php-windows Digest 23 Apr 2002 12:23:09 -0000 Issue 1107
Topics (messages 13232 through 13238):
Re: Problem with uploading Files with PHP 4.1.2 on IIS
13232 by: Waldemar Brand Neto
13234 by: Waldemar Brand Neto
Re: Security using Apache & Windows
13233 by: Matt Hillebrand
username and password validation!
13235 by: Nik Alleyne
Re: Problem using ImageTTFText
13236 by: Matt Parlane
PHP 4.2 - hard-coded paths
13237 by: J Wynia
mysql_fetch_array warnings.
13238 by: Martin.Andrew
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Thank you Mike once more you are correct. One more thing. Now the file is
saved in a Blob field at the database.
But when I show the blob field the image doesnīt appear. Just a collection
of characaters. I have to save the Blob field in a file. How can I do that?
Thank you very much.
----- Original Message -----
From: "Mike Flynn" <[EMAIL PROTECTED]>
To: "Waldemar Brand Neto" <[EMAIL PROTECTED]>
Sent: Monday, April 22, 2002 12:35 PM
Subject: Re: [PHP-WIN] Problem with uploading Files with PHP 4.1.2 on IIS
> Thanks :).
>
> You will definitely need the quotes around the $bindata in the
> query. You're right that quotes within the binary data can mess up PHP or
> MySQL. They won't mess up PHP in this case because they are contained
> within a string variable ($bindata), and never directly parsed in the
> code. But they could mess up MySQL in the query, where the single quotes
> could confuse MySQL.
>
> However, in the code I gave you:
> $thebindata = addslashes(fread(fopen($the_file, "r"),
filesize($the_file)));
>
> You can see it uses the "addslashes" function to work around this
> problem. Did you use the addslashes in your code on the $bindata before
> the query? Addslashes adds backslashes (\) in front of single and double
> quotes, which fixes it for MySQL. Are you using it?
>
> -Mike
>
> At 12:14 PM 4/22/2002 -0300, you wrote:
> >Dear Myke you are a good programer with trained eyes to find the erros
fast.
> >I tried with quotes, without and but it not works.
> >I Think the problem is the image itself. Inside the Image I have a
several
> >' and ". This quotes cause problem confusing php. I send an atached file
> >with the result. Donīt worry the image is just a test. Do you have any
idea?
> >
> >Thanks, Waldemar
>
--- End Message ---
--- Begin Message ---
Thank you very much your tips will help me a lot.
[]īs Waldemar
----- Original Message -----
From: "Mike Flynn" <[EMAIL PROTECTED]>
To: "Waldemar Brand Neto" <[EMAIL PROTECTED]>
Sent: Monday, April 22, 2002 5:10 PM
Subject: Re: [PHP-WIN] Problem with uploading Files with PHP 4.1.2 on IIS
> There are lot's of tutorials on this process on the web, so you don't have
> to ask questions at each step of the process :). Check out zend.com,
> phpbuilder.com, devshed.com, etc, or do a search on the web for "php mysql
> file uploads blob" or something similar.
>
> As for your question, you will basically need to have a script that
> retrieves the blob data from the database using a SELECT statement. You
> will then need to use the function stripslashes() to remove the slashes
> from the binary data that we added using addslashes when we inserted the
> data into the database. So do something like $bindata =
> stripslashes($bindata);
> Then you need to return some MIME headers to let the user's browser know
> that a file is coming, what kind of file, the filename, filesize, whether
> it should be displayed or downloaded, etc. You can find more info on that
> in sample scripts. Then you just echo out the binary data.
>
> If you need more help just ask.
>
> At 02:28 PM 4/22/02 -0300, you wrote:
> >Thank you Mike once more you are correct. One more thing. Now the file is
> >saved in a Blob field at the database.
> >But when I show the blob field the image doesnīt appear. Just a
collection
> >of characaters. I have to save the Blob field in a file. How can I do
that?
> >Thank you very much.
>
--- End Message ---
--- Begin Message ---
Why do I receive this exact same email message every single day?!?! I
normally get it several times each day.
Matt
|-----Original Message-----
|From: Svensson, B.A.T. (HKG) [mailto:[EMAIL PROTECTED]]
|Sent: Monday, April 15, 2002 8:37 AM
|To: [EMAIL PROTECTED]
|Subject: FW: [PHP-WIN] Re: Security using Apache & Windows
|Importance: Low
|
|
|Dear Timothy,
|
|I totally agree with you about smucks - I prefere to call
|them people with low moral insight. :) About PHP, it might
|very well be as you said, and if so, and if one execute
|this method one are still vulnerably to attacks - if one
|can set this privileges with in PHP then one, or rather
|the smucks, can remove them with in PHP to.
|
|But if these access right are controlled by a meta-system
|instead (e.g. the file access control list maintained by the
|operating system it self, and/or the file security settings
|within the web server it self), this would be a much secure
|way to ensure the file security policy within your system.
|
|
| //Anders
|
|> -----Original Message-----
|> From: Timothy Mackenzie [mailto:[EMAIL PROTECTED]]
|> Sent: Monday, April 15, 2002 2:54 AM
|> To: Svensson, B.A.T. (HKG)
|> Subject: Re: [PHP-WIN] Re: Security using Apache & Windows
|>
|>
|> There is a way of configuring PHP to limit access to the
|file system.
|> You don't want any schmuck who uploads a PHP script access to your
|> entire system, right? PHP allows you to limit what parts of the
|> system can be seen. My question is how is this done?
|>
|> ----- Original Message -----
|> From: "Svensson, B.A.T. (HKG)" <[EMAIL PROTECTED]>
|> To: "Tim Mackenzie" <[EMAIL PROTECTED]>;
|> <[EMAIL PROTECTED]>
|> Sent: Friday, April 12, 2002 6:40 AM
|> Subject: RE: [PHP-WIN] Re: Security using Apache & Windows
|>
|>
|> > This is after all and PHP list, so if you explain the relation to
|> > PHP then people might help you
|> >
|> > Otherwise you might try ask in an apache or MS Windows support
|> > group....
|> >
|> > > -----Original Message-----
|> > > From: Tim Mackenzie
|> > > Sent: Tuesday, April 02, 2002 5:47 PM
|> > > To: [EMAIL PROTECTED]
|> > > Subject: [PHP-WIN] Re: Security using Apache & Windows
|> > >
|> > >
|> > > No one can help?! Please, please, please...
|> > >
|> > > "Tim Mackenzie" <[EMAIL PROTECTED]> wrote in message
|> > > > I'm running W2K with Apache and PHP4. I'm going to be
|hosting a
|> number of
|> > > > websites that I would like to provide PHP support for. What I
|> > > > don't
|> want is
|> > > > them to be able to access my entire file system. They should,
|> > > > at
|> most, be
|> > > > only allowed read/write access to their site folder. How do I
|> > > > go
|> about
|> > > > doing this? I've looked around, but I haven't found something
|> > > > that addresses this. I know there's the basedir value
|(I think
|> > > > that's it),
|> but I
|> > > > don't understand how to use it. Could somebody
|(several people)
|> please post
|> > > > any tips they have for securing the file system of a
|web server.
|> Thanks!
|> >
|>
|
|--
|PHP Windows Mailing List (http://www.php.net/)
|To unsubscribe, visit: http://www.php.net/unsub.php
|
|
--- End Message ---
--- Begin Message ---
Hi there everyone,
my problem should b simple.
Problem:
I am trying to validate a username and password though HTML forms. The
thing is when i encrypt the password using mysql password encryption
function 'PASSWORD()' and try to validate the password I am getting the
error message that I've set for when the username and/or password is
invalid. However, if I do not encrypt the password, i am validating quite
easily.
can someone please help;
Thankx
Nik
--- End Message ---
--- Begin Message ---
Hiya...
http://bugs.php.net/bug.php?id=15568
This problem has been fixed in the latest version of PHP - try downloading
v4.2 (released today)
Matt
"Alberto. Sartori" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]
...
Hi guys, since I've installed php 4.1.2 I cannot use correctly ImageTTFText
functions 'cos the system cannot load the font. I've tried to put it into
the same folder of the script...nothing do to. Return me a nice error like
this:
Warning: EURzQ in c:\inetpub\wwwroot\esempi\immagine.php on line 20
That "EURzQ" change everytime I run my code...
Anyone can help me? thanks!
Alberto Sartori - Developer
Hard Programming Dep.
-----------------------------------------------
CELL NETWORK ITALIA S.p.A
Via Correggio, 19
20149 Milano - Italy
Phone +39 02.46.90.551
Fax +39 02.46.91.700
E-Mail: [EMAIL PROTECTED]
Internet Site: http://www.cellnetwork.it
-----------------------------------------------
--- End Message ---
--- Begin Message ---
I just installed Apache 2 and PHP 4.2. It does work and phpinfo() brings up
indications of Apache 2 and the correct PHP version. However, the paths to
resources on my system seem to be hard-coded within the php4ts.dll. The path
to php.ini indicates c:\winnt (which has been hard-coded in the binary
releases for a while, that's another issue). However, it isn't picking
anything up from c:\winnt\php.ini. Instead, paths to extensions, the
include_path, session temp path, etc. all have values in phpinfo(), but not
the values in ANY php.ini on my system. After opening php4ts.dll in a text
editor, all of those paths are in there in clear text. Was this hard-coding
intentional in the 4.2 binaries? The new way of doing things? I'd rather not
have to recompile on Windows (the whole Visual C++ requirement takes the
"free" out of PHP), but will have to if it's the only way to configure
paths.
--- End Message ---
--- Begin Message ---
testing locally I use the following code
$query = "select * from users where UserName LIKE '$username'";
$result = mysql_query($query);
if ($row = mysql_fetch_array($result)) {
...
...
}
works fine.
On the ISP machine I get the following warnings?
Supplied argument is not a valid MySQL result resource !!
Do I need to change a setting?
--- End Message ---
