php-general Digest 15 Mar 2006 04:11:21 -0000 Issue 4016
Topics (messages 231897 through 231921):
Execute a shell command using thttpd-php
231897 by: Nelson Carreira
231914 by: Chris
Is this password protection script secure?
231898 by: IG
231900 by: Anthony Ettinger
231903 by: Gerry Danen
231905 by: Robin Vickery
231907 by: Satyam
231910 by: Oscar Gosdinski
setcookie security concerns
231899 by: tedd
231902 by: Gerry Danen
231906 by: Chris Shiflett
231915 by: tedd
Re: Hidding HTML Input Elements values approach
231901 by: pedro mpa
231908 by: David Dorward
Re: Hostname Filtering
231904 by: Philip Hallstrom
PHP/Oracle : bug with accent...
231909 by: David BERCOT
Creating forms dynamically
231911 by: Paul Goepfert
231912 by: Paul Goepfert
231921 by: Chris
Re: Printing library in PHP ?
231913 by: robert mena
231917 by: Bogdan Ribic
231918 by: Steve Brown
Re: array_search and multi-dimensional arrays
231916 by: List Manager
moving data from mssql to mysql on linux
231919 by: blackwater dev
231920 by: Philip Hallstrom
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
php-general@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
Hello,
I'm quite new to PHP language and although I got into it pretty fast I'm
having some trouble executing system commands using php. I'm using
thttpd-php_2.21b-2_mipsel in a Linksys router and I can only execute
system commands like "ls" and "cd" from the PHP. I tried using the
different available functions (exec(), shell_exec(), system(),
passthru() and backsticks) but none of them works. I can't even run scripts!
I'm working on a web application that will be used to configure the
router and I need to use a lot of other commands from the PHP, so right
now I'm quite stucked. I tried to find help online and offline but
wasn't able to find any. I just hope you guys can help me!
Thanks,
Nelson Carreira
--- End Message ---
--- Begin Message ---
Nelson Carreira wrote:
Hello,
I'm quite new to PHP language and although I got into it pretty fast I'm
having some trouble executing system commands using php. I'm using
thttpd-php_2.21b-2_mipsel in a Linksys router and I can only execute
system commands like "ls" and "cd" from the PHP. I tried using the
different available functions (exec(), shell_exec(), system(),
passthru() and backsticks) but none of them works. I can't even run
scripts!
What happens? Do you get an error?
The commands you're trying to execute can't be interactive (ie can't
prompt for information).
They must be run by themselves and possibly display results.
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
Hello.
I got a password protected login script of t'internet a while back and
have implemented it. I just want to make sure it is secure. I am aware
that the password is stored directly in the database and I don't think
this is a good thing. If the following could be looked at to see if
there are any improvements I would be most grateful. The script is then
called on each page that requires password protection thus-
<? session_start();
include('login.php');
?>
Here is the code for login.php-
<?
if(!isset($username) | !isset($password)) {
// escape from php mode.
?>
<html><head></head><body>
<form action="<?=$PHP_SELF?><?if($QUERY_STRING){ echo"?".
$QUERY_STRING;}?>" method="POST" name="customerlogin" id="customerlogin">
<table width="300">
<tr>
<td>Username:</td>
<td><input name="username" type="text"></td>
</tr>
<tr>
<td>Password:</td>
<td><input name="password" type="password"></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" class="formy"
value="Login>>>"></td></tr></table>
</form>
</body>
</html>
<?
exit();
}
// If all is well so far.
session_register("table_id");
session_register("name");
session_register("Forenames");
session_register("Surname");
session_register("username");
session_register("password");
session_register("pw"); // register username and password as session
variables.
$link = mysql_connect("MYSQL_DATABASE_SERVER", "MYSQL_USERNAME",
"MYSQL_PW") or die("<--Could not connect-->");
mysql_select_db("MYSQL_DATABASE_NAME") or die("<-- Could not select
database-->");
$sql = "SELECT `id`, `Surname`, `Forenames`, `username`, `pw` FROM
MYSQL_TABLE_NAME WHERE `username` = '$username'";
$result = mysql_query($sql) or die("Query failed 888");
list($table_id, $Surname, $Forenames, $un, $pw) = mysql_fetch_row($result);
$numrows = mysql_num_rows($result);
if($numrows != "0" AND $password == $pw) {
$valid_user = 1;
$name = $Forenames." ".$Surname;
}
else {
$valid_user = 0;
}
// If the username exists and pass is correct, don't pop up the login
code again.
// If info can't be found or verified....
if (!($valid_user))
{
session_unset(); // Unset session variables.
session_destroy(); // End Session we created earlier.
// escape from php mode.
?>
<html><head></head><body>
<form action="<?=$PHP_SELF?><?if($QUERY_STRING){ echo"?".
$QUERY_STRING;}?>" method="POST">
Incorrect username and/or password. Please enter correct ones to log in:
<table width="300">
<tr>
<td>Username:</td>
<td><input name="username" type="text"></td>
</tr>
<tr>
<td>Password:</td>
<td><input name="password" type="password"></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" class="formy"
value="Login>>>"></td></tr></table>
</body>
</html>
<?
exit();
}
?>
--- End Message ---
--- Begin Message ---
On 3/14/06, IG <[EMAIL PROTECTED]> wrote:
> Hello.
>
> I got a password protected login script of t'internet a while back and
> have implemented it. I just want to make sure it is secure. I am aware
> that the password is stored directly in the database and I don't think
> this is a good thing. If the following could be looked at to see if
> there are any improvements I would be most grateful. The script is then
> called on each page that requires password protection thus-
> <? session_start();
> include('login.php');
> ?>
>
>
> Here is the code for login.php-
>
>
>
> <?
> if(!isset($username) | !isset($password)) {
> // escape from php mode.
> ?>
> <html><head></head><body>
>
> <form action="<?=$PHP_SELF?><?if($QUERY_STRING){ echo"?".
> $QUERY_STRING;}?>" method="POST" name="customerlogin" id="customerlogin">
>
> <table width="300">
> <tr>
> <td>Username:</td>
> <td><input name="username" type="text"></td>
> </tr>
> <tr>
> <td>Password:</td>
> <td><input name="password" type="password"></td>
> </tr>
> <tr>
> <td> </td>
> <td><input type="submit" class="formy"
> value="Login>>>"></td></tr></table>
> </form>
>
> </body>
> </html>
> <?
> exit();
> }
>
> // If all is well so far.
> session_register("table_id");
> session_register("name");
> session_register("Forenames");
> session_register("Surname");
> session_register("username");
> session_register("password");
> session_register("pw"); // register username and password as session
> variables.
>
>
> $link = mysql_connect("MYSQL_DATABASE_SERVER", "MYSQL_USERNAME",
> "MYSQL_PW") or die("<--Could not connect-->");
> mysql_select_db("MYSQL_DATABASE_NAME") or die("<-- Could not select
> database-->");
> $sql = "SELECT `id`, `Surname`, `Forenames`, `username`, `pw` FROM
> MYSQL_TABLE_NAME WHERE `username` = '$username'";
> $result = mysql_query($sql) or die("Query failed 888");
> list($table_id, $Surname, $Forenames, $un, $pw) = mysql_fetch_row($result);
>
> $numrows = mysql_num_rows($result);
>
> if($numrows != "0" AND $password == $pw) {
> $valid_user = 1;
> $name = $Forenames." ".$Surname;
> }
> else {
> $valid_user = 0;
> }
>
> // If the username exists and pass is correct, don't pop up the login
> code again.
> // If info can't be found or verified....
>
> if (!($valid_user))
> {
> session_unset(); // Unset session variables.
> session_destroy(); // End Session we created earlier.
> // escape from php mode.
> ?>
>
> <html><head></head><body>
>
>
> <form action="<?=$PHP_SELF?><?if($QUERY_STRING){ echo"?".
> $QUERY_STRING;}?>" method="POST">
>
>
> Incorrect username and/or password. Please enter correct ones to log in:
>
> <table width="300">
>
> <tr>
> <td>Username:</td>
> <td><input name="username" type="text"></td>
> </tr>
> <tr>
> <td>Password:</td>
> <td><input name="password" type="password"></td>
> </tr>
> <tr>
> <td> </td>
> <td><input type="submit" class="formy"
> value="Login>>>"></td></tr></table>
> </body>
> </html>
> <?
> exit();
> }
> ?>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
You should encrypt the password in the database, with a one-way hash,
then you simply compare what's in your db to what the login form
submits.
That way if you get hacked, or your admin goes postal, you won't have
people's unencrypted passwords in the database.
--
Anthony Ettinger
Signature: http://chovy.dyndns.org/hcard.html
--- End Message ---
--- Begin Message ---
On 3/14/06, IG <[EMAIL PROTECTED]> wrote:
>
> Hello.
>
> I got a password protected login script of t'internet a while back and
> have implemented it. I just want to make sure it is secure. I am aware
> that the password is stored directly in the database and I don't think
> this is a good thing. If the following could be looked at to see if
> there are any improvements I would be most grateful. The script is then
> called on each page that requires password protection thus-
Here's a fragment from my login routine:
if ( isset($_POST['s1']) )
{
$md5_pass = md5($_POST['p1']);
$u_user_id = db_format($_POST['u1']);
$q1 = "select * from users where u_user_id = '$u_user_id' and u_pass =
'$md5_pass' and u_appr = '1' ";
$r1 = mysql_query($q1) or db_error( $q1, mysql_error(), mysql_errno(),
__FILE__ );
$a1 = mysql_fetch_array($r1);
if ( mysql_num_rows($r1) == '1' )
{
$hostip = $_SERVER['REMOTE_ADDR'];
$_SESSION['sess_login_id'] = $a1['u_user_id'];
$_SESSION['sess_uid'] = $a1['u_id'];
$_SESSION['sess_email'] = $a1['u_email'];
--- End Message ---
--- Begin Message ---
On 14/03/06, IG <[EMAIL PROTECTED]> wrote:
> Hello.
>
> I got a password protected login script of t'internet a while back and
> have implemented it. I just want to make sure it is secure.
It's not.
1. It only works with register_globals turned on. Not a good idea -
register_globals has been off by default for some time now, for good
reason.
2. There's a Cross Site Scripting vulnerability where you're echoing
out the contents of $QUERY_STRING.
3. There's an SQL Injection vulnerability where you're inserting
$username directly into the query without any validation or escaping.
4. You're keeping the passwords in the database unencrypted rather
than using a one way hash which is bad in itself, but then you're
storing also writing them to the session - if you're on a shared
server, it's likely that any other site also on that server is able to
read your session files.
5. You're checking the username and password on every page request -
even after a successful login... which isn't really a security
problem, just wasteful.
-robin
--- End Message ---
--- Begin Message ---
----- Original Message -----
From: "Anthony Ettinger" <[EMAIL PROTECTED]>
You should encrypt the password in the database, with a one-way hash,
then you simply compare what's in your db to what the login form
submits.
That way if you get hacked, or your admin goes postal, you won't have
people's unencrypted passwords in the database.
--
It should say:
"You should encrypt the password in the database, with a one-way hash,
then you simply compare what's in your db to [the hash of] what the login
form
submits."
That is, when you first store the password, you first hash it (usually, you
would use the function md5() ). Then when you do the select, you put in the
where:
.... " WHERE `username` = '$username' and `pw`='" . md5($password) . "'";
And you don't store the password in a session variable or anywhere else, you
encript it (one way) you check it, and you forget about it, you never put it
in the clear anywhere. After all, session data goes somewhere in the disk,
and with an obvious name as password, it wouldn't be hard to find, even if
you don't have access to the database, for example, an example of the
contents of a session file:
IdUsr|i:999;level|s:1:"2";usr|s:6:"satyam";
Easy to understand:
IdUsr, an integer, containing 999
level, a string of one character containing a 2
user, a string of 6 characters containing 'satyam'
would you like to see something like
password|s:10:mypassword;
If you are using MySql isam files, locate the file with extension MYD and do
an hex dump of it. If you are database is called MyDb and your Users table
is called Users, locate MySql/data/MyDb/Users.MYD and dump it.
Now, you might be wondering what is the database password protection, don't
you?
Satyam
--- End Message ---
--- Begin Message ---
Instead of using a hash if the password string, i prefer to save the
following in the password field of my user's table:
md5($user . $password)
There are some md5 databases around that can be used to get the
cleartext password from the hash if your database is compromised, if
you use this method it's difficult to get the cleartext password
because it depends on the user and you are also validating if the user
exists.
However, i have a question. Which is better?, the md5 function
provided by PHP or MySQL? i used the MySQL function because i didn't
compile PHP with support for hash.
--
Saludos
Oscar
--- End Message ---
--- Begin Message ---
Hi:
I've been using a php style switcher allowing users to change css.
The code follows:
Within the head tags.
<link rel="stylesheet" type="text/css" media="screen" href="<?php
echo (!$thestyle)?'style1':$thestyle ?>.css" >
Within the body tags, allowing the user to select which style they want:
<a href="switch.php?set=style2">Green</a> or <a
href="switch.php?set=style1">Red</a>
And, the corresponding (switch.php) php code is:
<?php
setcookie ('thestyle', $set, time()+31536000, '/', '', 0);
header("Location: $HTTP_REFERER");
?>
It's pretty simple. But recently, I had one person hammer me stating
it was a security problem because I didn't validate the user input.
As such, he says that someone could inject an arbitrary code and
cause problems.
1. Is he right?
2. How does that work?
3. If so, what do I do to correct this?
Many thanks for any replies.
tedd
--
--------------------------------------------------------------------------------
http://sperling.com
--- End Message ---
--- Begin Message ---
Which "someone" could do this, is another question I have. The user? He's do
something to his own computer, no?
Gerry
On 3/14/06, tedd <[EMAIL PROTECTED]> wrote:
>
> Hi:
>
> I've been using a php style switcher allowing users to change css.
> The code follows:
>
> Within the head tags.
>
> <link rel="stylesheet" type="text/css" media="screen" href="<?php
> echo (!$thestyle)?'style1':$thestyle ?>.css" >
>
> Within the body tags, allowing the user to select which style they want:
>
> <a href="switch.php?set=style2">Green</a> or <a
> href="switch.php?set=style1">Red</a>
>
> And, the corresponding (switch.php) php code is:
>
> <?php
> setcookie ('thestyle', $set, time()+31536000, '/', '', 0);
> header("Location: $HTTP_REFERER");
> ?>
>
> It's pretty simple. But recently, I had one person hammer me stating
> it was a security problem because I didn't validate the user input.
> As such, he says that someone could inject an arbitrary code and
> cause problems.
>
> 1. Is he right?
>
> 2. How does that work?
>
> 3. If so, what do I do to correct this?
>
> Many thanks for any replies.
>
> tedd
> --
>
> --------------------------------------------------------------------------------
> http://sperling.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
Gerry
http://portal.danen.org/
--- End Message ---
--- Begin Message ---
tedd wrote:
<link rel="stylesheet" type="text/css" media="screen" href="<?php
echo (!$thestyle)?'style1':$thestyle ?>.css" >
It's not entirely clear from this example, but am I correct in assuming
that $thestyle is the same as $_COOKIE['thestyle'] in this case? In
other words, are you relying on register_globals or assigning the value
yourself?
If this is the value directly from the cookie, it's an example of a
cross-site scripting (XSS) vulnerability.
header("Location: $HTTP_REFERER");
This is an HTTP response splitting vulnerability, because the Referer
header (like the Cookie header) is provided by the client. Future
versions of PHP will not allow more than one header per header() call,
but this has been possible until now.
1. Is he right?
Yes, it seems so.
2. How does that work?
The Cookie header is part of an HTTP request. This is sent by the
client, and although the standard mechanism involves the client
returning exactly what you requested (e.g., the value matches that of a
previous Set-Cookie header), there's no guarantee that a malicious user
would be as polite.
3. If so, what do I do to correct this?
Don't trust any input without inspecting it first. In your case, this is
particularly easy, because you can just make sure that the value is one
of the few valid values.
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--- End Message ---
--- Begin Message ---
tedd wrote:
<link rel="stylesheet" type="text/css" media="screen" href="<?php
echo (!$thestyle)?'style1':$thestyle ?>.css" >
It's not entirely clear from this example, but am I correct in
assuming that $thestyle is the same as $_COOKIE['thestyle'] in this
case? In other words, are you relying on register_globals or
assigning the value yourself?
If this is the value directly from the cookie, it's an example of a
cross-site scripting (XSS) vulnerability.
header("Location: $HTTP_REFERER");
This is an HTTP response splitting vulnerability, because the
Referer header (like the Cookie header) is provided by the client.
Future versions of PHP will not allow more than one header per
header() call, but this has been possible until now.
1. Is he right?
Yes, it seems so.
2. How does that work?
The Cookie header is part of an HTTP request. This is sent by the
client, and although the standard mechanism involves the client
returning exactly what you requested (e.g., the value matches that
of a previous Set-Cookie header), there's no guarantee that a
malicious user would be as polite.
3. If so, what do I do to correct this?
Don't trust any input without inspecting it first. In your case,
this is particularly easy, because you can just make sure that the
value is one of the few valid values.
Hope that helps.
Chris
Chris:
Yes, it helps and I thank you for your comments.
Your question: "It's not entirely clear from this example, but am I
correct in assuming that $thestyle is the same as
$_COOKIE['thestyle'] in this case? In other words, are you relying on
register_globals or assigning the value yourself?"
The example is here:
http://www.sperling.com/examples/styleswitch/
The complete php code (i.e., switch.php) is:
<?php
setcookie ('thestyle', $set, time()+31536000, '/', '', 0);
header("Location: $HTTP_REFERER");
?>
And the value is assigned by the user via a click:
<a href="switch.php?set=style2">Green</a> or <a
href="switch.php?set=style1">Red</a>
And, the style sheet is determined by:
<link rel="stylesheet" type="text/css" media="screen" href="<?php
echo(!$thestyle)?'style1':$thestyle ?>.css" >
As such, I am expecting the user to provide the value of 'thestyle'
via his choice.
However, let's say a malicious user would try to do something -- what
could he actually do?
Please explain
Thanks again.
tedd
--
--------------------------------------------------------------------------------
http://sperling.com
--- End Message ---
--- Begin Message ---
> -----Mensagem original-----
> De: David Dorward
> So the value attribute contains an encrypted representation of the country
> name ... which is transmitted in clear text right next to it?
>
> If you want encryption, why not just use SSL?
The value attribute contains an encrypted value of a row id in the database
table for countries. How would I know which country the user has selected if
I don't know its row id to insert on a members table (either plain, masked
or encrypted)?
> name ... which is transmitted in clear text right next to it?
What is posted is the value attribute of the option elements not the country
text (do a print_r($_POST)).
Suppose you are on a Private Area on a website after login and you might
have links such as:
<a href="page.php?changeprefs">Preferences</a>
<a href="page.php?op=3">Change Password</a>
<a href="site/changeemail">Change E-mail</a>
In my approach these links would be like:
<a href="page.php?ad6467ae6757">Preferences</a>
<a href="page.php?op=97874bd86a4a5">Change Password</a>
<a href="site/97874bd86a4a5">Change E-mail</a> - for this you need ht access
on apache -I think-
--- End Message ---
--- Begin Message ---
pedro mpa wrote:
>> So the value attribute contains an encrypted representation of the
>> country name ... which is transmitted in clear text right next to it?
>> If you want encryption, why not just use SSL?
> The value attribute contains an encrypted value of a row id in the
> database table for countries. How would I know which country the user has
> selected if I don't know its row id to insert on a members table (either
> plain, masked or encrypted)?
Obviously you need to relate the data to your database - but why encrypt it?
And if you do encrypt it, why not use SSL to do so?
>> name ... which is transmitted in clear text right next to it?
>
> What is posted is the value attribute of the option elements not the
> country text (do a print_r($_POST)).
When the client sends the entered data to the server, yes. However, that
isn't the case when the server sends the form to the client in the first
place.
> Suppose you are on a Private Area on a website after login and you might
> have links such as:
> <a href="page.php?changeprefs">Preferences</a>
> <a href="page.php?op=3">Change Password</a>
> <a href="site/changeemail">Change E-mail</a>
>
> In my approach these links would be like:
> <a href="page.php?ad6467ae6757">Preferences</a>
> <a href="page.php?op=97874bd86a4a5">Change Password</a>
> <a href="site/97874bd86a4a5">Change E-mail</a>
Why?
> for this you need htaccess on apache -I think-
No. .htaccess files just allow you to reconfigure Apache on a per directory
basis without restarting the server.
--
David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/>
Home is where the ~/.bashrc is
--- End Message ---
--- Begin Message ---
I have a few PHP scripts where I log hit to a page i.e. IP and hostname via a
look up.
What I want to do is create essentially a blacklist to prevent bots and other
hosts and IP from being logged and skewing my stats. My local IP/host and
the MSN and Googlebot hits should not be in my stats or at least I can flag
them to hide them.
For example:
$blacklist = array(
'*.wavefront.ca',
'*.googlebot.com',
'msnbot.msn.com',
'*.inktomisearch.com',
'68.146.96.245'
);
So lets say I have my host:
$host = 'lj602144.inktomisearch.com';
I want to quickly parse this array and return a simple boolean if I am in the
blacklist. I could create a loop and cycle through the array valves and to a
regex on each but I was hoping someone would have a more elegant solution.
http://us3.php.net/in_array
You might want to rethink things though... if you list hostnames you're
going to have to do a DNS lookup for *every* request to that script.
That's going to take some time.
So you might want to log everything, then after the fact prune the
results. Just be sure to use some sort of dns caching strategy...
-philip
--- End Message ---
--- Begin Message ---
Hi,
I have a big problem with my Debian server (Apache 2, PHP 5, Oracle
Instant Client). I've modified the environment variable NLS_LANG and,
with SQL*Plus, everything is ok ! But, in a PHP page, I can't insert a
value with accent (ex: Irène). I can read data with accent, but not
inserting !!!
I searched all the afternoon, testing many solutions, without success. I
think I'm not alone with this problem but...
Do you have any clue ? Something to look at ?
Thank you very much.
David.
signature.asc
Description: Ceci est une partie de message numériquement signée
--- End Message ---
--- Begin Message ---
Hi all,
I have been working on a page where I have a form. I currently have
the form in an else block with no access to it if I need to redisplay
the form incase of errors. To be more specific I want to redisplay the
page with the errors displayed. I would like to have the form coded
once. It would save on file size. In my form I have a table that
holds the text inputs. I do have MySQL code for dropdown menus. If
anyone has any ideas on how to create the form when the error messages
are displayed without having to code it a second time please let me
know.
Oh by the way this is how my page is setup now
Class validation
{
--- End Message ---
--- Begin Message ---
Class validation
{
//functions
}
if(isset($submit))
{
//calls to validation code
}
else
{
//display webpage
}
On 3/14/06, Paul Goepfert <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> I have been working on a page where I have a form. I currently have
> the form in an else block with no access to it if I need to redisplay
> the form incase of errors. To be more specific I want to redisplay the
> page with the errors displayed. I would like to have the form coded
> once. It would save on file size. In my form I have a table that
> holds the text inputs. I do have MySQL code for dropdown menus. If
> anyone has any ideas on how to create the form when the error messages
> are displayed without having to code it a second time please let me
> know.
>
> Oh by the way this is how my page is setup now
>
> Class validation
> {
>
--- End Message ---
--- Begin Message ---
Paul Goepfert wrote:
Hi all,
I have been working on a page where I have a form. I currently have
the form in an else block with no access to it if I need to redisplay
the form incase of errors. To be more specific I want to redisplay the
page with the errors displayed. I would like to have the form coded
once. It would save on file size. In my form I have a table that
holds the text inputs. I do have MySQL code for dropdown menus. If
anyone has any ideas on how to create the form when the error messages
are displayed without having to code it a second time please let me
know.
function display_form($errormessage=false) {
if ($errormessage) {
echo "There was a problem!<br/>";
}
// form goes here.
}
Works well and it's nice and easy to use.
You can either pass in true/false for the $errormessage or pass in a
message (which isn't displayed by default).
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
Hi Manuel,
I am trying to print from the client side. The client will be windows.
Thanks.
On 3/13/06, Manuel Lemos <[EMAIL PROTECTED]> wrote:
>
> Hello,
>
> on 03/13/2006 09:44 AM robert mena said the following:
> > I am currently migrating an application originally written with Delphi
> to
> > PHP. Everything is going fine except the printing of the reports that
> does
> > not produce the same visual result (i.e does not look the same or has
> some
> > aligmment issues).
> >
> > From what I've read I should use CSS to achieve such result but I was
> > wondering if there is any toolkit, library in PHP that would ease my
> work.
> >
> > For example:
> > I have a specific report I have to add a header to each page
> > I have another one with tabular data that when the result is larger than
> a
> > page I should break the table and start at the next page so the table
> > headers can be seen again...
> >
> > In both I'd need a way to decide/find out how many pages will be
> necessary
> > (given the size of the paper sheet) so I could generate the HTML
> correctly.
>
> You did not mention the platform you want to print, nor if you want to
> print on the client side or server side.
>
> If you want to print on the server side, you may want to take a look at
> this IPP (Internet Printing Protocol) client class that can be used to
> print HTML documents on Windows and Linux (with CUPS).
>
> http://www.phpclasses.org/printipp
>
>
> --
>
> Regards,
> Manuel Lemos
>
> Metastorage - Data object relational mapping layer generator
> http://www.metastorage.net/
>
> PHP Classes - Free ready to use OOP components written in PHP
> http://www.phpclasses.org/
>
--- End Message ---
--- Begin Message ---
This is more of an HTML question than it has to do with PHP, and you
sound like a noobie :)
Only useful info I can give you is to use THEAD in tables to hold
headers, browsers put that row first on every page when breaking large
table on several pages.
Boban.
robert mena wrote:
For example:
I have a specific report I have to add a header to each page
I have another one with tabular data that when the result is larger than a
page I should break the table and start at the next page so the table
headers can be seen again...
In both I'd need a way to decide/find out how many pages will be necessary
(given the size of the paper sheet) so I could generate the HTML correctly.
--
Open source PHP code generator for DB operations
http://sourceforge.net/projects/bfrcg/
--- End Message ---
--- Begin Message ---
> I am currently migrating an application originally written with Delphi to
> PHP. Everything is going fine except the printing of the reports that does
> not produce the same visual result (i.e does not look the same or has some
> aligmment issues).
We generate all of our printed reports using FPDF
(http://www.fpdf.org) to generate PDF files. Its very flexible, can
do must of what you are aksing for, and unlike some alternatives, its
free. PDFs are going to be the easiest way to get total control of
the output.
--- End Message ---
--- Begin Message ---
M. Sokolewicz wrote:
List Manager wrote:
jonathan wrote:
I'd like to return the first key value in the following array such
that England would return 1 rather than 3 which is the second key
value. Any help would be greatly appreciated.
$c[1][]="Vietnam";
$c[1][]="China";
$c[1][]="Thailand";
$c[1][]="England";
$c[2][]="USA";
$c[2][]="Japan";
print_r($c);
// Array ( [1] => Array ( [0] => Vietnam [1] => China [2] =>
Thailand [3] => England ) [2] => Array ( [0] => USA [1] => Japan ) )
foreach($c as $row)
{
echo array_search("England",$row);
}
// prints 3
-jonathan
--PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
give this a shot
<?php
function findIndexof($ar, $str) {
foreach($ar AS $k => $v) {
if ( is_array($v) ) {
$val = findIndexof($v, $str);
if( $val !== false ) {
return $val;
}
} elseif ( strtolower($v) == strtolower($str) ) {
return $k;
}
}
return FALSE;
}
$c[1][] = "Vietnam";
$c[1][] = "China";
$c[1][] = "Thailand";
$c[1][] = "England";
$c[2][] = "USA";
$c[2][] = "Japan";
echo findIndexof($c, 'Vietnam');
?>
You should be able to search arrays of any depth
Hope this woks for you.
Jim
Or, a lot easier:
foreach($c as $key=>$row) {
if(false !== array_search("England",$row)) {
echo $key;
}
}
Well, this is fine, if you know that the array will always be two
levels, not one, not three, but two.
If this is the case, then fine.
But, don't you think it would be nice to have a function that will work
no matter what it is passed?
Jim
--- End Message ---
--- Begin Message ---
I have a project where I need to connect to a remote SQL Server and move
data from their to my localy MySQL server. On the remote SQL Server, I only
have access to a few views but need to get their data and move it to my
local MySQL db. What is the best way to do this? I have freetds compiled
and configured for php on my server and currently connect to the SQL Server,
do my query and then loop through the result inserting into MySQL a row at a
time but this just takes to long....is there a better way?
Thanks!
--- End Message ---
--- Begin Message ---
I have a project where I need to connect to a remote SQL Server and move
data from their to my localy MySQL server. On the remote SQL Server, I only
have access to a few views but need to get their data and move it to my
local MySQL db. What is the best way to do this? I have freetds compiled
and configured for php on my server and currently connect to the SQL Server,
do my query and then loop through the result inserting into MySQL a row at a
time but this just takes to long....is there a better way?
Look at disabling indexes until the inserts are done. Also "insert
delayed" or "insert ignored"... (don't remember the exact specifics). If
it's innodb, wrap the inserts in a transaction and commit every 100 rows
or so.
Also, before spending too much time on it, you'll never get faster than
you can query out of sqlserver... so if that's the bottleneck not much you
can do about it.
--- End Message ---
