Date: 01/11/07 (Java Web)    Keywords: php, sql, security

While WordPress 2.0.6 is still hot a serious security defect (SQL injection attack) was found and fixed in WordPress 2.0.7, which is currently available as RC1 (release candidate 1). The key defects fixed are: Security defect Worked around a PHP bug for PHP 4.x less than 4.4.3 and PHP 5.x less than 5.1.4 with register_globals ON [...]

Source: http://blog.taragana.com/index.php/archive/critical-wordpress-security-defect-found-and-fixed-in-207/

Date: 01/11/07 (SQL Server)    Keywords: database, sql

I've asked this question before in a vaguely similar form. Still beating my head against the problem when I get a few minutes free.

Is it possible to:

1. Set the destination table in a transform data task, and
2. Set up the transformations in a transform data task

...in an ActiveX Script task in the same DTS package (SQL Server 2000)? I've read a few extremely vague forum posts on a few disparate boards that make me believe this is possible. When I try the first, though, I always seem to modify the database name the package is pointing to, rather than the table within the database.

Function Main()

	dim pkg
	dim conTextFile 
	dim conSQLDest
	dim stpEnterLoop
	dim stpFinished

	dim intLocation1
	dim intLocation2
	intLocation1 = instrrev(DTSGlobalVariables("gv_FileFullName").Value, "\")
	intLocation2 = instr(DTSGlobalVariables("gv_FileFullName").Value, ".")

	DTSGlobalVariables("gv_FileTableName") = Mid(DTSGlobalVariables("gv_FileFullName").Value, intLocation1+1, intLocation2-intLocation1-1)
	msgbox "FileTableName: " & DTSGlobalVariables("gv_FileTableName").Value

	set pkg = DTSGlobalVariables.Parent
	set stpEnterLoop = pkg.Steps("DTSStep_DTSDataPumpTask_1")
	set stpFinished = pkg.Steps("DTSStep_DTSActiveScriptTask_5")
	set conTextFile = pkg.Connections("Text File (Source)")
	set conSQLDest = pkg.Connections("SQLServerDestination")

	' We want to continue with the loop only of there are more
	' than 1 text file in the directory.  If the function ShouldILoop
	' returns true then we disable the step that takes us out of the package
	' and continue processing

	if ShouldILoop = True then
		stpEnterLoop.DisableStep = False
		stpFinished.DisableStep = True
		conTextFile.DataSource = DTSGlobalVariables("gv_FileFullName").Value
		conSQLDest.DataSource = "[XTend_Load].[dbo].[" & DTSGlobalVariables("gv_FileTableName").Value &"_JU]"
		Msgbox "Destination: " & conSQLDest.DataSource
		stpEnterLoop.ExecutionStatus = DTSStepExecStat_Waiting
	else
		stpEnterLoop.DisableStep =True
		stpFinished.DisableStep = False
		stpFinished.ExecutionStatus = DTSStepExecStat_Waiting
	End if

	Main = DTSTaskExecResult_Success
End Function

Source: http://community.livejournal.com/sqlserver/55376.html

Date: 01/11/07 (MySQL Communtiy)    Keywords: mysql, software, database, sql, web

I am running MySQL 4.1.22 on Windows 2000, and I'm having problems with European characters.

When data is input through the software that uses it, European characters are converted into strange symbols that may or may not display properly in a web context. For instance É looks like É in the database, ü comes out as ü.

When I input the data through SQLyog, everything from the first European character to the end of the string is cut off.

I am using utf8_general_ci, which is how the software set up the database. What am I doing wrong, or what else should I be looking for?

Thanks for any help you can offer.

Source: http://community.livejournal.com/mysql/108461.html

Date: 01/11/07 (Web Development)    Keywords: php, mysql, css, html, database, sql, web

I run a fan website and I'm currently having a problem with the navigation menu in one section.

The section is PHP/MySQL based (the other parts of the site are static HTML at the moment) and can be found here: http://www.selenayhaven.com/reviews/ It's the green left-hand navigation side bar that has problems reported. It uses unordered lists and CSS to acheive the 'button' appearance, following a tutorial from A List Apart. It works absolutely fine on all the instances of Firefox, Opera and IE that I've tested it on and other users report that it works in Safari. However, one user reports that the menu doesn't work when she clicks on it and I honestly cannot work out why.

Menus in the rest of the site (e.g. http://www.selenayhaven.com/gate/index.html) were constructed slightly differently (no lists) and my user has no problem with them. I decided to do them differently when I set up the database area because I thought it would be better from an accessibility POV - how wrong I was, apparently!

My query is whether anyone else using Firefox cannot use the problem navigation menu and whether anyone can suggest how I might be able to fix it. I'm about to start sorting out the site to accommodate IE7, so I want to make sure that I'm starting with a site that works properly before making yet more changes. My problem user has tested the site in both Firefox 1.5 and 2.0.

Source: http://community.livejournal.com/webdev/382284.html

Date: 01/12/07 (PHP Community)    Keywords: php, mysql, database, sql, web

Hello! This is my first post on LiveJournal.
I'm making a website for the group that I'm in, and I have a little bit of self-taught PHP & MySQL experience, but I'm up to the point of making the administration section so we can update the site without any hassle.

All I need is a little bit of a push to start me rolling (so to speak)
Any help is appreciated and will get a spot in the credits for the site.

What I need is:
*Admin Login.
*Posting Support.
*Managing of posts.
*Page authoring (eg... projects.php?id=XX (where 'XX' is projects name)).
*News authoring.

(MUST INCORPORATE MYSQL DATABASE!)

Any little bit of code would be great, just as long as it gets me started!
Thank you!

Source: http://community.livejournal.com/php/529282.html

Date: 01/15/07 (Computer Geeks)    Keywords: mysql, software, database, sql, web, linux, microsoft

I'm trying to find something that will do approximately what Microsoft Project does, without actually being Microsoft Project ... Things I'd be looking for (ordered approximately from most important, to least important...):

Date: 01/16/07 (WebDesign)    Keywords: php, mysql, database, sql, web, linux, hosting, apache

1) Can anyone recommend any reliable and not too expensive UK based webhosting companies?
(only hosting, no domain name registration needed)


Necessary features:
- Linux/Apache server
- at least 150MB webspace
- bandwith/traffic on a normal scale, the more the better *g*
- PHP (version 4 okay, 5 better)
- at least one MySQL database
- FTP access and several email accounts should be a given

A plus, but not really neccessary:
- .htaccess
- cgi/perl
- shell access

2) DreamHost as a webhost for a small business website?
I do have a DreamHost account, mostly for dabbling around and trying out stuff, and love all their features (and low prices). But although I've never had any problems so far, hearing every now and then about down times or bad customer service makes me a bit reluctant to recommend them to a client for hosting their small business website. Opinions, anyone?

Thanks! :-)

Source: http://community.livejournal.com/webdesign/1208737.html

Date: 01/16/07 (PHP Community)    Keywords: php, mysql, database, sql, web, linux, hosting, apache

Can anyone recommend any reliable and not too expensive UK based webhosting companies?
(only hosting, no domain name registration needed)

Necessary features:
- Linux/Apache server
- at least 150MB webspace
- bandwith/traffic on a normal scale, the more the better *g*
- PHP (version 4 okay, 5 better)
- at least one MySQL database
- FTP access and several email accounts should be a given

A plus, but not really neccessary:
- .htaccess
- cgi/perl
- shell access

ETA: Is DreamHost a recommendable webhost for a small business website?
I do have a DreamHost account, mostly for dabbling around and trying out stuff, and love all their features (and low prices). But although I've never had any problems so far, hearing every now and then about down times or bad customer service makes me a bit reluctant to recommend them to a client for hosting their small business website. Opinions, anyone?

Thanks! :-)

Source: http://community.livejournal.com/php/530162.html

Date: 01/16/07 (Web Development)    Keywords: php, mysql, database, sql, web, linux, hosting, apache

Can anyone recommend any reliable and not too expensive UK based webhosting companies?
(only hosting, no domain name registration needed)

Necessary features:
- Linux/Apache server
- at least 150MB webspace
- bandwith/traffic on a normal scale, the more the better *g*
- PHP (version 4 okay, 5 better)
- at least one MySQL database
- FTP access and several email accounts should be a given

A plus, but not really neccessary:
- .htaccess
- cgi/perl
- shell access

Addendum:I just saw that in this comm's user info DreamHost is recommended as a webhost.
I do have a DreamHost account, mostly for dabbling around and trying out stuff, and love all their features (and low prices). But although I've never had any problems so far, hearing every now and then about down times or bad customer service makes me a bit reluctant to recommend them to a client for hosting their small business website.
Opinions, anyone?

Thanks! :-)

Source: http://community.livejournal.com/webdev/383671.html

Date: 01/16/07 (PHP Community)    Keywords: php, mysql, sql

Okay, I'm new to php and am trying to set up a php/mysql calendar. I've got it all up and running but now I've got to tweek it based on my audience, so instead of it listing months and dates in English it needs to show them in both English AND Spanish, so I'm looking for some (hopefully) simple code help.

Here's a pic of part of my current code:


It's showing everything in Spanish perfectly, but I can't get it to show both. Basically what I want it to do is:
if current month is 01 then current month is Enero - January

...but any time I add "- January" or just a space and then January my code errors out or just shows a 0. Is there anything special I need to do for it to show Enero - January or Enero January?

I'm sure it's something simple that I've overlooked or forgotten.

Thanks in advance!!

Source: http://community.livejournal.com/php/530196.html

Date: 01/17/07 (PHP Community)    Keywords: php, mysql, sql, web

edit: solved. thanks for noticing my oversight... doh.

Thanks in advance for any help. This is a probably a simple one but here goes:

I have this part of a script that doesn't wish to behave:

$pre = "select `id`,`desc` from `lookups` where `desc` = \"" . $_POST['prefix'] . "\";"; echo "<p>" . $pre . "</p>"; $query = mysql_query($pre); $prefix = 0; while ($result = mysql_fetch_array($query, MYSQL_ASSOC)) { $prefix = $current['id']; echo $current['id']; } echo $prefix . "<br />";

the db connection is in place, and when i echo back the query to the web page and copy and paste it into phpMyAdmin, the query works fine and returns my result. There should only be one row of results, which there is when I run the query, but when I try to fetch the result and store it in the variable $prefix it doesn't work. I'm not getting any errors thrown, it's just not working. Any ideas? Sorry if it's totally obvious. I'm under a zillion deadlines and have spent too long swearing at the computer over this one.

Thanks again!

Source: http://community.livejournal.com/php/530760.html

Date: 01/17/07 (PHP Community)    Keywords: php, mysql, html, database, sql

I'm trying to create a super basic login page.. one that doesn't require a mysql database of usernames and passwords, which apparently is nearly impossible to find. I'm still relatively new to php.. bumbling along mostly. Anyway.. here's what I've got so far



In the first page of the protected section:

session_start();
if (isset($_POST['user'])) {
$_SESSION['username'] = $_POST['user'];
$_SESSION['password'] = $_POST['pass'];
$_SESSION['authuser'] = 0;
}
//check username and password information
if (($_SESSION['username'] == 'bob') and
($_SESSION['password'] == 'smith')) {
$_SESSION['authuser'] = 1;
} else {
echo "Sorry, but you don't have permission to view this page, Try Again";
exit();
}
?>

session_start();
if ($_SESSION['authuser'] = 1) {
?>

html stuffs

else {
echo "Sorry, but you don't have permission to view this page, Try Again";
exit();
}
?>

Source: http://community.livejournal.com/php/530638.html

Date: 01/18/07 (PHP Community)    Keywords: php, programming, mysql, sql

hih guys!!!

I'm new here ^_^ I have been programming in php for about 2 years. I also post some php / mysql snippets in my journal when i freak out hehehe.

Hope to have a good time with you guys ;-)

Source: http://community.livejournal.com/php/530977.html

Date: 01/18/07 (PHP Community)    Keywords: php, mysql, sql

I have two scripts: The first checks adirectory for data files several times an hour. If data files arefound, a second script is called to process each data file. The secondscript is time intensive and if there are multiple files to process I'msure to encounter timeout issues (and I don't want to increase my phptimeout to unreasonable levels)

(fwiw, the second script does not involve repeated MySQL queries (onlyone read per file), it's just text parsing but there is a LOT of text.Perl is not an option at this point. I'm using ereg instead of thebuilt-in php str functions to help ease the load on the cpu).

So -- is there a way to fork (or spawn) a new php process in a windows environment? 

Many thanks,
pk

Source: http://community.livejournal.com/php/531237.html

Date: 01/22/07 (MySQL Communtiy)    Keywords: mysql, sql

i have two tables, contacts and tasks. users create a contact and then create tasks for the contact. one contact can have many tasks. i want to retrieve the contacts and, if there are any active tasks, i want to retrieve only one. if there are no active tasks, i still want to get the contact. the idea is that users can see a list of contacts, and a little icon appears next to any that have pending task/s. i've been doing this (simplified a bit):

SELECT c.`id`,c.`name`, t.`id`, t.`task_type` FROM `contacts` AS `c` LEFT JOIN `tasks` AS `t` ON c.`id` = t.`contact_id` AND t.`done` = '0' WHERE 1 GROUP BY c.`id`

which was working, but lately is running very slow (mysql hangs for 2+ minutes at "copying to tmp table"). is there a more efficient way to do this? everything else i can come up with only returns contacts with active tasks. i had to toss that GROUP BY in there because otherwise i'd get a contact returned as many times as it had tasks, which is obviously not right and a bit hacky. so, i'm sure i'm doing something wrong here.

Source: http://community.livejournal.com/mysql/108677.html

Date: 01/23/07 (PHP Community)    Keywords: php, mysql, sql, postgresql

Recently I translated into English one of my old project, DbSimple (LGPL). It is a DB abstraction library for PHP which could work with MySQL, PostgreSQL, FireBird. The main idea is extremely simple interface: everything which may be done automatically is realized so in DbSimple, and code remains quite readable.

It would be great if your comment this library (and possibly try). For my projects this library simplifies the work very much, maybe it will be useful for others...

Some key features:

• Conditional macro-blocks in SQL body ({}-blocks), which allow to dynamically generate even very complex queries without detriment to code readability.
• Caching of query results (if necessary).
• Different fetch methods (as column, as 2d array, as key-based multidimension array, as tree etc.).
• Supports various placeholder (query arguments) types: list-based, associative, identifier-based etc.
• Supports operation "select + count total number of resulting rows" (for data displayed page-by-page).
• Functions for direct fetching: all result rows, one row, one column, one cell, associative array, multi-dimensional associative array, linked tree etc.

$rows = $DB->selectPage($totalNumberOfRows, '
        SELECT *
        FROM goods
        WHERE 
            category_id IN(?a)
          { AND activated_at > ? }
        LIMIT ?d, ?d
    ',
    $categoryIds,
    (empty($_POST['activated_at'])? DBSIMPLE_SKIP : $_POST['activated_at']),
    $pageOffset, $pageSize
);

Source: http://community.livejournal.com/php/532896.html

Date: 01/26/07 (Code WTF)    Keywords: mysql, sql

Достался один проектик, написанный румынским аутсорсерами для немцев.

В следующей процедуре румыны проверяют, дал ли пользователь допустимое имя таблице для MySQL (имя вводится в форму, по нему создается таблица):

Что делает этот кусочек кода? Определяет, есть ли в строке пробел. Для этого румынские умельцы определяют длину строки, удаляют из строки все пробелы, снова определяют длину и сравнивают два значения:

if( strlen( $pName ) != strlen( str_replace(" ", "", $pName) ) )
{//contains spaces
    $isName = false;
}

for ($i=0 ; ($i < strlen($pName)) && ($isName) ; $i++ )
{
    if( !( ctype_alpha( $pName[$i] ) || 
           ctype_digit( $pName[$i] ) ||
          ( $pName[$i] == '_' ) ) )
    {
        $isName = false;
    }
}

if ((strtolower($fmultipledownload) != strtolower("YES")) &&
    (strtolower($fmultipledownload) != strtolower("NO")) )
{
    // some stuff here
}

Source: http://community.livejournal.com/code_wtf/65914.html

Date: 01/28/07 (PHP Community)    Keywords: php, mysql, asp, sql

I try not to be authoritive on anything until I got documentation to back me up and at the last minute of work on Friday I ran into a problem. One of the core programmers in my team is a recovering .net/asp developer who is still getting upto speed on PHP. He's got the block and tackle idea's but of course you can't become a master at a new language until you've had atleast one or two nervous breakdowns because the new language isn't doing what the other languages did. thedailywtf.com also helps.


Anyway: to the point. My understanding of the mysql library in PHP core is that it tries it's best to recycle instances to the server between different instances. So if script A is run by 10+ different people, php mysql is going to try and share. Apparently this is not true in .net (version unknown). My coworker got called in to fix a wtf script that would slowly devour all available connections to the DB because the last developer didn't close the connections. So he wrote this really amazing and really elaborate wrapper class that I don't think is necessary but I am not completely sure.

Basically, on wrapper creation, it checks a flag for "in_use" and if true, creates a new mysql_connect resource handle. This scares me because if I really understand it... the wrapper could create a dozen handles to the DB in one cycle of script execution then multiply that by number of individual script executions and this could be bad? Or am I wrong. Is the php mysql_ smart enough not to shoot us in the foot?

The original plan was for the DB wrapper to be used like so.


FrameworkObject->getDb("db name");

this then skims through an array structured like:

$dbc['db name'] = array('info'=>'This is the general db connection', 'server'=>'my.server.com', 'account'=>'myUserName','password'=>'pw','flags'=>NULL,'INT'=>NULL);


The key is the $dbc['db name']['INT'] which would hold the resource handle to the wrapper. Voila, instant conservation of resource handles. Then the trick is just to put in the DB::__destruct() a mysql_close();


Or am I wrong as well? or are we both wrong in ways not understood just yet?

Source: http://community.livejournal.com/php/533911.html

Date: 01/29/07 (PHP Community)    Keywords: php, mysql, rss, sql

It's been a while since i posted in here, but last time i got a great response and was sorted out quickly, so fingers crossed someone can spot the mischievous bit of code that is causing me problems and help me out :)


I am populating a drop down menu from a DB. I have sub categories and articles within those Subcats. I want the drop down to list the sub categories, then if there is only ONE article attached to that Subcat then it ges to a paage to display that article. If there are more than one, then it goes to a page that lists the articles for the user to choose.

I had the code working fine to display when just one article is assigned to each subcat. It even works when there is more than one.

HOWEVER, the problem is that if there is more than one article per subcat, it repeats the subcat name in the drop down. So if there are two articles, it lists the subcat twice, three articles shows three subcats, etc.

anyone able to look through the code and see where i am going wrong? :) pretty please? :)

many thanks in advance!



---lots of other php stuff up here, including an if statement just before the cut off point---

$catid = $rowCat['cat_id'];
} // end if isset

$subcatSQL = "SELECT DISTINCT c.cat_id, c.cat_title, c.cat_parentid, c.cat_type, c.cat_visible";
$subcatSQL .= " FROM tbl_cats c";
$subcatSQL .= " WHERE c.cat_visible=1 AND c.cat_parentid = '$catid'";
$subcatSQL .= " AND c.cat_type LIKE 'articles%'";
$subcatSQL .= " ORDER BY c.cat_id ASC";
$rsSubCat = mysql_query($subcatSQL, $conn) or die("Query failed : " . mysql_error());
while($rowSubCat = mysql_fetch_array($rsSubCat)){

$subcatid = $rowSubCat['cat_id'];

$artSQL = "SELECT a.art_id, a.art_title, a.art_visible, ac.artcat_artid, ac.artcat_catid";
$artSQL .= " FROM tbl_articles a, tbl_art_cats ac";
$artSQL .= " WHERE ac.artcat_catid = '$subcatid' AND ac.artcat_artid = a.art_id";
$artSQL .= " ORDER BY a.art_id ASC";
$rsArt = mysql_query($artSQL, $conn) or die("Query failed : " . mysql_error());
$num_rows = mysql_num_rows($rsArt);

while($rowArt = mysql_fetch_array($rsArt)){

if ($num_rows > 1) {
?>

} elseif ($num_rows = 1) {
?>

} //end of elseif

} // end rowart while
} //end rowsubcat while
} // end of rowcat while
?>

Source: http://community.livejournal.com/php/534660.html

Date: 01/29/07 (SQL Server)    Keywords: sql

I would like to trim off everything past a certain point in a return left. Example Return: This is my information
Desired Return: information

This works just fine and dandy in Crystal but I know instr doesnt work in SQL how can I convert/overcome this hurdle

Example in crystal:
Right("information", (Len("Information")) - (InStr(1,"information", ' ' )))

Thanks for any help...

Source: http://community.livejournal.com/sqlserver/55892.html