php-windows Digest 9 Nov 2002 14:10:11 -0000 Issue 1431
Topics (messages 16822 through 16832):
mysql_fetch_array problem
16822 by: Zeus
16823 by: Dash McElroy
16826 by: Rich Gray
16828 by: Seung Hwan Kang
[EMAIL PROTECTED]
16824 by: Raymond Delon Poh
IE 5.5 not performing comparison correctly
16825 by: Giff Hammar
Re: [PHP] How to echo the end marker '?>'
16827 by: Cam Dunstan
Re: sending cgi script query string
16829 by: DaMouse
Blocked by security issues of running PHP as a CGI
16830 by: Paul Trimming
Looking for mcrypt.dll for PHP 4.2.3
16831 by: Ignatius Reilly
Re: php doesnt work in subdirectory
16832 by: Prachait Saxena
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
I try to display mysql database using fetch_array but there seem to problem,
i m new with PHP and mysql.
I didn't quite sure, what's worng with my codes.i havent include the form
yet.
the error messages:
Warning: mysql_fetch_field(): supplied argument is not a valid MySQL result
resource in c:\apache\htdocs\zeus\shoutbox.php on line 17
code in shoutbox.php:
<?PHP
mysql_connect('localhost', 'zeus', 'pass') or die ("deadconnect");
mysql_select_db('zeussama_db') or die ("no db");
if($submit)
{
$time=date("h:ia d/j/y");
$result=mysql_query("INSERT INTO shoutbox (id,name,message,time)","values
('NULL','$name','$message','$time')");
}
?>
<?php
$result = mysql_query("SELECT * FROM shoutbox BY ID desc LIMIT 5");
while($r=mysql_fetch_field($result))
{
$time=$r["time"];
$id=$r["id"];
$message=$r["message"];
$name=$r["name"];
echo "$time <br>";
echo "$name <br>";
echo "$message <br>";
}
?>
================================
:.zeus:.
http://www.redrival.com/zeussama
--- End Message ---
--- Begin Message ---
Zeus,
2 notes:
1. Data you insert into a database should be addslashes($varname) first (or
another encoding) to protect against MySQL injection vulnerabilities. A nice
stripslashes($varname) on the way out gets rid of the slashes. You could
also use urlencode($varname) and urldecode($varname). Helpful for storing
URL's.
2. mysql_fetch_array
(http://www.php.net/manual/en/function.mysql-fetch-array.php) is nowhere to
be found in your code. You're using mysql_fetch_field...
Either way, this is what I do:
$result = mysql_query("SELECT * FROM shoutbox BY ID desc LIMIT 5");
$count = mysql_num_rows($result);
if ($count > 0) {
for ($i=0;$i<$count;$i++) {
$row = mysql_fetch_array($result);
echo $row['time'] ."<br />".$row['name']."<br
/>".$row['message']."<br />\n";
}
}
elseif ($count == 0) {
echo "No results returned";
}
else {
echo "Invalid Query. MySQL error: ".mysql_error();
}
Please note - this code is off the top of my head, I have not actually tried
it :)
-Dash
-----Original Message-----
From: Zeus [mailto:zeus_dreamer@;myrealbox.com]
Sent: Saturday, November 09, 2002 4:29 AM
To: [EMAIL PROTECTED]
Subject: [PHP-WIN] mysql_fetch_array problem
I try to display mysql database using fetch_array but there seem to problem,
i m new with PHP and mysql.
I didn't quite sure, what's worng with my codes.i havent include the form
yet.
the error messages:
Warning: mysql_fetch_field(): supplied argument is not a valid MySQL result
resource in c:\apache\htdocs\zeus\shoutbox.php on line 17
code in shoutbox.php:
<?PHP
mysql_connect('localhost', 'zeus', 'pass') or die ("deadconnect");
mysql_select_db('zeussama_db') or die ("no db");
if($submit)
{
$time=date("h:ia d/j/y");
$result=mysql_query("INSERT INTO shoutbox (id,name,message,time)","values
('NULL','$name','$message','$time')");
}
?>
<?php
$result = mysql_query("SELECT * FROM shoutbox BY ID desc LIMIT 5");
while($r=mysql_fetch_field($result))
{
$time=$r["time"];
$id=$r["id"];
$message=$r["message"];
$name=$r["name"];
echo "$time <br>";
echo "$name <br>";
echo "$message <br>";
}
?>
================================
:.zeus:.
http://www.redrival.com/zeussama
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Erm.. isn't the addslashes() just needed to protect the SQL query?
IMO the data in the db will not have any slashes embedded in normal
circumstances, so there is no reason to stripslashes() any data coming from
a database column...
Rich
-----Original Message-----
From: Dash McElroy [mailto:dash.php@;westonefcu.org]
Sent: 08 November 2002 16:53
To: 'Zeus'; [EMAIL PROTECTED]
Subject: RE: [PHP-WIN] mysql_fetch_array problem
Zeus,
2 notes:
1. Data you insert into a database should be addslashes($varname) first (or
another encoding) to protect against MySQL injection vulnerabilities. A nice
stripslashes($varname) on the way out gets rid of the slashes. You could
also use urlencode($varname) and urldecode($varname). Helpful for storing
URL's.
2. mysql_fetch_array
(http://www.php.net/manual/en/function.mysql-fetch-array.php) is nowhere to
be found in your code. You're using mysql_fetch_field...
Either way, this is what I do:
$result = mysql_query("SELECT * FROM shoutbox BY ID desc LIMIT 5");
$count = mysql_num_rows($result);
if ($count > 0) {
for ($i=0;$i<$count;$i++) {
$row = mysql_fetch_array($result);
echo $row['time'] ."<br />".$row['name']."<br
/>".$row['message']."<br />\n";
}
}
elseif ($count == 0) {
echo "No results returned";
}
else {
echo "Invalid Query. MySQL error: ".mysql_error();
}
Please note - this code is off the top of my head, I have not actually tried
it :)
-Dash
-----Original Message-----
From: Zeus [mailto:zeus_dreamer@;myrealbox.com]
Sent: Saturday, November 09, 2002 4:29 AM
To: [EMAIL PROTECTED]
Subject: [PHP-WIN] mysql_fetch_array problem
I try to display mysql database using fetch_array but there seem to problem,
i m new with PHP and mysql.
I didn't quite sure, what's worng with my codes.i havent include the form
yet.
the error messages:
Warning: mysql_fetch_field(): supplied argument is not a valid MySQL result
resource in c:\apache\htdocs\zeus\shoutbox.php on line 17
code in shoutbox.php:
<?PHP
mysql_connect('localhost', 'zeus', 'pass') or die ("deadconnect");
mysql_select_db('zeussama_db') or die ("no db");
if($submit)
{
$time=date("h:ia d/j/y");
$result=mysql_query("INSERT INTO shoutbox (id,name,message,time)","values
('NULL','$name','$message','$time')");
}
?>
<?php
$result = mysql_query("SELECT * FROM shoutbox BY ID desc LIMIT 5");
while($r=mysql_fetch_field($result))
{
$time=$r["time"];
$id=$r["id"];
$message=$r["message"];
$name=$r["name"];
echo "$time <br>";
echo "$name <br>";
echo "$message <br>";
}
?>
================================
:.zeus:.
http://www.redrival.com/zeussama
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002
--- End Message ---
--- Begin Message ---
It supports to be mysql_fetch_array.
while($r=mysql_fetch_array($result))
"Zeus" <[EMAIL PROTECTED]> wrote in message
news:000201c28788$00d50e20$0200a8c0@;ncus...
> I try to display mysql database using fetch_array but there seem to
problem,
> i m new with PHP and mysql.
> I didn't quite sure, what's worng with my codes.i havent include the form
> yet.
>
> the error messages:
> Warning: mysql_fetch_field(): supplied argument is not a valid MySQL
result
> resource in c:\apache\htdocs\zeus\shoutbox.php on line 17
>
>
> code in shoutbox.php:
>
> <?PHP
>
> mysql_connect('localhost', 'zeus', 'pass') or die ("deadconnect");
> mysql_select_db('zeussama_db') or die ("no db");
>
> if($submit)
> {
> $time=date("h:ia d/j/y");
> $result=mysql_query("INSERT INTO shoutbox (id,name,message,time)","values
> ('NULL','$name','$message','$time')");
> }
> ?>
>
>
> <?php
> $result = mysql_query("SELECT * FROM shoutbox BY ID desc LIMIT 5");
> while($r=mysql_fetch_field($result))
> {
> $time=$r["time"];
> $id=$r["id"];
> $message=$r["message"];
> $name=$r["name"];
>
> echo "$time <br>";
> echo "$name <br>";
> echo "$message <br>";
> }
> ?>
>
> ================================
> :.zeus:.
> http://www.redrival.com/zeussama
>
--- End Message ---
--- Begin Message ---
[EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
I am using PHP 4.2.3 with Apache 1.3..11 on Windows 2000 Pro. I have a
form that
POSTs a variable to the next page. PHP code at the top of the second
page checks the
POST variable against values in a flat file. If the POST variable and
one of the values in
the file match, the code breaks out of the if and sets another variable
to a value. When I
look at the page with Netscape 6, it works like a champ. It does not
work in IE 5.5. I
have verified that there is no whitespace around the variable from the
POST or the file.
I have also verified that the variables are of the same type. Has anyone
seen this before?
How did you fix it?
Giff
--- End Message ---
--- Begin Message ---
john,
creating script snippits on the fly is generally not much use in an echo
statement because echos just stream to the clients browser - nothing in that
stream is actually ever going to be "executed"
The various solutions offered by other list members are particularly
relevant to the
creation of strings which will be written to a file. In other words echoing
(to the browser) some html with a bit of PHP script buried in it (e.g. the
form tags) will do just that - send to the browser something that it doesn`t
understand, a browser can`t execute PHP script as it can say a piece of
javascript.
However, if you are writing a script which is intended to create yet another
script for later use, these techniques work.
An example of a script that creates a script...
<?php
// the name of this script is suicidal.php
$somefilename = "hello.php";
$mystring = "<"."?"."php\n echo \"hello world\";\n"."?".">";
$fhandle = fopen ($somefilename, "w");
$writesuccess = fwrite ($fhandle, $mystring);
fclose ($fhandle);
?>
This will create a PHP script, a hello world script named hello.php.
if we said (in the script) ...
$somefilename = $PHP_SELF;
then suicidal.php would overwrite itself and become a hello world script.
(permissions issues aside - you may not be able to overwrite a file that is
actually executing at the time).
For your problem, needing to create a form in the clients browser with
action=(the_same_script) you only need to so this ....
assuming a script file name of ... add_to_cart.php
echo "<form name=\"fred\" method=\"POST\" action=\"".$PHP_SELF."\">";
If the browser user clicked on "show source" he or she would see this...
<form name="fred" method="POST" action="add_to_cart.php">
Is this what you want to do??
As Maxim said, you don`t really have to concatenate so pedantically but it
helps demonstrate what is happening.
cheers CD
> ----- Original Message -----
> From: "John W. Holmes" <[EMAIL PROTECTED]>
> To: "'Philipp Bolliger'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
> <[EMAIL PROTECTED]>
> Sent: Saturday, November 09, 2002 5:38 AM
> Subject: [PHP-WIN] RE: [PHP] How to echo the end marker '?>'
>
>
> > > subject's allready my question ! I want to echo something like :
> > "<form
> > > action = \",?php echo $PHP_SELF ?> \" >" so that the action becomes <?
> > > echo $PHP_SELF ?> !! But I can't figure out how to escape ?> so that
> > the
> > > interpreter doesn't take it as the end of the script ! Any idea ?
> >
> > Maybe I don't understand... but,
> >
> > echo "<form action=\"<? echo \$PHP_SELF ?>\" >";
> >
> > ---John Holmes...
> >
> >
> >
> > --
> > PHP Windows Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
>
--- End Message ---
--- Begin Message ---
how would I send the post data to the script within PHP?
I currently use
virtual("cgi-bin/aaa.cgi?".$premade);
----- Original Message -----
From: Maxim Maletsky <[EMAIL PROTECTED]>
To: DaMouse <[EMAIL PROTECTED]>
Cc: PHP - Win <[EMAIL PROTECTED]>
Sent: Thursday, November 07, 2002 6:01 PM
Subject: Re: [PHP-WIN] sending cgi script query string
> Query String is 255 bytes long, including the URL itself. Basically, if
> you think your data can get over 200 chars, then you should not use
> Query String. Ue POST instead (or sockets with POST)
>
>
> --
> Maxim Maletsky
> [EMAIL PROTECTED]
>
>
>
> "DaMouse" <[EMAIL PROTECTED]> wrote... :
>
> > I intend on sending long messages to a cgi script in a the query string
using virtual and i was wondering what the max query string length is within
the scripts
> >
> >
> > Ensign Baker
> > HCO Officer
> > USS Atlantis
>
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
Hello,
I am endeavouring to set up PHP with Xitami web server, which I am able to
run perfectly successfully by itself. However, when I try to run a PHP
executable, I get the following error in the browser:
Security Alert! The PHP CGI cannot be accessed directly.
This PHP CGI binary was compiled with force-cgi-redirect enabled. This means
that a page will only be served up if the REDIRECT_STATUS CGI variable is
set, e.g. via an Apache Action directive.
I have taken a look at the php.ini file in the relevant section, and I have
the following:
; cgi.force_redirect is necessary to provide security running PHP as a CGI
under
; most web servers. Left undefined, PHP turns this on by default. You can
; turn it off here AT YOUR OWN RISK
; **You CAN safely turn this off for IIS, in fact, you MUST.**
cgi.force_redirect=0
; if cgi.force_redirect is turned on, and you are not running under Apache
or Netscape
; (iPlanet) web servers, you MAY need to set an environment variable name
that PHP
; will look for to know it is OK to continue execution. Setting this
variable MAY
; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
cgi.redirect_status_env=1
I have tried various combinations of force_redirect and redirect_status_env,
but I still get the error. According to the manual, at
http://www.php.net/manual/en/security.cgi-bin.php, it is possible to use the
above variables to sort the matter out.
I would appreciate some explanation of this so that I can begin learning
PGP!!!!
Thanks very much,
Paul Trimming
--- End Message ---
--- Begin Message ---
Hello,
I tried to install the mcrypt extension successfully on Windows, but when
restarting Apache (PHP 4.2.3 as module) I get the error message:
"The procedure entry point _ecalloc could not be located in the dll
php4ts.dll"
Probably I do not have the correct version for php_mcrypt.dll
Anybody can post it to me?
Thanks
Ignatius
____________________________________________
--- End Message ---
--- Begin Message ---
are u running the php as a cgi script ?
Prachait
Zeus wrote:
> I made directories uder htdocs, and i put my php files.
>
> But, Apache cannot parse the php....
>
> how to change apache config to work with php files under subdirectories
>
> Apche 1.3.6
> PHP 4.2 as Apache module
>
> Thanks
> .zeus:.
> http://www.redrival.com/zeussama
--
Bye, and Have a nice day.
Prachait Saxena
---------------------------
Phone :- +91 - 712 - 544476
Email :- [EMAIL PROTECTED]
ICQ :- 71855637
MSN :- [EMAIL PROTECTED]
Yahoo Messenger :- [EMAIL PROTECTED]
If you do for other's !
Other's will do for you !!
Visit me at
http://www.Prachait.Com/
http://www.SitesOnTesting.Com/
--- End Message ---
