Re: [PHP-DB] redirecting function

2005-03-14 Thread Ben Galin 
On Mar 14, 2005, at 2:26 AM, Ken wrote:
On Mon, 14 Mar 2005 01:43:09 -0800 (PST), Yemi Obembe
<[EMAIL PROTECTED]> wrote:
hi folks,
who knows any function that can do this javascript trick


window.location='http://somewhere.com/'


tried header(location:http://somewhere.com/) but it gave me an 
errorinclude() on the other hand only includes the url & doest 
redirect to it...

you forgot the quotation marks on header i believe
header('location: www.foobar.com');
and also make sure your browser supports header redirects, not all 
browsers do.
Also, from http://us4.php.net/header:
"Remember that header() must be called before any actual output is 
sent, either by normal HTML tags, blank lines in a file, or from PHP. 
It is a very common error to read code with include(), or require(), 
functions, or another file access function, and have spaces or empty 
lines that are output before header() is called. The same problem 
exists when using a single PHP/HTML file."

Ben
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] Re: Mass mail

2004-09-20 Thread Ben Galin 
On Sep 20, 2004, at 7:13 AM, Manuel Lemos wrote:
Now, for the actual composing and sending of the newsletters, there 
are some optimizations that can be done depending on whether the 
newsletters  are going to be personalized (avoid it at all costs if 
you can) or not.
May I ask why?  Are you referring to the additional time it would take 
the script to run or to a security issue or something else?

Thanks, Ben
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] letting a table name be a constant

2004-08-23 Thread Ben Galin 
On Aug 23, 2004, at 8:12 PM, John Holmes wrote:
You can't have a constant in a string. You'd do it like this:
mysql_query("INSERT INTO " . TABLE . " (`id`,`name`) VALUES 
('','$name')");
Thanks, John and Justin.  Wasn't thinking about that.
The other error you have, and I don't know how you think this code 
runs, are the dollar signs before mysql_connect(), mysql_select_db() 
and mysql_query() are not needed.
You're right.  It doesn't run.  I retyped instead of copy-and-paste'd; 
that's a typo.

Cheers,
 Ben
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DB] letting a table name be a constant

2004-08-23 Thread Ben Galin 
Hello,
Regarding this code:
[PHP code]
  // This works
  $name="name";
  $table="mytable";
  $mysql_connect("localhost","","") or die("Error: ".mysql_error());
  $mysql_select_db("mydb") or die("Error: ".mysql_error());
  $mysql_query("INSERT INTO $table (`id`,`name`) VALUES ('','$name')");
[/PHP code]
I want to define() TABLE as a constant instead of using the variable 
$table

[PHP code]
  // This runs without an error but does *not* insert a new row
  $name="name";
  define("TABLE", "mytable");
  $mysql_connect("localhost","","") or die("Error: ".mysql_error());
  $mysql_select_db("mydb") or die("Error: ".mysql_error());
  $mysql_query("INSERT INTO TABLE (`id`,`name`) VALUES ('','$name')");
[/PHP code]
Changing the query line to
  $mysql_query("INSERT INTO `TABLE` (`id`,`name`) VALUES ('','$name')");
or
  $mysql_query("INSERT INTO 'TABLE' (`id`,`name`) VALUES ('','$name')");
has no effect.
I also tried to
  define("TABLE", "`mytable`");
which, too, didn't work.
Would appreciate any advice,
 Ben
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DB] retry, this time with code [was: [PHP-DB] [newbie] Form to email *and* insert row to MySQL]

2004-08-13 Thread Ben Galin 
My last email shows on the archive but it also bounced back to me so I 
am reposting it.  Sorry of this is a double-post.

Also, I am adding this time the source code down below which I should 
have probably done last time around.

Any help is much appreciated, Ben.

Hello guys,
I have an HTML form with the action attribute set to the famous
FormMail.pl and it works beautifully.  However, I also want to insert
the data into a MySQL database.
Initially, I thought that I would let FormMail validate the data, send
the email, and then redirect to a PHP script that would use the $_POST
array to INSERT it into my db [see source below].  Of course, it didn't 
work.  AFAICT, both
the FormMail script and the PHP script need to be called from the form's
action attribute.

1 - Is there a way to call them both?
 From lurking around and reading tutorials, I understand that it is
possible to send emails with PHP and that I don't need to use FormMail
at all.  However, I have been told that FormMail is a relatively "safe
script" that won't let hackers exploit either the server or myself.  I
am not quite sure what such exploits might be, but I trust that the
hackers are...
2 - If I am to drop FormMail, what PHP script should I use to protect
my, and the server's, security?
Which brings us to the next point: the PHP script that I currently use
is very straightforward ([see below]) and the subuser has
only INSERT privileges.
3 - Am I putting anything (db, server) in a danger with this script?
Cheers,
  Ben


  [HTML Form]
  http://site.com/cgi-bin/FormMail.pl"; />
  http://site.com/script.php"; />
  
  Name: 
  [...]

  [script.php]
  $name = $_POST['realname'];
  mysql_connect("localhost", "subuser", "password")or die("ERROR: 
".mysql_error());
  mysql_select_db("my_db")or die("ERROR: ".mysql_error());
  mysql_query("INSERT INTO `my_table` (`id`, `name`) VALUES 
('','$realname')");
  header('Location: http://site.com/thankyou.html');


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DB] [newbie] Form to email *and* insert row to MySQL

2004-08-12 Thread Ben Galin 
Hello guys,
I have an HTML form with the action attribute set to the famous 
FormMail.pl and it works beautifully.  However, I also want to insert 
the data into a MySQL database.

Initially, I thought that I would let FormMail validate the data, send 
the email, and then redirect to a PHP script that would use the $_POST 
array to INSERT it into my db.  Of course, it didn't work.  AFAICT, both 
the FormMail script and the PHP script need to be called from the form's 
action attribute.

1 - Is there a way to call them both?
From lurking around and reading tutorials, I understand that it is 
possible to send emails with PHP and that I don't need to use FormMail 
at all.  However, I have been told that FormMail is a relatively "safe 
script" that won't let hackers exploit either the server or myself.  I 
am not quite sure what such exploits might be, but I trust that the 
hackers are...

2 - If I am to drop FormMail, what PHP script should I use to protect 
my, and the server's, security?

Which brings us to the next point: the PHP script that I currently use 
is very straightforward (connect, select_db, INSERT) and the subuser has 
only INSERT privileges.

3 - Am I putting anything (db, server) in a danger with this script?
Cheers,
 Ben
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php