RE: [PHP-DB] password in md5 to connect to mysql instead of clear password

2005-02-25 Thread Bob Sherer 
You could programmatically build the connection string in the php connection 
file, couldn't you?  Have a line that sets a variable equal to the MD5 hashed 
value.  Then, build the connection string, applying a call to a function that 
unhashes the password.  That way, the password itself never appears in code.

I don't know a thing about unhashing MD5 encrypted strings.  Sorry I can't help 
you there.  But, it sounds like you've already found that info.

Good luck,

Bob Sherer

-Original Message-
From: Jon-Eirik Pettersen [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 24, 2005 10:54 AM
To: Gael Lams
Cc: php-db@lists.php.net
Subject: Re: [PHP-DB] password in md5 to connect to mysql instead of
clear password


On Thu, 24 Feb 2005 02:37:01 -0800 (PST), Gael Lams [EMAIL PROTECTED] wrote:
 Hi all
 
 I use the classic following rows to connect to a mysql
 database. I always put $passsword in clear in the php
 connection file and I wonder whether there is a way to
 have it in md5 so that someone reading the file could
 not use it to connect to the db. I googled a bit but
 find only threads explaining how to have password
 saved in md5 inside a mysql table which is not I would
 like to do

Because MySQL is using another password-hashing-algoritm other than
MD5, as far as I know, it is not possible.

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DB] Pear DB and DB_DataObject : recommended?

2004-08-31 Thread Bob Sherer 
Howdy.
 
The question: How commonly accepted and recommended are the PEAR packages DB and 
DB_DataObject?  Anybody have some warnings or encouraging stories from projects done 
with these php enhancement packs?
 
I'm about to get started on a php and postgreSQL project that is starting from 
scratch.  I'm relatively new to php, having only done code maintenance on other 
projects while working in a variety of other development environments (mainly .asp.)  
So, I'd rather not waste time learning to use these tools if they aren't something 
that other developers will be happy using as others are brought onto this project.
 
Thanks for your thoughts and opinions,
 
Bob S.

[PHP-DB] RE: Session Values Change

2004-07-28 Thread Bob Sherer 
Jacob,

Here is my solution.
At the top, it checks to see if you are passing a new name via a querystring.  
If not, it checks to see if a name is present in the session yet.  If not, it 
initializes the session to Jacob.  It puts the session's value into the variable 
$view.
If you passed a name, it stores the name in the session and has it in the variable 
$view.

Now, $view will have a name that the SQL statement can use.

At the bottom, where you choose a name, it simply passes the name selection back to 
the page via a querystring field.

Try the following (notice the changes at the top and the links around the names at the 
bottom):

 ?php
session_start();

$view = $_GET['view'];
if ($view == '')
{
if (! isset($_SESSION['view'])) 
{
$_SESSION['view'] = Jacob;
}
$view = $_SESSION['view'];
} else {
$_SESSION['view'] = $view;
}
?


 #FORMATTING CODE HERE
 $dbuser='php' ;
 $dbpass='';
 $dbhost='localhost';
   
 $conn = mysql_connect ( $dbhost , $dbuser , $dbpass );
 //mysql_select_db ( web );
 $sql = 'Select UNIX_TIMESTAMP(date) AS
date,title,article from web.blog where user='.$view.' order by date desc
LIMIT 10';
 $result = mysql_query($sql);
//Execute For Future Use: SELECT
DATE_FORMAT(date,'%W, %D %M, %Y %l:%i%p') content FROM blog
   
  while ( $dataRow = mysql_fetch_row ( $result ) ) {
   
 $date=date(F dS Y h:i:s A, $dataRow[0]);
   
  echo 'a name='.$date.'/a';
  echo '  div class=date'.$date. '/div';
  echo '  h3'.$dataRow[1].'/h3';
  echo '  p'.$dataRow[2].'/pbr';
  #echo $sql ;
  }
  mysql_close ( $conn );

#FORMATTING CODE HERE

   div id=footer
p
Other Users:
br
a href=pagename.php?view=JacobJacob Hackamack/a | a 
href=pagename.php?view=JulieJulie Hackamack/a | a 
href=pagename.php?view=DavidDavid Hackamack/a/p
/div

-Original Message-
From: Jacob Hackamack [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 10:21 PM
To: [EMAIL PROTECTED]
Subject: Session Values Change


Hello,  

I am trying to start a blog page where the person selects their person they
want to view (bottom of the page) and then it somehow changes the session
variable (top of the code) and then accesses the database.  I was wondering,
what is the correct way to do something like this.  I have tried a couple of
options (a hrefs) but they didnĀ¹t seem to work and was wondering if anybody
had any suggestions.

Thank You In Advance

Jacob


?php
session_start();

if (! isset($_SESSION['view']))
{
   $_SESSION['view'] = Jacob;
}

?


 #FORMATTING CODE HERE
 $dbuser='php' ;
 $dbpass='';
 $dbhost='localhost';
   
 $conn = mysql_connect ( $dbhost , $dbuser , $dbpass );
 //mysql_select_db ( web );
 $sql = 'Select UNIX_TIMESTAMP(date) AS
date,title,article from web.blog where user='.$view.' order by date desc
LIMIT 10';
 $result = mysql_query($sql);
//Execute For Future Use: SELECT
DATE_FORMAT(date,'%W, %D %M, %Y %l:%i%p') content FROM blog
   
  while ( $dataRow = mysql_fetch_row ( $result ) ) {
   
 $date=date(F dS Y h:i:s A, $dataRow[0]);
   
  echo 'a name='.$date.'/a';
  echo '  div class=date'.$date. '/div';
  echo '  h3'.$dataRow[1].'/h3';
  echo '  p'.$dataRow[2].'/pbr';
  #echo $sql ;
  }
  mysql_close ( $conn );

#FORMATTING CODE HERE

   div id=footer
p
Other Users:
br
Jacob Hackamack | Julie Hackamack | David Hackamack/p
/div

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DB] RE: What's wrong with this QUERY?? - Thanks all.

2004-07-23 Thread Bob Sherer 
Harmeet,

The field email is obviously a field that can accept strings.  In SQL, you must wrap 
strings in single-quotes.  So, rewrite your query as:

$query = SELECT id, email, familyname FROM members WHERE email='$thing';

The reason it worked for id=$thing is that the id field is probably an integer field 
and integers do not require quotes.

Remember, wrap your strings in quotes and don't wrap your numbers (unless the number 
is really a string in disquise.)

Good luck,
Bob

-Original Message-
From: Harry G [mailto:harry (removethis)@gabha.net]
Sent: Thursday, July 22, 2004 10:59 PM
To: [EMAIL PROTECTED]
Subject: Re: What's wrong with this QUERY?? - Thanks all.


Thank you everybody.

Harry G [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 Hi,

 I have a database with members details and PK is id.

 $thing = [EMAIL PROTECTED];

 $query = SELECT id, email, familyname FROM members WHERE email=$thing;
 $result = mysql_query($query);

 If i do a query where id=$thing.
 and $thing=20;
 this works fine and I get the desired result. But what is wrong with the
 other one, when I do search for the email address??

 The email address does exist exactly as quoted above in the email field
in
 my members table but still doesn't produce any results.

 Any help is much appreciated.

 Harmeet

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php