RE: [PHP] PC MAG article
Lol :) Obviously they didn't even look at the ODBC functions part of PHP :) Besides I don't know what they're bitching about DB abstraction layer anyway. I mean Oracle SQL and MS SQL and MYSQL and Interbase SQL is not exatcly compatible :) So even if you use the DB Abstraction layer to connect to the DB you still screwed when it comes to SQL syntax :) At least with PHP you can use tool like Metabase libs which will perform abstraction for stuff like this as well as DB connection etc. :) My $0.02 -Original Message- From: Ryan Christensen [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 10, 2001 10:31 AM To: Philip Olson; Mike Cc: [EMAIL PROTECTED] Subject: Re: [PHP] PC MAG article Lol.. quoted.. PHP proponents argue that abstraction layers dumb down and slow down access to databases, but we think they can increase developer productivity, facilitate application migration, and cut training costs. Cut training costs? Yeah.. let's use an inefficient system just so we can save some money? (even though PHP is already free!!!) hehe.. Ryan Christensen OlyPen Technical Support [EMAIL PROTECTED] 360.457.3000 800.303.8696 - Original Message - From: Philip Olson [EMAIL PROTECTED] To: Mike [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, May 09, 2001 5:26 PM Subject: Re: [PHP] PC MAG article for informational purposes, it can be seen here : http://www.zdnet.com/pcmag/stories/reviews/0,6755,2713481,00.html no comment. :) regards, philip On Wed, 9 May 2001, Mike wrote: As a devoted php programmer I was surprised how bad PC MAG blasted php this month.It sound as if it doesnt scale very well(Ive never had more than a few people on my site at once).Any comments??? Thanks Mike [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] mySQL Question....
if i perform a SELECT query (say) like the following: SELECT email_addr FROM myTable WHERE x = 1 in this query i want to pull-out (or list) all email addresses where x equals 1, however, suppose i don't want any duplicate email addresses... would i use ORDER BY and COUNT(*) to get listing of non-duplicate email addresses, and just ignore the COUNT() ? You would use neither :) To get the distict email addressese you can use SELECT email_addr FROM myTable WHERE x = 1 GROUP BY email_addr Check MySQL manual for SELECT options for more info. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] L?
Try this site http://www.cod.edu/people/faculty/lawrence/romaindx.htm -Original Message- From: Kurth Bemis [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 10, 2001 10:14 AM To: [EMAIL PROTECTED] Subject: [PHP] L? what does the roman numeral L mean? can someone point me to a page that has all of the roman numerals and their English equivlents? i forgot? ~kurth -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Decrypt Function?
Unix "Crypt" function is a one way encrypytion algorithm therefore you can not technically decrupted as such. The way that you can check to see if the given uncrypted value is equals to its crypted value is to 1) Crypt the string with the same "salt" 2) Compare this with the crypted version If these 2 are the same then you assume that the 2 strings are equal. If you really want to "decrypt" the string i.e. turn the encrypted version into its original readable text then you'll have to use Mcrypt() functions in PHP instead (if you have PHP 4 and above ). There are also other Encrytion functions available, check in the manual: http://www.php.net/manual/en/ref.mcrypt.php -Original Message- From: Chris Anderson [mailto:[EMAIL PROTECTED]] Sent: Saturday, March 24, 2001 8:44 AM To: PHP Subject: [PHP] Decrypt Function? Is there any way to decrypt dat encrypted using the crypt function? If not, then what purpose does that function have? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Munging hidden/form variables
I can think of one way that you can take in an attempy to prevent this. It is not totally fool proof but it will make it more difficult to send spoof data: 1) Check your HTTP refereer when the form is submitted. If the referer is not from your host then don't process the form. Of course this can be faked quite easily if this person knows what (s)he doing. It is possible (I've done it) to find out all the variables that make up a form on a particular site, generate a similar form on your site with that form's action being the CGI/PHP script that the particular site uses to process the form once submitted, modify the values for the form variables to be anything you want and submit the form that resides on your site. This will basically submit totally fabricated data to the foriegn site and possibly screw them up somehow and/or in some way. Is there any way to defend against this? Is there any way to ensure that when a form is submitted that the submission request originated from your site/domain and not somewhere else? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] -----s--- bit
Hi, Why do you want to access /etc/shadow from your PHP?. As a general rules of thumb that's a pretty bad idea. The reason for this is that /etc/shadow is owned by Root and it's *should* only be readable by Root and noone else. Now in answer to your question "Why your PHP" script can't read /etc/shadow is that if you're PHP script is running as Apache module (or even a stand alone CGI). Your User ID would most likely *not* be Root. Thus you are not allowed to read the /etc/shadow. You are able to fix this by running the Apache process as Root! THIS IS A VERY VERY bad idea but possible nonetheless as it is a huge security hazard. To configure Apache to run as Root, check out Apache doc HTH. Hi, I am running apache server as user/group=apache/httpd And want to access the shadow file to authenticate my users from the system. shadow file is owned by root and chmod to 400. server-root:/5:28pmls -al /etc/shadow -r 1 root sys 27695 Feb 22 10:06 /etc/shadow I can access the shadow from cgi-bin / c code by giving the chmod +s bit . -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]