php-general Digest 21 Apr 2013 01:24:35 -0000 Issue 8202

php-general-digest-help Sat, 20 Apr 2013 18:26:46 -0700

php-general Digest 21 Apr 2013 01:24:35 -0000 Issue 8202

Topics (messages 320902 through 320916):


Re: Newbie Question - Parse XML with PHP...
        320902 by: tamouse mailing lists
        320904 by: Matijn Woudt
        320905 by: shiplu

Re: mysql_connect noob question
        320903 by: Matijn Woudt
        320906 by: Glob Design Info
        320907 by: Glob Design Info
        320908 by: Tedd Sperling
        320909 by: David OBrien
        320910 by: Jim Giner
        320911 by: Stuart Dallas
        320912 by: Jim Giner
        320913 by: Glob Design Info
        320914 by: Tedd Sperling

Looking for complete entered URL
        320915 by: Angela Barone
        320916 by: Tom Rogers

Administrivia:

To subscribe to the digest, e-mail:
        php-general-digest-subscr...@lists.php.net

To unsubscribe from the digest, e-mail:
        php-general-digest-unsubscr...@lists.php.net

To post to the list, e-mail:
        php-gene...@lists.php.net


----------------------------------------------------------------------

--- Begin Message ---

This will be brief as I'm on a tablet...

On Apr 19, 2013 5:53 PM, "dealTek" <deal...@gmail.com> wrote:
>
>
> On Apr 19, 2013, at 3:32 PM, tamouse mailing lists <
tamouse.li...@gmail.com> wrote:
>
> >>
> >> page1.php is sending out to credit card company - getting processed -
then coming back to the *same page1.php* with the XML data listed below...
> >
> > Please expand what you mean by "sending out" and "coming back" - is
> > this a REST or SOAP API call? In that case, the response body is
> > likely to be the XML.
> >
> >>
> >> - so I'm not going to some other page to get it - it is coming to me
to the same page I am on..........
> >>
> >> so - after the XML result comes in - I need to assign the php to the
XML somehow...
> >
> > How do you recognize the "XML result com(ing) in" ?
> >
>
> Hi tamouse,
>
> with my untrained eye - it appears that this  is what is 'sending out'
>
>
>  $data = sendXMLviaCurl($xmlRequest,$gatewayURL);

This is the  sending and receiving -- the function uses curl to send your
xml request and returns the response from that.

>
>
> and this might be what is 'responding back' on the same page
>
>
>     $gwResponse = @new SimpleXMLElement((string)$data);

$data contains the response, this is how you are processing it.

Skipping the long and monolithic code, what I will suggest is that you
break things up into modules, functions and procrdures, and write unit
tests that will check each piece seperately. After you've verified that
each step is working, then you can start to integrate the pieces, following
the stricture of keeping code (logic), data, and presentation seperate.

It is much easier to deal with debugging when your code is simple and does
only one thing. Break out the part you are asking here about, the API call.
Build up a viable test request that will get you a known response and make
sure you are getting what you expect. My suspicion is that the response
here isnot what you expect.

>

--- End Message ---

--- Begin Message ---

On Sat, Apr 20, 2013 at 12:51 AM, dealTek <deal...@gmail.com> wrote:

>
> On Apr 19, 2013, at 3:32 PM, tamouse mailing lists <
> tamouse.li...@gmail.com> wrote:
>
> >>
> >> page1.php is sending out to credit card company - getting processed -
> then coming back to the *same page1.php* with the XML data listed below...
> >
> > Please expand what you mean by "sending out" and "coming back" - is
> > this a REST or SOAP API call? In that case, the response body is
> > likely to be the XML.
> >
> >>
> >> - so I'm not going to some other page to get it - it is coming to me to
> the same page I am on..........
> >>
> >> so - after the XML result comes in - I need to assign the php to the
> XML somehow...
> >
> > How do you recognize the "XML result com(ing) in" ?
> >
>
> Hi tamouse,
>
> with my untrained eye - it appears that this  is what is 'sending out'
>
>
>  $data = sendXMLviaCurl($xmlRequest,$gatewayURL);
>
>
> and this might be what is 'responding back' on the same page
>
>
>     $gwResponse = @new SimpleXMLElement((string)$data);
>
>
> you can see these lines towards the bottom at - // Process Step Three...
>
>
Why did you prefix this with @? This way your hiding the real error that is
probably the answer to why it is not working.

- Matijn

--- End Message ---

--- Begin Message ---

>
>
>
> Question: how do you use $mylist when the xml is not as a file but is
> returned on a web page?
>

I assume  It returns as a string from page. Then use
simplexml_load_string(). See
http://php.net/manual/en/function.simplexml-load-string.php


-- 
Shiplu.Mokadd.im
ImgSign.com | A dynamic signature machine
Innovation distinguishes between follower and leader

--- End Message ---

--- Begin Message ---

On Sat, Apr 20, 2013 at 10:36 AM, tamouse mailing lists <
tamouse.li...@gmail.com> wrote:

> No, that's for writing safe html output.
>
> If the user or password contains special chars, sending them through
> htmlspecialchars would turn them into html entities. i doubt you want that.
>
> I'm at a loss here.

Pretty much the same goes for me.

It could be charset issue, do your username and password consist of only
ASCII characters, or do they also contain others? If so, then it might be
that your sending these characters in a different charset.

- Matijn

--- End Message ---

--- Begin Message ---

Thanks for that good suggestion.

I tried that and as expected, the passed variables are coming throughexactly as expected:


array(3) {
  ["user"]=>
  string(3) "joe"
  ["password"]=>
  string(11) "complacency"
  ["login"]=>
  string(5) "Login"
}

The bottom one seems to be the submit button's tag.

I'm at a loss too. It should work. Replacing all 3 script variables withhard-coded values for the login works fine - so I know the host stringis fine.


Very weird!

On 4/20/13 1:36 AM, tamouse mailing lists wrote:

No, that's for writing safe html output.

If the user or password contains special chars, sending them through
htmlspecialchars would turn them into html entities. i doubt you want that.

I'm at a loss here. The only thing Ican think of is to try something like
this at the top of the script:

<?php

error_reporting(-1);
ini_set('display_errors',1);
ini_set('display_startup_errors',1);
header("Content-type: text/plain");
var_dump($_POST);
exit;

?>

and see precisely what is being passed in from your form.
  On Apr 19, 2013 10:50 PM, "Glob Design Info" <i...@globdesign.com> wrote:

No, no spaces.

I am wondering if I need to use htmlspecialchars()

On Apr 19, 2013, at 7:17 PM, Jim Giner <jim.gi...@albanyhandball.com>
wrote:

On 4/19/2013 9:33 PM, Glob Design Info wrote:

They aren't on the same server. The DB is on xeround.com, the web

server

is localhost.

The host value is set and working. If I hard-code the user and password
values in the mysql_connect() call and leave the host value as is, it
connects fine. Only passing the user and password from the form cause it
to fail.


On 4/19/13 5:47 PM, David Robley wrote:

Glob Design Info wrote:

Sorry. The error displayed is:

*Warning*: mysql_connect() [function.mysql-connect
<http://localhost/wservices/function.mysql-connect>]: Access denied

for

user '<user>'@'ip70-162-142-180.ph.ph.cox.net' (using password: YES)

in

*/Library/WebServer/Documents/wservices/connect.php* on line *29*

(But with the real user name, not just '<user>')

Thanks,

On 4/19/13 3:28 PM, tamouse mailing lists wrote:

On Fri, Apr 19, 2013 at 3:43 PM, Glob Design Info <

i...@globdesign.com>

wrote:

I know this has probably been answered already.

When I pass a user name and password from a form to my PHP script

and

then pass those to mysql_connect it doesn't connect. When I paste
those
exact same values into mysql_connect as string literals it works.

Can anyone tell me why this happens?

I know the strings are identical to the literals I try in a test but
they don't work when submitted via form.

$form_user = $_POST[ 'user' ];
$form_pass = $_POST[ 'password' ];

# Connect to remote DB

$LINK = mysql_connect( $host, $form_user, $form_pass );

Please show the error you are getting from the mysql_connect

And yes, my $host param is correct.

Thanks,

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

First guess is that you don't have privileges for
'<user>'@'ip70-162-142-180.ph.ph.cox.net', but you may have privileges
for
'<user>'.

And, what are you using for the $host value? If the script and mysql
are on
the same server, it shouldn't need to be anything other than

'localhost'.

Do your user or password contain spaces, thereby requiring quotes in

your call?

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--- End Message ---

--- Begin Message ---

Goog suggestion. The user name is an email address so it does contain @.

Password is all pure lowercase ASCII.

Wonder if the shift-2 is causing the problem?

On 4/20/13 4:44 AM, Matijn Woudt wrote:

On Sat, Apr 20, 2013 at 10:36 AM, tamouse mailing lists <
tamouse.li...@gmail.com> wrote:

No, that's for writing safe html output.

If the user or password contains special chars, sending them through
htmlspecialchars would turn them into html entities. i doubt you want that.

I'm at a loss here.

Pretty much the same goes for me.

It could be charset issue, do your username and password consist of only
ASCII characters, or do they also contain others? If so, then it might be
that your sending these characters in a different charset.

- Matijn

--- End Message ---

--- Begin Message ---

On Apr 19, 2013, at 4:43 PM, Glob Design Info <i...@globdesign.com> wrote:

> I know this has probably been answered already.
> 
> When I pass a user name and password from a form to my PHP script and then 
> pass those to mysql_connect it doesn't connect. When I paste those exact same 
> values into mysql_connect as string literals it works.
> 
> Can anyone tell me why this happens?
> 
> I know the strings are identical to the literals I try in a test but they 
> don't work when submitted via form.
> 
> $form_user = $_POST[ 'user' ];
> $form_pass = $_POST[ 'password' ];
> 
> # Connect to remote DB
> 
> $LINK = mysql_connect( $host, $form_user, $form_pass );
> 
> And yes, my $host param is correct.
> 
> Thanks,


Why are you allowing anyone to connect to your database from a form?

Cheers,

tedd

_____________________
tedd.sperl...@gmail.com
http://sperling.com

--- End Message ---

--- Begin Message ---

>
> > $form_user = $_POST[ 'user' ];
> > $form_pass = $_POST[ 'password' ];
> >
> > # Connect to remote DB
> >
> > $LINK = mysql_connect( $host, $form_user, $form_pass );
> >
> > And yes, my $host param is correct.
>

Have you tried

$LINK = mysql_connect( $host, "$form_user", "$form_pass" );

just for the heck of it?

--- End Message ---

--- Begin Message ---
Why are you allowing anyone to connect to your database from a form?

Cheers,

tedd

_____________________
tedd.sperl...@gmail.com
http://sperling.com
A little OT, but...
What do you mean by this question? How do you check someone'scredentials if not by connecting to a db to verify the login? Cause I'mdoing the same kind of thing all over the place. With good practices onvalidation and such before doing my query of course.
--- End Message ---

--- Begin Message ---

On 20 Apr 2013, at 16:25, Jim Giner <jim.gi...@albanyhandball.com> wrote:

>> Why are you allowing anyone to connect to your database from a form?
>> 
> A little OT, but...
> What do you mean by this question?  How do you check someone's credentials if 
> not by connecting to a db to verify the login?  Cause I'm doing the same kind 
> of thing all over the place.  With good practices on validation and such 
> before doing my query of course.

I'm pretty sure that's not what tedd meant. The code is logging in to the 
database server using the username and password from the form. There are very 
few legitimate reasons to be doing this, so the question is well worth asking.

-Stuart

-- 
Stuart Dallas
3ft9 Ltd
http://3ft9.com/

--- End Message ---

--- Begin Message ---

On 4/20/2013 11:44 AM, Stuart Dallas wrote:

On 20 Apr 2013, at 16:25, Jim Giner <jim.gi...@albanyhandball.com> wrote:

Why are you allowing anyone to connect to your database from a form?

A little OT, but...
What do you mean by this question?  How do you check someone's credentials if 
not by connecting to a db to verify the login?  Cause I'm doing the same kind 
of thing all over the place.  With good practices on validation and such before 
doing my query of course.


I'm pretty sure that's not what tedd meant. The code is logging in to the 
database server using the username and password from the form. There are very 
few legitimate reasons to be doing this, so the question is well worth asking.

-Stuart

oops - now I see.

--- End Message ---

--- Begin Message ---

Same error. That just turns those into string literals.

On 4/20/13 5:48 AM, David OBrien wrote:

$form_user = $_POST[ 'user' ];
$form_pass = $_POST[ 'password' ];

# Connect to remote DB

$LINK = mysql_connect( $host, $form_user, $form_pass );

And yes, my $host param is correct.

Have you tried

$LINK = mysql_connect( $host, "$form_user", "$form_pass" );

just for the heck of it?

--- End Message ---

--- Begin Message ---

On Apr 20, 2013, at 11:44 AM, Stuart Dallas <stu...@3ft9.com> wrote:

> On 20 Apr 2013, at 16:25, Jim Giner <jim.gi...@albanyhandball.com> wrote:
> 
>>> Why are you allowing anyone to connect to your database from a form?
>>> 
>> A little OT, but...
>> What do you mean by this question?  How do you check someone's credentials 
>> if not by connecting to a db to verify the login?  Cause I'm doing the same 
>> kind of thing all over the place.  With good practices on validation and 
>> such before doing my query of course.
> 
> I'm pretty sure that's not what tedd meant. The code is logging in to the 
> database server using the username and password from the form. There are very 
> few legitimate reasons to be doing this, so the question is well worth asking.
> 
> -Stuart

Stuart is exactly right.

If you are checking someone's credentials to access your site, such as a user, 
then giving them the "keys to the kingdom" is a bit of an overkill.

My advice, set up "user_id" and "password" fields in a "user" table for users 
you want to access some portion of your site, here's the code to do that:

http://sperling.com/php/authorization/log-on.php

Where I have said "// define your user id here" is the place to actually open 
your database and access your user table to gather the correct user_id and 
password.

I also suggest that when you open the database you only use literals from a 
config.php file ($dbhost,$dbuser,$dbpass) for accessing the actual database and 
then check the user_id and password before giving them authorization to private 
areas.

Keep the private stuff private!

Cheers,

tedd

_____________________
tedd.sperl...@gmail.com
http://sperling.com

--- End Message ---

--- Begin Message ---

        I've written a script that logs all visits to a web site, complete with 
referrer and IP address.  It also logs all 4xx errors.  What I'd like to add to 
this is, if someone adds extra code after the page_name.php, to be able to 
capture any extra code and log that.

        I've tried:

$_SERVER['QUERY_STRING']
$_SERVER['REDIRECT_QUERY_STRING']
$_SERVER['REDIRECT_URL']

but nothing seems to get logged.

        Is there a way, when either a false url is entered and a 404 is 
generated, or just when someone tacks on extra code to the URL, that I can grab 
that extra info?  I'm looking for the complete URL that was entered by the 
user, not anything returned by the server.

        I've created my own 4xx_error.php files which calls my tracking script, 
along with creating the proper ErrorDocument lines in the main .htaccess file.

        There are a lot of pages that have come up in my search, but nothing 
seems to pertain to what I'm trying to do.

Thank you,
Angela

BTW, I know about Piwik and I use that, as well.  This is something I'm doing 
on my own.

--- End Message ---

--- Begin Message ---

Hello Angela,

Sunday, April 21, 2013, 4:51:37 AM, you wrote:

>         I've written a script that logs all visits to a web site,
> complete with referrer and IP address.  It also logs all 4xx errors.
> What I'd like to add to this is, if someone adds extra code after
> the page_name.php, to be able to capture any extra code and log that.

>         I've tried:

> $_SERVER['QUERY_STRING']
> $_SERVER['REDIRECT_QUERY_STRING']
> $_SERVER['REDIRECT_URL']

> but nothing seems to get logged.

>         Is there a way, when either a false url is entered and a
> 404 is generated, or just when someone tacks on extra code to the
> URL, that I can grab that extra info?  I'm looking for the complete
> URL that was entered by the user, not anything returned by the server.

>         I've created my own 4xx_error.php files which calls my
> tracking script, along with creating the proper ErrorDocument lines in the 
> main .htaccess file.

>         There are a lot of pages that have come up in my search,
> but nothing seems to pertain to what I'm trying to do.

> Thank you,
> Angela

> BTW, I know about Piwik and I use that, as well.  This is something I'm doing 
> on my own.


You  can put this in the page and email your self the information that
is available:

<?php
ob_start();
phpinfo(INFO_VARIABLES);
$s = ob_get_contents();
ob_end_clean();

email('y...@wherever.com', 'Error Listing", $s);

Then you can see all that's present and work out what to trap

-- 
Best regards,
 Tom                            mailto:trog...@kwikin.com

--- End Message ---

php-general Digest 21 Apr 2013 01:24:35 -0000 Issue 8202

Reply via email to