php-general Digest 15 Feb 2009 15:45:00 -0000 Issue 5960
Topics (messages 288277 through 288281):
Re: Simple Search Logic Issue...
288277 by: David Robley
Re: for the security minded web developer - secure way to login?
288278 by: German Geek
288281 by: Michael A. Peters
Re: Sorting times (SOLVED)
288279 by: tedd
Re: Google Apps AuthSub = missing $_GET element
288280 by: Michael Kubler
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
revDAVE wrote:
> Newbie question...
>
>
> I have a search page with multi lines of search criteria:
>
> Name
> Topic
> Message
> Etc...
>
> I'm hoping to get results based on what criteria I type - but I'm not
> getting what I expect. I think it's just getting results where in addition
> to getting search criteria I type - ALSO none of the search fields can be
> blank (not what I hoped) ...
>
> Like I type just 'c' in the name field and it shows 3 records (other
> search fields filled up) ... But I have many more records with name
> containing 'c'
>
> Goal: to search for what I type in whatever search fields and not worry
> about whether others are blank or not - like:
>
> Name contains 'c'
>
> Charles
> Chuck
> Chuck
> Chas
>
> Or
>
> Name contains 'c' and topic contains 'test1'
>
> Maybe just charles fits this criteria
>
> ----------
>
>
> I made a simple results page,
>
> ... More code here ... ( DW CS3 )
>
> $name_list1 = "-1";
> if (isset($_GET['Name'])) {
> $name_list1 = $_GET['Name'];
> }
> $top_list1 = "-1";
> if (isset($_GET['Topic'])) {
> $top_list1 = $_GET['Topic'];
> }
> $mess_list1 = "-1";
> if (isset($_GET['Message'])) {
> $mess_list1 = $_GET['Message'];
> }
> mysql_select_db($database_test1, $test1);
> $query_list1 = sprintf("SELECT * FROM mytable WHERE Name LIKE %s and
> Message LIKE %s and Topic LIKE %s ORDER BY mytable.id desc",
> GetSQLValueString("%" . $name_list1 . "%", "text"),GetSQLValueString("%" .
> $mess_list1 . "%", "text"),GetSQLValueString("%" . $top_list1 . "%",
> "text"));
>
You do understand how LIKE works? You need to use wildcard characters if you
want to match other than the exact string you pass to it.
For example LIKE 'c' will only match a field that contains just 'c'
LIKE '%c' will match a field starting with 'c' and containing any number of
characters
LIKE '%c%' will match a field containing 'c' anywhere
If you are using that syntax, I'd suggest echoing your query to make sure
that it is as it should be; I'm wondering if you are actually enclosing
string values in single quotes in your query?
As for multiple selection criteria, you need to test whether the passed in
value is set or not, and only include set values in the query.
OT: sprintf syntax is so hard to read :-)
Cheers
--
David Robley
Make like a banana and split.
Today is Sweetmorn, the 46th day of Chaos in the YOLD 3175.
--- End Message ---
--- Begin Message ---
OK, i hear about this self signed certificate. Whenever i signed anything it
just came up with all these warnings in FF which confuses users and i think
is not good at all. Can someone paste a link in here to a website with a
self signed cert please? Would like to see if there are any warnings etc.
Thanks.
Tim
Tim-Hinnerk Heuer
http://www.ihostnz.com
Jay London - "My father would take me to the playground, and put me on mood
swings."
2009/2/15 Michael A. Peters <mpet...@mac.com>
> Sudheer wrote:
>
>> Michael A. Peters wrote:
>>
>>>
>>> Sites (like mine) that don't want to pay a certificate authority can use
>>> a self-signed cert. Even Red Hat does for some of their stuff (IE I believe
>>> their bugzilla server)
>>>
>>> Firefox scares its users when they encounter a website with self signed
>> certificate. If your website users aren't worried about the warning Firefox
>> throws at them, self signed cert works well.
>>
>>
>>
> Yeah it does, hopefully they fix it.
> What scares me is allowing sites I have no reason to trust as non malicious
> and have no reason to trust as properly secured against XSS injection to
> load scripts that execute on my machine.
>
> People who use Firefox may be scared by the absurd warning FireFox 3 uses
> (something I've complained about to them) - other than informing users of
> the issue and hoping some read it, not much I can do about that. Hopefully
> FireFox will fix the issue and do something like what opera does (except the
> cert for session if you just click OK, accept it permanently if you click
> the security tab and check a box first).
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
German Geek wrote:
OK, i hear about this self signed certificate. Whenever i signed anything it
just came up with all these warnings in FF which confuses users and i think
is not good at all. Can someone paste a link in here to a website with a
self signed cert please? Would like to see if there are any warnings etc.
Thanks.
There still are all the warnings.
There are some cheap (and free) CA's that FireFox recognizes so it still
is possible to use SSL and not have the firefox 3 warning hell, but
things like linksys routers are still problematic.
https://www.scientificlinux.org/
Demonstrates the problem in FireFox 3.
They use a self-signed cert.
--- End Message ---
--- Begin Message ---
At 9:31 PM -0600 2/14/09, Shawn McKenzie wrote:
Yeah, hif I had known that you wanted a function where you loop through
your array twice, that would have done it. Bravo.
Shawn:
I don't see another way. You go through the array converting string
to time (seconds), sort, and then convert back. You have to go
through the array more than once.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
Do you have magic quotes on?
Also, try a >*print_r($_SERVER);*
or even a >*var_dump($_GET);*
See what's actually in the arrays.
Michael Kubler
*G*rey *P*hoenix *P*roductions <http://www.greyphoenix.biz>
John Corry wrote:
I am completely baffled by this.
I have a PHP script that is using Cameron Hinkle's
LightweightPicasaAPIv3 to authenticate with the Google Picasa service
using the AuthSub method.
Basically, if we're not authenticated, redirect to the google authsub
URL:
(https://www.google.com/accounts/AuthSubRequest?next=http%3A%2F%2Ftwozerowest.com%2Fsnowdog%2520gallery%2Fadmin.php&scope=http%3A%2F%2Fpicasaweb.google.com%2Fdata%2Ffeed%2Fapi&session=1)
This page requests that the user either grant access or deny access.
Grant access takes us to the URL specified (my authentication script)
with a ?token=xxxxx added to the end of the URL.
This all works. We get back to my URL with ?token=xxxxx appended to
the URL.
That's when it starts getting weirder than anything I've seen in PHP:
My debugging output confirms that:
1. $_SERVER['request_method'] = GET
2. strlen($_GET['token']) = 0
3. $_GET - array()...but it's empty!
4. $_REQUEST[] contains no 'token' element
5. echo($_GET['token']) prints the value of ?token= from the URL
So WTF?
--- End Message ---
