $row[company]; echo (a href='full_profile_1.php?name=.urlencode($link).'); -- www.cpm-fr.com Thanks for the link, $link = $row['company'];\00\00 a href=\full_profile_1.php?name=', urlencode($link),' \\00\00 However this does not seem to work / what am I missing ? Thanks -Pushpinder On Friday, August 22, 2003, at 03:23 PM, CPT John W. Holmes wrote: From: Pushpinder Singh Garcha [EMAIL PROTECTED] I am using an application where I retrieve user profile from a MySQL DB using the Company Name . I pass the name of the company to the PHP script as a '$_GET' parameter. e.g. when the name of the company is 'IBM'. , the URL with the query string would look like : http://masterstream.com/CRM/full_profile_1.php?name=IBM Now one of the records had a name : PSG Inc. , in this case the URL with the query string would look like http://masterstream.com/CRM/full_profile_1.php?name=PSG%20%20Inc. However in the case of the latter I am not able to pull out any records from the MySQL database. It says that no records with the name were found. I went ahead and tweaked the name of the company, to remove the sign in 'PSG Inc.' Now the query works fine. Can some one throw some light here. I am sure something minor is to be done when passing the name of the company in the parent script. The character separates variables in the query string, so it must be encoded if it appears in the data. Take a look at http://us2.php.net/urlencode ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] URL
Hi
You can user $_SERVER['REQUEST_URI'];
Thanks
Zareef Ahmed
--- John W. Holmes [EMAIL PROTECTED] wrote:
Bruno Santos wrote:
Im developing a couple of pages and i need to do
some redirecting to
another page depending
on the choice of a user.
The problem is, to go to another page, i need to
send some parameters in
the URL that are alredy present, but i need to
make the redirecting
independent of the page. if i use
$_SERVER['PHP_SELF'], i have only
http://some_domain/the_page
and what i want is
http://some_domain/the_page?some_parameters=valueanother_parameter=value
the ?some_parameters=value are alredy present and
i need to redirect
them again...
I know that are some fuctions to manage this, or
not...
any solucion ??
How about $_SERVER['QUERY_STRING']?
That _should_ contain the current query string with
the values still
encoded, but I'm not sure on that. If they aren't
still encoded, then
just rebuild the query string by looping through
$_GET.
$url = $_SERVER['PHP_SELF'] . '?';
foreach($_GET as $key = $value)
{ $url .= '' . $key . '=' . urlencode($value); }
If you have arrays within $_GET, then you'll need a
recursive function,
but hopefully one of the above will work for your
needs.
--
---John Holmes...
Amazon Wishlist:
www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals
www.phparch.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
=
Zareef Ahmed :: A PHP Developer in Delhi(India).
Homepage :: http://www.zasaifi.com
__
Do you Yahoo!?
Vote for the stars of Yahoo!'s next ad campaign!
http://advision.webevents.yahoo.com/yahoo/votelifeengine/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Odd URL problem
Hello all: I'm seeing an odd problem after I moved a large PHP application from one server to another. Part of the system sends an email to users, containing a clickable http:// link. The link includes a parameter called goto, which bundles up a set of name-value pairs, which indicate the user's final destination. If the user isn't logged in yet, the application holds onto the goto parameter, and once the login is complete, forwards the user on to the specified location. When we send the url, it is encoded, and looks like this: http://foo.bar.org/goto.php?goto=area%3Dpersonnel%26sub%3Dpersonnel%26person nel%3D1002566%26option%3Dedit Once I moved the application, from a PowerMac G4 running LinuxPPC, Apache 1.3.20 and PHP 4.0.5, to a Dell PowerEdge running RedHat 7.3, Apache 1.3.26 and PHP 4.0.6, these URLs seem to not get translated any more. On our development server, Dell server running RedHat 7.1, Apache 1.3.23, PHP 4.1.1, they seem to work fine. When it works, I click an encoded link in my mailer, and my browser tries to access the URL with a correct, decoded query string. When it fails, I get a message from the browser (IE 5+ only for this app) that says Attempt to access http://foo.bar.org/goto.php?goto=area%3Dpersonnel%26sub%3Dpersonnel%26person nel%3D1002566%26option%3Dedit failed. So it seems that the browser in the failing case is trying to deal with the URL in its encoded form. Anyone have any ideas about what I'm missing? -- Steve === Steve Lane Vice President The Moyer Group 833 West Chicago Ave Suite 203 Voice: (312) 433-2421 Email: [EMAIL PROTECTED] Fax: (312) 850-3930 Web: http://www.moyergroup.com === -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Decoding a URL without decoding values
On 21 March 2004 16:03, Ben Ramsey wrote: I've got a querystring that looks like this: ?url=http%3A%2F%2Ftest.alpharetta.ga.us%2Findex.php%3Fm%3Dlink s%26category%3DRecreation%2B%2526%2BParks%26go.x%3D22%26go.y%3D7 As you can gather, I'm trying to pass a URL to another script for some processing. Before I urlencode() the URL and pass it to the query string, it looks like this: http://test.alpharetta.ga.us/index.php?m=linkscategory=Recrea tion+%26+Parksgo.x=22go.y=7 As you can see, there are already encoded entities in the URL, which are further encoded when passed through urlencode(). The problem I'm having is that when I urldecode() the string from $_GET[url], I get the following string: Don't. GET values are automatically urldecoded once by the Web server before they ever reach your script. Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question: urldecode
To view the terms under which this email is distributed, please go to http://disclaimer.leedsmet.ac.uk/email.htm -Original Message- From: Stuart Felenstein [mailto:[EMAIL PROTECTED] Sent: 09 December 2004 13:38 --- Ford, Mike [EMAIL PROTECTED] wrote: Are you seeing the URL-encoded version *only* in your browser's Address/Location bar? If so, that's perfectly normal and nothing to worry about -- it should be automatically decoded by the Web server before being passed to PHP. If you're seeing the encoded version actually in your PHP script, that sounds like a major problem, possibly indicating a missing urldecode() or extraneous urlencode() -- in which case, please post a more detailed analysis of your problem, examples of the unwanted behaviour, and the relevant portions of script. I have no idea about what it means to see the encoded version in my script. I have only one urldecode in the script: a href=SearchJobDetails.php?JobID=?php echo urldecode($row_rsVJ['JobID']);? I actually doubt whether you even need this urldecode() -- but it depends where that value is coming from. Further, I was assuming I should add the urldecode to the query string. I don't quite understand this -- if you mean the query string supplied to your script and manifesting in your $_GET array, then no, very unlikely, since this should have been taken care of by the Web server before it gets anywhere near PHP. If you're referring to echoing out URLs with query strings on them, then that is one of the few instances where urlENcode() might be necessary, but definitely not urlDEcode(). Lastly, I wasn't concerned about the hex code, but I just made some reconnections of scripts. Users can save their search parameters. I am saving the query string. Now I had this set up before and the way it was working , is when the user wanted to view or edit their saved searches, the search page would come back with all the parameters filled in including shaded parameters in things like mult select lists and menu dropdowns. It's not working that way now , so my first suspicion is perhaps the hex is effecting it. All I can say to this is to re-iterate the point that your Web server should be decoding those %xx values before your script ever gets to see them. You *may* have to urlencode() values you write out that might one day form part of a clickable link -- but, because of the previous sentence, you should not yourself need to do the compensating urldecode() in the target script. Once again, this sounds like a situation where you need to be echoing out everything and anything of even the slightest relevance at the crucial spots of your script -- in the debugging phase, my scripts often have a bunch of debugging echoes every few lines, and some sections even end up with more temporary echoes than actual script! It's tedious wading your way through the screenfuls of output, but can be exceedingly illuminating of an elusive problem. Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Headingley Campus, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how do I spoof a get request
Hey Dan: On Tue, Aug 12, 2003 at 08:13:32PM -0400, Dan Anderson wrote: I have noticed that sometimes I cannot fopen($web_address,'r') or use any similar files if the web address contains a form get in it. (i.e. ends in a ?var1=xxxvar2=xxx...). It should work. You said sometimes. What are the times it doesn't work? Are you always passing the same exact query string? If so, then their server is flaky. Or, if are you sending different info in the query string at different times, then you are likely not passing the info correctly. When constructing the query string, the values need to be URL encoded first. See http://php.net/urlencode for more info on this. Also, is there any easy way to spoof posting a form? Yes. http://www.php-faq.com/postToHost.html http://dodds.net/~cardinal/sendtohost.txt --Dan -- FREE scripts that make web and database programming easier http://www.analysisandsolutions.com/software/ T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y 4015 7th Ave #4AJ, Brooklyn NYv: 718-854-0335 f: 718-854-0409 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Very Large MySQL Query String
I can't seem to figure out the following.
I use the http upload functions a lot, works great!!..
For some months now I have been using a small PHP program
which I use to upload PDF files of scanned documents and
insert them into a Mysql table..
Normally these files are small (250 kb), but I now have a
PDF of 1 MB... When uploading files I run the
function: chunk_split(base64_encode($binaryfile));
to encode it, this to transform the binary file to text.. (Works great!!!)
When the query was called to insert the data, nothing happens,
also no error from mysql... Only think I can think of is that the mysql
query string is to long.. ?? (The data when encoded is about 1.3 MB of
text)..
This is the source code..
if (!($userfile_size == 0))
{$fd = fopen ($userfile, r);
$contents = fread ($fd, filesize ($userfile));
fclose ($fd);
unlink ($userfile);
echo Eerste RAW: .strlen($contents);
$encodes_data = chunk_split(base64_encode($contents));
$userfile_name = str_replace( , , $userfile_name);
echo strlen($encodes_data). - Displays text size BR; //Works right!
mysql ($databasename_boekhoud, insert mubo_boekhoud_images (data,
originalname, groep, type)
values '$encodes_data', '$userfile_name', '$groep', '$userfile_type')); //
mysql_error(); //No error given..?
}
Any suggestions are very much appreciated...
With kind regards,
David Bouw
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Very Large MySQL Query String
Instead of uploading to Mysql, why don't you store the file at a directory
and on Mysql only the path to it?
Retrieving files from the hard drive is much faster than doing the same on
Mysql, and also access to manipulation (insert, update, delete, etc...)
--
Julio Nobrega.
Um dia eu chego lá:
http://sourceforge.net/projects/toca
Ajudei? Salvei? Que tal um presentinho?
http://www.submarino.com.br/wishlistclient.asp?wlid=664176742884
David Bouw [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I can't seem to figure out the following.
I use the http upload functions a lot, works great!!..
For some months now I have been using a small PHP program
which I use to upload PDF files of scanned documents and
insert them into a Mysql table..
Normally these files are small (250 kb), but I now have a
PDF of 1 MB... When uploading files I run the
function: chunk_split(base64_encode($binaryfile));
to encode it, this to transform the binary file to text.. (Works great!!!)
When the query was called to insert the data, nothing happens,
also no error from mysql... Only think I can think of is that the mysql
query string is to long.. ?? (The data when encoded is about 1.3 MB of
text)..
This is the source code..
if (!($userfile_size == 0))
{$fd = fopen ($userfile, r);
$contents = fread ($fd, filesize ($userfile));
fclose ($fd);
unlink ($userfile);
echo Eerste RAW: .strlen($contents);
$encodes_data = chunk_split(base64_encode($contents));
$userfile_name = str_replace( , , $userfile_name);
echo strlen($encodes_data). - Displays text size BR; //Works
right!
mysql ($databasename_boekhoud, insert mubo_boekhoud_images (data,
originalname, groep, type)
values '$encodes_data', '$userfile_name', '$groep', '$userfile_type'));
//
mysql_error(); //No error given..?
}
Any suggestions are very much appreciated...
With kind regards,
David Bouw
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PHP] can't pass complete URL (part of the query string) from
--- Nicole Lallande [EMAIL PROTECTED] wrote: form action=http://embitec.com/fishcart/email.php?ref=http://embitec.com/fishcart/displayem.php3?cat=5olimit=0zid=1lid=1; method=post There is your problem right there. Here are the variables you are passing: ref=http://embitec.com/fishcart/displayem.php3?cat=5 olimit=0 zid=1 lid=1 The URL you want to set ref to needs to be URL encoded. You can use rawurlencode() to achieve this. You will know you have it right when your HTML form tag looks like this: form action=http://embitec.com/fishcart/email.php?ref=http%3A%2F%2Fembitec.com%2Ffishcart%2Fdisplayem.php3%3Fcat%3D5%26olimit%3D0%26zid%3D1%26lid%3D1; method=post Hope that helps. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re[2]: [PHP] saving form data
Hello Charlie, Monday, February 23, 2004, 10:15:17 PM, you wrote: CFI It's just a matter of development time; if there's a way to CFI use the Perl mail script with a PHP data saving script, it CFI would save time. If I do have to rewrite the whole thing in CFI PHP, how would I accept uploaded file attachments and attach CFI them to the emailed form results? Then how about in reverse? Add something to the end of the Perl script that passes the values to a PHP script? It could even do it via the query string, maybe also passing an md5 encoded password that only your two scripts know (in order to stop someone spoofing your script). -- Best regards, Richard Davey http://www.phpcommunity.org/wiki/296.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] saving form data
Richard Davey wrote: CFI It's just a matter of development time; if there's a way to CFI use the Perl mail script with a PHP data saving script, it CFI would save time. If I do have to rewrite the whole thing in CFI PHP, how would I accept uploaded file attachments and attach CFI them to the emailed form results? Then how about in reverse? Add something to the end of the Perl script that passes the values to a PHP script? It could even do it via the query string, maybe also passing an md5 encoded password that only your two scripts know (in order to stop someone spoofing your script). I don't think that would work because they will need to save without sending the form. But I had thought about the reverse: a PHP script that saves the data and then possibly passes it on to the Perl script. Do you or anyone else know how to pass on form results in PHP to another script? (Like I said, I'm pretty new to PHP...) Thanks! -- Charlie Fiskeaux II Media Designer Cre8tive Group cre8tivegroup.com 859/858-9054x29 cell: 859/608-9194 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] I18n problems: Working with double-byte languages
Hi people ! I have a query regarding double-byte languages on PHP. I need to sort a index localized from English to Korean. My idea is: * get the Korean strings from file; * convert them to UTF8; * insert them in a Oracle database set to work with UTF8; * set NLS_LANG with Alter session SQL command to this variable match with Korean language; * get the strings sorted by Oracle with a SELECT * FROM table SORT BY field ASC SQL command; I've tried to convert the Korean string to UTF8 with utf8_encode function, but this function converted each byte from double-byte string to its relative in UTF8 chars. Reverting this string encoded to UTF8 with utf8_decode function, the browser can display successfully the Korean chars (because the individual bytes of the double-byte string will be as them were before), but Oracle can't sort the strings properly because that UTF8 chars converted by utf8_encode function were not relative to a double-byte char, but relative to a 2 single bytes chars! How can I convert a double-byte string to UTF8 properly??? Really thanks _ Ricardo J. A. Júnior, Software Engineer Trainee Bowne Global Solutions Phone +55 21 2515 7713 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] www.bowneglobal.com.br http://www.bowneglobal.com.br/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: I18n problems: Working with double-byte languages
Ricardo Junior wrote: Hi people ! I have a query regarding double-byte languages on PHP. I need to sort a index localized from English to Korean. My idea is: * get the Korean strings from file; * convert them to UTF8; * insert them in a Oracle database set to work with UTF8; * set NLS_LANG with Alter session SQL command to this variable match with Korean language; * get the strings sorted by Oracle with a SELECT * FROM table SORT BY field ASC SQL command; I've tried to convert the Korean string to UTF8 with utf8_encode function, but this function converted each byte from double-byte string to its relative in UTF8 chars. Reverting this string encoded to UTF8 with utf8_decode function, the browser can display successfully the Korean chars (because the individual bytes of the double-byte string will be as them were before), but Oracle can't sort the strings properly because that UTF8 chars converted by utf8_encode function were not relative to a double-byte char, but relative to a 2 single bytes chars! How can I convert a double-byte string to UTF8 properly??? Really thanks UTF-8 works but EUC-KR may be better. Anyway, take a look at mbstring, iconv, gettext modules. -- Yasuo Ohgaki -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Question: urldecode
To view the terms under which this email is distributed, please go to http://disclaimer.leedsmet.ac.uk/email.htm -Original Message- From: Stuart Felenstein [mailto:[EMAIL PROTECTED] Sent: 09 December 2004 11:52 In my search page, the url returned comes back with the ..err I forget what it's called, but query string looks like this: %5B%5D=3. I think the %5B and 5D should be []. Are you seeing the URL-encoded version *only* in your browser's Address/Location bar? If so, that's perfectly normal and nothing to worry about -- it should be automatically decoded by the Web server before being passed to PHP. If you're seeing the encoded version actually in your PHP script, that sounds like a major problem, possibly indicating a missing urldecode() or extraneous urlencode() -- in which case, please post a more detailed analysis of your problem, examples of the unwanted behaviour, and the relevant portions of script. Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Headingley Campus, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Lions and tigers and slashes, oh my!
On Fri, January 13, 2006 10:55 am, Jay Blanchard wrote:
I am having a problem with a an ampersand sign. I have a list of
things on a
page, in which one category is 'Oil Gas'. I store it in the
database as
'Oil amp; Gas'.
Don't.
The DATA to be stored in the database is 'Oil Gas'
When it's time to present it in a browser, and ONLY when it's time to
present it in a browser, use:
htmlentities('Oil Gas')
to make it suitable for HTML transport to the browser.
Here's why:
Suppose tomorrow you decide to do an RSS Feed, or export to another
database, or send that data somewhere OTHER than your browser.
Your amp; is *NOT* the raw data, and it's *NOT* what that other
technology might *want* for the encoding of
That other technology might not even WANT encoded in the first place.
Now, RSS might want - amp; for its encoding
But can you guarantee that tomorrow's technology will want that?
No.
Maybe tomorrow's next big thing will want - or perhaps it will
want - %#26 or maybe it will want - 'fnord-26' or maybe it won't
even need encoded, but it will need the character sequence 'fnord'
encoded.
The DATA is 'Oil Gas'
'Oil amp; Gas' is merely a presentation / encoding of that data for
one (or more) particular (currently popular) transport mechanisms.
Encoding the data for today's usage in your orginal source data is
sheer folly, of the same magnitude that gave us Y2K.
You're making trouble for yourself long-term, and probably confusing
yourself short-term.
RAW data goes in your database: 'Oil Gas'
When the category is clicked the query string shows
just an
ampersand, i.e.
Filter=ProcessFilterKey=Oil%20%20GasOrder=ApplicationDirection=ASCcomm
ents= and therefore just shows as an '' and the query only sees
'Oil'.
Shows where?
Until you tell us what showed you where, we can't even begin to
guess what is going on -- because WHERE you saw it changes everything.
There are all manner of potential sources of your vision here.
What you see in the browser, and what you see in View Source and
what you see when your mouse goes over a link are all different, and
probably all different from what you would see in the 'mysql' monitor
program.
If View Source showed you that, then it's probably a problem.
If you saw it printed out to your browser, it may or may not be a
problem.
If it's in the ToolTip from mouse-over of the link, it's may or may
not be a problem.
The browsers try to hide icky details from normal users, and that
means the the amp; will often get converted before you see it.
The fact that the link doesn't work means that it obviously *IS* a
problem, of course, so exactly where you saw it is somewhat moot,
since you shouldn't have put amp; in your database, and after you fix
that, the solution will probably entail fixing whatever is causing the
amp; to get lost anyway.
I guess that I am too tired to deal with this or the answer would
come to
mind immediately. Can someone drop kick me in the right direction?
Ah. An even MORE important reason for not doing what you did.
Part of your PROBLEM is you've put amp; in the database instead of
So you think it's escaped already.
Well, it is... For HTML display, it is escaped.
It is *NOT* escaped for a URL.
urlencode() is for URL-escaping.
htmlentities() is for HTML-escaping.
You've done htmlentities() on your data, not urlencode() on your
output of your data.
What *SHOULD* be done is this:
1. Get the original, un-corrupted (un-escaped) data: 'Oil Gas'
$value = 'Oil Gas'; // from db.
Note lack of amp; here!
Your database has no business [*] keeping the HTML-encoding of its
data internally.
2. Since that datum is being passed as an argument in a URL,
urlencode() it:
$value_url = urlencode($value); //prepare for use in URL
$value_url will now most likely contain %26, and the whole - amp;
problem will be MOOT.
But you never know for sure WHAT data will be in there, so...
3. Make the URL:
$url = Filter= . urlencode('Process') .
FilterKey=$value_urlOrder= . urlencode('Application') . order=
. urlencode('ASC');
NOTE: Just to be pedantic, and to drive the point home, I've
urlencode()d every other data element in the URL, even though the
output of urlencode() in all these cases *happens*, by sheer luck, to
be the same as the input, so you don't need to encode the data.
I am as guilty as the next guy of taking shortcuts and not
URLencode()ing anything that is 'hard-wired' in PHP source.
But if it's coming from your database, or worse, the user, you'd damn
well better urlencode() each value element you are putting into the
URL.
4. *NOW* you are about to dump that URL into your HTML as the HREF= of
a link. At *THAT* point, and *ONLY* at that point, you want to escape
it for HTML usage:
$url_html = htmlentities($url); //escape for HTML
Your URL now has amp; for each separating the key/value pairs in
the GET args.
That's what HTML *wants* though.
Any 'weird' data, where 'weird' is defined by what HTML likes, after
urlencode
php-general Digest 26 May 2011 19:00:57 -0000 Issue 7329
php-general Digest 26 May 2011 19:00:57 - Issue 7329
Topics (messages 313153 through 313156):
Re: How can a UTF-8 string can be converted to an array of Bytes?
313153 by: Eric Butera
Re: simple question abt convert to integer
313154 by: Bálint Horváth
313155 by: Negin Nickparsa
PHP to Java integration using : shell_exec function
313156 by: Eli Orr (Office)
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
--
---BeginMessage---
On Wed, May 25, 2011 at 8:15 AM, Eli Orr (Office) eli@logodial.com wrote:
Hi,
Since a UTF-8 is a multi-bytes mechanism I get for 2 or 3 bytes UTF-8
encoded character a single character
How can it be break into the REAL bytes array that represent the UTF-8
string
and how can we reassembled the bytes array back to UTF-8?
--
Best Regards,
*Eli Orr*
CTO Founder
*LogoDial Ltd.*
__
You can use mb_substr [1] with a UTF-8 encoding to get the single characters.
http://us.php.net/mb_substr
---End Message---
---BeginMessage---
The problem is that if you set the post directly to the query it's available
to be an attach code in the field... (eg. DROP DATABASE;) it's called to
SQL injection...
what I mean on filtering:
always check the values in query eg.: $id = $_POST['id'];
if(is_numeric($id)){...}else{bad post}
and at other fields u can use eg. strstr() etc...
On Wed, May 25, 2011 at 4:38 PM, Negin Nickparsa nickpa...@gmail.comwrote:
Tnx to all:D
Paul you are absolutly right:D
it was a bad mistake from me
there was no need 2 convert it
Balint helped me n with mysql_error i found that
my code hasn't any mistake
i just forgot the BIG thing!
selecting db:D
i totally forgot it because i had array keys with if statement n in there i
selected it
but in the last one of them i forgot 2 set the selection of DB
Ashley what is OP? and filtering i didn't understand
Andre why u r telling me
Note: you *didn't* execute the query by calling mysql_query on it.
if it doesn't execute the query then what's it doing?
Reply
Vitalli believe me that i tried it n i can send the string without error i
tried it:
$query1=select * from patient where id=.$_POST['txt'];
it works! after i found my error i tried it 2 n it was right!!!
---End Message---
---BeginMessage---
i got it tnx Balint
---End Message---
---BeginMessage---
Hi,
Please advise if the following is possible and how can pass parameters
from the PHP to the Java application.
Thanks.
Here's my script draft:
?PHP
...
$XML_toEnc = urlencode ($XML);
// The XML_toEnc
is a string and shall be urlencoded !
$EncXML = shell_exec(/usr/bin/java/java -jar MyApp.jar -XML
$XML_toEnc); == ??? How can I pass parameters like a large string of
let say XML?
echo $EncXML; // back to the MObile Client
// Receiving client shall:
// urldecode the string
?
Eli Orr
---End Message---
Re: [PHP] Re: sql injection protection
On 26-01-2012 15:46, Haluk Karamete wrote:
when we do b64e and then back b64d, you are saying. we get the org
input all as clear text but this time as a string. because it is now a
string, (which by definition can not be executed)
what's the difference between b64e+b64d vs (string) casting then? if
you were to cast the original input into string using (string),
wouldn't you be in the same shoes?
No, it's not. The problem here is that we're using 2 different systems,
which have to talk to eachother. They do this via strings.
If you send 'SELECT a FROM b', for PHP that's a string. It doesn't know
or even care if this is SQL or what you want to do with it. To PHP it's
just a string.
Once it gets to MySQL however, it will look at that string, parse it as
SQL and execute it.
Now, if we use:
'SELECT a FROM b; DROP TABLE b'
for PHP, it will still be just a string. Nothing special.
For MySQL however, it will have turned into 2 different operations,
which will both be executed. It will first SELECT a FROM b, and then
DROP TABLE b.
Can this be resolved by casting the whole query to a string in PHP? No.
It's already a string.
However, if you base64_encode a part of the query (the variable part
that you're afraid might get replaced by malicious code), it will appear
as a string to MySQL. It will recieve the following:
SELECT a FROM b WHERE c='MSc7RFJPUCBUQUJMRSBiIFdIRVJFIDE9JzE=';
instead of:
SELECT a FROM b WHERE c='1';DROP TABLE b WHERE 1='1';
To PHP, both are still strings. But to MySQL, the first is an operation
which SELECTs a from b where c has a certain value. The second, does the
same, but also drops the table (! WHOA! we Don't want that!!).
Of course, if we change the code to:
SELECT a FROM b WHERE
c=BASE64DECODE('MSc7RFJPUCBUQUJMRSBiIFdIRVJFIDE9JzE=');
It will select based on the STRING 1';DROP TABLE b WHERE 1='1 and will
not execute it, since it did not recieve it as executable code.
Do you finally understand the difference?
also on another note, if you know the userinput is in UTF-8, ( you
verify that by running mb_detect_encoding($str, 'UTF-8', true); )
This doesn't guarantee anything. You can't see the encoding on a bare
string. You can guess what it might be (using a function such as
mb_detect_encoding), but it might very well be wrong.
If I send you a string like 'abcdef', it may be detected as being ANSII,
ISO-8859-11, ISO-8859-16, and a million others. Why? Because encoding is
just a way of saying value X in this string represents character Y,
but to know that, you first need to know what codepage / encoding
belongs to it. If you don't know that, value 2148 might mean 'C' or 'F'
or 'PO'. You don't know, and you don't have any way of figuring this
out. That is why it is CRITICAL to know what encoding is being used.
If a UTF-7 encoded string is provided, it may look like a string of crap
to you. But when it is interpreted as being in UTF-8 it might suddenly
completely change meaning, and contain malicious code. The string itself
doesn't change at all, just the interpretation of the string.
When starting a connection, you should make sure that the encoding it
works with is the same you're using to construct your strings. So if
you're working in UTF-7, make sure MySQL is aswell. Otherwise, you have
to make sure to manually recode your strings from UTF-7 to UTF-8.
Hopefuly that makes it more clear to you.
, is
there a situation where you think mysql_real_escape_string would fail
in SQLINjection against string based user input ? The reason I ask
this about specifically for strings is because it is fairly easy to
validate againsts integers,floats,booleans using the built in
validation filters my biggest issue is on strings...
also what do you think about filter_sanitize_string.
and finally, where do you think PHP community plus Rasmus is having a
hard time implementing what you have in mind - that is a one liner
that will do the inline string interpolation you are talking about..
what's the issue that it hasn't been done before?
There are many ways of getting around the functions mentioned above.
Personally I have little experience with HOW you can do it (although
I've been forced to patch holes found due to the fact that we did rely
on it though). You can search the internet to find out how. We can't
really help you there, we can only advise you (as has been done a
million times already, though you don't seem to be able to accept the
recommendation). If you decide not to accept the recommendation, then
don't, and just use your own way. It may bite you after a while though.
Security issues like the one mentioned above are notoriously difficult
to eliminate effectively; oneliners rarely if ever suffice.
- Tul
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Very Large MySQL Query String
Dear Javier,
Yes, indeed when you encode the file it grows. Normally about 30%..
Thus, the file in my situation of 1 Megabyte grows to 1.3 MegaByte..
But I would expect that this should not give any problems...
The columns I am using allows 16 Megabyte.. Does anyone else know what
the string limitation of PHP Mysql query function is?
With kinds regards,
David Bouw
Hi, I think if you encode the file with base64 and store it in the
database the size of the document will be more than 1MB sure.
David Bouw wrote:
Dear Kirk (and Julio)
Thanks for the response..
I don't want to use a link to the images because backing up my data
and porting it to another machine is much easier. (Replicating is also
very easy.) When storing the file separately this gets more complex,
especially when you want to get this data from another machine...
The stored data isn't retrieved very often, so speed isn't really an
issue. (Till now speed really never was an isse. When adding the right
indexes MySql + PHP does incredible things!!.)
I do though use the suggested 'linking' method for an website where
the images are needed on the website.. In the current situation though
I store PDF images of invoices which are basically only needed to look
something up if there is a problem...
Kirk, I already tried changing the properties of the column in which I
store the images.. (Currently it is an longtext, but before this I
always used an Longblob...)
I can't remember the exact sizes of MySQL, but I believe that an
Mediumblob can handle 16 Megabyte.. (I know have little more than a 1
MB..)
I will try some things tomorrow, but I can't find out what the problem
is.. (Column size, PHP-Mysql string length limitation or maybe
something I am overlooking..)
I can though echo the query to screen and see that the uploaded file
is encoded to a very nice (large) text-string..
Any other suggestions are greatly appreciated.
With kind regards,
David Bouw
If I use the link to the file, i.e.
file//C:\filedir\file.pdf or .txt or whatever
how do I insert/update/delete the file since MySQL is holding only
the link?
BTW David, what are the properties of the field you are inserting to?
Could that be the problem?
-Kirk
Julio Nobrega Trabalhando [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Instead of uploading to Mysql, why don't you store the file at a
directory
and on Mysql only the path to it?
Retrieving files from the hard drive is much faster than doing the
same
on
Mysql, and also access to manipulation (insert, update, delete,
etc...)
--
Julio Nobrega.
Um dia eu chego lá:
http://sourceforge.net/projects/toca
Ajudei? Salvei? Que tal um presentinho?
http://www.submarino.com.br/wishlistclient.asp?wlid=664176742884
David Bouw [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I can't seem to figure out the following.
I use the http upload functions a lot, works great!!..
For some months now I have been using a small PHP program
which I use to upload PDF files of scanned documents and
insert them into a Mysql table..
Normally these files are small (250 kb), but I now have a
PDF of 1 MB... When uploading files I run the
function: chunk_split(base64_encode($binaryfile));
to encode it, this to transform the binary file to text.. (Works
great!!!)
When the query was called to insert the data, nothing happens, also
no error from mysql... Only think I can think of is that the mysql
query string is to long.. ?? (The data when encoded is about 1.3 MB
of text)..
This is the source code..
if (!($userfile_size == 0))
{$fd = fopen ($userfile, r);
$contents = fread ($fd, filesize ($userfile));
fclose ($fd);
unlink ($userfile);
echo Eerste RAW: .strlen($contents);
$encodes_data = chunk_split(base64_encode($contents));
$userfile_name = str_replace( , , $userfile_name);
echo strlen($encodes_data). - Displays text size BR;
//Works
right!
mysql ($databasename_boekhoud, insert mubo_boekhoud_images
(data,
originalname, groep, type)
values '$encodes_data', '$userfile_name', '$groep',
'$userfile_type'));
//
mysql_error(); //No error given..?
}
Any suggestions are very much appreciated...
With kind regards,
David Bouw
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Very Large MySQL Query String
If I use the link to the file, i.e.
file//C:\filedir\file.pdf or .txt or whatever
how do I insert/update/delete the file since MySQL is holding only the
link?
BTW David, what are the properties of the field you are inserting to? Could
that be the problem?
-Kirk
Julio Nobrega Trabalhando [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Instead of uploading to Mysql, why don't you store the file at a
directory
and on Mysql only the path to it?
Retrieving files from the hard drive is much faster than doing the same
on
Mysql, and also access to manipulation (insert, update, delete, etc...)
--
Julio Nobrega.
Um dia eu chego lá:
http://sourceforge.net/projects/toca
Ajudei? Salvei? Que tal um presentinho?
http://www.submarino.com.br/wishlistclient.asp?wlid=664176742884
David Bouw [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I can't seem to figure out the following.
I use the http upload functions a lot, works great!!..
For some months now I have been using a small PHP program
which I use to upload PDF files of scanned documents and
insert them into a Mysql table..
Normally these files are small (250 kb), but I now have a
PDF of 1 MB... When uploading files I run the
function: chunk_split(base64_encode($binaryfile));
to encode it, this to transform the binary file to text.. (Works
great!!!)
When the query was called to insert the data, nothing happens,
also no error from mysql... Only think I can think of is that the mysql
query string is to long.. ?? (The data when encoded is about 1.3 MB of
text)..
This is the source code..
if (!($userfile_size == 0))
{$fd = fopen ($userfile, r);
$contents = fread ($fd, filesize ($userfile));
fclose ($fd);
unlink ($userfile);
echo Eerste RAW: .strlen($contents);
$encodes_data = chunk_split(base64_encode($contents));
$userfile_name = str_replace( , , $userfile_name);
echo strlen($encodes_data). - Displays text size BR; //Works
right!
mysql ($databasename_boekhoud, insert mubo_boekhoud_images (data,
originalname, groep, type)
values '$encodes_data', '$userfile_name', '$groep', '$userfile_type'));
//
mysql_error(); //No error given..?
}
Any suggestions are very much appreciated...
With kind regards,
David Bouw
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Selecting Rows Based on Row Values Being in Array
This is working so far but I need to add an additional search.
This is what I have so far:
$in_list = '.join(',',$cen_chiefs).';
$query_cen_chiefs = SELECT * FROM central WHERE CONCAT(strName,'
',strCity,' ',strState) IN({$in_list}) ORDER BY conName;
I also need the query to return records where strName values are in
$cen_chiefs
I tried query 5 different ways and none return any records except for one
above.
This is one that failed:
SELECT * FROM central WHERE CONCAT(strName,' ',strCity,' ',strState)
IN({$in_list}) AND WHERE (strName) IN({$in_list}) ORDER BY conName;
Any suggestions?
Jim Lucas [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
K. Hayes wrote:
Will do. Thanks.
- Original Message - From: Jim Lucas [EMAIL PROTECTED]
To: kvigor [EMAIL PROTECTED]
Cc: php-general@lists.php.net
Sent: Saturday, June 30, 2007 1:46 AM
Subject: Re: [PHP] Selecting Rows Based on Row Values Being in Array
kvigor wrote:
Hello All,
I'm attempting to return rows from a mysql DB based on this criteria:
I have a list, in the form of an array that I need to compare against
each row
in the table. Where theres a match I need that entire row returned.
e.g.$varListof 3outOf_10Fields = array(6blue40lbs, 7orange50lbs,
8orange60lbs, 9purple70lbs);
The array contains 3 of the db row fields in 1 value. However there are
10 fields/columns in the table.
===
what table looks like |
===
size colorweight
ROW 1| value1 | value1 | value1 | value1 | value1 | value1 |
So how could I set up a query that would SELECT the entire row, if the
row contained $varListof 3outOf_10Fields[1].
Open to any suggestions or work arounds. I'm playing with extract()
but code is too crude to even post.
I would suggest approaching the problem with a slightly different
thought.
just have the sql concat() the columns together and then compare.
something like this should do the trick
$list = array(
'6blue40lbs',
'7orange50lbs',
'8orange60lbs',
'9purple70lbs',
);
$SQL =
SELECT *
FROM my_Table
WHERE CONCAT(value1, value2, value3) IN ('.join(',', $list).')
;
mysql_query($SQL);
this should take, for each row in the DB, value1 + value2 + value3 and
create one string from them, then it will compare each string in the
IN (...) portion to each entry in the $list array().
Let me know if you need any further help
one other thing, make sure that you run each of the values in the $list
array() through mysql_real_escape_string(). That way it is all nicely
encoded for the SQL statement.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Selecting Rows Based on Row Values Being in Array
Ok Jim,
This is what I have so far and I'm still working it out.
$in_list = .join('',$someArrayList); // do I really need to concatenate
or separate anything here since my array values will be '7orange50lbs'? //
this is the format I want.
$query_One = SELECT * FROM shoe WHERE CONCAT(size,color,weight)
IN({$in_list});// size, color, weight are my column names
$result = mysql_query($query_One ,$connection) or die(Query failed: .
mysql_error($connection));
$row = mysql_fetch_array($result);
This is the error I get back from the query:
Query failed: Unknown column '6blue40lbs' in 'where clause'// where am I
going wrong?
==
Jim Lucas [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
kvigor wrote:
Jim,
Please excuse the ignorance, I'm a newbie, but I'm only use to simple
SELECT, INSERT statements.
Your original code: $SQL = SELECT * FROM my_Table WHERE CONCAT(value1,
value2, value3) IN ('.join(',', $list).')
This can be broken down into smaller parts so to explain by example.
# This is to clean the input values for the SQL statement
function mysql_clean($value) {
return mysql_real_escape_string($value);
}
# Define your list of values to compare to
$list = array(
'6blue40lbs',
'7orange50lbs',
'8orange60lbs',
'9purple70lbs',
);
# You will want to do something like this with the values of the $list
# array just to make sure they are clean: reference the function above
array_walk($list, 'mysql_clean');
# This will return a string formated like this.
# '6blue40lbs','7orange50lbs','8orange60lbs','9purple70lbs'
$IN_VALUE = '.join(',', $list).';
$SQL = SELECT *
FROM my_Table
WHERE CONCAT(value1, value2, value3)
IN ({$IN_VALUE});
# The final query string will look like this
SELECT *
FROM my_Table
WHERE CONCAT(value1, value2, value3)
IN ('6blue40lbs','7orange50lbs','8orange60lbs','9purple70lbs')
# Now run this through your query function and get the results
$results = mysql_query($SQL) OR die('SQL Failure: '.$SQL);
So basically what we have is a comparison that is based off the output of
the CONCAT() function that creates one string out of value1, value2,
value3 and then compares that with each of the values listed within the
parenthesis. the IN (...) part of the SQL statement tells SQL that it is
getting a list of values that it should compare the concat() value
against.
Doing it this way, will allow you to only run one query instead of running
one per value that you want to compare against. As you can tell, as your
data set grows your multiple queries would drag your DB to a halt
Hope this explains it.
Let me know if you need further explanation.
OK, I get everything up to the ('''.join(''','''$list).''')
I'm guessing that the .join( ). putting together some values, but I don't
know what
also the .join( ). is to be preceded by something... I don't know what.
//Forgive my ignorance, I'll can get it.
Also the .join( ). what is this doing I looked at the PHP and MySQL
function of each, and haven't seen comparable code.
I'm asking because I don't know where we're telling the code to compare
the values.
You stated...
and create one string from them
Where do I give the name to the string?
So this is where I am so far:
$sql = SELECT* FROM table WHERE CONCAT(size,color,weight) IN( );
Jim Lucas [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
K. Hayes wrote:
Will do. Thanks.
- Original Message - From: Jim Lucas [EMAIL PROTECTED]
To: kvigor [EMAIL PROTECTED]
Cc: php-general@lists.php.net
Sent: Saturday, June 30, 2007 1:46 AM
Subject: Re: [PHP] Selecting Rows Based on Row Values Being in Array
kvigor wrote:
Hello All,
I'm attempting to return rows from a mysql DB based on this criteria:
I have a list, in the form of an array that I need to compare against
each row
in the table. Where theres a match I need that entire row returned.
e.g.$varListof 3outOf_10Fields = array(6blue40lbs, 7orange50lbs,
8orange60lbs, 9purple70lbs);
The array contains 3 of the db row fields in 1 value. However there
are 10 fields/columns in the table.
===
what table looks like |
===
size colorweight
ROW 1| value1 | value1 | value1 | value1 | value1 | value1 |
So how could I set up a query that would SELECT the entire row, if
the row contained $varListof 3outOf_10Fields[1].
Open to any suggestions or work arounds. I'm playing with extract()
but code is too crude to even post.
I would suggest approaching the problem with a slightly different
thought.
just have the sql concat() the columns together and then compare.
something like this should do the trick
$list = array(
'6blue40lbs',
'7orange50lbs',
'8orange60lbs',
'9purple70lbs',
);
$SQL =
SELECT *
FROM my_Table
WHERE CONCAT(value1, value2, value3) IN ('.join(',', $list
Re: [PHP] Selecting Rows Based on Row Values Being in Array
K. Hayes wrote:
Will do. Thanks.
- Original Message - From: Jim Lucas [EMAIL PROTECTED]
To: kvigor [EMAIL PROTECTED]
Cc: php-general@lists.php.net
Sent: Saturday, June 30, 2007 1:46 AM
Subject: Re: [PHP] Selecting Rows Based on Row Values Being in Array
kvigor wrote:
Hello All,
I'm attempting to return rows from a mysql DB based on this criteria:
I have a list, in the form of an array that I need to compare against
each row
in the table. Where theres a match I need that entire row returned.
e.g.$varListof 3outOf_10Fields = array(6blue40lbs, 7orange50lbs,
8orange60lbs, 9purple70lbs);
The array contains 3 of the db row fields in 1 value. However there
are 10 fields/columns in the table.
===
what table looks like |
===
size colorweight
ROW 1| value1 | value1 | value1 | value1 | value1 | value1 |
So how could I set up a query that would SELECT the entire row, if
the row contained $varListof 3outOf_10Fields[1].
Open to any suggestions or work arounds. I'm playing with extract()
but code is too crude to even post.
I would suggest approaching the problem with a slightly different
thought.
just have the sql concat() the columns together and then compare.
something like this should do the trick
$list = array(
'6blue40lbs',
'7orange50lbs',
'8orange60lbs',
'9purple70lbs',
);
$SQL =
SELECT *
FROM my_Table
WHERE CONCAT(value1, value2, value3) IN ('.join(',', $list).')
;
mysql_query($SQL);
this should take, for each row in the DB, value1 + value2 + value3 and
create one string from them, then it will compare each string in the
IN (...) portion to each entry in the $list array().
Let me know if you need any further help
one other thing, make sure that you run each of the values in the $list
array() through mysql_real_escape_string(). That way it is all nicely
encoded for the SQL statement.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] RSS Feed Accented Characters
On 30 September 2011 18:22, Ron Piggott ron@actsministries.org wrote:
-Original Message- From: Richard Quadling
Sent: Friday, September 30, 2011 12:31 PM
To: Ron Piggott
Cc: php-general@lists.php.net
Subject: Re: [PHP] RSS Feed Accented Characters
On 30 September 2011 17:26, Ron Piggott ron@actsministries.org wrote:
I am trying to set up an RSS Feed in the Spanish language using a PHP cron
job. I am unsure of how to deal with accented letters.
An example:
This syntax:
?php
$rss_content .= description . htmlentities(El Versículo del Día) .
/description\r\n;
?
Outputs:
descriptionEl Versiacute;culo del Diacute;a/description
When I use an RSS Feed validator I receive the error message
This feed does not validate.
a.. line 24, column 20: XML parsing error: unknown:24:20: undefined
entity
I suspect the “;” is the issue, although it is needed for the accented
letters. If I don’t use htmlentities() the accented characters can’t be
viewed, they become a “?” How should I proceed?
Ron
Make sure you have ...
?xml version=1.0 encode=UTF-8?
as the first line of the output. That tells the reader that the file
is a UTF-8 encoded file. Also, if you ejecting HTTP headers, make sure
that they say the encoding is UTF-8 and not a codepage.
Go UTF-8 everywhere.
--
Richard Quadling
Twitter : EE : Zend : PHPDoc
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea
Hi Richard:
Having ?xml version=1.0 encoding=UTF-8? as the starting
line didn't correct the problem.
The RSS Feed is @
http://www.elversiculodeldia.info/peticiones-de-rezo-rss.xml
There are a variety of errors related to accented characters while using a
feed valuator
http://validator.w3.org/feed/check.cgi?url=http%3A%2F%2Fwww.elversiculodeldia.info%2Fpeticiones-de-rezo-rss.xml
- Also While viewing the feed in Firefox once the first accented character
is displayed none of the rest of the feed is visible, except by right
clicking and view source
The RSS Feed content will be populated by a database query. The database
columns are set to utf8_unicode_ci
How should I proceed?
Ron
The byte sequence that is being received is just 0xED.
php -r file_put_contents('a.rss',
file_get_contents('http://www.elversiculodeldia.info/peticiones-de-rezo-rss.xml'));
This is NOT UTF-8 encoded data, but is ISO-8859-1 Latin-1 (most likely).
So as I see it you have 1 choice.
Either use ?xml version=1.0 encoding=ISO-8859-1? as the XML tag
or convert the encoded data to UTF-8.
It also means that the data in the sql server is NOT UTF-8 and will
need to be converted also.
I would recommend doing that first.
That will mean reading the data as ISO-8859-1 and converting it to
UTF-8 and then saving it again.
I'd also be looking at the app that inputs the data into the DB initially.
To convert the text, here are 2 examples. I'm sure there are more ways.
?php
$iso_text = 'El Versículo del Día: Pray For Others: Incoming Prayer Requests';
$utf_8_text = utf8_encode($iso_text);
var_dump($iso_text, $utf_8_text);
$utf_8_text = iconv('ISO-8859-1', 'UTF-8', $iso_text);
var_dump($iso_text, $utf_8_text);
?
outputs ...
string(63) El Vers퀀culo del D퀀a: Pray For Others: Incoming Prayer Requests
string(65) El Versículo del Día: Pray For Others: Incoming Prayer Requests
string(63) El Vers퀀culo del D퀀a: Pray For Others: Incoming Prayer Requests
string(65) El Versículo del Día: Pray For Others: Incoming Prayer Requests
notice that the correct strings are 2 bytes longer?
The í is encoded as 0xC3AD or U+00ED.
--
Richard Quadling
Twitter : EE : Zend : PHPDoc
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] RSS Feed Accented Characters
www.TheVerseOfTheDay.info
-Original Message-
From: Richard Quadling
Sent: Friday, September 30, 2011 2:53 PM
To: Ron Piggott
Cc: php-general@lists.php.net
Subject: Re: [PHP] RSS Feed Accented Characters
On 30 September 2011 18:22, Ron Piggott ron@actsministries.org wrote:
-Original Message- From: Richard Quadling
Sent: Friday, September 30, 2011 12:31 PM
To: Ron Piggott
Cc: php-general@lists.php.net
Subject: Re: [PHP] RSS Feed Accented Characters
On 30 September 2011 17:26, Ron Piggott ron@actsministries.org
wrote:
I am trying to set up an RSS Feed in the Spanish language using a PHP
cron
job. I am unsure of how to deal with accented letters.
An example:
This syntax:
?php
$rss_content .= description . htmlentities(El Versículo del Día) .
/description\r\n;
?
Outputs:
descriptionEl Versiacute;culo del Diacute;a/description
When I use an RSS Feed validator I receive the error message
This feed does not validate.
a.. line 24, column 20: XML parsing error: unknown:24:20: undefined
entity
I suspect the “;” is the issue, although it is needed for the accented
letters. If I don’t use htmlentities() the accented characters can’t be
viewed, they become a “?” How should I proceed?
Ron
Make sure you have ...
?xml version=1.0 encode=UTF-8?
as the first line of the output. That tells the reader that the file
is a UTF-8 encoded file. Also, if you ejecting HTTP headers, make sure
that they say the encoding is UTF-8 and not a codepage.
Go UTF-8 everywhere.
--
Richard Quadling
Twitter : EE : Zend : PHPDoc
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea
Hi Richard:
Having ?xml version=1.0 encoding=UTF-8? as the starting
line didn't correct the problem.
The RSS Feed is @
http://www.elversiculodeldia.info/peticiones-de-rezo-rss.xml
There are a variety of errors related to accented characters while using a
feed valuator
http://validator.w3.org/feed/check.cgi?url=http%3A%2F%2Fwww.elversiculodeldia.info%2Fpeticiones-de-rezo-rss.xml
- Also While viewing the feed in Firefox once the first accented character
is displayed none of the rest of the feed is visible, except by right
clicking and view source
The RSS Feed content will be populated by a database query. The database
columns are set to utf8_unicode_ci
How should I proceed?
Ron
The byte sequence that is being received is just 0xED.
php -r file_put_contents('a.rss',
file_get_contents('http://www.elversiculodeldia.info/peticiones-de-rezo-rss.xml'));
This is NOT UTF-8 encoded data, but is ISO-8859-1 Latin-1 (most likely).
So as I see it you have 1 choice.
Either use ?xml version=1.0 encoding=ISO-8859-1? as the XML tag
or convert the encoded data to UTF-8.
It also means that the data in the sql server is NOT UTF-8 and will
need to be converted also.
I would recommend doing that first.
That will mean reading the data as ISO-8859-1 and converting it to
UTF-8 and then saving it again.
I'd also be looking at the app that inputs the data into the DB initially.
To convert the text, here are 2 examples. I'm sure there are more ways.
?php
$iso_text = 'El Versículo del Día: Pray For Others: Incoming Prayer
Requests';
$utf_8_text = utf8_encode($iso_text);
var_dump($iso_text, $utf_8_text);
$utf_8_text = iconv('ISO-8859-1', 'UTF-8', $iso_text);
var_dump($iso_text, $utf_8_text);
?
outputs ...
string(63) El Vers퀀culo del D퀀a: Pray For Others: Incoming Prayer Requests
string(65) El Versículo del Día: Pray For Others: Incoming Prayer Requests
string(63) El Vers퀀culo del D퀀a: Pray For Others: Incoming Prayer Requests
string(65) El Versículo del Día: Pray For Others: Incoming Prayer Requests
notice that the correct strings are 2 bytes longer?
The í is encoded as 0xC3AD or U+00ED.
--
Richard Quadling
Twitter : EE : Zend : PHPDoc
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea
Richard I was unaware of the
utf8_encode
command. Thank you very much --- this now works. Now I may continue with
the translation into Spanish.
Ron
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: sql injection protection
On 01/26/2012 06:46 AM, Haluk Karamete wrote: when we do b64e and then back b64d, you are saying. we get the org input all as clear text but this time as a string. because it is now a string, (which by definition can not be executed) what's the difference between b64e+b64d vs (string) casting then? if you were to cast the original input into string using (string), wouldn't you be in the same shoes? Re-read his example. He encodes the data in PHP. But decodes the data in SQL. So, if you echo the SQL statement, you would see a base64 encoded string that SQL then decodes. also on another note, if you know the userinput is in UTF-8, ( you verify that by running mb_detect_encoding($str, 'UTF-8', true); ), is there a situation where you think mysql_real_escape_string would fail in SQLINjection against string based user input ? The reason I ask this about specifically for strings is because it is fairly easy to validate againsts integers,floats,booleans using the built in validation filters my biggest issue is on strings... also what do you think about filter_sanitize_string. read this: http://www.php.net/manual/en/filter.filters.sanitize.php Then read this: http://www.php.net/manual/en/filter.filters.flags.php It seems to me that filter_sanitize_string does not deal with anything other then ASCII. YMMV and finally, where do you think PHP community plus Rasmus is having a hard time implementing what you have in mind - that is a one liner that will do the inline string interpolation you are talking about.. what's the issue that it hasn't been done before? On Tue, Jan 24, 2012 at 1:45 PM, Alex Nikitinniks...@gmail.com wrote: You don't need to store it in the database as b64, just undo the encoding into your inputs for the purpose of the explanation, this is language independent b64e - encoding function b64d - decoding function pseudo code given: bad_num = ') union select * from foo --' bad_str = good_num = 123456 good_str = some searchable text the b64 way: bad_num=b64e(bad_num) ... good_str=b64e(good_str) inserts: query(insert into foo (num, str) values (b64d(\+bad_num+\), b64d(\+bad_str+\))); query(insert into foo (num, str) values (b64d(\+good_num+\), b64d(\+good_str+\))); Can you see that this will safely insert clear text into the database? This is because when you convert anything from b64, it will return from the function as a string and will not be executed as code... Now let's try a search: bad_num= '1 or 2 not like 5' bad_str = ' or \40oz\ like \40oz\ again we: bad_num=b64e(bad_num) bad_str=b64e(bad_str) then we can do a full text search: query(select * from foo where match(str) against(b64d(\+bad_str+\))) or even a number search query(select * from foo where num=b64d(\+bad_num+\)) again this is possible because no matter what you put in bad num, it will never be able to make post b64e bad_num look like code, just looks like junk, until b64d converts it to a string (which by definition can not be executed) make sense now? by check i mean, run utf8_decode for example... Problem is, that i can tell you how to write the most secure code, but if it's hard, or worse yet creates more problems than it solves (seemingly), nobody other than a few individuals with some passion for security will ever find the code useful. We need to fix this on the language level, then we can go around and tell programmers how to do it right. I mean imagine telling a programmer, that something that takes them 2 lines of code now, can be done much more securely in 5-7, and it creates code that doesn't read linearly... Most programmers will just ignore you. I want to say, hey programmer, what you do in 2 lines of code, you can do in 1 and make it impossible to inject into, then, then people will listen, maybe... This is where inline string interpolation syntax comes in, but it is not implemented in any programming languages, sadly actually. This is what i want to talk to Rasmus about. -- Jim Lucas http://www.cmsws.com/ http://www.cmsws.com/examples/ http://www.bendsource.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Very Large MySQL Query String
Dear Kirk (and Julio)
Thanks for the response..
I don't want to use a link to the images because backing up my data and
porting it to another machine is much easier. (Replicating is also very
easy.) When storing the file separately this gets more complex, especially
when you want to get this data from another machine...
The stored data isn't retrieved very often, so speed isn't really an issue.
(Till now speed really never was an isse. When adding the right indexes
MySql + PHP does incredible things!!.)
I do though use the suggested 'linking' method for an website where the
images are needed on the website.. In the current situation though I store
PDF images of invoices which are basically only needed to look something up
if there is a problem...
Kirk, I already tried changing the properties of the column in which I
store the images.. (Currently it is an longtext, but before this I always
used an Longblob...)
I can't remember the exact sizes of MySQL, but I believe that an Mediumblob
can handle 16 Megabyte.. (I know have little more than a 1 MB..)
I will try some things tomorrow, but I can't find out what the problem is..
(Column size, PHP-Mysql string length limitation or maybe something I am
overlooking..)
I can though echo the query to screen and see that the uploaded file is
encoded to a very nice (large) text-string..
Any other suggestions are greatly appreciated.
With kind regards,
David Bouw
If I use the link to the file, i.e.
file//C:\filedir\file.pdf or .txt or whatever
how do I insert/update/delete the file since MySQL is holding only the
link?
BTW David, what are the properties of the field you are inserting to?
Could that be the problem?
-Kirk
Julio Nobrega Trabalhando [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Instead of uploading to Mysql, why don't you store the file at a
directory
and on Mysql only the path to it?
Retrieving files from the hard drive is much faster than doing the
same
on
Mysql, and also access to manipulation (insert, update, delete,
etc...)
--
Julio Nobrega.
Um dia eu chego lá:
http://sourceforge.net/projects/toca
Ajudei? Salvei? Que tal um presentinho?
http://www.submarino.com.br/wishlistclient.asp?wlid=664176742884
David Bouw [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I can't seem to figure out the following.
I use the http upload functions a lot, works great!!..
For some months now I have been using a small PHP program
which I use to upload PDF files of scanned documents and
insert them into a Mysql table..
Normally these files are small (250 kb), but I now have a
PDF of 1 MB... When uploading files I run the
function: chunk_split(base64_encode($binaryfile));
to encode it, this to transform the binary file to text.. (Works
great!!!)
When the query was called to insert the data, nothing happens, also
no error from mysql... Only think I can think of is that the mysql
query string is to long.. ?? (The data when encoded is about 1.3 MB
of text)..
This is the source code..
if (!($userfile_size == 0))
{$fd = fopen ($userfile, r);
$contents = fread ($fd, filesize ($userfile));
fclose ($fd);
unlink ($userfile);
echo Eerste RAW: .strlen($contents);
$encodes_data = chunk_split(base64_encode($contents));
$userfile_name = str_replace( , , $userfile_name);
echo strlen($encodes_data). - Displays text size BR;
//Works
right!
mysql ($databasename_boekhoud, insert mubo_boekhoud_images
(data,
originalname, groep, type)
values '$encodes_data', '$userfile_name', '$groep',
'$userfile_type'));
//
mysql_error(); //No error given..?
}
Any suggestions are very much appreciated...
With kind regards,
David Bouw
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Very Large MySQL Query String
Hi, I think if you encode the file with base64 and store it in the
database the size of the document will be more than 1MB sure.
David Bouw wrote:
Dear Kirk (and Julio)
Thanks for the response..
I don't want to use a link to the images because backing up my data and
porting it to another machine is much easier. (Replicating is also very
easy.) When storing the file separately this gets more complex, especially
when you want to get this data from another machine...
The stored data isn't retrieved very often, so speed isn't really an issue.
(Till now speed really never was an isse. When adding the right indexes
MySql + PHP does incredible things!!.)
I do though use the suggested 'linking' method for an website where the
images are needed on the website.. In the current situation though I store
PDF images of invoices which are basically only needed to look something up
if there is a problem...
Kirk, I already tried changing the properties of the column in which I
store the images.. (Currently it is an longtext, but before this I always
used an Longblob...)
I can't remember the exact sizes of MySQL, but I believe that an Mediumblob
can handle 16 Megabyte.. (I know have little more than a 1 MB..)
I will try some things tomorrow, but I can't find out what the problem is..
(Column size, PHP-Mysql string length limitation or maybe something I am
overlooking..)
I can though echo the query to screen and see that the uploaded file is
encoded to a very nice (large) text-string..
Any other suggestions are greatly appreciated.
With kind regards,
David Bouw
If I use the link to the file, i.e.
file//C:\filedir\file.pdf or .txt or whatever
how do I insert/update/delete the file since MySQL is holding only the
link?
BTW David, what are the properties of the field you are inserting to?
Could that be the problem?
-Kirk
Julio Nobrega Trabalhando [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Instead of uploading to Mysql, why don't you store the file at a
directory
and on Mysql only the path to it?
Retrieving files from the hard drive is much faster than doing the
same
on
Mysql, and also access to manipulation (insert, update, delete,
etc...)
--
Julio Nobrega.
Um dia eu chego lá:
http://sourceforge.net/projects/toca
Ajudei? Salvei? Que tal um presentinho?
http://www.submarino.com.br/wishlistclient.asp?wlid=664176742884
David Bouw [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I can't seem to figure out the following.
I use the http upload functions a lot, works great!!..
For some months now I have been using a small PHP program
which I use to upload PDF files of scanned documents and
insert them into a Mysql table..
Normally these files are small (250 kb), but I now have a
PDF of 1 MB... When uploading files I run the
function: chunk_split(base64_encode($binaryfile));
to encode it, this to transform the binary file to text.. (Works
great!!!)
When the query was called to insert the data, nothing happens, also
no error from mysql... Only think I can think of is that the mysql
query string is to long.. ?? (The data when encoded is about 1.3 MB
of text)..
This is the source code..
if (!($userfile_size == 0))
{$fd = fopen ($userfile, r);
$contents = fread ($fd, filesize ($userfile));
fclose ($fd);
unlink ($userfile);
echo Eerste RAW: .strlen($contents);
$encodes_data = chunk_split(base64_encode($contents));
$userfile_name = str_replace( , , $userfile_name);
echo strlen($encodes_data). - Displays text size BR;
//Works
right!
mysql ($databasename_boekhoud, insert mubo_boekhoud_images
(data,
originalname, groep, type)
values '$encodes_data', '$userfile_name', '$groep',
'$userfile_type'));
//
mysql_error(); //No error given..?
}
Any suggestions are very much appreciated...
With kind regards,
David Bouw
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Thinking out loud - a continuation...
On Wed, Mar 21, 2012 at 2:39 PM, Jay Blanchard
jay.blanch...@sigmaphinothing.org wrote:
...
I have a project where I have multiple queries and each query uses the
results from the previous query to get it's results. I need to do one of two
things, either out put a multidimensional array that I can use json_encode()
on or I have to format the output from the queries as a JSON string. The
resulting JSON will be used by a JavaScript widget and must be formed
correctly. I created the following array by hand:
$userList = array(John = array(
email = j...@demo.com,
website = www.john.com,
age = 22,
password = pass,
description = array(
hair = blonde,
eyes = blue,
build = medium
)),
Anna = array(
email = a...@demo.com,
website = www.anna.com,
age = 24,
password = pass,
description = array(
hair = brunette,
eyes = hazel,
build = petite
)
));
I ran it through json_encode() and got the following output
{John:{email:j...@demo.com,website:www.john.com,age:22,password:pass,description:{hair:blonde,eyes:blue,build:medium}},Anna:{email:a...@demo.com,website:www.anna.com,age:24,password:pass,description:{hair:brunette,eyes:hazel,build:petite}}}
jslint.com verifies this as good JSON (although I thought there had to be
square brackets around child arrays).
Speaking to your belief that arrays had to have square brackets,
json_encode examines the PHP array and only encodes sequential numbers
JSON arrays. Others (as in your case) are encoded as object literals:
http://php.net/manual/en/function.json-encode.php
That said, you can still access Javascript Object properties with
array access if you prefer in the client code:
http://www.quirksmode.org/js/associative.html
If you were me would you just generate the JSON? If not what is he best way
to output an array that will nest properly for each subsequent query?
Because of the options json_encode provides and the flexibility it
affords while in PHP, I would generate PHP and then always use
json_encode to generate the JSON as needed.
Adam
--
Nephtali: A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: sql injection protection
Re-read his example. He encodes the data in PHP. But decodes the data in SQL. So, if you echo the SQL statement, you would see a base64 encoded string that SQL then decodes. Got it this time! Up until reading your reply, I was reading Alex's example with my pseudo-code glasses. I did not realize that the decoding was being done by SQL! I though it was still in PHP. And that's where I got confused with the hey why not string casting it then and got into what's the difference situation. But, you were laser sharp on that! Thanks a bunch! as to the other issue, the one with utf-8 and mb_detect_encoding, not working for it - cause there are ways of getting around. I still don't get it. First q comes to mind, why the heck use mb_detect_encoding then if it can be hacked around? see what I'm saying. but i don't want to go off on a tangent.. all i'm trying to do is to safely protect myself from a possible sql injection by using the available filters and sanitizations and techniques but without the PDO. That's the requirement. No PDO. From the earlier recommendations, I understand PDO is the way to go - cause it effectively separates the sql code from the user input to make sure user input does not get executed.. that explanation ... i get that... no problems there... yes, do use PDO... but my question is not what's the safest way in general?. But rather, what's the safest way without the PDO? Without the PDO, it seems like b64'ing it will do the job! And since the data will be stored as clear text, the searches against that data will also work too. I can take this implementation and build my library function based on that - instead of making it 1- first check if the in user string is in utf-8, 2- reject the input if not in utf-8 3- accept the input if utf-8 and apply the applicable filters to it starting with filter_sanitize_string 4- and on top of that, also mysql_real_escape it but from what i understand, you guys are saying just don't do this, because it may be overcome and that's not because of the fact filter_sanitize_string or mysql_real_escape_string is not effective, but because of the fact that there is NO WAY to reliably detect whether the incoming user input is in utf-8 or not. On Thu, Jan 26, 2012 at 9:14 AM, Jim Lucas li...@cmsws.com wrote: On 01/26/2012 06:46 AM, Haluk Karamete wrote: when we do b64e and then back b64d, you are saying. we get the org input all as clear text but this time as a string. because it is now a string, (which by definition can not be executed) what's the difference between b64e+b64d vs (string) casting then? if you were to cast the original input into string using (string), wouldn't you be in the same shoes? Re-read his example. He encodes the data in PHP. But decodes the data in SQL. So, if you echo the SQL statement, you would see a base64 encoded string that SQL then decodes. also on another note, if you know the userinput is in UTF-8, ( you verify that by running mb_detect_encoding($str, 'UTF-8', true); ), is there a situation where you think mysql_real_escape_string would fail in SQLINjection against string based user input ? The reason I ask this about specifically for strings is because it is fairly easy to validate againsts integers,floats,booleans using the built in validation filters my biggest issue is on strings... also what do you think about filter_sanitize_string. read this: http://www.php.net/manual/en/filter.filters.sanitize.php Then read this: http://www.php.net/manual/en/filter.filters.flags.php It seems to me that filter_sanitize_string does not deal with anything other then ASCII. YMMV and finally, where do you think PHP community plus Rasmus is having a hard time implementing what you have in mind - that is a one liner that will do the inline string interpolation you are talking about.. what's the issue that it hasn't been done before? On Tue, Jan 24, 2012 at 1:45 PM, Alex Nikitinniks...@gmail.com wrote: You don't need to store it in the database as b64, just undo the encoding into your inputs for the purpose of the explanation, this is language independent b64e - encoding function b64d - decoding function pseudo code given: bad_num = ') union select * from foo --' bad_str = good_num = 123456 good_str = some searchable text the b64 way: bad_num=b64e(bad_num) ... good_str=b64e(good_str) inserts: query(insert into foo (num, str) values (b64d(\+bad_num+\), b64d(\+bad_str+\))); query(insert into foo (num, str) values (b64d(\+good_num+\), b64d(\+good_str+\))); Can you see that this will safely insert clear text into the database? This is because when you convert anything from b64, it will return from the function as a string and will not be executed as code... Now let's try a search: bad_num= '1 or 2 not like 5' bad_str = ' or \40oz\ like \40oz\ again we: bad_num=b64e(bad_num) bad_str=b64e(bad_str) then we can
[PHP] Re: PHP] can't pass complete URL (part of the query string)
Chris - Tried that -- I have urlencode in the script that sends the url and I have url encode right below the form action -- ref is getting cut off at the first ampersand - regardless: where: form action=http://embitec.com/fishcart/email.php?ref=http://embitec.com/fishcart/displayem.php3?cat=5olimit=0zid=1lid=1; method=post and: input type=hidden name=ref value? php echo rawurlencode($ref); ? or even input type=hidden name=ref value? php echo rawurlencode($_GET['ref']); ? yields: input type=hidden name=ref value=http%3A%2F%2Fembitec.com%2Ffishcart%2Fdisplayem.php3%3Fcat%3D4 still cutting off everything after the ampersand..?? Best, Nicole form action=http://embitec.com/fishcart/email.php?ref=http://embitec.com/fishcart/displayem.php3?cat=5olimit=0zid=1lid=1; method=post There is your problem right there. Here are the variables you are passing: ref=http://embitec.com/fishcart/displayem.php3?cat=5 olimit=0 zid=1 lid=1 The URL you want to set ref to needs to be URL encoded. You can use rawurlencode() to achieve this. You will know you have it right when your HTML form tag looks like this: form action=http://embitec.com/fishcart/email.php?ref=http%3A%2F%2Fembitec.com%2Ffishcart%2Fdisplayem.php3%3Fcat%3D5%26olimit%3D0%26zid%3D1%26lid%3D1; method=post Hope that helps. Chris -- Nicole Lallande [EMAIL PROTECTED] 760.753.6766 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] saving form data
On Monday 23 February 2004 02:51 pm, Charlie Fiskeaux II wrote: Richard Davey wrote: CFI It's just a matter of development time; if there's a way to CFI use the Perl mail script with a PHP data saving script, it CFI would save time. If I do have to rewrite the whole thing in CFI PHP, how would I accept uploaded file attachments and attach CFI them to the emailed form results? Then how about in reverse? Add something to the end of the Perl script that passes the values to a PHP script? It could even do it via the query string, maybe also passing an md5 encoded password that only your two scripts know (in order to stop someone spoofing your script). I don't think that would work because they will need to save without sending the form. But I had thought about the reverse: a PHP script that saves the data and then possibly passes it on to the Perl script. Do you or anyone else know how to pass on form results in PHP to another script? (Like I said, I'm pretty new to PHP...) Well you could try using an HTTP 302 Found or 307 Temporary Redirect, but IIRC clients must not redirect the request unless the response is received in response to a GET or HEAD request, so you'd have to use GET. I seem to remember reading something about uploading files, which is kinda difficult with GET... Possibly your best option would be to send a POST request through the HTTPD via a socket- there are libraries out there to help you do this easily, try PEAR, hotscripts, phpclasses, etc. Thanks! -- Charlie Fiskeaux II Media Designer Cre8tive Group cre8tivegroup.com 859/858-9054x29 cell: 859/608-9194 -- Evan Nemerson [EMAIL PROTECTED] http://coeusgroup.com/en -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Secure data management
On Tue, Oct 4, 2011 at 4:11 PM, Stuart Dallas stu...@3ft9.com wrote: On 5 Oct 2011, at 00:04, Mark Kelly wrote: Hi. On Tuesday 04 Oct 2011 at 21:39 Stuart Dallas wrote: http://stut.net/2011/09/15/mysql-real-escape-string-is-not-enough/ Thanks. I followed this link through and read the full message (having missed it the first time round), and while I find the idea of using base64 to sanitise text interesting I can also forsee a few difficulties: It would prevent anyone from accessing the database directly and getting meaningful results unless the en/decode is in triggers, or maybe stored procedures. No more one-off command-line queries. How would you search an encoded column for matching text? I'd be interested in any ideas folk have about these issues, or any others they can envisage with this proposal. Base64 encoding will work when the native base64 functions are available in MySQL which will allow you to base64 encode the data into a statement like INSERT INTO table SET field = FROM_BASE64(?php echo base64_encode($data); ?) sorta thing. I'm still not a massive fan of that idea given that prepared statements are an option, but it would work. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- Inserting and updating isn't the problem. I think Mark referring to is how would that be implemented in this simple type of query: SELECT * FROM my_table WHERE col_name LIKE '%key word%'; If there's no viable mean to filter the data, that storage method/medium is rather pointless, IMHO.
Re: [PHP] Re: Secure data management
On 5 Oct 2011, at 00:45, Tommy Pham wrote: On Tue, Oct 4, 2011 at 4:11 PM, Stuart Dallas stu...@3ft9.com wrote: On 5 Oct 2011, at 00:04, Mark Kelly wrote: Hi. On Tuesday 04 Oct 2011 at 21:39 Stuart Dallas wrote: http://stut.net/2011/09/15/mysql-real-escape-string-is-not-enough/ Thanks. I followed this link through and read the full message (having missed it the first time round), and while I find the idea of using base64 to sanitise text interesting I can also forsee a few difficulties: It would prevent anyone from accessing the database directly and getting meaningful results unless the en/decode is in triggers, or maybe stored procedures. No more one-off command-line queries. How would you search an encoded column for matching text? I'd be interested in any ideas folk have about these issues, or any others they can envisage with this proposal. Base64 encoding will work when the native base64 functions are available in MySQL which will allow you to base64 encode the data into a statement like INSERT INTO table SET field = FROM_BASE64(?php echo base64_encode($data); ?) sorta thing. I'm still not a massive fan of that idea given that prepared statements are an option, but it would work. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- Inserting and updating isn't the problem. I think Mark referring to is how would that be implemented in this simple type of query: SELECT * FROM my_table WHERE col_name LIKE '%key word%'; If there's no viable mean to filter the data, that storage method/medium is rather pointless, IMHO. Go back and read what I wrote again. Base64 is only being used to transmit the data to MySQL - it's being stored in the database in its decoded form. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/
Re: [PHP] Selecting Rows Based on Row Values Being in Array
kvigor wrote:
Jim,
Please excuse the ignorance, I'm a newbie, but I'm only use to simple
SELECT, INSERT statements.
Your original code: $SQL = SELECT * FROM my_Table WHERE CONCAT(value1,
value2, value3) IN ('.join(',', $list).')
This can be broken down into smaller parts so to explain by example.
# This is to clean the input values for the SQL statement
function mysql_clean($value) {
return mysql_real_escape_string($value);
}
# Define your list of values to compare to
$list = array(
'6blue40lbs',
'7orange50lbs',
'8orange60lbs',
'9purple70lbs',
);
# You will want to do something like this with the values of the $list
# array just to make sure they are clean: reference the function above
array_walk($list, 'mysql_clean');
# This will return a string formated like this.
# '6blue40lbs','7orange50lbs','8orange60lbs','9purple70lbs'
$IN_VALUE = '.join(',', $list).';
$SQL = SELECT *
FROMmy_Table
WHERE CONCAT(value1, value2, value3)
IN ({$IN_VALUE});
# The final query string will look like this
SELECT *
FROMmy_Table
WHERE CONCAT(value1, value2, value3)
IN ('6blue40lbs','7orange50lbs','8orange60lbs','9purple70lbs')
# Now run this through your query function and get the results
$results = mysql_query($SQL) OR die('SQL Failure: '.$SQL);
So basically what we have is a comparison that is based off the output
of the CONCAT() function that creates one string out of value1, value2,
value3 and then compares that with each of the values listed within the
parenthesis. the IN (...) part of the SQL statement tells SQL that it
is getting a list of values that it should compare the concat() value
against.
Doing it this way, will allow you to only run one query instead of
running one per value that you want to compare against. As you can
tell, as your data set grows your multiple queries would drag your DB to
a halt
Hope this explains it.
Let me know if you need further explanation.
OK, I get everything up to the ('''.join(''','''$list).''')
I'm guessing that the .join( ). putting together some values, but I don't
know what
also the .join( ). is to be preceded by something... I don't know what.
//Forgive my ignorance, I'll can get it.
Also the .join( ). what is this doing I looked at the PHP and MySQL function
of each, and haven't seen comparable code.
I'm asking because I don't know where we're telling the code to compare the
values.
You stated...
and create one string from them
Where do I give the name to the string?
So this is where I am so far:
$sql = SELECT* FROM table WHERE CONCAT(size,color,weight) IN( );
Jim Lucas [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
K. Hayes wrote:
Will do. Thanks.
- Original Message - From: Jim Lucas [EMAIL PROTECTED]
To: kvigor [EMAIL PROTECTED]
Cc: php-general@lists.php.net
Sent: Saturday, June 30, 2007 1:46 AM
Subject: Re: [PHP] Selecting Rows Based on Row Values Being in Array
kvigor wrote:
Hello All,
I'm attempting to return rows from a mysql DB based on this criteria:
I have a list, in the form of an array that I need to compare against
each row
in the table. Where theres a match I need that entire row returned.
e.g.$varListof 3outOf_10Fields = array(6blue40lbs, 7orange50lbs,
8orange60lbs, 9purple70lbs);
The array contains 3 of the db row fields in 1 value. However there are
10 fields/columns in the table.
===
what table looks like |
===
size colorweight
ROW 1| value1 | value1 | value1 | value1 | value1 | value1 |
So how could I set up a query that would SELECT the entire row, if the
row contained $varListof 3outOf_10Fields[1].
Open to any suggestions or work arounds. I'm playing with extract()
but code is too crude to even post.
I would suggest approaching the problem with a slightly different
thought.
just have the sql concat() the columns together and then compare.
something like this should do the trick
$list = array(
'6blue40lbs',
'7orange50lbs',
'8orange60lbs',
'9purple70lbs',
);
$SQL =
SELECT *
FROM my_Table
WHERE CONCAT(value1, value2, value3) IN ('.join(',', $list).')
;
mysql_query($SQL);
this should take, for each row in the DB, value1 + value2 + value3 and
create one string from them, then it will compare each string in the
IN (...) portion to each entry in the $list array().
Let me know if you need any further help
one other thing, make sure that you run each of the values in the $list
array() through mysql_real_escape_string(). That way it is all nicely
encoded for the SQL statement.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Help! Made a boo-boo encrypting credit cards
2011/3/4 Nisse Engström news.nospam.0ixbt...@luden.se:
On Fri, 11 Feb 2011 14:42:18 -0800, Brian Dunning wrote:
Hey all -
I'm using mcrypt to store credit cards into MySQL. About 90%
of them decrypt fine, but about 10% decrypt as nonsense
(b1�\�JEÚU�A��� is a good example). Maybe there is a
character that appears in about 10% of my encryptions that's
not being encoded properly???
Can you come up with a phony CC number that fails the
decryption? If so, please post:
$cc_number
binhex($iv)
binhex($cc_encrypt)
binhex($row['encrypt_iv']))
binhex($row['cc_encrypt']))
More below...
// Encryption is set up at the top of the script:
$crypto = mcrypt_module_open('rijndael-256', '', 'ofb', '');
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($crypto), MCRYPT_DEV_RANDOM);
$ks = mcrypt_enc_get_key_size($crypto);
$key = substr(md5('my_funky_term'), 0, $ks);
// When the card number is collected by the form, it's encrypted:
$cc_number = addslashes($_POST['cc_number']);
mcrypt_generic_init($crypto, $key, $iv);
$cc_encrypt = mcrypt_generic($crypto, $cc_number);
mcrypt_generic_deinit($crypto);
// This is written to the database:
$query = update accounts set cc_encrypt='$cc_encrypt', encrypt_iv='$iv',
other_fields='$other_stuff' where id='$account_id' limit 1;
$result = mysql_query($query) or die(mysql_error());
No mysql_real_escape_string()?
Both the cc_encrypt and encrypt_iv fields are tinytext, latin1_swedish_ci,
MyISAM, MySQL 5.0.91
Why are you using text fields for storing binary data?
Sounds like this could go horribly wrong for a number
or reasons.
In another script, when I retrieve, I first set it up at the top of the
script exactly like step #1 above, then retrieve it like this:
mcrypt_generic_init($crypto, $key, $row['encrypt_iv']);
$cc_number = trim(mdecrypt_generic($crypto, $row['cc_encrypt']));
mcrypt_generic_deinit($crypto);
/Nisse
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Considering their is no validation of the credit card number, you
could just use a random string of numbers starting with 99.
According to
http://en.wikipedia.org/wiki/List_of_Bank_Identification_Numbers#References,
nothing starts with 99.
--
Richard Quadling
Twitter : EE : Zend
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Secure data management
On Tue, Oct 4, 2011 at 4:49 PM, Stuart Dallas stu...@3ft9.com wrote:
On 5 Oct 2011, at 00:45, Tommy Pham wrote:
On Tue, Oct 4, 2011 at 4:11 PM, Stuart Dallas stu...@3ft9.com wrote:
On 5 Oct 2011, at 00:04, Mark Kelly wrote:
Hi.
On Tuesday 04 Oct 2011 at 21:39 Stuart Dallas wrote:
http://stut.net/2011/09/15/mysql-real-escape-string-is-not-enough/
Thanks. I followed this link through and read the full message (having
missed
it the first time round), and while I find the idea of using base64 to
sanitise text interesting I can also forsee a few difficulties:
It would prevent anyone from accessing the database directly and getting
meaningful results unless the en/decode is in triggers, or maybe stored
procedures. No more one-off command-line queries.
How would you search an encoded column for matching text?
I'd be interested in any ideas folk have about these issues, or any
others
they can envisage with this proposal.
Base64 encoding will work when the native base64 functions are available
in MySQL which will allow you to base64 encode the data into a statement
like INSERT INTO table SET field = FROM_BASE64(?php echo
base64_encode($data); ?) sorta thing. I'm still not a massive fan of that
idea given that prepared statements are an option, but it would work.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
--
Inserting and updating isn't the problem. I think Mark referring to is how
would that be implemented in this simple type of query:
SELECT * FROM my_table WHERE col_name LIKE '%key word%';
If there's no viable mean to filter the data, that storage method/medium is
rather pointless, IMHO.
Go back and read what I wrote again. Base64 is only being used to transmit
the data to MySQL - it's being stored in the database in its decoded form.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
The question still applies as how would you safeguard that 'key word'
transmission, especially against SQL injection. I suppose one could do it
this way:
SELECT * FROM my_table WHERE col_name LIKE CONCAT('%', FROM_BASE64(?php
echo base64_encode($data); ?), '%')
Is the overhead worth it to warrant that kind of safeguard? That's just a
simple query with a simple search criteria. What about in the case of
subselect and multi-table joins?
Re: [PHP] Selecting Rows Based on Row Values Being in Array
Jim,
Please excuse the ignorance, I'm a newbie, but I'm only use to simple
SELECT, INSERT statements.
Your original code: $SQL = SELECT * FROM my_Table WHERE CONCAT(value1,
value2, value3) IN ('.join(',', $list).')
OK, I get everything up to the ('''.join(''','''$list).''')
I'm guessing that the .join( ). putting together some values, but I don't
know what
also the .join( ). is to be preceded by something... I don't know what.
//Forgive my ignorance, I'll can get it.
Also the .join( ). what is this doing I looked at the PHP and MySQL function
of each, and haven't seen comparable code.
I'm asking because I don't know where we're telling the code to compare the
values.
You stated...
and create one string from them
Where do I give the name to the string?
So this is where I am so far:
$sql = SELECT* FROM table WHERE CONCAT(size,color,weight) IN( );
Jim Lucas [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
K. Hayes wrote:
Will do. Thanks.
- Original Message - From: Jim Lucas [EMAIL PROTECTED]
To: kvigor [EMAIL PROTECTED]
Cc: php-general@lists.php.net
Sent: Saturday, June 30, 2007 1:46 AM
Subject: Re: [PHP] Selecting Rows Based on Row Values Being in Array
kvigor wrote:
Hello All,
I'm attempting to return rows from a mysql DB based on this criteria:
I have a list, in the form of an array that I need to compare against
each row
in the table. Where theres a match I need that entire row returned.
e.g.$varListof 3outOf_10Fields = array(6blue40lbs, 7orange50lbs,
8orange60lbs, 9purple70lbs);
The array contains 3 of the db row fields in 1 value. However there are
10 fields/columns in the table.
===
what table looks like |
===
size colorweight
ROW 1| value1 | value1 | value1 | value1 | value1 | value1 |
So how could I set up a query that would SELECT the entire row, if the
row contained $varListof 3outOf_10Fields[1].
Open to any suggestions or work arounds. I'm playing with extract()
but code is too crude to even post.
I would suggest approaching the problem with a slightly different
thought.
just have the sql concat() the columns together and then compare.
something like this should do the trick
$list = array(
'6blue40lbs',
'7orange50lbs',
'8orange60lbs',
'9purple70lbs',
);
$SQL =
SELECT *
FROM my_Table
WHERE CONCAT(value1, value2, value3) IN ('.join(',', $list).')
;
mysql_query($SQL);
this should take, for each row in the DB, value1 + value2 + value3 and
create one string from them, then it will compare each string in the
IN (...) portion to each entry in the $list array().
Let me know if you need any further help
one other thing, make sure that you run each of the values in the $list
array() through mysql_real_escape_string(). That way it is all nicely
encoded for the SQL statement.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
php-general Digest 5 Oct 2011 07:40:35 -0000 Issue 7505
what is happening and why the better your software will be. In this particular case, the slashes are designed to mark quotes as part of the data and not the end of the data. For example... this is an unescaped string containing a quotation mark The MySQL parser will see the in the middle and decide that that's the end of the data. However... this is an escaped string containing \ a quotation mark The parser will see the \ before the and that tells it the quote is part of the data. Because the \ is only there to tell it that it doesn't get left in the data when it's pushed into the database. But escaping quotes (i.e. addslashes) is not enough to protect against SQL injection, and neither is mysql_real_escape_string as Shawn suggested. Prepared statements are the best option. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/---End Message--- ---BeginMessage--- Hi. On Tuesday 04 Oct 2011 at 21:39 Stuart Dallas wrote: http://stut.net/2011/09/15/mysql-real-escape-string-is-not-enough/ Thanks. I followed this link through and read the full message (having missed it the first time round), and while I find the idea of using base64 to sanitise text interesting I can also forsee a few difficulties: It would prevent anyone from accessing the database directly and getting meaningful results unless the en/decode is in triggers, or maybe stored procedures. No more one-off command-line queries. How would you search an encoded column for matching text? I'd be interested in any ideas folk have about these issues, or any others they can envisage with this proposal. Cheers, Mark ---End Message--- ---BeginMessage--- On 5 Oct 2011, at 00:04, Mark Kelly wrote: Hi. On Tuesday 04 Oct 2011 at 21:39 Stuart Dallas wrote: http://stut.net/2011/09/15/mysql-real-escape-string-is-not-enough/ Thanks. I followed this link through and read the full message (having missed it the first time round), and while I find the idea of using base64 to sanitise text interesting I can also forsee a few difficulties: It would prevent anyone from accessing the database directly and getting meaningful results unless the en/decode is in triggers, or maybe stored procedures. No more one-off command-line queries. How would you search an encoded column for matching text? I'd be interested in any ideas folk have about these issues, or any others they can envisage with this proposal. Base64 encoding will work when the native base64 functions are available in MySQL which will allow you to base64 encode the data into a statement like INSERT INTO table SET field = FROM_BASE64(?php echo base64_encode($data); ?) sorta thing. I'm still not a massive fan of that idea given that prepared statements are an option, but it would work. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/---End Message--- ---BeginMessage--- On Tue, Oct 4, 2011 at 4:11 PM, Stuart Dallas stu...@3ft9.com wrote: On 5 Oct 2011, at 00:04, Mark Kelly wrote: Hi. On Tuesday 04 Oct 2011 at 21:39 Stuart Dallas wrote: http://stut.net/2011/09/15/mysql-real-escape-string-is-not-enough/ Thanks. I followed this link through and read the full message (having missed it the first time round), and while I find the idea of using base64 to sanitise text interesting I can also forsee a few difficulties: It would prevent anyone from accessing the database directly and getting meaningful results unless the en/decode is in triggers, or maybe stored procedures. No more one-off command-line queries. How would you search an encoded column for matching text? I'd be interested in any ideas folk have about these issues, or any others they can envisage with this proposal. Base64 encoding will work when the native base64 functions are available in MySQL which will allow you to base64 encode the data into a statement like INSERT INTO table SET field = FROM_BASE64(?php echo base64_encode($data); ?) sorta thing. I'm still not a massive fan of that idea given that prepared statements are an option, but it would work. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- Inserting and updating isn't the problem. I think Mark referring to is how would that be implemented in this simple type of query: SELECT * FROM my_table WHERE col_name LIKE '%key word%'; If there's no viable mean to filter the data, that storage method/medium is rather pointless, IMHO. ---End Message--- ---BeginMessage--- On 5 Oct 2011, at 00:45, Tommy Pham wrote: On Tue, Oct 4, 2011 at 4:11 PM, Stuart Dallas stu...@3ft9.com wrote: On 5 Oct 2011, at 00:04, Mark Kelly wrote: Hi. On Tuesday 04 Oct 2011 at 21:39 Stuart Dallas wrote: http://stut.net/2011/09/15/mysql-real-escape-string-is-not-enough/ Thanks. I followed this link through and read the full message (having missed it the first time round), and while I find the idea of using base64 to sanitise text interesting I can also forsee a few difficulties
php-general Digest 25 May 2011 14:38:59 -0000 Issue 7328
tried it n i can send the string without error i
tried it:
$query1=select * from patient where id=.$_POST['txt'];
it works! after i found my error i tried it 2 n it was right!!!
---End Message---
---BeginMessage---
On Tue, 24 May 2011 23:47:47 +0700, Paul S pau...@roadrunner.com wrote:
On Tue, 24 May 2011 21:09:34 +0700, Richard S. Crawford
rscrawf...@mossroot.com wrote:
On Tue, May 24, 2011 at 6:51 AM, Paul S pau...@roadrunner.com wrote:
I'd like to check a table to retrieve rows for which one field equals
one
of a set of values
#get products(fields) in category list
while ($row = $db_connect-fetch_array($productsincategory_list)) {
$product = $row ['selection'];
$fields = $fields . $product,;
}
$fields = substr($fields,'',-1);
## echo $fieldsbrbr;
## $fields = Prod1, ProD2, Prod3
This ...
$db_connect-fetch_array($sql_result);
$store_result = $db_connect-query(select * from $sql_usertable WHERE
(($sql_usertable.product1 = '($fields)')||( $sql_usertable.product2 =
'($fields)')||($sql_usertable.product3 = '($fields)')) order by id desc
limit $entry, $entries_per_page);
doesn't work. It selects nothing (obviously because no single field
equals
' (Prod1, Prod2, Prod3) '). But it's the idea. Can I change the:
= '($fields)'
syntax I'm trying?
The actual select checks more fields for this or that and gets more
complicated so I'd like to keep this as simple
as possible. I would like to do this without UNIONS (in one pass) if
possible (my
dbsql.php doesn't seem to go beyond regular query).
Try in:
where productx in (Prod1, Prod2, Prod3)
THANKS. You saved me another day of frustration trying UNION! :-)
In addition your answer also got me here:
http://dev.mysql.com/doc/refman/4.1/en/comparison-operators.html
Except when $fields = '' (blank) MySql error. Can put in if but leaves
an undefined resource (warning). Any way to initialize a resourse?
($store_result = $db_connect-query)?
--
Using Opera's revolutionary email client: http://www.opera.com/mail/
---End Message---
---BeginMessage---
Hi,
Since a UTF-8 is a multi-bytes mechanism I get for 2 or 3 bytes UTF-8
encoded character a single character
How can it be break into the REAL bytes array that represent the UTF-8
string
and how can we reassembled the bytes array back to UTF-8?
--
Best Regards,
*Eli Orr*
CTO Founder
*LogoDial Ltd.*
__
---End Message---
Re: [PHP] File To Blob Corruption
Hi, Could it have something to do with an eof character being encoded or
something like that? Do you really need to store the files in the DB? It
uses more processing power if stored in the DB because on retrieval, you
have to unescape the string and return it. Modern filesystems are optimised
better for files than databases and storing a filename and returning the
contents is easier to implement than retrieving it from the DB...
http://forums.codewalkers.com/php-applications-45/upload-image-file-to-mysql-as-blob-849194.html
++Tim Hinnerk Heuer++
http://www.ihostnz.com
2009/11/15 Don Wieland d...@dwdataconcepts.com
Hello,
I am trying to create an UPLOAD page to Update a Images and PDFs into a
BLOB field in mySQL. The image keeps getting corrupted (it draws a portion
of the image and the rest is GRAY) We tried it with Safari and Firefox with
bad results.
Here is the form that is used to browse and select the file.
!-- Upload Image dialog --
div id=uploadImage
div id=llback/div
centerdiv id=uploadForm
div id=uploadTitleUpload Thumbnail image/div
iframe name=saveImage/iframe
bPlease select the thumbnail image, then press Upload./b
div
style=margin-top:14px;margin-bottom:14px;text-align:center;width:100%
form target=saveImage method=post action=ajax/saveDialog.php
enctype=multipart/form-data
Select Thumbnail: input type=file name=img id=img
accept=image/jpeg //div
input type=hidden name=obj value=uploadImage /
input type=hidden name=id value=?php echo $Area_id ? /
input type=button value=Upload
onclick=saveDialog('uploadImage','img','jpg'); input type=button
value=Cancel onclick=cancelDialog('uploadImage','img')
/form
/div/center
/div
Here is the QUERY to upload the image (saveDialog.php):
if($_POST['obj'] == uploadImage) {
$file =
$db-real_escape_string(file_get_contents($_FILES['img']['tmp_name']));
$db-query(UPDATE Areas SET Image = '$file') or die(1.$db-error);
Has anyone else ever run into this type of UPDATE error with images and
PDF? We really need to get this dealt with ASAP.
Thanks!
Don Wieland
D W D a t a C o n c e p t s
~
d...@dwdataconcepts.com
Direct Line - (949) 305-2771
Integrated data solutions to fit your business needs.
Need assistance in dialing in your FileMaker solution? Check out our
Developer Support Plan at:
http://www.dwdataconcepts.com/DevSup.html
Appointment 1.0v9 - Powerful Appointment Scheduling for FileMaker Pro 9 or
higher
http://www.appointment10.com
For a quick overview -
http://www.appointment10.com/Appt10_Promo/Overview.html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] File To Blob Corruption
On Sun, 2009-11-15 at 16:43 +1300, German Geek wrote:
Hi, Could it have something to do with an eof character being encoded or
something like that? Do you really need to store the files in the DB? It
uses more processing power if stored in the DB because on retrieval, you
have to unescape the string and return it. Modern filesystems are optimised
better for files than databases and storing a filename and returning the
contents is easier to implement than retrieving it from the DB...
http://forums.codewalkers.com/php-applications-45/upload-image-file-to-mysql-as-blob-849194.html
++Tim Hinnerk Heuer++
http://www.ihostnz.com
2009/11/15 Don Wieland d...@dwdataconcepts.com
Hello,
I am trying to create an UPLOAD page to Update a Images and PDFs into a
BLOB field in mySQL. The image keeps getting corrupted (it draws a portion
of the image and the rest is GRAY) We tried it with Safari and Firefox with
bad results.
Here is the form that is used to browse and select the file.
!-- Upload Image dialog --
div id=uploadImage
div id=llback/div
centerdiv id=uploadForm
div id=uploadTitleUpload Thumbnail image/div
iframe name=saveImage/iframe
bPlease select the thumbnail image, then press Upload./b
div
style=margin-top:14px;margin-bottom:14px;text-align:center;width:100%
form target=saveImage method=post action=ajax/saveDialog.php
enctype=multipart/form-data
Select Thumbnail: input type=file name=img id=img
accept=image/jpeg //div
input type=hidden name=obj value=uploadImage /
input type=hidden name=id value=?php echo $Area_id ? /
input type=button value=Upload
onclick=saveDialog('uploadImage','img','jpg'); input type=button
value=Cancel onclick=cancelDialog('uploadImage','img')
/form
/div/center
/div
Here is the QUERY to upload the image (saveDialog.php):
if($_POST['obj'] == uploadImage) {
$file =
$db-real_escape_string(file_get_contents($_FILES['img']['tmp_name']));
$db-query(UPDATE Areas SET Image = '$file') or die(1.$db-error);
Has anyone else ever run into this type of UPDATE error with images and
PDF? We really need to get this dealt with ASAP.
Thanks!
Don Wieland
D W D a t a C o n c e p t s
~
d...@dwdataconcepts.com
Direct Line - (949) 305-2771
Integrated data solutions to fit your business needs.
Need assistance in dialing in your FileMaker solution? Check out our
Developer Support Plan at:
http://www.dwdataconcepts.com/DevSup.html
Appointment 1.0v9 - Powerful Appointment Scheduling for FileMaker Pro 9 or
higher
http://www.appointment10.com
For a quick overview -
http://www.appointment10.com/Appt10_Promo/Overview.html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Like someone mentioned on the link you posted; storing the images in the
database does offer a layer of security, as database access is far
easier to control than file access.
Thanks,
Ash
http://www.ashleysheridan.co.uk
Re: [PHP] Re: Secure data management
On 5 Oct 2011, at 01:13, Tommy Pham wrote:
On Tue, Oct 4, 2011 at 4:49 PM, Stuart Dallas stu...@3ft9.com wrote:
On 5 Oct 2011, at 00:45, Tommy Pham wrote:
On Tue, Oct 4, 2011 at 4:11 PM, Stuart Dallas stu...@3ft9.com wrote:
On 5 Oct 2011, at 00:04, Mark Kelly wrote:
Hi.
On Tuesday 04 Oct 2011 at 21:39 Stuart Dallas wrote:
http://stut.net/2011/09/15/mysql-real-escape-string-is-not-enough/
Thanks. I followed this link through and read the full message (having
missed
it the first time round), and while I find the idea of using base64 to
sanitise text interesting I can also forsee a few difficulties:
It would prevent anyone from accessing the database directly and getting
meaningful results unless the en/decode is in triggers, or maybe stored
procedures. No more one-off command-line queries.
How would you search an encoded column for matching text?
I'd be interested in any ideas folk have about these issues, or any others
they can envisage with this proposal.
Base64 encoding will work when the native base64 functions are available in
MySQL which will allow you to base64 encode the data into a statement like
INSERT INTO table SET field = FROM_BASE64(?php echo base64_encode($data);
?) sorta thing. I'm still not a massive fan of that idea given that
prepared statements are an option, but it would work.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
--
Inserting and updating isn't the problem. I think Mark referring to is how
would that be implemented in this simple type of query:
SELECT * FROM my_table WHERE col_name LIKE '%key word%';
If there's no viable mean to filter the data, that storage method/medium is
rather pointless, IMHO.
Go back and read what I wrote again. Base64 is only being used to transmit
the data to MySQL - it's being stored in the database in its decoded form.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
The question still applies as how would you safeguard that 'key word'
transmission, especially against SQL injection. I suppose one could do it
this way:
SELECT * FROM my_table WHERE col_name LIKE CONCAT('%', FROM_BASE64(?php
echo base64_encode($data); ?), '%')
Is the overhead worth it to warrant that kind of safeguard? That's just a
simple query with a simple search criteria. What about in the case of
subselect and multi-table joins?
That would indeed be logical if base64 was your chosen method of protection,
but I think prepared statements are a far more elegant solution. As for the
overhead I very much doubt there's much difference between that and the
overhead of prepared statements.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
Re: [PHP] Re: Secure data management
On Tue, Oct 4, 2011 at 5:51 PM, Stuart Dallas stu...@3ft9.com wrote:
On 5 Oct 2011, at 01:13, Tommy Pham wrote:
On Tue, Oct 4, 2011 at 4:49 PM, Stuart Dallas stu...@3ft9.com wrote:
On 5 Oct 2011, at 00:45, Tommy Pham wrote:
On Tue, Oct 4, 2011 at 4:11 PM, Stuart Dallas stu...@3ft9.com wrote:
On 5 Oct 2011, at 00:04, Mark Kelly wrote:
Hi.
On Tuesday 04 Oct 2011 at 21:39 Stuart Dallas wrote:
http://stut.net/2011/09/15/mysql-real-escape-string-is-not-enough/
Thanks. I followed this link through and read the full message (having
missed
it the first time round), and while I find the idea of using base64 to
sanitise text interesting I can also forsee a few difficulties:
It would prevent anyone from accessing the database directly and
getting
meaningful results unless the en/decode is in triggers, or maybe stored
procedures. No more one-off command-line queries.
How would you search an encoded column for matching text?
I'd be interested in any ideas folk have about these issues, or any
others
they can envisage with this proposal.
Base64 encoding will work when the native base64 functions are available
in MySQL which will allow you to base64 encode the data into a statement
like INSERT INTO table SET field = FROM_BASE64(?php echo
base64_encode($data); ?) sorta thing. I'm still not a massive fan of that
idea given that prepared statements are an option, but it would work.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
--
Inserting and updating isn't the problem. I think Mark referring to is
how would that be implemented in this simple type of query:
SELECT * FROM my_table WHERE col_name LIKE '%key word%';
If there's no viable mean to filter the data, that storage method/medium
is rather pointless, IMHO.
Go back and read what I wrote again. Base64 is only being used to transmit
the data to MySQL - it's being stored in the database in its decoded form.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
The question still applies as how would you safeguard that 'key word'
transmission, especially against SQL injection. I suppose one could do it
this way:
SELECT * FROM my_table WHERE col_name LIKE CONCAT('%', FROM_BASE64(?php
echo base64_encode($data); ?), '%')
Is the overhead worth it to warrant that kind of safeguard? That's just a
simple query with a simple search criteria. What about in the case of
subselect and multi-table joins?
That would indeed be logical if base64 was your chosen method of
protection, but I think prepared statements are a far more elegant solution.
As for the overhead I very much doubt there's much difference between that
and the overhead of prepared statements.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
IIRC, prepared statements doesn't incur any overhead. Instead, it's
supposed to enhance performance by telling SQL to 'prepare' via
compilation. So if you're comparing performance between the overhead of
base64 vs prepared statement, then the difference would be quite clear,
especially when the table(s) is/are more than a couple hundred thousand rows
and the queri(es) are complex. This is not mention the added complexity
into the application where managing and expanding it would incur real
(developer time) overhead, IMO.
php-general Digest 25 Oct 2008 22:28:28 -0000 Issue 5755
Robles, California, Central Coast, USA Cabernet Sauvignon etc and create a query which would return the data like this: Liberty School Chardonnay (USA, California, Central Coast) 2007, 2006, 2005, 2004, 2003, 2002, 2001, 2000, 1997, 1985 Liberty School Cabernet Sauvignon (USA, California) 2006, 2005, 2004, 2003, 2002, 2001, 2000, 1999, 1998, 1997, 1996, 1995, 1990, 1982, 1976 Liberty School Cabernet Sauvignon (USA, California, Central Coast, Paso Robles) 2005, 1993 Liberty School Cabernet Sauvignon (USA, California, Sonoma County) 2003, 1984 Basically I somehow need to do a GROUP BY producer, and yet somehow at the same time, find out all the matching vintages (years), that go along with that group and return them the same time the producer group is returned. Right now, my PHP/SQL query string is: $query = 'SELECT * FROM wine WHERE MATCH(producer, varietal, appellation, designation, region, vineyard, subregion, country, vintage) AGAINST ( ' . $combostring . ' IN BOOLEAN MODE ) ORDER BY ' . $orderby . ', producer ASC LIMIT 0,100'; This produced the first list you see at the top of this email. Any help is greatly appreciated. ---End Message--- ---BeginMessage--- Basically I somehow need to do a GROUP BY producer, and yet somehow at the same time, find out all the matching vintages (years), that go along with that group and return them the same time the producer group is returned. If I'm following you correctly, you have a column year in your group, and rather than returning just one year in your result set, you would like every year in the group. This can be accomplished with the group_concat() [1] function: SELECT field1,field2,field3, GROUP_CONCAT(distint year) as years FROM table WHERE conditions GROUP BY foo; [1] http://dev.mysql.com/doc/refman/5.0/en/group-by-functions.html#function_group-concat -- GREG. ---End Message--- ---BeginMessage--- On Oct 23, 2008, at 2:10 PM, Jochem Maas wrote: The order is reversed, so if $host has a non-zero length, it is not escaped. first thing that I noticed, second wondering why no charset was specified, thirdly was wondering why it's not plain: $host = htmlentities($host); but nonetheless your point stands, :-) Yeah, fair enough. To my credit, I also noticed the problem without spending more than a second or two on that line, but I also recognized how it could be missed. To me, it's similar to missing when someone calls a functions and gets the order of arguments wrong. You can tell what they meant, so the error doesn't stand out as boldly. Perhaps subconsciously you anticipate that they're right, because in most of the code, they are. The challenge of being perfect is why I've developed a number of tools to help me out. I'm going to release one of the best of these as open source in a few months. I might mention that on this list, since it seems appropriate. Hopefully no one will mind the advertising too much. :-) now about that charset ... your blog post uses UTF-7 to demonstrate the potential for problems ... but htmlentities() doesn't support that charset, or at least not according to the docs, in fact the list of supported charsets is quite limited, out of curiosity what would your recommendation be if one is faced with a having 'htmlentize' a string encoded in UTF-7 or some other charset not supported by htmlentities()? That's a good question. I would probably convert it to something like UTF-8, escape it, then convert it back. I've never faced this situation, and the scenario I was recreating in my post was when someone attacked Google using UTF-7. Google didn't actually want to support that character encoding. If you specify ISO-8859-1 in your Content-Type header, it's actually fine to omit the character encoding in htmlentities(), because it uses that by default. (Also, not all mismatches are exploitable.) However, it always catches my eye, because it demonstrates a lax treatment of character encoding in general. I like to see it explicitly declared everywhere. a second question: strip_tags() doesn't have a charset parameter, how does it manage to cope without knowing the input string encoding? or does it not and is it actually vulnerable to maliciously encoded input? My guess would be that it doesn't cope. :-) I never use strip_tags(), so someone else might be able to offer a much better answer. Hope that helps, and thanks for the discussion. Chris -- Chris Shiflett http://shiflett.org/ ---End Message---
[PHP] Re: Newbie Question
Ok, I think I have the solution to your problem. Try using nl2br() on the data in that field.. Example: I have a message table that allows one user to send an instant message to another user on my site. There are several fields, one of which being a TEXT column (MySQL db). I use a simple textarea form element to get the data. It inserts into the DB as basically a single line regardless of the ENTER keystrokes in the data. Now, when I pull it back out I use this: $query = SELECT * FROM message WHERE msg_id = '$msg_id'; $query_result = mysql_query($query); $query_row = mysql_fetch_array($query_result); $message = $query_row[message]; echo Message text:.nl2br($message); And that should do what you need. Lee Willmann Steve Brett [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... have a look at get_html_translation_table() in the php manual. there is an example of conversion of all special chars so they can be inserted into the database as text (i.e. £pound) and a cool way of 'decoding' them if you need to write them to a file. A Browser wil interpret them correctly when they are displayed. This must be the question of the day as i have posted this answer three times today :-) Let me know if you need any more help Steve get_html_translation_table manual page is below: PHP Manual Prev Next -- -- get_html_translation_table (PHP 4 = 4.0b4) get_html_translation_table -- Returns the translation table used by htmlspecialchars() and htmlentities() Description string get_html_translation_table (int table [, int quote_style]) get_html_translation_table() will return the translation table that is used internally for htmlspecialchars() and htmlentities(). There are two new defines (HTML_ENTITIES, HTML_SPECIALCHARS) that allow you to specify the table you want. And as in the htmlspecialchars() and htmlentities() functions you can optionally specify the quote_style you are working with. The default is ENT_COMPAT mode. See the description of these modes in htmlspecialchars(). Example 1. Translation Table Example $trans = get_html_translation_table (HTML_ENTITIES); $str = Hallo Frau Krämer; $encoded = strtr ($str, $trans); The $encoded variable will now contain: Hallo amp; lt;Fraugt; amp; Krauml;mer. The cool thing is using array_flip() to change the direction of the translation. $trans = array_flip ($trans); $original = strtr ($str, $trans); The content of $original would be: Hallo Frau Krämer. Note: This function was added in PHP 4.0. See also: htmlspecialchars(), htmlentities(), strtr(), and array_flip(). -- -- Prev Home Next explode Up get_meta_tags Jay Fitzgerald [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... Ok, I am still fairly new at PHP and MySQL also, so please bear with me. TASK: I have a client that wants to have job openings listed on their site and they want to be able to add, edit and delete the postings themselves. I would do this in flat-file format but there is the risk of that file size getting too large and slowing down the server. SOLUTION: I have created a MySQL database that will hold all the postings in a table called 'jobs' and have created a PHP form that will post this jobs into the db. PROBLEM: When I go to the PHP form and enter all of the pertinent job information, there is one specific field that will have to have carriage returns/line breaks in it between paragraphs. Everything is working except for this. Is there a way whenever the user presses ENTER, that either PHP/MySQL will convert this into a BR tag only when being displayed in a browser and not in the db?? Can anyone out there please help me with this? I am available off-list as well if it will be easier to pass code back and forth. Any assistance is greatly appreciated! Should you have any questions, comments or concerns, feel free to call me at 318-338-2034. Thank you for your time, Jay Fitzgerald, Design Director - CSBW-A, CPW-A, CWD-A, CEMS-A == Bayou Internet..(888) 30-BAYOUhttp://www.bayou.com Mississippi Internet...(800) MISSISSIPPI...http://www.mississippi.net Vicksburg Online..(800) MISSISSIPPIhttp://www.vicksburg.com == Tel: (318) 338-2034ICQ: 38823829 Fax: (318) 323-5053 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
php-general Digest 2 Jul 2007 12:14:09 -0000 Issue 4880
php-general Digest 2 Jul 2007 12:14:09 - Issue 4880
Topics (messages 258025 through 258028):
Re: Selecting Rows Based on Row Values Being in Array
258025 by: Jim Lucas
Re: Anybody had luck compiling memcache with php6 ?
258026 by: M. Sokolewicz
258027 by: Stut
Re: mail function problem
258028 by: web2.get-telecom.fr
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
--
---BeginMessage---
kvigor wrote:
Jim,
Please excuse the ignorance, I'm a newbie, but I'm only use to simple
SELECT, INSERT statements.
Your original code: $SQL = SELECT * FROM my_Table WHERE CONCAT(value1,
value2, value3) IN ('.join(',', $list).')
This can be broken down into smaller parts so to explain by example.
# This is to clean the input values for the SQL statement
function mysql_clean($value) {
return mysql_real_escape_string($value);
}
# Define your list of values to compare to
$list = array(
'6blue40lbs',
'7orange50lbs',
'8orange60lbs',
'9purple70lbs',
);
# You will want to do something like this with the values of the $list
# array just to make sure they are clean: reference the function above
array_walk($list, 'mysql_clean');
# This will return a string formated like this.
# '6blue40lbs','7orange50lbs','8orange60lbs','9purple70lbs'
$IN_VALUE = '.join(',', $list).';
$SQL = SELECT *
FROMmy_Table
WHERE CONCAT(value1, value2, value3)
IN ({$IN_VALUE});
# The final query string will look like this
SELECT *
FROMmy_Table
WHERE CONCAT(value1, value2, value3)
IN ('6blue40lbs','7orange50lbs','8orange60lbs','9purple70lbs')
# Now run this through your query function and get the results
$results = mysql_query($SQL) OR die('SQL Failure: '.$SQL);
So basically what we have is a comparison that is based off the output
of the CONCAT() function that creates one string out of value1, value2,
value3 and then compares that with each of the values listed within the
parenthesis. the IN (...) part of the SQL statement tells SQL that it
is getting a list of values that it should compare the concat() value
against.
Doing it this way, will allow you to only run one query instead of
running one per value that you want to compare against. As you can
tell, as your data set grows your multiple queries would drag your DB to
a halt
Hope this explains it.
Let me know if you need further explanation.
OK, I get everything up to the ('''.join(''','''$list).''')
I'm guessing that the .join( ). putting together some values, but I don't
know what
also the .join( ). is to be preceded by something... I don't know what.
//Forgive my ignorance, I'll can get it.
Also the .join( ). what is this doing I looked at the PHP and MySQL function
of each, and haven't seen comparable code.
I'm asking because I don't know where we're telling the code to compare the
values.
You stated...
and create one string from them
Where do I give the name to the string?
So this is where I am so far:
$sql = SELECT* FROM table WHERE CONCAT(size,color,weight) IN( );
Jim Lucas [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
K. Hayes wrote:
Will do. Thanks.
- Original Message - From: Jim Lucas [EMAIL PROTECTED]
To: kvigor [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Saturday, June 30, 2007 1:46 AM
Subject: Re: [PHP] Selecting Rows Based on Row Values Being in Array
kvigor wrote:
Hello All,
I'm attempting to return rows from a mysql DB based on this criteria:
I have a list, in the form of an array that I need to compare against
each row
in the table. Where theres a match I need that entire row returned.
e.g.$varListof 3outOf_10Fields = array(6blue40lbs, 7orange50lbs,
8orange60lbs, 9purple70lbs);
The array contains 3 of the db row fields in 1 value. However there are
10 fields/columns in the table.
===
what table looks like |
===
size colorweight
ROW 1| value1 | value1 | value1 | value1 | value1 | value1 |
So how could I set up a query that would SELECT the entire row, if the
row contained $varListof 3outOf_10Fields[1].
Open to any suggestions or work arounds. I'm playing with extract()
but code is too crude to even post.
I would suggest approaching the problem with a slightly different
thought.
just have the sql concat() the columns together and then compare.
something like this should do the trick
$list = array(
'6blue40lbs',
'7orange50lbs',
'8orange60lbs',
'9purple70lbs',
);
$SQL =
SELECT *
FROM my_Table
WHERE CONCAT(value1, value2, value3) IN ('.join(',', $list).')
;
mysql_query($SQL);
this should take, for each row in the DB, value1
php-general Digest 2 Jul 2007 00:06:55 -0000 Issue 4879
php-general Digest 2 Jul 2007 00:06:55 - Issue 4879
Topics (messages 258021 through 258024):
Re: Flash / Ajax / PHP
258021 by: David Giragosian
Re: mail function problem
258022 by: Chris
Re: Selecting Rows Based on Row Values Being in Array
258023 by: kvigor
Anybody had luck compiling memcache with php6 ?
258024 by: Cathy Murphy
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
--
---BeginMessage---
On 7/1/07, Ryan A [EMAIL PROTECTED] wrote:
but the image, when updated, is still unstable on IE while still
_perfectly_ stable on FireFox.
This might be due to cacheing on IE which anyone who has messed with
php online for a little time will be familier with. IE is a bitch at
times... just likes the company that makes the software ;)
Sometimes this gets solved with spitting out some headers telling IE not
to cache while others have (dirty) solved it by adding a hash or something
else unique to the page or the image...
for example:
php_script.php?get_img=img_namerandom=something_random_here
HTH.
Cheers!
R
--
- The faulty interface lies between the chair and the keyboard.
- Creativity is great, but plagiarism is faster!
- Smile, everyone loves a moron. :-)
--
Get the Yahoo! toolbar and be alerted to new email
http://us.rd.yahoo.com/evt=48225/*http://new.toolbar.yahoo.com/toolbar/features/mail/index.phpwherever
you're surfing.
Thanks, Ryan. That gives me something to explore when I get to work on
Monday.
David
---End Message---
---BeginMessage---
[EMAIL PROTECTED] wrote:
Hi,
I'm running PHP 5.2.3 on Solaris 10 (AMD64).
My mail function doesn't send any mail, the return value of mail
function is false...
But sendmail_path value is OK in php.ini, and I've tried to send a mail
with sendmail on console with the same user (the apache user), and
everything's ok...
Does anyone have solution ?
Check your mail logs and your apache logs to see if any errors are
showing up.
--
Postgresql php tutorials
http://www.designmagick.com/
---End Message---
---BeginMessage---
Jim,
Please excuse the ignorance, I'm a newbie, but I'm only use to simple
SELECT, INSERT statements.
Your original code: $SQL = SELECT * FROM my_Table WHERE CONCAT(value1,
value2, value3) IN ('.join(',', $list).')
OK, I get everything up to the ('''.join(''','''$list).''')
I'm guessing that the .join( ). putting together some values, but I don't
know what
also the .join( ). is to be preceded by something... I don't know what.
//Forgive my ignorance, I'll can get it.
Also the .join( ). what is this doing I looked at the PHP and MySQL function
of each, and haven't seen comparable code.
I'm asking because I don't know where we're telling the code to compare the
values.
You stated...
and create one string from them
Where do I give the name to the string?
So this is where I am so far:
$sql = SELECT* FROM table WHERE CONCAT(size,color,weight) IN( );
Jim Lucas [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
K. Hayes wrote:
Will do. Thanks.
- Original Message - From: Jim Lucas [EMAIL PROTECTED]
To: kvigor [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Saturday, June 30, 2007 1:46 AM
Subject: Re: [PHP] Selecting Rows Based on Row Values Being in Array
kvigor wrote:
Hello All,
I'm attempting to return rows from a mysql DB based on this criteria:
I have a list, in the form of an array that I need to compare against
each row
in the table. Where theres a match I need that entire row returned.
e.g.$varListof 3outOf_10Fields = array(6blue40lbs, 7orange50lbs,
8orange60lbs, 9purple70lbs);
The array contains 3 of the db row fields in 1 value. However there are
10 fields/columns in the table.
===
what table looks like |
===
size colorweight
ROW 1| value1 | value1 | value1 | value1 | value1 | value1 |
So how could I set up a query that would SELECT the entire row, if the
row contained $varListof 3outOf_10Fields[1].
Open to any suggestions or work arounds. I'm playing with extract()
but code is too crude to even post.
I would suggest approaching the problem with a slightly different
thought.
just have the sql concat() the columns together and then compare.
something like this should do the trick
$list = array(
'6blue40lbs',
'7orange50lbs',
'8orange60lbs',
'9purple70lbs',
);
$SQL =
SELECT *
FROM my_Table
WHERE CONCAT(value1, value2, value3) IN ('.join(',', $list).')
;
mysql_query($SQL);
this should take, for each row in the DB, value1 + value2 + value3 and
create one string from them, then it will compare each string in the
IN (...) portion to each entry in the $list array().
Let me
Re: [PHP] Re: Secure data management
On 5 Oct 2011, at 02:02, Tommy Pham wrote:
On Tue, Oct 4, 2011 at 5:51 PM, Stuart Dallas stu...@3ft9.com wrote:
On 5 Oct 2011, at 01:13, Tommy Pham wrote:
On Tue, Oct 4, 2011 at 4:49 PM, Stuart Dallas stu...@3ft9.com wrote:
On 5 Oct 2011, at 00:45, Tommy Pham wrote:
On Tue, Oct 4, 2011 at 4:11 PM, Stuart Dallas stu...@3ft9.com wrote:
On 5 Oct 2011, at 00:04, Mark Kelly wrote:
Hi.
On Tuesday 04 Oct 2011 at 21:39 Stuart Dallas wrote:
http://stut.net/2011/09/15/mysql-real-escape-string-is-not-enough/
Thanks. I followed this link through and read the full message (having
missed
it the first time round), and while I find the idea of using base64 to
sanitise text interesting I can also forsee a few difficulties:
It would prevent anyone from accessing the database directly and getting
meaningful results unless the en/decode is in triggers, or maybe stored
procedures. No more one-off command-line queries.
How would you search an encoded column for matching text?
I'd be interested in any ideas folk have about these issues, or any others
they can envisage with this proposal.
Base64 encoding will work when the native base64 functions are available in
MySQL which will allow you to base64 encode the data into a statement like
INSERT INTO table SET field = FROM_BASE64(?php echo base64_encode($data);
?) sorta thing. I'm still not a massive fan of that idea given that
prepared statements are an option, but it would work.
Inserting and updating isn't the problem. I think Mark referring to is how
would that be implemented in this simple type of query:
SELECT * FROM my_table WHERE col_name LIKE '%key word%';
If there's no viable mean to filter the data, that storage method/medium is
rather pointless, IMHO.
Go back and read what I wrote again. Base64 is only being used to transmit
the data to MySQL - it's being stored in the database in its decoded form.
The question still applies as how would you safeguard that 'key word'
transmission, especially against SQL injection. I suppose one could do it
this way:
SELECT * FROM my_table WHERE col_name LIKE CONCAT('%', FROM_BASE64(?php
echo base64_encode($data); ?), '%')
Is the overhead worth it to warrant that kind of safeguard? That's just a
simple query with a simple search criteria. What about in the case of
subselect and multi-table joins?
That would indeed be logical if base64 was your chosen method of protection,
but I think prepared statements are a far more elegant solution. As for the
overhead I very much doubt there's much difference between that and the
overhead of prepared statements.
IIRC, prepared statements doesn't incur any overhead. Instead, it's supposed
to enhance performance by telling SQL to 'prepare' via compilation. So if
you're comparing performance between the overhead of base64 vs prepared
statement, then the difference would be quite clear, especially when the
table(s) is/are more than a couple hundred thousand rows and the queri(es)
are complex. This is not mention the added complexity into the application
where managing and expanding it would incur real (developer time) overhead,
IMO.
Prepared statements incur an additional hit against the DB server to prepare
the statement.
The cost of using base64 in the manner suggested is minimal, regardless of the
size of the data. The MySQL query analyser is intelligent enough to know that
from_base64('xyz') is a constant expression and will therefore only evaluate it
once.
As for the added complexity, if you have SQL statements all over your code then
yes it will add a time overhead, but any codebase of a significant size should
be using a centralised API for database access such that changes like this have
a very limited scope.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
Re: [PHP] Re: Secure data management
On Tue, Oct 4, 2011 at 6:10 PM, Stuart Dallas stu...@3ft9.com wrote:
On 5 Oct 2011, at 02:02, Tommy Pham wrote:
On Tue, Oct 4, 2011 at 5:51 PM, Stuart Dallas stu...@3ft9.com wrote:
On 5 Oct 2011, at 01:13, Tommy Pham wrote:
On Tue, Oct 4, 2011 at 4:49 PM, Stuart Dallas stu...@3ft9.com wrote:
On 5 Oct 2011, at 00:45, Tommy Pham wrote:
On Tue, Oct 4, 2011 at 4:11 PM, Stuart Dallas stu...@3ft9.com wrote:
On 5 Oct 2011, at 00:04, Mark Kelly wrote:
Hi.
On Tuesday 04 Oct 2011 at 21:39 Stuart Dallas wrote:
http://stut.net/2011/09/15/mysql-real-escape-string-is-not-enough/
Thanks. I followed this link through and read the full message (having
missed
it the first time round), and while I find the idea of using base64 to
sanitise text interesting I can also forsee a few difficulties:
It would prevent anyone from accessing the database directly and
getting
meaningful results unless the en/decode is in triggers, or maybe
stored
procedures. No more one-off command-line queries.
How would you search an encoded column for matching text?
I'd be interested in any ideas folk have about these issues, or any
others
they can envisage with this proposal.
Base64 encoding will work when the native base64 functions are available
in MySQL which will allow you to base64 encode the data into a statement
like INSERT INTO table SET field = FROM_BASE64(?php echo
base64_encode($data); ?) sorta thing. I'm still not a massive fan of that
idea given that prepared statements are an option, but it would work.
Inserting and updating isn't the problem. I think Mark referring to is
how would that be implemented in this simple type of query:
SELECT * FROM my_table WHERE col_name LIKE '%key word%';
If there's no viable mean to filter the data, that storage method/medium
is rather pointless, IMHO.
Go back and read what I wrote again. Base64 is only being used to
transmit the data to MySQL - it's being stored in the database in its
decoded form.
The question still applies as how would you safeguard that 'key word'
transmission, especially against SQL injection. I suppose one could do it
this way:
SELECT * FROM my_table WHERE col_name LIKE CONCAT('%', FROM_BASE64(?php
echo base64_encode($data); ?), '%')
Is the overhead worth it to warrant that kind of safeguard? That's just a
simple query with a simple search criteria. What about in the case of
subselect and multi-table joins?
That would indeed be logical if base64 was your chosen method of
protection, but I think prepared statements are a far more elegant solution.
As for the overhead I very much doubt there's much difference between that
and the overhead of prepared statements.
IIRC, prepared statements doesn't incur any overhead. Instead, it's
supposed to enhance performance by telling SQL to 'prepare' via
compilation. So if you're comparing performance between the overhead of
base64 vs prepared statement, then the difference would be quite clear,
especially when the table(s) is/are more than a couple hundred thousand rows
and the queri(es) are complex. This is not mention the added complexity
into the application where managing and expanding it would incur real
(developer time) overhead, IMO.
Prepared statements incur an additional hit against the DB server to
prepare the statement.
The cost of using base64 in the manner suggested is minimal, regardless of
the size of the data. The MySQL query analyser is intelligent enough to know
that from_base64('xyz') is a constant expression and will therefore only
evaluate it once.
Yes, as in your example, if you're inserting 1 row. What if:
$hobbies = array('bicycling', 'hiking', 'reading', 'skiing', 'swimming');
* base64 method pseudo code:
loop the $hobbies foreach ($hobbies as $hobby)
INSERT INTO hobbies SET `name` = FROM_BASE64(?php echo
base64_encode($hobby); ?)
end loop
* prepared statement pseudo code
prepare statement INSERT INTO hobbies SET `name` = ?
bind param $hobby
loop the $hobbies for ($i = 0; $i count($hobbies); $i++)
$hobby = $hobbies[i];
execute statement
end loop
There would be a difference in performance since the the expression has to
be reevaluated, including the function FROM_BASE, every time versus one time
evaluation of prepared statement.
As for the added complexity, if you have SQL statements all over your code
then yes it will add a time overhead, but any codebase of a significant size
should be using a centralised API for database access such that changes like
this have a very limited scope.
Isn't that one of the major points of OOP? Still, what about new
developers, having to remember that additional (and most likely unneeded)
complexity, to the project which they would like to build additional
modules/plugins for?
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
php-general Digest 1 Apr 2006 17:45:41 -0000 Issue 4047
the MAJOR difference between your code,
so I will point it out.
Jasper did this
function __get($k) {
var_dump($k);
}
Uhm, no I didn't. Jochem did :)
Jochem did this
public function __get( $key ) {
return $this-array[$key];
}
No, I did that.
First off, the required public before the function call was not
included, secondly, Jasper is var_dumping the key of the array, not
the array it self.
Public is not required. I always put it regardless, but if you leave
it off then PHP defaults to public for compatibility reasons.
Jochem's code, which behaves incorrectly, does var_dump. Mine just
returns the array key as you would expect. That's why Jochem's
doesn't behave correctly with arrays.
---End Message---
---BeginMessage---
why is this iconv function not working for me?
i am converting $search to euc-kr charset.
my conversion code is not working.
background and motivation
i have to mimic a accept-charset on a form to fake a get request by
disguising it as a hyperlink. (my firefox refuses me tosend a remote
post request from a win_open() [ al a javascript] function.
the accept-charset value is 'euc-kr'.
i threw in extra iconv_set_encoding to eliminate some problem there, but
still no progress... :(
code
--
$xab = 1;
$str_out = mb_detect_encoding($search);
$converted_search=ax;
iconv_set_encoding(output_encoding, EUC-KR);
iconv_set_encoding(input_encoding, $str_out);
if ($xab) echo mb_detect_encoding*** . $str_out .***search***
$search***br;
if ( function_exists('iconv') ) {
if ($str_out != 'euc-kr') {
if ($xab) var_dump( iconv_get_encoding('all'));
if ($xab) echo iconv: \$converted_search***$converted_search***
br;
$converted_search = iconv($str_out,EUC-KR,$search);
if ($xab) echo iconv: \$converted_search***$converted_search***
br;
}
}
output (checks that search is proper and outputs iconv_detect_encoding
and checks return from iconv function call)
-
mb_detect_encoding***UTF-8***search***꺼다***
array(3) { [input_encoding]= string(5) UTF-8 [output_encoding]=
string(6) EUC-KR [internal_encoding]= string(10) ISO-8859-1 }
iconv: $converted_search***ax***
iconv: $converted_search**
many blessings to all.
merry chirstmas.
---End Message---
---BeginMessage---
why is this iconv function not working for me?
i am converting $search to euc-kr charset.
my conversion code is not working.
background and motivation
i have to mimic a accept-charset on a form to fake a get request by
disguising it as a hyperlink. (my firefox refuses me tosend a remote
post request from a win_open() [ al a javascript] function.
the accept-charset value is 'euc-kr'.
i threw in extra iconv_set_encoding to eliminate some problem there, but
still no progress... :(
code
--
$xab = 1;
$str_out = mb_detect_encoding($search);
$converted_search=ax;
iconv_set_encoding(output_encoding, EUC-KR);
iconv_set_encoding(input_encoding, $str_out);
if ($xab) echo mb_detect_encoding*** . $str_out .***search***
$search***br;
if ( function_exists('iconv') ) {
if ($str_out != 'euc-kr') {
if ($xab) var_dump( iconv_get_encoding('all'));
if ($xab) echo iconv: \$converted_search***$converted_search***
br;
$converted_search = iconv($str_out,EUC-KR,$search);
if ($xab) echo iconv: \$converted_search***$converted_search***
br;
}
}
output (checks that search is proper and outputs iconv_detect_encoding
and checks return from iconv function call)
-
mb_detect_encoding***UTF-8***search***꺼다***
array(3) { [input_encoding]= string(5) UTF-8 [output_encoding]=
string(6) EUC-KR [internal_encoding]= string(10) ISO-8859-1 }
iconv: $converted_search***ax***
iconv: $converted_search**
many blessings to all.
merry chirstmas.
this works for some utf8 words coming in.
strange, also, if i var_dump($converted_search) it says
string(4)
but it is completely empty for all other purposes.
by the way, is this the correct way to send an encoded value over the
internet for a href tag, as a get request?
the $converted_search is what is output from the iconv functions
centerh3search from a
href='http://nlpweb.kaist.ac.kr/Urimal/find_word.php?kt_word=\;?php
echo
$converted_search;
?\cs=ksc'http://nlpweb.kaist.ac.kr/Urimal//a/h3/center
---End Message---
---BeginMessage---
Hi there,
I am trying to encode output with php with uft8_encode(); and then output it to
an xml file. Unfortunatelly this does not work as the string that has been
encoded by utf8_encode is not valid utf8?!
Any ideas how this has happened?
Here is a link to this file:
http://www.findix.com/syndication/listing_autos.xml
Thank you for any hint,
Merlin
---End Message---
---BeginMessage---
Hi,
Anyone can suggest me which PHP AJAX framework you are using, for what
reason(s), what are pros and cons of your particular choice.
I found
php-general Digest 30 Nov 2002 12:31:53 -0000 Issue 1735
on linux systems yet, let alone windows. You'd have much
better luck with the 1.3.27 version.
Why not??? I'm running a custom built Apache 2.0.40 with the latest PHP
and it works trouble free on WinXP ...
Granted, this is for experimental testing only ... I'd never have a public
server running Windows in any shape or form any way...
---End Message---
---BeginMessage---
Hi Khalid El-Kary,
On Fri, 29 Nov 2002 14:18:15 +, you wrote about Re: [PHP] First PHP
something that looked like this:
hi,
how about the manual?
Works for me to learn it ... it's the only thing I've read on PHP besides
the WebMonkey guide to get the Apache+PHP set up ...
---End Message---
---BeginMessage---
Hi, I'm using the following code:
$x = imap_open({mail..com:110/pop3}INBOX, [EMAIL PROTECTED], );
echo $x ? YAY! : NO YAY!BR . implode(BR, imap_errors());
It works fine on my local server, but as soon as I try it on the live
machine it gives me:
Retrying CRAM-MD5 authentication after
Retrying CRAM-MD5 authentication after Invalid userid/password
Retrying CRAM-MD5 authentication after illegal command
Retrying CRAM-MD5 authentication after authentication exchange failed
Can not authenticate to POP3 server: authentication exchange failed
Which is just mean, the local server is Debian 2.2 running PHP 4.0.3pl1 and
the live one is Slackware 8.1-rc1 running PHP 4.2.1. The mail server seems
to identify itself as IMail 6.02. The live server can telnet into the mail
server okay so it's not a connection problem and it can connect to
different mail servers without problems.
After extensive googling I found something in Norwegian which I guessed was
saying to try replacing the @ in the login to \$, which was tried... as
before, worked locally but failed live. So I gave up and decided to leave
it to better minds than mine, ie. you.
Thanks in advance.
---End Message---
---BeginMessage---
Looks fine in Opera 6.03
hth
http://www.vogelsinger.at/test.php?par1=value1par2=value2par3=value3
Opera
Version 6.03
Build 1107
Platform Win32
System Windows 98
Java
Sun Java Runtime Environment 1.4
Testing the query string
This is the full query string ($_SERVER['QUERY_STRING']): par1=value1par2=value2
par3=value3
This is a printout of $_GET: Array ( [par1] = value1 [par2] = value2 [par3] =
value3 )
I will use this string for the link below: /test.php?par1=value1amp;par2=value2
amp;par3=value3
On Wed, 27 Nov 2002 00:09:35 +0100, [EMAIL PROTECTED] (Ernest E Vogelsinger)
wrote:
At 00:00 27.11.2002, Jonathan Rosenberg \(Tabby's Place\) said:
[snip]
Ok ... I take back what I said about amp; not working in a query string.
It works just fine.
[snip]
Ahhh - and I just created a test page for all to check out... nevertheless,
here it is:
http://www.vogelsinger.at/test.php
Simply provides a link using query parameters encoded with amp;, to check
with different browsers. Maybe someone will check this outwith his browser
anyway.
--
O Ernest E. Vogelsinger
(\)ICQ #13394035
^ http://www.vogelsinger.at/
---End Message---
---BeginMessage---
Is there a way to determine if a string has ascii or binary data in it?
-js
---End Message---
---BeginMessage---
Doh, so simple. I guess the correct form of the question would be how do
I determine if a string has just a-zA-Z0-9 in it plus punctuation...
thanks,
-js
Paul Chvostek wrote:
On Fri, Nov 29, 2002 at 10:27:05PM -0600, Jonathan Sharp wrote:
Is there a way to determine if a string has ascii or binary data in it?
You could always see if it matches a regular expression that represents
the ascii range you're considering. I.e., ereg('[^a-zA-Z0-9]',$string)
will return true if non-alphanumerics are in the string.
Remember that a string is just a string. Whether the data contained in
it is represented as ASCII or something else is completely a matter of
implementation. ALL 7-bit data can be represented as ASCII. All 8-bit
data can be represented as IBM Extended ASCII or whatever you want to
call it. But the string is just a string of bits.
---End Message---
---BeginMessage---
On Fri, 29 Nov 2002, Jonathan Sharp wrote:
Is there a way to determine if a string has ascii or binary data in it?
I've used this kind of approach in the past to determine which encoding
to use on a string which may contain text or an image. Basically it
uses addcslashes to escape non-ASCII chars, then strips all
non-backslash chars, and takes the size of the string... $size should
contain the number of bytes (out of 1024) that were escaped, and should
be very low for clean text, and pretty high for binary. This was made
for analyzing blobs, but maybe the approach is useful...
$text = addcslashes(substr($string, 0, 1024), \\\'\0..\37\177..\377);
$size = strlen(preg_replace('/[^]/', '', $text));
if ($size 200)
print mostly
php-general Digest 1 Mar 2003 16:29:34 -0000 Issue 1912
---
---BeginMessage---
On February 28, 2003 10:41 am, Leif K-Brooks wrote:
Try $timeb ''.
Well whatta ya know I learn something new every day.. I thought the
only valid not equal operator was !=... I'm used to using only
for SQL server stored procedures or VB..
leo
---End Message---
---BeginMessage---
Data from POST is a hash table of strings, so you should use this to check
for zero:
if ($_POST['field'] == 0)
// Zero was entered
---End Message---
---BeginMessage---
On Saturday 01 March 2003 06:30, Patrick Teague wrote:
I'm trying to compile php on Mandrake 9, but this latest error during
compile has me stumped as I've installed all the imap-devel type rpms.
.
checking for IMAP support... yes
checking for pam_start in -lpam... yes
checking for crypt in -lcrypt... (cached) yes
configure: error: Cannot find imap library (libc-client.a). Please check
your IMAP installation
any ideas? I checked the php.net faq on building, but I haven't found any
info about this. I've searched the imap rpms I have even searched the
whole system, but it couldn't find 'libc-client.a' anywhere.
Are you using RPMs? On a RH system that file is provided by the IMAP-devel
package. I suppose it's similar for MDK. In general you need to install the
devel packages of any libraries that you wish to use.
--
Jason Wong - Gremlins Associates - www.gremlins.biz
Open Source Software Systems Integrators
* Web Design Hosting * Internet Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
/*
Hanson's Treatment of Time:
There are never enough hours in a day, but always too many days
before Saturday.
*/
---End Message---
---BeginMessage---
localhost is the name of your own machine, for others localhost means their
machines.
redirect to the network ip address or host name of your server instead of
localhost.
regds,
-Original Message-
From: K [mailto:[EMAIL PROTECTED]
Sent: Friday, February 28, 2003 09:47
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: JP Graph
Hi all,
I'm using JPGraph on a localhost for a website opened via a host
redirect.
My problem is that nobody can see the graphs but me ('cause I'm on
localhost).
Any clues?
Thx.
---End Message---
---BeginMessage---
try:
select
date_format(date_add(arrivaldate1, INTERVAL nights1 DAY), '%Y-%m-%d') as
dept_date1
from mytable
where
(date_add(arrivaldate1, INTERVAL nights1 DAY) BETWEEN '2003-02-01' AND
'2003-02-10')
regds,
-Original Message-
From: Dhaval Desai [mailto:[EMAIL PROTECTED]
Sent: Friday, February 28, 2003 15:48
To: [EMAIL PROTECTED]
Subject: Mysql Date got prob!
Hello,
As related to my earlier question
select date_format(date_add(arrivaldate1, INTERVAL nights1 DAY), '%Y-
%m-%d') as dept_date1 from mytable where ('dept_date1' BETWEEN
'2003-02-01' AND '2003-02-10')
The above query is valid but returns 0 because 'dept_date1' is treated
as a
string. I want dept_date1 to be treated as date so that it can be
compared.
I hope it is possible...
Thank you!
-Dhaval
_
Add photos to your messages with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail
---End Message---
---BeginMessage---
This is a forwarded message
From: Tom Rogers [EMAIL PROTECTED]
To: Richard Kurth [EMAIL PROTECTED]
Date: Saturday, March 1, 2003, 5:59:11 PM
Subject: [PHP] Help!! with array's Please
===8==Original message text===
Hi,
Saturday, March 1, 2003, 4:28:27 PM, you wrote:
RK Hello Tom,
RK I would love to see a basic class to do all of this. I took what you
RK showed me and turned it into a function that works perfect.
RK The one thing that I have had a lot of trouble with is manipulating
RK text based data. And out of all the books I have, none of them get
RK into doing this type of programing.
Here it is
class groupClass {
var $groups = array();
var $gid = 499; //if there are no groups, new ones start at this
number +1
function groupClass($file){
$r = false;
if(file_exists($file)){
$in = file($file);
//build an array using names as keys so we can identify
entries easier
while(list($key,$val) = each($in)){
$val = trim($val); //get rid of newlines
list($name,$pass,$gid,$userlist) = split (:, $val);
if($gid $this-gid){
$this-gid = $gid; //keep track
of the highest gid number
}
$this-groups[$name]['gid'] = $gid;
$this-groups[$name]['pass'] = $pass
Re: [PHP] [newbie] Can PHP be a security risk if it's just connecting to MySQL?
Dave G wrote: If that text is not properly validated and escaped, you could be open to SQL Injection attacks I'm less clear on what properly escaped means. I thought escaping was a matter of putting slashes before special characters, so that their presence doesn't confuse the SQL queries one might run. Is it possible that if one has taken at least that much precaution that a user could still enter malicious script held in a TEXT column? Escaping the data so it's safe to put into a database query is only part of the solution. It really depends on how the data goes into the query how it should be escaped/validated, too. If you have WHERE id = $id then you need to ensure $id is a number and only a number. 1, 100, 10.5, -14.56 and 5.54E06 are all valid values for $id in this case. is_integer(), is_numeric() and using (int), (float) to case values ($id = (int)$id) help here. If you have WHERE name = '$name' in the query, then you need to ensure any single quotes within $name are escaped according to your database. MySQL uses backslashes, so you can use addslashes() to escape the value of $name. Other database use another single quote, so you need O''Kelly instead of O\'Kelly. To further complicate things, you have to take into account the magic_quotes_gpc setting. If that's enabled, PHP would have already escaped any incoming GET/COOKIE/POST/REQUEST data using addslashes(). So if you run addslashes() again, you're data will be escaped twice. The thing to remember is that if you put O\'Kelly into the database, you should be seeing O'Kelly inside the database when doing a SELECT. The \ is simply there to escape the quote upon executing the query. If you see O\'Kelly actually in your database, then you're escaping your data twice. If you find you have to use stripslashes() when you pull data from your database (you shouldn't have to use it), then you're escaping data twice OR you may have magic_quotes_runtime enabled (which will escape data coming back out of databases and files, although this is off by default). If you have WHERE $name in your query, then you need to ensure double quotes are escaped within $name. addslashes() and magic_quotes_gpc will take care of single and double quotes, though, so you're covered there. A lot of people thing that you only need to escape single quotes, but it really depends on how you write your queries. Now that the data is safely in the database, you'll eventually want to display it back to the user, right? Again, you need to ensure the data is escaped (or more properly - encoded) so that any HTML/JavaScript/etc within the data is not rendered on your page (unless you really want it to). If the data came from the user, then you DO NOT want it to render, trust me. Now, if you're validating everything to be a number or say 5 characters, then there's no real malicious code that could be inserted to be rendered on your page. However, the thing to realize is that, sure, you're only allowing 5 character now. Tomorrow your partner comes along and decides to allow 50 characters. He changes your substr() call to chop it to 50 characters and changes the database column. Now, since you weren't encoding the data before you displayed it back to the user, you could be in trouble. The moral is that it really wouldn't hurt to encode a string that you know will only be 5 characters just to cover things if they ever change. So how is this encoding done? htmlentities() is your best friend. When you retrieve data from the database/file, you run it through htmlentities() before putting it on your web page. So something like img supplied by the user will be sent as lt;imggt; in the HTML source. The user will actually see img instead of an image box and a possibly distasteful image. Another use for htmlentities() is for when you display data back to the user in a form input element. This is pretty common for when you want to redisplay a form with the data the user gave so they can edit it, correct it, whatever. Normally, you'll see someone do this: input type=text name=name value=?=$name? Well, what if the value of $name contains a double quote? input type=text name=name value=a double quote That HTML will confuse the browser. It'll see a double as the value of the input element and quote as an unrecognized attribute. Now, that doesn't really cause any harm, you just lose some text. But if the user can supply a value beginning with (such as My HTMLimg), then just ended your input element and anything after it will be rendered as HTML. input type=text name=name value=My HTMLimg Now you're letting them write any HTML/JavaScript/etc they want into your page. This would allow them to inject JavaScript from a remote site, redirect users, and steal cookie values. The PHP session id is saved in a cookie. Once I have that session id, I can hijack your session by providing the same session id when requesting a page on your site
php-general Digest 2 Sep 2011 09:48:19 -0000 Issue 7466
php-general Digest 2 Sep 2011 09:48:19 - Issue 7466
Topics (messages 314702 through 314713):
Re: PHP/ Soap issue
314702 by: richard gray
314703 by: richard gray
314704 by: Richard Quadling
314705 by: Richard Quadling
314706 by: Louis Huppenbauer
314708 by: Richard Quadling
314709 by: Richard Quadling
Re: Code should be selv-maintaining!
314707 by: Tim Streater
314710 by: Tedd Sperling
Re: [EasyPHP] How to export and import `alias` from previous version of EasyPHP?
314711 by: Daniel Brown
Re: Bug #51739 tricky string to float conversion
314712 by: Simon J Welsh
Does exist any zend debugger for windows 64bit?
314713 by: Ali Asghar Toraby Parizy
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
--
---BeginMessage---
On 01/09/2011 14:07, Louis Huppenbauer wrote:
I think it would be best if you could provide us with the .wsdl (and
possibly with the server-code).
Thanks for the quick response Louis..
WSDL
?xml version=1.0 encoding=UTF-8?
definitions name=CatalogueService
targetNamespace=http://example.com/catalogue.wsdl;
xmlns=http://schemas.xmlsoap.org/wsdl/;
xmlns:soap=http://schemas.xmlsoap.org/wsdl/soap/;
xmlns:tns=http://example.com/catalogue.wsdl;
xmlns:xsd=http://www.w3.org/2001/XMLSchema;
xmlns:xsd1=http://example.com/schema;
types
xsd:schema
targetNamespace=http://example.com/schema;
xmlns=http://www.w3.org/2001/XMLSchema;
xsd:complexType name=product
xsd:sequence
xsd:element name=name type=xsd:string/
xsd:element name=description type=xsd:string/
xsd:element name=price type=xsd:double/
xsd:element name=SKU type=xsd:string/
/xsd:sequence
/xsd:complexType
/xsd:schema
/types
message name=getProductRequest
part name=sku type=xsd:string/
/message
message name=getProductResponse
part name=product type=xsd1:product/
/message
portType name=Product_PortType
operation name=getProduct
input message=tns:getProductRequest/
output message=tns:getProductResponse/
/operation
/portType
binding name=Product_Binding type=tns:Product_PortType
soap:binding style=rpc
transport=http://schemas.xmlsoap.org/soap/http/
operation name=getProduct
soap:operation soapAction=urn:examples:CatalogueService/
input
soap:body
encodingStyle=http://schemas.xmlsoap.org/soap/encoding/;
namespace=urn:examples:CatalogueService
use=encoded/
/input
output
soap:body
encodingStyle=http://schemas.xmlsoap.org/soap/encoding/;
namespace=urn:examples:CatalogueService use=encoded/
/output
/operation
/binding
service name=Product_Service
port name=Product_Port binding=tns:Product_Binding
soap:address location=http://example.com/api/catalogue/
/port
/service
/definitions
SERVER CODE
ini_set('soap.wsdl_cache_enabled',false);
$server = new SoapServer('http://example.com/catalogue.wsdl');
$server-handle();
---End Message---
---BeginMessage---
On 01/09/2011 14:16, Richard Quadling wrote:
Can you give me the URL for the WSDL file? Either online or by direct email.
Thanks for the quick response Richard -- I have just posted the WSDL in
my earlier resply to Louis...
---End Message---
---BeginMessage---
On 1 September 2011 13:27, richard gray r...@richgray.com wrote:
On 01/09/2011 14:16, Richard Quadling wrote:
Can you give me the URL for the WSDL file? Either online or by direct
email.
Thanks for the quick response Richard -- I have just posted the WSDL in my
earlier resply to Louis...
Is there any chance of having the live URL? That way I can show
exactly what/where the issue lies.
I can build my test code for the WSDL file but I can't test it as the
URLs are junk.
--
Richard Quadling
Twitter : EE : Zend : PHPDoc
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea
---End Message---
---BeginMessage---
On 1 September 2011 13:35, Richard Quadling rquadl...@gmail.com wrote:
On 1 September 2011 13:27, richard gray r...@richgray.com wrote:
On 01/09/2011 14:16, Richard Quadling wrote:
Can you give me the URL for the WSDL file? Either online or by direct
email.
Thanks for the quick response Richard -- I have just posted the WSDL in my
earlier resply to Louis...
Is there any chance of having the live URL? That way I can show
exactly what/where the issue lies.
I can build my test code for the WSDL file but I can't test it as the
URLs are junk.
--
Richard Quadling
Twitter : EE : Zend : PHPDoc
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea
Unless of course, you own example.com!
--
Richard Quadling
Twitter : EE : Zend : PHPDoc
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea
---End
php-general Digest 30 Jun 2007 13:16:14 -0000 Issue 4877
, value3) IN ('.join(',', $list).')
;
mysql_query($SQL);
this should take, for each row in the DB, value1 + value2 + value3 and
create one string from them, then it will compare each string in the
IN (...) portion to each entry in the $list array().
Let me know if you need any further help
---End Message---
---BeginMessage---
Will do. Thanks.
- Original Message -
From: Jim Lucas [EMAIL PROTECTED]
To: kvigor [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Saturday, June 30, 2007 1:46 AM
Subject: Re: [PHP] Selecting Rows Based on Row Values Being in Array
kvigor wrote:
Hello All,
I'm attempting to return rows from a mysql DB based on this criteria:
I have a list, in the form of an array that I need to compare against
each row
in the table. Where theres a match I need that entire row returned.
e.g.$varListof 3outOf_10Fields = array(6blue40lbs, 7orange50lbs,
8orange60lbs, 9purple70lbs);
The array contains 3 of the db row fields in 1 value. However there are
10 fields/columns in the table.
===
what table looks like |
===
size colorweight
ROW 1| value1 | value1 | value1 | value1 | value1 | value1 |
So how could I set up a query that would SELECT the entire row, if the
row contained $varListof 3outOf_10Fields[1].
Open to any suggestions or work arounds. I'm playing with extract() but
code is too crude to even post.
I would suggest approaching the problem with a slightly different thought.
just have the sql concat() the columns together and then compare.
something like this should do the trick
$list = array(
'6blue40lbs',
'7orange50lbs',
'8orange60lbs',
'9purple70lbs',
);
$SQL =
SELECT *
FROM my_Table
WHERE CONCAT(value1, value2, value3) IN ('.join(',', $list).')
;
mysql_query($SQL);
this should take, for each row in the DB, value1 + value2 + value3 and
create one string from them, then it will compare each string in the
IN (...) portion to each entry in the $list array().
Let me know if you need any further help
---End Message---
---BeginMessage---
K. Hayes wrote:
Will do. Thanks.
- Original Message - From: Jim Lucas [EMAIL PROTECTED]
To: kvigor [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Saturday, June 30, 2007 1:46 AM
Subject: Re: [PHP] Selecting Rows Based on Row Values Being in Array
kvigor wrote:
Hello All,
I'm attempting to return rows from a mysql DB based on this criteria:
I have a list, in the form of an array that I need to compare against
each row
in the table. Where theres a match I need that entire row returned.
e.g.$varListof 3outOf_10Fields = array(6blue40lbs, 7orange50lbs,
8orange60lbs, 9purple70lbs);
The array contains 3 of the db row fields in 1 value. However there
are 10 fields/columns in the table.
===
what table looks like |
===
size colorweight
ROW 1| value1 | value1 | value1 | value1 | value1 | value1 |
So how could I set up a query that would SELECT the entire row, if
the row contained $varListof 3outOf_10Fields[1].
Open to any suggestions or work arounds. I'm playing with extract()
but code is too crude to even post.
I would suggest approaching the problem with a slightly different
thought.
just have the sql concat() the columns together and then compare.
something like this should do the trick
$list = array(
'6blue40lbs',
'7orange50lbs',
'8orange60lbs',
'9purple70lbs',
);
$SQL =
SELECT *
FROM my_Table
WHERE CONCAT(value1, value2, value3) IN ('.join(',', $list).')
;
mysql_query($SQL);
this should take, for each row in the DB, value1 + value2 + value3 and
create one string from them, then it will compare each string in the
IN (...) portion to each entry in the $list array().
Let me know if you need any further help
one other thing, make sure that you run each of the values in the $list
array() through mysql_real_escape_string(). That way it is all nicely
encoded for the SQL statement.
---End Message---
---BeginMessage---
Patrick, did you trying going to http://www.php.net/unsub.php yet?
=D
Brian Seymour
AeroCoreProductions
http://www.aerocore.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
---End Message---
php-general Digest 4 May 2007 11:11:10 -0000 Issue 4772
php-general Digest 4 May 2007 11:11:10 - Issue 4772
Topics (messages 254377 through 254394):
Re: Script feedback: insert string into another string
254377 by: Tijnema !
Re: File uploading and saving info on mysql
254378 by: itoctopus
Re: Redirect via GET is loosing characters
254379 by: itoctopus
Re: Split string
254380 by: itoctopus
Re: What does mean?
254381 by: itoctopus
Re: A problem with passing $_GET in an url
254382 by: Davis Chan
254383 by: Davis Chan
Re: MySQL change-tracking
254384 by: Chris
Re: [opinions] Ashop Commerce
254385 by: Marco Sottana
254386 by: Chris
passing GET via include
254387 by: Mark Smith
254389 by: Miguel J. Jiménez
254393 by: Edward Kay
254394 by: Oliver Block
Custom session save handler. What's happens really?
254388 by: n.quirin.free.fr
Why does this encoding work in PHP?
254390 by: Arno Kuhl
254391 by: Dave Goodchild
PHP 5.2.2 and PHP 4.4.7 Released!
254392 by: Derick Rethans
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
--
---BeginMessage---
I owe you and Tijnema a beer!
Have a great day/night!
Cheers,
Micky
I'm sorry, you have to wait another 9 months, because only than i can
legally drink a beer :) (than i will be 16 :) )
Tijnema
---End Message---
---BeginMessage---
Here's the file upload class making your life easier:
?php
/*
@class FileManager
@description This class handles interaction with Files
@copyright itoctopus 2007 - The Genoc Library
*/
class FileManager{
/*
[EMAIL PROTECTED] save
[EMAIL PROTECTED] this function saves the file in the database
[EMAIL PROTECTED] array $file_handle A handle on the file (ex.
$_FILES['the_file'])
[EMAIL PROTECTED] string $field_name The name of the field
[EMAIL PROTECTED] string $action Update or save the file in the table.
Defaults to
save.
[EMAIL PROTECTED] string $file_source The name of the source table saving
the file
(such as realestate)
[EMAIL PROTECTED] string $file_source_id The id of the row in the source
table
[EMAIL PROTECTED] object $db The database handle
*/
static function save($file_handle, $file_source, $file_source_id,
$action='save', $allowed_types = array(), $db){
if (empty($file_handle['tmp_name']))
return;
$data = addslashes(fread(fopen($file_handle['tmp_name'], r),
$file_handle['size']));
if ($action == 'save'){
$creationdate = $lastupdatedate = Date(Y-m-d H:i:s);
$sql = 'INSERT INTO file (file_name, file_type, file_size, file_source,
file_source_id, file_binary, file_creationdate, file_lastupdatedate) VALUES
(\''.$file_handle['name'].'\', \''.$file_handle['type'].'\',
\''.$file_handle['size'].'\', \''.$file_source.'\', \''.$file_source_id.'\',
\''.$data.'\', \''.$creationdate.'\', \''.$lastupdatedate.'\')';
//now if the type is an image, then create a thumbnail (resize should be
relative)
}
else{
$lastupdatedate = Date(Y-m-d H:i:s);
$sql = 'UPDATE file SET file_name=\''.$file_handle['name'].'\',
file_type=\''.$file_handle['type'].'\', file_source=\''.$file_source.'\',
file_source_id=\''.$file_source_id.'\', file_binary=\''.$data.'\',
file_lastupdatedate=\''.$lastupdatedate.'\'';
//now if the type is an image, then update a thumbnail
}
$result= $db-query($sql);
}
/*
[EMAIL PROTECTED] get
[EMAIL PROTECTED] This function returns a link to the file based on the id
[EMAIL PROTECTED] string $file_id The id of the file in the database
[EMAIL PROTECTED] object $db The database handle
[EMAIL PROTECTED] void
*/
static function get($file_id, $db){
$sql = 'SELECT file_id, file_name, file_type, file_size, file_binary FROM
file where file_id=\''.$file_id.'\'';
$result= $db-query($sql);
header('Content-length:'.$result[0]['file_size']);
header('Content-type:'.$result[0]['file_type']);
//if it's not an image then download it, otherwise display it
if (strpos($result[0]['file_type'], 'image') !== FALSE)
header(Content-type: .$result[0]['file_type'].;
filename=.$result[0]['file_name']);
else
header(Content-Disposition: attachment;
filename=.$result[0]['file_name']);
echo($result[0]['file_binary']);
}
/*
[EMAIL PROTECTED] delete
[EMAIL PROTECTED] This function delete a file from the database
[EMAIL PROTECTED] integer $file_id The id of the file to be deleted
[EMAIL PROTECTED] object $db The database handle
[EMAIL PROTECTED]
*/
static function delete($file_id, $db){
$sql = 'DELETE FROM file WHERE file_id=\'$file_id\'';
$result= $db-query($sql);
}
}
?
--
itoctopus - http://www.itoctopus.com
Marcelo Wolfgang [EMAIL PROTECTED] wrote
php-general Digest 4 Mar 2001 21:30:04 -0000 Issue 547
php-general Digest 4 Mar 2001 21:30:04 - Issue 547
Topics (messages 42494 through 42525):
Re: Stripping HTML selectively?
42494 by: Steve Edberg
NETSCAPE Screws QUERY STRING!!
42495 by: Thomas Edison Jr.
42498 by: Meir Kriheli - MKsoft
42499 by: Juanma
Help Please: Php configuration
42496 by: archana sharma
42497 by: Michael Hall
42502 by: Phil Driscoll
PHP PostgreSQL
42500 by: Marcelo Pereira
42508 by: The Hermit Hacker
Re: Problems with IIS4 (Win2k)
42501 by: Phil Driscoll
Re: Static Classes
42503 by: Alexander Wagner
Re: Content-Type: image/gif and send the image in hex
42504 by: Christian Reiniger
Re: PHP web based mailing list administrator
42505 by: Christian Reiniger
Re: any way to count subscribers to PHP lists?
42506 by: Ned Lilly
newbie---cookie help
42507 by: McShen
Re: Hebrew websites transition with php3 ..
42509 by: Manuel Lemos
42510 by: Manuel Lemos
system() and stdout
42511 by: Michael Robbins
42513 by: Clayton Dukes
How much could you charge for a PHP-MySQL Spanish online course?
42512 by: akio
How big is too big?
42514 by: Joe Sheble (Wizaerd)
file() function
42515 by: Felipe Lopes
Re : [PHP] NETSCAPE screws QUERY STRING
42516 by: Thomas Edison Jr.
42517 by: Julian Wood
42518 by: Thomas Edison Jr.
42521 by: Julian Wood
NETSCAPE screws up query string : more problems!
42519 by: Thomas Edison Jr.
date
42520 by: george
42522 by: Stephan Ahonen
Change the Input to st different..
42523 by: Erdinc Guler
Php, Apache, mysql - make error
42524 by: S Jha
Re: IE 5.5,authentication,PHP sessions: IE never stops
42525 by: Don Read
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
--
At 09:43 PM 3/3/01 , Erick Papadakis wrote:
Thanks Brian, I have tried the allowable tags, but I need to remove the
ATTRIBUTES of a tag, not the tag itself. STRIP_TAGS totally removes the tag,
and ALLOWABLE_TAGS lets the tag be. WHat I wish to do is let the main tag be
but remove its attributes, as follows:
Original text:
font class="something" style=""Hi!/font
Parsed text:
fontHi!/font
Thanks/erick
Well, in this case, you'd have to use regular expressions. One way to do it
would be:
$SanitizedString =
ereg_replace('[[:space:]]*([[:alnum:]]+)[^]*', "\\1", $String);
this _should_ work (haven't tested it). If you wanted to remove some tags
entirely, and then remove the attributes of the remaining tags, you could
(1) use strip_tags() with a list of allowable tags, then (2) run the regexp
above. Incidentally, the above regexp also removes leading spaces from the
tag. Eg,font style="unreadable" becomes font. If you don't want,
that user the regexp
'([[:space:]]*[[:alnum:]]+)[^]*'
instead.
- steve
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.230 / Virus Database: 111 - Release Date: 25-Jan-01
++
| Steve Edberg University of California, Davis |
| [EMAIL PROTECTED] (530)754-9127 |
| http://aesric.ucdavis.edu/ http://pgfsun.ucdavis.edu/ |
+-- Gort, Klaatu barada nikto! ------+
I'm passing variables in a query string to my php
pages. The variables whose values contain spaces due
to multiple words are being passed correctly to the
Internet Explorer browser and are working perfectly
there. However, they are not working at al in NETSCAPE
browser. What should i do?
The Internet Explorer converts the spaces in a query
string into it's hexadecimal value of "%20"
automatically, but netscape is not doing so. It's not
reading the space and thus not displaying the page at
all and giving the HTTP error 400.
This the link i make :
a href="add_pro_over.php3?title=? echo $title ?"
if $title contains "Project", it goes.
But if it contains "Project One" ... it doesn't work
in NETSCAPE.
When on to the next page, this $title also has to be
sent into the Database.
what do i do?
regards,
T. Edison jr.
=
Rahul S. Johari (Director)
**
Abraxas Technologies Inc.
Homepage : http://www.abraxastech.com
Email : [EMAIL PROTECTED]
Tel : 91-4546512/4522124
***
__
Do You Yahoo!?
Get email at your
php-general Digest 15 Nov 2009 10:20:08 -0000 Issue 6443
.
Many thanks
Alessandro
---End Message---
---BeginMessage---
On Nov 13, 2009, at 6:34 PM, Jim Lucas wrote:
You basic problem with the PHP_EOL is that when echo'ed out, it
represents a \n character.
The value you are working with might be \n\r or just \r
I read the links you sent, plus some others. It took me awhile, but
I get it now. If the return character that was entered into that
field is not the same as what PHP_EOL is looking for, it won't work.
$parts = preg_split('|[\n\r]+|', $item['unitprice']);
preg_split works perfectly! Very similar to Perl's split function.
Here's what I have now:
$parts = preg_split('|\s+|', $item['unitprice']);
$price = '$'.number_format((count($parts) 1) ?
$parts[(count($parts)-1)] : $parts[0],2);
Clean and concise. Thanks a million, Jim! I really appreciate your
helpful responses.
Thanks again,
Frank
---End Message---
---BeginMessage---
Hello,
I am trying to create an UPLOAD page to Update a Images and PDFs into
a BLOB field in mySQL. The image keeps getting corrupted (it draws a
portion of the image and the rest is GRAY) We tried it with Safari and
Firefox with bad results.
Here is the form that is used to browse and select the file.
!-- Upload Image dialog --
div id=uploadImage
div id=llback/div
centerdiv id=uploadForm
div id=uploadTitleUpload Thumbnail image/div
iframe name=saveImage/iframe
bPlease select the thumbnail image, then press Upload./b
div style=margin-top:14px;margin-bottom:14px;text-align:center;width:
100%
form target=saveImage method=post action=ajax/saveDialog.php
enctype=multipart/form-data
Select Thumbnail: input type=file name=img id=img accept=image/
jpeg //div
input type=hidden name=obj value=uploadImage /
input type=hidden name=id value=?php echo $Area_id ? /
input type=button value=Upload
onclick=saveDialog('uploadImage','img','jpg'); input type=button
value=Cancel onclick=cancelDialog('uploadImage','img')
/form
/div/center
/div
Here is the QUERY to upload the image (saveDialog.php):
if($_POST['obj'] == uploadImage) {
$file = $db-real_escape_string(file_get_contents($_FILES['img']
['tmp_name']));
$db-query(UPDATE Areas SET Image = '$file') or die(1.$db-error);
Has anyone else ever run into this type of UPDATE error with images
and PDF? We really need to get this dealt with ASAP.
Thanks!
Don Wieland
D W D a t a C o n c e p t s
~
d...@dwdataconcepts.com
Direct Line - (949) 305-2771
Integrated data solutions to fit your business needs.
Need assistance in dialing in your FileMaker solution? Check out our
Developer Support Plan at:
http://www.dwdataconcepts.com/DevSup.html
Appointment 1.0v9 - Powerful Appointment Scheduling for FileMaker Pro
9 or higher
http://www.appointment10.com
For a quick overview -
http://www.appointment10.com/Appt10_Promo/Overview.html
---End Message---
---BeginMessage---
Hi, Could it have something to do with an eof character being encoded or
something like that? Do you really need to store the files in the DB? It
uses more processing power if stored in the DB because on retrieval, you
have to unescape the string and return it. Modern filesystems are optimised
better for files than databases and storing a filename and returning the
contents is easier to implement than retrieving it from the DB...
http://forums.codewalkers.com/php-applications-45/upload-image-file-to-mysql-as-blob-849194.html
++Tim Hinnerk Heuer++
http://www.ihostnz.com
2009/11/15 Don Wieland d...@dwdataconcepts.com
Hello,
I am trying to create an UPLOAD page to Update a Images and PDFs into a
BLOB field in mySQL. The image keeps getting corrupted (it draws a portion
of the image and the rest is GRAY) We tried it with Safari and Firefox with
bad results.
Here is the form that is used to browse and select the file.
!-- Upload Image dialog --
div id=uploadImage
div id=llback/div
centerdiv id=uploadForm
div id=uploadTitleUpload Thumbnail image/div
iframe name=saveImage/iframe
bPlease select the thumbnail image, then press Upload./b
div
style=margin-top:14px;margin-bottom:14px;text-align:center;width:100%
form target=saveImage method=post action=ajax/saveDialog.php
enctype=multipart/form-data
Select Thumbnail: input type=file name=img id=img
accept=image/jpeg //div
input type=hidden name=obj value=uploadImage /
input type=hidden name=id value=?php echo $Area_id ? /
input type=button value=Upload
onclick=saveDialog('uploadImage','img','jpg'); input type=button
value=Cancel onclick=cancelDialog('uploadImage','img')
/form
/div/center
/div
Here is the QUERY to upload the image (saveDialog.php):
if($_POST['obj'] == uploadImage) {
$file =
$db-real_escape_string(file_get_contents($_FILES['img']['tmp_name']));
$db-query(UPDATE Areas SET Image = '$file') or die(1.$db-error);
Has anyone else ever run into this type of UPDATE error with images and
PDF? We really need to get this dealt with ASAP.
Thanks!
Don Wieland
D W
Re: [PHP] $_GET and multiple spaces.
Andrés Robinet schreef:
-Original Message-
...
$name = 'mylist[myindex]';
this is almost an invite to moan about how http_build_query() was
'fixed'
in 5.1.3 to escape square brackets ... which makes php nolonger do one
of
the coolest, imho, with regard to incoming GET/POST values - namely
auto-convert
bracketed request var names into native arrays. at least if those
strings
are used in anything other than a URL context (form inputs anyone).
I would have been nice to have the encoding as an optional
switch/argument.
Well, almost... the other part of the world that arguably wanted square
brackets escaped in http_build_query will be very pleased (let me tell you I
don't use http_build_query, but have my own as sometimes PHP 5 is not an
option...).
I guess they thought http_build_query would always be used in an URL
context. But yes... escaping square brackets could be made optional and we
get the best of both worlds.
Anyway... my point was that names may need escaping, at least in some
contexts. But let me ask you because maybe I'm wrong:
a href=index.php?list%5Bindex%5D=valueClick/a
Wouldn't this be translating into $_GET['list']['index'] == 'value'? As far
as I've tested, it is... Also, it seems that [ and ] are unsafe
characters according to http://www.ietf.org/rfc/rfc1738.txt
...
Maybe that's why they chose to escape square brackets. I'm not a standards
freak, but rather a pragmatic man. Just trying to prove a point.
you are completely correct, and I agree. I am also pragmatic - it was pragmatism
that got me using http_build_query in a non-url context ... I have a
ORM-like tool with a generic frontend that creates very complex POST/GET
values/strings that describe what I like to call a 'data path' .. which allows
you to specify stuff like 'the list [or details] of all subitems belonging to
the
3 selected subitems of the item with keyfield values ,Y and Z'. this is done
using a structure which is a nested array that translates accross requests
nicely using http_build_query() - but it means the resulting request parameters
names are used in a GET context and in POST context which means using the
parameter
names in the context of INPUT tag names, and in such cases the encoding is not
wanted - it maybe the that encoding is required by certain standards in such a
context
BUT php doesn't recognise urlencoded square brackets in the way one wants ...
namely one doesn't get a neat nesed array in $_POST but rather stuff like:
$_POST[e[f][n]] = entityname
(as opposed to:)
$_POST[e[f][n] = entityname
(which is what my ORM-like generic thingy was expecting.)
the function I showed isn't name 'inputPost*' for nothing :-) it was
specifically
written for the task of making request parameter names as generated by
http_build_query()
usable in the name attribute of input tags and have them behave as they would if
found in a GET query string.
the only reason I remember all this about http_build_query() is because it:
a) totally broke my app/tool at a time when I didn't have control of the php
version
and didn't have time to actually fix (well I had to make time :-)
b) it was quite a headache getting the regexp in question to do exactly what I
wanted
(e.g. that only square brackets encountered in request variable names should be
decoded
and those found in request variable values should be left encoded, etc, etc).
sometimes it's fun to reminisce :-P
/* since php5.1.3 http_build_query() urlencodes square brackets -
this does not please us at all,
* this function fixes the problem the encoding causes us when
using http_build_query() output
* in hidden INPUT field names.
*/
function inputPostQueryUnBorker($s)
{
// first version - slower? more code!
/*
return preg_replace('#(\?|(?:amp;)?)([^=]*)=#eU',
'\\1'.str_replace(array('%5B','%5D'),
array('[',']'), '\\2').'=',
$s);
//*/
// second version - faster? more compact! (should work
identically to the above statement.
return preg_replace('#%5[bd](?=[^]*=)#ei',
'urldecode(\\0)', $s);
}
...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] authentication problems!
by using HTML I meant, typing the address in to the broswer as http://username:[EMAIL PROTECTED]/protected/file.pdf or as using the HTML: a href=http://username:[EMAIL PROTECTED]/protected/file.pdfLink.../a or using the header: header(Location: http://username:[EMAIL PROTECTED]/protected/file.pdf); also, there is no problem retrieving a pdf after passing http basic authentication (I just double checked this on a client's site and was appropriately prompted with a pdf handling dialog box after I authenticated). Of course there is not problem if the user is entering the information him or her self. But just using this code: $file = 'http://miningstocks.com/protected/Dec03PostPress.pdf'; //now view the PDF file header(Content-Type: application/pdf); header(Accept-Ranges: bytes); header(Content-Length: .filesize($file)); readfile($file); from a PHP page where no authentication has occured does not work at all. Let me say, if this is not clear, that I do not want unique usernames and passwords for users. I want one username and password that WILL NEVER BE SEEN by the user. The way that I had planned was to keep ONE username and password which would allow access to all the files in a MySql database. After the user entered his name and email address, the username and password would be fetched off the database, and then authentication would occur with this username and password and the user would be served the file. The authentication would be completely transparent to the user. But the different ways to authenticate transparent to the user either do not work or reveal the username and password (making it pointless to even protect the files in the first place). Best Regards, Scott Taylor [EMAIL PROTECTED] wrote: there are a couple of different ways to do this. the http basic approach will work just fine. with http basic the id/pw are passed in the headers in an encoded string, so i'm not certain about your: if using HTML, the username password is easily seen statement. also, there is no problem retrieving a pdf after passing http basic authentication (I just double checked this on a client's site and was appropriately prompted with a pdf handling dialog box after I authenticated). now, http basic assumes that the id/pw are in a file/database/etc. the password is generally encrypted (des or md5) but can be in clear text. so, for this to work, you'd probably need some type of registration page that will store the id/pw info that the apache server will query against. [i strongly recommend using a database, not a file, due to file locking issues.] other approaches to this general issue include a URL mapping scheme. e.g., the public URL would drive the user through a one-time email/name collection process. when the user passes that they are served the document from the actual storage location. they can be done in a way that the true document URL is never shown. obviously you'd have to do this in a way that would give the fake URL as a .pdf so that the client will handle things correctly. -- Original Message -- From: Scott Taylor [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Tuesday, January 20, 2004 03:17:21 PM -0500 Subject: [PHP] authentication problems! I am about at my wits end trying to find a good solution to this problem. I've asked various portions of this question to this mail list and still have not found exactly what it is I am looking for, but here it goes. I'm looking for a way to protect my files (this would be pdf files, image files, etc...other things then text/php files) so that for someone to see a current file they will have to enter in their email address and name. Seems fairly simple, and yet I can not figure out how to do it. I've been told of the following alternatives: Protect the files with HTTP auth (basic, or use SSL if very paranoid), then, after entering the info into a database: 1. just link to http://username:[EMAIL PROTECTED]/protect/file.pdf (either directly using html, or use headers). The problem: if using HTML, the username password is easily seen. If using headers, this does not work (it is not seen as a PDF file) - my best guess is that the auth headers get passed along and so it does not work. Of course, I can load a PDF using headers if the file is not in a protected directory without any problems at all. But then again it wouldn't be protected to begin with. 1.b. It was later suggested that I could link to http://username:[EMAIL PROTECTED]/protect/file.pdf and use an apache rewrite statement to change every protected file to exclude the username password. But I've posted to an apache group and they have said that this CAN NOT be done. 2. link to something outside of my httpdocs directory. Unfortunately, I am on a shared server and do not have a private folder (or at least my _private directory which is contained
php-general Digest 22 Mar 2012 05:56:41 -0000 Issue 7738
libmm is optional, and the package maintainers
probably had their reasons not to use it anymore. Mine is also
compiled without libmm, though I'm on 5.3.10. Is it possible for you
to upgrade to the latest version? That might solve the problem too, if
not, I suggest to stick with the older one for a while. (and maybe
submit a bug report)
- Matijn
---End Message---
---BeginMessage---
Hello.
I ran into trouble with a PEAR module and got only a blank (empty)
page after filling in a loginform with PEAR::Auth
I have error reporting in php.ini that create ordinary error message
on my CentOS box, but it do not write error message when using PEAR.
In a book I have is PEAR_Error mention, but it did not explain how to
get it or run it.
If you can help me in this question I am thankful for your time.
Karl
---End Message---
---BeginMessage---
This is a continuation of the nested query thing I posted to the list a while
back. I was finally able to output a nested unordered array that worked out
well, but scope-creep has come in the door and I have to change gears.
I have a project where I have multiple queries and each query uses the results
from the previous query to get it's results. I need to do one of two things,
either out put a multidimensional array that I can use json_encode() on or I
have to format the output from the queries as a JSON string. The resulting JSON
will be used by a JavaScript widget and must be formed correctly. I created the
following array by hand:
$userList = array(John = array(
email = j...@demo.com,
website = www.john.com,
age = 22,
password = pass,
description = array(
hair = blonde,
eyes = blue,
build = medium
)),
Anna = array(
email = a...@demo.com,
website = www.anna.com,
age = 24,
password = pass,
description = array(
hair = brunette,
eyes = hazel,
build = petite
)
));
I ran it through json_encode() and got the following output
{John:{email:j...@demo.com,website:www.john.com,age:22,password:pass,description:{hair:blonde,eyes:blue,build:medium}},Anna:{email:a...@demo.com,website:www.anna.com,age:24,password:pass,description:{hair:brunette,eyes:hazel,build:petite}}}
jslint.com verifies this as good JSON (although I thought there had to be
square brackets around child arrays).
If you were me would you just generate the JSON? If not what is he best way to
output an array that will nest properly for each subsequent query?
Thanks for any insight!
---End Message---
---BeginMessage---
On Wed, Mar 21, 2012 at 2:39 PM, Jay Blanchard
jay.blanch...@sigmaphinothing.org wrote:
...
I have a project where I have multiple queries and each query uses the
results from the previous query to get it's results. I need to do one of two
things, either out put a multidimensional array that I can use json_encode()
on or I have to format the output from the queries as a JSON string. The
resulting JSON will be used by a JavaScript widget and must be formed
correctly. I created the following array by hand:
$userList = array(John = array(
email = j...@demo.com,
website = www.john.com,
age = 22,
password = pass,
description = array(
hair = blonde,
eyes = blue,
build = medium
)),
Anna = array(
email = a...@demo.com,
website = www.anna.com,
age = 24,
password = pass,
description = array(
hair = brunette,
eyes = hazel,
build = petite
)
));
I ran it through json_encode() and got the following output
{John:{email:j...@demo.com,website:www.john.com,age:22,password:pass,description:{hair:blonde,eyes:blue,build:medium}},Anna:{email:a...@demo.com,website:www.anna.com,age:24,password:pass,description:{hair:brunette,eyes:hazel,build:petite}}}
jslint.com verifies this as good JSON (although I thought there had to be
square brackets around child arrays).
Speaking to your belief that arrays had to have square brackets,
json_encode examines the PHP array and only encodes sequential numbers
JSON arrays. Others (as in your case) are encoded as object literals:
http://php.net/manual/en/function.json-encode.php
That said, you can still access Javascript Object properties with
array access if you prefer in the client code:
http
php-general Digest 22 May 2011 14:31:08 -0000 Issue 7323
?xml version=1.0 encoding=UTF-8? it DOES NOT assure the text inside is encoded in UTF-8 so but maybe (many cases) t other iso-xxx method. The point of the header is telling readers what encoding is used. Of course that means errors are possible - setting the header is not magic, it doesn't change the rest of the file. You need to make sure the contents of the file match the encoding from the header when you make XML documents. Anyway, from your perspective, the header is an indication but not a foolproof way of figuring encoding out. My question was for a function that scan the bytes of the file and decided WITHOUT the BOM heading. I mean by checking the bytes sequence in the file. I claim that WITHOUT a BOM it might be impossible to assure it is UTF-8 encoding which is a whole escape sequence logic that may convert one character into one, two or three character. http://se.php.net/manual/en/function.mb-detect-encoding.php - the first comment should be interesting to you. * If you try to use mb_detect_encoding to detect whether a string is valid UTF-8, use the strict mode, it is pretty worthless otherwise. ?php $str = 'áéóú'; // ISO-8859-1 mb_detect_encoding($str, 'UTF-8'); // 'UTF-8' mb_detect_encoding($str, 'UTF-8', true); // false ? Regards Peter -- hype WWW: plphp.dk / plind.dk LinkedIn: plind BeWelcome/Couchsurfing: Fake51 Twitter: kafe15 /hype ---End Message--- ---BeginMessage--- Dear Peter, But my point was different. If you DO NOT have any BOM of a File does mb_detect_encodin can detect the file type by scanning the whole file ?? Thanks Eli On 22/05/2011 09:53, Peter Lind wrote: On 22 May 2011 08:17, Eli Orr (Office)eli@logodial.com wrote: Hi Adam, I have a prof that the XML advise does not work in real cases I had. We are using XMLs in our system but when you edit the XML with a text editor and put the XML heading of UTF-8 ?xml version=1.0 encoding=UTF-8? it DOES NOT assure the text inside is encoded in UTF-8 so but maybe (many cases) t other iso-xxx method. The point of the header is telling readers what encoding is used. Of course that means errors are possible - setting the header is not magic, it doesn't change the rest of the file. You need to make sure the contents of the file match the encoding from the header when you make XML documents. Anyway, from your perspective, the header is an indication but not a foolproof way of figuring encoding out. My question was for a function that scan the bytes of the file and decided WITHOUT the BOM heading. I mean by checking the bytes sequence in the file. I claim that WITHOUT a BOM it might be impossible to assure it is UTF-8 encoding which is a whole escape sequence logic that may convert one character into one, two or three character. http://se.php.net/manual/en/function.mb-detect-encoding.php - the first comment should be interesting to you. * If you try to use mb_detect_encoding to detect whether a string is valid UTF-8, use the strict mode, it is pretty worthless otherwise. ?php $str = 'áéóú'; // ISO-8859-1 mb_detect_encoding($str, 'UTF-8'); // 'UTF-8' mb_detect_encoding($str, 'UTF-8', true); // false ? Regards Peter -- Best Regards, *Eli Orr* CTO Founder *LogoDial Ltd.* M:+972-54-7379604 O:+972-74-703-2034 F: +972-77-3379604 Plaut 10, Rehovot, Israel Email: _Eli.Orr@LogoDial.com_ Skype: _eliorr.com_ ---End Message--- ---BeginMessage--- On 22 May 2011 09:03, Eli Orr (Office) eli@logodial.com wrote: Dear Peter, But my point was different. If you DO NOT have any BOM of a File does mb_detect_encodin can detect the file type by scanning the whole file ?? A few points: 1. top-posting on this list is frowned upon. Please bottom-post. 2. I did not write anything about BOM as far as I can recall. Neither does the page I linked to contain much about BOM (I really suggest reading it - as pointed out, the first comment should help you) Regards Peter -- hype WWW: plphp.dk / plind.dk LinkedIn: plind BeWelcome/Couchsurfing: Fake51 Twitter: kafe15 /hype ---End Message--- ---BeginMessage--- Thank you Peter. Can you please advise if mb_detect_encodin does detect the file type by its structure / content? Thanks Eli On 22/05/2011 10:12, Peter Lind wrote: On 22 May 2011 09:03, Eli Orr (Office)eli@logodial.com wrote: Dear Peter, But my point was different. If you DO NOT have any BOM of a File does mb_detect_encodin can detect the file type by scanning the whole file ?? A few points: 1. top-posting on this list is frowned upon. Please bottom-post. 2. I did not write anything about BOM as far as I can recall. Neither does the page I linked to contain much about BOM (I really suggest reading it - as pointed out, the first comment should help you) Regards Peter -- Best Regards, *Eli Orr* CTO Founder *LogoDial Ltd.* M:+972-54-7379604 O:+972-74-703-2034 F: +972-77-3379604 Plaut 10, Rehovot, Israel Email: _Eli.Orr@LogoDial.com_
php-general Digest 2 May 2004 10:48:04 -0000 Issue 2739
php-general Digest 2 May 2004 10:48:04 - Issue 2739 Topics (messages 185111 through 185135): Sorting text with multibyte characters 185111 by: Michal Migurski 185114 by: Red Wingate 185117 by: Michal Migurski - Delete records in an Access DB 185112 by: francesco.automationsoft.biz 185113 by: Torsten Roehr Re: Select from 24 tables 185115 by: Richard A. DeVenezia 185116 by: Michal Migurski 185119 by: Travis Low 185122 by: Michal Migurski 185124 by: Travis Low 185125 by: Curt Zirzow php user management functionality 185118 by: bruce 185121 by: Travis Low Re: reversing an IF statement 185120 by: Curt Zirzow Re: Php MySql selection question 185123 by: Curt Zirzow Re: creating a mailing list 185126 by: Manuel Lemos 185128 by: Curt Zirzow Re: Installing sendmail in win9X/Me 185127 by: Manuel Lemos Re: Batch/Prepared statements for Mysql in PHP 185129 by: Curt Zirzow String Question 185130 by: Dave Carrera Frage 185131 by: Draw-A-Line 185133 by: Jordi Canals [Newbie Guide] For the benefit of new members 185132 by: Ma Siva Kumar Re: https sessions failing to persist 185134 by: Jordi Canals Numeric Index of an array 185135 by: Natascha Chrobok Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- ---BeginMessage--- Hi, Does anyone have any thoughts on how to effectively sort text with multi byte characters? I am working on a project that uses lots of German text, and the letters with umlauts don't sort correctly. I'm using the mb_* functions in a few places (to adapt an ASCII-encoded database to XML output for flash, which is always expected to be in UTF-8), but none of them seems to be made for string comparison. thanks, -mike. - michal migurski- contact info and pgp key: sf/cahttp://mike.teczno.com/contact.html ---End Message--- ---BeginMessage--- Run into this before, PHP seams to do quite well when you set the locale right ( de_DE ) which will place AÄBCD instead of ABCDÄÖÜ. Hope this helps :-) -- red Michal Migurski wrote: Hi, Does anyone have any thoughts on how to effectively sort text with multi byte characters? I am working on a project that uses lots of German text, and the letters with umlauts don't sort correctly. I'm using the mb_* functions in a few places (to adapt an ASCII-encoded database to XML output for flash, which is always expected to be in UTF-8), but none of them seems to be made for string comparison. thanks, -mike. - michal migurski- contact info and pgp key: sf/cahttp://mike.teczno.com/contact.html ---End Message--- ---BeginMessage--- Run into this before, PHP seams to do quite well when you set the locale right ( de_DE ) which will place AÄBCD instead of ABCDÄÖÜ. Hope this helps :-) Thanks, I hadn't thought of that. - michal migurski- contact info and pgp key: sf/cahttp://mike.teczno.com/contact.html ---End Message--- ---BeginMessage--- Hi all, I have this problem: I want to delete records in an Access DB. I use this code: $query=DELETE FROM Test_Table WHERE name='franco';; // the connection parameters $path=d:/inetpub/webs/my_site/mdb-database/ ; $db_name=test.mdb ; $dsource=$path.$db_name ; $cn_string=Provider=Microsoft.Jet.OLEDB.4.0; ; $cn_string.=Data Source=$dsource; ; // connection $cn=new COM(ADODB.Connection); $cn-open($cn_string); // object Recordset and send query by Open() metod $rs=new COM(ADODB.Recordset) ; $rs-open($query,$cn) ; // clean Recordset object $rs-Release() ; $rs=null ; /* close connection */ $cn-Close() ; $cn-Release() ; $cn=null ; but I have this error message: Fatal error: Call to undefined function: open() in D:\Inetpub\webs\metagenonlinecom\canc.php on line 11 Where is the problem? Is this the correct way to delete records from an Access DB? If this is a bad tecnic, can you suggest me what is the correct way? Thanks in advance to all. (The server where this script run is a Microsoft server). Francesco ---End Message--- ---BeginMessage--- So the problem is not the delete statement but that you cannot even open a connection, right? Have you tried PHP's ODBC functions to connect to the Access DB?: http://de.php.net/manual/en/function.odbc-connect.php There are some user comments regarding Access - maybe this helps. Regards, Torsten [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi all, I have this problem
php-general Digest 15 Feb 2003 08:32:44 -0000 Issue 1884
php-general Digest 15 Feb 2003 08:32:44 - Issue 1884
Topics (messages 135600 through 135633):
Re: calculating kilobytes
135600 by: Kevin Stone
135606 by: joe
135607 by: Greg Donald
135633 by: joe
http://www.act.com---CRM
135601 by: Leonard Burton
Re: need apostrophe solution
135602 by: Chris Shiflett
Re: text to image
135603 by: Alex Shi
135605 by: Alex Shi
135630 by: Jason Wong
135632 by: Hugh Danaher
browser identification problem
135604 by: chip.wiegand.simrad.com
135612 by: Chris Shiflett
135629 by: Jason Wong
Urgent Help Needed removing \n\r
135608 by: Daniel Negron/KBE
135610 by: Ernest E Vogelsinger
imap_append
135609 by: Jeff Schwartz
problem with importing fields.
135611 by: Webmaster MBT
function problem
135613 by: Peter Gumbrell
135615 by: Kevin Stone
135617 by: Peter Gumbrell
135621 by: Nicholas Wieland
xslt_process problem
135614 by: Chris
slideshow/flush
135616 by: Bryan Koschmann - GKT
Re: HTML Mail problem
135618 by: Manuel Lemos
135627 by: Mark McCulligh
recursion?
135619 by: Alex Davis
135620 by: Bas Jobsen
135631 by: David Freeman
Re: How does PHP transforms an integer on a string? like 3 onto three
135622 by: Tom Rogers
redirect
135623 by: Alex Davis
135625 by: Greg Donald
SQL Query
135624 by: Zydox
135626 by: Dennis Cole
PHP ODBC Problem
135628 by: Mike
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
--
---BeginMessage---
Joe, you might try something like this instead of a slow PHP function. I
based it off of a user example on the PHP site. This is tested and I use it
often for various purposes. I think it may be ideal for you becuase it is
extremely fast. Requires Linux though I'm certain there's an equivilant
command in Windows.
---
$dir=/path/to/home/directory/;
$out = `find $dir -depth -type f`;
$files = explode(\n, $out);
$numfiles = count($files);
for ($i=0; $i$numfiles; $i++)
{
$filelist .= $files[$i].br;
if (false != ($size = @filesize($files[$i])));
{
$totalfilesize += $size;
}
}
echo $numfiles. filesbr;
echo $totalfilesize. kilobytes totalbr;
echo $filelist;
Let me know how that works for you.
- Kevin
- Original Message -
From: joe [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, February 14, 2003 12:17 PM
Subject: [PHP] calculating kilobytes
hi
first of all i think this is a great community here :)
now to the point...
i need a script. it should work on safe mode php so it should be as simple
as possible.
it should calculate all the file sizes in the directory that it is in and
in
the subdirectories also (only 1 level subdirectories). it should echo the
total size of the uploaded files.
then it should take the filesize and substract it from 25 megabytes. that
is
the limit on this server. then it should echo the result (the maximum
number
of kilobytes that can still fit on this account).
unfortunately i have insuffitient knowlege to do it miself.
i just want to thank anyone who can help me.
if you want to send it to my email then its [EMAIL PROTECTED] . or you can
just write it here.
thank you :)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
---End Message---
---BeginMessage---
Jason Wong [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
On Saturday 15 February 2003 03:17, joe wrote:
now to the point...
i need a script. it should work on safe mode php so it should be as
simple
as possible.
it should calculate all the file sizes in the directory that it is in
and
in the subdirectories also (only 1 level subdirectories). it should echo
the total size of the uploaded files.
then it should take the filesize and substract it from 25 megabytes.
that
is the limit on this server. then it should echo the result (the maximum
number of kilobytes that can still fit on this account).
unfortunately i have insuffitient knowlege to do it miself.
i just want to thank anyone who can help me.
Most of the functions that you need to accomplish this can be found in
chapters 'Directory functions' 'Filesystem functions'.
--
Jason Wong - Gremlins Associates - www.gremlins.biz
Open Source Software Systems Integrators
* Web Design Hosting * Internet Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php
php-general Digest 22 Mar 2004 01:22:55 -0000 Issue 2660
Message---
---BeginMessage---
Hi
I'm looking for a function To check SQL Injection in Mysql RDBMS
please tell me if anyone know good function or solution
thank's---End Message---
---BeginMessage---
--- Ali Ashrafzadeh [EMAIL PROTECTED] wrote:
I'm looking for a function To check SQL Injection in Mysql RDBMS
please tell me if anyone know good function or solution
In my opinion, this is the wrong approach.
SQL injection vulnerabilities exist when you use data that the user gave
you to create your SQL statement. So, anytime that this happens, simply
make absolutely sure that the data you are using from the user fits a very
specific format that you are expecting.
To be clear: make sure the data that the user submitted only contains the
characters you think are valid (don't bother trying to guess malicious
characters - you're sure to miss one) and is a valid length. Once you've
done this, and your design helps you to make sure that this step can't be
bypassed by the user, you're protected against SQL injection.
There is also a rather handy document available from NYPHP:
http://phundamentals.nyphp.org/PH_storingretrieving.php
This is good for describing magic_quotes and mysql_escape_string().
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
---End Message---
---BeginMessage---
On Sun, 21 Mar 2004 13:49:22 -0800, Chris Shiflett wrote:
To be clear: make sure the data that the user submitted only contains the
characters you think are valid (don't bother trying to guess malicious
characters - you're sure to miss one) and is a valid length. Once you've
done this, and your design helps you to make sure that this step can't be
bypassed by the user, you're protected against SQL injection.
Or even better: Use only prepared statements.
--
Hilsen/Regards
Michael Rasmussen
--
Be cheerful while you are alive.
-- Phathotep, 24th Century B.C.
---End Message---
---BeginMessage---
Jeff Oien wrote:
When I do this:
$lastmonth = mktime(0, 0, 0, date(m)-9, date(d), date(Y));
this will not work most of the year, if current month is August or less,
the month value will be negative.
Use strtotime('-9 months') instead.
---End Message---
---BeginMessage---
Marek Kilimajer wrote:
Jeff Oien wrote:
When I do this:
$lastmonth = mktime(0, 0, 0, date(m)-9, date(d), date(Y));
this will not work most of the year, if current month is August or less,
the month value will be negative.
Use strtotime('-9 months') instead.
This code works just fine for me:
$nine_months_ago = mktime(0, 0, 0, date(m)-9, date(d), date(Y));
echo date(m/d/Y, $nine_months_ago);
If today is March 21, 2004, then this outputs 06/21/2003. That's
exactly nine months ago.
See http://www.php.net/date
--
Regards,
Ben Ramsey
http://benramsey.com
http://www.phpcommunity.org/wiki/People/BenRamsey
---End Message---
---BeginMessage---
On Sun, 21 Mar 2004, Marek Kilimajer wrote:
Jeff Oien wrote:
When I do this:
$lastmonth = mktime(0, 0, 0, date(m)-9, date(d), date(Y));
this will not work most of the year, if current month is August or less,
the month value will be negative.
mktime() can take negative values just fine.
-Rasmus
---End Message---
---BeginMessage---
I've got a querystring that looks like this:
?url=http%3A%2F%2Ftest.alpharetta.ga.us%2Findex.php%3Fm%3Dlinks%26category%3DRecreation%2B%2526%2BParks%26go.x%3D22%26go.y%3D7
As you can gather, I'm trying to pass a URL to another script for some
processing. Before I urlencode() the URL and pass it to the query
string, it looks like this:
http://test.alpharetta.ga.us/index.php?m=linkscategory=Recreation+%26+Parksgo.x=22go.y=7
As you can see, there are already encoded entities in the URL, which are
further encoded when passed through urlencode(). The problem I'm having
is that when I urldecode() the string from $_GET[url], I get the
following string:
http://test.alpharetta.ga.us/index.php?m=linkscategory=Recreation
Parksgo.x=22go.y=7
It's similar, but the category variable is now Recreation Parks when
it needs to be Recreation+%26+Parks. When I try to use
file_get_contents() on this string, I get nothing because of the
ampersand and spaces in the URL.
Is there a way to urldecode() $_GET[url] and still retain its original
encoded entities so that I can use it again as a valid URL?
--
Regards,
Ben Ramsey
http://benramsey.com
http://www.phpcommunity.org/wiki/People/BenRamsey
---End Message---
---BeginMessage---
On Monday 22 March 2004 00:03, Ben Ramsey wrote:
[snip]
Is there a way to urldecode() $_GET[url] and still retain its original
encoded entities so that I can use it again as a valid URL?
You can base64_encode() it.
--
Jason Wong - Gremlins Associates - www.gremlins.biz
Open Source Software Systems
php-general Digest 22 Mar 2004 13:23:02 -0000 Issue 2661
server will not work, internic divert to third and forth server. But I need to keep new server mysql database refreshed. Where can I find best idea to make such a mirror with my existing server and new server? This is a PHP list. You need to ask on a MySQL list. ---End Message--- ---BeginMessage--- do you know best mysql newsgroup address? Burhan Khalid [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] QT wrote: Dear Sirs, I have a web site which is keeping user data in mysql. I am afraiding that to collapse of existing server without my control. I want to use another server to keep in standby and I want to set new server DNS as a third and forth server. As far as I know if primary and secondary server will not work, internic divert to third and forth server. But I need to keep new server mysql database refreshed. Where can I find best idea to make such a mirror with my existing server and new server? This is a PHP list. You need to ask on a MySQL list. ---End Message--- ---BeginMessage--- Here's the code: ?php $a = 676.6; $b = 0.175; $y = $a * (1 + $b); echo(y: . $a . * (1 + . $b . ) = $yBR); $z = $a + ($a * $b); echo(z: . $a . + ( . $a . * . $b . ) = $zBR); echo(number format(y)=.number_format($y, 2).BR); echo(number format(z)=.number_format($z, 2).BR); ? Here's the output: y: 676.6 * (1 + 0.175) = 795.005 z: 676.6 + ( 676.6 * 0.175) = 795.005 number format(y)=795.01 number format(z)=795.00 In other words, using two logically equivalent (?) formulae to derive exactly the same result from the same two values results in somehow different results (I guess it's not an issue with number_format() per se, but with associativity or summat...). Hope it's not an obvious schoolboy error - any ideas? PHP 4.2.2 Apache 2.0.40 Redhat 7.3 --- Paul Hopkins - Senior Web Developer, Doctor Net - http://www.doc-net.com/ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you received this in error, please contact the sender and delete the material. ---End Message--- ---BeginMessage--- On 22 March 2004 10:31, Paul Hopkins wrote: Here's the code: ?php $a = 676.6; $b = 0.175; $y = $a * (1 + $b); echo(y: . $a . * (1 + . $b . ) = $yBR); $z = $a + ($a * $b); echo(z: . $a . + ( . $a . * . $b . ) = $zBR); echo(number format(y)=.number_format($y, 2).BR); echo(number format(z)=.number_format($z, 2).BR); Here's the output: y: 676.6 * (1 + 0.175) = 795.005 z: 676.6 + ( 676.6 * 0.175) = 795.005 number format(y)=795.01 number format(z)=795.00 This is because of the inherent minor imprecision in the way floating point numbers are represented in a computer -- please see the big fat note headed Floating point precision at http://www.php.net/manual/en/language.types.float.php. You should never rely on the absolute accuracy of floating point numbers -- even very simple calculations can be off by an infinitesimal but nonetheless significant amount (for example, 10.0/3*3 almost never equals 10.0 ;). Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 ---End Message--- ---BeginMessage--- Hey guys, A server I'm using has PHP compiled into Apache, and I want to leave that alone and just build a CLI version of php. Can I get away with just going: ./configure --with-mysql --prefix=/some/home/dir make make install ? I dont' want to upset the existing apache installation of PHP or anything, just want a CLI exe in my home dir to do some stuff with. thanks, neko ---End Message--- ---BeginMessage--- On 21 March 2004 16:03, Ben Ramsey wrote: I've got a querystring that looks like this: ?url=http%3A%2F%2Ftest.alpharetta.ga.us%2Findex.php%3Fm%3Dlink s%26category%3DRecreation%2B%2526%2BParks%26go.x%3D22%26go.y%3D7 As you can gather, I'm trying to pass a URL to another script for some processing. Before I urlencode() the URL and pass it to the query string, it looks like this: http://test.alpharetta.ga.us/index.php?m=linkscategory=Recrea tion+%26+Parksgo.x=22go.y=7 As you can see, there are already encoded entities in the URL, which are further encoded when passed through urlencode(). The problem I'm having is that when I urldecode() the string from $_GET[url], I get the following string: Don't. GET values are automatically urldecoded once by the Web server before they ever reach your script. Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning
php-general Digest 8 Oct 2008 10:11:05 -0000 Issue 5724
and print it (this one is very rarely
used!).
---End Message---
---BeginMessage---
Dan Joseph wrote:
On Thu, Oct 2, 2008 at 12:35 PM, Jason Pruim [EMAIL PROTECTED] wrote:
SQLTEST: SELECT * FROM `timeStore` WHERE`timein` BETWEEN
1222315200 AND 122292
Could not perform query: Query was empty
[EMAIL PROTECTED]
Put a ' around your timestamp numbers. I think that should fix that query.
Although I'll admitt, I have no way to test that on mysql, but that is how
MS SQL works...
Int's don't need quoting in mysql (or postgres, or oracle).. not sure
why ms-sql would need that.
--
Postgresql php tutorials
http://www.designmagick.com/
---End Message---
---BeginMessage---
I have a series of questions.
How do I count the number of br / 's in a string?
How do I add text in the middle of a string, let's say after the 3rd
br /
Ron
---End Message---
---BeginMessage---
For the 1st question:
http://us.php.net/manual/en/function.substr-count.php
For the second question:
http://us.php.net/manual/en/function.strpos.php
http://us.php.net/manual/en/function.str-replace.php
Thank you,
Micah Gersten
onShore Networks
Internal Developer
http://www.onshore.com
Ron Piggott wrote:
I have a series of questions.
How do I count the number of br / 's in a string?
How do I add text in the middle of a string, let's say after the 3rd
br /
Ron
---End Message---
---BeginMessage---
The first question was to find out how long the blog entry was (number
of paragraphs.)
I am wanting to put an ad in half way. Consequently there are going to
be many br / 's before the one I am wanting to add text to.
How should I handle this?
Ron
On Tue, 2008-10-07 at 20:55 -0500, Micah Gersten wrote:
For the second question:
http://us.php.net/manual/en/function.strpos.php
http://us.php.net/manual/en/function.str-replace.php
Thank you,
Micah Gersten
onShore Networks
Internal Developer
http://www.onshore.com
Ron Piggott wrote:
I have a series of questions.
How do I count the number of br / 's in a string?
How do I add text in the middle of a string, let's say after the 3rd
br /
Ron
---End Message---
---BeginMessage---
Then you'll need this as well:
http://us.php.net/manual/en/function.strlen.php
**strpos** ( $text , 'br /'
http://us.php.net/manual/en/language.pseudo-types.php#language.types.mixed,
strlen($text)/2 );
Will give you the position.
Use str_replace to insert your ad.
Thank you,
Micah Gersten
onShore Networks
Internal Developer
http://www.onshore.com
Ron Piggott wrote:
The first question was to find out how long the blog entry was (number
of paragraphs.)
I am wanting to put an ad in half way. Consequently there are going to
be many br / 's before the one I am wanting to add text to.
How should I handle this?
Ron
On Tue, 2008-10-07 at 20:55 -0500, Micah Gersten wrote:
For the second question:
http://us.php.net/manual/en/function.strpos.php
http://us.php.net/manual/en/function.str-replace.php
Thank you,
Micah Gersten
onShore Networks
Internal Developer
http://www.onshore.com
Ron Piggott wrote:
I have a series of questions.
How do I count the number of br / 's in a string?
How do I add text in the middle of a string, let's say after the 3rd
br /
Ron
---End Message---
---BeginMessage---
Ron Piggott wrote:
I have a series of questions.
How do I count the number of br / 's in a string?
How do I add text in the middle of a string, let's say after the 3rd
br /
Ron
simplest way from experience is to simply explode('br /', $the_string)
you can then count the array -1 for number of br's; and add text to the
front and end of each; or indeed add/remove paragraphs before imploding
it back together.
If you want more power, most would say use regex or str_ functions,
however I'd recommend getting used to the DOMDocument to traverse the
html and make fine grained adjustments.
regards,
--
nathan ( [EMAIL PROTECTED] )
{
Senior Web Developer
php + java + flex + xmpp + xml + ecmascript
web development edinburgh | http://kraya.co.uk/
}
---End Message---
---BeginMessage---
PHP framework vs just php ?
http://paul-m-jones.com/?p=315
according to the benchmark.Just PHP win by more than 100% to average framework.
even the fastest solar only manage to serve 154pages/sec compare to
just php 1320pages/sec
call me outdated. but i stay with just php!
On 10/8/08, Eric Butera [EMAIL PROTECTED] wrote:
On Tue, Oct 7, 2008 at 2:47 PM, Ashley Sheridan
[EMAIL PROTECTED] wrote:
On Tue, 2008-10-07 at 11:20 -0300, uaca man wrote:
Farid,
I like to use PRADO(www.pradosoft.com), it is very easy to use for
those who are coming from Microsoft .Net platform as it uses the same
architecture. I did not like symfony, too much to read before the
first example.
Angelo
2008/10/6 farid lópez [EMAIL PROTECTED]:
what is your framework??? uacaman.
i'm using symfony, but i'm reading the book. it's hard
php-general Digest 1 May 2008 07:55:49 -0000 Issue 5434
php-general Digest 1 May 2008 07:55:49 - Issue 5434
Topics (messages 273738 through 273758):
Re: Fun with SOAP.
273738 by: Larry Brown
273739 by: Nathan Nobbe
Re: php 5 and mysql failure
273740 by: Shawn McKenzie
273741 by: Dan Joseph
check if any element of an array is not empty
273742 by: afan pasalic
273743 by: Nathan Nobbe
273744 by: Richard Heyes
273745 by: afan pasalic
273746 by: Nathan Nobbe
Re: Best practices for using MySQL index
273747 by: Chris
273749 by: Larry Garfield
273753 by: Shelley
273754 by: Shelley
273755 by: Chris
Variable varialbe with array not working
273748 by: kronostar.aol.com
problem imap_headerinfo
273750 by: Richard Kurth
273751 by: Chris
273752 by: Kalle Sommer Nielsen
equivalent to perl shift function
273756 by: Richard Luckhurst
273757 by: Chris
273758 by: Richard Luckhurst
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
--
---BeginMessage---
I'm not sure how it looks etc with with soapui but I noticed you
mentioning you don't want to mess with nusoap. I've used nusoap for
both client and server uses for years and I'm really impressed with how
easily it works. Using $soapInstance-request and
$soapInstance-response the xml is displayed where you can see how it
was created based on the array you fed the instance before sending for
your message. It makes troubleshooting much easier for me.
That being said I don't send attachments. However just doing a quick
google on nusoap attachments (without the quotes) has mention of
people sending MIME attachments and one listing an issue with DIME
encoded attachments yet another explaining that he solved the DIME
encoded issue and referred to wrox book open source webservices page
315 which is an on-line book.
Sorry no quick silver bullet, but I would highly recommend looking at
nusoap if only as a test.
Larry
On Wed, 2008-04-30 at 08:21 -0400, Eric Butera wrote:
On Wed, Apr 30, 2008 at 7:35 AM, Eric Butera [EMAIL PROTECTED] wrote:
On Tue, Apr 29, 2008 at 5:07 PM, Nathan Nobbe [EMAIL PROTECTED] wrote:
i know this has nothing to do w/ getting it to work w/ php, eric, but
have
you tried hitting the service w/ soap ui?
http://www.soapui.org/
although its written in java, its an indispensable testing tool, imho,
and i
always give it a shot when im having soap troubles. i might try to see
if
you can get a successful response from the service w/ it.
-nathan
Hi Nathan!
Thanks for the reply. I'm download it as we speak. Hopefully it'll
give me some sort of answer as to what is going on. I really haven't
found out enough about the SOAP standard enough to know what is
expected behavior, etc. I know I can see all of the raw data there,
just ext/soap doesn't seem to like the multi-part. Maybe soapUI will
give me some sort of answer for this.
After using soapUI I've determined that the SOAP response gives back
an envelope and has one attachment. Does anyone know if the SOAP
extension can handle attachments? I'd really rather not mess around
with nusoap or the pear soap package. I don't see anywhere on the
manual where it is possible to download attachments. Hopefully
someone else has dealt with this before.
--
Larry Brown [EMAIL PROTECTED]
---End Message---
---BeginMessage---
On Wed, Apr 30, 2008 at 1:53 PM, Larry Brown
[EMAIL PROTECTED] wrote:
Sorry no quick silver bullet, but I would highly recommend looking at
nusoap if only as a test.
additionally, i could not find any occurrence of 'attachment' grepping
through the c code in the soap extension or the rpc extension..
-nathan
---End Message---
---BeginMessage---
Yehudi Alexis Garrett wrote:
I'm using a php script which performs three xml queries to other three
servers to retrieve a set of ids and after I do a query to mysql of the
kind
SELECT * FROM table WHERE id IN ('set of ids');
Although I'm sure the connection to the database is ok, I sometimes get
an error of this kind:
*Warning*: mysql_fetch_object(): supplied argument is not a valid MySQL
result resource in ...
This does not happen every time i run the script, only sometimes.
If I echo the query, copy and paste in phpmyadmin, or if I perform the
same query in a script that does only the query without the rest it works!
After troubleshooting this issue I noticed that it usually failed when I
had a big set of ids (positive response from more than one server). This
means that the script used a bigger amount of memory and probably more
resources, but I did not get an out of memory error, I got the one
described bfore.
My
php-general Digest 23 Aug 2003 06:02:48 -0000 Issue 2253
the name of the company is 'IBM'. , the URL with the query string would look like : http://masterstream.com/CRM/full_profile_1.php?name=IBM Now one of the records had a name : PSG Inc. , in this case the URL with the query string would look like http://masterstream.com/CRM/full_profile_1.php?name=PSG%20%20Inc. However in the case of the latter I am not able to pull out any records from the MySQL database. It says that no records with the name were found. I went ahead and tweaked the name of the company, to remove the sign in 'PSG Inc.' Now the query works fine. Can some one throw some light here. I am sure something minor is to be done when passing the name of the company in the parent script. Thanks in advance --Pushpinder ---End Message--- ---BeginMessage--- On Fri, 2003-08-22 at 12:05, Pushpinder Singh Garcha wrote: Hello All, I am using an application where I retrieve user profile from a MySQL DB using the Company Name . I pass the name of the company to the PHP script as a '$_GET' parameter. e.g. when the name of the company is 'IBM'. , the URL with the query string would look like : http://masterstream.com/CRM/full_profile_1.php?name=IBM Now one of the records had a name : PSG Inc. , in this case the URL with the query string would look like http://masterstream.com/CRM/full_profile_1.php?name=PSG%20%20Inc no, this is not how it should look... the '' in the above query string is saying the variable 'name' ends and a new variable follows. If you are submitting this in a form using method=get... it should look something like: ?name=PSG+%26+Inc if you are really passing this in a form using method=get, then this should be handled automatically. how are you accessing the passed variable? $_GET['name'] ?? ---End Message--- ---BeginMessage--- From: Pushpinder Singh Garcha [EMAIL PROTECTED] I am using an application where I retrieve user profile from a MySQL DB using the Company Name . I pass the name of the company to the PHP script as a '$_GET' parameter. e.g. when the name of the company is 'IBM'. , the URL with the query string would look like : http://masterstream.com/CRM/full_profile_1.php?name=IBM Now one of the records had a name : PSG Inc. , in this case the URL with the query string would look like http://masterstream.com/CRM/full_profile_1.php?name=PSG%20%20Inc. However in the case of the latter I am not able to pull out any records from the MySQL database. It says that no records with the name were found. I went ahead and tweaked the name of the company, to remove the sign in 'PSG Inc.' Now the query works fine. Can some one throw some light here. I am sure something minor is to be done when passing the name of the company in the parent script. The character separates variables in the query string, so it must be encoded if it appears in the data. Take a look at http://us2.php.net/urlencode ---John Holmes... ---End Message--- ---BeginMessage--- Thanks for the link, $link = $row['company'];�� a href=\full_profile_1.php?name=', urlencode($link),' \�� However this does not seem to work / what am I missing ? Thanks -Pushpinder On Friday, August 22, 2003, at 03:23 PM, CPT John W. Holmes wrote: From: Pushpinder Singh Garcha [EMAIL PROTECTED] I am using an application where I retrieve user profile from a MySQL DB using the Company Name . I pass the name of the company to the PHP script as a '$_GET' parameter. e.g. when the name of the company is 'IBM'. , the URL with the query string would look like : http://masterstream.com/CRM/full_profile_1.php?name=IBM Now one of the records had a name : PSG Inc. , in this case the URL with the query string would look like http://masterstream.com/CRM/full_profile_1.php?name=PSG%20%20Inc. However in the case of the latter I am not able to pull out any records from the MySQL database. It says that no records with the name were found. I went ahead and tweaked the name of the company, to remove the sign in 'PSG Inc.' Now the query works fine. Can some one throw some light here. I am sure something minor is to be done when passing the name of the company in the parent script. The character separates variables in the query string, so it must be encoded if it appears in the data. Take a look at http://us2.php.net/urlencode ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php ---End Message--- ---BeginMessage--- I am looking for a way to say please wait generating thumbnails... while actually doing so. I have tried calling the JavaScript alert() function before starting the image processing but it waits for the page to complete loading before displaying the alert box. anyone have any ideas on this?? BTW: at the time I am trying to display a message I have already started output to the browser. --- Jeffrey D. Means CIO for MeansPC [EMAIL PROTECTED] --- Outgoing mail is certified Virus Free
php-general Digest 14 May 2009 09:19:17 -0000 Issue 6120
php-general Digest 14 May 2009 09:19:17 - Issue 6120
Topics (messages 292558 through 292562):
Re: how to enable ttf support in php 5.2.9
292558 by: Ross McKay
Re: handling chunked input from php://stdin
292559 by: whisperstream
Re: fileinfo on RHEL5
292560 by: Michael A. Peters
Re: shell_exec problem with bsdtar
292561 by: Lester Caine
Cannot output the same data from text file in PHP
292562 by: Moses
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
--
---BeginMessage---
Ashley Sheridan wrote:
Great idea in theory, if you can guarantee that they'll *only* be using
MS Office to paste from. In my experience, you can only guarantee on the
stupidity of the end users, nothing else.
I was mostly being facetious :)
The only thing that really works is getting the users to cooperate by
giving them a button for Word and a button for Text and explaining to
them how it *helps them* to use those buttons properly. But that only
works while they remember, and they never remember when they're in a
hurry (which is always).
--
Ross McKay, Toronto, NSW Australia
Darwin's rolling over in his coffin,
'cos the fittest are surviving much less often - NOFX
---End Message---
---BeginMessage---
Thanks for the code, but I figured out the issue I was having. My problem
was actually getting the data not parsing chunked text. After taking a
wireshark trace of the traffic I realised that the chunked xml didn't even
hit the php process and instead died somewhere in IIS's fastcgi process.
If anyone else stumbles upon this, here is the problem and my solution.
Production env was IIS 6.0, php 5.2.9-2, installed as module under fastcgi.
XML posted form services was sent to the php script responsible for handling
it
However, if the xml data was chunked, IIS would die with a 500 Server
Error message and the php processor would never even see the xml.
From what I can gather (really not a whole lot of data out there), fastcgi
under IIS 6.0 doesn't seem to handle chunked transfer-encoded data...(it
seems like such a major flaw that I'm wondering if I missed some
configuration setting to get it to work?)
Solution:
Since php5.2.9-2 no longer has the isapi module, I had to uninstall 5.2.9-2
and instead installed 5.2.6 with the php5isapi.dll. Once that was
configured I retested and hey presto, the chunked data is sent to the php
process without error. I didn't even need to decode the chunked data as it
is done before I even get access to the data.
Spent a day trying to figure out what was wrong, hopefully it'll save
someone else some time.
Nathan Rixham wrote:
Shawn McKenzie wrote:
whisperstream wrote:
I have a server running that receives xml formatted events from other
services I have no control over. For certain events the
transfer-encoding
is chunked.
I was just doing
$input = file_get_contents('php://stdin');
and this works well until there is chunked input. Then I tried
$handle = fopen('php://input', rb);
$input = '';
while (!feof($handle)) {
$input .= fread($handle, 8192);
}
fclose($handle);
And that gives about the same result, has anyone else come across this
and
how did they solve it?
Thanks in advance
There aren't really many examples around, but check
http_chunked_decode() from PECL.
simples!
function HTTPChunkDecoder( $chunkedData ) {
$decodedData = '';
do {
$tempChunk = explode(chr(13).chr(10), $chunkedData, 2);
$chunkSize = hexdec($tempChunk[0]);
$decodedData .= substr($tempChunk[1], 0, $chunkSize);
$chunkedData = substr($tempChunk[1], $chunkSize+2);
} while (strlen($chunkedData) 0);
return $decodedData;
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
View this message in context:
http://www.nabble.com/handling-chunked-input-from-php%3A--stdin-tp23512171p23533268.html
Sent from the PHP - General mailing list archive at Nabble.com.
---End Message---
---BeginMessage---
brian wrote:
RHEL5/PHP 5.1.6
I'm having some trouble getting the Fileinfo package working. It
installed fine, and phpinfo() says it's enabled. But it consistently
returns an empty string when getting the MIME of a file.
/usr/share/pear/bin/pecl install fileinfo
vi /etc/php.d/fileinfo.ini
extension=fileinfo.so
ln -s /usr/share/file/magic /etc/magic.mime
The code:
define('FINFO_PATH', '/usr/share/file/magic');
...
$fi = new finfo(FILEINFO_MIME, FINFO_PATH);
$type = $fi-file($file_path);
$type is always empty. And, yes, the path to the file is good.
This works fine on the dev box (PHP 5.2.6). Unfortunately, the decision
to use RHEL5 for production was out
php-general Digest 23 Feb 2004 17:11:59 -0000 Issue 2607
will still actually be there (view the source to see) it's just that HTML won't render them the way you're expecting. The spaces will be converted into a single space and the line-feeds/carriage returns won't do anything either unless you're using a fixed-width font. Two choices: Convert the non-displaying characters to their HTML equivalents (i.e. space to nbsp;) or wrap the text in a pre tag. -- Best regards, Richard Davey http://www.phpcommunity.org/wiki/296.html ---End Message--- ---BeginMessage--- From: Miguel J. Jiménez [mailto:[EMAIL PROTECTED] You must convert \n to br and spaces to nbsp; You can use strreplace() or some other function that exist in PHP just for that... nl2br() should do that. Usage: nl2br($foo) $foo is your textarea variable. ---End Message--- ---BeginMessage--- Jason, Have no worries, I'm not looking for anyone to write my code for me. It's precisely because the str_replace command is so simple that I figure if the results are strange that there is something I don't understand. And I want to understand it, not just be given code to copy and paste. As it turns out, by experimenting with the var_dump() command that you recommended (which I wasn't aware of), I learned that what was going wrong was that the line breaks coming out of my MySQL DB aren't just \n, but \r\n. So swapping around the elements I was replacing, and experimenting, was not going to do me much good until I knew this. So now it's working, and largely thanks to the suggestions you gave. I would never have been able to guess on my own at using var_dump() in order to get at the solution. Please don't assume that just because a query is simple that it means that the person asking is not willing to work or that they haven't already attempted to work at it. Sometimes it just means that the person asking doesn't know all the angles possible. Thanks for your help. -- Yoroshiku! Dave G [EMAIL PROTECTED] ---End Message--- ---BeginMessage--- On Monday 23 February 2004 19:12, Dave G wrote: So now it's working, and largely thanks to the suggestions you gave. I would never have been able to guess on my own at using var_dump() in order to get at the solution. Please don't assume that just because a query is simple that it means that the person asking is not willing to work or that they haven't already attempted to work at it. Sometimes it just means that the person asking doesn't know all the angles possible. It's good to know you've solved your problem. I hope you appreciate that my suggestions will be of more use to you in the long run than a straight forward answer to your problem. It's better to teach someone how to fish than to do the fishing for them. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* You may easily play a joke on a man who likes to argue -- agree with him. -- Ed Howe */ ---End Message--- ---BeginMessage--- Hi, I'm trying to get a 500 character split of a string, I only want about the fist 500 characters, I would like to split on a space, which I have managed to do so far, but I would also like the split to not take place inside an HTML tag, so that I don't end up with weird looking pages. I was trying to use strip_tags() error checking to tell me whether I my string was valid html or not. If it's not valid html then I would like to split before that part of the html begins. Possibly even as simply as removing the last 10 characters (to the nearest space) until I get valid HTML. Can anyone help me get a way to split my text at around the 500 character mark without breaking any HTML which may be inside the string I am displaying on the page? Also, if you're interested in the strip_tags() problem I was speaking about then take a look at: http://better.domain.name/php/strip.php there is a link to the source on the page. Regards, Stuart Gilbert. ---End Message--- ---BeginMessage--- Hi I'm trying to encode text entered into an html form. In dreamweaver, special characters seem to be encoded as #8220; (a curly quote) for example, which I assume is utf-8. Here is my code snippet: htmlentities(html_entity_decode(strip_tags(stripslashes(trim($data, ENT_QUOTES), ENT_QUOTES, utf-8) but this does not seem to return the encoded value. I've tried all the character sets, but none of them seem to do anything apart from the windows specific character set, which doesn't return the value I want. I've tried using html_entity_decode with uft-8, but it throws an error saying that the function doesn't support MBCS (Multibyte character sets???) I've also tried using utf8_encode() before trying to html encode, but this doesn't work
php-general Digest 21 May 2001 13:20:48 -0000 Issue 699
etc), the overhead would increase and increase.
i thought php has always cached compiled scripts (since it is
fast enough for me so far), but the fact is it does not. without
cacher like apc or zend cache, mod_php is no better than cgi,
except it avoids per-request forking and configuration parsing.
why oh why doesn't php/plain zend cache scripts in the first
place? :-/
Regards,
Steve
On 20/05/2001 20:53, Christopher Leigh wrote:
ok, are servlets/jsp faster than php4?
since zend cache isn't free... :(
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Hi All,
I have a form where i let people choose a file to
upload, but i want to limit them to image files only.
So i want to only allow the .gif and .jpg to be
uploaded. What i tried doing was this:
if ($filename_type == image/gif)
-- upload file
otherwise give an error message!
but for some reason this doesn't work. It uploads any
kind of file without complaint! So what am i doing
wrong? Is there another operator to compare strings
for instance? Or what is the problem?
Thanks!
=
Heidi Belal
ICQ# 32127109
A bus stops at a bus station.
A train stops at a train station. On my desk
I have a work station...
__
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/
On Monday 21 May 2001 08:03, Heidi Belal wrote:
I have a form where i let people choose a file to
upload, but i want to limit them to image files only.
So i want to only allow the .gif and .jpg to be
uploaded. What i tried doing was this:
if ($filename_type == image/gif)
-- upload file
otherwise give an error message!
but for some reason this doesn't work. It uploads any
kind of file without complaint! So what am i doing
wrong? Is there another operator to compare strings
for instance? Or what is the problem?
== is perfectly fine for string comparison. Try doing a
echo '$filename_type';
and (generally) a phpinfo ();
to see what's passed to your script.
--
Christian Reiniger
LGDC Webmaster (http://sunsite.dk/lgdc/)
Those who will not reason, are bigots,
those who cannot, are fools,
and those who dare not, are slaves.
- George Gordon Noel Byron (1788-1824), [Lord Byron]
I'm trying to test the gz_handler, among other things, but I have no idea if
the output is actually gzip encoded.
I'm using PHP 4.0.5 as an Apache module, and here's an example of a test
script:
?php ob_start(ob_gzhandler); ?
pThis should be compressed.
[bunch of text here just to ensure it's big enough to be encoded. the file
size is about 5700kb]
?php ob_end_flush(); ?
I'm using IE 5.5 to view the page, and PHP shows the
HTTP_SERVER_VARS[HTTP_ACCEPT_ENCODING] variable as gzip, deflate, so
the browser is saying it supports gzip content.
Now the question is, how do I actually know if the browser is getting gzip
content?
Plutarck
On Monday 21 May 2001 08:14, Plutarck wrote:
I'm trying to test the gz_handler, among other things, but I have no
idea if the output is actually gzip encoded.
You could try using wget with a custom Http-Accept-Encoding: header
--
Christian Reiniger
LGDC Webmaster (http://sunsite.dk/lgdc/)
Those who will not reason, are bigots,
those who cannot, are fools,
and those who dare not, are slaves.
- George Gordon Noel Byron (1788-1824), [Lord Byron]
First, i'm sorry if this is an out of topic subject, but i've try to post
this email to one of postgres mailing list, and i can't find any help there.
i wish, if one of you know the solutions of my problem, you can share it
with me.
i create a little stored procedure using plpgsql from pgaccess. function
input is table name where the function will simply iterate along each record
in the table and raise notice for each of them.
when i run this function from shell command using : select
browse_table('sex'), the function error with error message 'ERROR: parser:
parse error at or near $2'. As i concern, this error came from the line i
mark because the function can't receive variable 'table_name' to generate
query.
i'm new here, so can some body help me, please
the source code is below.
===
DECLARE
table_name ALIAS for $1;
each_row RECORD;
BEGIN
FOR each_row IN select * from table_name LOOP == i believe this's an
error source
raise notice 'row';
END LOOP;
END;
===
function description :
function name : browse_table
returns : bpchar
parameters: bpchar
language : plpgsql
-toto-
Hello,
you should execute your select statement as an dynamic query, because plpgsql assumes
that there is valid / parseable query (and not a string c
php-general Digest 20 May 2002 03:20:44 -0000 Issue 1355
example or give a small hint on what to look for
on google. Sound interesting!
I tryed to to perform a createfromjpeg command to that file and it did not
work. So the magic is to save it in photoshop for web and then as jpeg and
not with save as (jpeg). But this gives me a headache, because how do user
know the difference? The file extension is jpeg and all programms can
display it. Maybe there is a way in php as well to do a kind of
createfromjpeg commmand?!
Thanx, Andy
Miguel Cruz [EMAIL PROTECTED] schrieb im Newsbeitrag
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
On Sun, 19 May 2002, andy wrote:
I do have trouble with finding out if a file is a jpeg or not. This is
the
command I am using:
$_FILES[picture_location][type]
works fine exept in one case: With Photoshop 6.0 I do open the jpeg
(which
workes fine) an save as jpeg as another file name. Then upload the new
file.
This returns a type called:
application/octet-stream
So what is this type anyway. I do know jpeg and jpg and pjpeg but
octed-stream?!
application/octet-stream just means a generic binary file.
I don't think that $_FILES[]['type'] is really all that useful for getting
reliable information about a file, since it just trusts the browser/user,
which could be uninformed, misinformed, or deliberately dishonest. Either
pass the temp file to the unix 'file' command or peek inside it on your
own (check the 'magic' file that comes with the unix 'file' command for
details on what to look for).
miguel
---End Message---
---BeginMessage---
Does anyone know how I can test (and see) if my ob_gzhandler() is working?
I've written the following script, and run it from the command line to see
the output -- hoping it's encoded -- it isn't -- so I want to make sure I'm
doing it right.
?
header(Accept-Encoding: gzip, deflate);
ob_start(ob_gzhandler);
?
some HTML code
?
ob_end_flush();
ob_end_clean();
?
I save then run the file:
C:php test.php
Thanks
---End Message---
---BeginMessage---
I doubt that'll work, as I don't think the gzhandler code will send
gzipped data without a successful negotiation with the client (which can't
happen at the command line). As others have suggested, the easiest way is
probably to use lynx's --mime_header option.
miguel
On Sun, 19 May 2002, Jason Caldwell wrote:
Does anyone know how I can test (and see) if my ob_gzhandler() is working?
I've written the following script, and run it from the command line to see
the output -- hoping it's encoded -- it isn't -- so I want to make sure I'm
doing it right.
?
header(Accept-Encoding: gzip, deflate);
ob_start(ob_gzhandler);
?
some HTML code
?
ob_end_flush();
ob_end_clean();
?
I save then run the file:
C:php test.php
Thanks
---End Message---
---BeginMessage---
Will browsers that receive gzip encoded pages, transmit gzip encoded POST or
GET data back?
Jason
Jason Caldwell [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Does anyone know how I can test (and see) if my ob_gzhandler() is working?
I've written the following script, and run it from the command line to
see
the output -- hoping it's encoded -- it isn't -- so I want to make sure
I'm
doing it right.
?
header(Accept-Encoding: gzip, deflate);
ob_start(ob_gzhandler);
?
some HTML code
?
ob_end_flush();
ob_end_clean();
?
I save then run the file:
C:php test.php
Thanks
---End Message---
---BeginMessage---
Hello
I have a string like $str=Hello World ;
and i want to find the first occurance of any one of the char in or
$sp=strpos($str,)
Did not work, beacuse in this I can give only one char
Can i give filter in this as [ ]
If yes then how?
Or any other idea to get this ...
--
Bye, and Have a nice day.
Prachait Saxena
If you do for other's !
Other's will do for you !!
Visit me at http://www.sitesontesting.com/prachait
---End Message---
---BeginMessage---
Prachait Saxena [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I have a string like $str=Hello World ;
and i want to find the first occurance of any one of the char in or
$sp=strpos($str,)
Did not work, beacuse in this I can give only one char
function strpos_multi($str, $chars) {
$firstpos = $badvalue = $strlen($str);
$numchars = strlen($chars);
for ($i = 0; $i $numchars; $i++) {
$ch = substr($chars, $i, 1);
$pos = strpos($str, $ch);
if ($pos !== false) // NOTE: op is bang-equals-equals
$firstpos = min($pos, $firstpos);
}
if ($firstpos == $badvalue)
return -1;
else
return $firstpos;
}
$charpos = strpos_multi($str, );
---End Message---
---BeginMessage---
Hello
I have a string like $str=Hello World ;
and i want to find the first occurance of any one of the char in or
$sp=str
php-general Digest 15 Sep 2006 18:39:46 -0000 Issue 4349
---
---BeginMessage---
Hi from Spain. This is my first post and im sure it wont be last :)
AraDaen
---End Message---
---BeginMessage---
Hi AraDaen, and welcome to the list ;-)
On Sep 15, 2006, at 7:32 AM, AraDaen wrote:
Hi from Spain. This is my first post and im sure it wont be last :)
AraDaen
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
---End Message---
---BeginMessage---
RTFM
Oops, sorry, that seems to be everyone favourite so
thought i would be the first one to say it... and
welcome to the list :)
Cheers!
--
- The faulty interface lies between the chair and the keyboard.
- Creativity is great, but plagiarism is faster!
- Smile, everyone loves a moron. :-)
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---End Message---
---BeginMessage---
Lea el f**king manual!
On 15/09/06, Ryan A [EMAIL PROTECTED] wrote:
RTFM
Oops, sorry, that seems to be everyone favourite so
thought i would be the first one to say it... and
welcome to the list :)
Cheers!
--
- The faulty interface lies between the chair and the keyboard.
- Creativity is great, but plagiarism is faster!
- Smile, everyone loves a moron. :-)
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
http://www.web-buddha.co.uk
http://www.projectkarma.co.uk
---End Message---
---BeginMessage---
Hi.
I need to send large binary data over http post (so that urlencoding
or base64 encoding is not an option). I use request like this:
http://people.ksp.sk/~mmx/request
(there is a zero byte between A and B). There are 3 bytes of data, but when I do
?php echo strlen($HTTP_POST_VARS['DATA']); ?
it yields 1 (it truncates the string after the first zero byte). Is
there a way to access all of the binary post data correctly?
Thanks in advance for any advice.
--
Marek 'MMx' Ludha
---End Message---
---BeginMessage---
Marek 'MMx' Ludha wrote:
I need to send large binary data over http post (so that urlencoding
or base64 encoding is not an option). I use request like this:
http://people.ksp.sk/~mmx/request
(there is a zero byte between A and B). There are 3 bytes of data, but
when I do
?php echo strlen($HTTP_POST_VARS['DATA']); ?
it yields 1 (it truncates the string after the first zero byte). Is
The fact you're accessing it as an element of $HTTP_POST_VARS (which
should be $_POST anyway) means it's expected to be URL encoded.
Instead set your request Content-Type to octet-stream and grab the whole
post body at once.
eg.
// To send...
$c = stream_context_create(
array(
'http' = array(
'method' = 'post',
'header' = 'Content-Type: application/octet-stream',
'content' = whatever you want \x00 here
)
)
);
file_get_contents('http://example.com/foo.php', false, $c);
// To receive
$data = file_get_contents('php://input');
---End Message---
---BeginMessage---
As I read through my first email again I see I didn't write clearly
what I intended, sorry for this. I already have an application that
sends binary data with requests like the one mentioned before. Now I
need to parse those requests using PHP. Since the content-type is
multipart/form-data, neither php://input nor $HTTP_RAW_POST_DATA
works.
That request type was taken from an example from w3c webpage
(http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4), so I
believe there will not be much trouble parsing them.
On 9/15/06, Arpad Ray [EMAIL PROTECTED] wrote:
The fact you're accessing it as an element of $HTTP_POST_VARS (which
should be $_POST anyway) means it's expected to be URL encoded.
Instead set your request Content-Type to octet-stream and grab the whole
post body at once.
eg.
// To send...
$c = stream_context_create(
array(
'http' = array(
'method' = 'post',
'header' = 'Content-Type: application/octet-stream',
'content' = whatever you want \x00 here
)
)
);
file_get_contents('http://example.com/foo.php', false, $c);
// To receive
$data = file_get_contents('php://input');
---End Message---
---BeginMessage---
Hi all. I am building an online events listing and when I run the following
query I get the expected result set:
SELECT events.id AS eventid, name, postcode, start_time, dates.date FROM
events, dates_events, dates WHERE dates_events.event_id = events.id and
dates_events.date_id = dates.id AND dates.date = '$start_string' AND
dates.date = '$end_string' ORDER BY date ASC
...however, when I look for a one-off event the following query fails:
SELECT events.id AS eventid, name, postcode, start_time, dates.date FROM
events, dates_events, dates WHERE dates_events.event_id
php-general Digest 10 Sep 2002 15:53:46 -0000 Issue 1577
php-general Digest 10 Sep 2002 15:53:46 - Issue 1577 Topics (messages 115806 through 115859): E-mail a submit 115806 by: Chuck \PUP\ Payne Re: QUery success, but blank results/variables 115807 by: Tom Rogers 115809 by: David Freeman Brainfart while uploading 115808 by: César Aracena form variables 115810 by: Hans Prins 115811 by: Chris Shiflett 115815 by: Hans Prins 115817 by: Justin French Re: LDAP (NDS) authentication example... 115812 by: joshua Need more memory... possible to set? 115813 by: Damian Harouff Re: Problems with GD 2.0.1 115814 by: Tim Re: Brainfart while uploading -- SOLVED -- Sorry ;) 115816 by: César Aracena message board and gb... 115818 by: Matt Zur Re: header(location: ) causes GET vars to be encoded in wrong charset in IE5.5 115819 by: Jean-Christian Imbeault 115825 by: Chris Shiflett 115826 by: Chris Shiflett 115827 by: . Edwin 115828 by: . Edwin Count in PHP 115820 by: Chuck \PUP\ Payne 115821 by: Martin Towell 115822 by: Tyler Longren 115823 by: Jome 115831 by: xdrag changing session name 115824 by: Mohd_Q 115830 by: Luke Welling 115833 by: Erwin Re: POST form variables not being sent to destination page 115829 by: Erwin Re: dropdown Newbie question 115832 by: Mario Ohnewald 115834 by: yasin inat Generating CSV files on the fly and getting the browser to download 115835 by: Henry 115836 by: lallous 115837 by: Henry 115838 by: Dave at Sinewaves.net 115839 by: Erwin DPHPEdit new version 115840 by: Davor Pleskina PhpMyAdmin and PHP4.2.* Too many I/Os 115841 by: Jean-Pierre Arneodo Mail() function problem 115842 by: Alva Chew 115852 by: Pekka Saarinen Re: Upload Progress 115843 by: electroteque Re: checkbox question 115844 by: B.C. Lance 115850 by: Craig Donnelly Trying to add table prefix variable to query 115845 by: Verdon Vaillancourt 115846 by: Jay Blanchard 115847 by: bbonkosk.tampabay.rr.com Populating Other People's Forms 115848 by: Mike At Spy Re: Trying to add table prefix variable to query (solved) 115849 by: Verdon Vaillancourt random array sort 115851 by: ROBERT MCPEAK 115853 by: Mike At Spy 115854 by: David Rice 115855 by: Mike At Spy 115856 by: Jacob Miller Handling variables POSTed from form 115857 by: Wm Verify phone format? 115858 by: Jeff Lewis Re: random array sort -- array() selection quant?? 115859 by: ROBERT MCPEAK Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- ---BeginMessage--- Hi, Is there a way that when someone add a submit or edits a record that I can have my php page e-mail that record? And is hard to do? Chuck Payne ---End Message--- ---BeginMessage--- Hi, Tuesday, September 10, 2002, 1:41:23 PM, you wrote: PH Hello everyone..tryin to run this qry against a mysql db, but after it runs, PH it doesn't assign anything to the variables as it should. If i return all PH rows, and spit out each record in the result in an array, i have the same PH problem, but have 24 'blank' records instead of 1. Any ideas? Thanks for any PH input. I tried doing a print mysql_error(); after the query and the result, PH but it doesn't return anything. Column names, db name, and WHERE clause are PH all spelled correctly, and the $currenttaskid is populated (as 1)... PH $detailqry = SELECT id, parentitemid, itemtypeid, itemstatusid, PH itemlevelid, shortdescription, PH createdby_memberid, assignedto_memberid, completedby_memberid, createddate, PH assigneddate, PH estcompletiondate, completeddate, projectid, lastuserid, lastdate FROM item PH WHERE id=$currenttaskid; PH $result = mysql_query($detailqry) or die(Failed finding task details); PH$taskid = $result[id]; PH$taskparentitemid = $result[parentitemid]; PH$taskitemtypeid = $result[itemtypeid]; PH$taskitemstatusid = $result[itemstatusid]; PH$taskitemlevelid = $result[itemlevelid]; PH$taskshortdescription = $result[shortdescription]; PH$createdbyid = $result[createdby_memberid]; PH$assignedtoid = $result[assignedto_memberid]; PH$completedbyid = $result[completedby_memberid]; PH$taskcreateddate = $result[createddate]; PH$taskassigneddate = $result[assigneddate]; PH$taskestcompletiondate = $result[estcompletiondate]; PH$taskcompleteddate = $result[completeddate]; PH$taskprojectid = $result[projectid]; PH
php-general Digest 24 Jul 2008 10:08:38 -0000 Issue 5586
, this is super-easy, cause the paths are exactly the same. anyway,
what you want to do here, is on this initial screen, put the path to the
base of your source code on both the client and server. if there are other
entry points, for example if you have a vhost pointing to a subdirectory of
this code, you need to hit the 'Mappings' tab, and add those paths
accordingly for both file and server filesystems.
once you have all that setup, you should be pretty much ready. you just
click that little icon at the bottom of ff w/ protoeditor running and *it
should* jump you into a debug session when you pull up a page from your
site.
-nathan
---End Message---
---BeginMessage---
hi,
I hope this is the right group for this type of problem:
I am using hash_hmac to provide me with a sha1 encoded hash string. The
problem is as follows:
$hash = hash_hmac('sha1',
'030B6A05696E657400C54601C60001550187360603773500018707060373796E63000187340603687474703A2F2F772E73796E632E636F6D2F73796E630001C65901873A06032E2F636F6E7461637473000187070603436F6E74616374732044420001872E0603746578742F782D7663617264000101C6570187310603757365726E616D6500018732060370617373776F72640001010101',
'1234');
Note: it is important the key to use during encoding id 1234 for this
example.
Result:
eb38ffd597c6d1e01cd24a0e46dff426354510fe
Using a hash calculator from slavasoft also yields this result, which
indicate the encoding is fine.
eb38ffd597c6d1e01cd24a0e46dff426354510fe
However, Slavasoft's calculator has an option to provide the string as Text
or Hex.
Selecting hex yields this result:
9f9be99ea5bf5ba009af0a5c12021f420cb27652 and this is the string I
need!!!
So either hash_hmac function needs a way to let it know the string is of
type hexor the string itself needs to be converted. I have tried some
conversions on the string but to no avail.
Anyone have any thoughts?
---End Message---
---BeginMessage---
On Thu, Jul 24, 2008 at 12:50 AM, Leon du Plessis [EMAIL PROTECTED] wrote:
hi,
I hope this is the right group for this type of problem:
I am using hash_hmac to provide me with a sha1 encoded hash string. The
problem is as follows:
$hash = hash_hmac('sha1',
'030B6A05696E657400C54601C60001550187360603773500018707060373796E63000187340603687474703A2F2F772E73796E632E636F6D2F73796E630001C65901873A06032E2F636F6E7461637473000187070603436F6E74616374732044420001872E0603746578742F782D7663617264000101C6570187310603757365726E616D6500018732060370617373776F72640001010101',
'1234');
Note: it is important the key to use during encoding id 1234 for this
example.
Result:
eb38ffd597c6d1e01cd24a0e46dff426354510fe
Using a hash calculator from slavasoft also yields this result, which
indicate the encoding is fine.
eb38ffd597c6d1e01cd24a0e46dff426354510fe
However, Slavasoft's calculator has an option to provide the string as Text
or Hex.
Selecting hex yields this result:
9f9be99ea5bf5ba009af0a5c12021f420cb27652 and this is the string I
need!!!
So either hash_hmac function needs a way to let it know the string is of
type hexor the string itself needs to be converted. I have tried some
conversions on the string but to no avail.
Anyone have any thoughts?
gotchu covered ;)
found this on the web:
http://www.pgregg.com/projects/php/code/hexstr.phps
so then,
?php
function hexstr($hexstr) {
$hexstr = str_replace(' ', '', $hexstr);
$retstr = pack('H*', $hexstr);
return $retstr;
}
$hash = hash_hmac('sha1', hexstr(
'030B6A05696E657400C54601C60001550187360603773500018707060373796E63000187340603687474703A2F2F772E73796E632E636F6D2F73796E630001C65901873A06032E2F636F6E7461637473000187070603436F6E74616374732044420001872E0603746578742F782D7663617264000101C6570187310603757365726E616D6500018732060370617373776F72640001010101'),
'1234');
echo $hash;
?
produc
---End Message---
---BeginMessage---
On Thu, Jul 24, 2008 at 1:21 AM, Nathan Nobbe [EMAIL PROTECTED]wrote:
On Thu, Jul 24, 2008 at 12:50 AM, Leon du Plessis [EMAIL PROTECTED] wrote:
hi,
I hope this is the right group for this type of problem:
I am using hash_hmac to provide me with a sha1 encoded hash string. The
problem is as follows:
$hash = hash_hmac('sha1',
'030B6A05696E657400C54601C60001550187360603773500018707060373796E63000187340603687474703A2F2F772E73796E632E636F6D2F73796E630001C65901873A06032E2F636F6E7461637473000187070603436F6E74616374732044420001872E0603746578742F782D7663617264000101C6570187310603757365726E616D6500018732060370617373776F72640001010101',
'1234');
Note: it is important the key to use during encoding id 1234 for this
example.
Result:
eb38ffd597c6d1e01cd24a0e46dff426354510fe
Using a hash calculator from slavasoft also yields this result, which
indicate the encoding is fine.
eb38ffd597c6d1e01cd24a0e46dff426354510fe
However, Slavasoft's calculator has an option to provide the string as
Text
or Hex.
Selecting hex yields this result:
9f9be99ea5bf5ba009af0a5c12021f420cb27652
php-general Digest 19 Jan 2003 03:23:15 -0000 Issue 1831
session timeout??? Hi gang Been trying to figure out this session stuff, but since I was unable to make the manual sample into something workable, I instead decided to actually try and make the session do what I need it for: Passing the URL of the caller page to the page that's being called. 1. Only I can't figure out if there's a function to just pull the current URL and plop it into a session variable. The thing is that these pages are all built by using a bunch of GET variables in the URL, so it would be easiest to just do something like: $_SESSION['mother'] = $currentURL; And then in the called, daughter, page do this: a href=?php echo(\$_SESSION['mother']\) ?Get back to where you came from/a As the only other way I've found is to have it use the string-functions and re-build the current URL throughout the if-tree that builds the page. I need to pass the mother URL to the daughter pages because there's two main entry-points into the daugther pages, and one of them can have 10-15 different states... But how do you pull the current url? ParseURL just smacks it into an array, and I'll then have to rebuild it anyway ... which makes it about just as simple as running it through the if-tree. Whether or not the session-id is inside the URL is not essential to me, but dunno if php cares about it. 2. Since the above is required to function at all times, I need to override the expiration time. I can't do it in the ini file, 'cause I can't modify the server where it's to run, and it's set to 0 there... (not sure if that means it expires right away, or not at all) Anyway to do this??? TIA Rene -- Rene Brehmer This message was written on 100% recycled spam. Come see! My brand new site is now online! http://www.metalbunny.net -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php ---End Message--- ---BeginMessage--- --- Cal Evans [EMAIL PROTECTED] wrote: I usually just pass this kind of info around on the URL. http://mypage.com/mypage.php?prevURL=http://mypage.com/lastpage.php if I have to pass a full query string then I urlencode() it first and urldecode() it on the other side. Just as a bit of advice, you should always URL encode any data you want to append to the URL like that. Also, decoding it is superfluous, because the Web server will do that for you (since URL data is supposed to be URL encoded). Chris ---End Message--- ---BeginMessage--- 1. You can create the current page with a combination of PHP_SELF, QUERY_STRING, etc... Take a look at a phpinfo() page to see all of the variables. 2. You can use ini_set() in your code to change the settings for your sessions or an .htaccess file if your on *nix. ---John W. Holmes... PHP Architect - A monthly magazine for PHP Professionals. Get your copy today. http://www.phparch.com/ -Original Message- From: -[ Rene Brehmer ]- [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 18, 2003 11:04 AM To: [EMAIL PROTECTED] Subject: [PHP] 2 Qs: Passing current URL with session and how to avoid session timeout??? Hi gang Been trying to figure out this session stuff, but since I was unable to make the manual sample into something workable, I instead decided to actually try and make the session do what I need it for: Passing the URL of the caller page to the page that's being called. 1. Only I can't figure out if there's a function to just pull the current URL and plop it into a session variable. The thing is that these pages are all built by using a bunch of GET variables in the URL, so it would be easiest to just do something like: $_SESSION['mother'] = $currentURL; And then in the called, daughter, page do this: a href=?php echo(\$_SESSION['mother']\) ?Get back to where you came from/a As the only other way I've found is to have it use the string-functions and re-build the current URL throughout the if-tree that builds the page. I need to pass the mother URL to the daughter pages because there's two main entry-points into the daugther pages, and one of them can have 10-15 different states... But how do you pull the current url? ParseURL just smacks it into an array, and I'll then have to rebuild it anyway ... which makes it about just as simple as running it through the if-tree. Whether or not the session-id is inside the URL is not essential to me, but dunno if php cares about it. 2. Since the above is required to function at all times, I need to override the expiration time. I can't do it in the ini file, 'cause I can't modify the server where it's to run, and it's set to 0 there... (not sure if that means it expires right away, or not at all) Anyway to do this??? TIA Rene -- Rene Brehmer This message was written on 100% recycled spam. Come see! My brand new site is now online! http://www.metalbunny.net -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
php-general Digest 28 Jul 2009 15:25:54 -0000 Issue 6254
. In the ops case mysql_real_escape_string() is the correct tool for the job. What about using prepared statements? This is my preferred method of escaping output when I'm using variables in a database query. Of course the ease and convenience of this method will depend to a great extent on what version of PHP is available on the server. For the OP, have you read up much on SQL injection? If not, here's a decent place to start: http://www.owasp.org/index.php/SQL_injection Ben ---End Message--- ---BeginMessage--- Ben Dunlap wrote: You can use http://us.php.net/mysql_real_escape_string to escape the input. [8] You should prep your data for insertion into the data by using a tool that formats it strictly for the database. In the ops case mysql_real_escape_string() is the correct tool for the job. What about using prepared statements? This is my preferred method of escaping output when I'm using variables in a database query. Of course the ease and convenience of this method will depend to a great extent on what version of PHP is available on the server. For the OP, have you read up much on SQL injection? If not, here's a decent place to start: http://www.owasp.org/index.php/SQL_injection Ben Prepared statements are what I use. -=- The problem I have with htmlentities is that the entities are only guaranteed for html. Many of the entities do not work in other sgml or xml applications, it is better to just use the numbered entity (IE #160; for a non breaking space) or for things like smart quotes, possessive apostraphe's, etc. - the proper utf8 character directly (make sure to serve document as utf8 encoded and that your database is set to utf8) I found that out the hard way, and had to redo a lot of stuff where I previously used the php htmlentities function. Using the function to spit out html is fine, but to write functions / classes you can re-use in non html documents, you should avoid it all together. ---End Message--- ---BeginMessage--- Hi, Is there a possibility that if there is no font installed on client side somehow browser finds it and redirect that font form server to client machine. For example: I have site that use Microsoft font and that font is not available on Linux distributions. So when u open page in FF on some Linux u get some default font (because browser doesn't recognize that font). I hope that I've managed to explane a problem :-) Does anyone has any solution for this problem??? Please it's very urgent Thanks, Dusan -- made by Dusan ---End Message--- ---BeginMessage--- On Tue, 2009-07-28 at 12:07 +0200, Dušan Novaković wrote: Hi, Is there a possibility that if there is no font installed on client side somehow browser finds it and redirect that font form server to client machine. For example: I have site that use Microsoft font and that font is not available on Linux distributions. So when u open page in FF on some Linux u get some default font (because browser doesn't recognize that font). I hope that I've managed to explane a problem :-) Does anyone has any solution for this problem??? Please it's very urgent Thanks, Dusan -- made by Dusan Basically that's a big no. At the moment, there is no cross-browser way to determine if a font is installed on an end system. The best you can do is to use either a graphic in-place of the text, or use something like siFr. Both of these methods are only suitable for headings though. Have you looked at what standard fonts are available to you? The list at http://www.ampsoft.net/webdesign-l/WindowsMacFonts.html is quite good at showing these. You can use CSS to give fallback fonts in order of what you prefer. There are meant to be plans on how to handle these sorts of situations in CSS3 though, but you may have to wait a year for the browsers to adopt! Thanks, Ash http://www.ashleysheridan.co.uk ---End Message--- ---BeginMessage--- 2009/7/28 Dušan Novaković ndu...@gmail.com: Hi, Is there a possibility that if there is no font installed on client side somehow browser finds it and redirect that font form server to client machine. For example: I have site that use Microsoft font and that font is not available on Linux distributions. So when u open page in FF on some Linux u get some default font (because browser doesn't recognize that font). I hope that I've managed to explane a problem :-) Does anyone has any solution for this problem??? Please it's very urgent Not really, no. The choice of font is up to the user's browser. However, you can, with CSS, set some basic parameters. If, say, you want to ensure that the users sees a sans-serif font on their browser, you can use: font-family: arial, helvetica, verdana, sans-serif This basically says, ensure that the browser uses arial; if arial isn't available, use helvetica; if helvetica isn't available, use verdana; and if verdana isn't available, use whatever sans-serif font the user has installed
php-general Digest 5 May 2012 22:35:42 -0000 Issue 7802
php-general Digest 5 May 2012 22:35:42 - Issue 7802
Topics (messages 317793 through 317804):
Re: Calculating driving distance between UK postcodes
317793 by: tamouse mailing lists
Re: function
317794 by: tamouse mailing lists
317797 by: Jim Giner
317801 by: tamouse mailing lists
317802 by: tamouse mailing lists
Re: PHP Emacs
317795 by: tamouse mailing lists
Re: Retrieve pages from an ASP driven site
317796 by: tamouse mailing lists
Re: Running through an enormous SQL file
317798 by: Brian Dunning
317800 by: tamouse mailing lists
Re: get content rss feed
317799 by: tamouse mailing lists
Re: code deployment through php
317803 by: tamouse mailing lists
Re: PHP Database Problems -- Code Snippets
317804 by: Matijn Woudt
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
--
---BeginMessage---
On Fri, May 4, 2012 at 9:18 AM, Terry Ally (Gmail) terrya...@gmail.com wrote:
Google works in Javascript extensively - not a language with which I
have in-depth experience hence my reason for asking for PHP solution.
For example the following will get me a JSON output with the distance in
Kms and time. I don't know how to get PHP to read this information and
extract just the distance. I need the distance so that I can calculate cost
of a trip.
form id=google action=
http://maps.googleapis.com/maps/api/distancematrix/json; method=get
input type=text name=origins value= /
input type=text name=destinations value= /
input type=hidden name=sensor value=false
input type=hidden name=submitted value=1
bra type=submit
onClick=document.getElementById('google').submit()strongstrongGet
Distance/strong/strong/a
/form
Using Google Maps API is pretty straight-forward. You don't need to
set up a form or a use a POST to get the info. This page should
describes how to use a standard GET query to get the info you want:
https://developers.google.com/maps/documentation/distancematrix/
Setting up the proper URL to call, you can activate it using
file_get_contents provided you have allow_url_fopen set to true in
php.ini. (Do make sure to check for possible errors returned.)
You can get the response back as either JSON or XML, both of which PHP
can parse into useful data structures:
http://us.php.net/manual/en/function.json-decode.php
http://us.php.net/manual/en/book.simplexml.php
---End Message---
---BeginMessage---
On Thu, May 3, 2012 at 9:12 PM, Ron Piggott
ron.pigg...@actsministries.org wrote:
I need to access a FUNCTION I programmed within a different FUNCTION. Are
these able to be passed like a variable? Or are they able to become like a
$_SESSION variable in nature? How am I able to do this?
I am essentially programming:
===
function name( $flag1, $flag2 ) {
# some PHP
echo name_of_a_different_function( $flag1 , $flag2 );
}
===
The error I am receiving is “Call to undefined function
name_of_a_different_function”
Where is name_of_a_different_function defined? If it is somewhere in
the same file as name, that shouldn't be a problem, provided it is
defined in the same namespace/scope as name. If it is defined in a
different file, you need to include that file before you make the echo
statement.
For example:
function func1 ($flag1, $flag2) {
# blah blah
echo func2($flag1, $flag2);
}
function func2 ($flag1, $flag2) {
#blah blah
return some string value;
}
in the same file should be just fine. It doesn't really matter what
order func1 and func2 are declared in.
However, if func2 is defined in some_other_file.php, you need to
include it in this_file.php (where func1 is defined) first:
this_file.php:
include('some_other_file.php');
function func1 ($flag1, $flag2) {
#blah blah
echo func2 ($flag1, $flag2);
}
some_other_file.php:
function func2 ($flag1, $flag2) {
#blah blah
return some string value;
}
If func2 is a method for an object/class, you'll have to access it
that way in func1:
this_file.php:
include('MyClass.php');
function func1 ($flag1, $flag2) {
# blah blah, instantiate object?
$myobj = new MyClass();
echo $myobj-func2 ($flag1, $flag2);
}
MyClass.php:
class MyClass
{
function func2 ($flag1, $flag2) {
#blah blah
return some string value;
}
}
---End Message---
---BeginMessage---
But the OP says function is defined inside a different function. Your
theories to a solution don't fit that problem.
tamouse mailing lists tamouse.li...@gmail.com wrote in message
news:cahuc_t-416_-lpcn3mo8qqxwrh4pnq5fmwouhwpdk+hmkgh...@mail.gmail.com...
On Thu, May 3, 2012 at 9:12 PM, Ron Piggott
ron.pigg...@actsministries.org wrote:
Where
php-general Digest 24 Nov 2007 16:38:40 -0000 Issue 5145
encoding I choose (IE and FF switch
automatically to UTF-8 as per the page metatag and content-type header) I
get funny characters at http://se.php.net/manual/sv/ref.dir.php, I don't
know if this is because of the default browser font, because I've tried
several ones. My system is Windows XP SP2 Spanish version, but I don't think
that's the cause either as it is up to date, and I have even installed
support for right to left writing...
Ok, I know I can just use wget, save the result and open it in a binary
editor to see what are the actual bytes and check for the encoding (I
won't... I'm kind of lazy today :D )
Regarding your question, I have these functions I copied from the notes to
the extended CHM version of the PHP manual, they are at the
mb_convert_encoding function reference and should be in the online version
of the manual as well (won't check it... too lazy, I told you)...
[snip]
volker at machon dot biz (25-Sep-2007 05:05)
Hey guys. For everybody who's looking for a function that is converting an
iso-string to utf8 or an utf8-string to iso, here's your solution:
public function encodeToUtf8($string) {
return mb_convert_encoding($string, UTF-8, mb_detect_encoding($string,
UTF-8, ISO-8859-1, ISO-8859-15, true));
}
public function encodeToIso($string) {
return mb_convert_encoding($string, ISO-8859-1,
mb_detect_encoding($string, UTF-8, ISO-8859-1, ISO-8859-15, true));
}
For me these functions are working fine. Give it a try
[/snip]
The first thing to test for would be if the directory/filesystem functions
are retrieving data encoded in ISO-8859-1 or not (I guess it depends on the
OS, but you might know better), otherwise mb_convert_encoding would act like
double escaping or double urlencoding (a known issue for all of us,
ha?). That's why encodeToUtf8 uses mb_detect_encoding first... anyway, I
wonder if mb_detect_encoding can guarantee you anything other than the byte
stream of data being valid in the given character set(s). So... what do you
think, did you get any further results about this? And also, do you have any
code sample you are working on to share?
Regards,
Rob
Andrés Robinet | Lead Developer | BESTPLACE CORPORATION
5100 Bayview Drive 206, Royal Lauderdale Landings, Fort Lauderdale, FL 33308
| TEL 954-607-4207 | FAX 954-337-2695 |
Email: [EMAIL PROTECTED] | MSN Chat: [EMAIL PROTECTED] | SKYPE:
bestplace | Web: bestplace.biz | Web: seo-diy.com
---End Message---
---BeginMessage---
Hi Rob, et al.:
- Original Message -
From: Andrés Robinet [EMAIL PROTECTED]
-Original Message-
From: Jon Westcot [mailto:[EMAIL PROTECTED]
:: gigantic snip here::
So, long story short (oops -- too late!), what's the concensus
among the learned assembly here? Is it faster to just UPDATE the
record if it already exists regardless of the fact that maybe only one
or two out of 75 or more fields changed versus testing each one of
those 75 fields to try and figure out which ones actually changed and
then only update those?
I look forward to reading all of your thoughts.
Sincerely,
Jon
I don't know about consensus over here because I'm kind of newgie (stands
for new geek, as opposed to newbie which stands for new ball breaker :D :D
). I don't know of your previous messages but I can tell you one story...
Some time ago I got involved in a project that required geo-distance
calculation (you know distance between two points with latitude and
longitude). Basically I had to take a set of points and calculate the
distance of each of those points to a given (reference) one. The math was
something like the square root of the sum of a constant times the square
sin of... well, I can't remember it, but the point is, it was a
complicated
formula, which I thought it would allow for some optimizations in PHP.
Accustomed to regular (compiled) programming languages I developed a set
of
routines to optimize the task and went ahead and queried the database for
the (say, 1000 records) dataset of points. Then applied the math to the
points and the reference point and got the result... in about 5 minutes to
my (disgusting) surprise.
Then I grabbed the MySQL manual, built a non-optimized version of the
formula to put directly in the SQL query and get the shortest distance
(which was my goal in the end) calculated by MySQL right away. I thought
ok, I'll prepare a cup of coffee to wait for MySQL to finish the
calculation. To my surprise the query returned the expected result in
less
than 2 seconds.
My logic was (wrongly) the following: PHP is a programming language, SQL
is
a data access language; I'll get the data using MySQL and do the math
using
PHP. But I forgot PHP is an interpreted language, that a number is more
than
a number to PHP, but a ZVAL_whatever object behind the scenes. I forgot
about the memory and the time required to build those objects when one
retrieves data out of a database server. I forgot about parsing
php-general Digest 19 May 2002 14:18:19 -0000 Issue 1354
;
}
}
xml_parser_free($xml_parser);
for($i=0; $i $item_counter; $i++) {
printf(a href=\%s\%s/a - %sbr\n,
$fm_headlines_data[$i]['link'],
$fm_headlines_data[$i]['title'],
$fm_headlines_data[$i]['description']
);
}
?
---End Message---
---BeginMessage---
In article [EMAIL PROTECTED],
[EMAIL PROTECTED] (Jason Caldwell) wrote:
Here's my code:
?
set_time_limit(1);
function clean_up()
{
if(connection_status() TIMEOUT)
print(Script timed out.\n);
}
register_shutdown_function(clean_up);
while(1);
?
Here's the message I get: (I should get Script timed out.)
No, you shouldn't/wouldn't, because--as is noted in the docs
http://php.net/register-shutdown-function--no more output (print is
specifically mentioned as an example) can be sent to the browser at that
stage. Try sending youself an email, or logging to a file instead.
--
CC
---End Message---
---BeginMessage---
It doesn't matter. I'm setting the output *not* to the browser, but to the
command shell, where I am running the script from. If you look at the
errors, you'll see 2 of them, one points to line 7, where the IF() command
is -- the script terminates there...
I've put error_log() and exec() functions in place of the print()
function -- it doesn't make a difference -- the script just won't execute
the function in the register_shutdown_function() --
The following script works great (see below) -- it seems that for some
reason its a TIMEOUT issue (bug).
Running the script below, I will get the output of the print() function --
as stated, from the command line. I understand that it wouldn't show up in
the browser.
If I replace the exit; command with say a while(1); where the script
will loop indefinitely, the timeout, set by the set_time_limit(1) will stop
the script, but again -- register_shutdown_function() seems to want to
work as the function IS CALLED, but NEVER executed, and instead errors on
the 1st line in the FUNCTION -- always on a TIMEOUT.
Run this script from your command line (ie. C:php test.php) -- then change
the set_time_limit(30) to set_time_limit(1), and replace the exit with
a while(1) -- run the script again, you'll see what I mean.
And, if you still don't believe me, replace the print() in the function with
error_log('Script Terminated', 3, 'errorlog.txt'); and see if the
errorlog.txt file is ever created -- it isn't.
?
set_time_limit(30);
function clean_up()
{
print(Script Terminated);
}
register_shutdown_function(clean_up);
exit;
?
If anyone can offer any reason why its doing this, please help -- thanks.
Jason
Cc Zona [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
In article [EMAIL PROTECTED],
[EMAIL PROTECTED] (Jason Caldwell) wrote:
Here's my code:
?
set_time_limit(1);
function clean_up()
{
if(connection_status() TIMEOUT)
print(Script timed out.\n);
}
register_shutdown_function(clean_up);
while(1);
?
Here's the message I get: (I should get Script timed out.)
No, you shouldn't/wouldn't, because--as is noted in the docs
http://php.net/register-shutdown-function--no more output (print is
specifically mentioned as an example) can be sent to the browser at that
stage. Try sending youself an email, or logging to a file instead.
--
CC
---End Message---
---BeginMessage---
I just upgraded from 4.1.1 to 4.2.1 -- didn't fix the problem. I'd be
curious to know if other Windows users are having the same problem.
Thanks.
Jason
---End Message---
---BeginMessage---
Is there any way to ask the user to type the value of
a variable from stdin ? (like read in Pascal, or scanf
in C). I'm using PHP from command line.
Thanks
Rafael Perazzo
__
Do You Yahoo!?
LAUNCH - Your Yahoo! Music Experience
http://launch.yahoo.com
---End Message---
---BeginMessage---
On Sat, 18 May 2002, Rafael Perazzo wrote:
Is there any way to ask the user to type the value of
a variable from stdin ? (like read in Pascal, or scanf
in C). I'm using PHP from command line.
?
$f = fopen('php://stdin', 'r'); // this line answers your question
while ($l = fgets($f, 100)) print strtoupper($l);
fclose($f);
?
miguel
---End Message---
---BeginMessage---
I have the following code for a mySQL query in
php:
$text = "sort_text";
$query = "SELECT code FROM links ORDER BY $text WHERE ".$text." like
'".$l."%'";
$result = mysql_query($query) or die("Query failed");
When I do the query I get Query
failed.
When I remove the sort parameter they
are all printed correctly(except the fact the aren't in alphabetical
order)
I am a newbie so be nice.
Any Ideas?
JJ Harrison[EMAIL PROTECTED]www.tececo.com
---End Message---
---BeginMessage---
Wel
php-general Digest 12 May 2010 16:09:15 -0000 Issue 6740
php-general Digest 12 May 2010 16:09:15 - Issue 6740
Topics (messages 305109 through 305128):
Re: PHP Application Structre
305109 by: Kevin Kinsey
305111 by: Peter Lind
305124 by: Paul M Foster
305125 by: Kevin Kinsey
305126 by: Peter Lind
305127 by: Peter Lind
Re: 2D barcodes
305110 by: Manuel Lemos
Re: PHP Encoder like IonCube
305112 by: Pete Ford
305114 by: Pete Ford
305115 by: shiplu
305116 by: Peter Lind
305118 by: Pete Ford
305120 by: shiplu
305122 by: Peter Lind
Re: regexp questions
305113 by: Ford, Mike
305128 by: Spud. Ivan.
Re: __call and recursion
305117 by: Richard Quadling
305119 by: Lawrance Shepstone
Generating PHP from WSDL
305121 by: Gary .
305123 by: Richard Quadling
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
--
---BeginMessage---
Ashley Sheridan wrote:
On Tue, 2010-05-11 at 08:48 +0530, chetan rane wrote:
Hi all,
mod rewrite was actually inrduced to have search engne frendly urls.
hnce if you want a seo site then you have to use options 1 2. using
smarty or any templating engine for readibility is not total true.
one of the major advantages of using template engines is caching
I've read some {disparaging?) comments on option 2, but I've
got a question, or point, about that. I'm not at all sure that
you have to use mod_rewrite at all, can't you just use a
FORCETYPE directive on your handler script(s)?
I've certainly got some work in the form:
somesite.com/scriptname/var1/var2/var3
that seems to work well with no use of the rewrite module.
Aside from the fact that I've yet to find any actual evidence that
search engines treat what most people consider 'search engine friendly'
urls any different from the 'unfriendly dynamic' ones. Next time you
search for something online have a look at the URLs and see how many
belong to forums with dynamic URLs. More than you'd think I would
imagine, but it does go a long way to prove that most search engines
don't give much credence to the URL these days.
Of course, it does help if your keywords are in the URL, but I've not
noticed much of a difference between:
somesite.com/page-about-subject
and
somesite.com/?page=page-about-subject
I think that this may be an artifact of an earlier time. There
was a time when SE's didn't do so well with query strings, but it'd
be a little silly to think their owners didn't realize this and left
things exactly the way they were back in 2002 ... wouldn't it?
My $0.02,
Kevin Kinsey
---End Message---
---BeginMessage---
On 12 May 2010 07:10, Kevin Kinsey k...@daleco.biz wrote:
Ashley Sheridan wrote:
On Tue, 2010-05-11 at 08:48 +0530, chetan rane wrote:
Hi all,
mod rewrite was actually inrduced to have search engne frendly urls.
hnce if you want a seo site then you have to use options 1 2. using
smarty or any templating engine for readibility is not total true.
one of the major advantages of using template engines is caching
I've read some {disparaging?) comments on option 2, but I've
got a question, or point, about that. I'm not at all sure that
you have to use mod_rewrite at all, can't you just use a
FORCETYPE directive on your handler script(s)?
I've certainly got some work in the form:
somesite.com/scriptname/var1/var2/var3
that seems to work well with no use of the rewrite module.
And why wouldn't you want to use mod_rewrite? It's an extremely
powerful tool that does the job really well.
Regards
Peter
--
hype
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
Flickr: http://www.flickr.com/photos/fake51
BeWelcome: Fake51
Couchsurfing: Fake51
/hype
---End Message---
---BeginMessage---
On Wed, May 12, 2010 at 10:16:04AM +0200, Peter Lind wrote:
On 12 May 2010 07:10, Kevin Kinsey k...@daleco.biz wrote:
Ashley Sheridan wrote:
On Tue, 2010-05-11 at 08:48 +0530, chetan rane wrote:
Hi all,
mod rewrite was actually inrduced to have search engne frendly urls.
hnce if you want a seo site then you have to use options 1 2. using
smarty or any templating engine for readibility is not total true.
one of the major advantages of using template engines is caching
I've read some {disparaging?) comments on option 2, but I've
got a question, or point, about that. I'm not at all sure that
you have to use mod_rewrite at all, can't you just use a
FORCETYPE directive on your handler script(s)?
I've certainly got some work in the form:
somesite.com/scriptname/var1/var2/var3
that seems to work well with no use of the rewrite module.
And why wouldn't you
