[PHP-DB] retry, this time with code [was: [PHP-DB] [newbie] Form to email *and* insert row to MySQL]
My last email shows on the archive but it also bounced back to me so I
am reposting it. Sorry of this is a double-post.
Also, I am adding this time the source code down below which I should
have probably done last time around.
Any help is much appreciated, Ben.
Hello guys,
I have an HTML form with the action attribute set to the famous
FormMail.pl and it works beautifully. However, I also want to insert
the data into a MySQL database.
Initially, I thought that I would let FormMail validate the data, send
the email, and then redirect to a PHP script that would use the $_POST
array to INSERT it into my db [see source below]. Of course, it didn't
work. AFAICT, both
the FormMail script and the PHP script need to be called from the form's
action attribute.
1 - Is there a way to call them both?
From lurking around and reading tutorials, I understand that it is
possible to send emails with PHP and that I don't need to use FormMail
at all. However, I have been told that FormMail is a relatively "safe
script" that won't let hackers exploit either the server or myself. I
am not quite sure what such exploits might be, but I trust that the
hackers are...
2 - If I am to drop FormMail, what PHP script should I use to protect
my, and the server's, security?
Which brings us to the next point: the PHP script that I currently use
is very straightforward ([see below]) and the subuser has
only INSERT privileges.
3 - Am I putting anything (db, server) in a danger with this script?
Cheers,
Ben
[HTML Form]
http://site.com/cgi-bin/FormMail.pl"; />
http://site.com/script.php"; />
Name:
[...]
[script.php]
$name = $_POST['realname'];
mysql_connect("localhost", "subuser", "password")or die("ERROR:
".mysql_error());
mysql_select_db("my_db")or die("ERROR: ".mysql_error());
mysql_query("INSERT INTO `my_table` (`id`, `name`) VALUES
('','$realname')");
header('Location: http://site.com/thankyou.html');
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Lock Record on Postgresql
Torsten: Thank's a lot, I think I get it! > Hi Norma, > > you can achieve this in a much more comfortable and elegant way: > > Create an integer column named oca (stands for Optimistic Concurrency > Control Attribute). When you load the data to show them in the editing form > store the value in a hidden field or in the session (if you are using > sessions). Then when you update the data use the following statement: > > UPDATE table SET column = '$value' ..., oca = oca + 1 WHERE user_id = > $user_id AND oca = $value_from_hidden_field > > After performing the query check the affected rows. If there is one affected > row the update was succesful. If there are no affected rows it means that > someone else updated this row in the meantime (thereby incrementing oca) and > you can show a message like: > > "Since the start of your editing process someone else updated this record > set. Please cancel and edit the record again." > > This way you will never lock out a record set forever like Miles wrote and > the user will at least be able to "open" the record set and see all data - > even if sometimes (should be very seldom) he has to cancel and start again. > > I hope you get my point - it's a bit difficult to explain. > > Best regards, Torsten Roehr > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql query
On Fri, 13 Aug 2004 19:39:59 +0200, Torsten Roehr <[EMAIL PROTECTED]> wrote: > "Justin Patrin" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > On Fri, 13 Aug 2004 15:20:36 +0200, Quentin Cotillard > > <[EMAIL PROTECTED]> wrote: > > > Consider a table similar to the one below. > > > What I want to do is to get ONE random record from categories(cat) A > > > and 5 random record from category B > > > > > > | ID | computer | name | cat |... > > >1dell 834A > > >2ibm526A > > >3apple 134B > > >4sony 333A > > >5dell 834B > > >6ibm556A > > >7apple 534B > > >8sony 233A > > >9dell 874A > > > > > > > > > How could I construct my query to the mysql? > > > > > > > This is an SQL question, not a PHP question. > > > > order by rand limit 5 > > Hi Justin, > > this won't work because he needs to make sure to get 1 from category A *AND* > 5 from category B with one query. I had a similar problem some weeks ago and > even though a lot of people from the list were trying to help we didn't find > a solution. In the end I had to do seperate queries. > I actually assumed that. This *can* be done in a query, but it requires sub-queriesunions. Something like this: SELECT * FROM computer WHERE cat = 'A' ORDER BY rand() LIMIT 1 UNION SELECT * FROM computer WHERE cat = 'B' ORDER BY rand() LIMIT 5 -- DB_DataObject_FormBuilder - The database at your fingertips http://pear.php.net/package/DB_DataObject_FormBuilder paperCrane --Justin Patrin-- -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] PHP 5.0.1 Released!
The PHP Development Team is glad to announce the release of PHP 5.0.1. This release is a maintenance release consisting mainly of bug fixes. It also includes new installation docs which are now auto-generated directly from the PHP Manual (INSTALL in the UNIX source package, install.txt in the Windows binary distribution both available at http://www.php.net/downloads.php) A full list of changes can be found at http://www.php.net/ChangeLog-5.php#5.0.1 Enjoy, PHP Development Team -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql query
"Justin Patrin" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > On Fri, 13 Aug 2004 15:20:36 +0200, Quentin Cotillard > <[EMAIL PROTECTED]> wrote: > > Consider a table similar to the one below. > > What I want to do is to get ONE random record from categories(cat) A > > and 5 random record from category B > > > > | ID | computer | name | cat |... > >1dell 834A > >2ibm526A > >3apple 134B > >4sony 333A > >5dell 834B > >6ibm556A > >7apple 534B > >8sony 233A > >9dell 874A > > > > > > How could I construct my query to the mysql? > > > > This is an SQL question, not a PHP question. > > order by rand limit 5 Hi Justin, this won't work because he needs to make sure to get 1 from category A *AND* 5 from category B with one query. I had a similar problem some weeks ago and even though a lot of people from the list were trying to help we didn't find a solution. In the end I had to do seperate queries. Regards, Torsten -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql query
On Fri, 13 Aug 2004 15:20:36 +0200, Quentin Cotillard <[EMAIL PROTECTED]> wrote: > Consider a table similar to the one below. > What I want to do is to get ONE random record from categories(cat) A > and 5 random record from category B > > | ID | computer | name | cat |... >1dell 834A >2ibm526A >3apple 134B >4sony 333A >5dell 834B >6ibm556A >7apple 534B >8sony 233A >9dell 874A > > > How could I construct my query to the mysql? > This is an SQL question, not a PHP question. order by rand limit 5 -- DB_DataObject_FormBuilder - The database at your fingertips http://pear.php.net/package/DB_DataObject_FormBuilder paperCrane --Justin Patrin-- -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Lock Record on Postgresql
Torsten, Elegant! Miles At 02:03 PM 8/13/2004, Torsten Roehr wrote: "Norma Ramirez" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Thanks for answer Miles, I'm aware of what you wrote but have a little hope > to find some way, and Robby what I'm trying to do is avoid the user for > update or delete a record that other user has been already selected, so I > cant tell something like: "This record is locked by another user, try > later", currently I'm doing this by code but like to do by Postgres > directly. > > Thanks in advance. Hi Norma, you can achieve this in a much more comfortable and elegant way: Create an integer column named oca (stands for Optimistic Concurrency Control Attribute). When you load the data to show them in the editing form store the value in a hidden field or in the session (if you are using sessions). Then when you update the data use the following statement: UPDATE table SET column = '$value' ..., oca = oca + 1 WHERE user_id = $user_id AND oca = $value_from_hidden_field After performing the query check the affected rows. If there is one affected row the update was succesful. If there are no affected rows it means that someone else updated this row in the meantime (thereby incrementing oca) and you can show a message like: "Since the start of your editing process someone else updated this record set. Please cancel and edit the record again." This way you will never lock out a record set forever like Miles wrote and the user will at least be able to "open" the record set and see all data - even if sometimes (should be very seldom) he has to cancel and start again. I hope you get my point - it's a bit difficult to explain. Best regards, Torsten Roehr -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Lock Record on Postgresql
"Norma Ramirez" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Thanks for answer Miles, I'm aware of what you wrote but have a little hope > to find some way, and Robby what I'm trying to do is avoid the user for > update or delete a record that other user has been already selected, so I > cant tell something like: "This record is locked by another user, try > later", currently I'm doing this by code but like to do by Postgres > directly. > > Thanks in advance. Hi Norma, you can achieve this in a much more comfortable and elegant way: Create an integer column named oca (stands for Optimistic Concurrency Control Attribute). When you load the data to show them in the editing form store the value in a hidden field or in the session (if you are using sessions). Then when you update the data use the following statement: UPDATE table SET column = '$value' ..., oca = oca + 1 WHERE user_id = $user_id AND oca = $value_from_hidden_field After performing the query check the affected rows. If there is one affected row the update was succesful. If there are no affected rows it means that someone else updated this row in the meantime (thereby incrementing oca) and you can show a message like: "Since the start of your editing process someone else updated this record set. Please cancel and edit the record again." This way you will never lock out a record set forever like Miles wrote and the user will at least be able to "open" the record set and see all data - even if sometimes (should be very seldom) he has to cancel and start again. I hope you get my point - it's a bit difficult to explain. Best regards, Torsten Roehr -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: [SPAM] [PHP-DB] Deleting older record
On Fri, 13 Aug 2004 00:08:56 -0500, Dylan Barber <[EMAIL PROTECTED]> wrote: > I have a tracking database but I only need things in it for about an hour > > I tried this > > DELETE * FROM `tblDownloadTrack` WHERE `timestamp` < TIME_TO_SEC( NOW( ) ) > > but it gives me an error anybody help me out on this? > > MySQL 4.0.16 > You need to give us an error. Perhaps: DELETE * FROM `tblDownloadTrack` WHERE `timestamp` < DATE_SUB(NOW( ), INTERVAL 1 HOUR) -- DB_DataObject_FormBuilder - The database at your fingertips http://pear.php.net/package/DB_DataObject_FormBuilder paperCrane --Justin Patrin-- -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Lock Record on Postgresql
Thanks for answer Miles, I'm aware of what you wrote but have a little hope to find some way, and Robby what I'm trying to do is avoid the user for update or delete a record that other user has been already selected, so I cant tell something like: "This record is locked by another user, try later", currently I'm doing this by code but like to do by Postgres directly. Thanks in advance. - Original Message - From: "Robby Russell" <[EMAIL PROTECTED]> To: "Norma Ramirez" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, August 13, 2004 10:07 AM Subject: Re: [PHP-DB] Lock Record on Postgresql -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Lock Record on Postgresql
On Fri, 2004-08-13 at 07:30, Norma Ramirez wrote: > I need to lock a record in a postgresql table, how can I send the lock query > in a script and after in other script send the unlock instruction? Is this > possible? > > Thanks > > Norma R What kind of queries are you running. Often times I find people misusing LOCKS. -Robby -- /*** * Robby Russell | Owner.Developer.Geek * PLANET ARGON | www.planetargon.com * Portland, OR | [EMAIL PROTECTED] * 503.351.4730 | blog.planetargon.com * PHP/PostgreSQL Hosting & Development / signature.asc Description: This is a digitally signed message part
Re: [PHP-DB] Lock Record on Postgresql
Norma, Generally speaking issuing locks on records across the internet is not a good idea. Too many things can happen that could result in the record never being unlocked. Recognize the HTTP is stateless, that's one of its limitations, and work around that. Regards - Miles At 11:30 AM 8/13/2004, Norma Ramirez wrote: I need to lock a record in a postgresql table, how can I send the lock query in a script and after in other script send the unlock instruction? Is this possible? Thanks Norma R -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] OCI8
Thanks for your help, but i tried with OCIPLogon, and get same result.
-Message d'origine-
De : Ford, Mike [LSS] [mailto:[EMAIL PROTECTED]
Envoyé : vendredi 13 août 2004 16:03
À : 'yannick'; [EMAIL PROTECTED]
Objet : RE: [PHP-DB] OCI8
On 13 August 2004 13:29, yannick wrote:
> I have some trouble with Oracle Database and php...
>
> see this code:
> while (1) {
> $conn=OCILogon($username,$password,$database);
Try OCIPLogon() rather than OCILogon().
> $stmt=OCIParse($conn,"select 50 as toto from dual");
> OCIDefineByName($stmt,"TOTO",&$total);
Not related to your problem, but you don't need that & -- in fact, it's
deprecated and may, one day, cause a parse error.
> OCIExecute($stmt);
> OCIFetch($stmt);
> echo ":::$total:::\n";
> OCILogoff($conn);
> $err=OCIError($conn);
> OCILogoff($conn);
> sleep(10);
> }
> >
>
> when i execute it, the number of fd on ocius.msg is growing. but
> there is only 1 connection at database.
>
> Can someone help me ?
Cheers!
Mike
-
Mike Ford, Electronic Information Services Adviser,
Learning Support Services, Learning & Information Services,
JG125, James Graham Building, Leeds Metropolitan University,
Headingley Campus, LEEDS, LS6 3QS, United Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Lock Record on Postgresql
I need to lock a record in a postgresql table, how can I send the lock query in a script and after in other script send the unlock instruction? Is this possible? Thanks Norma R -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] OCI8
On 13 August 2004 13:29, yannick wrote:
> I have some trouble with Oracle Database and php...
>
> see this code:
> while (1) {
> $conn=OCILogon($username,$password,$database);
Try OCIPLogon() rather than OCILogon().
> $stmt=OCIParse($conn,"select 50 as toto from dual");
> OCIDefineByName($stmt,"TOTO",&$total);
Not related to your problem, but you don't need that & -- in fact, it's deprecated and
may, one day, cause a parse error.
> OCIExecute($stmt);
> OCIFetch($stmt);
> echo ":::$total:::\n";
> OCILogoff($conn);
> $err=OCIError($conn);
> OCILogoff($conn);
> sleep(10);
> }
> >
>
> when i execute it, the number of fd on ocius.msg is growing. but
> there is only 1 connection at database.
>
> Can someone help me ?
Cheers!
Mike
-
Mike Ford, Electronic Information Services Adviser,
Learning Support Services, Learning & Information Services,
JG125, James Graham Building, Leeds Metropolitan University,
Headingley Campus, LEEDS, LS6 3QS, United Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] mysql query
Consider a table similar to the one below. What I want to do is to get ONE random record from categories(cat) A and 5 random record from category B | ID | computer | name | cat |... 1 dell 834A 2 ibm526A 3 apple 134B 4 sony 333A 5 dell 834B 6 ibm556A 7 apple 534B 8 sony 233A 9 dell 874A ... How could I construct my query to the mysql? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] OCI8
i don t really need to keep reconnecting.
i made this script to reproduce problem with apache.
ie:apache's child keep a lot of Fd to ocius.msg .
-Message d'origine-
De : Christopher Jones [mailto:[EMAIL PROTECTED]
Envoye : vendredi 13 aout 2004 15:12
A : yannick
Cc : [EMAIL PROTECTED]
Objet : Re: [PHP-DB] OCI8
It might be a feature of PHP's connection caching. Why don't
you log a bug in the PHP bug DB so the problem can be tracked?
Do you really need to keep reconnecting?
See
http://www.oracle.com/technology/tech/opensource/php/php_troubleshooting_faq
.html#conmgt
Chris
yannick wrote:
> I have some trouble with Oracle Database and php...
>
> see this code:
> while (1) {
> $conn=OCILogon($username,$password,$database);
> $stmt=OCIParse($conn,"select 50 as toto from dual");
> OCIDefineByName($stmt,"TOTO",&$total);
> OCIExecute($stmt);
> OCIFetch($stmt);
> echo ":::$total:::\n";
> OCILogoff($conn);
> $err=OCIError($conn);
> OCILogoff($conn);
> sleep(10);
> }
> ?>
>
> when i execute it, the number of fd on ocius.msg is growing. but there is
> only 1 connection at database.
>
> Can someone help me ?
>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Deleting older records
This works just fine thanks -Original Message- From: Nadim Attari <[EMAIL PROTECTED]> Sent: Aug 13, 2004 1:12 AM To: [EMAIL PROTECTED] Subject: Re: [PHP-DB] Deleting older records > Okay I have a timestamp field how do I create a query to delete all entries > older than an hour. Timestamp field is set by now() function. DELETE FROM tblDownloadTrack WHERE `timestamp` < TIME_TO_SEC(DATE_SUB(NOW( ), INTERVAL 1 HOUR)) -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php D B DDD DD BBB BB DDD DD JJJ BBB BB DDD DD JJJ BBB BB DDDDDJJJ B DDD DD JJ JJJ BBB BB DDD DD JJ JJJ BBB BB DDD DD ..JJ ..BBB BB D .. ..B --- Dylan Barber (CIW Professional, A+ Technician) Web Designer / Developer / DotNetNuke Portal Creator --- Clip those URLs! - Short links are easier to remember. http://clipurl.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] OCI8
It might be a feature of PHP's connection caching. Why don't you log a bug in the PHP bug DB so the problem can be tracked? Do you really need to keep reconnecting? See http://www.oracle.com/technology/tech/opensource/php/php_troubleshooting_faq.html#conmgt Chris yannick wrote: I have some trouble with Oracle Database and php... see this code: when i execute it, the number of fd on ocius.msg is growing. but there is only 1 connection at database. Can someone help me ? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] OCI8
I have some trouble with Oracle Database and php... see this code: when i execute it, the number of fd on ocius.msg is growing. but there is only 1 connection at database. Can someone help me ? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
