Re: [PHP-DB] mysql - image storing
Martin Norland wrote: Jochem Maas wrote: I was always under the impression that single quotes (assuming you are delineating you args with single quotes) should (officially) be escaped with another single quote - although backslash also works: "INSERT INTO status (hunger) values ('I''ve just eaten.');" ...alot of really old code of mine is full of stuff like: $var = str_replace("'","''",$var); but maybe that just MTAM(tm) working for me - (thats a reference to a bit of humour from another thread btw - MTAM is not a technology :-) AFAIK - for Sybase and CSV yes, otherwise no (in general). Maybe it's a compatibility option? Still, there are perfectly valid reasons to have multiple ''s. (why, there's one now - sort of...) ok - cheers, just for the record If I wanted to insert your sentence: 'Still, there are perfectly valid reasons to have multiple s' :-) Cheers, -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql - image storing
Simon Rees wrote: On Tuesday 18 January 2005 19:18, Jochem Maas wrote: I was always under the impression that single quotes (assuming you are delineating you args with single quotes) should (officially) be escaped with another single quote - although backslash also works: I think it depends on the database that you are using. Oracle and MS-SQL both require quotes to be escaped with another quote, MySQL uses backslashes. I seem to recall that two quotes is the standard... Of course it is even better to use bind vars and then you don't need to escape the quotes (or worry about sql injection attacks)... did I mention I have been using firebird and the php-extension for the last year and a half ;-) cheers Simon -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Re: Subject: mysql - image storing
Hi Guys, Just to throw my 2 cents in... The application requirements drive how you handle images in a db...sometimes you simply don't have the choice (though filesystem storage is better IMO). My work app / clients require that we store images (and other media or documents) in the db. So while there are certain advantages to one over the other (and each method had them)...you do what the requirements tell you to do Bastien From: "Neil Smith [MVP, Digital media]" <[EMAIL PROTECTED]> To: php-db@lists.php.net CC: [EMAIL PROTECTED] Subject: [PHP-DB] Re: Subject: mysql - image storing Date: Wed, 19 Jan 2005 00:48:39 + No, really really , don't do this. Store the path to the image. You then load the path into PHP and use header("Content-type: image/jpeg"); readfile($path_from_database); exit; Then .htaccess the *actual directory* you store the images in so it's hidden from browsing. Only allow authorised people access to their own images, using a standard authentication system, and retrieve the image filenames they're allowed from the DB, append that to your protected directory path, and use readfile() to pass through the file data directly to the browser. Really, don't store them in the database ;-) Cheers - Neil At 18:59 18/01/2005 +, you wrote: Message-ID: <[EMAIL PROTECTED]> From: "mel list_php" <[EMAIL PROTECTED]> To: php-db@lists.php.net Date: Tue, 18 Jan 2005 11:30:12 + Mime-Version: 1.0 Content-Type: text/plain; format=flowed Subject: mysql - image storing Hi list, I try to store/retrieve pictures into MySQL. I know that a lot of people will say this is not a good practice, so here are briefly my reasons: -I want to protect that pictures (restricted access) -I don't want to use htaccess as I want my users to be able to modify their password whenever they want, and I don't want to modify dynamically an htaccess file. -I could store them on the filesystem (my actual solution), but I have only few pictures, so I would like to give the MySQL option a trial. CaptionKit http://www.captionkit.com : Production tools for accessible subtitled internet media, transcripts and searchable video. Supports Real Player, Quicktime and Windows Media Player. VideoChat with friends online, get Freshly Toasted every day at http://www.fresh-toast.net : NetMeeting solutions for a connected world. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: Subject: mysql - image storing
No, really really , don't do this. Store the path to the image. You then load the path into PHP and use header("Content-type: image/jpeg"); readfile($path_from_database); exit; Then .htaccess the *actual directory* you store the images in so it's hidden from browsing. Only allow authorised people access to their own images, using a standard authentication system, and retrieve the image filenames they're allowed from the DB, append that to your protected directory path, and use readfile() to pass through the file data directly to the browser. Really, don't store them in the database ;-) Cheers - Neil At 18:59 18/01/2005 +, you wrote: Message-ID: <[EMAIL PROTECTED]> From: "mel list_php" <[EMAIL PROTECTED]> To: php-db@lists.php.net Date: Tue, 18 Jan 2005 11:30:12 + Mime-Version: 1.0 Content-Type: text/plain; format=flowed Subject: mysql - image storing Hi list, I try to store/retrieve pictures into MySQL. I know that a lot of people will say this is not a good practice, so here are briefly my reasons: -I want to protect that pictures (restricted access) -I don't want to use htaccess as I want my users to be able to modify their password whenever they want, and I don't want to modify dynamically an htaccess file. -I could store them on the filesystem (my actual solution), but I have only few pictures, so I would like to give the MySQL option a trial. CaptionKit http://www.captionkit.com : Production tools for accessible subtitled internet media, transcripts and searchable video. Supports Real Player, Quicktime and Windows Media Player. VideoChat with friends online, get Freshly Toasted every day at http://www.fresh-toast.net : NetMeeting solutions for a connected world. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] RE: Import into mysql from csv-file
Mysql> LOAD DATA INFILE '/tmp/jokes.txt' INTO TABLE jokes FIELDS TERMINATED BY '' http://dev.mysql.com/doc/mysql/en/mysqlimport.html http://dev.mysql.com/doc/mysql/en/LOAD_DATA.html Jeremy Shovan -Original Message- From: Ruprecht Helms [mailto:[EMAIL PROTECTED] Sent: Monday, January 17, 2005 6:32 AM To: php-db@lists.php.net Subject: Import into mysql from csv-file Hi, how do I import data stored in a csv-file (formated text) into a mysql_database. Regards, Ruprecht -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Inserting UTF-8 data to MySQL 4.1.X
Hi, I've got a problem concerning inserting UTF-8 encoded data into a MySQL 4.1.9 table. I'm working on a simple DOM based XML feed parser in PHP5; I need to insert the data parsed from the feeds into the table. The script source can be viewed: http://www.feedsfarm.com/tmp.phps Most western European characters are inserted fine. Other characters such as special punctuation marks, and more importantly Japanese and middle and eastern European languages are inputted, but some characters seem to get mangled up. An example of the data is available: http://www.feedsfarm.com/s/s-50-site:a As you can see many Japanese symbols are fine, others are wrong, and show up as "???" in fire fox. Cyrillic languages are the same - some characters are fine, others just show the dreaded "???". My server's version of MySQL has UTF-8/Unicode support fully enabled, and I have all the fonts and character supported on my client machine. Here is an example of the data being sent straight to the browser: http://www.feedsfarm.com/tmp.php (works PERFECT!) Note: I know the parsed XML data is UTF-8 encoded because this is default by Libxml when traversing XML via DOM. Can anyone help point me in the right direction? Cheers, - Martin
[PHP-DB] RE: i am lost (php warning)
Log In'){ $user=$_POST["email"]; $pass=$_POST["pass"]; if(!$sql_query = mysql_query("SELECT * FROM cm_customer WHERE emial='".mysql_real_escape_string($user)."'")){ //This will let you know if there is an error in your query. I do not recomend leaving this here when when it is live. die(mysql_error()); } $numRows = mysql_num_rows($sql_query); if (($numRows) >0){ $valid = $user; session_start(); session_register("valid"); } } if (session_is_registered("reg")){ echo "ok"; }else{ echo "sorry"; } ?> Jeremy Shovan -Original Message- From: Earl Clare [mailto:[EMAIL PROTECTED] Sent: Monday, January 17, 2005 10:59 PM To: php-db@lists.php.net Subject: i am lost (php warning) Hi ya'll, I am lost as to why I am getting this error in my script. Can anyone kindly explain why this is so. Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/cm/public_html/cell/login.php --- My script --- if($_POST['submit'] == '>Log In') { $user=$_POST["email"]; $pass=$_POST["pass"]; $sql_query = mysql_query("SELECT * FROM cm_customer WHERE emial='$user'"); $sql_query = mysql_num_rows($sql_query); if (($sql_query) >0) { $valid = $user; session_start(); session_register("valid"); } } if (session_is_registered("reg")) { echo "ok"; } else { echo "sorry"; } -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql - image storing
Jochem Maas wrote: I was always under the impression that single quotes (assuming you are delineating you args with single quotes) should (officially) be escaped with another single quote - although backslash also works: "INSERT INTO status (hunger) values ('I''ve just eaten.');" ...alot of really old code of mine is full of stuff like: $var = str_replace("'","''",$var); but maybe that just MTAM(tm) working for me - (thats a reference to a bit of humour from another thread btw - MTAM is not a technology :-) AFAIK - for Sybase and CSV yes, otherwise no (in general). Maybe it's a compatibility option? Still, there are perfectly valid reasons to have multiple ''s. (why, there's one now - sort of...) Cheers, -- - Martin Norland, Database / Web Developer, International Outreach x3257 The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql - image storing
On Tuesday 18 January 2005 19:18, Jochem Maas wrote: > I was always under the impression that single quotes (assuming you are > delineating you args with single quotes) should (officially) be escaped > with another single quote - although backslash also works: I think it depends on the database that you are using. Oracle and MS-SQL both require quotes to be escaped with another quote, MySQL uses backslashes. I seem to recall that two quotes is the standard... Of course it is even better to use bind vars and then you don't need to escape the quotes (or worry about sql injection attacks)... cheers Simon -- ~~ Simon Rees | [EMAIL PROTECTED] | ORA-03113: end-of-file on communication channel ~~ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] PHP 5.0.3 and Oracle9i on Windows 2000/Apache
I agree with your theory of the possibility that the cli version of php is using a different ini file than the apache2 module/cgi. I have no clue as to how to confirm that or to correct it though, and advice there? I do restart Apache anytime I make config changes, hasn't seemed to have helped at all. The putenv seems to work just dandy as the script worked fine from the command line either wheather the putenv(s) were commented out or not. Thanks, Chaun -Original Message- From: Jochem Maas [mailto:[EMAIL PROTECTED] Sent: Monday, January 17, 2005 10:48 AM To: Chaun Keating Cc: php-db@lists.php.net Subject: Re: [PHP-DB] PHP 5.0.3 and Oracle9i on Windows 2000/Apache Chaun Keating wrote: > I am having trouble logging onto Oracle via PHP on a Windows 2000 machine. > > I keep getting the error: > > Fatal error: Call to undefined function OCILogon() in C:\Program > Files\Apache Group\Apache2\htdocs\oraconnect.php on line 15 > > I seem to have everything set up correctly. I am running an Oracle 9i > client and have set up the php.ini file with "extension=php_oci8.dll" > uncommented, left ";extension=php_oracle.dll" commented. (Although I have > tried various combinations of these two. Also I have set the "extension_dir > = C:\Program Files\PHP\ext" correctly and noted that php_oci8.dll and > php_oracle.dll exist there. > > Now here is where it gets really weird and I could use some help: > > It works fine from the command line: possibly the cli version of php is using a different ini file than the apache2 module/cgi. also you made need to restart apache in order to reread the php.ini file. with regard to putenv() - you may be suffering from safe_mode being on. also, (I don't know this!), if putenv is setting env vars whose scope is server-process wide then concurrent scripts _maybe_ messing each other up: e.g. request1 starts and does some putenv()s, request2 does the same a fraction later, request1 finishes and resets stuff done by putenv(), request2 trys to connect...which fails because the env vars are empty. > > I type "php oraconnect.php" for the following code: > //putenv("ORACLE_SID=TESTDB"); > //putenv("ORACLE_HOME=C:/oracle/ora92"); > //putenv("TNS_ADMIN=C:/oracle/ora92/network/admin"); > $username = "SCOTT"; > $passwd = "TIGER"; > //$db="(DESCRIPTION= > // (ADDRESS_LIST= > // (ADDRESS=(PROTOCOL=TCP) >//(HOST=orahostname1)(PORT=1621) > // ) > // ) > // (CONNECT_DATA=(SERVICE_NAME=TESTDB)) >// )"; > $conn = OCILogon("SCOTT","TIGER","TESTDB"); > if (!$conn) > { >echo "Connection failed"; >echo "Error Message: [" . OCIError($conn) . "]"; >exit; > } > else > { >echo "Connected!"; > } > ?> > > > It works either way with the env_variables in the script or with them > commented out from the command line. I just can't get it to work from the > browser. > > Can anyone out there help me with this one? I have some experience with > Oracle, Perl, and a little Java but not so much with PHP. > > Thanks. > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql - image storing
Joseph Crawford wrote: Jason, can you explain why stripslashes should not be used on data taken from the db? when you store data in the db i thought it was good although 'slashing' text works pretty much all of the time (possibly the guys using exotic encodings all day will say different :-) but the data you are storing in the DB is binary - stripping and slashing will probably do weird things to the data: try creating some image data and run it thru add_slashes() and stripslashes() and compare the output of each with the original. practice to addslashes, when you retrieve from the db, you will need why is it good practice? (anyone)? sounds like pure overhead to me. you could look up 'magic quotes' in relation to this, its often where the trouble starts! on a side note: - me I use the ibase/firebird php extension which has parameterized queries - so I can say goodbye to mysql_escape_arg() (or whatever the damn function is called) and having to hand craft lots of arg checks - but alas you may not have access to a firebird DB. to use stripslashes to remove the extra \ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] mysql - image storing
To view the terms under which this email is distributed, please go to http://disclaimer.leedsmet.ac.uk/email.htm On 18 January 2005 17:11, Joseph Crawford wrote: > Jason, can you explain why stripslashes should not be used on data > taken from the db? when you store data in the db i thought it was good > practice to addslashes, when you retrieve from the db, you will need > to use stripslashes to remove the extra \ It's simple. Suppose you have a script that looks a bit like this (but hopefully with more input validation and error checking!): $value = addslashes($_POST['text']); // magic_quotes_gpc off $sql = "INSERT INTO tbl SET fld = '$value'"; database_execute($sql); Now suppose the user types this into the 'text' form field: Here's an apostrophe Here's what happens: PHP does this: $value is set to: Here\'s an apostrophe $sql becomes: INSERT INTO tbl SET fld = 'Here\'s an apostrophe' Which is sent to the database via database_execute() The DATABASE now does this: Receives the SQL statement: INSERT INTO tbl SET fld = 'Here\'s an apostrophe' (Note how the \ escape is required here to stop the field value from terminating prematurely -- but this escape is aimed at the *database*, and is not a PHP escape. A lot of confusion seems to arise here for databases which use the same \ escape character as PHP.) Extracts the value: Here\'s an apostrophe and de-escapes it to give:Here's an apostrophe Which gets inserted into the database. So the value inserted into the database is the unescaped original, and on retrieval there are no \ characters in the retrieved value to be stripslashes()ed. Hope that's clearer than mud, and helps you understand what's going on better. Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning & Information Services, JG125, James Graham Building, Leeds Metropolitan University, Headingley Campus, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql - image storing
Martin Norland wrote: Joseph Crawford wrote: Jason, can you explain why stripslashes should not be used on data taken from the db? when you store data in the db i thought it was good practice to addslashes, when you retrieve from the db, you will need to use stripslashes to remove the extra \ The slashes are added for the database, not to be stored with the data. for e.g. - to store: "I've just eaten." you do: "INSERT INTO status (hunger) values ('I\'ve just eaten.');" I was always under the impression that single quotes (assuming you are delineating you args with single quotes) should (officially) be escaped with another single quote - although backslash also works: "INSERT INTO status (hunger) values ('I''ve just eaten.');" ...alot of really old code of mine is full of stuff like: $var = str_replace("'","''",$var); but maybe that just MTAM(tm) working for me - (thats a reference to a bit of humour from another thread btw - MTAM is not a technology :-) which stores: "I've just eaten." It's not good practice - it's required (if you're not using a mechanism that already handles this - such as the latest mysqli bind functions) - otherwise the query is invalid. nice to learn that mysqli is getting it 'right' :-) [makes mental note to look into it!] You may be thinking of running 'htmlentities' when retrieving data - which is necessary in some cases, depending on where you're using it (most notably - in html where you don't want html output). Cheers, -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql - image storing
On Wednesday 19 January 2005 01:51, [EMAIL PROTECTED] wrote: > > Jason, can you explain why stripslashes should not be used on data > > taken from the db? when you store data in the db i thought it was good > > practice to addslashes, when you retrieve from the db, you will need > > to use stripslashes to remove the extra \ > > If I may step in... > > Assuming a MySQL db, using mysql_escape_string obviates the need for using > either stripslashes or addslashes for db inserts and selects. I'm not sure > of the underlying mechanism, but if you use mysql_escape_string on a > string, the \'s and " ' "s, etc... all get escaped automagically before > the insert. If you then take a look at the inserted data using the mysql > client, you will see that the full unescaped text has been inserted. So > there is no need to use stripslashes when selecting it out. Additionally, it should be noted that whether you need to use stripslashes() on data retrieved from the database depends on the setting of magic_quotes_runtime. The recommended setting is to have it disabled which means you do not need stripslashes(). -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-db -- New Year Resolution: Ignore top posted posts -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql - image storing
Joseph Crawford wrote: Jason, can you explain why stripslashes should not be used on data taken from the db? when you store data in the db i thought it was good practice to addslashes, when you retrieve from the db, you will need to use stripslashes to remove the extra \ The slashes are added for the database, not to be stored with the data. for e.g. - to store: "I've just eaten." you do: "INSERT INTO status (hunger) values ('I\'ve just eaten.');" which stores: "I've just eaten." It's not good practice - it's required (if you're not using a mechanism that already handles this - such as the latest mysqli bind functions) - otherwise the query is invalid. You may be thinking of running 'htmlentities' when retrieving data - which is necessary in some cases, depending on where you're using it (most notably - in html where you don't want html output). Cheers, -- - Martin Norland, Database / Web Developer, International Outreach x3257 The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql - image storing
> Jason, can you explain why stripslashes should not be used on data > taken from the db? when you store data in the db i thought it was good > practice to addslashes, when you retrieve from the db, you will need > to use stripslashes to remove the extra \ If I may step in... Assuming a MySQL db, using mysql_escape_string obviates the need for using either stripslashes or addslashes for db inserts and selects. I'm not sure of the underlying mechanism, but if you use mysql_escape_string on a string, the \'s and " ' "s, etc... all get escaped automagically before the insert. If you then take a look at the inserted data using the mysql client, you will see that the full unescaped text has been inserted. So there is no need to use stripslashes when selecting it out. Personally, this is counterintuitive, but that's the way it works. David
Re: [PHP-DB] mysql - image storing
Jason, can you explain why stripslashes should not be used on data taken from the db? when you store data in the db i thought it was good practice to addslashes, when you retrieve from the db, you will need to use stripslashes to remove the extra \ -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] mysql - image storing
The problem is that I just display the "image broken link" icon. As I told before the image is displayed fine into phpMyAdmin, so I think the problem is really in the retrieval script, but I can't see where... I tried with several browser, so that's not the question either...I also tried with several header option as I thought it may be the problem as if I just echo the data without the header they look like "normal " data for a picture... Thanks for the reply. From: "Bastien Koert" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED], php-db@lists.php.net Subject: RE: [PHP-DB] mysql - image storing Date: Tue, 18 Jan 2005 10:46:50 -0500 so what exactly is the problem? bastien From: "mel list_php" <[EMAIL PROTECTED]> To: php-db@lists.php.net Subject: [PHP-DB] mysql - image storing Date: Tue, 18 Jan 2005 11:30:12 + Hi list, I try to store/retrieve pictures into MySQL. I know that a lot of people will say this is not a good practice, so here are briefly my reasons: -I want to protect that pictures (restricted access) -I don't want to use htaccess as I want my users to be able to modify their password whenever they want, and I don't want to modify dynamically an htaccess file. -I could store them on the filesystem (my actual solution), but I have only few pictures, so I would like to give the MySQL option a trial. I found on the web a lot of tutorials on how to do that, they almost all look like this one http://www.phpbuilder.com/columns/florian19991014.php3?page=1 I went through a lot of forums, saw a lot of problems and still am unable to make it work for me. Here are my scripts -for the upload into mysql I suppose all is ok as I am able to visualize the pictures through phpMyAdmin -for the retrieval $result = mysql_query("select * from images_binaires where id=1;") or die(mysql_error()); while( $row = mysql_fetch_array($result ) ) { $donnees=stripslashes($row[donnees_binaires]); $type=$row[type_fichier]; $taille_fichier=$row[taille_fichier]; } if ($donnees) { header('Content-Type: image/png'); header('Content-Length: $taille_fichier'); echo $donnees; } else { echo 'error'; } ?> and the calling script: "; ?> what I can say: -no problem with connexion, it retrieves data (echo of $donnees without header) -when I retrieve the data without the header, they look "normal", no excess of slashes for example. -I tried to open the file with "rb" for upload (even if it's supposed to be by default now) -I tried to put the header on top of the script -I tried different combinations with addslashes/stripslashes, trim in case of spaces, mysql_real_escape_string... -I also tried with imagecreatefromstring(), even if I saw that it shouldn't be necessary. -I think I shouldn't need the GD library, but it's installed anyway If somebody can help? Thanks! _ It's fast, it's easy and it's free. Get MSN Messenger today! http://www.msn.co.uk/messenger -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ It's fast, it's easy and it's free. Get MSN Messenger today! http://www.msn.co.uk/messenger -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql - image storing
On Tuesday 18 January 2005 19:30, mel list_php wrote: [snip] > $donnees=stripslashes($row[donnees_binaires]); [snip] > -I tried different combinations with addslashes/stripslashes, trim in case > of spaces, mysql_real_escape_string... I haven't looked at your code in detail but stripslashes() should never be used on data retrieved from the DB (that is assuming your data was inserted correctly in the first place). -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-db -- New Year Resolution: Ignore top posted posts -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] mysql - image storing
so what exactly is the problem? bastien From: "mel list_php" <[EMAIL PROTECTED]> To: php-db@lists.php.net Subject: [PHP-DB] mysql - image storing Date: Tue, 18 Jan 2005 11:30:12 + Hi list, I try to store/retrieve pictures into MySQL. I know that a lot of people will say this is not a good practice, so here are briefly my reasons: -I want to protect that pictures (restricted access) -I don't want to use htaccess as I want my users to be able to modify their password whenever they want, and I don't want to modify dynamically an htaccess file. -I could store them on the filesystem (my actual solution), but I have only few pictures, so I would like to give the MySQL option a trial. I found on the web a lot of tutorials on how to do that, they almost all look like this one http://www.phpbuilder.com/columns/florian19991014.php3?page=1 I went through a lot of forums, saw a lot of problems and still am unable to make it work for me. Here are my scripts -for the upload into mysql I suppose all is ok as I am able to visualize the pictures through phpMyAdmin -for the retrieval $result = mysql_query("select * from images_binaires where id=1;") or die(mysql_error()); while( $row = mysql_fetch_array($result ) ) { $donnees=stripslashes($row[donnees_binaires]); $type=$row[type_fichier]; $taille_fichier=$row[taille_fichier]; } if ($donnees) { header('Content-Type: image/png'); header('Content-Length: $taille_fichier'); echo $donnees; } else { echo 'error'; } ?> and the calling script: "; ?> what I can say: -no problem with connexion, it retrieves data (echo of $donnees without header) -when I retrieve the data without the header, they look "normal", no excess of slashes for example. -I tried to open the file with "rb" for upload (even if it's supposed to be by default now) -I tried to put the header on top of the script -I tried different combinations with addslashes/stripslashes, trim in case of spaces, mysql_real_escape_string... -I also tried with imagecreatefromstring(), even if I saw that it shouldn't be necessary. -I think I shouldn't need the GD library, but it's installed anyway If somebody can help? Thanks! _ It's fast, it's easy and it's free. Get MSN Messenger today! http://www.msn.co.uk/messenger -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: SV: [PHP-DB] i am lost (php warning)
try this: $sql = "SELECT * FROM cm_customer WHERE emial='$user'"; $sql_query = mysql_query($sql) or die($mysql_error()); bastien From: "Henrik Hornemann" <[EMAIL PROTECTED]> To: Subject: SV: [PHP-DB] i am lost (php warning) Date: Tue, 18 Jan 2005 09:15:01 +0100 Hi, Probably because $user is not in the database. Regards Henrik Hornemann -Oprindelig meddelelse- Fra: Earl Clare [mailto:[EMAIL PROTECTED] Sendt: 18. januar 2005 07:59 Til: php-db@lists.php.net Emne: [PHP-DB] i am lost (php warning) Prioritet: Høj Hi ya'll, I am lost as to why I am getting this error in my script. Can anyone kindly explain why this is so. Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/cm/public_html/cell/login.php --- My script --- if($_POST['submit'] == '>Log In') { $user=$_POST["email"]; $pass=$_POST["pass"]; $sql_query = mysql_query("SELECT * FROM cm_customer WHERE emial='$user'"); $sql_query = mysql_num_rows($sql_query); if (($sql_query) >0) { $valid = $user; session_start(); session_register("valid"); } } if (session_is_registered("reg")) { echo "ok"; } else { echo "sorry"; } -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] mysql - image storing
Hi list, I try to store/retrieve pictures into MySQL. I know that a lot of people will say this is not a good practice, so here are briefly my reasons: -I want to protect that pictures (restricted access) -I don't want to use htaccess as I want my users to be able to modify their password whenever they want, and I don't want to modify dynamically an htaccess file. -I could store them on the filesystem (my actual solution), but I have only few pictures, so I would like to give the MySQL option a trial. I found on the web a lot of tutorials on how to do that, they almost all look like this one http://www.phpbuilder.com/columns/florian19991014.php3?page=1 I went through a lot of forums, saw a lot of problems and still am unable to make it work for me. Here are my scripts -for the upload into mysql I suppose all is ok as I am able to visualize the pictures through phpMyAdmin -for the retrieval $result = mysql_query("select * from images_binaires where id=1;") or die(mysql_error()); while( $row = mysql_fetch_array($result ) ) { $donnees=stripslashes($row[donnees_binaires]); $type=$row[type_fichier]; $taille_fichier=$row[taille_fichier]; } if ($donnees) { header('Content-Type: image/png'); header('Content-Length: $taille_fichier'); echo $donnees; } else { echo 'error'; } ?> and the calling script: "; ?> what I can say: -no problem with connexion, it retrieves data (echo of $donnees without header) -when I retrieve the data without the header, they look "normal", no excess of slashes for example. -I tried to open the file with "rb" for upload (even if it's supposed to be by default now) -I tried to put the header on top of the script -I tried different combinations with addslashes/stripslashes, trim in case of spaces, mysql_real_escape_string... -I also tried with imagecreatefromstring(), even if I saw that it shouldn't be necessary. -I think I shouldn't need the GD library, but it's installed anyway If somebody can help? Thanks! _ It's fast, it's easy and it's free. Get MSN Messenger today! http://www.msn.co.uk/messenger -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: last insert ID
You can use the mysql_insert_id() function, it returns the id generated by the last query executed on the connection... hope this helps.. Zu3Bi I was having trouble with retrieving the last insert id as well. Even after looking over the information in the link, I couldn't figure out how to make this work in PHP. Using the statement: $id = $link->query("SELECT LAST_INSERT_ID()"); $id turned out to be a huge array - no part of which seemed to contain the expected 'last id'. I can't even determine if I got any part of it right. Does anyone have a more complete example? I'm lost. I'm surprised that the DB library doesn't do this. Is there some reason that it cannot or is it just waiting for someone to write the code? Thank you for any assistance, Nelson -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] i am lost (php warning)
Hi it means that the query did not produce a result - usually this is because of a problem with the query. $sql_query = mysql_query("SELECT * FROM cm_customer WHERE emial='$user'"); I am guessing you misspelt email and this should be $sql_query = mysql_query("SELECT * FROM cm_customer WHERE email='$user'"); if you add an error trap it makes this knd of thing easier to spot $sql_query = mysql_query("SELECT * FROM cm_customer WHERE email='$user'") or die(mysql_error()); HTH Peter > -Original Message- > From: Earl Clare [mailto:[EMAIL PROTECTED] > Sent: 18 January 2005 06:59 > To: php-db@lists.php.net > Subject: [PHP-DB] i am lost (php warning) > Importance: High > > > Hi ya'll, > > > > I am lost as to why I am getting this error in my script. Can > anyone kindly > explain why this is so. > > > > Warning: mysql_num_rows(): supplied argument is not a valid MySQL result > resource in /home/cm/public_html/cell/login.php > > > > -- > -- > --- > > My script > > -- > -- > --- > > > > > > if($_POST['submit'] == '>Log In') > > { > > $user=$_POST["email"]; > > $pass=$_POST["pass"]; > > $sql_query = mysql_query("SELECT * FROM cm_customer WHERE > emial='$user'"); > > $sql_query = mysql_num_rows($sql_query); > > > > if (($sql_query) >0) > > { > > $valid = $user; > > session_start(); > > session_register("valid"); > > } > > } > > > > if (session_is_registered("reg")) > > { > > echo "ok"; > > } > > > > else > > { > > echo "sorry"; > > } > > > > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] insert into mysql-db from csv-file
Hi John, I want to read a csv-file and import the datas into a mysql-db. How do I make this. A little scriptexaple in php would be helpfull. Why not just LOAD DATA INFILE from MySQL? No need to involve PHP at all, really... I think the command you also can write in the mysql_db_query-Command. The problem the insertprocedure must be able via webbrowser. Regards, Ruprecht -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] i am lost (php warning)
it means mysql_query() filed. u must check it before using mysql_fetch_row() f.e. $query = "bla bla bla"; $result = mysql_query( $query ); if ( $result ){ while ( $row = mysql_fetch_row( $result ) ){ } } else { echo mysql_error( $db_connect ); exit; } -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] i am lost (php warning)
The mysql_num_rows function requires that the argument passed to it should be a valid MySQL result from a Select statement. Your script doesn't explicitly establish a connection with the database so you could be getting an error from that call, hence $sql_query would not be a valid MySQL result. Try adding the following: if (!$sql_query) { die('Invalid query: ' . mysql_error()); } graeme Earl Clare wrote: Hi ya'll, I am lost as to why I am getting this error in my script. Can anyone kindly explain why this is so. Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/cm/public_html/cell/login.php --- My script --- if($_POST['submit'] == '>Log In') { $user=$_POST["email"]; $pass=$_POST["pass"]; $sql_query = mysql_query("SELECT * FROM cm_customer WHERE emial='$user'"); $sql_query = mysql_num_rows($sql_query); if (($sql_query) >0) { $valid = $user; session_start(); session_register("valid"); } } if (session_is_registered("reg")) { echo "ok"; } else { echo "sorry"; } -- Experience is a good teacher, but she sends in terrific bills. Minna Antrim
RE: [PHP-DB] i am lost (php warning)
Hey thanks guys, the email was the problem I had emial instead of email Thanks for the assistance. -Original Message- From: Peter Lovatt [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 18, 2005 1:45 AM To: Earl Clare; php-db@lists.php.net Subject: RE: [PHP-DB] i am lost (php warning) Hi it means that the query did not produce a result - usually this is because of a problem with the query. $sql_query = mysql_query("SELECT * FROM cm_customer WHERE emial='$user'"); I am guessing you misspelt email and this should be $sql_query = mysql_query("SELECT * FROM cm_customer WHERE email='$user'"); if you add an error trap it makes this knd of thing easier to spot $sql_query = mysql_query("SELECT * FROM cm_customer WHERE email='$user'") or die(mysql_error()); HTH Peter > -Original Message- > From: Earl Clare [mailto:[EMAIL PROTECTED] > Sent: 18 January 2005 06:59 > To: php-db@lists.php.net > Subject: [PHP-DB] i am lost (php warning) > Importance: High > > > Hi ya'll, > > > > I am lost as to why I am getting this error in my script. Can > anyone kindly > explain why this is so. > > > > Warning: mysql_num_rows(): supplied argument is not a valid MySQL result > resource in /home/cm/public_html/cell/login.php > > > > -- > -- > --- > > My script > > -- > -- > --- > > > > > > if($_POST['submit'] == '>Log In') > > { > > $user=$_POST["email"]; > > $pass=$_POST["pass"]; > > $sql_query = mysql_query("SELECT * FROM cm_customer WHERE > emial='$user'"); > > $sql_query = mysql_num_rows($sql_query); > > > > if (($sql_query) >0) > > { > > $valid = $user; > > session_start(); > > session_register("valid"); > > } > > } > > > > if (session_is_registered("reg")) > > { > > echo "ok"; > > } > > > > else > > { > > echo "sorry"; > > } > > > > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
SV: [PHP-DB] i am lost (php warning)
Hi, Probably because $user is not in the database. Regards Henrik Hornemann -Oprindelig meddelelse- Fra: Earl Clare [mailto:[EMAIL PROTECTED] Sendt: 18. januar 2005 07:59 Til: php-db@lists.php.net Emne: [PHP-DB] i am lost (php warning) Prioritet: Høj Hi ya'll, I am lost as to why I am getting this error in my script. Can anyone kindly explain why this is so. Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/cm/public_html/cell/login.php --- My script --- if($_POST['submit'] == '>Log In') { $user=$_POST["email"]; $pass=$_POST["pass"]; $sql_query = mysql_query("SELECT * FROM cm_customer WHERE emial='$user'"); $sql_query = mysql_num_rows($sql_query); if (($sql_query) >0) { $valid = $user; session_start(); session_register("valid"); } } if (session_is_registered("reg")) { echo "ok"; } else { echo "sorry"; } -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php