RE: [PHP-DB] password in md5 to connect to mysql instead of clear password
You could programmatically build the connection string in the php connection file, couldn't you? Have a line that sets a variable equal to the MD5 hashed value. Then, build the connection string, applying a call to a function that unhashes the password. That way, the password itself never appears in code. I don't know a thing about unhashing MD5 encrypted strings. Sorry I can't help you there. But, it sounds like you've already found that info. Good luck, Bob Sherer -Original Message- From: Jon-Eirik Pettersen [mailto:[EMAIL PROTECTED] Sent: Thursday, February 24, 2005 10:54 AM To: Gael Lams Cc: php-db@lists.php.net Subject: Re: [PHP-DB] password in md5 to connect to mysql instead of clear password On Thu, 24 Feb 2005 02:37:01 -0800 (PST), Gael Lams [EMAIL PROTECTED] wrote: Hi all I use the classic following rows to connect to a mysql database. I always put $passsword in clear in the php connection file and I wonder whether there is a way to have it in md5 so that someone reading the file could not use it to connect to the db. I googled a bit but find only threads explaining how to have password saved in md5 inside a mysql table which is not I would like to do Because MySQL is using another password-hashing-algoritm other than MD5, as far as I know, it is not possible. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Pear DB and DB_DataObject : recommended?
Howdy. The question: How commonly accepted and recommended are the PEAR packages DB and DB_DataObject? Anybody have some warnings or encouraging stories from projects done with these php enhancement packs? I'm about to get started on a php and postgreSQL project that is starting from scratch. I'm relatively new to php, having only done code maintenance on other projects while working in a variety of other development environments (mainly .asp.) So, I'd rather not waste time learning to use these tools if they aren't something that other developers will be happy using as others are brought onto this project. Thanks for your thoughts and opinions, Bob S.
[PHP-DB] RE: Session Values Change
Jacob, Here is my solution. At the top, it checks to see if you are passing a new name via a querystring. If not, it checks to see if a name is present in the session yet. If not, it initializes the session to Jacob. It puts the session's value into the variable $view. If you passed a name, it stores the name in the session and has it in the variable $view. Now, $view will have a name that the SQL statement can use. At the bottom, where you choose a name, it simply passes the name selection back to the page via a querystring field. Try the following (notice the changes at the top and the links around the names at the bottom): ?php session_start(); $view = $_GET['view']; if ($view == '') { if (! isset($_SESSION['view'])) { $_SESSION['view'] = Jacob; } $view = $_SESSION['view']; } else { $_SESSION['view'] = $view; } ? #FORMATTING CODE HERE $dbuser='php' ; $dbpass=''; $dbhost='localhost'; $conn = mysql_connect ( $dbhost , $dbuser , $dbpass ); //mysql_select_db ( web ); $sql = 'Select UNIX_TIMESTAMP(date) AS date,title,article from web.blog where user='.$view.' order by date desc LIMIT 10'; $result = mysql_query($sql); //Execute For Future Use: SELECT DATE_FORMAT(date,'%W, %D %M, %Y %l:%i%p') content FROM blog while ( $dataRow = mysql_fetch_row ( $result ) ) { $date=date(F dS Y h:i:s A, $dataRow[0]); echo 'a name='.$date.'/a'; echo ' div class=date'.$date. '/div'; echo ' h3'.$dataRow[1].'/h3'; echo ' p'.$dataRow[2].'/pbr'; #echo $sql ; } mysql_close ( $conn ); #FORMATTING CODE HERE div id=footer p Other Users: br a href=pagename.php?view=JacobJacob Hackamack/a | a href=pagename.php?view=JulieJulie Hackamack/a | a href=pagename.php?view=DavidDavid Hackamack/a/p /div -Original Message- From: Jacob Hackamack [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 10:21 PM To: [EMAIL PROTECTED] Subject: Session Values Change Hello, I am trying to start a blog page where the person selects their person they want to view (bottom of the page) and then it somehow changes the session variable (top of the code) and then accesses the database. I was wondering, what is the correct way to do something like this. I have tried a couple of options (a hrefs) but they didnĀ¹t seem to work and was wondering if anybody had any suggestions. Thank You In Advance Jacob ?php session_start(); if (! isset($_SESSION['view'])) { $_SESSION['view'] = Jacob; } ? #FORMATTING CODE HERE $dbuser='php' ; $dbpass=''; $dbhost='localhost'; $conn = mysql_connect ( $dbhost , $dbuser , $dbpass ); //mysql_select_db ( web ); $sql = 'Select UNIX_TIMESTAMP(date) AS date,title,article from web.blog where user='.$view.' order by date desc LIMIT 10'; $result = mysql_query($sql); //Execute For Future Use: SELECT DATE_FORMAT(date,'%W, %D %M, %Y %l:%i%p') content FROM blog while ( $dataRow = mysql_fetch_row ( $result ) ) { $date=date(F dS Y h:i:s A, $dataRow[0]); echo 'a name='.$date.'/a'; echo ' div class=date'.$date. '/div'; echo ' h3'.$dataRow[1].'/h3'; echo ' p'.$dataRow[2].'/pbr'; #echo $sql ; } mysql_close ( $conn ); #FORMATTING CODE HERE div id=footer p Other Users: br Jacob Hackamack | Julie Hackamack | David Hackamack/p /div -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] RE: What's wrong with this QUERY?? - Thanks all.
Harmeet, The field email is obviously a field that can accept strings. In SQL, you must wrap strings in single-quotes. So, rewrite your query as: $query = SELECT id, email, familyname FROM members WHERE email='$thing'; The reason it worked for id=$thing is that the id field is probably an integer field and integers do not require quotes. Remember, wrap your strings in quotes and don't wrap your numbers (unless the number is really a string in disquise.) Good luck, Bob -Original Message- From: Harry G [mailto:harry (removethis)@gabha.net] Sent: Thursday, July 22, 2004 10:59 PM To: [EMAIL PROTECTED] Subject: Re: What's wrong with this QUERY?? - Thanks all. Thank you everybody. Harry G [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I have a database with members details and PK is id. $thing = [EMAIL PROTECTED]; $query = SELECT id, email, familyname FROM members WHERE email=$thing; $result = mysql_query($query); If i do a query where id=$thing. and $thing=20; this works fine and I get the desired result. But what is wrong with the other one, when I do search for the email address?? The email address does exist exactly as quoted above in the email field in my members table but still doesn't produce any results. Any help is much appreciated. Harmeet -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php