Re: [PHP-DB] Re: Finding the value of the COMMENT in a table column
hmm... u better check n hack phpmyadmin... u might get somethin out there... On Mon, 20 Sep 2004 13:02:55 +0930, David Robley [EMAIL PROTECTED] wrote: On Sun, 19 Sep 2004 21:19, Ross Honniball wrote: Hi all, Anyone know how to access the optional COMMENT you can add to columns during table creation? eg. create table x (fldx char(1) COMMENT 'some comment', fldy char (1) COMMENT 'another comment') I want to 'get' the COMMENT field. I know it should be in the manual, but I can't find it. Thanks ... Ross . . Ross Honniball. JCU Bookshop Cairns, Qld, Australia. SHOW TABLE STATUS LIKE 'pattern' or SHOW CREATE TABLE tablename will return the table comment, along with other info - you'll have to parse it out of the returned data. If there is a better way, I haven't found it yet :-0 Not sure how this will work with column comments. Cheers -- David Robley May I introduce the family Stone? Tom asked slyly. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Mass mail
Hello list A client of mine sends thousands of mails as newsletters and wants as to make an Interface to admin this list. Its easy to put this mail list in a MySQL table and make the interface on PHP language and with mail() function to send a newsletter. The question is that if this function can handle a thousand mail or more or there is a most appropriate way Thank you -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: Mass mail
Hi Nikos, There is a number of ways you can handle this. But I have found these days many web - hosts are limiting the number of emails a domain may send per hour. Many have set the limit to 500 emails per domain per hour ... Which means you can only send 500 emails per hour via the domain you are sending mail from. Now if you do not setup a decent mail out you can find only 500 emails are sent and the rest bounce because the limit was attempted to be exceeded. So if it is exceeded it will bounce back to the root email address. But you can set up a mail out to only send so many emails an hour that your host allows. I have setup plenty of customized mail programs on servers that have a limit. So if the limit is 500 you set the program to send 499 an hour. SO it's not over for any reason. You can find out your limit or if any exist by contacting your web - host. If no limit is set you don't have to worry as much. Need more assistnace please email the list as my time limit of responding may vary. J From: nikos [EMAIL PROTECTED] To: PHP-mailist (PHP-mailist) [EMAIL PROTECTED] Date: Mon, 20 Sep 2004 16:18:57 +0300 Subject: Mass mail Hello list A client of mine sends thousands of mails as newsletters and wants as to make an Interface to admin this list. Its easy to put this mail list in a MySQL table and make the interface on PHP language and with mail() function to send a newsletter. The question is that if this function can handle a thousand mail or more or there is a most appropriate way Find local movie times and trailers on Yahoo! Movies. http://au.movies.yahoo.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Mass mail
Yes - we're doing 900 per night. It's a one page letter providing the day's headlines with a link to where subscribers can view it. Viewing is done through a Flash movie so as to provide as secure an environment as possible. But now we're digressing into digital rights management. Code itself is nothing special; fetch names and heads from the database, build the list of heads, then run down the returned set of names and email addresses, creating the To; portion of the header, then bung the whole thing into the mail() function. Set the appropriate field in the database with whateer mail() returns, same info name, email result of mail() is fed to a browser for user feedback. Whole thing takes about 4 min to run. After each message is sent set_time_limit(20) is called so whole thing doesn't time out. You may also want to look at the mailing functions which Manuel Lemos has on his site. HTH - Miles Thompson At 10:18 AM 9/20/2004, nikos wrote: Hello list A client of mine sends thousands of mails as newsletters and wants as to make an Interface to admin this list. Its easy to put this mail list in a MySQL table and make the interface on PHP language and with mail() function to send a newsletter. The question is that if this function can handle a thousand mail or more or there is a most appropriate way Thank you -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: Mass mail
Hello, On 09/20/2004 10:18 AM, Nikos wrote: A client of mine sends thousands of mails as newsletters and wants as to make an Interface to admin this list. Its easy to put this mail list in a MySQL table and make the interface on PHP language and with mail() function to send a newsletter. The question is that if this function can handle a thousand mail or more or there is a most appropriate way It depends. PHP mail() function relays on an SMTP server on Windows and on the sendmail wrapper program on Unix/Linux. Relaying on an SMTP server is slow and inefficient. If you can use a platform that uses Qmail or Postfix you are fine. Using sendmail or exim can also be a good solution but you need to configure how the messages are queued or else your PHP script will be running for a very long time. Now, for the actual composing and sending of the newsletters, there are some optimizations that can be done depending on whether the newsletters are going to be personalized (avoid it at all costs if you can) or not. You may want to take a look at this class that provides some means to optimized deliveries for bulk mailing. I use it to send over 100,000 every day. http://www.phpclasses.org/mimemessage -- Regards, Manuel Lemos PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/ Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: Mass mail
On Sep 20, 2004, at 7:13 AM, Manuel Lemos wrote: Now, for the actual composing and sending of the newsletters, there are some optimizations that can be done depending on whether the newsletters are going to be personalized (avoid it at all costs if you can) or not. May I ask why? Are you referring to the additional time it would take the script to run or to a security issue or something else? Thanks, Ben -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: Mass mail
Hello, On 09/20/2004 11:54 AM, Ben Galin wrote: Now, for the actual composing and sending of the newsletters, there are some optimizations that can be done depending on whether the newsletters are going to be personalized (avoid it at all costs if you can) or not. May I ask why? Are you referring to the additional time it would take the script to run or to a security issue or something else? Yes, it takes much more time to send personalized messages because you have to generate different copies for each recipient. What I mean is that IMHO it is not worth to send personalized messages just to adapt the Hello {name} header unless you want to pretend that the messages are being sent by a human that really cares about the recipient person and not a bulk mailing machine. -- Regards, Manuel Lemos PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/ Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: Mass mail
Hello, On 09/20/2004 11:54 AM, Ben Galin wrote: Now, for the actual composing and sending of the newsletters, there are some optimizations that can be done depending on whether the newsletters are going to be personalized (avoid it at all costs if you can) or not. May I ask why? Are you referring to the additional time it would take the script to run or to a security issue or something else? Yes, it takes much more time to send personalized messages because you have to generate different copies for each recipient. What I mean is that IMHO it is not worth to send personalized messages just to adapt the Hello {name} header (and the rest of the message is the same) unless you want to pretend that the messages are being sent by a human that really cares about the recipient person and not a bulk mailing machine. -- Regards, Manuel Lemos PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/ Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: Finding the value of the COMMENT in a table column
don't you get that with the DEFINE `table` query? -- -- Jasper Howard :: Database Administration ApexEleven Web Design 1.530.559.0107 http://www.ApexEleven.com/ -- Ross Honniball [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi all, Anyone know how to access the optional COMMENT you can add to columns during table creation? eg. create table x (fldx char(1) COMMENT 'some comment', fldy char (1) COMMENT 'another comment') I want to 'get' the COMMENT field. I know it should be in the manual, but I can't find it. Thanks ... Ross . . Ross Honniball. JCU Bookshop Cairns, Qld, Australia. . -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: Finding the value of the COMMENT in a table column
Or maybe with Describe Table ? On Mon, 20 Sep 2004 10:51:30 -0700, Jasper Howard [EMAIL PROTECTED] wrote: don't you get that with the DEFINE `table` query? -- -- Jasper Howard :: Database Administration ApexEleven Web Design 1.530.559.0107 http://www.ApexEleven.com/ -- Ross Honniball [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi all, Anyone know how to access the optional COMMENT you can add to columns during table creation? eg. create table x (fldx char(1) COMMENT 'some comment', fldy char (1) COMMENT 'another comment') I want to 'get' the COMMENT field. I know it should be in the manual, but I can't find it. Thanks ... Ross . . Ross Honniball. JCU Bookshop Cairns, Qld, Australia. . -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Passing URL parameters, how to hide
I'm restarting this post. I thought I was out of the woods, but not. Here situation, in most of my update forms which involve 1 record, passing a session variable , usually the users ID is enough. No URL param passing. Not so in two update forms I have where there are multiple records for each user. If I pass a session variable it only brings up the first record. So unless I am missing something, I must pass the record ID via a URL parameter. That works just great, but the problems lies in the fact, that all anyone would need to do is change recordID=1 to recordID=2 and they can see someone elses record, which is supposed to confidential. Now I've looked at sights like Monster, Amazon, Ebay, and tried changing the recordID in the URL area, but it either ignores my change or kicked back an invalid ID. This is even if I remove the other ID's from the line. So, I'm sure this has been dealt with more, I don't have the foggiest clue yet though how I can implement something that either hides, or prevents a user from going through records in the database by changing the id number. Appreciate any suggestions or ideas. Thank you, Stuart --- Stuart Felenstein [EMAIL PROTECTED] wrote: Turned out hiding the id wasn't necessary as the awaiting update page can grab the session ID. I wasn't thinking. Sorry Stuart --- John Holmes [EMAIL PROTECTED] wrote: Stuart Felenstein wrote: I'm still confused over one aspect of URL parameters. As far as a form passing data back to the server, I understand about get, post and replace. Here is my problem. I have an update form. User is logged in to the system and needs to update whatever information. Right now I'm including in the link the user's ID, so when they arrive at the update page, their record will be displayed. The problem is all one has to do is change the ID number in the URL parameter in the update page and you can go to someone else's record. How do programmers generally get around this ? I must be missing something. How do you identify the user once they are logged in? There should be some way to relate the logged in user to valid records they can see. Then, if they request an invalid record, you can show them an error page. Hiding the ID isn't going to fix anything. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Passing URL parameters, how to hide
When I created a business management script for the business I work for, it was important that ids in url's were encrypted. What I did was create a code for each item that needed one. My encryption table fields looked something like: enc_id, encryption, table, id where enc_id was the unique identifier in this table, encryption was the 14 character code, table was the table that the encrypted data was stored in, and id was the id of the encrypted data. That was you can pass the 14 digit code in the html, then when you need to use it in a php script you can just make a function that returns the data from the database from the encryption code. For extra security (since someone could just remember the encryption code) I added a cron job script that changed the encryptions every midnight. If anyone thinks something like this would work for them, some thing to remember is that you need to make sure that when you add an item to the encryption table in the db that each code is unique. -- -- Jasper Howard :: Database Administration ApexEleven Web Design 1.530.559.0107 http://www.ApexEleven.com/ -- Stuart Felenstein [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm restarting this post. I thought I was out of the woods, but not. Here situation, in most of my update forms which involve 1 record, passing a session variable , usually the users ID is enough. No URL param passing. Not so in two update forms I have where there are multiple records for each user. If I pass a session variable it only brings up the first record. So unless I am missing something, I must pass the record ID via a URL parameter. That works just great, but the problems lies in the fact, that all anyone would need to do is change recordID=1 to recordID=2 and they can see someone elses record, which is supposed to confidential. Now I've looked at sights like Monster, Amazon, Ebay, and tried changing the recordID in the URL area, but it either ignores my change or kicked back an invalid ID. This is even if I remove the other ID's from the line. So, I'm sure this has been dealt with more, I don't have the foggiest clue yet though how I can implement something that either hides, or prevents a user from going through records in the database by changing the id number. Appreciate any suggestions or ideas. Thank you, Stuart --- Stuart Felenstein [EMAIL PROTECTED] wrote: Turned out hiding the id wasn't necessary as the awaiting update page can grab the session ID. I wasn't thinking. Sorry Stuart --- John Holmes [EMAIL PROTECTED] wrote: Stuart Felenstein wrote: I'm still confused over one aspect of URL parameters. As far as a form passing data back to the server, I understand about get, post and replace. Here is my problem. I have an update form. User is logged in to the system and needs to update whatever information. Right now I'm including in the link the user's ID, so when they arrive at the update page, their record will be displayed. The problem is all one has to do is change the ID number in the URL parameter in the update page and you can go to someone else's record. How do programmers generally get around this ? I must be missing something. How do you identify the user once they are logged in? There should be some way to relate the logged in user to valid records they can see. Then, if they request an invalid record, you can show them an error page. Hiding the ID isn't going to fix anything. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals - www.phparch.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Passing URL parameters, how to hide
You should always avoid passing Record IDs through URL parameters. Use form Hidden fields instead! In your case, when ur selecting the users form data from the record check if it's the same user if not then if he tries to change the ID from the URI Parameter just block it. Or u better MD5 every logged in user's record ID and hold it in ur sessions then check against it and show the proper form or just show an error page or a page saying Access Denied! . I personaly dont recommand using url parameters for passing record ids, i'd rather use hidden inputs, sessions, or even cookies but never URI querystrings for record ids. Better use of URI querystrings would be for logic, section, category, decision, options rather than important data such as ur table primary keys! Hope this is useful. On Mon, 20 Sep 2004 15:32:07 -0700, Jasper Howard [EMAIL PROTECTED] wrote: When I created a business management script for the business I work for, it was important that ids in url's were encrypted. What I did was create a code for each item that needed one. My encryption table fields looked something like: enc_id, encryption, table, id where enc_id was the unique identifier in this table, encryption was the 14 character code, table was the table that the encrypted data was stored in, and id was the id of the encrypted data. That was you can pass the 14 digit code in the html, then when you need to use it in a php script you can just make a function that returns the data from the database from the encryption code. For extra security (since someone could just remember the encryption code) I added a cron job script that changed the encryptions every midnight. If anyone thinks something like this would work for them, some thing to remember is that you need to make sure that when you add an item to the encryption table in the db that each code is unique. -- -- Jasper Howard :: Database Administration ApexEleven Web Design 1.530.559.0107 http://www.ApexEleven.com/ -- Stuart Felenstein [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm restarting this post. I thought I was out of the woods, but not. Here situation, in most of my update forms which involve 1 record, passing a session variable , usually the users ID is enough. No URL param passing. Not so in two update forms I have where there are multiple records for each user. If I pass a session variable it only brings up the first record. So unless I am missing something, I must pass the record ID via a URL parameter. That works just great, but the problems lies in the fact, that all anyone would need to do is change recordID=1 to recordID=2 and they can see someone elses record, which is supposed to confidential. Now I've looked at sights like Monster, Amazon, Ebay, and tried changing the recordID in the URL area, but it either ignores my change or kicked back an invalid ID. This is even if I remove the other ID's from the line. So, I'm sure this has been dealt with more, I don't have the foggiest clue yet though how I can implement something that either hides, or prevents a user from going through records in the database by changing the id number. Appreciate any suggestions or ideas. Thank you, Stuart --- Stuart Felenstein [EMAIL PROTECTED] wrote: Turned out hiding the id wasn't necessary as the awaiting update page can grab the session ID. I wasn't thinking. Sorry Stuart --- John Holmes [EMAIL PROTECTED] wrote: Stuart Felenstein wrote: I'm still confused over one aspect of URL parameters. As far as a form passing data back to the server, I understand about get, post and replace. Here is my problem. I have an update form. User is logged in to the system and needs to update whatever information. Right now I'm including in the link the user's ID, so when they arrive at the update page, their record will be displayed. The problem is all one has to do is change the ID number in the URL parameter in the update page and you can go to someone else's record. How do programmers generally get around this ? I must be missing something. How do you identify the user once they are logged in? There should be some way to relate the logged in user to valid records they can see. Then, if they request an invalid record, you can show them an error page. Hiding the ID isn't going to fix anything. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals - www.phparch.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit:
[PHP-DB] How do u preffer ur Javascript in PHP?
Is it better if u have ur javascript alone (for example a good JS framework to make anykind of UI elements u need?) or would u preffer having a good set of PHP classes that generates those UI elements for u from PHP w/o even touching JS or even knowing it? to be clear, Would u write this script type=text/javascriptalert(I preffer pure JS);/script or would u write JS::Alert(I preffer using PHP code); Which one would u prefer? or which method do u use? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Database VS Datastructure
Do u prefer data structures in your scripts? as in Trees, Queues, Stacks Do u like arrays? or like classes? Once u get ur data from ur DB would u store it in a Tree for example or would u just take more trips to the database instead? Datascructures make DB so it cant be against it right? Datastructures are live, runtime in ur script while Database is somewhere else that u fetch or play with. So more hits to DB or one hit n playing with ur Trees, Stacks? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Passing URL parameters, how to hide
BTW u might expose n get ur database hacked if u dont do some sort of validation while using the ID from the URI parameter example: http://domain/?show=recordsid=4 if someone changes id to 4;use mysql; update user set password=md5(hello) where user='root'; imagine wat would happen??? ur mySQL root password is changed u should always avoid or protect urself one way is to keep -- after ur db queries because MySQL takes -- as comment so it will remark the rest of the queries. 1-always check for the datatype as well use the === instead of == to check if the data type holds or now when ur comparing or use is_int, is_string,n the rest 2-always check if the parameter ur getting is of the same type u have in ur database 3-Try to convert or trancate the datatype to the one u need check against in ur DB for example: $recordID=is_int($_GET['id'])?$_GET['id']:-1; 4-Never expose ur column names, fieled names, or table names!! Never 5-Always protect ur DB queries by ur own error-handling and never show DB errors on ur pages... it exposes alot of data about ur database! I think ur problem is that u started coding before thinking of a logic n drawing ur algorithm... while it's simple, lack of these plannings makes ur work harder. On Tue, 21 Sep 2004 05:29:30 +0400, M Saleh EG [EMAIL PROTECTED] wrote: You should always avoid passing Record IDs through URL parameters. Use form Hidden fields instead! In your case, when ur selecting the users form data from the record check if it's the same user if not then if he tries to change the ID from the URI Parameter just block it. Or u better MD5 every logged in user's record ID and hold it in ur sessions then check against it and show the proper form or just show an error page or a page saying Access Denied! . I personaly dont recommand using url parameters for passing record ids, i'd rather use hidden inputs, sessions, or even cookies but never URI querystrings for record ids. Better use of URI querystrings would be for logic, section, category, decision, options rather than important data such as ur table primary keys! Hope this is useful. On Mon, 20 Sep 2004 15:32:07 -0700, Jasper Howard [EMAIL PROTECTED] wrote: When I created a business management script for the business I work for, it was important that ids in url's were encrypted. What I did was create a code for each item that needed one. My encryption table fields looked something like: enc_id, encryption, table, id where enc_id was the unique identifier in this table, encryption was the 14 character code, table was the table that the encrypted data was stored in, and id was the id of the encrypted data. That was you can pass the 14 digit code in the html, then when you need to use it in a php script you can just make a function that returns the data from the database from the encryption code. For extra security (since someone could just remember the encryption code) I added a cron job script that changed the encryptions every midnight. If anyone thinks something like this would work for them, some thing to remember is that you need to make sure that when you add an item to the encryption table in the db that each code is unique. -- -- Jasper Howard :: Database Administration ApexEleven Web Design 1.530.559.0107 http://www.ApexEleven.com/ -- Stuart Felenstein [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm restarting this post. I thought I was out of the woods, but not. Here situation, in most of my update forms which involve 1 record, passing a session variable , usually the users ID is enough. No URL param passing. Not so in two update forms I have where there are multiple records for each user. If I pass a session variable it only brings up the first record. So unless I am missing something, I must pass the record ID via a URL parameter. That works just great, but the problems lies in the fact, that all anyone would need to do is change recordID=1 to recordID=2 and they can see someone elses record, which is supposed to confidential. Now I've looked at sights like Monster, Amazon, Ebay, and tried changing the recordID in the URL area, but it either ignores my change or kicked back an invalid ID. This is even if I remove the other ID's from the line. So, I'm sure this has been dealt with more, I don't have the foggiest clue yet though how I can implement something that either hides, or prevents a user from going through records in the database by changing the id number. Appreciate any suggestions or ideas. Thank you, Stuart --- Stuart Felenstein [EMAIL PROTECTED] wrote: Turned out hiding the id wasn't necessary as the awaiting update page can grab the