php-windows Digest 16 Apr 2002 16:56:41 -0000 Issue 1096
Topics (messages 13116 through 13128):
Re: PHP stable and for production
13116 by: Mike Maltese
PHP/MySQL Query Prob
13117 by: Jason Soza
Problem with uploading Files with PHP 4.1.2 on IIS
13118 by: Uhaj
13120 by: Evan
13124 by: Mike Flynn
Re: Apache 2.0.35
13119 by: Chris Dion
Outputting a string from mysql database
13121 by: q
13123 by: The Walters
13125 by: Mike Flynn
Security Alert! PHP CGI cannot be accessed directly.
13122 by: Faisal Ashraf
13128 by: Shane Caraveo
Re: COM and ADODB access
13126 by: Scott Carr
13127 by: Scott Carr
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
I use PHP as an Apache module on Win2K Server in a production
environment with absolutely no problems. I've tried 4.1.1 and 4.1.2 w/
IIS (ISAPI) and have found that it is still not stable enough for a
working site. The executeable (CGI) works great but is not very
efficient if you have much traffic. Keep in mind that that is my
experience and of course, your mileage may vary. I think the only time I
didn't have any problems was with 4.0.6/IIS/Win2K Pro and some good
karma. Think about Apache, it's stable, highly configurable and people
won't be going after it like they do IIS. You should see my logs, the
script kiddies are going after the "scripts" and "MSADC" directories
like crazy.
Mike
-----Original Message-----
From: Roger [mailto:[EMAIL PROTECTED]]
Sent: Monday, April 15, 2002 11:48 AM
To: [EMAIL PROTECTED]
Subject: [PHP-WIN] PHP stable and for production
Hi,
I listened that php on windows is not considered for produtions ans
stable. I listed that it is like a test version for windows and is not
safe use in night traffic sites with database access.
Could some one confirmar that infor to me?
Thanks in Advance
Rogerio
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Hey... new to the list, but didn't have time to lurk and watch the traffic,
kind of in a bind here. I apologize in advance if I do something wrong...
Using this code:
<?php
$link = mysql_connect()
or die("Could not connect");
mysql_select_db("mydb") or die("Could not select database");
$result = mysql_query("SELECT * FROM cars WHERE year=1991");
extract(mysql_fetch_array($result));
while ($row = mysql_fetch_object($result)) {
$generation = $row->generation;
$year = $row->year;
$owner = $row->owner;
$email = $row->email;
$pic1 = $row->pic1;
$tmb1 = $row->tmb1;
printf("<img src='%s'><br>", $pic1);
printf("<small>%s</small><br>",$generation);
printf("<b>%s</b><br>",$year);
printf("%s<br>",$owner);
printf("<a href=mailto:'%s'>%s</a><p>", $email,
$email);
printf("<a href='%s'><img src='%s' border=0></a><p>",
$pic1, $tmb1);
}
/* Free resultset */
mysql_free_result($result);
/* Closing connection */
mysql_close($link);
?>
I'm successfully able to retrieve and display information for year='1991'.
It works great. However, if I replace '1991' with any other year that I KNOW
there's a matching record for, I get no results. So if I were to replace
year='1991' with year='1990', no results would be produced although the same
query given directly in MySQL will give results. Make sense? This same
problem happens with other fields too, it seems really selective. I can use
WHERE color='red' and get results, but color='black' returns nothing,
although there are matching records.
Any ideas? I need to get this fixed but I'm not sure what's wrong!
Thanks in advance,
Jason
(PHP 4.1.2 Win32)
(MySQL 3.23)
--- End Message ---
--- Begin Message ---
I have problem with uploading files - have anyone some idea?
php.ini:
.....
file_uploads = On
upload_tmp_dir = C:\Inetpub\Upload\
upload_max_filesize = 4M
.....
upload.php:
<?
if (is_uploaded_file($userfile))
{
echo "Name : ".$userfile ."<BR>\n";
echo "Orign : ".$userfile_name ."<BR>\n";
echo "Type : ".$userfile_type ."<BR>\n";
echo "Size: ".$userfile_size."<BR>\n";
}
?>
<BODY BGCOLOR=#FFFFFF>
<FORM ENCTYPE="multipart/form-data" ACTION="upload.php" METHOD=POST>
<INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="4000000">
Send this file: <INPUT NAME="userfile" TYPE="file">
<INPUT TYPE="submit" VALUE="Send File">
</FORM>
</BODY>
The response seems OK, but new file is not on hard drive
Response:
Name : C:\Inetpub\Upload\php14E4.tmp
orign : Test.doc
Type : application/msword
size: 19456
Thanks
--- End Message ---
--- Begin Message ---
This works for me:
if (is_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'])) {
//Get the extension
$split_nomefile = explode(".",$_FILES['userfile']['name']);
$ext = $split_nomefile[ count($split_nomefile)-1 ];
//Create the new filename
$NomeFile = $_POST["Materia"]."_".date("Y-m-d-H-i-s").".".$ext;
//Move from tmp-dir to my "upload" directory
copy($HTTP_POST_FILES['userfile']['tmp_name'],
"../../files/".$NomeFile);
move_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'],
"../../files/".$NomeFile);
}
Hope this will help you.
Bye,
Evan
"Uhaj" <[EMAIL PROTECTED]> ha scritto nel messaggio
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have problem with uploading files - have anyone some idea?
>
> php.ini:
> .....
> file_uploads = On
> upload_tmp_dir = C:\Inetpub\Upload\
> upload_max_filesize = 4M
> .....
>
> upload.php:
> <?
> if (is_uploaded_file($userfile))
> {
> echo "Name : ".$userfile ."<BR>\n";
> echo "Orign : ".$userfile_name ."<BR>\n";
> echo "Type : ".$userfile_type ."<BR>\n";
> echo "Size: ".$userfile_size."<BR>\n";
> }
> ?>
> <BODY BGCOLOR=#FFFFFF>
> <FORM ENCTYPE="multipart/form-data" ACTION="upload.php" METHOD=POST>
> <INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="4000000">
> Send this file: <INPUT NAME="userfile" TYPE="file">
> <INPUT TYPE="submit" VALUE="Send File">
> </FORM>
> </BODY>
>
> The response seems OK, but new file is not on hard drive
> Response:
> Name : C:\Inetpub\Upload\php14E4.tmp
> orign : Test.doc
> Type : application/msword
> size: 19456
>
> Thanks
>
>
--- End Message ---
--- Begin Message ---
The temp file is deleted after the script is run. So if you're checking
for the presence of that .TMP file after you have run your page, then you
won't find it. For security reasons (and also to save hard drive space),
the file is only there during the execution of the script. It is during
the execution of the script that you have to do something with the
temporary file before it is deleted, like copy it to a permanent file, or
read the file and insert the binary data as a BLOB into your database.
--- End Message ---
--- Begin Message ---
Yeah I got it to work too. It Helps when you tell php where it's extensions
are.....man it's been a long day.
--Chris
"Haagen Waade" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Thx, Steffen!
>
> I got it to work now.
> I still had the old php.ini file, and php4ts.dll file (from 4.1.2); and
even
> that is working with the apache2filer!
> Guess it's not depenent on the php version then?
>
> Chirs: yes, this is all you need to enable php.
>
> h.
>
> "Chris Dion" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Tried that still can't start apache2. What version and stuff are you
> using
> > and are you sure that's all you added to your http.conf?
> >
> > --Chris
> >
> > "Steffen" <[EMAIL PROTECTED]> wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > This works for me:
> > >
> > > LoadModule php4_module d:/bin/php/experimental/apache2filter.dll
> > > AddType application/x-httpd-php .php
> > > AddType application/x-httpd-php-source .phps
> > >
> > > Steffen
> > >
> > >
> > > "Haagen Waade" <[EMAIL PROTECTED]> wrote in message
> > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > 4.2.0 RC3 is out, and with Apache2 support.
> > > >
> > > > But how to configure it with apache2 ? I see there is a
> > > > /experimental/apache2filter.dll
> > > > I guess this is the new module for apache2, but how do I configure
it
> in
> > > > httpd.conf
> > > > I've tried to load it as an module, but did not get it to work.
> > > >
> > > >
> > > > "Chris Dion" <[EMAIL PROTECTED]> wrote in message
> > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > > Now that there is a binary out for apache 2 for windows...are we
> going
> > > to
> > > > > get a binary for php for apache 2? Anyone know? Or how I can
> manage
> > to
> > > > > compile php for apache2?
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
--- End Message ---
--- Begin Message ---
I have a field in a mysql table called table which is called names.
Examples of the information in this column :
Name
Lottery Company
Mark MiniMark
J B's Supermarket
I connect to the datbase successful and I use the following php line to
get the information from the row: $row_info=mysql_fetch_row($result)
Howevere when I try to output J B's Supermarket to the web page all I
get is J B. How can I get the entire display on the screen including the
' in the name?
quincy
--- End Message ---
--- Begin Message ---
I would try a type cast of string
echo (string) $result[0];
"Q" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have a field in a mysql table called table which is called names.
> Examples of the information in this column :
>
>
> Name
>
> Lottery Company
> Mark MiniMark
> J B's Supermarket
>
>
> I connect to the datbase successful and I use the following php line to
> get the information from the row: $row_info=mysql_fetch_row($result)
>
> Howevere when I try to output J B's Supermarket to the web page all I
> get is J B. How can I get the entire display on the screen including the
> ' in the name?
> quincy
>
--- End Message ---
--- Begin Message ---
Are you sure that that last field truly contains "J B's Supermarket" in the
database? Are you sure the error wasn't produced while INSERTING the data
into the database, thus resulting in only "J B" being put into the
database? You should view your database data directly, like by using a
webmin utility. If you do $row_info = mysql_fetch_row($result), and then
show the row with the company name, a single quote (') shouldn't mess it
up. But single quotes can mess up a query. Because if you think about
your query, if you do it like this:
INSERT INTO table (Name) VALUES ('J B's Supermarket')
you can see how the single quote in the Name is messing up the query for
MySQL -- it's making MySQL think it's the end of the value for Name. You
need to escape single quotes when inserting them into a MySQL database. If
you do it via a form and have magicquotes turned on in your PHP.INI, then
it's done automatically. Otherwise, you have to do it yourself.
At 05:15 AM 4/16/2002 -0400, q wrote:
>I have a field in a mysql table called table which is called names.
>Examples of the information in this column :
>
>
> Name
>
>Lottery Company
>Mark MiniMark
>J B's Supermarket
>
>
>I connect to the datbase successful and I use the following php line to
>get the information from the row: $row_info=mysql_fetch_row($result)
>
>Howevere when I try to output J B's Supermarket to the web page all I get
>is J B. How can I get the entire display on the screen including the ' in
>the name?
>quincy
Mike Flynn - Burlington, VT
http://www.mikeflynn.net/ - [EMAIL PROTECTED]
home=>work=>home=>store=>home [repeat daily]
--- End Message ---
--- Begin Message ---
Hi All,
I have installed new version of php on my xp box I am running iis for my
web's now I am getting this error even I have modified the php.ini file
value cgi.force_redirect=0 but I am still getting the same problem any
one could tell me how to remove this error ?
Thank You
Faisal Ashraf
Manager Customer Care
Gem Net
www.gem.net.pk
Security Alert! PHP CGI cannot be accessed directly.
This PHP CGI binary was compiled with force-cgi-redirect enabled. This
means that a page will only be served up if the REDIRECT_STATUS CGI
variable is set. This variable is set, for example, by Apache's Action
directive redirect.
You may disable this restriction by recompiling the PHP binary with the
--disable-force-cgi-redirect switch. If you do this and you have your
PHP CGI binary accessible somewhere in your web tree, people will be
able to circumvent .htaccess security by loading files through the PHP
parser. A good way around this is to define doc_root in your php.ini
file to something other than your top-level DOCUMENT_ROOT. This way you
can separate the part of your web space which uses PHP from the normal
part using .htaccess security. If you do not have any .htaccess
restrictions anywhere on your site you can leave doc_root undefined. If
you are running IIS, you may safely set cgi.force_redirect=0 in php.ini.
--- End Message ---
--- Begin Message ---
Are you sure you changed the correct ini file or didn't misspell it? I
use this all the time, no problem.
Faisal Ashraf wrote:
>
> Hi All,
>
> I have installed new version of php on my xp box I am running iis for my
> web's now I am getting this error even I have modified the php.ini file
> value cgi.force_redirect=0 but I am still getting the same problem any
> one could tell me how to remove this error ?
>
> Thank You
>
> Faisal Ashraf
> Manager Customer Care
> Gem Net
> www.gem.net.pk
>
>
> Security Alert! PHP CGI cannot be accessed directly.
>
> This PHP CGI binary was compiled with force-cgi-redirect enabled. This
> means that a page will only be served up if the REDIRECT_STATUS CGI
> variable is set. This variable is set, for example, by Apache's Action
> directive redirect.
>
>
> You may disable this restriction by recompiling the PHP binary with the
> --disable-force-cgi-redirect switch. If you do this and you have your
> PHP CGI binary accessible somewhere in your web tree, people will be
> able to circumvent .htaccess security by loading files through the PHP
> parser. A good way around this is to define doc_root in your php.ini
> file to something other than your top-level DOCUMENT_ROOT. This way you
> can separate the part of your web space which uses PHP from the normal
> part using .htaccess security. If you do not have any .htaccess
> restrictions anywhere on your site you can leave doc_root undefined. If
> you are running IIS, you may safely set cgi.force_redirect=0 in php.ini.
>
>
>
--- End Message ---
--- Begin Message ---
It may be the ADO connection with Access. I am not sure. DB_adodb is a DB
class I am writing for the Pear_DB abstraction layer.
I am attaching it to this email so everyone can look at it. At this point it is
kind of a hack. There is no capability in ADO to count the number of records
that a query produced, unless you count each record yourself which would take
too long.
Currently, there is no Transaction or nextID support, either. But, it is
working to some degree. ;-)
I can sometimes pass a long string, sometimes I can't. There doesn't appear to
be any ryme or reason at this point.
--
Scott Carr
OpenOffice.org
Whiteboard-Doc Maintainer
http://whiteboard.openoffice.org/doc/
Quoting Alan Brown <[EMAIL PROTECTED]>:
> I actually use VERY long strings to COM. Can you send me a small test case
> (some snipit from adodb.php, since I do not seem to have this file in my
> pear directory, I can only assume this is something you are writing) and I
> will trace into the source and find out what is happening and fix it if
> there is a bug or tell you what is wrong with your source otherwise.....
>
> Alan.
> ----- Original Message -----
> From: "Scott Carr" <[EMAIL PROTECTED]>
> To: "PHP Windows" <[EMAIL PROTECTED]>
> Sent: Monday, April 15, 2002 17:43
> Subject: [PHP-WIN] COM and ADODB access
>
>
> > I am having a problem with SQL statements passed to a COM object.
> >
> > "SELECT * FROM Reports" works fine.
> >
> > "SELECT IDCode, Report_Name, Report_Description, Report_Status FROM
> Reports"
> > blows up. I have been having this issue with 4.0.6 through 4.2.0 RC3.
> >
> > Has anybody else tried to pass semi-long strings to a COM object?
> >
> > Here is the error I get on the second select statement:
> >
> > Warning: Error in php_OLECHAR_to_char() in d:\php\pear\DB\adodb.php on
> line 191
> >
> > It's like that for every large string I pass.
> > --
> > Scott Carr
> > OpenOffice.org
> > Whiteboard-Doc Maintainer
> > http://whiteboard.openoffice.org/doc/
> >
> >
> >
> >
> >
> > -------------------------------------------------
> > This mail sent through IMP: http://horde.org/imp/
> >
> > --
> > PHP Windows Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
>
-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
--- End Message ---
--- Begin Message ---
Sorry, the attachment didn't work right.
The DSN structure is as follows:
adodb:///Provider=Microsoft.Jet.OLEDB.4.0;Data Source=c:\\path\\to\\database.mdb
adodb:///Data Source={ODBC DSN}
Everything after the last / is considered the ADO Connection string.
--
Scott Carr
OpenOffice.org
Whiteboard-Doc Maintainer
http://whiteboard.openoffice.org/doc/
Quoting Scott Carr <[EMAIL PROTECTED]>:
> It may be the ADO connection with Access. I am not sure. DB_adodb is a DB
> class I am writing for the Pear_DB abstraction layer.
>
> I am attaching it to this email so everyone can look at it. At this point it
> is
> kind of a hack. There is no capability in ADO to count the number of
> records
> that a query produced, unless you count each record yourself which would
> take
> too long.
>
> Currently, there is no Transaction or nextID support, either. But, it is
> working to some degree. ;-)
>
> I can sometimes pass a long string, sometimes I can't. There doesn't appear
> to
> be any ryme or reason at this point.
> --
> Scott Carr
> OpenOffice.org
> Whiteboard-Doc Maintainer
> http://whiteboard.openoffice.org/doc/
>
>
> Quoting Alan Brown <[EMAIL PROTECTED]>:
>
> > I actually use VERY long strings to COM. Can you send me a small test
> case
> > (some snipit from adodb.php, since I do not seem to have this file in my
> > pear directory, I can only assume this is something you are writing) and
> I
> > will trace into the source and find out what is happening and fix it if
> > there is a bug or tell you what is wrong with your source otherwise.....
> >
> > Alan.
> > ----- Original Message -----
> > From: "Scott Carr" <[EMAIL PROTECTED]>
> > To: "PHP Windows" <[EMAIL PROTECTED]>
> > Sent: Monday, April 15, 2002 17:43
> > Subject: [PHP-WIN] COM and ADODB access
> >
> >
> > > I am having a problem with SQL statements passed to a COM object.
> > >
> > > "SELECT * FROM Reports" works fine.
> > >
> > > "SELECT IDCode, Report_Name, Report_Description, Report_Status FROM
> > Reports"
> > > blows up. I have been having this issue with 4.0.6 through 4.2.0 RC3.
> > >
> > > Has anybody else tried to pass semi-long strings to a COM object?
> > >
> > > Here is the error I get on the second select statement:
> > >
> > > Warning: Error in php_OLECHAR_to_char() in d:\php\pear\DB\adodb.php on
> > line 191
> > >
> > > It's like that for every large string I pass.
> > > --
> > > Scott Carr
> > > OpenOffice.org
> > > Whiteboard-Doc Maintainer
> > > http://whiteboard.openoffice.org/doc/
> > >
> > >
> > >
> > >
> > >
> > > -------------------------------------------------
> > > This mail sent through IMP: http://horde.org/imp/
> > >
> > > --
> > > PHP Windows Mailing List (http://www.php.net/)
> > > To unsubscribe, visit: http://www.php.net/unsub.php
> > >
> > >
> >
> >
>
>
> -------------------------------------------------
> This mail sent through IMP: http://horde.org/imp/
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
--- End Message ---
