Date: 04/24/06 (PHP Community)    Keywords: php, mysql, html, sql, security, web, spam

Hi everyone,

I'm looking for some advice on some simple security measures. I deal with a political web site that wouldn't necessarily be sticking its neck out for malicious attacks but has received some spam attention on its forms already, and I worry as we store more data in a MySQL db (is it wrong to store a mailing list there?) that an injection could get in and send out sensitive information or potentially attack our larger parent organization that provides us with server space.

Basically I have the same kind of simple form doing the same thing in a few instances of the web site. The form has about 20 fields, most type text some textarea, and a few of type file (for resumes, applications, etc). I don't currently copy any of the files to the server because I don't have access to, so I email them (via PHP) to myself or whoever the coordinator is. I don't currently have anything in place except for strip slashes and/or remove html in some cases, but I know that these measly little concoctions don't do anything to protect me from a sophisticated (or hell, even newbie) attack.

What kinds of things should I be doing? I should probably be processing strings to make sure that they don't have any sql in them or make it so that the user is blocked from having access to damaging things, but I don't know what signifiers to look for or even what functions to use. Anyone have any basic suggestions or advice, or a link to a source that might help me beef up my data police? Thanks in advance!

Source: http://community.livejournal.com/php/443711.html

Date: 04/26/06 (PHP Community)    Keywords: mysql, sql

Can anyone recommend a good one? Especially if you have experience with it, anything you can share would be helpful. I've been poring through the huge variety of them on sites like Hot Scripts, but I'm thinking I need to hear from people who may have used them.

I'd be tempted to just write my own, but I'm looking for something pre-made. Commercial is fine, if your recommendation is of that nature.

EDIT: It has to be able to use a MySQL backend.

Source: http://community.livejournal.com/php/444759.html

Date: 04/28/06 (WebDesign)    Keywords: php, mysql, database, sql, web

Hello all. I am in the process of starting a member's section for the website at my job. My boss wants members to be able to login and view information that is specific to them.. such as pricing, sales history, etc. What I'm wanting to know is what is the best way to go about doing this? A PHP/MySQL database? Something different? This will be my first time doing anything like this. I'm really looking forward to it as I'll be able to learn some new and interesting things, but where's a good place to start? I appreciate any suggestions you guys can offer. You're all always such a huge help!

Source: http://community.livejournal.com/webdesign/1101500.html

Date: 05/03/06 (MySQL Communtiy)    Keywords: php, mysql, sql

So I have been crafty and created a site that uses only a couple pages(PHP+MySQL)... but now I fear I wont be able to track how my users use my site. The navigation is such that if they pick a category from a list, the query returns limited results (for that category only).

How do I track which category users are selecting? If it helps the categories are listed in their own table.

Source: http://community.livejournal.com/mysql/94367.html

Date: 05/03/06 (Algorithms)    Keywords: mysql, database, sql

I've got a large transition matrix (2000+ states) that is pretty sparse (most transitions are 0 probability). Right now I'm storing the thing in a MySQL database, and generating sequences based on the probability matrix is soooo slow.

There must be a more compact way to represent these transition probabilities, so that I don't have to do a query on a 2000+ row x 2000+ column database table every iteration of the system. But I don't know how.

Any thoughts?

Source: http://community.livejournal.com/algorithms/75944.html

Date: 05/04/06 (Web Development)    Keywords: php, mysql, css, html, sql, web

Hello!
I was wondering if I could get some advice on how to increase my skills as a web programmer and become more marketable. I know HTML backward and forwards, know quite a bit of PHP (especially in conjuction with MySQL) and CSS. I recently bought one of Eric Myer's books on CSS. It gave me ideas for layouts and such but didn't really expand my knowledge much. I also have a Sams 21 days book on .Net for a VB programmer (which I used to be till I didn't have access to Visual Studio). I thought about learning .Net but .Net requires the Visual Studio IDE and a server with .Net support, neither of which I have. What next? Should I go with AJAX maybe ? Also, I am a programmer, not a designer and would like to improve the artisitc side so my sites don't look as bad as they do now. Is there a list of topics every web developer should know before moving to other topics? Any advice would be greatly appreciated! Thanks!




If you would like to look at my site, it is here

Source: http://community.livejournal.com/webdev/318007.html

Date: 05/04/06 (Security)    Keywords: mysql, software, database, sql, security

Security patch is designed for the latest versions of MySQL's open-source database software.

Source: http://news.zdnet.com/2100-1009_22-6068514.html

Date: 05/07/06 (MySQL Communtiy)    Keywords: php, mysql, database, sql, web

I'm currently moving hosts, from a host with mySQL 4.1.18 to 4.0.25. The site was made with a php templating program called website baker. For some reason when I backup the database in mySQL 4.1.18 (with compatibility for earlier versions) and I try to upload the database using cpanel in the new one, it just doesn't recognize anything and won't restore the database. Any ideas on how I could get around this?

x posted in mysql and php_mysql

Source: http://community.livejournal.com/mysql/95054.html

Date: 05/06/06 (MySQL Communtiy)    Keywords: php, mysql, database, sql

I'm currently developing a small community site (WOW Guild site), and am working on optimizing the database calls and such.

Currently, when a user loads a page the system checks the user's authentication, and then to see who else is online, checks a field in the db to see how many people have a comparable time...:

1. user loads page > SELECT * FROM `Members` WHERE `name`=$name AND `pass`=$pass




2. update user > UPDATE `Members` SET `lastclick`=$now WHERE `id`=$id




3. find other users online > SELECT `id` FROM `Members` WHERE `lastclick` >= $now

mysql

php_mysql

Source: http://community.livejournal.com/mysql/94558.html

Date: 05/10/06 (PHP Community)    Keywords: mysql, sql

Hello all. I hope this isn't too Newbie-ish.

I have a table in MySQL called "Entity" that has the following columns:

Entity_UID - int 50 Not Null Auto Inc
foo - date
recordCreated - dateTime

So the question is: if I do:

$query = "INSERT INTO Entity VALUES (NULL, '2005-12-25', NOW())";

$result = mysql_query($query);

What is the easiest way to get back the Entity_UID of the record I just created?

Source: http://community.livejournal.com/php/449188.html

Date: 05/15/06 (Web Development)    Keywords: php, mysql, sql, web, hosting

Who has the best deal around for domain transfer & webhosting?
DNS, PHP, MySQL (5-DB or more), High Bandwidth 50-GB or more (Media Downloads)

I use iPowerWeb for everything at the moment (I use to work there)

Source: http://community.livejournal.com/webdev/320489.html

Date: 05/15/06 (Java Web)    Keywords: mysql, html, database, sql

I wanted to create ajax based commenting system for some html pages. The design goals were: 1. Simple to use and install 2. Database (MySQL) backed 3. Minimal changes to HTML template / files 4. Support effective (no frequent cache refreshes) html page compression / caching strategy for heavily commented sites. An AJAX based system fits the bill. The new [...]

Source: http://blog.taragana.com/index.php/archive/how-to-create-ajax-commenting-system-for-static-html-pages/

Date: 05/16/06 (MySQL Communtiy)    Keywords: php, mysql, browser, database, sql, web

I'm currently working on re-engineering a web stack completely to use mysql as a back end instead of (shiver) a bunch of Access files. I've used mysql for years both personally and professionally, but being a UNIX dork I've almost exclusively done so from the command line. Whenever I've needed something a little more user-friendly than that, I've installed a web tool like phpmyadmin.

However in this case, I'm working in an all-Windows shop (mostly server 2003) and I know that I'm going to be passing this on to someone in a couple years. As I document various tasks, I'd like to use a desktop client with a GUI interface for doing things like "browsing" the database, modifying stuff now and then, etc.

I see that mysql.com has a nice "administrator" and "query browser" available and they're pretty nice - but neither is really what I'm looking for in terms of something that has a GUI interface and actually manipulates the data itself. Unfortunately I cannot count on a successor knowing much SQL or being comfortable on the command line.

I'm guessing there are many free tools out there but would love to start out on whatever people who already love to use such things find the most mature, featureful, easy to use, etc. So, any suggestions? TIA!

EDIT - solved, thanks!

Source: http://community.livejournal.com/mysql/95405.html

Date: 05/18/06 (PHP Development)    Keywords: php, mysql, sql

The company that I work for hired someone to write an application that tracks the business. She is developing it in PHP/MySql on her local Windows box using Dreamweaver's code snippets. I have never used the code snippets in Dreamweaver mostly because I preferred to write the code myself so that I knew what I was getting. There are no comments in her code and I am afraid that at some point I am going to inherit this mess.

So my question is, have any of you ever used these code snippets to write large applications that need to be secure enough to store credit card numbers and sensitive client information as well as the companies financial records. The site may at some point be hosted on the internet so that remote users can access it as well.

Thanks.

Source: http://community.livejournal.com/php_dev/68168.html

Date: 05/18/06 (MySQL Communtiy)    Keywords: mysql, browser, sql, web

Hey folks, another newbie-to-mysql-on-windows question here, and many thanks again to the help on my previous one...

In my previous mysql experience on unix-like platforms, it was generally considered a Good Thing to turn off networking if you didn't "need" it, just talking directly to the mysqld instead. In cases where a local web stack on the same box was all that ever needed to talk to mysql, this worked well, and unless I'm smoking crack, it even seemed to perform a little better than chatting on 3306 using TCP/IP and worrying about telling either the daemon or the firewall (or both) to restrict such conversations to localhost.

Somewhat naively, I tried to do this in Windows today and got some unexpected results.

I'm working with an old version of coldfusion and modern mysql and recently discovered that rather than the "use an old version of Connector J" method mentioned in the Macromedia knowledge base, I can just install the nice current version of the mysql ODBC Connector, then set up a system DSN right in Windows. I tell coldfusion to use this "ODBC socket" and poof, things seem pretty quick. So great, I think, now that I'm not using the old Connector J which seemed to require a TCP/IP method, now I should be able to skip networking in the mysql daemon and just tell the system DSN config where the "socket" is.

Not so simple! I turned off networking (using mysql Administrator, since I'm trying to "be GUI" about this) and as expected, it uncommented "skip networking" in the my.ini file. However, after this, Windows couldn't start the mysql service anymore. Furthermore, the Administrator and Query Browser didn't seem to be able to connect without a port number. As soon as I re-enabled networking by editing the my.ini file, everything was fine.

Did I miss something? Am I smoking crack? Should I just leave well enough alone and use networking with mysql configured to only allow connections from localhost and Windows told not to expose 3306 to the outside world?

All opinions welcome - just please don't suggest "use something other than crutsy old cold fusion" because unfortunately that's not really an option. TIA!

Source: http://community.livejournal.com/mysql/95724.html

Date: 05/27/06 (Java Web)    Keywords: php, mysql, sql

Many of us do not realize that MySQL’s Timestamp is not the timestamp which PHP date() understands. In fact if you try to use MySQL timestamp directly in php date() function then you will get totally wrong dates. There is a simple way to use MySQL timestamp data in php. First you need to modify the [...]

Source: http://blog.taragana.com/index.php/archive/how-to-process-mysql-timestamp-in-php/

Date: 05/31/06 (Web Development)    Keywords: cms, php, mysql, database, asp, sql, security, web

Hi all, a quick question.

I use PHP mostly because it's the only web language I know well enough to do what I need to do on a daily basis, but my place of employment is considering redesigning the web site - and letting me have control over how it's developed and in what languages, etc. Is there any advantage of using ASP over PHP, or any other language over another? I integrate a lot with a database (MySQL) (calendars, event listings, internship databases, video archive, etc) and currently run on a Sun box, but I also need to integrate (in the future) with a SQL database on an IIS server, which required me to develop in ASP. I didn't know ASP so we had to contract it out, and I'd rather avoid doing that again in the future - unless there's an added security benefit to asp or something like that. Opinions anyone, on what language to use vs another, or any opinions on a sort of "dream set up" (including CMS - I've never used a third party so recommendations would be interesting) I might be able to go after?

Thanks everyone!

Source: http://community.livejournal.com/webdev/325474.html

Date: 05/31/06 (PHP Development)    Keywords: php, mysql, html, sql, java, web

I've created a site hoping to archive php coded forums from the world wide web. This way an internet surfer can login and search categorized listings of forums so they can easily find what they're looking for.

Since there are thousands of php coded forums of all different content, I'd like to set up categories and list them under it.

unfortunately I know very little php. I know how to implement MODS into my forums and that's just about it.

Here's the site I'm working on. http://phpforumarchive.com/

Any suggestions or anyone willing to help? I am sure this will be a decent site when completed and people (internet surfers) will probably use it frequently. Forum owners will like it because of the free advertising they get for their site.

I know html, some javascript, no php beyond pre written MODS that show you how to instal them. MySQL? Forget it.

Tell me I'm in over my head.

Source: http://community.livejournal.com/php_dev/69050.html

Date: 05/31/06 (PHP Community)    Keywords: php, mysql, html, database, sql, microsoft

Alright guys, I'm having a bit of a problem. I'm in the process of writing this small document-tracking application for my mother's work and was writing it on my own site. It worked almost perfectly except for some functionality that I had yet to add.

But when I went to upload it to the server it was supposed to be on, I found out they were running an older version (4.4.1) than the one I had been writing for (5.1.2). So, I went in to go fix the problems (like removing Try-Catch statements), and I seem to have gotten most of them worked out, except one: for some reason the mail() function isn't actually sending any mail.

I've tried it with many different email addresses and no luck. Now, the server this is currently on (the server it will have to be run from as well) is using Microsoft Exchange which I don't really know much about. We've been looking at some of the other applications that are run on this server with working mail functionality and can't figure out why this application isn't running.

//File Name: docFunctions.php
//Author: Lisa Obenauf
//
//For use by Union Station of Kansas City (http://www.unionstation.org) only.

function generateEmail()
  {
    //MYSQL DB Connection and Table selection removed for privacy puroses//
    
    //Verify the connections to the Database and Table
    if (!$email_connect || !$db_select)
    { 
      die("Problem connecting or selecting a database."); 
    } //end if

    //initialize variables
    $sender = $_POST['docFrom'];
    $attachment = $_FILES['docAttachment']['name'];

    $headers = "From:" . $_POST['docFrom'] . "\r\n";
    $headers .= "Reply-To:" . $_POST['docFrom'] . "\r\n";
    $headers .= "Content-Type: text/html;\r\n charset=\"iso-8859-1\"\r\n";

    $body = "    
      
        
      

      
        

          File: " . $_FILES['docAttachment']['name'] . "

          Respond By:" . $_POST['docDue'] . "
        
        

          " . $_POST['docDescription'] . "
        
      
    ";
    
    //Verifies that a recipient has been selected.  If not, an error is displayed.
    if ($_POST['docTo1'] === "")
    {
      die("Please choose someone to receive the attached document.");
    } //end if
    else
    {
      //Initialization of the $query statement for INSERT
      $query = "INSERT INTO `doc_tracking` ( `doc_id` , `doc_from` , ";
      $query .= "`doc_to_1` , `doc_to_2` , `doc_to_3` , `doc_to_4` , `doc_to_5` , `doc_to_6` , `doc_to_7` , `doc_to_8` , `doc_to_9` , `doc_to_10` , ";
      $query .= "`doc_route` , `doc_distribution` , `doc_due` , `doc_action_1` , `doc_action_2` , `doc_action_3` , `doc_action_4` , `doc_action_5` , ";
      $query .= "`doc_action_6` , `doc_action_7` , `doc_action_8` , `doc_action_9` , `doc_action_10` , `doc_description` , `doc_attach` ) ";
      
      $query .= "VALUES (NULL , '" . $_POST['docFrom'] . "', '" . $_POST['docTo1'] . "', ";

      //Sets the recipient of the email
      $recipient = $_POST['docTo1'];

      //if there are more recipients, they are added to $recipient for use in mass mailing.  
      //The $query variable is also augmented with either the person's email address or NULL if no address was selected.
      if ($_POST['docTo2'] === "")
        $query .= "NULL ,";
      else
      {
        $query .= "'" . $_POST['docTo2'] . "', ";
        $recipient .= ", " . $_POST['docTo2'];
      } //end else

      if ($_POST['docTo3'] === "")
      $query .= "NULL ,";
      else
      {
        $query .= "'" . $_POST['docTo3'] . "', ";
        $recipient .= ", " . $_POST['docTo3'];
      } //end else
    
      if ($_POST['docTo4'] === "")
        $query .= "NULL ,";
      else
      {
        $query .= "'" . $_POST['docTo4'] . "', ";
        $recipient .= ", " . $_POST['docTo4'];
      }  //end else
    
      if ($_POST['docTo5'] === "")
        $query .= "NULL ,";
      else
      {
        $query .= "'" . $_POST['docTo5'] . "', ";
        $recipient .= ", " . $_POST['docTo5'];
      } //end else

      if ($_POST['docTo6'] === "")
        $query .= "NULL ,";
      else
      {
        $query .= "'" . $_POST['docTo6'] . "', ";
        $recipient .= ", " . $_POST['docTo6'];
      } //end else
    
      if ($_POST['docTo7'] === "")
        $query .= "NULL ,";
      else
      {
        $query .= "'" . $_POST['docTo7'] . "', ";
        $recipient .= ", " . $_POST['docTo7'];
      }  //end else
    
      if ($_POST['docTo8'] === "")
        $query .= "NULL ,";
      else
      {
        $query .= "'" . $_POST['docTo8'] . "', ";
        $recipient .= ", " . $_POST['docTo8'];
      }  //end else
    
      if ($_POST['docTo9'] === "")
        $query .= "NULL ,";
      else
      {
        $query .= "'" . $_POST['docTo9'] . "', ";
        $recipient .= ", " . $_POST['docTo9'];
      }  //end else
    
      if ($_POST['docTo10'] === "")
        $query .= "NULL ,";
      else
      {
        $query .= "'" . $_POST['docTo10'] . "', ";
        $recipient .= ", " . $_POST['docTo10'];
      }  //end else
      
      //Initialization of the "Respond By" information
      $dueBy = $_POST['docYear'] . "-" . $_POST['docMonth'] . "-" . $_POST['docDay'];

      //Continuation and conclusion of the INSERT statement
      $query .= "'" . $_POST['docRoute'] . "', 'all' , '" . $dueBy . "', NULL , NULL , NULL , NULL , NULL , NULL , NULL , NULL , NULL , NULL , '" . $_POST['docDescription'] . "', '" . $attachment . "');";

      //Email Information to be displayed to the user.  Contains the information sent in the email.
      echo "Document Number: " . $_POST['docID'] . "

";
      echo "From: " . $_POST['docFrom'] . "
";
      echo "To: " . $recipient . "

";
      echo "Attachment: " . $_FILES['docAttachment']['name'] . "

";
      echo "Respond By: " . $_POST['docMonth'] . "-" . $_POST['docDay'] . "-" . $_POST['docYear'] . "
";
      echo $_POST['docDescription'];

      //Inserts information into the Database
      $result = mysql_db_query("test", $query);

      //Checks to see if the email needs to be sent to each person Sequentially or all at once.  
      //If sequentially, then the e-mail is just sent to the first recipient, and will be sent to the rest of the recipients.
      //through confirmation via a different form.
      if ($_POST['docDistribution'] === "all")
        mail($recipient, "", $description, $headers);
      else
        mail($_POST['emailTo1'], "File: " . $_POST['docAttach'], $body, $headers);
     
      //verifies the successful insertion of the information into the database.
      if (!$result)
      {
        die("
Invalid Query: " . mysql_error() . "
");
      } //end if
      else
      {
        echo "
Insert successful.
";
      } //end else
    } //end else
    mysql_close();
  } //end generateEmail()

Source: http://community.livejournal.com/php/455409.html

Date: 06/06/06 (WebDesign)    Keywords: php, mysql, sql, web, hosting

I'm looking for a new webhost, and I've been through a bunch of the old posts here asking for host suggestions, so far though nearly all of them still only support php 4.* not php 5. Do any of you guys have any hosting solutions that offer mysql, and php 5 for relatively cheap(~10$/mo)?

Source: http://community.livejournal.com/webdesign/1121239.html