php-general Digest 4 May 2007 11:11:10 -0000 Issue 4772
Topics (messages 254377 through 254394):
Re: Script feedback: insert string into another string
254377 by: Tijnema !
Re: File uploading and saving info on mysql
254378 by: itoctopus
Re: Redirect via GET is loosing characters
254379 by: itoctopus
Re: Split string
254380 by: itoctopus
Re: What does "<<<" mean?
254381 by: itoctopus
Re: A problem with passing $_GET in an url
254382 by: Davis Chan
254383 by: Davis Chan
Re: MySQL change-tracking
254384 by: Chris
Re: [opinions] Ashop Commerce
254385 by: Marco Sottana
254386 by: Chris
passing GET via include
254387 by: Mark Smith
254389 by: "Miguel J. Jiménez"
254393 by: Edward Kay
254394 by: Oliver Block
Custom session save handler. What's happens really?
254388 by: n.quirin.free.fr
Why does this encoding work in PHP?
254390 by: Arno Kuhl
254391 by: Dave Goodchild
PHP 5.2.2 and PHP 4.4.7 Released!
254392 by: Derick Rethans
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
I owe you and Tijnema a beer!
Have a great day/night!
Cheers,
Micky
I'm sorry, you have to wait another 9 months, because only than i can
legally drink a beer :) (than i will be > 16 :) )
Tijnema
--- End Message ---
--- Begin Message ---
Here's the file upload class making your life easier:
<?php
/*
@class FileManager
@description This class handles interaction with Files
@copyright itoctopus 2007 - The Genoc Library
*/
class FileManager{
/*
[EMAIL PROTECTED] save
[EMAIL PROTECTED] this function saves the file in the database
[EMAIL PROTECTED] array $file_handle A handle on the file (ex.
$_FILES['the_file'])
[EMAIL PROTECTED] string $field_name The name of the field
[EMAIL PROTECTED] string $action Update or save the file in the table.
Defaults to
save.
[EMAIL PROTECTED] string $file_source The name of the source table saving
the file
(such as realestate)
[EMAIL PROTECTED] string $file_source_id The id of the row in the source
table
[EMAIL PROTECTED] object $db The database handle
*/
static function save($file_handle, $file_source, $file_source_id,
$action='save', $allowed_types = array(), $db){
if (empty($file_handle['tmp_name']))
return;
$data = addslashes(fread(fopen($file_handle['tmp_name'], "r"),
$file_handle['size']));
if ($action == 'save'){
$creationdate = $lastupdatedate = Date("Y-m-d H:i:s");
$sql = 'INSERT INTO file (file_name, file_type, file_size, file_source,
file_source_id, file_binary, file_creationdate, file_lastupdatedate) VALUES
(\''.$file_handle['name'].'\', \''.$file_handle['type'].'\',
\''.$file_handle['size'].'\', \''.$file_source.'\', \''.$file_source_id.'\',
\''.$data.'\', \''.$creationdate.'\', \''.$lastupdatedate.'\')';
//now if the type is an image, then create a thumbnail (resize should be
relative)
}
else{
$lastupdatedate = Date("Y-m-d H:i:s");
$sql = 'UPDATE file SET file_name=\''.$file_handle['name'].'\',
file_type=\''.$file_handle['type'].'\', file_source=\''.$file_source.'\',
file_source_id=\''.$file_source_id.'\', file_binary=\''.$data.'\',
file_lastupdatedate=\''.$lastupdatedate.'\'';
//now if the type is an image, then update a thumbnail
}
$result= $db->query($sql);
}
/*
[EMAIL PROTECTED] get
[EMAIL PROTECTED] This function returns a link to the file based on the id
[EMAIL PROTECTED] string $file_id The id of the file in the database
[EMAIL PROTECTED] object $db The database handle
[EMAIL PROTECTED] void
*/
static function get($file_id, $db){
$sql = 'SELECT file_id, file_name, file_type, file_size, file_binary FROM
file where file_id=\''.$file_id.'\'';
$result= $db->query($sql);
header('Content-length:'.$result[0]['file_size']);
header('Content-type:'.$result[0]['file_type']);
//if it's not an image then download it, otherwise display it
if (strpos($result[0]['file_type'], 'image') !== FALSE)
header("Content-type: ".$result[0]['file_type'].";
filename=".$result[0]['file_name']);
else
header("Content-Disposition: attachment;
filename=".$result[0]['file_name']);
echo($result[0]['file_binary']);
}
/*
[EMAIL PROTECTED] delete
[EMAIL PROTECTED] This function delete a file from the database
[EMAIL PROTECTED] integer $file_id The id of the file to be deleted
[EMAIL PROTECTED] object $db The database handle
[EMAIL PROTECTED]
*/
static function delete($file_id, $db){
$sql = 'DELETE FROM file WHERE file_id=\'$file_id\'';
$result= $db->query($sql);
}
}
?>
--
itoctopus - http://www.itoctopus.com
"Marcelo Wolfgang" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hi all,
>
> I'm developing for my first time an upload file form which will populate a
> sql insert query, I think I got everything working fine, but the data
> isn't been saved on the database. Can someone help me with what I'm doing
> wrong here ?
>
> the code follow:
>
> <?php
> if (($_FILES["file"]["type"] == "application/msword")
> || ($_FILES["file"]["type"] == "application/pdf")
> && ($_FILES["file"]["size"] < 2000000))
> {
> if ($_FILES["file"]["error"] > 0)
> {
> echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
> }
> else
> {
> if (file_exists("../downloads/" . $_FILES["file"]["name"]))
> {
> echo $_FILES["file"]["name"] . " already exists. ";
> }
> else
> {
> move_uploaded_file($_FILES["file"]["tmp_name"],
> "../downloads/" . $_FILES["file"]["name"]);
> }
> }
> }
> else
> {
> echo "Invalid file";
> }
> $title = $_POST["title"];
> $filePath = "../downloads/" . $_FILES["file"]["name"];
> if($_FILES["file"]["type"] == "application/pdf"){
> $fileType = "pdf";
> } else if ($_FILES["file"]["type"] == "application/msword"){
> $fileType = "doc";
> }
> echo($title) . "<br />"; //outputs 'yada' ( correctly as I've typed on the
> form;
> echo($filePath) . "<br />"; //outputs '../downloads/66321-Estrutura.doc'
> and I can check that the file is there;
> echo($fileType) . "<br />"; //outputs 'doc' this is correct;
>
> mysql_connect("localhost",$db_user,$db_pass) or die (mysql_error());;
> mysql_select_db ($db_table);
> $user_Query = mysql_query("INSERT INTO tb_downloads (var_title,
> var_filepath, var_filetype, dt_data, bol_active) VALUES ('$title',
> '$filePath','$fileType','NOW(),1)");
> mysql_close();
>
> echo($user_Query) . "<br />"; //outputs nothing (? I suck at debugin
> queries)
>
> header("Location: http://www.w3ol.com.br/50congresso/adm/downloads.php";);
> // I know that this won't work while I echo something on the page, but the
> echo is there for debug only
>
> ?>
>
> TIA
> Marcelo Wolfgang
--- End Message ---
--- Begin Message ---
You just have to store your form inputs in the session.
--
itoctopus - http://www.itoctopus.com
"Merlin" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hi there,
>
> I am checking plausability inside a php script that receives a POST
> submit. If an error occures the user should be redirected back, along with
> his original data filled into the forms.
>
> There is a problem with this. As the GET method, which the redirect is
> using, only allows a certain amount of characters, the text is always cut
> down.
>
> I use this:
> HEADER("Location:".$data[rurl]."?error=".$error.$parameter);
>
> Is there a way to redirect the user to the form and fill in large text?
>
> Thank you for your help,
>
> Best regards, Merlin
--- End Message ---
--- Begin Message ---
if ($your_string !== ''){
$arr_string = explode(',', $your_string);
$first_part = $arr_string[0];
array_shift($arr_string);
$second_part = implode(',', $arr_string);
}
--
itoctopus - http://www.itoctopus.com
"Lester Caine" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Can someone with a few more working grey cells prompt me with the correct
> command to split a string.
>
> The entered data is names, but I need to split the text up to the first
> space or comma into one string, and the rest of the string into a second.
> It's the 'first either space or comma' that eludes me at the moment :(
>
> In know it's probably obvious, but it always is when you know the answer.
>
> --
> Lester Caine - G8HFL
> -----------------------------
> Contact - http://home.lsces.co.uk/lsces/wiki/?page=contact
> L.S.Caine Electronic Services - http://home.lsces.co.uk
> MEDW - http://home.lsces.co.uk/ModelEngineersDigitalWorkshop/
> Firebird Foundation Inc. - http://www.firebirdsql.org/index.php
--- End Message ---
--- Begin Message ---
never ever used it...
I also voted!
--
itoctopus - http://www.itoctopus.com
"Philip Thompson" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> On Apr 30, 2007, at 2:17 PM, Greg Donald wrote:
>
>> On 4/30/07, Nick Gorbikoff <[EMAIL PROTECTED]> wrote:
>>> Hello, folks.
>>> I rember I've since this somewhere in perl and it has somethign to do
>>> with
>>> blocks of code. I came across the same thing in some PHP code.
>>>
>>> <<< END
>>> ....some code....
>>> END
>>>
>>> What exactly does it mean.
>>>
>>> BTW:
>>> PHP .net search breaks if you search for <<<
>>
>>
>> It's heredoc syntax.
>>
>> http://us2.php.net/manual/en/
>> language.types.string.php#language.types.string.syntax.heredoc
>
>
> Ok, let's gather some stats to see how many people actually use the
> heredoc syntax. I created this quick little form to gather the data. It's
> takes 2 seconds (literally) - vote here:
>
> http://thril.uark.edu/heredoc/
>
> I'm interested in knowing if this is used a lot. If it is, then I may
> consider tying it into my code (if it calls for it).
>
> ~Philip
--- End Message ---
--- Begin Message ---
Hi! Everyone, here is the javascript function:
function Ask_Confirm()
{
response = confirm("Are you sure?");
if(response == true)
{
to_url = "./admin.php?to_be_rm=" + document.forms[1].to_be_rm.value;
// alert(to_url);
window.location = to_url;
}
else
{
// Do Nothing.
}
}
The alert(to_url) shows the correct/expected url. "to_be_rm" is the id
of a <select> on the second form on the page. Thanks again.
--- End Message ---
--- Begin Message ---
(sorry if you see 2 posts, I was trying to cancel a post, edit, and repost)
Hi! Everyone, Dan is right, after submit button is clicked, the
javascript function below is called. I am trying here is the javascript
function:
> function Ask_Confirm() {
> response = confirm("Are you sure?");
> if(response == true)
> {
> to_url = "./admin.php?to_be_rm=" + document.forms[1].to_be_rm.value;
> // alert(to_url);
> window.location = to_url;
> }
> else
> {
> // Do Nothing.
> }
> }
The alert(to_url) shows the correct/expected url. "to_be_rm" is the id
of a <select> on the second form on the page. Thanks again.
I also have a question about using this newsgroup, why is messages I got
from using Thunderbird not as update as the digest I got via email?
--- End Message ---
--- Begin Message ---
Richard Lynch wrote:
On Wed, May 2, 2007 4:32 pm, Brad Fuller wrote:
Richard Lynch wrote:
I have this simple database and I'm going to have a handful
of people editing it...
I'd like to track each and every edit with username, and,
ideally, provide myself an easy "Undo" if I decide [bleep] is
an idiot and shouldn't have done that.
Now, I'm not real concerned about the relational foreign key
aspect here, and I'd like to keep this as simple as possible...
I've considered doing a dump and putting the output into subversion,
even...
I realize there may be some nifty MySQL tool that does this,
so I'll be researching that shortly, but I'm wondering if
there's a nifty change-management php package out there that
I should check out.
The users are currently slated to be logging in via HTTP
Basic Authentication, but I could change that, I guess.
K.I.S.S. is definitely the motto around here -- If it takes
more than a day or two to figure out, install, and implement;
then forget it, as I can just hack something together myself in that
time-frame.
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
I'm not aware of any existing package that offers this, and if there
isn't
one I wouldn't be surprised. I think that there are just too many
variables
for it to be universal enough...
But, I thought about it for a second and here's what I came up with...
I realize this is not a very efficient way to store data, but it's
just an
idea...
What about instead of running UPDATE queries, you INSERT a new record
"on
top of it", and if you need to "undo" someone's change, just DELETE
that
record.
I'm not sure how the tables would relate, but it would be something
like...
initial insert generates customerID -> customerID and customer data go
into
a separate table -> subsequent changes get stacked up in this table
and the
most recent record gets displayed when you click to view the customer.
Voila, you have a history table and a simple way to "undo" changes.
Whaddya think?
I worked on a HIPPA-compliant medicasl system like that once (HIPPA
basically don't let you ever ever ever "delete" any data about a
patient).
It had a "version" field that got incremented on each insert and you
never did an update or delete.
It annoyed the bleep out of me at the time, mainly because the tables
got really large really fast...
I'll have to think about this and see if the tables I care about will
grow ridiculously large, and I can always archive the older stuff
after time...
Have a second table that has the 'history' of the record. Basically a
copy of the first table.
Easy to keep the history:
insert into history_table select * from main_table where id='X'
then update the main table's record.
That way you're not making the main table really large but you'll be
able to go back a version if you needed to.
You could even keep the history table under check (only keep 50 records).
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
if you have nothing to say.. say nothing
----- Original Message -----
From: "Richard Lynch" <[EMAIL PROTECTED]>
To: "Marco Sottana" <[EMAIL PROTECTED]>
Cc: "Stut" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, May 03, 2007 6:04 PM
Subject: Re: [PHP] [opinions] Ashop Commerce
On Thu, May 3, 2007 6:36 am, Marco Sottana wrote:
i am new ...
say me .. 2 or 3 nice e-commerce and why is nice.. please..
RTFA
I was sick of this thread in 1997!!!
I sure don't want to see it again!
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Marco Sottana wrote:
if you have nothing to say.. say nothing
LOL. You're the one spamming & trolling the list.
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
Hello all,
Is there a way to allow the passing of variables to included scripts
using the GET method, for example include"file.php?name=person"; or is
there another method of including files that allow you to do this. I
have attempted to do this without success, I just get a message saying
the file cannot be found.
--- End Message ---
--- Begin Message ---
Mark Smith escribió:
Hello all,
Is there a way to allow the passing of variables to included scripts
using the GET method, for example include"file.php?name=person"; or is
there another method of including files that allow you to do this. I
have attempted to do this without success, I just get a message saying
the file cannot be found.
If you define the variables before the *include* the included file will
see them without problem...
--
Miguel J. Jiménez
Programador Senior
Área de Internet/XSL/PHP
[EMAIL PROTECTED]
----------------------------------------------------
ISOTROL
Edificio BLUENET, Avda. Isaac Newton nº3, 4ª planta.
Parque Tecnológico Cartuja '93, 41092 Sevilla.
Teléfono: 955 036 800 - Fax: 955 036 849
http://www.isotrol.com
"You let a political fight come between you and your best friend you have in all
the world. Do you realize how foolish that is? How ominous? How can this country survive
if friends can't rise above the quarrel".
Constance Hazard, North & South (book I)
--- End Message ---
--- Begin Message ---
> -----Original Message-----
> From: Mark Smith [mailto:[EMAIL PROTECTED]
> Sent: 04 May 2007 08:23
> Hello all,
> Is there a way to allow the passing of variables to included scripts
> using the GET method, for example include"file.php?name=person"; or is
> there another method of including files that allow you to do this. I
> have attempted to do this without success, I just get a message saying
> the file cannot be found.
>
Hi Mark,
No, this isn't possible as it makes no sense. When you include a file, you
are not performing a request that generates a response - you are simply
including the contents of one file in another. When you call include, think
of it as just copy/pasting the contents of the included file at that point.
Any variables already defined (and in scope) will therefore be be available
to the code included file, for example:
--- main.php ---
$strTitle = 'The title';
$intTitleLength = strlen($strTitle);
include('display.php');
--- display.php ---
echo 'Title is '.$strTitle.' and is '.$intTitleLength.' characters long';
I hope this makes sense but feel free to reply to the list if you have any
questions.
Edward
--- End Message ---
--- Begin Message ---
Am Freitag, 4. Mai 2007 09:22 schrieb Mark Smith:
> Hello all,
> Is there a way to allow the passing of variables to included scripts
See it another way: The includED script will be part of the includING script.
---------------includeme.inc-----------------
<?php
$message="Hello!\n";
?>
---------------includer.php------------------
<?php
include('includeme.inc');
echo $message;
?>
-------------------------------------------------
Will be the same as
---------------dont_like_inclusions.php-------------------
<?php
$message="Hello\n";
echo $message;
?>
---------------------------------------------------------------
Regards,
Oliver
--- End Message ---
--- Begin Message ---
Hi,
i'm using in each script:
<?
session_set_save_handler(...); //register my custom function to store session
//into a mysql database
session_start(); //session.auto_start is set to 0 in php.ini
register_shutdown("session_write_close");
$object = unserialize($_SESSION['objectname']);
//modify the object
//....
$_SESSION['objectname'] = serialize($object);
?>
When are exactly called the write and read function of my custom handler?
Is it at the session_start that read function is called?
or is it at $object = unserialize($_SESSION['objectname'])?
Is write function called at session_write_close only?
or any time $_SESSION[] is writted?
Thanks a lot, I have no clue from PHP tutorial about this...
--- End Message ---
--- Begin Message ---
I recently came across a script that was oddly encoded. A bit of digging
revealed it was encoded in octal. What puzzles me is why the php interpreter
is able to understand the script.
An example (not from the original script)
require_once "../file.php";
require_once "\56\56\57\146\151\154\145\56\160\150\160";
Arno
--- End Message ---
--- Begin Message ---
The characters are encoded in octal and the php interpreter converts them
into the corresponding ASCII characters and then the sequence is represented
as a string which is included?
--- End Message ---
--- Begin Message ---
The PHP development team would like to announce the immediate
availability of PHP 5.2.2 and availability of PHP 4.4.7. These releases
are major stability and security enhancements of the 5.x and 4.4.x
branches, and all users are strongly encouraged to upgrade to it as soon
as possible. Further details about the PHP 5.2.2 release can be found in
the release announcement for 5.2.2 (http://
www.php.net/releases/5_2_2.php). Details about the PHP 4.4.7 release can
be found in the release announcement for 4.4.7 (http://
www.php.net/releases/4_4_7.php).
Security Enhancements and Fixes in PHP 5.2.2 and PHP 4.4.7:
- Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan
Fratric)
- Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser)
- Fixed a bug in mb_parse_str() that can be used to activate
register_globals (MOPB-26 by Stefan Esser)
- Fixed unallocated memory access/double free in in
array_user_key_compare() (MOPB-24 by Stefan Esser)
- Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan
Esser)
- Added missing open_basedir & safe_mode checks to zip:// and bzip://
wrappers. (MOPB-21 by Stefan Esser).
- Limit nesting level of input variables with max_input_nesting_level as
fix for (MOPB-03 by Stefan Esser)
- Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]
Bug.Center.Team)
- Fixed a possible super-global overwrite inside
import_request_variables(). (by Stefano Di Paola, Stefan Esser)
- Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc
library. (by Stanislav Malyshev)
Security Enhancements and Fixes in PHP 5.2.2 only:
- Fixed a header injection via Subject and To parameters to the mail()
function (MOPB-34 by Stefan Esser)
- Fixed wrong length calculation in unserialize S type (MOPB-29 by
Stefan Esser)
- Fixed substr_compare and substr_count information leak (MOPB-14 by
Stefan Esser) (Stas, Ilia)
- Fixed a remotely trigger-able buffer overflow inside
make_http_soap_request(). (by Ilia Alshanetsky)
- Fixed a buffer overflow inside user_filter_factory_create(). (by Ilia
Alshanetsky)
Security Enhancements and Fixes in PHP 4.4.7 only:
- XSS in phpinfo() (MOPB-8 by Stefan Esser)
While majority of the issues outlined above are local, in some
circumstances given specific code paths they can be triggered
externally. Therefor, we strongly recommend that if you use code
utilizing the functions and extensions identified as having had
vulnerabilities in them, you consider upgrading your PHP.
Derick Rethans
PHP 4.4 Release Master
--
Derick Rethans
http://derickrethans.nl | http://ez.no | http://xdebug.org
--- End Message ---
