Re: converting text to hypertext
Hi Rick! You could also do something like the following (I'm assuming that the http://www part isn't in $field already. . .). = print tr; foreach ($row as $field) { print td align=centera href=http://www.$field/;http://www.$field/td; } print /tr; = Cheers! -warren for filter: query, mysql, bigint - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: tracing ips
Hi! Go to http://cello.cs.uiuc.edu/cgi-bin/ip2ll for the always entertaining Host name to Latitude/Longitude. (Likely not of any interest is http://cello.cs.uiuc.edu/cgi-bin/slamm/ip2name which is just an IP Address to Hostname and Vice Versa) Have fun! Cheers! -warren filter: mysql, queries, bigint, and (just for variety) zwieback - Original Message - From: Alex Behrens [EMAIL PROTECTED] To: MYSQL [EMAIL PROTECTED] Sent: Monday, January 06, 2003 7:54 PM Subject: tracing ips hey everyone, Kind of an OT subject, but since a lot of you are sys admins and what not I thought maybe someone could help. I'm trying to trace people on my message board to get a better idea of who they are. Does anyone know how to trace an ip and what program or method to use? I have ips from users but I need a method to get more information about who they are. If anyone has any suggestions, let me know! thanks! mysql Thanks! -Alex Big Al Behrens E-mail: [EMAIL PROTECTED] Urgent E-mail: [EMAIL PROTECTED] (Please be brief!) Phone: 651-482-8779 Cell: 651-329-4187 Fax: 651-482-1391 ICQ: 3969599 Owner of the 3D-Unlimited Network: http://www.3d-unlimited.com Send News: [EMAIL PROTECTED] - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: tracing ips (whois site)
Hi! I forgot to mention whois: http://resellers.tucows.com/opensrs/whois/ This one seems to be pretty decent. Just type the domain name and see the registration info. Cheers! -warren filter: queries, mysql, bigint - Original Message - From: Alex Behrens [EMAIL PROTECTED] To: MYSQL [EMAIL PROTECTED] Sent: Monday, January 06, 2003 7:54 PM Subject: tracing ips hey everyone, Kind of an OT subject, but since a lot of you are sys admins and what not I thought maybe someone could help. I'm trying to trace people on my message board to get a better idea of who they are. Does anyone know how to trace an ip and what program or method to use? I have ips from users but I need a method to get more information about who they are. If anyone has any suggestions, let me know! thanks! mysql Thanks! -Alex Big Al Behrens E-mail: [EMAIL PROTECTED] Urgent E-mail: [EMAIL PROTECTED] (Please be brief!) Phone: 651-482-8779 Cell: 651-329-4187 Fax: 651-482-1391 ICQ: 3969599 Owner of the 3D-Unlimited Network: http://www.3d-unlimited.com Send News: [EMAIL PROTECTED] - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Multiple SQL files
Hi! I have php files and perl files that create multiple databases and move data around as needed. . . is this what you mean? You could have many such files if you wanted (as you mention below) but it would seem easier to set up some sort of program flow so that under different conditions different databases could be created or dropped or whatever automatically. . . If this is what you mean, then yes, it is being done even as we speak! I could send you one of my inept examples if you want. I believe that phpMyAdmin will allow you to enter SQL commands (say, by copying them from a file and pasting into the SQL code window). Unless you modified phpMyAdmin (which ought to be pretty easy) I think that you'd have to set up an external file to create multiple databases and do your bidding with the data. . . Cheers! -warren Filter: mysql, query, queries, bigint - Original Message - From: Frank Peavy [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Sunday, January 05, 2003 11:39 AM Subject: Multiple SQL files I have multiple SQL files that create different tables. Is there a way for me to create a single SQL file that will call these other files? Since I am using phpMyAdmin, I am assuming that call this file from phpMyAdmin?! - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Second thought
Hi! A second thought is you could issue an SQL command from phpMyAdmin's command window such as Load Data or Load Data Infile (if you have the privs to do so). Cheers! -warren - Original Message - From: Frank Peavy [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Sunday, January 05, 2003 11:39 AM Subject: Multiple SQL files I have multiple SQL files that create different tables. Is there a way for me to create a single SQL file that will call these other files? Since I am using phpMyAdmin, I am assuming that call this file from phpMyAdmin?! - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Multiple SQL files
Hi! Sorry Frank, I don't have an example of this. . . however you might try http://phpmyadmin.sourceforge.net/documentation/ and click on developers where there are email addresses for the developers. You may find someone who will have nice suggestions that will advance your project! Cheers! -warren filter: queries, mysql, bigint - Original Message - From: Frank Peavy [EMAIL PROTECTED] To: wcb [EMAIL PROTECTED]; MySQL [EMAIL PROTECTED] Sent: Sunday, January 05, 2003 12:00 PM Subject: Re: Multiple SQL files Warren, Thank you for your prompt reply. Actually, I have various ??.sql files that I can execute thru phpMyAdmin and they all work, but on occasion, there is a need to run all the files at once. So, I was wondering if I could create a file the would call these other files and execute them in sequence, i.e. Aggregate_file.sql call first.sql call second.sql call third.sql etc. If you have an example of something like this, it would be nice to see. Thanks. At 11:48 AM 1/5/03 -0800, wcb wrote: Hi! I have php files and perl files that create multiple databases and move data around as needed. . . is this what you mean? You could have many such files if you wanted (as you mention below) but it would seem easier to set up some sort of program flow so that under different conditions different databases could be created or dropped or whatever automatically. . . If this is what you mean, then yes, it is being done even as we speak! I could send you one of my inept examples if you want. I believe that phpMyAdmin will allow you to enter SQL commands (say, by copying them from a file and pasting into the SQL code window). Unless you modified phpMyAdmin (which ought to be pretty easy) I think that you'd have to set up an external file to create multiple databases and do your bidding with the data. . . Cheers! -warren Filter: mysql, query, queries, bigint - Original Message - From: Frank Peavy [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Sunday, January 05, 2003 11:39 AM Subject: Multiple SQL files I have multiple SQL files that create different tables. Is there a way for me to create a single SQL file that will call these other files? Since I am using phpMyAdmin, I am assuming that call this file from phpMyAdmin?! - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Hiding the password
Hi! Perhaps gurus can comment on what I'm suggesting here - if the database is set up so that only localhost can access it, then you can use a php or PERL script to allow people from elsewhere to cruise in and make queries as your script allows. As long as your script is set up to be secure (for example, not to allow special characters like ~ or ^$, etc.) then unless they break into your server they can't do anything you don't want them to. In other words, it doesn't matter if the id and password for the database are known (and you can't really hide it on the Internet) because as long as the server's identity is different from the domains cruising in, they are constrained by your php script (or PERL script). It may be helpful to do something like this: include($DOCUMENT_ROOT.'/include/database.php'); so that the id and password are stored in another folder. However, sophisticated users will still be able to track the id and password down. . . Certainly I'd appreciate comments on this by people in the know, because it is an issue that so many people face . . . Cheers! -warren - Original Message - From: Octavian Rasnita [EMAIL PROTECTED] To: Benjamin Pflugmann [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Saturday, January 04, 2003 8:47 AM Subject: Re: Hiding the password Well, I guess the best solution would be to use a Windows server. Teddy, Teddy's Center: http://teddy.fcc.ro/ Email: [EMAIL PROTECTED] - Original Message - From: Benjamin Pflugmann [EMAIL PROTECTED] To: Octavian Rasnita [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, December 25, 2002 8:39 PM Subject: Re: Hiding the password Hello. On Wed 2002-12-25 at 13:15:58 +0200, [EMAIL PROTECTED] wrote: Hi all, I want to make a CGI program in Perl that queries a MySQL database, and the problem is that I need to write the password for the database in the program and this password can be seen by any user that has an account on that server. I need to gave 755 permissions to CGI scripts because they need to be executed by the web server account, and not by my account. Do you have any tips for hiding the password, Not really. Whereever you put it, the web server account has be able to access it, so the problem stays. Even if you could arrange that only the web server account can read it (e.g. by changing the owner of a file containing the password), every user with permission to create CGI scripts can still write a script to read the data. or accessing MySQL from CGI scripts is not secure at all? Well, it is as secure as the server is set up. E.g. one can set up Apache so that it executes CGIs as the user to whom the script belongs. I know this has its own problems... it was only intended as example that it is a question of the server configuration. The best way is always a compromise and depends on how the server is used. If the server configuration is not in your hands, I don't there is much you can do, except asking the admin which way she suggests. HTH, Benjamin. -- [EMAIL PROTECTED] - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Hiding the password
It isn't at all difficult to grasp. Please carefully (and exercising a certain amount of patience) read my post and the previous post upon which my post was based. We are acknowledging that EVERYONE can find out your id and password. The question reformulated is: Given that one's MySql environment may not be accessible in terms of privs (which is the case for a lot of people, who are paying for hosting by a third party) and given that we CAN'T hide the id/password combination, is the standard arrangement that hosts use (which is to ensure that only localhost can access the database) adequate to prevent people from doing unwanted things in your database? NOTE that I'm assuming that one has a script on localhost, and all users are from another domain, and also assuming that the script is properly set up to constrain the activities of users, does it even matter that people can determine the id/password combination?? Thanks for patient responses. Cheers! -warren Perhaps gurus can comment on what I'm suggesting here - if the database is set up so that only localhost can access it, then you can use a php or PERL script to allow people from elsewhere to cruise in and make queries as your script allows. Why is this so difficult to grasp? As I, and many others, have pointed out, repeatedly, it does not matter how many layers you wrap around your password-retrieval code, as soon as you make the end-result accessible/readable by your web-CGI, you have done just that: made the user/password accessible by your web-daemon -- hence, made it accessible to everyone with access to your web-server. And no, adding some sort of access-control within your CGI is equally useless: as a user being hosted on your web-server I would not bother to run your CGI, but simply copy it for ocular inspection. :) Certainly I'd appreciate comments on this by people in the know, because it is an issue that so many people face... Perhaps those people should do what I do: create special MySQL users (@localhost), unprivileged to the max, with only very narrow SELECT privileges to the databases they are supposed to read data from, and use those users to access the MySQL server in your CGI. - Mark - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: response to Larry Brown copied for general info. . .
Hi! (MySql, sql, queries for filter) I may be misunderstanding some things. Here is what I am thinking and doing. I believe that people can find out my id and password because I use scripts to permit people to enter information or delete information. I have a little housing registry and also a learning/testing site, for example. So I have (in these cases) php scripts allowing people to log in and then allowing them to access the applications. The scripts always have to be the localhost connection to the database, so they have to log in and all users have access to my scripts. So (as I see it) everyone could potentially see the id and password.On the other hand that doesn't seem to be a huge worry because unless they can connect as localhost using their own scripts or application, then they have to use my scripts and they can't do anything especially evil (not that they want to . . .). I would definitely agree that if you want airtight security you have to do your own hosting. . . However, at the moment I'm busy with other things so that just isn't a possibility. I'd love to have full access to the user privileges, etc. but that will be maybe a year from now. . . Also, I seem to be doing what JamesD suggested in an earlier post. His example uses Perl but I do the same thing using php. This approach so far has been working well. Thanks for all your input! This feedback is very, very helpful. -warren - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
second response to Larry Brown's second post for general perusal andcomment
Hi! (for filter: Mysql queries query longint) Oh no, the people who log in cannot modify scripts. That would be suicide. . . They log via something I made that maintains an md5 hash (quite a long one) which is their log-in flag maintained via a cookie while they are logged in. It also requires the user's personal password (which has nothing to do with the database). Then they can access the database via scripts (as long as they are logged in). This looks like if (user_isloggedin()) { include($DOCUMENT_ROOT.'/include/SomeScriptNameHere.php'); //this include has database id and password . . . a bunch of code here (current script) } else {//some error message advising user to log in} So the database id and password are buried in an include script. The scripts just do some inserting and updating on tables that belong to the person in question, so they can (in the case of the learning/testing application for instance) enter test questions and post tests that their students can access. I'm hoping that people can't get access to the id and password but I have always assumed that someone with ability may be able to extract the script itself and examine it. However, since they can't log in to the server (but only to my log in facility, which allows them access to a folder containing a script which they cannot modify) they are not localhost users or visitors. The scripts they can access reside on localhost, but nobody can touch the scripts. . . Thanks again! I'm feeling somewhat better! Cheers! -warren - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: How long is my piece of string?
Hi! I was interested in the answer to this person's question, too! The following response: You need indexes as soon as (or rather just before) they provide a performance difference. Alan seems to lack detail in answering the question, which might be phrased when might indices start making a performance difference?. Can anyone give rules of thumb? Cheers! -warren - Original Message - From: Alan McDonald [EMAIL PROTECTED] To: Iain Lang [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Saturday, December 21, 2002 4:22 PM Subject: RE: How long is my piece of string? You need indexes as soon as (or rather just before) they provide a performance difference. Alan -Original Message- From: Iain Lang [mailto:[EMAIL PROTECTED]] Sent: Sunday, 22 December 2002 11:15 AM To: [EMAIL PROTECTED] Subject: How long is my piece of string? . Dear List, I'm using php MySQL for a cycling club website, results, guest-book, events and so on. I've just started and have faithfully created indices all over the place. At present, we have less than 400 records, be they of members, of image URLs, whatever. Each year will, I expect, create an additional 400 records. Am I gilding the lily adding indices for such a small database? Does such a small database really *need* indices, and beyond what number of records might indices provide faster extraction/presentation? I realise how vague a question it is, hence the subject title. Yooors, Iain. -- -- - Most progress has been the result of the actions of unreasonable men. G.B.Shaw. http://www.johnstone-wheelers.co.uk Johnstone-Wheelers - the friendliest cycling club in Scotland! - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: A Query problem
Hi! I have an enigma that I just can't seem to resolve. == What is Hoped For: I have 3 variables (called F1, F2 and F3) which will contain either an integers (a pointer to a feeback item in another table, actually) and a database of questions, each having an F1, F2 and F3, any one or more of which can contain an integer or 0 (for null). What I hope to do is do a comparison like this: $myquery=MYSQL_QUERY(select count(uid) from TABLENAME where ( (F1='$F1') || (F2='$F1') || (F3='$F1') || (F1='$F2') || (F2='$F2') || (F3='$F2') || (F1='$F3') || (F2='$F3') || (F3='$F3') )); In other words I wish to find out if one or more of three variables that may contain an integer, matches any questions with feedback items F1, F2 and F3 (integers all). The variable F1 can match F1, F2 or F3 in the database, so all comparisons must be tried. == The Problem: Again, there are three fields in a table, F1, F2, and F3. They are numeric. There are three variables passed by a php program, and I want to know if any one of F1, F2 or F3 matches any one of F1, F2 or F3 in the table. Again, since the variable F1 can match F1, F2 or F3 in the database, I want to do all comparisons. So using PHP I do this: //set one variable to an integer (in the program being written, this may occur naturally) $F1='' $F2=2; $F3=''; //test to see if any of F1, F2 or F3 are set to some integer (otherwise it is set to nothing at all) $F1index=is_numeric($F1); //if F1 is numeric set F1index to 1 $F2index=is_numeric($F2); //if F2 is numeric set F2index to 1 $F3index=is_numeric($F3); //if F3 is numeric set F2index to 1 //Set any null values to some specific value (part of my efforts to resolve the problem below) if ($F1index 1){$F1='WWW';} if ($F2index 1){$F2='WWW';} if ($F3index 1){$F3='WWW';} //The situation here is that the variable F1 is WWW and F2=2 and F3 is WWW. In the database table there are 2 rows in which F1 is 0, F2=3 and F3=0. $data=MYSQL_QUERY(select count(F1) from TABLENAME where (F1='$F1') || (F1='$F2') || (F1='$F3') ); //In the database, F1=0, F2=3 and F3=0. therefore, the above query results in NO match, which is the case. Perfect. BUT (and here is the rub) if I do this: $data=MYSQL_QUERY(select count(uid) from TABLENAME where ( (F1='$F1') || (F2='$F1') || (F3='$F1') || (F1='$F2') || (F2='$F2') || (F3='$F2') || (F1='$F3') || (F2='$F3') || (F3='$F3') )); //BOTH records in the table match successfully. I thought that none ought to match as variable F1, F2 and F3 are all NOT 3. //wondering what is going on I tried a scaled-down, simpler query $data=MYSQL_QUERY(select count(F1) from QQwowen where (F1='$F1') || (F1='$F2') || (F1='$F3') || (F2='GOOOBAAA') ); //I put something ridiculous ('Gooobaaa') to compare to F2 (F1=0, F2=3 and F3=0 in the table) and this query matches ALL records in the table. I'm certain that I'm missing something fundamental here. Can anyone explain to me why this is happening? Thanks very much! Cheers! -warren - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php