Re: [PHP] Drop down lists
Yes it's possible. I believe there's a way to do it with PEAR also but I've never done it that way before. I always do:
---
--- Please Choose a Username ---
// retrieve a list of usernames from the DB
$results = mysql_query("SELECT userID, username FROM users")
or die ("could not perform requested query");
// make sure we got a list of usernames back
if (mysql_num_rows($results) != 0)
{
// process the returned results
for ($i = 0; $i < mysql_num_rows($results); $i++)
{
// get a row of results back from the result set
$row = mysql_fetch_array($results);
// construct the dropdown menu item
echo "" . $row["username"] . "";
}
}
else
{
echo "No names in the database";
}
?>
Of course you need to embed this within a tag.
-Pete
---
On Sun, 2004-01-18 at 01:18, BigMark wrote:
Is it possible to have usernames from my db populated into a drop down
list.
If so What and where does it go to make it all work, ive tried everything i
know
( which is not much by the way).
Mark
--
perl -e 'print pack("H*", "70766572746573406E79632E72722E636F6D0A")'
signature.asc
Description: This is a digitally signed message part
Re: [PHP] Thumbnails in database
On Sat, 2004-01-17 at 16:44, Kevin Waterson wrote:
> Why create thumnails? You can resize the images on
> the fly when needed.
This would be too expensive.
I need to store the thumbnails in the database.
So, I need to resize the image at the same time as I store it.
I can do this and save the thumbnail in the file system, but
cannot save the thumbnail in the database.
Kevin,
I'm working on a web based photo gallery site which stores images in a MySQL database so you and I are working on something pretty similar. Like you I'm storing both the thumbnail (150x150) and a full sized image (768x512 or 512x768 depending on image orientation) in the database. You you could only store the full sized images in a database and resize them to thumbnails when they are needed but when you have 25 or more thumbnails to display on the same page resizing them on the fly pegs the CPU at 100% and if you have any other sites running on that same box they will experience a slow down too so that is why I opted to store the thumbnails in the database also. Disk space is very cheap and the thumbnails don't take too much space. Worse case scenario you can add another drive to the machine you are hosting the site on and presto, you have more disk space.
In my web application I create the thumbnail and the full sized image all in one pass when a user uploads an image though a web page. Creating both the thumbnail and the full size images doesn't take that much CPU time. If I load in an image from my 2 megapixel digital camera (1600x1200) it will take 0.3 seconds on my 1.8GHz P4 to resize the image to a thumbnail and to a full sized image to be displayed in my web gallery.
I don't know how to create an image in memory and write that to the database so I'm writing both the thumbnail and the full sized image out to my /tmp directory and then re-reading them into the database. At first I thought it might seem to be a bit inefficient but with this method I'm getting the 0.3s time to read in the original file, create a thumbnail, write it out to disk, read it into the database, create a full sized image, write it out to disk, read it into the database so I'm pretty happy with it. The code goes something like this:
---
// read in the image file from the disk that needs to be resized and uploaded
$image_original = ImageCreateFromJpeg($path_to_image_file_on_disk);
// allocate memory for the thumbnail image
$image_thumbnail = ImageCreateTrueColor($thumbnail_width, $thumbnail_height);
// copy and resize the original image into the thumbnail memory we have allocated
ImageCopyResized($image_thumbnail, $image_original, 0, 0, 0, 0, $thumbnail_width, $thumbnail_height, imagesx($image_original), imagesy($image_original));
// save the newly created thumbnail to disk
ImageJpeg($image_thumbnail, $path_to_save_thumbnail_image, 100);
// open up the thumbnail file for reading and then encode it with MIME Base64
$thumbnail_contents = base64_encode(fread(fopen($path_to_read_thumbnail_from, "rb"), filesize($path_to_read_thumbnail_from)));
// delete the thumbnail file from the disk
unlink($path_to_read_thumbnail_from);
// deallocate memory used to create our original and thumbnail images
ImageDestory($image_original);
ImageDestory($image_thumbnail);
---
You do the same thing for the full sized image you want to store in the database as well but you have to make sure you get the image's orientation right otherwise your resize will give you a hard time. When it's time to insert the images into the database for the thumbnail you will insert $thumbnail_contents and whatever else variable you chose for the full sized image. One thing to watch out for is that when you read the images from the database you want to use base64_decode() on them. Hope this works out for you. If you need more help give me a shout.
-Pete
--
perl -e 'print pack("H*", "70766572746573406E79632E72722E636F6D0A")'
signature.asc
Description: This is a digitally signed message part
Re: [PHP] dynamicly generating a transparent truecolor image
If you want to create a transparent image don't forget it must be a GIF. At least that's what my graphics guys have been telling me all these years :) -Pete On Jan 16, 2004, at 04:41, Michel van der Breggen wrote: hi, i have a problem, i would like to dynamicly generete a transparent truecolor image in php. The problem is that imagecreatetruecolor standard creates a black image. Does anybody have a solution for this? Thanks in advance, Michel van der Breggen [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] URL rewriting...anybody done this?
I had the same problem with PHP after I've upgraded to 4.3.3 from 4.3.1. I was tearing my hair out but couldn't figure out what was wrong. I ended up editing my php.ini file and turning REGISTER GLOBALS = On. It works fine now and since this is on my development box I don't really care about security that much. Hope this helped...
-Pete
P.S.: This all happened on a Gentoo Linux box...
On Wed, 2004-01-14 at 17:11, Ryan A wrote:
Oops sorry, missed that.
Heres whats on top of the page:
echo "Ok,we are in show.php";
if(isset($_GET["id"])){echo "Got \$_GET[id]";}else{echo "No
\$_GET[id]";}
if(isset($_GET["sid"])){echo "Got \$_GET[sid]";}else{echo "No
\$_GET[sid]";}
print_r($_GET);
print_r($_GET['id']);
print_r($_GET['sid']);
and heres the output:
Ok,we are in show.php
No $_GET[id]
No $_GET[sid]
Array ( )
Ideas?
Cheers,
-Ryan
On 1/14/2004 10:56:35 PM, Jason Wong ([EMAIL PROTECTED]) wrote:
> On Thursday 15 January 2004 05:01, Ryan A wrote:
>
> > I put this in for testing:
> >
> > if(isset($_GET["id"])){echo "Got \$_GET[id]";}else{echo
> "No
> > \$_GET[id]";}
> > if(isset($_GET["sid"])){echo "Got \$_GET[sid]";}else{echo
> "No
> > \$_GET[sid]";}
> >
> > and heres the output:
> > No $_GET[id]
> > No $_GET[sid]
> >
> > So the variables are not being passed
> > Any idea why and what I can do about this?
> > (Am a total newbie here)
>
> As was previously suggested just do a
>
> print_r($_GET)
>
> to see what, if anything,
> you're getting.
>
> --
> Jason Wong -> Gremlins Associates -> www.gremlins.biz
> Open Source Software Systems Integrators
> * Web Design & Hosting * Internet & Intranet Applications Development *
> --
> Search the list archives before you post
> http://marc.theaimsgroup.com/?l=php-general
> --
> /*
> Price's
> Advice:
> It's all a game -- play it to have fun.
> */
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--
perl -e 'print pack("H*", "70766572746573406E79632E72722E636F6D0A")'
signature.asc
Description: This is a digitally signed message part
Re: [PHP] File Upload Name Mangling Question
On Mon, 2004-01-12 at 19:33, Richard Davey wrote:
The filename isn't always the best way to tell. I mean I could rename
an mp3 to jpg and you'd think it was a jpg and happily insert it into
your database. Instead it's probably better to test the integrity of
the image itself.
I didn't even think about that. Thank you :)
If it's available on your web host (and it probably is) use this
function:
getimagesize()
Specifically, look at the 2nd index in the returned array (the image
type).
I was about the get the size of the image anyway so this way I can kill two birds with one stone. Thanks for the help Richard !
-Peter
--
perl -e 'print pack("H*", "70766572746573406E79632E72722E636F6D0A")'
signature.asc
Description: This is a digitally signed message part
[PHP] File Upload Name Mangling Question
I'm trying to upload a JPEG image into a database using PHP and I was successful with the upload. However today I wanted to add a check to make sure the user can only upload JPEG files and not any other files so I use preg_match() to check for the strings ".jpg" or ".jpeg" in the filename and after I've inserted this check into my code all my attempts to upload files started to fail. I was mulling over the code and I decided to print out the name of the uploaded file and to my suprise the name was mangled. Instead of it being "picture.jpg" it was "/tmp/progtemp/php/uploads/phpeZQiXd". Can anyone shed some light as to how I could check to make sure that only JPEG images get uploaded ? Thanks in advance...
-Pete
--
perl -e 'print pack("H*", "70766572746573406E79632E72722E636F6D0A")'
signature.asc
Description: This is a digitally signed message part
Re: [PHP] Exception number: c0000005 (access violation
Usually under Windows when you get a Memory Access Violation its a good indication that your power supply or RAM is on its way out. Is this happening to all apps or only PHP ? Unfortunately I don't know how to debug using a Dr. Watson dump but I do know of a free memory testing utility called MemTest86 (http://www.memtest86.com/). Sorry if I wasn't too much of a help. -Pete On Sat, 2004-01-10 at 17:06, Gunter Sammet wrote: I have 4.3.5-dev (Build Dec-22-2003) installed on a W2K Dell Inspiron 7500 and I am getting an error which I don't get with 4.1.1 and 4.3.4. Would like to learn how to debug things like that. Here is a dump of Dr. Watson: Application exception occurred: App: (pid=2228) When: 1/10/2004 @ 14:51:33.711 Exception number: c005 (access violation) *> System Information <* Computer Name: DELL User Name: Administrator Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 3 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: SammySolutions.com ltd. Registered Owner: Gunter Sammet *> Task List <* 0 Idle.exe 8 System.exe 148 smss.exe 172 csrss.exe 168 winlogon.exe 220 services.exe 232 lsass.exe 384 svchost.exe 436 svchost.exe 488 spoolsv.exe 512 ati2plab.exe 536 ibserver.exe 580 APACHE.exe 708 regsvc.exe 728 MSTask.exe 732 APACHE.exe 968 snmp.exe 1028 stisvc.exe 1060 vsmon.exe 1112 WinMgmt.exe 1136 svchost.exe 1164 svchost.exe 120 Explorer.exe 1460 jusched.exe 1448 interserver.exe 1440 Atiptaxx.exe 1420 EM_EXEC.exe 1392 zapro.exe 640 internat.exe 1512 AirPlus.exe 1520 trillian.exe 1760 mysqld-nt.exe 1796 PostCastServer..exe 1820 gcdnssrv.exe 1860 OUTLOOK.exe 996 IEXPLORE.exe 1916 IEXPLORE.exe 1980 IEXPLORE.exe 2020 IEXPLORE.exe 2060 IEXPLORE.exe 2100 IEXPLORE.exe 2184 PHPEdit.exe 2200 DBGLIS~1.exe 2168 IEXPLORE.exe 2280 IEXPLORE.exe 2192 IEXPLORE.exe 1084 APACHE.exe 1020 APACHE.exe 2228 php.exe 1532 drwtsn32.exe 0 _Total.exe (0040 - 0040D000) (77F8 - 77FFB000) (1000 - 1015) (7C4E - 7C599000) (77E1 - 77E75000) (77F4 - 77F7C000) (7505 - 75058000) (7503 - 75044000) (7800 - 78045000) (7C2D - 7C332000) (77D3 - 77D9E000) (7502 - 75028000) (77A5 - 77B3C000) (779B - 77A4B000) (1F7C - 1F7F4000) (76B3 - 76B6E000) (6318 - 631E5000) (7171 - 71794000) (782F - 78538000) (00CC - 00CD6000) (6E42 - 6E426000) (75E6 - 75E7A000) (782C - 782CC000) (7798 - 779A4000) (7734 - 77353000) (7752 - 77525000) (7732 - 77337000) (7515 - 7515F000) (7517 - 751BF000) (7C34 - 7C34F000) (751C - 751C6000) (7795 - 7797A000) (773B - 773DF000) (7738 - 773A3000) (7783 - 7783E000) (7788 - 7790E000) (7C0F - 7C152000) (774E - 77513000) (774C - 774D1000) (7753 - 77552000) (7736 - 77379000) (777E - 777E8000) (777F - 777F5000) (74FD - 74FEE000) (7501 - 75017000) State Dump for Thread Id 0x738 eax=0001 ebx=0005 ecx=0098 edx=00794010 esi=0012fd18 edi=00ce eip=77fcc2e2 esp=0012fb0c ebp=0012fca4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs= efl=0246 function: RtlAllocateHeap 77fcc2ca 51 pushecx 77fcc2cb 51 pushecx 77fcc2cc 81ec7401 sub esp,0x174 77fcc2d2 53 pushebx 77fcc2d3 56 pushesi 77fcc2d4 57 pushedi 77fcc2d5 8b7d08 mov edi,[ebp+0x8] ss:00bd9b8a= 77fcc2d8 897da4 mov [ebp+0xa4],edi ss:00bd9b8a= 77fcc2db 8065b800 and byte ptr [ebp+0xb8],0x0 ss:00bd9b8a=?? 77fcc2df 8b450c mov eax,[ebp+0xc] ss:00bd9b8a= FAULT ->77fcc2e2 0b4710 or eax,[edi+0x10] ds:01789ee6= 77fcc2e5 89450c mov [ebp+0xc],eax ss:00bd9b8a= 77fcc2e8 a9600f037d testeax,0x7d030f60 77fcc2ed 0f856aee jne _eFSQRT+0xe93 (77fcb15d) 77fcc2f3 817d100080 ss:00bd9b8a= cmp dword ptr [ebp+0x10],0x8000 77fcc2fa 0f835dee jnb _eFSQRT+0xe93 (77fcb15d) 77fcc300 837d1000 cmp dword ptr [ebp+0x10],0x0 ss:00bd9b8a= 77fcc304 0f8424f8 je RtlSizeHeap+0x228 (77fcbb2e) 77fcc30a 8b4510 mov eax,[ebp+0x10] ss:00bd9b8a= 77fcc30d 83c00f add eax,0xf 77fcc310 24f8 and al,0xf8 77fcc312 8945e0 mov [ebp+0xe0],eax ss:00bd9b8a= *> Stack Back Trace <* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0012FCA4 100C03A2 00CE 0
Re: [PHP] Form validation: client- or server-side?
It makes perfect sense now. Thanks for clearing it up for me Chris :)
-Peter
On Fri, 2004-01-09 at 15:29, Chris Shiflett wrote:
--- Peter Vertes <[EMAIL PROTECTED]> wrote:
> Just to play devil's advocate; why would you validate data on the
> server if you have a _javascript_ that checked the user's input before
> it gets submitted to the server? I mean the whole point of you having
> that _javascript_ is to make sure the the correct data gets entered so
> why bother checking it once again on the server-side with PHP?
> Wouldn't that be redundant and a waste of resources?
The redundancy is in performing client-side validation, because you should
never consider server-side validation as optional.
Aside from the obvious fact that people can (and should be able to) turn
off any client-side scripting, an attacker can do things far more
sophisticated, to the point of writing a specialized Web client
specifically to attack your site.
When you receive a POST request, it will look something similar to this:
POST /path/to/script.php HTTP/1.1
Host: example.org
Content-Type: application/x-www-form-urlencoded
Content-Length: 35
Connection: close
first_name=chris&last_name=shiflett
That's it. This may have resulted from the user submitting the following
HTML form:
http://example.org/path/to/script.php" method="post">
You really can't tell what form was used on the receiving site, right? In
fact, you can't even be sure that the user used a form at all. As an
example, people ask on this list about performing a POST with PHP at least
once a week. PHP doesn't need to use an HTML form for this; it just sends
a request similar to the above (see
http://shiflett.org/hacks/php/http_post for an example).
The point is that the client decides what it sends, not you. If you want
to think about security, you have to get rid of the assumption that your
users will all use your site exactly as you intend. As I mentioned before,
client-side checking is basically like saying, "User, can you please send
me a username only if it is less than 10 characters in length and
alphanumeric only?" Someone attacking your site is not going to abide by
your requests.
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security Handbook
Coming mid-2004
HTTP Developer's Handbook
http://httphandbook.org/
--
perl -e 'print pack("H*", "70766572746573406E79632E72722E636F6D0A")'
signature.asc
Description: This is a digitally signed message part
Re: [PHP] Form validation: client- or server-side?
On Fri, 2004-01-09 at 14:22, Chris Shiflett wrote:
But, no matter what, always validate data on the server. Otherwise, it's
like being a teacher and having your students grade their own work; it
only works when everyone is honest (and I can guarantee you that won't be
the case on a public Web site).
Just to play devil's advocate; why would you validate data on the server if you have a _javascript_ that checked the user's input before it gets submitted to the server ? I mean the whole point of you having that _javascript_ is to make sure the the correct data gets entered so why bother checking it once again on the server-side with PHP ? Wouldn't that be redundant and a waste of resources ?
-Pete
--
perl -e 'print pack("H*", "70766572746573406E79632E72722E636F6D0A")'
signature.asc
Description: This is a digitally signed message part
Re: [PHP] Form validation: client- or server-side?
On Fri, 2004-01-09 at 13:07, Matt Grimm wrote:
Is there a distinct advantage to doing form validation / error checking on
the server side using PHP? That's how I've always done it because I know
PHP better than _javascript_, but wouldn't it make sense to validate as much
of your form as possible using _javascript_ before the form was ever posted?
I'm just talking about the basics, like empty required fields, illegal
characters, string lengths, etc.
I would shove off as much work as possible for the client to do on his/her machine and not bog down my server which could be busy serving pages/processing bigger and better things. Plus it also cuts down on bandwidth because you only send the form to the server if the _javascript_ checked everything and didn't find any errors. The downside is that you have to make sure the client has _javascript_ turned on otherwise your form authentication will not work and the code for your _javascript_ is available to the user to see and if you have any bugs in it then they can see and work around it.
I guess it would depend on the site you are planning to do the authentication on. If the site is not super busy, bandwidth is not an issue and your server is not pegged at 100% most of the time then I would suggest using PHP to validate your forms because it's "safer" since the client can not see your code and it doesn't matter if the user has _javascript_ turned on of off. Just my $0.02...
-Pete
--
perl -e 'print pack("H*", "70766572746573406E79632E72722E636F6D0A")'
signature.asc
Description: This is a digitally signed message part
Re: [PHP] md5() and string-length?
Sorry my bad; I read your post but I didn't understand it fully. I agree with the others; there is no theoretical limit (only physical like available memory, disk space, etc..) to the size of a string which you can pass to the md5() function.
-Pete
On Fri, 2004-01-09 at 12:29, Michael Müller wrote:
mhm, I think there was a missunderstanding ;)
I want to know, how long the input-string could be (so that the encoded
strings, that you get, are unique)
Michael
--
perl -e 'print pack("H*", "70766572746573406E79632E72722E636F6D0A")'
signature.asc
Description: This is a digitally signed message part
Re: [PHP] md5() and string-length?
It's always a 32 character string.
http://us4.php.net/manual/en/function.md5.php
-Peter
On Fri, 2004-01-09 at 11:30, Michael Müller wrote:
Hi,
is anybody here who knows the max_length of a string which is encoded by
md5()?
thx, Michael
Berlin, Germany
--
perl -e 'print pack("H*", "70766572746573406E79632E72722E636F6D0A")'
signature.asc
Description: This is a digitally signed message part
RE: [PHP] Display syslog file?
On Fri, 2004-01-09 at 10:05, Carlton L. Whitmore wrote:
I'm using the root user to access the file so rights aren't an issue.
Actually it is an issue because PHP is not running with root privileges (at least I hope you haven't changed it and made it run with root privileges; that would be a _bad_ thing). The reason why only root can access your syslog file is because it contains very specific information about what is running on your machine. If the syslog file would be readable by all users on your machine then a clever user could gain root access by exploiting something that he/she found in the syslogfile. It's usually not a good idea to publish the contents of your syslog file to the world accessable via HTTP either. However if you want to throw caution to the wind keep reading...
I want to display the file thru a webserver. I'd like the page to
refresh so I can watch the activity coming in from my SonicWall router.
I don't mind watching all the activity coming in on that syslog file,
maybe later I can limit what is displayed.
Ok, so we know that the PHP process does not have access to your syslog file because the file is read-only/write-only by root _and_ read-only by users who are in the root group:
-rw-r- 1 root adm 1285 Jan 9 06:00 /var/log/syslog
I assume you are running PHP as an apache module and apache is running as user "apache" on your system. So check to see if the apache user is in the root group (the command is "group apache"). If the command only returns "apache" (which it should) then it means that the apache user is only part of the "apache" group on your system. What you could do is add the apache user to the root group but please understand you are creating a big security hole here. When joe hacker comes along and notices this he can trick your apache server to run command on your machine with root privileges. Not a good thing...
Another, less intrusive, way to do this is to create a cron job (as root) that executes every minutes and copies the contents of the syslog file into another file, readable by the apache user, and displaying the contents of that file on your webpage. The downside to this is that you will have a 1 minute delay in the information you see on the webpage.
Hope this helped...
-Pete
--
perl -e 'print pack("H*", "70766572746573406E79632E72722E636F6D0A")'
signature.asc
Description: This is a digitally signed message part
[PHP] Image Resizing with GD
Hello List,
I've tried googling but couldn't come up with anything useful so I'm turning to the list. Could anyone send me a link to a tutorial on how to resize images with GD ? Thanks in advance...
-Pete
--
perl -e 'print pack("H*", "70766572746573406E79632E72722E636F6D0A")'
signature.asc
Description: This is a digitally signed message part
