php-general Digest 16 Sep 2010 20:43:10 -0000 Issue 6944
Topics (messages 308113 through 308138):
The session problems with a citrix terminal
308113 by: Carlos Medina
308114 by: Ashley Sheridan
Re: libmcrypt usage
308115 by: Nathan Rixham
308117 by: Gary
308118 by: Gary
308127 by: Nathan Rixham
Re: Sending Encrypted Email
308116 by: Nathan Rixham
Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
308119 by: Cheryl Sullivan
308120 by: Ashley Sheridan
308122 by: Cheryl Sullivan
308126 by: Tommy Pham
308128 by: Andrew Ballard
308129 by: Cheryl Sullivan
308130 by: Tommy Pham
308131 by: Peter Lind
308133 by: Cheryl Sullivan
308135 by: Cheryl Sullivan
308136 by: Andrew Ballard
308138 by: Peter Lind
Valid Xml not validate with xsd
308121 by: Alejandro Michelin Salomon
Duplicate session ids
308123 by: Vertebrac
Re: How to store data that doesn't change?
308124 by: tedd
timezone math problem.
308125 by: Paul Halliday
Re: Question about news.php.net
308132 by: MikeB
"Downgrading" HTML
308134 by: Matt Neimeyer
Re: Xpath arguments in variable
308137 by: David Harkness
Administrivia:
To subscribe to the digest, e-mail:
[email protected]
To unsubscribe from the digest, e-mail:
[email protected]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
Hi all,
i am looking for a solution (approaching) for the following problem:
My Application (PHP 5+, MySQL, Zend Framework) works fine. But unter the
citrix terminal server allow to all user to see the informations
(session data) of the last user. I think this is because all user of the
terminal (thin clients) are connected with the terminal and use the same
browser at all.
Please if you know a solution for this issue, i will be glad to read it :-)
Regards
Carlos
--- End Message ---
--- Begin Message ---
On Thu, 2010-09-16 at 14:08 +0200, Carlos Medina wrote:
> Hi all,
> i am looking for a solution (approaching) for the following problem:
>
> My Application (PHP 5+, MySQL, Zend Framework) works fine. But unter the
> citrix terminal server allow to all user to see the informations
> (session data) of the last user. I think this is because all user of the
> terminal (thin clients) are connected with the terminal and use the same
> browser at all.
>
> Please if you know a solution for this issue, i will be glad to read it :-)
>
> Regards
>
> Carlos
>
Under Citrix, all the applications are run from the web server, not on
your local computer, essentially making it like a glorified remote
desktop. However, what Citrix should be doing is allowing everyone to
have their own setup, so it should allow the sessions to work correctly
as far as I understand it, unless Citrix has been configured badly. I
assume every user has their own distinct login into Citrix yeah?
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
Gary wrote:
Can anyone tell me what the equivalent to the following command line
usage of openssl is, in php using the mcrypt_* functions, please:
,----
| openssl enc -e -aes-256-cbc -k <some key> ...
`----
TIA.
I tried
,----
| $iv = mcrypt_create_iv(mcrypt_get_block_size(MCRYPT_RIJNDAEL_256,
| MCRYPT_MODE_CBC),
| MCRYPT_DEV_RANDOM);
| $encryptedData = mcrypt_cbc(MCRYPT_RIJNDAEL_256
| ,$passphrase
| ,$data
| ,MCRYPT_ENCRYPT
| ,$iv);
`----
use MCRYPT_RIJNDAEL_128
use an iv that's 32 bytes long (not 16)
--- End Message ---
--- Begin Message ---
Gary wrote:
> Can anyone tell me what the equivalent to the following command line
> usage of openssl is, in php using the mcrypt_* functions, please:
Nobody? :(
I feel so... alone.
--
Gary Please do NOT send me 'courtesy' replies off-list.
PHP 5.2.12 (cli) (built: Jan 14 2010 14:54:11)
1.7.7(0.230/5/3) 2010-08-31 09:58 Cygwin
--- End Message ---
--- Begin Message ---
Nathan Rixham wrote:
> Gary wrote:
>> Can anyone tell me what the equivalent to the following command line
>> usage of openssl is, in php using the mcrypt_* functions, please:
>> ,----
>> | openssl enc -e -aes-256-cbc -k <some key> ...
>> `----
>>
>> TIA.
>>
>> I tried
>> ,----
>> | $iv = mcrypt_create_iv(mcrypt_get_block_size(MCRYPT_RIJNDAEL_256,
>> | MCRYPT_MODE_CBC),
>> | MCRYPT_DEV_RANDOM);
>> | $encryptedData = mcrypt_cbc(MCRYPT_RIJNDAEL_256
>> | ,$passphrase
>> | ,$data
>> | ,MCRYPT_ENCRYPT
>> | ,$iv);
>> `----
>
> use MCRYPT_RIJNDAEL_128
Err.. why, if you don't mind me asking?
--
Gary Please do NOT send me 'courtesy' replies off-list.
PHP 5.2.12 (cli) (built: Jan 14 2010 14:54:11)
1.7.7(0.230/5/3) 2010-08-31 09:58 Cygwin
--- End Message ---
--- Begin Message ---
Gary wrote:
Nathan Rixham wrote:
Gary wrote:
Can anyone tell me what the equivalent to the following command line
usage of openssl is, in php using the mcrypt_* functions, please:
,----
| openssl enc -e -aes-256-cbc -k <some key> ...
`----
TIA.
I tried
,----
| $iv = mcrypt_create_iv(mcrypt_get_block_size(MCRYPT_RIJNDAEL_256,
| MCRYPT_MODE_CBC),
| MCRYPT_DEV_RANDOM);
| $encryptedData = mcrypt_cbc(MCRYPT_RIJNDAEL_256
| ,$passphrase
| ,$data
| ,MCRYPT_ENCRYPT
| ,$iv);
`----
use MCRYPT_RIJNDAEL_128
Err.. why, if you don't mind me asking?
because MCRYPT_RIJNDAEL_128 is the implementation of AES and if you use
a 16 bit key you get AES 128, a 32 bit key and you get AES 256 :)
after a quick google for "php aes 256", I'd point you to this:
http://www.chilkatsoft.com/p/php_aes.asp
which explains all
--- End Message ---
--- Begin Message ---
Floyd Resler wrote:
I need to send encrypted email. Can I use our server's signed certificate we
use for Apache?
Yes you can use the servers certificate, you can use any x509
certificate you like - however, I'd recommend checking out startssl.org
who will give you a free smime certificate.
note:
Each certificate has codes embedded which state for what you can use
said certificate, although it's technically possible to use almost any
certificate for anything, it's best to use one which has the correct
flags set.
Best,
Nathan
--- End Message ---
--- Begin Message ---
Hi there – I’m new to this news group. Any help with this is appreciated –
When I populate session vars from a MYSQL query, they are still there when I
change pages. If I populate them from an MSSQL query, they drop.
It doesn't matter if I get to the next page using a header redirect or a form
submit. I have two session vars I'm loading from a MYSQL query and they
remain, the two loaded from MSSQL disappear.
I have confirmed that all four session vars are loading ok initially and I can
echo them out to the page, but when the application moves to the next page via
redirect or form submit, the two vars loaded from MSSQL are empty.
Any ideas?
Cheryl L. Sullivan
Interface Analyst / Web Developer
Sacred Heart Hospital (www.shh.org)
421 Chew Street • Allentown, PA 18102
Office: 610-776-4784 • Cell: 484-544-2416
Please consider the environment before printing this e-mail
Notice: This communication, including attachments, may contain information that
is confidential and protected. It constitutes non-public information intended
to be conveyed only to the designated recipient(s). If you believe that you
have received this communication in error, please notify the sender immediately
by return e-mail and promptly delete this e-mail, including attachments without
reading or saving them in any manner. The unauthorized use, dissemination,
distribution, or reproduction of this e-mail, including attachments, is
prohibited and may be unlawful. Thank you.
--- End Message ---
--- Begin Message ---
On Thu, 2010-09-16 at 10:11 -0400, Cheryl Sullivan wrote:
> Hi there – I’m new to this news group. Any help with this is appreciated –
>
> When I populate session vars from a MYSQL query, they are still there when I
> change pages. If I populate them from an MSSQL query, they drop.
>
> It doesn't matter if I get to the next page using a header redirect or a form
> submit. I have two session vars I'm loading from a MYSQL query and they
> remain, the two loaded from MSSQL disappear.
>
> I have confirmed that all four session vars are loading ok initially and I
> can echo them out to the page, but when the application moves to the next
> page via redirect or form submit, the two vars loaded from MSSQL are empty.
>
> Any ideas?
>
>
> Cheryl L. Sullivan
> Interface Analyst / Web Developer
>
> Sacred Heart Hospital (www.shh.org)
> 421 Chew Street • Allentown, PA 18102
> Office: 610-776-4784 • Cell: 484-544-2416
> Please consider the environment before printing this e-mail
>
>
>
> Notice: This communication, including attachments, may contain information
> that is confidential and protected. It constitutes non-public information
> intended to be conveyed only to the designated recipient(s). If you believe
> that you have received this communication in error, please notify the sender
> immediately by return e-mail and promptly delete this e-mail, including
> attachments without reading or saving them in any manner. The unauthorized
> use, dissemination, distribution, or reproduction of this e-mail, including
> attachments, is prohibited and may be unlawful. Thank you.
>
>
There should be no difference. Can we see some examples of the MySQL and
the MSSQL code to see what you're doing differently?
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
Absolutely -
This is from the first page
<?php
$_SESSION['UserLastName'] = strtolower(trim($_POST['txtLastName']));
$_SESSION['BadgeID'] = trim($_POST['txtBadgeID']);
//access MS SQL Server database
$q1 = "select * from emps where emp_last =
'".$_SESSION['UserLastName']."' and emp_badge =
'".$_SESSION['BadgeID']."'";
$rs_emp_info = hitMSSQL($q1,"xxxx_sql","database","table","password",1);
$_SESSION['SSN'] = $rs_emp_info->fields("emp_ssn");
$_SESSION['CostCenter'] = $rs_emp_info->fields("emp_costcenter");
//access mySQL database
$cnx = mysql_connect("localhost","userID","password");
$db = mysql_select_db("database_name");
$q1 = "select * from tblmainempreport where empUUID =
'sdfsfs920090528131'";
$result = mysql_query($q1);
$recArray = mysql_fetch_array($result);
$_SESSION['empFName'] = $recArray['EmpFName'];
?>
When I echo all five $_SESSION vars from here, they are all populated.
Then I can either redirect or form post to the next page. In either
case, the $_SESSION vars populated from SQL Server ( the SSN and Cost
Center vars) are blank when I echo them on the destination page.
________________________________
From: Ashley Sheridan [mailto:[email protected]]
Sent: Thursday, September 16, 2010 10:14 AM
To: Cheryl Sullivan
Cc: [email protected]
Subject: Re: [PHP] Session Vars loaded from MSSQL Query drop, those
loaded from MYSQL Query stick
On Thu, 2010-09-16 at 10:11 -0400, Cheryl Sullivan wrote:
Hi there - I'm new to this news group. Any help with this is
appreciated -
When I populate session vars from a MYSQL query, they are still there
when I change pages. If I populate them from an MSSQL query, they drop.
It doesn't matter if I get to the next page using a header redirect or a
form submit. I have two session vars I'm loading from a MYSQL query and
they remain, the two loaded from MSSQL disappear.
I have confirmed that all four session vars are loading ok initially and
I can echo them out to the page, but when the application moves to the
next page via redirect or form submit, the two vars loaded from MSSQL
are empty.
Any ideas?
Cheryl L. Sullivan
Interface Analyst / Web Developer
Sacred Heart Hospital (www.shh.org)
421 Chew Street * Allentown, PA 18102
Office: 610-776-4784 * Cell: 484-544-2416
P Please consider the environment before printing this e-mail
Notice: This communication, including attachments, may contain
information that is confidential and protected. It constitutes
non-public information intended to be conveyed only to the designated
recipient(s). If you believe that you have received this communication
in error, please notify the sender immediately by return e-mail and
promptly delete this e-mail, including attachments without reading or
saving them in any manner. The unauthorized use, dissemination,
distribution, or reproduction of this e-mail, including attachments, is
prohibited and may be unlawful. Thank you.
There should be no difference. Can we see some examples of the MySQL and
the MSSQL code to see what you're doing differently?
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
> -----Original Message-----
> From: Cheryl Sullivan [mailto:[email protected]]
> Sent: Thursday, September 16, 2010 7:12 AM
> To: [email protected]
> Subject: [PHP] Session Vars loaded from MSSQL Query drop, those loaded
> from MYSQL Query stick
>
> Hi there – I’m new to this news group. Any help with this is appreciated –
>
> When I populate session vars from a MYSQL query, they are still there when
> I change pages. If I populate them from an MSSQL query, they drop.
>
> It doesn't matter if I get to the next page using a header redirect or a form
> submit. I have two session vars I'm loading from a MYSQL query and they
> remain, the two loaded from MSSQL disappear.
>
What SQL Server version? What PHP extension are you using? MSSQL? sqlsrv?
Regards,
Tommy
> I have confirmed that all four session vars are loading ok initially and I can
> echo them out to the page, but when the application moves to the next
> page via redirect or form submit, the two vars loaded from MSSQL are
> empty.
>
> Any ideas?
>
>
> Cheryl L. Sullivan
> Interface Analyst / Web Developer
>
> Sacred Heart Hospital (www.shh.org)
> 421 Chew Street • Allentown, PA 18102
> Office: 610-776-4784 • Cell: 484-544-2416 P Please consider the environment
> before printing this e-mail
>
>
>
> Notice: This communication, including attachments, may contain
> information that is confidential and protected. It constitutes non-public
> information intended to be conveyed only to the designated recipient(s). If
> you believe that you have received this communication in error, please
> notify the sender immediately by return e-mail and promptly delete this e-
> mail, including attachments without reading or saving them in any manner.
> The unauthorized use, dissemination, distribution, or reproduction of this
> e-mail, including attachments, is prohibited and may be unlawful. Thank
> you.
--- End Message ---
--- Begin Message ---
On Thu, Sep 16, 2010 at 10:26 AM, Cheryl Sullivan <[email protected]> wrote:
> Absolutely -
>
> This is from the first page
>
> <?php
>
> $_SESSION['UserLastName'] = strtolower(trim($_POST['txtLastName']));
>
> $_SESSION['BadgeID'] = trim($_POST['txtBadgeID']);
>
> //access MS SQL Server database
>
> $q1 = "select * from emps where emp_last =
> '".$_SESSION['UserLastName']."' and emp_badge =
> '".$_SESSION['BadgeID']."'";
>
> $rs_emp_info = hitMSSQL($q1,"xxxx_sql","database","table","password",1);
>
> $_SESSION['SSN'] = $rs_emp_info->fields("emp_ssn");
>
> $_SESSION['CostCenter'] = $rs_emp_info->fields("emp_costcenter");
>
> //access mySQL database
>
> $cnx = mysql_connect("localhost","userID","password");
>
> $db = mysql_select_db("database_name");
>
> $q1 = "select * from tblmainempreport where empUUID =
> 'sdfsfs920090528131'";
>
> $result = mysql_query($q1);
>
> $recArray = mysql_fetch_array($result);
>
> $_SESSION['empFName'] = $recArray['EmpFName'];
>
> ?>
>
>
>
> When I echo all five $_SESSION vars from here, they are all populated.
> Then I can either redirect or form post to the next page. In either
> case, the $_SESSION vars populated from SQL Server ( the SSN and Cost
> Center vars) are blank when I echo them on the destination page.
The fact that you can echo the $_SESSION information on the same page
and they contain the correct values suggest to me that the issue of
MySQL/MSSQL is a red herring. I would look into things like the value
for register_globals to make sure you don't have a global variable
stepping on some of your session variables.
Andrew
--- End Message ---
--- Begin Message ---
SQL Server 8.00.818 - SP3 (Enterprise Edition)
Unfortunately I am fairly new to PHP and my boss just went home sick for
the day, so I don't know how to answer the question about the extension.
Can you tell me where I can find that?
-----Original Message-----
From: Tommy Pham [mailto:[email protected]]
Sent: Thursday, September 16, 2010 11:00 AM
To: [email protected]
Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those
loaded from MYSQL Query stick
> -----Original Message-----
> From: Cheryl Sullivan [mailto:[email protected]]
> Sent: Thursday, September 16, 2010 7:12 AM
> To: [email protected]
> Subject: [PHP] Session Vars loaded from MSSQL Query drop, those loaded
> from MYSQL Query stick
>
> Hi there - I'm new to this news group. Any help with this is
appreciated -
>
> When I populate session vars from a MYSQL query, they are still there
when
> I change pages. If I populate them from an MSSQL query, they drop.
>
> It doesn't matter if I get to the next page using a header redirect or
a form
> submit. I have two session vars I'm loading from a MYSQL query and
they
> remain, the two loaded from MSSQL disappear.
>
What SQL Server version? What PHP extension are you using? MSSQL?
sqlsrv?
Regards,
Tommy
> I have confirmed that all four session vars are loading ok initially
and I can
> echo them out to the page, but when the application moves to the next
> page via redirect or form submit, the two vars loaded from MSSQL are
> empty.
>
> Any ideas?
>
>
> Cheryl L. Sullivan
> Interface Analyst / Web Developer
>
> Sacred Heart Hospital (www.shh.org)
> 421 Chew Street * Allentown, PA 18102
> Office: 610-776-4784 * Cell: 484-544-2416 P Please consider the
environment
> before printing this e-mail
>
>
>
> Notice: This communication, including attachments, may contain
> information that is confidential and protected. It constitutes
non-public
> information intended to be conveyed only to the designated
recipient(s). If
> you believe that you have received this communication in error, please
> notify the sender immediately by return e-mail and promptly delete
this e-
> mail, including attachments without reading or saving them in any
manner.
> The unauthorized use, dissemination, distribution, or reproduction of
this
> e-mail, including attachments, is prohibited and may be unlawful.
Thank
> you.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Notice: This communication, including attachments, may contain information that
is confidential and protected. It constitutes non-public information intended
to be conveyed only to the designated recipient(s). If you believe that you
have received this communication in error, please notify the sender immediately
by return e-mail and promptly delete this e-mail, including attachments without
reading or saving them in any manner. The unauthorized use, dissemination,
distribution, or reproduction of this e-mail, including attachments, is
prohibited and may be unlawful. Thank you.
--- End Message ---
--- Begin Message ---
> -----Original Message-----
> From: Cheryl Sullivan [mailto:[email protected]]
> Sent: Thursday, September 16, 2010 8:33 AM
> To: Tommy Pham; [email protected]
> Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those
> loaded from MYSQL Query stick
>
> SQL Server 8.00.818 - SP3 (Enterprise Edition)
>
8? I think that's SQL 2000. If that's the case, you're 1 service pack
behind. The latest service pack for SQL 2000 is 4.
> Unfortunately I am fairly new to PHP and my boss just went home sick for
> the day, so I don't know how to answer the question about the extension.
> Can you tell me where I can find that?
>
phpinfo(); will give all the information pertaining to your PHP
environment.
Regards,
Tommy
> -----Original Message-----
> From: Tommy Pham [mailto:[email protected]]
> Sent: Thursday, September 16, 2010 11:00 AM
> To: [email protected]
> Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those
> loaded from MYSQL Query stick
>
> > -----Original Message-----
> > From: Cheryl Sullivan [mailto:[email protected]]
> > Sent: Thursday, September 16, 2010 7:12 AM
> > To: [email protected]
> > Subject: [PHP] Session Vars loaded from MSSQL Query drop, those loaded
> > from MYSQL Query stick
> >
> > Hi there - I'm new to this news group. Any help with this is
> appreciated -
> >
> > When I populate session vars from a MYSQL query, they are still there
> when
> > I change pages. If I populate them from an MSSQL query, they drop.
> >
> > It doesn't matter if I get to the next page using a header redirect or
> a form
> > submit. I have two session vars I'm loading from a MYSQL query and
> they
> > remain, the two loaded from MSSQL disappear.
> >
>
> What SQL Server version? What PHP extension are you using? MSSQL?
> sqlsrv?
>
> Regards,
> Tommy
>
> > I have confirmed that all four session vars are loading ok initially
> and I can
> > echo them out to the page, but when the application moves to the next
> > page via redirect or form submit, the two vars loaded from MSSQL are
> > empty.
> >
> > Any ideas?
> >
> >
> > Cheryl L. Sullivan
> > Interface Analyst / Web Developer
> >
> > Sacred Heart Hospital (www.shh.org)
> > 421 Chew Street * Allentown, PA 18102
> > Office: 610-776-4784 * Cell: 484-544-2416 P Please consider the
> environment
> > before printing this e-mail
> >
> >
> >
> > Notice: This communication, including attachments, may contain
> > information that is confidential and protected. It constitutes
> non-public
> > information intended to be conveyed only to the designated
> recipient(s). If
> > you believe that you have received this communication in error, please
> > notify the sender immediately by return e-mail and promptly delete
> this e-
> > mail, including attachments without reading or saving them in any
> manner.
> > The unauthorized use, dissemination, distribution, or reproduction of
> this
> > e-mail, including attachments, is prohibited and may be unlawful.
> Thank
> > you.
>
>
> --
> PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
> http://www.php.net/unsub.php
>
>
> Notice: This communication, including attachments, may contain
> information that is confidential and protected. It constitutes non-public
> information intended to be conveyed only to the designated recipient(s).
If
> you believe that you have received this communication in error, please
> notify the sender immediately by return e-mail and promptly delete this e-
> mail, including attachments without reading or saving them in any manner.
> The unauthorized use, dissemination, distribution, or reproduction of this
> e-mail, including attachments, is prohibited and may be unlawful. Thank
> you.
--- End Message ---
--- Begin Message ---
On 16 September 2010 16:26, Cheryl Sullivan <[email protected]> wrote:
> Absolutely -
>
>
>
> This is from the first page
>
>
>
> <?php
>
> $_SESSION['UserLastName'] = strtolower(trim($_POST['txtLastName']));
>
> $_SESSION['BadgeID'] = trim($_POST['txtBadgeID']);
>
>
>
> //access MS SQL Server database
>
> $q1 = "select * from emps where emp_last =
> '".$_SESSION['UserLastName']."' and emp_badge =
> '".$_SESSION['BadgeID']."'";
>
> $rs_emp_info = hitMSSQL($q1,"xxxx_sql","database","table","password",1);
>
> $_SESSION['SSN'] = $rs_emp_info->fields("emp_ssn");
>
> $_SESSION['CostCenter'] = $rs_emp_info->fields("emp_costcenter");
>
You're sticking values from $_POST into an SQL query without
sanitizing them first. That spells out SQL INJECTION VULNERABILITY.
Regards
Peter
--
<hype>
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
BeWelcome/Couchsurfing: Fake51
Twitter: http://twitter.com/kafe15
</hype>
--- End Message ---
--- Begin Message ---
We are actually running the query through a function that removes single
ticks, etc to avoid this, but I didn't think that was relevant to the
question so I didn't include it. Thanks, though!
-----Original Message-----
From: Peter Lind [mailto:[email protected]]
Sent: Thursday, September 16, 2010 12:03 PM
To: Cheryl Sullivan
Cc: [email protected]; [email protected]
Subject: Re: [PHP] Session Vars loaded from MSSQL Query drop, those
loaded from MYSQL Query stick
On 16 September 2010 16:26, Cheryl Sullivan <[email protected]> wrote:
> Absolutely -
>
>
>
> This is from the first page
>
>
>
> <?php
>
> $_SESSION['UserLastName'] = strtolower(trim($_POST['txtLastName']));
>
> $_SESSION['BadgeID'] = trim($_POST['txtBadgeID']);
>
>
>
> //access MS SQL Server database
>
> $q1 = "select * from emps where emp_last =
> '".$_SESSION['UserLastName']."' and emp_badge =
> '".$_SESSION['BadgeID']."'";
>
> $rs_emp_info =
hitMSSQL($q1,"xxxx_sql","database","table","password",1);
>
> $_SESSION['SSN'] = $rs_emp_info->fields("emp_ssn");
>
> $_SESSION['CostCenter'] = $rs_emp_info->fields("emp_costcenter");
>
You're sticking values from $_POST into an SQL query without
sanitizing them first. That spells out SQL INJECTION VULNERABILITY.
Regards
Peter
--
<hype>
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
BeWelcome/Couchsurfing: Fake51
Twitter: http://twitter.com/kafe15
</hype>
Notice: This communication, including attachments, may contain information that
is confidential and protected. It constitutes non-public information intended
to be conveyed only to the designated recipient(s). If you believe that you
have received this communication in error, please notify the sender immediately
by return e-mail and promptly delete this e-mail, including attachments without
reading or saving them in any manner. The unauthorized use, dissemination,
distribution, or reproduction of this e-mail, including attachments, is
prohibited and may be unlawful. Thank you.
--- End Message ---
--- Begin Message ---
Tommy - I ran phpinfo() but I don't see anything in it referencing
MSSQL or SQLSRV. I have included all the references to "sql" I see
below, but the only references I see to databases are to mySQL and
SQLLite. Unfortunately I don't have any control over how service-packed
the database server is. Is there something in SP 4 for SQL Server 2000
that is supposed to fix the issue I'm having, I may be able to plead my
case for getting the latest SP. Is this the case, do you know?
mysql
MySQL Support enabled
Active Persistent Links 0
Active Links 0
Client API version mysqlnd 5.0.5-dev - 081106 - $Revision: 1.3.2.27 $
Persistent cache enabled
put_hits 0
put_misses 0
get_hits 0
get_misses 0
size 2000
free_items 2000
references 2
Directive Local Value Master Value
mysql.allow_local_infile On On
mysql.allow_persistent On On
mysql.cache_size 2000 2000
mysql.connect_timeout 60 60
mysql.default_host no value no value
mysql.default_password no value no value
mysql.default_port no value no value
mysql.default_socket no value no value
mysql.default_user no value no value
mysql.max_links Unlimited Unlimited
mysql.max_persistent Unlimited Unlimited
mysql.trace_mode Off Off
mysqli
MysqlI Support enabled
Client API library version mysqlnd 5.0.5-dev - 081106 - $Revision:
1.3.2.27 $
Active Persistent Links 0
Inactive Persistent Links 0
Active Links 0
Persistent cache enabled
put_hits 0
put_misses 0
get_hits 0
get_misses 0
size 2000
free_items 2000
references 2
Directive Local Value Master Value
mysqli.allow_local_infile On On
mysqli.allow_persistent On On
mysqli.cache_size 2000 2000
mysqli.default_host no value no value
mysqli.default_port 3306 3306
mysqli.default_pw no value no value
mysqli.default_socket no value no value
mysqli.default_user no value no value
mysqli.max_links Unlimited Unlimited
mysqli.max_persistent Unlimited Unlimited
mysqli.reconnect Off Off
mysqlnd
mysqlnd enabled
Version mysqlnd 5.0.5-dev - 081106 - $Revision: 1.3.2.27 $
Command buffer size 2048
Read buffer size 32768
Collecting statistics Yes
Collecting memory statistics Yes
PDO
PDO support enabled
PDO drivers mysql, sqlite
pdo_mysql
PDO Driver for MySQL enabled
Client API version mysqlnd 5.0.5-dev - 081106 - $Revision: 1.3.2.27 $
Persistent cache enabled
put_hits 0
put_misses 0
get_hits 0
get_misses 0
size 2000
free_items 2000
references 2
Directive Local Value Master Value
pdo_mysql.cache_size 2000 2000
pdo_sqlite
PDO Driver for SQLite 3.x enabled
SQLite Library 3.6.15
-----Original Message-----
From: Tommy Pham [mailto:[email protected]]
Sent: Thursday, September 16, 2010 11:39 AM
To: [email protected]
Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those
loaded from MYSQL Query stick
> -----Original Message-----
> From: Cheryl Sullivan [mailto:[email protected]]
> Sent: Thursday, September 16, 2010 8:33 AM
> To: Tommy Pham; [email protected]
> Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those
> loaded from MYSQL Query stick
>
> SQL Server 8.00.818 - SP3 (Enterprise Edition)
>
8? I think that's SQL 2000. If that's the case, you're 1 service pack
behind. The latest service pack for SQL 2000 is 4.
> Unfortunately I am fairly new to PHP and my boss just went home sick
for
> the day, so I don't know how to answer the question about the
extension.
> Can you tell me where I can find that?
>
phpinfo(); will give all the information pertaining to your PHP
environment.
Regards,
Tommy
> -----Original Message-----
> From: Tommy Pham [mailto:[email protected]]
> Sent: Thursday, September 16, 2010 11:00 AM
> To: [email protected]
> Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those
> loaded from MYSQL Query stick
>
> > -----Original Message-----
> > From: Cheryl Sullivan [mailto:[email protected]]
> > Sent: Thursday, September 16, 2010 7:12 AM
> > To: [email protected]
> > Subject: [PHP] Session Vars loaded from MSSQL Query drop, those
loaded
> > from MYSQL Query stick
> >
> > Hi there - I'm new to this news group. Any help with this is
> appreciated -
> >
> > When I populate session vars from a MYSQL query, they are still
there
> when
> > I change pages. If I populate them from an MSSQL query, they drop.
> >
> > It doesn't matter if I get to the next page using a header redirect
or
> a form
> > submit. I have two session vars I'm loading from a MYSQL query and
> they
> > remain, the two loaded from MSSQL disappear.
> >
>
> What SQL Server version? What PHP extension are you using? MSSQL?
> sqlsrv?
>
> Regards,
> Tommy
>
> > I have confirmed that all four session vars are loading ok initially
> and I can
> > echo them out to the page, but when the application moves to the
next
> > page via redirect or form submit, the two vars loaded from MSSQL are
> > empty.
> >
> > Any ideas?
> >
> >
> > Cheryl L. Sullivan
> > Interface Analyst / Web Developer
> >
> > Sacred Heart Hospital (www.shh.org)
> > 421 Chew Street * Allentown, PA 18102
> > Office: 610-776-4784 * Cell: 484-544-2416 P Please consider the
> environment
> > before printing this e-mail
> >
> >
> >
> > Notice: This communication, including attachments, may contain
> > information that is confidential and protected. It constitutes
> non-public
> > information intended to be conveyed only to the designated
> recipient(s). If
> > you believe that you have received this communication in error,
please
> > notify the sender immediately by return e-mail and promptly delete
> this e-
> > mail, including attachments without reading or saving them in any
> manner.
> > The unauthorized use, dissemination, distribution, or reproduction
of
> this
> > e-mail, including attachments, is prohibited and may be unlawful.
> Thank
> > you.
>
>
> --
> PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
> http://www.php.net/unsub.php
>
>
> Notice: This communication, including attachments, may contain
> information that is confidential and protected. It constitutes
non-public
> information intended to be conveyed only to the designated
recipient(s).
If
> you believe that you have received this communication in error, please
> notify the sender immediately by return e-mail and promptly delete
this e-
> mail, including attachments without reading or saving them in any
manner.
> The unauthorized use, dissemination, distribution, or reproduction of
this
> e-mail, including attachments, is prohibited and may be unlawful.
Thank
> you.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
On Thu, Sep 16, 2010 at 10:26 AM, Cheryl Sullivan <[email protected]> wrote:
[snip]
> When I echo all five $_SESSION vars from here, they are all populated.
> Then I can either redirect or form post to the next page. In either
> case, the $_SESSION vars populated from SQL Server ( the SSN and Cost
> Center vars) are blank when I echo them on the destination page.
On Thu, Sep 16, 2010 at 2:12 PM, Cheryl Sullivan <[email protected]> wrote:
> Tommy - I ran phpinfo() but I don't see anything in it referencing
> MSSQL or SQLSRV. I have included all the references to "sql" I see
> below, but the only references I see to databases are to mySQL and
> SQLLite. Unfortunately I don't have any control over how service-packed
> the database server is. Is there something in SP 4 for SQL Server 2000
> that is supposed to fix the issue I'm having, I may be able to plead my
> case for getting the latest SP. Is this the case, do you know?
>
[snip]
Again, I ask - based on what you said earlier - are you sure this is
even a database issue? You said that when you echo the values in your
$_SESSION array AFTER reading them from the database they are there,
and you only lose them on the next request after either a redirect or
a manual form POST. If the values are getting into $_SESSION correctly
within this page, your issue is not related to the database at all.
Am I misunderstanding you?
Andrew
--- End Message ---
--- Begin Message ---
On 16 September 2010 20:03, Cheryl Sullivan <[email protected]> wrote:
> We are actually running the query through a function that removes single
> ticks, etc to avoid this, but I didn't think that was relevant to the
> question so I didn't include it. Thanks, though!
You're the one with the problem you don't understand, which means you
don't get to make decisions as what is or is not relevant. Rather: you
have no idea what seems relevant to us trying to pinpoint the error.
That said, if - like Andrew points out - you see the values directly
after storing them, then the problem is not database related. What
exactly happens between the two pages and on the second page?
Regards
Peter
--
<hype>
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
BeWelcome/Couchsurfing: Fake51
Twitter: http://twitter.com/kafe15
</hype>
--- End Message ---
--- Begin Message ---
Hi:
I am working with a xml document that is validate with a schema.
Within php the xml does not validate, but if i use a external validator the
same xml validates with no problems.
My Php is now 5.2.14, but i test with 5.3.1 and the same problem.
I create a small program as example:
libxml_use_internal_errors(true);
$xDocXml = 'test-file.xml'; // xml
$xmldoc = new DOMDocument();
$bErro = $xmldoc->load( $xDocXml ); // loads xml
if ( $bErro )
{
$return = $xmldoc->schemaValidate( 'nfe_v2.00.xsd' );
if ( !$return )
{
$aErros = libxml_get_errors();
$sErro = '';
foreach ( $aErros as $oErro )
{
switch ( $oErro->level )
{
case LIBXML_ERR_WARNING:
$sErrosErro .= ' Atenção ' . $oErro->code . ": \n";
break;
case LIBXML_ERR_ERROR:
$sErro .= ' Erro ' . $oErro->code . ": \n";
break;
case LIBXML_ERR_FATAL:
$sErro .= ' Erro Fatal ' . $oErro->code . ": \n";
break;
}
$sErro .= '--------------------------------------------' . "\n";
$sErro .= $oErro->message;
$sErro .= ' Line: ' . $oErro->line . "\n";
$sErro .= ' Column: ' . $oErro->column . "\n";
$sErro .= ' Level: ' . $oErro->level . "\n";
}
echo '<pre>';
echo $sErro;
echo '</pre>';
} else
echo 'VALID!!!!';
}
Result a this moment:
Erro 1839:
--------------------------------------------
Element '{http://www.portalfiscal.inf.br/nfe}IE': [facet 'pattern'] The
value '' is not accepted by the pattern 'ISENTO|[0-9]{0,14}'.
Line: 59
Column: 0
Level: 2
Erro 1824:
--------------------------------------------
Element '{http://www.portalfiscal.inf.br/nfe}IE': '' is not a valid value of
the atomic type '{http://www.portalfiscal.inf.br/nfe}TIeDest'.
Line: 59
Column: 0
Level: 2
This is the rule that fails :
<xs:simpleType name="TIeDest">
<xs:annotation>
<xs:documentation>Tipo Inscrição Estadual do
Destinatário</xs:documentation>
</xs:annotation>
<xs:restriction base="xs:string">
<xs:whiteSpace value="preserve"/>
<xs:pattern value="ISENTO|[0-9]{0,14}"/>
</xs:restriction>
</xs:simpleType>
In the xml file the line 59 has : <IE></IE>
The pattern for this tag is : <xs:pattern value="ISENTO|[0-9]{0,14}"/>
When i change this <xs:pattern value="ISENTO|[0-9]{0,14}"/> to <xs:pattern
value="[0-9]{0,14}|ISENTO"/> work ok, buts each document that has
<IE>ISENTO</IE> fails validation.
I attached a small rar file with the test case.
How to change the pattern to meets the requirements: or value ISENTO ou
number [0-9]{0,14} or empty ?
Thanks in advance
Alejandro M.S.
--- End Message ---
--- Begin Message ---
Hi all!!
I have a server running:
Debian Lenny
Apache/2.2.9 (Debian) DAV/2 SVN/1.5.1
PHP/5.2.6-1+lenny9 with Suhosin-Patch
Clients connect to the system using firefox browser (all of them), and
some of them have cloned machines (win 7 - Norton Ghost). I mention
this in case that the session id generation process uses some kind of
seed coming from the computer itself, i have looked into the C code of
php and i couldn't find any clue that confirms this thought, but just
in case.
We use an intranet system over a medium lan (about 200 hosts)
The problem that we are experiencing right now, is that, randomly,
session id's are duplicated between 2 hosts.
We tried to increase the entropy by adding /var/urandom to the
session.entropy_file, upgraded our apache and php to this actual
version, and the problem just keeps existing.
We set up a workaround to just kick off the user if the session they
try to use is already in use by another computer, but the users tend
to lose everything that they've been working on (because of that
workaround).
Anyone of you have experienced a problem similar to this one?
--- End Message ---
--- Begin Message ---
At 8:46 AM -0400 9/15/10, Peter van der Does wrote:
Hi,
How do you people store data that doesn't change, an example of this
would be the version number of your software. You might want to use it
through out your program but how to you store it?
As far as I can see there are several options to use this data.
1. Global Variable
2. Store it in a registry class
3. Store it in a named constant.
4. Use a function that will return the data (kind of like a regsitry
class but it's not a class)
Personally I don't like option 1 but what about the other options. Is
any of them faster then the others. What other pros and cons are there.
Make it's a Constant -- it's simply a Global that doesn't change.
I typically hold such things in a global configuration file that can
be included when needed.
Cheers,
tedd
--
-------
http://sperling.com/
--- End Message ---
--- Begin Message ---
I have the following:
#!/usr/local/bin/php
<?php
$offset = date("Z");
$sDate = '2010-09-16';
$sTime = '00:00:00';
$eDate = '2010-09-17';
$eTime = '00:00:00';
$tmpStart0 = date("$sDate $sTime");
$tmpEnd0 = date("$eDate $eTime");
$startDate = date("Y-m-d H:i:s",strtotime($tmpStart0 . "-" . "$offset
seconds"));
$endDate = date("Y-m-d H:i:s",strtotime($tmpEnd0 . "-" . "$offset seconds"));
$when = "timestamp BETWEEN \"$startDate\" AND \"$endDate\"";
echo "\n$offset\n$when\n\n";
?>
Which returns:
machine1 (AST) PHP 5.2.6:
-10800
timestamp BETWEEN "2010-09-16 03:00:00" AND "2010-09-17 03:00:00"
machine2 (MST) PHP 5.1.6:
-21600
timestamp BETWEEN "1969-12-31 17:00:00" AND "1969-12-31 17:00:00"
Aside from upgrading the second box, is there some other logic that is wrong?
Thanks.
--
Paul Halliday
Ideation | Individualization | Learner | Achiever | Analytical
http://www.pintumbler.org
--- End Message ---
--- Begin Message ---
MikeB wrote:
Daniel Brown wrote:
On Mon, Sep 13, 2010 at 19:51, MikeB<[email protected]> wrote:
As part of the bug report I included a link to an image of my nntp
config.
I saw that, thanks. I'll look into creating a mirror of the news
server, as well, for NNTP-only access. I won't lie and say that it's
a priority, but I'll try to get to it as soon as I have time, Mike.
You must have already done something. It's working a lot better today.
Thanks.
Perhaps I spoke too soon. It seems intermittent. Lots of denials today.
However, I've switched to the gmane list as recommended by somone else
on this thread and that works a treat, so I may just do an unsubscribe
here to get rid of the annoying timeout messages.
--- End Message ---
--- Begin Message ---
I know I could possibly hack something together using the Tidy
libraries... (maybe...) but are there any existing php libraries /
projects that already have the ability to take some HTML and
"downgrade" the version of HTML being used.
One example: turn this...
<p style="font-weight: bold">Blah</p>
... into ...
<p><b>Blah</b></p>
This is for an eReader I love but is long out of production and the
converter tool only works with HTML 3.2
Thanks in advance.
Matt
--- End Message ---
--- Begin Message ---
On Thu, Sep 16, 2010 at 1:20 AM, Pete Ford <[email protected]> wrote:
> On 15/09/10 18:00, David Harkness wrote:
>
>> $v = $row->xpath("//membernumber[. = \"$MemberId\"]");
>>
>
> Oooh, I hate using backslashes - they always seem so untidy...
> I have a pathological fear of sed scripts, too. :(
And yet I find them the *most* tidy in a way: \" inserts an actual
double-quote into the string. I don't think that's any more magical than
"surround it with single-quotes so it doesn't terminate the string." It will
work in single- and double-quoted strings equally, so you don't have to
worry about switching from one to the other messing up the expression.
David
--- End Message ---
