php-general Digest 21 Apr 2013 01:24:35 -0000 Issue 8202
php-general Digest 21 Apr 2013 01:24:35 - Issue 8202 Topics (messages 320902 through 320916): Re: Newbie Question - Parse XML with PHP... 320902 by: tamouse mailing lists 320904 by: Matijn Woudt 320905 by: shiplu Re: mysql_connect noob question 320903 by: Matijn Woudt 320906 by: Glob Design Info 320907 by: Glob Design Info 320908 by: Tedd Sperling 320909 by: David OBrien 320910 by: Jim Giner 320911 by: Stuart Dallas 320912 by: Jim Giner 320913 by: Glob Design Info 320914 by: Tedd Sperling Looking for complete entered URL 320915 by: Angela Barone 320916 by: Tom Rogers Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- This will be brief as I'm on a tablet... On Apr 19, 2013 5:53 PM, dealTek deal...@gmail.com wrote: On Apr 19, 2013, at 3:32 PM, tamouse mailing lists tamouse.li...@gmail.com wrote: page1.php is sending out to credit card company - getting processed - then coming back to the *same page1.php* with the XML data listed below... Please expand what you mean by sending out and coming back - is this a REST or SOAP API call? In that case, the response body is likely to be the XML. - so I'm not going to some other page to get it - it is coming to me to the same page I am on.. so - after the XML result comes in - I need to assign the php to the XML somehow... How do you recognize the XML result com(ing) in ? Hi tamouse, with my untrained eye - it appears that this is what is 'sending out' $data = sendXMLviaCurl($xmlRequest,$gatewayURL); This is the sending and receiving -- the function uses curl to send your xml request and returns the response from that. and this might be what is 'responding back' on the same page $gwResponse = @new SimpleXMLElement((string)$data); $data contains the response, this is how you are processing it. Skipping the long and monolithic code, what I will suggest is that you break things up into modules, functions and procrdures, and write unit tests that will check each piece seperately. After you've verified that each step is working, then you can start to integrate the pieces, following the stricture of keeping code (logic), data, and presentation seperate. It is much easier to deal with debugging when your code is simple and does only one thing. Break out the part you are asking here about, the API call. Build up a viable test request that will get you a known response and make sure you are getting what you expect. My suspicion is that the response here isnot what you expect. ---End Message--- ---BeginMessage--- On Sat, Apr 20, 2013 at 12:51 AM, dealTek deal...@gmail.com wrote: On Apr 19, 2013, at 3:32 PM, tamouse mailing lists tamouse.li...@gmail.com wrote: page1.php is sending out to credit card company - getting processed - then coming back to the *same page1.php* with the XML data listed below... Please expand what you mean by sending out and coming back - is this a REST or SOAP API call? In that case, the response body is likely to be the XML. - so I'm not going to some other page to get it - it is coming to me to the same page I am on.. so - after the XML result comes in - I need to assign the php to the XML somehow... How do you recognize the XML result com(ing) in ? Hi tamouse, with my untrained eye - it appears that this is what is 'sending out' $data = sendXMLviaCurl($xmlRequest,$gatewayURL); and this might be what is 'responding back' on the same page $gwResponse = @new SimpleXMLElement((string)$data); you can see these lines towards the bottom at - // Process Step Three... Why did you prefix this with @? This way your hiding the real error that is probably the answer to why it is not working. - Matijn ---End Message--- ---BeginMessage--- Question: how do you use $mylist when the xml is not as a file but is returned on a web page? I assume It returns as a string from page. Then use simplexml_load_string(). See http://php.net/manual/en/function.simplexml-load-string.php -- Shiplu.Mokadd.im ImgSign.com | A dynamic signature machine Innovation distinguishes between follower and leader ---End Message--- ---BeginMessage--- On Sat, Apr 20, 2013 at 10:36 AM, tamouse mailing lists tamouse.li...@gmail.com wrote: No, that's for writing safe html output. If the user or password contains special chars, sending them through htmlspecialchars would turn them into html entities. i doubt you want that. I'm at a loss here. Pretty much the same goes for me. It could be charset issue, do your username
Re: [PHP] mysql_connect noob question
No, that's for writing safe html output. If the user or password contains special chars, sending them through htmlspecialchars would turn them into html entities. i doubt you want that. I'm at a loss here. The only thing Ican think of is to try something like this at the top of the script: ?php error_reporting(-1); ini_set('display_errors',1); ini_set('display_startup_errors',1); header(Content-type: text/plain); var_dump($_POST); exit; ? and see precisely what is being passed in from your form. On Apr 19, 2013 10:50 PM, Glob Design Info i...@globdesign.com wrote: No, no spaces. I am wondering if I need to use htmlspecialchars() On Apr 19, 2013, at 7:17 PM, Jim Giner jim.gi...@albanyhandball.com wrote: On 4/19/2013 9:33 PM, Glob Design Info wrote: They aren't on the same server. The DB is on xeround.com, the web server is localhost. The host value is set and working. If I hard-code the user and password values in the mysql_connect() call and leave the host value as is, it connects fine. Only passing the user and password from the form cause it to fail. On 4/19/13 5:47 PM, David Robley wrote: Glob Design Info wrote: Sorry. The error displayed is: *Warning*: mysql_connect() [function.mysql-connect http://localhost/wservices/function.mysql-connect]: Access denied for user 'user'@'ip70-162-142-180.ph.ph.cox.net' (using password: YES) in */Library/WebServer/Documents/wservices/connect.php* on line *29* (But with the real user name, not just 'user') Thanks, On 4/19/13 3:28 PM, tamouse mailing lists wrote: On Fri, Apr 19, 2013 at 3:43 PM, Glob Design Info i...@globdesign.com wrote: I know this has probably been answered already. When I pass a user name and password from a form to my PHP script and then pass those to mysql_connect it doesn't connect. When I paste those exact same values into mysql_connect as string literals it works. Can anyone tell me why this happens? I know the strings are identical to the literals I try in a test but they don't work when submitted via form. $form_user = $_POST[ 'user' ]; $form_pass = $_POST[ 'password' ]; # Connect to remote DB $LINK = mysql_connect( $host, $form_user, $form_pass ); Please show the error you are getting from the mysql_connect And yes, my $host param is correct. Thanks, -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php First guess is that you don't have privileges for 'user'@'ip70-162-142-180.ph.ph.cox.net', but you may have privileges for 'user'. And, what are you using for the $host value? If the script and mysql are on the same server, it shouldn't need to be anything other than 'localhost'. Do your user or password contain spaces, thereby requiring quotes in your call? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Newbie Question - Parse XML with PHP...
This will be brief as I'm on a tablet... On Apr 19, 2013 5:53 PM, dealTek deal...@gmail.com wrote: On Apr 19, 2013, at 3:32 PM, tamouse mailing lists tamouse.li...@gmail.com wrote: page1.php is sending out to credit card company - getting processed - then coming back to the *same page1.php* with the XML data listed below... Please expand what you mean by sending out and coming back - is this a REST or SOAP API call? In that case, the response body is likely to be the XML. - so I'm not going to some other page to get it - it is coming to me to the same page I am on.. so - after the XML result comes in - I need to assign the php to the XML somehow... How do you recognize the XML result com(ing) in ? Hi tamouse, with my untrained eye - it appears that this is what is 'sending out' $data = sendXMLviaCurl($xmlRequest,$gatewayURL); This is the sending and receiving -- the function uses curl to send your xml request and returns the response from that. and this might be what is 'responding back' on the same page $gwResponse = @new SimpleXMLElement((string)$data); $data contains the response, this is how you are processing it. Skipping the long and monolithic code, what I will suggest is that you break things up into modules, functions and procrdures, and write unit tests that will check each piece seperately. After you've verified that each step is working, then you can start to integrate the pieces, following the stricture of keeping code (logic), data, and presentation seperate. It is much easier to deal with debugging when your code is simple and does only one thing. Break out the part you are asking here about, the API call. Build up a viable test request that will get you a known response and make sure you are getting what you expect. My suspicion is that the response here isnot what you expect.
Re: [PHP] mysql_connect noob question
On Sat, Apr 20, 2013 at 10:36 AM, tamouse mailing lists tamouse.li...@gmail.com wrote: No, that's for writing safe html output. If the user or password contains special chars, sending them through htmlspecialchars would turn them into html entities. i doubt you want that. I'm at a loss here. Pretty much the same goes for me. It could be charset issue, do your username and password consist of only ASCII characters, or do they also contain others? If so, then it might be that your sending these characters in a different charset. - Matijn
Re: [PHP] Newbie Question - Parse XML with PHP...
On Sat, Apr 20, 2013 at 12:51 AM, dealTek deal...@gmail.com wrote: On Apr 19, 2013, at 3:32 PM, tamouse mailing lists tamouse.li...@gmail.com wrote: page1.php is sending out to credit card company - getting processed - then coming back to the *same page1.php* with the XML data listed below... Please expand what you mean by sending out and coming back - is this a REST or SOAP API call? In that case, the response body is likely to be the XML. - so I'm not going to some other page to get it - it is coming to me to the same page I am on.. so - after the XML result comes in - I need to assign the php to the XML somehow... How do you recognize the XML result com(ing) in ? Hi tamouse, with my untrained eye - it appears that this is what is 'sending out' $data = sendXMLviaCurl($xmlRequest,$gatewayURL); and this might be what is 'responding back' on the same page $gwResponse = @new SimpleXMLElement((string)$data); you can see these lines towards the bottom at - // Process Step Three... Why did you prefix this with @? This way your hiding the real error that is probably the answer to why it is not working. - Matijn
Re: [PHP] Newbie Question - Parse XML with PHP...
Question: how do you use $mylist when the xml is not as a file but is returned on a web page? I assume It returns as a string from page. Then use simplexml_load_string(). See http://php.net/manual/en/function.simplexml-load-string.php -- Shiplu.Mokadd.im ImgSign.com | A dynamic signature machine Innovation distinguishes between follower and leader
Re: [PHP] mysql_connect noob question
Thanks for that good suggestion. I tried that and as expected, the passed variables are coming through exactly as expected: array(3) { [user]= string(3) joe [password]= string(11) complacency [login]= string(5) Login } The bottom one seems to be the submit button's tag. I'm at a loss too. It should work. Replacing all 3 script variables with hard-coded values for the login works fine - so I know the host string is fine. Very weird! On 4/20/13 1:36 AM, tamouse mailing lists wrote: No, that's for writing safe html output. If the user or password contains special chars, sending them through htmlspecialchars would turn them into html entities. i doubt you want that. I'm at a loss here. The only thing Ican think of is to try something like this at the top of the script: ?php error_reporting(-1); ini_set('display_errors',1); ini_set('display_startup_errors',1); header(Content-type: text/plain); var_dump($_POST); exit; ? and see precisely what is being passed in from your form. On Apr 19, 2013 10:50 PM, Glob Design Info i...@globdesign.com wrote: No, no spaces. I am wondering if I need to use htmlspecialchars() On Apr 19, 2013, at 7:17 PM, Jim Giner jim.gi...@albanyhandball.com wrote: On 4/19/2013 9:33 PM, Glob Design Info wrote: They aren't on the same server. The DB is on xeround.com, the web server is localhost. The host value is set and working. If I hard-code the user and password values in the mysql_connect() call and leave the host value as is, it connects fine. Only passing the user and password from the form cause it to fail. On 4/19/13 5:47 PM, David Robley wrote: Glob Design Info wrote: Sorry. The error displayed is: *Warning*: mysql_connect() [function.mysql-connect http://localhost/wservices/function.mysql-connect]: Access denied for user 'user'@'ip70-162-142-180.ph.ph.cox.net' (using password: YES) in */Library/WebServer/Documents/wservices/connect.php* on line *29* (But with the real user name, not just 'user') Thanks, On 4/19/13 3:28 PM, tamouse mailing lists wrote: On Fri, Apr 19, 2013 at 3:43 PM, Glob Design Info i...@globdesign.com wrote: I know this has probably been answered already. When I pass a user name and password from a form to my PHP script and then pass those to mysql_connect it doesn't connect. When I paste those exact same values into mysql_connect as string literals it works. Can anyone tell me why this happens? I know the strings are identical to the literals I try in a test but they don't work when submitted via form. $form_user = $_POST[ 'user' ]; $form_pass = $_POST[ 'password' ]; # Connect to remote DB $LINK = mysql_connect( $host, $form_user, $form_pass ); Please show the error you are getting from the mysql_connect And yes, my $host param is correct. Thanks, -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php First guess is that you don't have privileges for 'user'@'ip70-162-142-180.ph.ph.cox.net', but you may have privileges for 'user'. And, what are you using for the $host value? If the script and mysql are on the same server, it shouldn't need to be anything other than 'localhost'. Do your user or password contain spaces, thereby requiring quotes in your call? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql_connect noob question
Goog suggestion. The user name is an email address so it does contain @. Password is all pure lowercase ASCII. Wonder if the shift-2 is causing the problem? On 4/20/13 4:44 AM, Matijn Woudt wrote: On Sat, Apr 20, 2013 at 10:36 AM, tamouse mailing lists tamouse.li...@gmail.com wrote: No, that's for writing safe html output. If the user or password contains special chars, sending them through htmlspecialchars would turn them into html entities. i doubt you want that. I'm at a loss here. Pretty much the same goes for me. It could be charset issue, do your username and password consist of only ASCII characters, or do they also contain others? If so, then it might be that your sending these characters in a different charset. - Matijn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql_connect noob question
On Apr 19, 2013, at 4:43 PM, Glob Design Info i...@globdesign.com wrote: I know this has probably been answered already. When I pass a user name and password from a form to my PHP script and then pass those to mysql_connect it doesn't connect. When I paste those exact same values into mysql_connect as string literals it works. Can anyone tell me why this happens? I know the strings are identical to the literals I try in a test but they don't work when submitted via form. $form_user = $_POST[ 'user' ]; $form_pass = $_POST[ 'password' ]; # Connect to remote DB $LINK = mysql_connect( $host, $form_user, $form_pass ); And yes, my $host param is correct. Thanks, Why are you allowing anyone to connect to your database from a form? Cheers, tedd _ tedd.sperl...@gmail.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql_connect noob question
$form_user = $_POST[ 'user' ]; $form_pass = $_POST[ 'password' ]; # Connect to remote DB $LINK = mysql_connect( $host, $form_user, $form_pass ); And yes, my $host param is correct. Have you tried $LINK = mysql_connect( $host, $form_user, $form_pass ); just for the heck of it?
Re: [PHP] mysql_connect noob question
Why are you allowing anyone to connect to your database from a form? Cheers, tedd _ tedd.sperl...@gmail.com http://sperling.com A little OT, but... What do you mean by this question? How do you check someone's credentials if not by connecting to a db to verify the login? Cause I'm doing the same kind of thing all over the place. With good practices on validation and such before doing my query of course. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql_connect noob question
On 20 Apr 2013, at 16:25, Jim Giner jim.gi...@albanyhandball.com wrote: Why are you allowing anyone to connect to your database from a form? A little OT, but... What do you mean by this question? How do you check someone's credentials if not by connecting to a db to verify the login? Cause I'm doing the same kind of thing all over the place. With good practices on validation and such before doing my query of course. I'm pretty sure that's not what tedd meant. The code is logging in to the database server using the username and password from the form. There are very few legitimate reasons to be doing this, so the question is well worth asking. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql_connect noob question
On 4/20/2013 11:44 AM, Stuart Dallas wrote: On 20 Apr 2013, at 16:25, Jim Giner jim.gi...@albanyhandball.com wrote: Why are you allowing anyone to connect to your database from a form? A little OT, but... What do you mean by this question? How do you check someone's credentials if not by connecting to a db to verify the login? Cause I'm doing the same kind of thing all over the place. With good practices on validation and such before doing my query of course. I'm pretty sure that's not what tedd meant. The code is logging in to the database server using the username and password from the form. There are very few legitimate reasons to be doing this, so the question is well worth asking. -Stuart oops - now I see. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql_connect noob question
Same error. That just turns those into string literals. On 4/20/13 5:48 AM, David OBrien wrote: $form_user = $_POST[ 'user' ]; $form_pass = $_POST[ 'password' ]; # Connect to remote DB $LINK = mysql_connect( $host, $form_user, $form_pass ); And yes, my $host param is correct. Have you tried $LINK = mysql_connect( $host, $form_user, $form_pass ); just for the heck of it? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql_connect noob question
On Apr 20, 2013, at 11:44 AM, Stuart Dallas stu...@3ft9.com wrote: On 20 Apr 2013, at 16:25, Jim Giner jim.gi...@albanyhandball.com wrote: Why are you allowing anyone to connect to your database from a form? A little OT, but... What do you mean by this question? How do you check someone's credentials if not by connecting to a db to verify the login? Cause I'm doing the same kind of thing all over the place. With good practices on validation and such before doing my query of course. I'm pretty sure that's not what tedd meant. The code is logging in to the database server using the username and password from the form. There are very few legitimate reasons to be doing this, so the question is well worth asking. -Stuart Stuart is exactly right. If you are checking someone's credentials to access your site, such as a user, then giving them the keys to the kingdom is a bit of an overkill. My advice, set up user_id and password fields in a user table for users you want to access some portion of your site, here's the code to do that: http://sperling.com/php/authorization/log-on.php Where I have said // define your user id here is the place to actually open your database and access your user table to gather the correct user_id and password. I also suggest that when you open the database you only use literals from a config.php file ($dbhost,$dbuser,$dbpass) for accessing the actual database and then check the user_id and password before giving them authorization to private areas. Keep the private stuff private! Cheers, tedd _ tedd.sperl...@gmail.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Looking for complete entered URL
I've written a script that logs all visits to a web site, complete with referrer and IP address. It also logs all 4xx errors. What I'd like to add to this is, if someone adds extra code after the page_name.php, to be able to capture any extra code and log that. I've tried: $_SERVER['QUERY_STRING'] $_SERVER['REDIRECT_QUERY_STRING'] $_SERVER['REDIRECT_URL'] but nothing seems to get logged. Is there a way, when either a false url is entered and a 404 is generated, or just when someone tacks on extra code to the URL, that I can grab that extra info? I'm looking for the complete URL that was entered by the user, not anything returned by the server. I've created my own 4xx_error.php files which calls my tracking script, along with creating the proper ErrorDocument lines in the main .htaccess file. There are a lot of pages that have come up in my search, but nothing seems to pertain to what I'm trying to do. Thank you, Angela BTW, I know about Piwik and I use that, as well. This is something I'm doing on my own. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Looking for complete entered URL
Hello Angela, Sunday, April 21, 2013, 4:51:37 AM, you wrote: I've written a script that logs all visits to a web site, complete with referrer and IP address. It also logs all 4xx errors. What I'd like to add to this is, if someone adds extra code after the page_name.php, to be able to capture any extra code and log that. I've tried: $_SERVER['QUERY_STRING'] $_SERVER['REDIRECT_QUERY_STRING'] $_SERVER['REDIRECT_URL'] but nothing seems to get logged. Is there a way, when either a false url is entered and a 404 is generated, or just when someone tacks on extra code to the URL, that I can grab that extra info? I'm looking for the complete URL that was entered by the user, not anything returned by the server. I've created my own 4xx_error.php files which calls my tracking script, along with creating the proper ErrorDocument lines in the main .htaccess file. There are a lot of pages that have come up in my search, but nothing seems to pertain to what I'm trying to do. Thank you, Angela BTW, I know about Piwik and I use that, as well. This is something I'm doing on my own. You can put this in the page and email your self the information that is available: ?php ob_start(); phpinfo(INFO_VARIABLES); $s = ob_get_contents(); ob_end_clean(); email('y...@wherever.com', 'Error Listing, $s); Then you can see all that's present and work out what to trap -- Best regards, Tommailto:trog...@kwikin.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql_connect noob question
Night now this is just a test server. On the real thing I'll do it right. On 4/20/13 10:58 AM, Tedd Sperling wrote: On Apr 20, 2013, at 11:44 AM, Stuart Dallas stu...@3ft9.com wrote: On 20 Apr 2013, at 16:25, Jim Giner jim.gi...@albanyhandball.com wrote: Why are you allowing anyone to connect to your database from a form? A little OT, but... What do you mean by this question? How do you check someone's credentials if not by connecting to a db to verify the login? Cause I'm doing the same kind of thing all over the place. With good practices on validation and such before doing my query of course. I'm pretty sure that's not what tedd meant. The code is logging in to the database server using the username and password from the form. There are very few legitimate reasons to be doing this, so the question is well worth asking. -Stuart Stuart is exactly right. If you are checking someone's credentials to access your site, such as a user, then giving them the keys to the kingdom is a bit of an overkill. My advice, set up user_id and password fields in a user table for users you want to access some portion of your site, here's the code to do that: http://sperling.com/php/authorization/log-on.php Where I have said // define your user id here is the place to actually open your database and access your user table to gather the correct user_id and password. I also suggest that when you open the database you only use literals from a config.php file ($dbhost,$dbuser,$dbpass) for accessing the actual database and then check the user_id and password before giving them authorization to private areas. Keep the private stuff private! Cheers, tedd _ tedd.sperl...@gmail.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php