php-general Digest 15 Mar 2006 04:11:21 -0000 Issue 4016 Topics (messages 231897 through 231921):
Execute a shell command using thttpd-php 231897 by: Nelson Carreira 231914 by: Chris Is this password protection script secure? 231898 by: IG 231900 by: Anthony Ettinger 231903 by: Gerry Danen 231905 by: Robin Vickery 231907 by: Satyam 231910 by: Oscar Gosdinski setcookie security concerns 231899 by: tedd 231902 by: Gerry Danen 231906 by: Chris Shiflett 231915 by: tedd Re: Hidding HTML Input Elements values approach 231901 by: pedro mpa 231908 by: David Dorward Re: Hostname Filtering 231904 by: Philip Hallstrom PHP/Oracle : bug with accent... 231909 by: David BERCOT Creating forms dynamically 231911 by: Paul Goepfert 231912 by: Paul Goepfert 231921 by: Chris Re: Printing library in PHP ? 231913 by: robert mena 231917 by: Bogdan Ribic 231918 by: Steve Brown Re: array_search and multi-dimensional arrays 231916 by: List Manager moving data from mssql to mysql on linux 231919 by: blackwater dev 231920 by: Philip Hallstrom Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: php-general@lists.php.net ----------------------------------------------------------------------
--- Begin Message ---Hello,I'm quite new to PHP language and although I got into it pretty fast I'm having some trouble executing system commands using php. I'm using thttpd-php_2.21b-2_mipsel in a Linksys router and I can only execute system commands like "ls" and "cd" from the PHP. I tried using the different available functions (exec(), shell_exec(), system(), passthru() and backsticks) but none of them works. I can't even run scripts! I'm working on a web application that will be used to configure the router and I need to use a lot of other commands from the PHP, so right now I'm quite stucked. I tried to find help online and offline but wasn't able to find any. I just hope you guys can help me!Thanks, Nelson Carreira
--- End Message ---
--- Begin Message ---Nelson Carreira wrote:Hello,I'm quite new to PHP language and although I got into it pretty fast I'm having some trouble executing system commands using php. I'm using thttpd-php_2.21b-2_mipsel in a Linksys router and I can only execute system commands like "ls" and "cd" from the PHP. I tried using the different available functions (exec(), shell_exec(), system(), passthru() and backsticks) but none of them works. I can't even run scripts!What happens? Do you get an error?The commands you're trying to execute can't be interactive (ie can't prompt for information).They must be run by themselves and possibly display results. -- Postgresql & php tutorials http://www.designmagick.com/
--- End Message ---
--- Begin Message ---Hello.I got a password protected login script of t'internet a while back and have implemented it. I just want to make sure it is secure. I am aware that the password is stored directly in the database and I don't think this is a good thing. If the following could be looked at to see if there are any improvements I would be most grateful. The script is then called on each page that requires password protection thus-<? session_start(); include('login.php'); ?> Here is the code for login.php- <? if(!isset($username) | !isset($password)) { // escape from php mode. ?> <html><head></head><body><form action="<?=$PHP_SELF?><?if($QUERY_STRING){ echo"?". $QUERY_STRING;}?>" method="POST" name="customerlogin" id="customerlogin"><table width="300"> <tr> <td>Username:</td> <td><input name="username" type="text"></td> </tr> <tr> <td>Password:</td> <td><input name="password" type="password"></td> </tr> <tr> <td> </td><td><input type="submit" class="formy" value="Login>>>"></td></tr></table></form> </body> </html> <? exit(); } // If all is well so far. session_register("table_id"); session_register("name"); session_register("Forenames"); session_register("Surname"); session_register("username"); session_register("password");session_register("pw"); // register username and password as session variables.$link = mysql_connect("MYSQL_DATABASE_SERVER", "MYSQL_USERNAME", "MYSQL_PW") or die("<--Could not connect-->"); mysql_select_db("MYSQL_DATABASE_NAME") or die("<-- Could not select database-->"); $sql = "SELECT `id`, `Surname`, `Forenames`, `username`, `pw` FROM MYSQL_TABLE_NAME WHERE `username` = '$username'";$result = mysql_query($sql) or die("Query failed 888"); list($table_id, $Surname, $Forenames, $un, $pw) = mysql_fetch_row($result);$numrows = mysql_num_rows($result);if($numrows != "0" AND $password == $pw) { $valid_user = 1; $name = $Forenames." ".$Surname; } else { $valid_user = 0; }// If the username exists and pass is correct, don't pop up the login code again.// If info can't be found or verified.... if (!($valid_user)) { session_unset(); // Unset session variables. session_destroy(); // End Session we created earlier. // escape from php mode. ?> <html><head></head><body><form action="<?=$PHP_SELF?><?if($QUERY_STRING){ echo"?". $QUERY_STRING;}?>" method="POST">Incorrect username and/or password. Please enter correct ones to log in: <table width="300"><tr><td>Username:</td> <td><input name="username" type="text"></td> </tr> <tr> <td>Password:</td> <td><input name="password" type="password"></td> </tr> <tr> <td> </td><td><input type="submit" class="formy" value="Login>>>"></td></tr></table></body> </html> <? exit(); } ?>
--- End Message ---
--- Begin Message ---On 3/14/06, IG <[EMAIL PROTECTED]> wrote: > Hello. > > I got a password protected login script of t'internet a while back and > have implemented it. I just want to make sure it is secure. I am aware > that the password is stored directly in the database and I don't think > this is a good thing. If the following could be looked at to see if > there are any improvements I would be most grateful. The script is then > called on each page that requires password protection thus- > <? session_start(); > include('login.php'); > ?> > > > Here is the code for login.php- > > > > <? > if(!isset($username) | !isset($password)) { > // escape from php mode. > ?> > <html><head></head><body> > > <form action="<?=$PHP_SELF?><?if($QUERY_STRING){ echo"?". > $QUERY_STRING;}?>" method="POST" name="customerlogin" id="customerlogin"> > > <table width="300"> > <tr> > <td>Username:</td> > <td><input name="username" type="text"></td> > </tr> > <tr> > <td>Password:</td> > <td><input name="password" type="password"></td> > </tr> > <tr> > <td> </td> > <td><input type="submit" class="formy" > value="Login>>>"></td></tr></table> > </form> > > </body> > </html> > <? > exit(); > } > > // If all is well so far. > session_register("table_id"); > session_register("name"); > session_register("Forenames"); > session_register("Surname"); > session_register("username"); > session_register("password"); > session_register("pw"); // register username and password as session > variables. > > > $link = mysql_connect("MYSQL_DATABASE_SERVER", "MYSQL_USERNAME", > "MYSQL_PW") or die("<--Could not connect-->"); > mysql_select_db("MYSQL_DATABASE_NAME") or die("<-- Could not select > database-->"); > $sql = "SELECT `id`, `Surname`, `Forenames`, `username`, `pw` FROM > MYSQL_TABLE_NAME WHERE `username` = '$username'"; > $result = mysql_query($sql) or die("Query failed 888"); > list($table_id, $Surname, $Forenames, $un, $pw) = mysql_fetch_row($result); > > $numrows = mysql_num_rows($result); > > if($numrows != "0" AND $password == $pw) { > $valid_user = 1; > $name = $Forenames." ".$Surname; > } > else { > $valid_user = 0; > } > > // If the username exists and pass is correct, don't pop up the login > code again. > // If info can't be found or verified.... > > if (!($valid_user)) > { > session_unset(); // Unset session variables. > session_destroy(); // End Session we created earlier. > // escape from php mode. > ?> > > <html><head></head><body> > > > <form action="<?=$PHP_SELF?><?if($QUERY_STRING){ echo"?". > $QUERY_STRING;}?>" method="POST"> > > > Incorrect username and/or password. Please enter correct ones to log in: > > <table width="300"> > > <tr> > <td>Username:</td> > <td><input name="username" type="text"></td> > </tr> > <tr> > <td>Password:</td> > <td><input name="password" type="password"></td> > </tr> > <tr> > <td> </td> > <td><input type="submit" class="formy" > value="Login>>>"></td></tr></table> > </body> > </html> > <? > exit(); > } > ?> > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > > You should encrypt the password in the database, with a one-way hash, then you simply compare what's in your db to what the login form submits. That way if you get hacked, or your admin goes postal, you won't have people's unencrypted passwords in the database. -- Anthony Ettinger Signature: http://chovy.dyndns.org/hcard.html
--- End Message ---
--- Begin Message ---On 3/14/06, IG <[EMAIL PROTECTED]> wrote: > > Hello. > > I got a password protected login script of t'internet a while back and > have implemented it. I just want to make sure it is secure. I am aware > that the password is stored directly in the database and I don't think > this is a good thing. If the following could be looked at to see if > there are any improvements I would be most grateful. The script is then > called on each page that requires password protection thus- Here's a fragment from my login routine: if ( isset($_POST['s1']) ) { $md5_pass = md5($_POST['p1']); $u_user_id = db_format($_POST['u1']); $q1 = "select * from users where u_user_id = '$u_user_id' and u_pass = '$md5_pass' and u_appr = '1' "; $r1 = mysql_query($q1) or db_error( $q1, mysql_error(), mysql_errno(), __FILE__ ); $a1 = mysql_fetch_array($r1); if ( mysql_num_rows($r1) == '1' ) { $hostip = $_SERVER['REMOTE_ADDR']; $_SESSION['sess_login_id'] = $a1['u_user_id']; $_SESSION['sess_uid'] = $a1['u_id']; $_SESSION['sess_email'] = $a1['u_email'];
--- End Message ---
--- Begin Message ---On 14/03/06, IG <[EMAIL PROTECTED]> wrote: > Hello. > > I got a password protected login script of t'internet a while back and > have implemented it. I just want to make sure it is secure. It's not. 1. It only works with register_globals turned on. Not a good idea - register_globals has been off by default for some time now, for good reason. 2. There's a Cross Site Scripting vulnerability where you're echoing out the contents of $QUERY_STRING. 3. There's an SQL Injection vulnerability where you're inserting $username directly into the query without any validation or escaping. 4. You're keeping the passwords in the database unencrypted rather than using a one way hash which is bad in itself, but then you're storing also writing them to the session - if you're on a shared server, it's likely that any other site also on that server is able to read your session files. 5. You're checking the username and password on every page request - even after a successful login... which isn't really a security problem, just wasteful. -robin
--- End Message ---
--- Begin Message --- ----- Original Message ----- From: "Anthony Ettinger" <[EMAIL PROTECTED]>You should encrypt the password in the database, with a one-way hash, then you simply compare what's in your db to what the login form submits. That way if you get hacked, or your admin goes postal, you won't have people's unencrypted passwords in the database. -- It should say: "You should encrypt the password in the database, with a one-way hash,then you simply compare what's in your db to [the hash of] what the login formsubmits."That is, when you first store the password, you first hash it (usually, you would use the function md5() ). Then when you do the select, you put in the where:.... " WHERE `username` = '$username' and `pw`='" . md5($password) . "'";And you don't store the password in a session variable or anywhere else, you encript it (one way) you check it, and you forget about it, you never put it in the clear anywhere. After all, session data goes somewhere in the disk, and with an obvious name as password, it wouldn't be hard to find, even if you don't have access to the database, for example, an example of the contents of a session file:IdUsr|i:999;level|s:1:"2";usr|s:6:"satyam"; Easy to understand: IdUsr, an integer, containing 999 level, a string of one character containing a 2 user, a string of 6 characters containing 'satyam' would you like to see something like password|s:10:mypassword;If you are using MySql isam files, locate the file with extension MYD and do an hex dump of it. If you are database is called MyDb and your Users table is called Users, locate MySql/data/MyDb/Users.MYD and dump it.Now, you might be wondering what is the database password protection, don't you?Satyam
--- End Message ---
--- Begin Message ---Instead of using a hash if the password string, i prefer to save the following in the password field of my user's table: md5($user . $password) There are some md5 databases around that can be used to get the cleartext password from the hash if your database is compromised, if you use this method it's difficult to get the cleartext password because it depends on the user and you are also validating if the user exists. However, i have a question. Which is better?, the md5 function provided by PHP or MySQL? i used the MySQL function because i didn't compile PHP with support for hash. -- Saludos Oscar
--- End Message ---
--- Begin Message ---Hi:I've been using a php style switcher allowing users to change css. The code follows:Within the head tags.<link rel="stylesheet" type="text/css" media="screen" href="<?php echo (!$thestyle)?'style1':$thestyle ?>.css" >Within the body tags, allowing the user to select which style they want:<a href="switch.php?set=style2">Green</a> or <a href="switch.php?set=style1">Red</a>And, the corresponding (switch.php) php code is: <?php setcookie ('thestyle', $set, time()+31536000, '/', '', 0); header("Location: $HTTP_REFERER"); ?>It's pretty simple. But recently, I had one person hammer me stating it was a security problem because I didn't validate the user input. As such, he says that someone could inject an arbitrary code and cause problems.1. Is he right? 2. How does that work? 3. If so, what do I do to correct this? Many thanks for any replies. tedd -- -------------------------------------------------------------------------------- http://sperling.com
--- End Message ---
--- Begin Message ---Which "someone" could do this, is another question I have. The user? He's do something to his own computer, no? Gerry On 3/14/06, tedd <[EMAIL PROTECTED]> wrote: > > Hi: > > I've been using a php style switcher allowing users to change css. > The code follows: > > Within the head tags. > > <link rel="stylesheet" type="text/css" media="screen" href="<?php > echo (!$thestyle)?'style1':$thestyle ?>.css" > > > Within the body tags, allowing the user to select which style they want: > > <a href="switch.php?set=style2">Green</a> or <a > href="switch.php?set=style1">Red</a> > > And, the corresponding (switch.php) php code is: > > <?php > setcookie ('thestyle', $set, time()+31536000, '/', '', 0); > header("Location: $HTTP_REFERER"); > ?> > > It's pretty simple. But recently, I had one person hammer me stating > it was a security problem because I didn't validate the user input. > As such, he says that someone could inject an arbitrary code and > cause problems. > > 1. Is he right? > > 2. How does that work? > > 3. If so, what do I do to correct this? > > Many thanks for any replies. > > tedd > -- > > -------------------------------------------------------------------------------- > http://sperling.com > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Gerry http://portal.danen.org/
--- End Message ---
--- Begin Message ---tedd wrote:<link rel="stylesheet" type="text/css" media="screen" href="<?php echo (!$thestyle)?'style1':$thestyle ?>.css" >It's not entirely clear from this example, but am I correct in assuming that $thestyle is the same as $_COOKIE['thestyle'] in this case? In other words, are you relying on register_globals or assigning the value yourself?If this is the value directly from the cookie, it's an example of a cross-site scripting (XSS) vulnerability.header("Location: $HTTP_REFERER");This is an HTTP response splitting vulnerability, because the Referer header (like the Cookie header) is provided by the client. Future versions of PHP will not allow more than one header per header() call, but this has been possible until now.1. Is he right?Yes, it seems so.2. How does that work?The Cookie header is part of an HTTP request. This is sent by the client, and although the standard mechanism involves the client returning exactly what you requested (e.g., the value matches that of a previous Set-Cookie header), there's no guarantee that a malicious user would be as polite.3. If so, what do I do to correct this?Don't trust any input without inspecting it first. In your case, this is particularly easy, because you can just make sure that the value is one of the few valid values.Hope that helps. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/
--- End Message ---
--- Begin Message ---tedd wrote:<link rel="stylesheet" type="text/css" media="screen" href="<?php echo (!$thestyle)?'style1':$thestyle ?>.css" >It's not entirely clear from this example, but am I correct in assuming that $thestyle is the same as $_COOKIE['thestyle'] in this case? In other words, are you relying on register_globals or assigning the value yourself?If this is the value directly from the cookie, it's an example of a cross-site scripting (XSS) vulnerability.header("Location: $HTTP_REFERER");This is an HTTP response splitting vulnerability, because the Referer header (like the Cookie header) is provided by the client. Future versions of PHP will not allow more than one header per header() call, but this has been possible until now.1. Is he right?Yes, it seems so.2. How does that work?The Cookie header is part of an HTTP request. This is sent by the client, and although the standard mechanism involves the client returning exactly what you requested (e.g., the value matches that of a previous Set-Cookie header), there's no guarantee that a malicious user would be as polite.3. If so, what do I do to correct this?Don't trust any input without inspecting it first. In your case, this is particularly easy, because you can just make sure that the value is one of the few valid values.Hope that helps. ChrisChris: Yes, it helps and I thank you for your comments.Your question: "It's not entirely clear from this example, but am I correct in assuming that $thestyle is the same as $_COOKIE['thestyle'] in this case? In other words, are you relying on register_globals or assigning the value yourself?"The example is here: http://www.sperling.com/examples/styleswitch/ The complete php code (i.e., switch.php) is: <?php setcookie ('thestyle', $set, time()+31536000, '/', '', 0); header("Location: $HTTP_REFERER"); ?> And the value is assigned by the user via a click:<a href="switch.php?set=style2">Green</a> or <a href="switch.php?set=style1">Red</a>And, the style sheet is determined by:<link rel="stylesheet" type="text/css" media="screen" href="<?php echo(!$thestyle)?'style1':$thestyle ?>.css" >As such, I am expecting the user to provide the value of 'thestyle' via his choice.However, let's say a malicious user would try to do something -- what could he actually do?Please explain Thanks again. tedd -- -------------------------------------------------------------------------------- http://sperling.com
--- End Message ---
--- Begin Message ---> -----Mensagem original----- > De: David Dorward > So the value attribute contains an encrypted representation of the country > name ... which is transmitted in clear text right next to it? > > If you want encryption, why not just use SSL? The value attribute contains an encrypted value of a row id in the database table for countries. How would I know which country the user has selected if I don't know its row id to insert on a members table (either plain, masked or encrypted)? > name ... which is transmitted in clear text right next to it? What is posted is the value attribute of the option elements not the country text (do a print_r($_POST)). Suppose you are on a Private Area on a website after login and you might have links such as: <a href="page.php?changeprefs">Preferences</a> <a href="page.php?op=3">Change Password</a> <a href="site/changeemail">Change E-mail</a> In my approach these links would be like: <a href="page.php?ad6467ae6757">Preferences</a> <a href="page.php?op=97874bd86a4a5">Change Password</a> <a href="site/97874bd86a4a5">Change E-mail</a> - for this you need ht access on apache -I think-
--- End Message ---
--- Begin Message ---pedro mpa wrote: >> So the value attribute contains an encrypted representation of the >> country name ... which is transmitted in clear text right next to it? >> If you want encryption, why not just use SSL? > The value attribute contains an encrypted value of a row id in the > database table for countries. How would I know which country the user has > selected if I don't know its row id to insert on a members table (either > plain, masked or encrypted)? Obviously you need to relate the data to your database - but why encrypt it? And if you do encrypt it, why not use SSL to do so? >> name ... which is transmitted in clear text right next to it? > > What is posted is the value attribute of the option elements not the > country text (do a print_r($_POST)). When the client sends the entered data to the server, yes. However, that isn't the case when the server sends the form to the client in the first place. > Suppose you are on a Private Area on a website after login and you might > have links such as: > <a href="page.php?changeprefs">Preferences</a> > <a href="page.php?op=3">Change Password</a> > <a href="site/changeemail">Change E-mail</a> > > In my approach these links would be like: > <a href="page.php?ad6467ae6757">Preferences</a> > <a href="page.php?op=97874bd86a4a5">Change Password</a> > <a href="site/97874bd86a4a5">Change E-mail</a> Why? > for this you need htaccess on apache -I think- No. .htaccess files just allow you to reconfigure Apache on a per directory basis without restarting the server. -- David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/> Home is where the ~/.bashrc is
--- End Message ---
--- Begin Message ---I have a few PHP scripts where I log hit to a page i.e. IP and hostname via a look up.What I want to do is create essentially a blacklist to prevent bots and other hosts and IP from being logged and skewing my stats. My local IP/host and the MSN and Googlebot hits should not be in my stats or at least I can flag them to hide them.For example: $blacklist = array( '*.wavefront.ca', '*.googlebot.com', 'msnbot.msn.com', '*.inktomisearch.com', '68.146.96.245' ); So lets say I have my host: $host = 'lj602144.inktomisearch.com';I want to quickly parse this array and return a simple boolean if I am in the blacklist. I could create a loop and cycle through the array valves and to a regex on each but I was hoping someone would have a more elegant solution.http://us3.php.net/in_arrayYou might want to rethink things though... if you list hostnames you're going to have to do a DNS lookup for *every* request to that script. That's going to take some time.So you might want to log everything, then after the fact prune the results. Just be sure to use some sort of dns caching strategy...-philip
--- End Message ---
--- Begin Message ---Hi, I have a big problem with my Debian server (Apache 2, PHP 5, Oracle Instant Client). I've modified the environment variable NLS_LANG and, with SQL*Plus, everything is ok ! But, in a PHP page, I can't insert a value with accent (ex: Irène). I can read data with accent, but not inserting !!! I searched all the afternoon, testing many solutions, without success. I think I'm not alone with this problem but... Do you have any clue ? Something to look at ? Thank you very much. David.signature.asc
Description: Ceci est une partie de message numériquement signée
--- End Message ---
--- Begin Message ---Hi all, I have been working on a page where I have a form. I currently have the form in an else block with no access to it if I need to redisplay the form incase of errors. To be more specific I want to redisplay the page with the errors displayed. I would like to have the form coded once. It would save on file size. In my form I have a table that holds the text inputs. I do have MySQL code for dropdown menus. If anyone has any ideas on how to create the form when the error messages are displayed without having to code it a second time please let me know. Oh by the way this is how my page is setup now Class validation {
--- End Message ---
--- Begin Message ---Class validation { //functions } if(isset($submit)) { //calls to validation code } else { //display webpage } On 3/14/06, Paul Goepfert <[EMAIL PROTECTED]> wrote: > Hi all, > > I have been working on a page where I have a form. I currently have > the form in an else block with no access to it if I need to redisplay > the form incase of errors. To be more specific I want to redisplay the > page with the errors displayed. I would like to have the form coded > once. It would save on file size. In my form I have a table that > holds the text inputs. I do have MySQL code for dropdown menus. If > anyone has any ideas on how to create the form when the error messages > are displayed without having to code it a second time please let me > know. > > Oh by the way this is how my page is setup now > > Class validation > { >
--- End Message ---
--- Begin Message ---Paul Goepfert wrote:Hi all, I have been working on a page where I have a form. I currently have the form in an else block with no access to it if I need to redisplay the form incase of errors. To be more specific I want to redisplay the page with the errors displayed. I would like to have the form coded once. It would save on file size. In my form I have a table that holds the text inputs. I do have MySQL code for dropdown menus. If anyone has any ideas on how to create the form when the error messages are displayed without having to code it a second time please let me know.function display_form($errormessage=false) { if ($errormessage) { echo "There was a problem!<br/>"; } // form goes here. } Works well and it's nice and easy to use.You can either pass in true/false for the $errormessage or pass in a message (which isn't displayed by default).-- Postgresql & php tutorials http://www.designmagick.com/
--- End Message ---
--- Begin Message ---Hi Manuel, I am trying to print from the client side. The client will be windows. Thanks. On 3/13/06, Manuel Lemos <[EMAIL PROTECTED]> wrote: > > Hello, > > on 03/13/2006 09:44 AM robert mena said the following: > > I am currently migrating an application originally written with Delphi > to > > PHP. Everything is going fine except the printing of the reports that > does > > not produce the same visual result (i.e does not look the same or has > some > > aligmment issues). > > > > From what I've read I should use CSS to achieve such result but I was > > wondering if there is any toolkit, library in PHP that would ease my > work. > > > > For example: > > I have a specific report I have to add a header to each page > > I have another one with tabular data that when the result is larger than > a > > page I should break the table and start at the next page so the table > > headers can be seen again... > > > > In both I'd need a way to decide/find out how many pages will be > necessary > > (given the size of the paper sheet) so I could generate the HTML > correctly. > > You did not mention the platform you want to print, nor if you want to > print on the client side or server side. > > If you want to print on the server side, you may want to take a look at > this IPP (Internet Printing Protocol) client class that can be used to > print HTML documents on Windows and Linux (with CUPS). > > http://www.phpclasses.org/printipp > > > -- > > Regards, > Manuel Lemos > > Metastorage - Data object relational mapping layer generator > http://www.metastorage.net/ > > PHP Classes - Free ready to use OOP components written in PHP > http://www.phpclasses.org/ >
--- End Message ---
--- Begin Message --- This is more of an HTML question than it has to do with PHP, and you sound like a noobie :)Only useful info I can give you is to use THEAD in tables to hold headers, browsers put that row first on every page when breaking large table on several pages.Boban. robert mena wrote:For example: I have a specific report I have to add a header to each page I have another one with tabular data that when the result is larger than a page I should break the table and start at the next page so the table headers can be seen again... In both I'd need a way to decide/find out how many pages will be necessary (given the size of the paper sheet) so I could generate the HTML correctly.-- Open source PHP code generator for DB operations http://sourceforge.net/projects/bfrcg/
--- End Message ---
--- Begin Message ---> I am currently migrating an application originally written with Delphi to > PHP. Everything is going fine except the printing of the reports that does > not produce the same visual result (i.e does not look the same or has some > aligmment issues). We generate all of our printed reports using FPDF (http://www.fpdf.org) to generate PDF files. Its very flexible, can do must of what you are aksing for, and unlike some alternatives, its free. PDFs are going to be the easiest way to get total control of the output.
--- End Message ---
--- Begin Message ---M. Sokolewicz wrote:Well, this is fine, if you know that the array will always be two levels, not one, not three, but two.List Manager wrote:jonathan wrote:I'd like to return the first key value in the following array such that England would return 1 rather than 3 which is the second key value. Any help would be greatly appreciated.$c[1][]="Vietnam"; $c[1][]="China"; $c[1][]="Thailand"; $c[1][]="England"; $c[2][]="USA"; $c[2][]="Japan"; print_r($c);// Array ( [1] => Array ( [0] => Vietnam [1] => China [2] => Thailand [3] => England ) [2] => Array ( [0] => USA [1] => Japan ) )foreach($c as $row) { echo array_search("England",$row); } // prints 3 -jonathan --PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.phpgive this a shot <?php function findIndexof($ar, $str) { foreach($ar AS $k => $v) { if ( is_array($v) ) { $val = findIndexof($v, $str); if( $val !== false ) { return $val; } } elseif ( strtolower($v) == strtolower($str) ) { return $k; } } return FALSE; } $c[1][] = "Vietnam"; $c[1][] = "China"; $c[1][] = "Thailand"; $c[1][] = "England"; $c[2][] = "USA"; $c[2][] = "Japan"; echo findIndexof($c, 'Vietnam'); ?> You should be able to search arrays of any depth Hope this woks for you. JimOr, a lot easier: foreach($c as $key=>$row) { if(false !== array_search("England",$row)) { echo $key; } }If this is the case, then fine.But, don't you think it would be nice to have a function that will work no matter what it is passed?Jim
--- End Message ---
--- Begin Message ---I have a project where I need to connect to a remote SQL Server and move data from their to my localy MySQL server. On the remote SQL Server, I only have access to a few views but need to get their data and move it to my local MySQL db. What is the best way to do this? I have freetds compiled and configured for php on my server and currently connect to the SQL Server, do my query and then loop through the result inserting into MySQL a row at a time but this just takes to long....is there a better way? Thanks!
--- End Message ---
--- Begin Message ---I have a project where I need to connect to a remote SQL Server and move data from their to my localy MySQL server. On the remote SQL Server, I only have access to a few views but need to get their data and move it to my local MySQL db. What is the best way to do this? I have freetds compiled and configured for php on my server and currently connect to the SQL Server, do my query and then loop through the result inserting into MySQL a row at a time but this just takes to long....is there a better way?Look at disabling indexes until the inserts are done. Also "insert delayed" or "insert ignored"... (don't remember the exact specifics). If it's innodb, wrap the inserts in a transaction and commit every 100 rows or so.Also, before spending too much time on it, you'll never get faster than you can query out of sqlserver... so if that's the bottleneck not much you can do about it.
--- End Message ---