[PHP] Re: HipHop and other PHP compiler performance evaluation
Manuel Lemos schreef: FYI http://digg.com/programming/PHP_compiler_performance A nice article, thank you for the information! -- Kind regards, Mark Cilissen / Pixlism -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Login Script: mysql_num_rows(): supplied argument is not a valid MySQL result resource
David Hutto schreef:
--- On Fri, 2/19/10, David Hutto dwightdhu...@yahoo.com wrote:
From: David Hutto dwightdhu...@yahoo.com
Subject: Login Script: mysql_num_rows(): supplied argument is not a valid MySQL
result resource
To: php-general@lists.php.net
Date: Friday, February 19, 2010, 3:30 AM
The following script is supposed to validate a username and password in a mysql
db. When entering the username and password of a preregistered user, I get the
following errors:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
resource in /var/www/login.php on line 24
Warning: Cannot modify header information - headers already sent by (output
started at /var/www/login.php:24) in /var/www/login.php on line 26
On line 24 is:
if(!mysql_num_rows($login)) //if the username and pass are wrong
--The supplied argument is $login, which is previously defined as:
$login = mysql_query(SELECT * FROM 'userinfo' WHERE `user` = '$user' AND `pass` =
'$pass`);
--which is further defined above it as these values:
$user = $_POST['user']; //pulls the username from the form
$pw = $_POST['pass']; //pulls the pass from the form
$pass = md5($pw); //makes our password an md
So why is the sum of those previous definitions an invalid argument for the
mysql_query() to test for whether the username and md5 password values are
true/equivalent to each other?
Because basically !mysql_num_rows($login) is just if'ing the lack of a
user/pass match, else it continues to set cookie and session variables.
If I'm looking at this wrong let me know.
Thanks for any help you may be able to provide, below is the
full login.php page.
David
This is the full login.php script, I'm pretty sure no other portions are needed
to show at this point for the current problem:
?php
$act = $_GET['act']; //retrives the page action
if(empty($act)) //if there is no action
{
echo('form action=login.php?act=auth method=post name=loginform
id=loginform
pUsername
input type=text name=user
/p
pPassword
input type=password name=pass
/p
p
input type=submit name=Submit value=Login
/p
/form');
}
elseif($act == auth) //if our page action = auth
{
$user = $_POST['user']; //pulls the username from the form
$pw = $_POST['pass']; //pulls the pass from
the form
$pass = md5($pw); //makes our password an md5
include(connect.php); //connects to our mysql database
$login = mysql_query(SELECT * FROM `userinfo` WHERE `user` = '$user' AND `pass` =
'$pass`); //selects info from our table if the row has the same user and pass that
our form does
if(!mysql_num_rows($login)) //if the username and pass are wrong
{
header(Location: login.php); //redirects to our login page
die(); //stops the page from going any further
}
else
{
setcookie(user, $user, time()+3600);//sets our user cookie
setcookie(pass, $pass, time()+3600);//sets our pass
cookie
header(Location: memprar.php);//instead of yourpage.php it
would be your protected page
}
}
?
The query should be:
SELECT * FROM `userinfo` WHERE `user` = '$user' AND `pass` = '$pass'
Remember: ` for tables and columns, ' for strings.
Also, look up SQL Injection, as your script contains a huge vulnerability.
This can be fixed using mysql_real_escape_string, so it is this:
ELECT * FROM `userinfo` WHERE `user` =
'.mysql_real_escape_string($user).' AND `pass` =
'.mysql_real_escape_string($pass).'
--
Kind regards,
Mark Cilissen / Pixlism
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Login Script: mysql_num_rows(): supplied argument isnot a valid MySQL result resource
Ashley Sheridan schreef:
On Fri, 2010-02-19 at 18:30 +0100, Mark Cilissen wrote:
David Hutto schreef:
--- On Fri, 2/19/10, David Hutto dwightdhu...@yahoo.com wrote:
From: David Hutto dwightdhu...@yahoo.com
Subject: Login Script: mysql_num_rows(): supplied argument is not a valid MySQL
result resource
To: php-general@lists.php.net
Date: Friday, February 19, 2010, 3:30 AM
The following script is supposed to validate a username and password in a mysql
db. When entering the username and password of a preregistered user, I get the
following errors:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
resource in /var/www/login.php on line 24
Warning: Cannot modify header information - headers already sent by (output
started at /var/www/login.php:24) in /var/www/login.php on line 26
On line 24 is:
if(!mysql_num_rows($login)) //if the username and pass are wrong
--The supplied argument is $login, which is previously defined as:
$login = mysql_query(SELECT * FROM 'userinfo' WHERE `user` = '$user' AND `pass` =
'$pass`);
--which is further defined above it as these values:
$user = $_POST['user']; //pulls the username from the form
$pw = $_POST['pass']; //pulls the pass from the form
$pass = md5($pw); //makes our password an md
So why is the sum of those previous definitions an invalid argument for the
mysql_query() to test for whether the username and md5 password values are
true/equivalent to each other?
Because basically !mysql_num_rows($login) is just if'ing the lack of a
user/pass match, else it continues to set cookie and session variables.
If I'm looking at this wrong let me know.
Thanks for any help you may be able to provide, below is the
full login.php page.
David
This is the full login.php script, I'm pretty sure no other portions are needed
to show at this point for the current problem:
?php
$act = $_GET['act']; //retrives the page action
if(empty($act)) //if there is no action
{
echo('form action=login.php?act=auth method=post name=loginform
id=loginform
pUsername
input type=text name=user
/p
pPassword
input type=password name=pass
/p
p
input type=submit name=Submit value=Login
/p
/form');
}
elseif($act == auth) //if our page action = auth
{
$user = $_POST['user']; //pulls the username from the form
$pw = $_POST['pass']; //pulls the pass from
the form
$pass = md5($pw); //makes our password an md5
include(connect.php); //connects to our mysql database
$login = mysql_query(SELECT * FROM `userinfo` WHERE `user` = '$user' AND `pass` =
'$pass`); //selects info from our table if the row has the same user and pass that
our form does
if(!mysql_num_rows($login)) //if the username and pass are wrong
{
header(Location: login.php); //redirects to our login page
die(); //stops the page from going any further
}
else
{
setcookie(user, $user, time()+3600);//sets our user cookie
setcookie(pass, $pass, time()+3600);//sets our pass
cookie
header(Location: memprar.php);//instead of yourpage.php it
would be your protected page
}
}
?
The query should be:
SELECT * FROM `userinfo` WHERE `user` = '$user' AND `pass` = '$pass'
Remember: ` for tables and columns, ' for strings.
Also, look up SQL Injection, as your script contains a huge vulnerability.
This can be fixed using mysql_real_escape_string, so it is this:
ELECT * FROM `userinfo` WHERE `user` =
'.mysql_real_escape_string($user).' AND `pass` =
'.mysql_real_escape_string($pass).'
--
Kind regards,
Mark Cilissen / Pixlism
I did cover all of those points and give the same sanitisation
suggestion in the email I sent to this question earlier!
Thanks,
Ash
http://www.ashleysheridan.co.uk
Didn't see it, it was in another thread.
--
Kind regards,
Mark Cilissen / Pixlism
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: shell_exec fails to compile java class?
דניאל דנון schreef: Where are you trying to write text.txt? Are you setting a current working directory in your batch file? Do you have write permission in this directory? (copied it to make it easier to understand my answer) In the same folder. Yes, there is a cd javafiles Yes. I know its not a permission / directory sort of things, since when there are no errors - the .class compiled java files are created properly. On Fri, Nov 6, 2009 at 9:11 PM, John List johnl...@gulfbridge.net wrote: ? wrote: Hello, Thank you - I've managed to do that using a bat file like you suggested. Only problem is that: When I try to call: C:\\Java\bin\javac.exe Tester.java test.txt (Which should run Tester.java and log any results into test.txt), When there are compilation errors and this command returns results - test.txt stays empty. Any suggestions? Where are you trying to write text.txt? Are you setting a current working directory in your batch file? Do you have write permission in this directory? john On Wed, Nov 4, 2009 at 4:34 PM, Nathan Rixham nrix...@gmail.com wrote: ? wrote: Hello! I need to use shell_exec (or any other similar function) in order to compile a java class-file. I have all the needed components installed on my computer (Windows XP with Java SDK) - I can use java c:\path in order to compile using Start-Run. When I try to do the same with shell_exec or `` it returns null and it doesn't compiles. Even when there are errors - it doesn't show them at all. I've tried to use instead of java c:\path... the full java command line compiler path but it didn't work either. When I try functions such as echo test it works. Clearly I'm missing here something - problem is... what? create an ant builder or .bat and call that instead; most likely because the environment isn't set up correctly when executing via php; thus when using ant or bat you can set everything up correctly as needed. always use PHP on linux but permissions and the scope / permissions of the account php runs under may come in to play? nathan Hello, You should execute: C:\\Java\bin\javac.exe Tester.java 1test.txt 21 This will redirect normal messages as well as errors to your text file. -- Kind regards, Mark Cilissen / Pixlism -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: What would stop header(Location...) from working?
tedd schreef: Hi gang: I just had a script stop following this statement: header(Location:users.php); It *was* working, but now instead of running users.php, it defaults to the parent script. When I place exit() after it, such as: header(Location:users.php); exit(); The script simply exits. It does not continue to users.php -- BUT -- it did. What would stop this statement from working? Thanks, tedd If ANYTHING is output before header(), it stops working. Did you turn off error reporting? You might want to double-check, because it returns an error if anything is output. -- Kind regards, Mark Cilissen / Pixlism -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Unsuscribe
Manuel Morini schreef: I want a list in spanish about PHP Thank you Manuel.morini Try php.general.es. -- Mark Cilissen / Pixlism http://www.ninyou.nl -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: simple xml object
AChris W schreef:
I have the following xmlwith standard tags changed to [ and ] to
prevent mail clients from encoding it as html.
[?xml version=1.0?]
[resultset errors=0 results=86]
[result id=20080922133104871678 lastinspected=9/29/2009
0:00]0.4[/result]
[result id=20080922133104871678 lastinspected=8/28/2009
0:00]1.1[/result]
. . .
I am using the simplexml_load_string to read it in to an object and
execute the following code
$xml = simplexml_load_string($content);
foreach($xml as $Result){
print_r($Result);
foreach($Result-attributes() as $i = $v){
$$i = $v;
print Attr: $i = '$v'\n;
}
}
that all works fine. Problem is I can't figure out how to get the
acutual value (0.4 and 1.1). I also don't know why I can't simply do
something like
$id = $Result-attributes()-id;
the output of this looks like
SimpleXMLElement Object
(
[...@attributes] = Array
(
[id] = 20080922133104871678
[lastinspected] = 9/29/2009 0:00
)
[0] = 0.4
)
Attr: id = '20080922133104871678'
Attr: lastinspected = '9/29/2009 0:00'
SimpleXMLElement Object
(
[...@attributes] = Array
(
[id] = 20080922133104871678
[lastinspected] = 8/28/2009 0:00
)
[0] = 1.1
)
Attr: id = '20080922133104871678'
Attr: lastinspected = '8/28/2009 0:00'
How do I read the [0] value? $Result[0] gives me nothing.
Although I'm not that familiar with SimpleXML, since the value returned
is an object, wouldn't $Result-0 do the trick?
--
Kind regards,
Mark Cilissen / Pixlism
http://www.ninyou.nl
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Unsuscribe
Manuel Morini schreef: I want a list in spanish about PHP Thank you Manuel.morini Try php.general.es. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
