gizmola

Seconded. Putting a captcha on a login page is a really bad idea, unless you don't give a hoot about the incredible annoyance to the legitimate users of your system.

I don't really agree. Where a framework is concerned, the advances to php's oop capabilities make a big difference, in my opinion.

You can not serialize result sets, or any other resource types. You can however, fetch all the data, store it in an array and serialize it. Session variables are serialized by php, which is how they persist between requests.

He was an oddball, but I'm not sure he was treated fairly, once the molestation accusations came out. The media crucified him, and made a fortune in the process. He was never convicted of a crime, and let's face it, the prosecutor and police in Santa Barbara all did everything they could to get him, because they saw the opportunity to make their careers in the process, and they never were able to get the evidence to prove the allegations made against him. I was never a huge fan of the guy or his music, but it's still sad to see a relatively young man, supposedly in perfect health, just up and die unexpectedly like that.

All they need for the sql injection is to get $login to be ' OR 1=1 First thing to do is get register globals off. Even if this breaks the site, it's a huge gaping security hole and it's literally been years now that everyone has known this, and the default for it has been off. Turn that off, and get busy figuring out how to recode. Also, the feedback you got on exiting after the header is very important. One other word of advice, read up on session fixation. Any time you esclate privileges, like after a login, you should regenerate the session id.

Ok, so the problem is that oracle has it's own networking protocol and naming system called TNS. Typically you set up entries for this in the TNSNAMES.ORA file. It's a kind of arcane LISP like syntax. Once you have a valid TNSNAMES entry for the server you're trying to attach to, you can try to use the simplified connect string you're attempting to utilize, but the problem looks to me like there's no such entry. You can try to feed the entry to it in the connect string parameter. You must know the SID of the server, which it looks like you did ('testms'). You can try this: $db = " (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP) (HOST = 10.10.XXX.XXX) // your serverIP (PORT = 1521) ) (CONNECT_DATA =(SID = testms)) )"; $conn = OCILogon($user, $password, $db) or die (ocierror()); In regards to ociLogon vs. pconnect, pconnect makes a persistent connection. Unlike mysql, the oracle login process is very heavy, and can take a long time. To get decent performance out of oracle, you need to use persistent connections.

Glad I helped. Thanks for following up and posting your solution.

We don't know about your application, but on a basic level, yes. You have a Store table, with a key (store_id). One row per store. You might also need an item table from the sound of it. (Key: item_id). One row per item. Then you have storeItem table. If for example this track inventory, you'd have something like: storeItem ------------ storeItem_id pk item_id ---> Identifies the item store_id ---> Identifies the store qty ---> quantity on hand. Just a guess given the small amount of info we have from you.

No you can not join 40 seperate tables that have no relations. You can Union them, but it's just a really bad design and I can't recommend it. With that said, the answer is: UNION. SELECT * FROM item1 UNION SELECT * FROM item2 UNION etc. The structure of all the item tables needs to be the same.

First off, please put all your code inside the bbcode php tags. 2nd, curl is a client library. It runs on the server, and allows your server to act as a *client*. As such, it can *accept* cookies, when they are required, and utilize them. Curl does not set cookies, because it is a client, not a server. You can set cookies in php without issue. For that you use the setcookie() function.

echo '</pre> <table width="400" border="0" cellspacing="0" cellpadding="0">'; echo ''.CLOSE_OUT_MESSAGE.''; echo '</table>';<br>echo '<table width="800" border="0" cellspacing="0" cellpadding="0">'; $rowcnt = 0; while($row = db_fetch_array($letterQuery)) { $tempLetter = explode(" ", $row['products_description']); if(!in_array($tempLetter[0], $used)) { $rowcnt++; $used[] = $tempLetter[0]; if ($rowcnt echo ''; echo ''.$tempLetter[0].''; echo ''; } else { // Do your stacking stuff here } } } echo '</table>

Again -- you have 40 tables?

Sounds like your database structure is probably wrong. How about providing the table layout, and a brief description of what the application is suppossed to do.

Ahh, so it now all becomes clear. You are using some form of templating system, so this is why, when you stick in a into a string, it appears translated to the html entities rather than getting the effect of having the embedded tag. For templating systems, the markups is suppossed to be in the templates. We would need to know more about your template engine to help at this juncture, but it seems that spacing should be handled in the template itself, or in your .css, not by trying to inject blank line markup into the result string.

Just to clarify, you already had a loop -- which was the mysql_fetch_array() loop. When you do a a query you get a result SET. That set could be anything from no rows, to the size of your tables. Each time that line returns true, a row gets fetched, and the variable gets incremented. So the other thing I changes was moving the table definition outside the loop, because initially it was making a table every time a row was fetched, and I inferred that what you really wanted was one table, and to make a new table row for each row fetched from the result set. The simple modulus 2 function of course gives you the functionality to alternate the style name. So to clarify, you have a loop and a variable being incremented every time the loop runs. Your initial mistake was that even though you arleady had the while() loop, which runs until the result set is finished, you were unclear I guess that you already had what you needed, so you stuck in a for() loop, which was not what you wanted, as you already had the loop you needed. HTH.

Well that looks fine then, of course you need to restart apache after a change like that with: service httpd restart Any luck since then? If not, will need to see your code to offer any further help.

No, the problem is that curl is an extension, and apparently on your server it's not currently installed.

Okay thank you, looks complicated, is this the safest method? Yes, it's the best method. It's not really complicated in most cases, although there are necessarily a lot of options. A lot of that depends on what goes on with the foreign site. For example, that site may push you a cookie, and require it to be functional or you'll never get the form you're looking for. Curl has facilities for handling that type of situation. In essence, it's a non-trivial exercise to simulate a browser that supports the POST method. For this reason, Curl needs to have a lot of options, but you very probably won't need to use them.

Paste your current code please.

So what you want to do is a Union. In order to get a union to work the result sets have to be the same on both queries. Depending on what columns you need from both tables you may need to manufacture columns in your select statement. The main trick here, is that you want to ORDER BY the date in question, but it seems that the two tables have different names for that column: one is 'created', and the other is 'date'. So you'll need to alias the columns so that they have the same name in the union. So something like this: SELECT title, created FROM specials UNION SELECT title, date as created FROM events ORDER BY created DESC LIMIT 0, 30

One little tweak to j.Daniels code: $count = 0; echo '</pre> <table>'; while($row = mysql_fetch_array($query)) { $class = $count%2 == 0 ? 'odd' : 'even'; echo ""; echo $row['datetime']; echo ""; echo $row['month']; echo ""; echo $row['year']; echo ""; echo $row['client']; echo ""; echo $row['surveys']; echo ""; echo $row['airtests']; echo ""; echo $row['project']; echo ""; echo $row['bulks']; echo ""; $count++; } echo "</table>

tanveer, Here's something you should probably know about Oracle if you don't already, and that is that you can make an account on the Oracle Technology Network (OTN) which will give you access to oracle software, forums and information. The Oracle instant client for linux basically is a package that makes it much easier than it was previously to get the Oracle client libraries installed. If the admins already installed the oracle client the traditional way, using the oracle universal installer, then you need to have the apache process in the oracle group so that it can see the files it will need to do the client networking. As for your error, I'm not sure what it is. Please paste in the exact code you're using. You can of course block out any passwords and ip's or domain names with *** but I am not sure what your test code is doing. In your example above you were calling ocilogon with no connect string, so of course that won't work. I'm assuming here, that you actually have something different, but you've not pasted the code.

Yeah, as far as I know it continues to be an issue that you need to have the apache process be in the same group as the oracle user. The instant client lets you get around that.

Ok, is the user running apache a member of the oracle group?

When you look at the phpinfo() does it have a section for Oracle? I'm guessing not.