Re: [PHP-DB] BLOB
From: "Ng Hwee Hwee" <[EMAIL PROTECTED]> To: "DBList" <[EMAIL PROTECTED]> Date: Mon, 15 Mar 2004 17:24:31 +0800 Subject: Re: [PHP-DB] BLOB hi all, Hi ;) with blob, i can't see the encoded password easily and thus there is 'maximum security'. haha.. but i'm still open to any form of suggestions! Whoa, watch what your saying here because your well off the ball here. For everyone else who is not aware BLOB is zilch security. The details in a BLOB field is viewable easy enough. Please read about BLOB on the mysql website that I listed to you, read it very carefully, obviously you did not even read a line of it. Because the first few paragraphs tells you what it is, similar to a text field if you read it. Please read links people send to you, otherwise why should we bother wasting our time replying if you can't take the courtesy to read what we type? I can understand your a newbie, but don't try and think you know 100% BLOB is secure, coz you have a big fat X mark against that and you have failed the test. Also your sending miss-leading info to other inoccent people, but for the record BLOB is not secure as for protecting it's content. Anyways for password usage your better off using md5, if they lose the password get the system to generate and set a new one, email it to the user and get them to login and change it. Another way around it is a secret question they must answer, if correct they can reset their password on the fly. But I can see those two might not be easy for you. Well both to be honest is not simple for a newbie, but if you need assistance please post to the board, I am happy to assist if I can and so are others. Noone will post you a full working script on here unless they are feeling very generous, but sniplets they will for sure uncluding I. But if you need a website created you better off paying $50 or so and get it done professionally if you want your site secure. Choose a reliable source though, be careful is the key and do some homework. :) I run a web hosting business (off topic a bit I know) so if you need help just shoot. :) thanx! No worries, goodluck! J Find local movie times and trailers on Yahoo! Movies. http://au.movies.yahoo.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Scrollbar + javaScript
> Hello Nadim, > > This is entirely different from PHP and databases, so please pick the > right list for these kind of questions. The matter can be handled with > JavaScript (which is a client-side scripting language, while PHP and > databases are server side). > > Please use google and you will find your solution. > > Regards, > > Filip de Waard Hi, My sincere apologies. In fact I sent this to a different forum (PHP at OVH)... dunno how it ended here. Again my sincere apologies. Best Regards, Nadim Attari -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] How to redirect after a valid login
on 2004/03/15 15:39, Larry Sandwick at [EMAIL PROTECTED] made the following
allegation:
> Here is the error I get when I use the include below:
>
> include "MainMenu.php";
>
> Fatal error: Cannot redeclare class db in
> /tmp/disk/home/webmaster/Files/WWW/pearDB/DB.php on line 211
As someone else mentioned, inside the MainMenu.php file, use include_once
instead of just include. That is probably your problem.
I'll add the following additional comment for people searching for solutions
in the archive:
There is complication, however, if you are trying to use a local version of
the DB or PEAR class (Maybe all PEAR classes in general). If you are doing
that, you'll need to make sure that your local directories are at the
beginning of the include_path.
For example, let's say I do something like this:
include_once './new-version/DB.php';
Within the DB.php associated files in the DB directory, there are calls to
'include_once DB.php'. Those includes will use the includes path, which by
default is something like '/usr/lib/php/', not the place you included your
file from. As far as PHP is concerned, those are different files. Thus,
PHP first loads your DB.php and then the system version, resulting in the
error you mention above.
To get around that, I do something like this:
$file_system_location = dirname(__FILE__);
$current_includes_path = ini_get('include_path');
$new_include_path =
$file_system_location . '/includes:' .
$current_includes_path;
ini_set('include_path',$new_include_path);
Hope that helps.
Sincerely,
Paul Burney
Re: [PHP-DB] How to redirect after a valid login
Larry Sandwick wrote: Here is the error I get when I use the include below: include "MainMenu.php"; Fatal error: Cannot redeclare class db in /tmp/disk/home/webmaster/Files/WWW/pearDB/DB.php on line 211 // Larry Seems that MainMenu.php (or a file included by it) re-includes the DB.php file. Look into that, and replace require() and include() with require_once() and include_once() to avoid this kind of conflict. Bruno Ferreira --- [This E-mail scanned for viruses by Declude Virus] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] How to redirect after a valid login
Here is the error I get when I use the include below: include "MainMenu.php"; Fatal error: Cannot redeclare class db in /tmp/disk/home/webmaster/Files/WWW/pearDB/DB.php on line 211 // Larry -Original Message- From: Benjamin [mailto:[EMAIL PROTECTED] Sent: Saturday, March 13, 2004 9:14 PM To: [EMAIL PROTECTED] Subject: Re: [PHP-DB] How to redirect after a valid login What kind of error does it give you? Because in the snippet you gave us you wrote > include "mainmenu.php"; // Which gives me an error ! And that should give you an error because it should be include( "mainmenu.php" ); //note parenthesies I have done what you want to do before like so if( $logged_in ) include( "logged_in_script.php" ); else include( "logged_in_failed.php" ); So what error do you get? Goodluck, Benjamin -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] How to redirect after a valid login
On 14 March 2004 02:14, Benjamin wrote: > What kind of error does it give you? Because in the snippet you gave > us you wrote > > > include "mainmenu.php"; // Which gives me an error ! > > And that should give you an error because it should be > > include( "mainmenu.php" ); //note parenthesies Nope. Perfectly valid without the parentheses -- do it all the time. Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning & Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Scrollbar + javaScript
On Mar 15, 2004, at 11:20 AM, Nadim Attari wrote:
Hello,
This is much an HTML/javaScript problem (and not PHP). Your help is
appreciated!
Is there a way to know (e.g. through javaScript) whether scrollbar is
active?
Problem:
I have a window in which there is a table. if there is much contents, a
vertical scrollbar appears; if little content the scrollbar does not
appear.
My problem is that i would like to know whether the scrollbar is here
or
not; hence adjust the width of the table (and colums) accordingly! I
have
disabled horizontal scrollbar ("overflox-x: hidden" in CSS).
Hello Nadim,
This is entirely different from PHP and databases, so please pick the
right list for these kind of questions. The matter can be handled with
JavaScript (which is a client-side scripting language, while PHP and
databases are server side).
Please use google and you will find your solution.
Regards,
Filip de Waard
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] export queries to plain/text
What I need exactly is to send the outputs from queries made in the command line of postgresql to an plain text file, cvs or something like that, so the function suggested frwrite don't work for that case because it's from the command line. Than'ks Norma R -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] PHP -> MSSQL connects, but can't query
Yes, I'm connecting to a MSSQL server from FreeTDS, and it works fine.
Try using the IP of the MSSQL server instead of the name, and see if
that makes any difference.
On Mon, 2004-03-15 at 09:23, Jason Morrill wrote:
> I changed the mssql_select_db line as suggested by another person here
> but it didn't change a thing. I still get the exact same error message.
>
> Is there anyone else here connecting to a MS SQL server using TDS v8.0
> ??
>
> Thanks!
> Jason
>
>
> -Original Message-
> From: Jason Morrill [mailto:[EMAIL PROTECTED]
> Sent: Friday, March 12, 2004 8:36 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP-DB] PHP -> MSSQL connects, but can't query
>
>
> I've got a very simple PHP script for testing my MS SQL Server
> connection. I've installed FreeTDS and I can connect and query the
> database with TSQL.
>
> With PHP I can connect and disconnect properly but I can't query or
> attach to different databases. Here is my sample PHP followed by what
> the web server throws back at me:
>
> sql-test.php
>
>
>
>
> $dbproc = mssql_connect("roger","sa","admin");
> #$dbproc = sybase_connect("roger","sa","admin");
> if (! $dbproc) {
> print "Can't connect to server";
> return;
> }
> print "Connected to server.";
>
> $dbconnect = mssql_select_db("Northwind");
> if (! $dbconnect) {
> print "Can't connect to Northwind";
> return;
> }
> print "Connected to database";
>
> #$res = sybase_query("select * from test",$dbproc);
> #if (! $res) {
> # return;
> #}
> #while ($arr = sybase_fetch_array($res)) {
> # print $arr["i"] . " " . $arr["v"] . "\n";
> #}
>
> if (! mssql_close($dbproc)) {
> print "Can't close server connection";
> return;
> }
> print "Connection closed.";
> ?>
>
>
>
>
>
> Output in browser when referencing the sql-test.php file:
> -
>
> Connected to server.
> Warning: Sybase: Server message: Line 1: Incorrect syntax near 'e'.
> (severity 15, procedure N/A) in /home/www/sql-test.php on line 12 Can't
> connect to Northwind
>
>
>
> Can anyone help me figure this one out?!
>
> Thanks!
> Jason Morrill
> IT Manager
> Child & Family Agency SE Connecticut
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--
Adam Voigt
[EMAIL PROTECTED]
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] PHP -> MSSQL connects, but can't query
I changed the mssql_select_db line as suggested by another person here
but it didn't change a thing. I still get the exact same error message.
Is there anyone else here connecting to a MS SQL server using TDS v8.0
??
Thanks!
Jason
-Original Message-
From: Jason Morrill [mailto:[EMAIL PROTECTED]
Sent: Friday, March 12, 2004 8:36 AM
To: [EMAIL PROTECTED]
Subject: [PHP-DB] PHP -> MSSQL connects, but can't query
I've got a very simple PHP script for testing my MS SQL Server
connection. I've installed FreeTDS and I can connect and query the
database with TSQL.
With PHP I can connect and disconnect properly but I can't query or
attach to different databases. Here is my sample PHP followed by what
the web server throws back at me:
sql-test.php
\n";
#}
if (! mssql_close($dbproc)) {
print "Can't close server connection";
return;
}
print "Connection closed.";
?>
Output in browser when referencing the sql-test.php file:
-
Connected to server.
Warning: Sybase: Server message: Line 1: Incorrect syntax near 'e'.
(severity 15, procedure N/A) in /home/www/sql-test.php on line 12 Can't
connect to Northwind
Can anyone help me figure this one out?!
Thanks!
Jason Morrill
IT Manager
Child & Family Agency SE Connecticut
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Scrollbar + javaScript
Hello,
This is much an HTML/javaScript problem (and not PHP). Your help is
appreciated!
Is there a way to know (e.g. through javaScript) whether scrollbar is
active?
Problem:
I have a window in which there is a table. if there is much contents, a
vertical scrollbar appears; if little content the scrollbar does not appear.
My problem is that i would like to know whether the scrollbar is here or
not; hence adjust the width of the table (and colums) accordingly! I have
disabled horizontal scrollbar ("overflox-x: hidden" in CSS).
Thx,
Nadim Attari
Alienworkers.com
Mauritius
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] BLOB
On Monday 15 March 2004 17:24, Ng Hwee Hwee wrote:
Use md5.
> I can't use md5 because i want to retrieve it and send emails to my users
> if they forgot their password..
If they forget their password shoot them. Or depending on how secure your
application needs to be:
- generate a new password, send it to the user and ask them to login using
new password then change it
- send them an email containing a token (you need to generate a token and
insert into database), give them a page where they can enter that token and
allow them to change password.
Refer to the archives for details and maybe other methods for dealing with
lost passwords.
> md5 is only a one way encryption,
It is not an encryption, it's a one-way hash.
> thus i have to resort to using
> encode('$password', '$salt') where $salt is a value that i have assigned..
>
> because I know the value of $salt, I would be able to decode the password
> easily by looking at my database and running decode.
If your database and webserver are both located on the same server then
encoding (or encrypting) anything is largely a waste of effort.
If a hostile user ever gets access to your database they would (most likely)
will have access to your decryption key as well - in this case your salt.
Encryption is only useful where the data and the means of decrypting it are
stored in separate locations and compromise of one does not neccessarily lead
to the compromise of the other.
> with blob, i can't see the encoded password easily and thus there is
> 'maximum security'. haha.. but i'm still open to any form of suggestions!
So pretending that you cannot 'see' the password increases the security!?!
Like the myth about ostriches burying their heads in the sand to 'hide' from
their enemies?
If you don't want to accidently see people's passwords why not just rot13 it
(apparently some companies seems to think that is a secure enough form of
encryption).
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-db
--
/*
Steckel's Rule to Success:
Good enough is never good enough.
*/
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] BLOB
hi all,
I can't use md5 because i want to retrieve it and send emails to my users if
they forgot their password..
md5 is only a one way encryption, thus i have to resort to using
encode('$password', '$salt') where $salt is a value that i have assigned..
because I know the value of $salt, I would be able to decode the password
easily by looking at my database and running decode.
with blob, i can't see the encoded password easily and thus there is
'maximum security'. haha.. but i'm still open to any form of suggestions!
thanx!
- Original Message -
From: "Marcjon Louwersheimer" <[EMAIL PROTECTED]>
To: "Ng Hwee Hwee" <[EMAIL PROTECTED]>
Sent: Monday, March 15, 2004 4:38 PM
Subject: Re: [PHP-DB] BLOB
> Store the passwords using the md5() function. When inserting the password
> into the database, use md5($password). It will convert the password to a
> encrypted form using one way encryption. When you compare a entered
> password to a password stored in the database, make the password entered
> by the user md5($enteredpassword) and compare it to the raw password from
> the database. Hope that helps!
> --
> Marcjon
>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] BLOB
Hello, A BLOB is a binary large object that can hold a variable amount of data. The four BLOB types TINYBLOB, BLOB, MEDIUMBLOB, and LONGBLOB differ only in the maximum length of the values they can hold. The four TEXT types TINYTEXT, TEXT, MEDIUMTEXT, and LONGTEXT correspond to the four BLOB types and have the same maximum lengths and storage requirements. The only difference between BLOB and TEXT types is that sorting and comparison is performed in case-sensitive fashion for BLOB values and case-insensitive fashion for TEXT values. In other words, a TEXT is a case-insensitive BLOB. No case conversion takes place during storage or retrieval. If you assign a value to a BLOB or TEXT column that exceeds the column type's maximum length, the value is truncated to fit. Please read details at the address below: http://www.mysql.com/doc/en/BLOB.html Regarding hiding password from people accessing the database take a look at these: http://www.mysql.com/doc/en/Encryption_functions.html http://www.mysql.com/documentation/connector-j/index.html http://au.php.net/manual/en/function.md5.php Unoffical sites: http://www.allhype.co.uk/freestuff/scripts/php/md5/ http://www.teencoderz.com/article.php?story=20030808200312747 http://halfos.street-tv.net/lib/php/function.md5.php.htm I hope this helps. Any questions please reply to the board. :) ([EMAIL PROTECTED]) Jerry From: "Ng Hwee Hwee" <[EMAIL PROTECTED]> To: "PHP DB" <[EMAIL PROTECTED]> Date: Mon, 15 Mar 2004 09:18:50 +0800 Subject: Re: [PHP-DB] BLOB hi all.. thank you so much for your help! i tried out the all the different syntax and the following works perfectly SELECT * FROM `MEMBER` WHERE `PASSWD` = "" thanx, amanda! btw, i was trying to store the encryted password in the database but i do not want anyone who has the right to see the database (even myself!) to be able to know the password, so that there is maximum 'security'. That's why i used the blob field for my password.. hmmm... is this the right way of doing things? hwee Find local movie times and trailers on Yahoo! Movies. http://au.movies.yahoo.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
