Re: [PHP-DB] mysql - image storing
Martin Norland wrote:
Jochem Maas wrote:
I was always under the impression that single quotes (assuming you are
delineating you args with single quotes) should (officially) be
escaped with another single quote - although backslash also works:
"INSERT INTO status (hunger) values ('I''ve just eaten.');"
...alot of really old code of mine is full of stuff like:
$var = str_replace("'","''",$var);
but maybe that just MTAM(tm) working for me - (thats a reference to a
bit of humour from another thread btw - MTAM is not a technology :-)
AFAIK - for Sybase and CSV yes, otherwise no (in general). Maybe it's a
compatibility option? Still, there are perfectly valid reasons to have
multiple ''s. (why, there's one now - sort of...)
ok - cheers, just for the record If I wanted to insert your sentence:
'Still, there are perfectly valid reasons to have multiple s'
:-)
Cheers,
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql - image storing
Simon Rees wrote: On Tuesday 18 January 2005 19:18, Jochem Maas wrote: I was always under the impression that single quotes (assuming you are delineating you args with single quotes) should (officially) be escaped with another single quote - although backslash also works: I think it depends on the database that you are using. Oracle and MS-SQL both require quotes to be escaped with another quote, MySQL uses backslashes. I seem to recall that two quotes is the standard... Of course it is even better to use bind vars and then you don't need to escape the quotes (or worry about sql injection attacks)... did I mention I have been using firebird and the php-extension for the last year and a half ;-) cheers Simon -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Re: Subject: mysql - image storing
Hi Guys,
Just to throw my 2 cents in...
The application requirements drive how you handle images in a db...sometimes
you simply don't have the choice (though filesystem storage is better IMO).
My work app / clients require that we store images (and other media or
documents) in the db.
So while there are certain advantages to one over the other (and each method
had them)...you do what the requirements tell you to do
Bastien
From: "Neil Smith [MVP, Digital media]" <[EMAIL PROTECTED]>
To: php-db@lists.php.net
CC: [EMAIL PROTECTED]
Subject: [PHP-DB] Re: Subject: mysql - image storing
Date: Wed, 19 Jan 2005 00:48:39 +
No, really really , don't do this. Store the path to the image.
You then load the path into PHP and use
header("Content-type: image/jpeg");
readfile($path_from_database);
exit;
Then .htaccess the *actual directory* you store the images in so it's
hidden from browsing.
Only allow authorised people access to their own images, using a standard
authentication system, and retrieve the image filenames they're allowed
from the DB, append that to your protected directory path, and use
readfile() to pass through the file data directly to the browser.
Really, don't store them in the database ;-)
Cheers - Neil
At 18:59 18/01/2005 +, you wrote:
Message-ID: <[EMAIL PROTECTED]>
From: "mel list_php" <[EMAIL PROTECTED]>
To: php-db@lists.php.net
Date: Tue, 18 Jan 2005 11:30:12 +
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Subject: mysql - image storing
Hi list,
I try to store/retrieve pictures into MySQL.
I know that a lot of people will say this is not a good practice, so here
are briefly my reasons:
-I want to protect that pictures (restricted access)
-I don't want to use htaccess as I want my users to be able to modify
their password whenever they want, and I don't want to modify dynamically
an htaccess file.
-I could store them on the filesystem (my actual solution), but I have
only few pictures, so I would like to give the MySQL option a trial.
CaptionKit http://www.captionkit.com : Production tools
for accessible subtitled internet media, transcripts
and searchable video. Supports Real Player, Quicktime
and Windows Media Player.
VideoChat with friends online, get Freshly Toasted every
day at http://www.fresh-toast.net : NetMeeting solutions
for a connected world.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: Subject: mysql - image storing
No, really really , don't do this. Store the path to the image.
You then load the path into PHP and use
header("Content-type: image/jpeg");
readfile($path_from_database);
exit;
Then .htaccess the *actual directory* you store the images in so it's
hidden from browsing.
Only allow authorised people access to their own images, using a standard
authentication system, and retrieve the image filenames they're allowed
from the DB, append that to your protected directory path, and use
readfile() to pass through the file data directly to the browser.
Really, don't store them in the database ;-)
Cheers - Neil
At 18:59 18/01/2005 +, you wrote:
Message-ID: <[EMAIL PROTECTED]>
From: "mel list_php" <[EMAIL PROTECTED]>
To: php-db@lists.php.net
Date: Tue, 18 Jan 2005 11:30:12 +
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Subject: mysql - image storing
Hi list,
I try to store/retrieve pictures into MySQL.
I know that a lot of people will say this is not a good practice, so here
are briefly my reasons:
-I want to protect that pictures (restricted access)
-I don't want to use htaccess as I want my users to be able to modify
their password whenever they want, and I don't want to modify dynamically
an htaccess file.
-I could store them on the filesystem (my actual solution), but I have
only few pictures, so I would like to give the MySQL option a trial.
CaptionKit http://www.captionkit.com : Production tools
for accessible subtitled internet media, transcripts
and searchable video. Supports Real Player, Quicktime
and Windows Media Player.
VideoChat with friends online, get Freshly Toasted every
day at http://www.fresh-toast.net : NetMeeting solutions
for a connected world.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] RE: Import into mysql from csv-file
Mysql> LOAD DATA INFILE '/tmp/jokes.txt' INTO TABLE jokes FIELDS TERMINATED BY '' http://dev.mysql.com/doc/mysql/en/mysqlimport.html http://dev.mysql.com/doc/mysql/en/LOAD_DATA.html Jeremy Shovan -Original Message- From: Ruprecht Helms [mailto:[EMAIL PROTECTED] Sent: Monday, January 17, 2005 6:32 AM To: php-db@lists.php.net Subject: Import into mysql from csv-file Hi, how do I import data stored in a csv-file (formated text) into a mysql_database. Regards, Ruprecht -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Inserting UTF-8 data to MySQL 4.1.X
Hi, I've got a problem concerning inserting UTF-8 encoded data into a MySQL 4.1.9 table. I'm working on a simple DOM based XML feed parser in PHP5; I need to insert the data parsed from the feeds into the table. The script source can be viewed: http://www.feedsfarm.com/tmp.phps Most western European characters are inserted fine. Other characters such as special punctuation marks, and more importantly Japanese and middle and eastern European languages are inputted, but some characters seem to get mangled up. An example of the data is available: http://www.feedsfarm.com/s/s-50-site:a As you can see many Japanese symbols are fine, others are wrong, and show up as "???" in fire fox. Cyrillic languages are the same - some characters are fine, others just show the dreaded "???". My server's version of MySQL has UTF-8/Unicode support fully enabled, and I have all the fonts and character supported on my client machine. Here is an example of the data being sent straight to the browser: http://www.feedsfarm.com/tmp.php (works PERFECT!) Note: I know the parsed XML data is UTF-8 encoded because this is default by Libxml when traversing XML via DOM. Can anyone help point me in the right direction? Cheers, - Martin
[PHP-DB] RE: i am lost (php warning)
Log In'){
$user=$_POST["email"];
$pass=$_POST["pass"];
if(!$sql_query = mysql_query("SELECT * FROM cm_customer WHERE
emial='".mysql_real_escape_string($user)."'")){
//This will let you know if there is an error in your query. I do
not recomend leaving this here when when it is live.
die(mysql_error());
}
$numRows = mysql_num_rows($sql_query);
if (($numRows) >0){
$valid = $user;
session_start();
session_register("valid");
}
}
if (session_is_registered("reg")){
echo "ok";
}else{
echo "sorry";
}
?>
Jeremy Shovan
-Original Message-
From: Earl Clare [mailto:[EMAIL PROTECTED]
Sent: Monday, January 17, 2005 10:59 PM
To: php-db@lists.php.net
Subject: i am lost (php warning)
Hi ya'll,
I am lost as to why I am getting this error in my script. Can anyone
kindly
explain why this is so.
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
resource in /home/cm/public_html/cell/login.php
---
My script
---
if($_POST['submit'] == '>Log In')
{
$user=$_POST["email"];
$pass=$_POST["pass"];
$sql_query = mysql_query("SELECT * FROM cm_customer WHERE
emial='$user'");
$sql_query = mysql_num_rows($sql_query);
if (($sql_query) >0)
{
$valid = $user;
session_start();
session_register("valid");
}
}
if (session_is_registered("reg"))
{
echo "ok";
}
else
{
echo "sorry";
}
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql - image storing
Jochem Maas wrote:
I was always under the impression that single quotes (assuming you are
delineating you args with single quotes) should (officially) be escaped
with another single quote - although backslash also works:
"INSERT INTO status (hunger) values ('I''ve just eaten.');"
...alot of really old code of mine is full of stuff like:
$var = str_replace("'","''",$var);
but maybe that just MTAM(tm) working for me - (thats a reference to a
bit of humour from another thread btw - MTAM is not a technology :-)
AFAIK - for Sybase and CSV yes, otherwise no (in general). Maybe it's a
compatibility option? Still, there are perfectly valid reasons to have
multiple ''s. (why, there's one now - sort of...)
Cheers,
--
- Martin Norland, Database / Web Developer, International Outreach x3257
The opinion(s) contained within this email do not necessarily represent
those of St. Jude Children's Research Hospital.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql - image storing
On Tuesday 18 January 2005 19:18, Jochem Maas wrote: > I was always under the impression that single quotes (assuming you are > delineating you args with single quotes) should (officially) be escaped > with another single quote - although backslash also works: I think it depends on the database that you are using. Oracle and MS-SQL both require quotes to be escaped with another quote, MySQL uses backslashes. I seem to recall that two quotes is the standard... Of course it is even better to use bind vars and then you don't need to escape the quotes (or worry about sql injection attacks)... cheers Simon -- ~~ Simon Rees | [EMAIL PROTECTED] | ORA-03113: end-of-file on communication channel ~~ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] PHP 5.0.3 and Oracle9i on Windows 2000/Apache
I agree with your theory of the possibility that the cli version of php is
using a different ini file than the
apache2 module/cgi. I have no clue as to how to confirm that or to correct
it though, and advice there?
I do restart Apache anytime I make config changes, hasn't seemed to have
helped at all.
The putenv seems to work just dandy as the script worked fine from the
command line either wheather the putenv(s) were commented out or not.
Thanks,
Chaun
-Original Message-
From: Jochem Maas [mailto:[EMAIL PROTECTED]
Sent: Monday, January 17, 2005 10:48 AM
To: Chaun Keating
Cc: php-db@lists.php.net
Subject: Re: [PHP-DB] PHP 5.0.3 and Oracle9i on Windows 2000/Apache
Chaun Keating wrote:
> I am having trouble logging onto Oracle via PHP on a Windows 2000 machine.
>
> I keep getting the error:
>
> Fatal error: Call to undefined function OCILogon() in C:\Program
> Files\Apache Group\Apache2\htdocs\oraconnect.php on line 15
>
> I seem to have everything set up correctly. I am running an Oracle 9i
> client and have set up the php.ini file with "extension=php_oci8.dll"
> uncommented, left ";extension=php_oracle.dll" commented. (Although I have
> tried various combinations of these two. Also I have set the
"extension_dir
> = C:\Program Files\PHP\ext" correctly and noted that php_oci8.dll and
> php_oracle.dll exist there.
>
> Now here is where it gets really weird and I could use some help:
>
> It works fine from the command line:
possibly the cli version of php is using a different ini file than the
apache2 module/cgi. also you made need to restart apache in order to
reread the php.ini file.
with regard to putenv() - you may be suffering from safe_mode being on.
also, (I don't know this!), if putenv is setting env vars whose scope is
server-process wide then concurrent scripts _maybe_ messing each other
up: e.g. request1 starts and does some putenv()s, request2 does the
same a fraction later, request1 finishes and resets stuff done by
putenv(), request2 trys to connect...which fails because the env vars
are empty.
>
> I type "php oraconnect.php" for the following code:
> //putenv("ORACLE_SID=TESTDB");
> //putenv("ORACLE_HOME=C:/oracle/ora92");
> //putenv("TNS_ADMIN=C:/oracle/ora92/network/admin");
> $username = "SCOTT";
> $passwd = "TIGER";
> //$db="(DESCRIPTION=
> // (ADDRESS_LIST=
> // (ADDRESS=(PROTOCOL=TCP)
>//(HOST=orahostname1)(PORT=1621)
> // )
> // )
> // (CONNECT_DATA=(SERVICE_NAME=TESTDB))
>// )";
> $conn = OCILogon("SCOTT","TIGER","TESTDB");
> if (!$conn)
> {
>echo "Connection failed";
>echo "Error Message: [" . OCIError($conn) . "]";
>exit;
> }
> else
> {
>echo "Connected!";
> }
> ?>
>
>
> It works either way with the env_variables in the script or with them
> commented out from the command line. I just can't get it to work from the
> browser.
>
> Can anyone out there help me with this one? I have some experience with
> Oracle, Perl, and a little Java but not so much with PHP.
>
> Thanks.
>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql - image storing
Joseph Crawford wrote: Jason, can you explain why stripslashes should not be used on data taken from the db? when you store data in the db i thought it was good although 'slashing' text works pretty much all of the time (possibly the guys using exotic encodings all day will say different :-) but the data you are storing in the DB is binary - stripping and slashing will probably do weird things to the data: try creating some image data and run it thru add_slashes() and stripslashes() and compare the output of each with the original. practice to addslashes, when you retrieve from the db, you will need why is it good practice? (anyone)? sounds like pure overhead to me. you could look up 'magic quotes' in relation to this, its often where the trouble starts! on a side note: - me I use the ibase/firebird php extension which has parameterized queries - so I can say goodbye to mysql_escape_arg() (or whatever the damn function is called) and having to hand craft lots of arg checks - but alas you may not have access to a firebird DB. to use stripslashes to remove the extra \ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] mysql - image storing
To view the terms under which this email is distributed, please go to http://disclaimer.leedsmet.ac.uk/email.htm On 18 January 2005 17:11, Joseph Crawford wrote: > Jason, can you explain why stripslashes should not be used on data > taken from the db? when you store data in the db i thought it was good > practice to addslashes, when you retrieve from the db, you will need > to use stripslashes to remove the extra \ It's simple. Suppose you have a script that looks a bit like this (but hopefully with more input validation and error checking!): $value = addslashes($_POST['text']); // magic_quotes_gpc off $sql = "INSERT INTO tbl SET fld = '$value'"; database_execute($sql); Now suppose the user types this into the 'text' form field: Here's an apostrophe Here's what happens: PHP does this: $value is set to: Here\'s an apostrophe $sql becomes: INSERT INTO tbl SET fld = 'Here\'s an apostrophe' Which is sent to the database via database_execute() The DATABASE now does this: Receives the SQL statement: INSERT INTO tbl SET fld = 'Here\'s an apostrophe' (Note how the \ escape is required here to stop the field value from terminating prematurely -- but this escape is aimed at the *database*, and is not a PHP escape. A lot of confusion seems to arise here for databases which use the same \ escape character as PHP.) Extracts the value: Here\'s an apostrophe and de-escapes it to give:Here's an apostrophe Which gets inserted into the database. So the value inserted into the database is the unescaped original, and on retrieval there are no \ characters in the retrieved value to be stripslashes()ed. Hope that's clearer than mud, and helps you understand what's going on better. Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning & Information Services, JG125, James Graham Building, Leeds Metropolitan University, Headingley Campus, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql - image storing
Martin Norland wrote:
Joseph Crawford wrote:
Jason, can you explain why stripslashes should not be used on data
taken from the db? when you store data in the db i thought it was good
practice to addslashes, when you retrieve from the db, you will need
to use stripslashes to remove the extra \
The slashes are added for the database, not to be stored with the data.
for e.g. - to store: "I've just eaten."
you do: "INSERT INTO status (hunger) values ('I\'ve just eaten.');"
I was always under the impression that single quotes (assuming you are
delineating you args with single quotes) should (officially) be escaped
with another single quote - although backslash also works:
"INSERT INTO status (hunger) values ('I''ve just eaten.');"
...alot of really old code of mine is full of stuff like:
$var = str_replace("'","''",$var);
but maybe that just MTAM(tm) working for me - (thats a reference to a
bit of humour from another thread btw - MTAM is not a technology :-)
which stores: "I've just eaten."
It's not good practice - it's required (if you're not using a mechanism
that already handles this - such as the latest mysqli bind functions) -
otherwise the query is invalid.
nice to learn that mysqli is getting it 'right' :-) [makes mental note
to look into it!]
You may be thinking of running 'htmlentities' when retrieving data -
which is necessary in some cases, depending on where you're using it
(most notably - in html where you don't want html output).
Cheers,
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql - image storing
On Wednesday 19 January 2005 01:51, [EMAIL PROTECTED] wrote: > > Jason, can you explain why stripslashes should not be used on data > > taken from the db? when you store data in the db i thought it was good > > practice to addslashes, when you retrieve from the db, you will need > > to use stripslashes to remove the extra \ > > If I may step in... > > Assuming a MySQL db, using mysql_escape_string obviates the need for using > either stripslashes or addslashes for db inserts and selects. I'm not sure > of the underlying mechanism, but if you use mysql_escape_string on a > string, the \'s and " ' "s, etc... all get escaped automagically before > the insert. If you then take a look at the inserted data using the mysql > client, you will see that the full unescaped text has been inserted. So > there is no need to use stripslashes when selecting it out. Additionally, it should be noted that whether you need to use stripslashes() on data retrieved from the database depends on the setting of magic_quotes_runtime. The recommended setting is to have it disabled which means you do not need stripslashes(). -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-db -- New Year Resolution: Ignore top posted posts -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql - image storing
Joseph Crawford wrote:
Jason, can you explain why stripslashes should not be used on data
taken from the db? when you store data in the db i thought it was good
practice to addslashes, when you retrieve from the db, you will need
to use stripslashes to remove the extra \
The slashes are added for the database, not to be stored with the data.
for e.g. - to store: "I've just eaten."
you do: "INSERT INTO status (hunger) values ('I\'ve just eaten.');"
which stores: "I've just eaten."
It's not good practice - it's required (if you're not using a mechanism
that already handles this - such as the latest mysqli bind functions) -
otherwise the query is invalid.
You may be thinking of running 'htmlentities' when retrieving data -
which is necessary in some cases, depending on where you're using it
(most notably - in html where you don't want html output).
Cheers,
--
- Martin Norland, Database / Web Developer, International Outreach x3257
The opinion(s) contained within this email do not necessarily represent
those of St. Jude Children's Research Hospital.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql - image storing
> Jason, can you explain why stripslashes should not be used on data > taken from the db? when you store data in the db i thought it was good > practice to addslashes, when you retrieve from the db, you will need > to use stripslashes to remove the extra \ If I may step in... Assuming a MySQL db, using mysql_escape_string obviates the need for using either stripslashes or addslashes for db inserts and selects. I'm not sure of the underlying mechanism, but if you use mysql_escape_string on a string, the \'s and " ' "s, etc... all get escaped automagically before the insert. If you then take a look at the inserted data using the mysql client, you will see that the full unescaped text has been inserted. So there is no need to use stripslashes when selecting it out. Personally, this is counterintuitive, but that's the way it works. David
Re: [PHP-DB] mysql - image storing
Jason, can you explain why stripslashes should not be used on data taken from the db? when you store data in the db i thought it was good practice to addslashes, when you retrieve from the db, you will need to use stripslashes to remove the extra \ -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] mysql - image storing
The problem is that I just display the "image broken link" icon.
As I told before the image is displayed fine into phpMyAdmin, so I think the
problem is really in the retrieval script, but I can't see where...
I tried with several browser, so that's not the question either...I also
tried with several header option as I thought it may be the problem as if I
just echo the data without the header they look like "normal " data for a
picture...
Thanks for the reply.
From: "Bastien Koert" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], php-db@lists.php.net
Subject: RE: [PHP-DB] mysql - image storing
Date: Tue, 18 Jan 2005 10:46:50 -0500
so what exactly is the problem?
bastien
From: "mel list_php" <[EMAIL PROTECTED]>
To: php-db@lists.php.net
Subject: [PHP-DB] mysql - image storing
Date: Tue, 18 Jan 2005 11:30:12 +
Hi list,
I try to store/retrieve pictures into MySQL.
I know that a lot of people will say this is not a good practice, so here
are briefly my reasons:
-I want to protect that pictures (restricted access)
-I don't want to use htaccess as I want my users to be able to modify
their password whenever they want, and I don't want to modify dynamically
an htaccess file.
-I could store them on the filesystem (my actual solution), but I have
only few pictures, so I would like to give the MySQL option a trial.
I found on the web a lot of tutorials on how to do that, they almost all
look like this one
http://www.phpbuilder.com/columns/florian19991014.php3?page=1
I went through a lot of forums, saw a lot of problems and still am unable
to make it work for me.
Here are my scripts
-for the upload into mysql I suppose all is ok as I am able to visualize
the pictures through phpMyAdmin
-for the retrieval
$result = mysql_query("select * from images_binaires where id=1;") or
die(mysql_error());
while( $row = mysql_fetch_array($result ) )
{
$donnees=stripslashes($row[donnees_binaires]);
$type=$row[type_fichier];
$taille_fichier=$row[taille_fichier];
}
if ($donnees) {
header('Content-Type: image/png');
header('Content-Length: $taille_fichier');
echo $donnees;
}
else {
echo 'error';
}
?>
and the calling script:
";
?>
what I can say:
-no problem with connexion, it retrieves data (echo of $donnees without
header)
-when I retrieve the data without the header, they look "normal", no
excess of slashes for example.
-I tried to open the file with "rb" for upload (even if it's supposed to
be by default now)
-I tried to put the header on top of the script
-I tried different combinations with addslashes/stripslashes, trim in case
of spaces, mysql_real_escape_string...
-I also tried with imagecreatefromstring(), even if I saw that it
shouldn't be necessary.
-I think I shouldn't need the GD library, but it's installed anyway
If somebody can help?
Thanks!
_
It's fast, it's easy and it's free. Get MSN Messenger today!
http://www.msn.co.uk/messenger
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
_
It's fast, it's easy and it's free. Get MSN Messenger today!
http://www.msn.co.uk/messenger
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql - image storing
On Tuesday 18 January 2005 19:30, mel list_php wrote: [snip] > $donnees=stripslashes($row[donnees_binaires]); [snip] > -I tried different combinations with addslashes/stripslashes, trim in case > of spaces, mysql_real_escape_string... I haven't looked at your code in detail but stripslashes() should never be used on data retrieved from the DB (that is assuming your data was inserted correctly in the first place). -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-db -- New Year Resolution: Ignore top posted posts -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] mysql - image storing
so what exactly is the problem?
bastien
From: "mel list_php" <[EMAIL PROTECTED]>
To: php-db@lists.php.net
Subject: [PHP-DB] mysql - image storing
Date: Tue, 18 Jan 2005 11:30:12 +
Hi list,
I try to store/retrieve pictures into MySQL.
I know that a lot of people will say this is not a good practice, so here
are briefly my reasons:
-I want to protect that pictures (restricted access)
-I don't want to use htaccess as I want my users to be able to modify their
password whenever they want, and I don't want to modify dynamically an
htaccess file.
-I could store them on the filesystem (my actual solution), but I have only
few pictures, so I would like to give the MySQL option a trial.
I found on the web a lot of tutorials on how to do that, they almost all
look like this one
http://www.phpbuilder.com/columns/florian19991014.php3?page=1
I went through a lot of forums, saw a lot of problems and still am unable
to make it work for me.
Here are my scripts
-for the upload into mysql I suppose all is ok as I am able to visualize
the pictures through phpMyAdmin
-for the retrieval
$result = mysql_query("select * from images_binaires where id=1;") or
die(mysql_error());
while( $row = mysql_fetch_array($result ) )
{
$donnees=stripslashes($row[donnees_binaires]);
$type=$row[type_fichier];
$taille_fichier=$row[taille_fichier];
}
if ($donnees) {
header('Content-Type: image/png');
header('Content-Length: $taille_fichier');
echo $donnees;
}
else {
echo 'error';
}
?>
and the calling script:
";
?>
what I can say:
-no problem with connexion, it retrieves data (echo of $donnees without
header)
-when I retrieve the data without the header, they look "normal", no excess
of slashes for example.
-I tried to open the file with "rb" for upload (even if it's supposed to be
by default now)
-I tried to put the header on top of the script
-I tried different combinations with addslashes/stripslashes, trim in case
of spaces, mysql_real_escape_string...
-I also tried with imagecreatefromstring(), even if I saw that it shouldn't
be necessary.
-I think I shouldn't need the GD library, but it's installed anyway
If somebody can help?
Thanks!
_
It's fast, it's easy and it's free. Get MSN Messenger today!
http://www.msn.co.uk/messenger
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: SV: [PHP-DB] i am lost (php warning)
try this:
$sql = "SELECT * FROM cm_customer WHERE
emial='$user'";
$sql_query = mysql_query($sql) or die($mysql_error());
bastien
From: "Henrik Hornemann" <[EMAIL PROTECTED]>
To:
Subject: SV: [PHP-DB] i am lost (php warning)
Date: Tue, 18 Jan 2005 09:15:01 +0100
Hi,
Probably because $user is not in the database.
Regards Henrik Hornemann
-Oprindelig meddelelse-
Fra: Earl Clare [mailto:[EMAIL PROTECTED]
Sendt: 18. januar 2005 07:59
Til: php-db@lists.php.net
Emne: [PHP-DB] i am lost (php warning)
Prioritet: Høj
Hi ya'll,
I am lost as to why I am getting this error in my script. Can anyone kindly
explain why this is so.
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
resource in /home/cm/public_html/cell/login.php
---
My script
---
if($_POST['submit'] == '>Log In')
{
$user=$_POST["email"];
$pass=$_POST["pass"];
$sql_query = mysql_query("SELECT * FROM cm_customer WHERE
emial='$user'");
$sql_query = mysql_num_rows($sql_query);
if (($sql_query) >0)
{
$valid = $user;
session_start();
session_register("valid");
}
}
if (session_is_registered("reg"))
{
echo "ok";
}
else
{
echo "sorry";
}
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] mysql - image storing
Hi list,
I try to store/retrieve pictures into MySQL.
I know that a lot of people will say this is not a good practice, so here
are briefly my reasons:
-I want to protect that pictures (restricted access)
-I don't want to use htaccess as I want my users to be able to modify their
password whenever they want, and I don't want to modify dynamically an
htaccess file.
-I could store them on the filesystem (my actual solution), but I have only
few pictures, so I would like to give the MySQL option a trial.
I found on the web a lot of tutorials on how to do that, they almost all
look like this one
http://www.phpbuilder.com/columns/florian19991014.php3?page=1
I went through a lot of forums, saw a lot of problems and still am unable to
make it work for me.
Here are my scripts
-for the upload into mysql I suppose all is ok as I am able to visualize the
pictures through phpMyAdmin
-for the retrieval
$result = mysql_query("select * from images_binaires where id=1;") or
die(mysql_error());
while( $row = mysql_fetch_array($result ) )
{
$donnees=stripslashes($row[donnees_binaires]);
$type=$row[type_fichier];
$taille_fichier=$row[taille_fichier];
}
if ($donnees) {
header('Content-Type: image/png');
header('Content-Length: $taille_fichier');
echo $donnees;
}
else {
echo 'error';
}
?>
and the calling script:
";
?>
what I can say:
-no problem with connexion, it retrieves data (echo of $donnees without
header)
-when I retrieve the data without the header, they look "normal", no excess
of slashes for example.
-I tried to open the file with "rb" for upload (even if it's supposed to be
by default now)
-I tried to put the header on top of the script
-I tried different combinations with addslashes/stripslashes, trim in case
of spaces, mysql_real_escape_string...
-I also tried with imagecreatefromstring(), even if I saw that it shouldn't
be necessary.
-I think I shouldn't need the GD library, but it's installed anyway
If somebody can help?
Thanks!
_
It's fast, it's easy and it's free. Get MSN Messenger today!
http://www.msn.co.uk/messenger
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: last insert ID
You can use the mysql_insert_id() function, it returns the id generated
by the last query executed on the connection... hope this helps..
Zu3Bi
I was having trouble with retrieving the last insert id as well. Even
after looking over the information in the link, I couldn't figure out
how to make this work in PHP. Using the statement:
$id = $link->query("SELECT LAST_INSERT_ID()");
$id turned out to be a huge array - no part of which seemed to contain
the expected 'last id'. I can't even determine if I got any part of
it right.
Does anyone have a more complete example? I'm lost.
I'm surprised that the DB library doesn't do this. Is there some
reason that it cannot or is it just waiting for someone to write the
code?
Thank you for any assistance,
Nelson
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] i am lost (php warning)
Hi
it means that the query did not produce a result - usually this is because
of a problem with the query.
$sql_query = mysql_query("SELECT * FROM cm_customer WHERE emial='$user'");
I am guessing you misspelt email and this should be
$sql_query = mysql_query("SELECT * FROM cm_customer WHERE email='$user'");
if you add an error trap it makes this knd of thing easier to spot
$sql_query = mysql_query("SELECT * FROM cm_customer WHERE email='$user'") or
die(mysql_error());
HTH
Peter
> -Original Message-
> From: Earl Clare [mailto:[EMAIL PROTECTED]
> Sent: 18 January 2005 06:59
> To: php-db@lists.php.net
> Subject: [PHP-DB] i am lost (php warning)
> Importance: High
>
>
> Hi ya'll,
>
>
>
> I am lost as to why I am getting this error in my script. Can
> anyone kindly
> explain why this is so.
>
>
>
> Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
> resource in /home/cm/public_html/cell/login.php
>
>
>
> --
> --
> ---
>
> My script
>
> --
> --
> ---
>
>
>
>
>
> if($_POST['submit'] == '>Log In')
>
> {
>
> $user=$_POST["email"];
>
> $pass=$_POST["pass"];
>
> $sql_query = mysql_query("SELECT * FROM cm_customer WHERE
> emial='$user'");
>
> $sql_query = mysql_num_rows($sql_query);
>
>
>
> if (($sql_query) >0)
>
> {
>
> $valid = $user;
>
> session_start();
>
> session_register("valid");
>
> }
>
> }
>
>
>
> if (session_is_registered("reg"))
>
> {
>
> echo "ok";
>
> }
>
>
>
> else
>
> {
>
> echo "sorry";
>
> }
>
>
>
>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] insert into mysql-db from csv-file
Hi John, I want to read a csv-file and import the datas into a mysql-db. How do I make this. A little scriptexaple in php would be helpfull. Why not just LOAD DATA INFILE from MySQL? No need to involve PHP at all, really... I think the command you also can write in the mysql_db_query-Command. The problem the insertprocedure must be able via webbrowser. Regards, Ruprecht -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] i am lost (php warning)
it means mysql_query() filed.
u must check it before using mysql_fetch_row()
f.e.
$query = "bla bla bla";
$result = mysql_query( $query );
if ( $result ){
while ( $row = mysql_fetch_row( $result ) ){
}
}
else {
echo mysql_error( $db_connect );
exit;
}
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] i am lost (php warning)
The mysql_num_rows function requires that the argument passed to it
should be a valid MySQL result from a Select statement. Your script
doesn't explicitly establish a connection with the database so you could
be getting an error from that call, hence $sql_query would not be a
valid MySQL result. Try adding the following:
if (!$sql_query) {
die('Invalid query: ' . mysql_error());
}
graeme
Earl Clare wrote:
Hi ya'll,
I am lost as to why I am getting this error in my script. Can anyone kindly
explain why this is so.
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
resource in /home/cm/public_html/cell/login.php
---
My script
---
if($_POST['submit'] == '>Log In')
{
$user=$_POST["email"];
$pass=$_POST["pass"];
$sql_query = mysql_query("SELECT * FROM cm_customer WHERE
emial='$user'");
$sql_query = mysql_num_rows($sql_query);
if (($sql_query) >0)
{
$valid = $user;
session_start();
session_register("valid");
}
}
if (session_is_registered("reg"))
{
echo "ok";
}
else
{
echo "sorry";
}
--
Experience is a good teacher, but she sends in terrific bills.
Minna Antrim
RE: [PHP-DB] i am lost (php warning)
Hey thanks guys, the email was the problem
I had emial instead of email
Thanks for the assistance.
-Original Message-
From: Peter Lovatt [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 18, 2005 1:45 AM
To: Earl Clare; php-db@lists.php.net
Subject: RE: [PHP-DB] i am lost (php warning)
Hi
it means that the query did not produce a result - usually this is because
of a problem with the query.
$sql_query = mysql_query("SELECT * FROM cm_customer WHERE emial='$user'");
I am guessing you misspelt email and this should be
$sql_query = mysql_query("SELECT * FROM cm_customer WHERE email='$user'");
if you add an error trap it makes this knd of thing easier to spot
$sql_query = mysql_query("SELECT * FROM cm_customer WHERE email='$user'") or
die(mysql_error());
HTH
Peter
> -Original Message-
> From: Earl Clare [mailto:[EMAIL PROTECTED]
> Sent: 18 January 2005 06:59
> To: php-db@lists.php.net
> Subject: [PHP-DB] i am lost (php warning)
> Importance: High
>
>
> Hi ya'll,
>
>
>
> I am lost as to why I am getting this error in my script. Can
> anyone kindly
> explain why this is so.
>
>
>
> Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
> resource in /home/cm/public_html/cell/login.php
>
>
>
> --
> --
> ---
>
> My script
>
> --
> --
> ---
>
>
>
>
>
> if($_POST['submit'] == '>Log In')
>
> {
>
> $user=$_POST["email"];
>
> $pass=$_POST["pass"];
>
> $sql_query = mysql_query("SELECT * FROM cm_customer WHERE
> emial='$user'");
>
> $sql_query = mysql_num_rows($sql_query);
>
>
>
> if (($sql_query) >0)
>
> {
>
> $valid = $user;
>
> session_start();
>
> session_register("valid");
>
> }
>
> }
>
>
>
> if (session_is_registered("reg"))
>
> {
>
> echo "ok";
>
> }
>
>
>
> else
>
> {
>
> echo "sorry";
>
> }
>
>
>
>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
SV: [PHP-DB] i am lost (php warning)
Hi,
Probably because $user is not in the database.
Regards Henrik Hornemann
-Oprindelig meddelelse-
Fra: Earl Clare [mailto:[EMAIL PROTECTED]
Sendt: 18. januar 2005 07:59
Til: php-db@lists.php.net
Emne: [PHP-DB] i am lost (php warning)
Prioritet: Høj
Hi ya'll,
I am lost as to why I am getting this error in my script. Can anyone kindly
explain why this is so.
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
resource in /home/cm/public_html/cell/login.php
---
My script
---
if($_POST['submit'] == '>Log In')
{
$user=$_POST["email"];
$pass=$_POST["pass"];
$sql_query = mysql_query("SELECT * FROM cm_customer WHERE
emial='$user'");
$sql_query = mysql_num_rows($sql_query);
if (($sql_query) >0)
{
$valid = $user;
session_start();
session_register("valid");
}
}
if (session_is_registered("reg"))
{
echo "ok";
}
else
{
echo "sorry";
}
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
