XenoPhage

Do you have the search columns indexed?

Why not use the mysql date functions? DATE_ADD and DATE_SUB ? [a href=\"http://dev.mysql.com/doc/refman/5.0/en/date-and-time-functions.html\" target=\"_blank\"]http://dev.mysql.com/doc/refman/5.0/en/dat...-functions.html[/a]

Well, I'm not an fopen expert, but I believe you have 2 problems here. First, .zip is a binary format and you're streaming ascii data to the file. You need to use fopen($filename, 'rb') to open a binary file. For the .php file problem, when it "downloads", I'm not sure.. I tried it here and I get the raw code, as expected.. Also, as a side note, I get an error if I call fopen with only one argument. The string mode argument is required.

What did you expect it to download? The raw PHP code?

Toon is right.. The way I handle these situations is to submit the form to a handler script. That script has one single purpose. Manipulate the data and do whatever is needed with the database. Based on the results from that, I use either a header statement, or a javascript redirect to jump to the page I want to actually display. So my data flow is something like this : Page 1 - Enter Data and click Submit Page 2 - Handle the data and forward to page 3 Page 3 - Display the data how I want it If you use header() or a javascript window.location.replace(), then you avoid the back button problem where the user hits back and the data is resubmitted again. There's additional power here too.. You can redirect to an error page if there's something wrong with the input, redirect to a multitude of different pages based on the input, etc.

Are there any other php scripts running on that machine? Perhaps there's a problem with the php binary itself? Try running php by itself from the command line. Does it segfault there too?

Are there any other php scripts running on that machine? Perhaps there's a problem with the php binary itself? Try running php by itself from the command line. Does it segfault there too?

Try this : [code]    if ($_POST['Eigenschaften']) {       $varA = implode(' ', $_POST['Eigenschaften'])    } [/code] You can replace ' ' with whatever delimiter you want. So ',' would give you a comma delimited list.

[!--quoteo(post=350624:date=Mar 1 2006, 09:55 AM:name=glenelkins)--][div class=\'quotetop\']QUOTE(glenelkins @ Mar 1 2006, 09:55 AM) [snapback]350624[/snapback][/div][div class=\'quotemain\'][!--quotec--] you mean like $sql = "DELETE FROM accounts WHERE username="admin""; ??? this causes error $sql = "DELETE FROM accounts WHERE username=\"admin\""; ?? causes error $sql = "DELETE FROM accounts WHERE username='admin'"; ?? causes error [/quote] Well, the first one won't work. But the other 2 should. Please post the error you are getting.

The search term, admin, needs to be in quotes.

[!--quoteo(post=350509:date=Feb 28 2006, 11:51 PM:name=wickning1)--][div class=\'quotetop\']QUOTE(wickning1 @ Feb 28 2006, 11:51 PM) [snapback]350509[/snapback][/div][div class=\'quotemain\'][!--quotec--] Well in my vocabulary the API is just the public methods, while the framework is the whole thing. [/quote] Ok, semantics.. :) Either way, it seems to be just a new buzzword for an old concept.. Kinda like AJAX is the new buzzword for javascript activates DHTML.. :) [!--quoteo(post=350509:date=Feb 28 2006, 11:51 PM:name=wickning1)--][div class=\'quotetop\']QUOTE(wickning1 @ Feb 28 2006, 11:51 PM) [snapback]350509[/snapback][/div][div class=\'quotemain\'][!--quotec--] But yeah, it's 5-only because object orientation changed so much. I've thought about porting a version that will run on 4, but I haven't much looked into it yet. I didn't write a lot of PHP4, I didn't care for the language until 5 went stable. [/quote] I stuck with 4 because it seems to have a much larger install base. It's a little easier on me since I have to deal with servers that have 4 installed already and 5 probably isn't forthcoming for quite a while... [!--quoteo(post=350509:date=Feb 28 2006, 11:51 PM:name=wickning1)--][div class=\'quotetop\']QUOTE(wickning1 @ Feb 28 2006, 11:51 PM) [snapback]350509[/snapback][/div][div class=\'quotemain\'][!--quotec--] I put some documentation online the other day, take a look if you like. [a href=\"http://mythgaming.net/php/docs/database/db.html\" target=\"_blank\"]http://mythgaming.net/php/docs/database/db.html[/a] [/quote] Excellent, thanks. This helps out a bit...

Hrm.. Well, at first glance, it looks like you check to see if $conn is valid, but then you're calling it $dbConn when you do your query.. Are these 2 independent objects? Are you sure that $conn is valid each time? If $conn fails, then $result is never populated with a valid resource. So when you try to get the number of rows, it will fail. Try tossing some debug info in there. Inside the first if loop, do something like this : [code]     if ($conn) {         print "Connection is Valid";         $result = $dbConn->queryDB( "SELECT * FROM ajmerphull_mainnav WHERE display = 1 ORDER BY id ASC" );     } else {         print "Invalid Connection!";     } [/code] Your second if statement could look something like this : [code]         if (isset($result) && (mysql_num_rows($result) >= 1)) { [/code] I would recommend re-working this a bit, though. If you can't get a connection to the database, don't bother continuing. Display an error message instead of displaying partial data...

Here's a link to the code I use : [a href=\"http://www.godshell.com/oss/secure-login.tar.gz\" target=\"_blank\"]http://www.godshell.com/oss/secure-login.tar.gz[/a] Note : This is not for drop-in usage. It was written for a specific app. However, it should be relatively easy to change.

[!--quoteo(post=350489:date=Feb 28 2006, 10:14 PM:name=DeltaIotaKappa)--][div class=\'quotetop\']QUOTE(DeltaIotaKappa @ Feb 28 2006, 10:14 PM) [snapback]350489[/snapback][/div][div class=\'quotemain\'][!--quotec--] Xeno - What is the link to your security code? I couldn't find it on that site. [/quote] You need to download the phpTodo distro.. Unpack the archive and it's in there. I'll see if I can find a place to put just the 2 files you would be interested in ... Here's a link to the code : [a href=\"http://www.godshell.com/oss/secure-login.tar.gz\" target=\"_blank\"]http://www.godshell.com/oss/secure-login.tar.gz[/a]

<shameless plug> If you take a look at the security code I wrote for [a href=\"http://sf.net/projects/phptodo\" target=\"_blank\"]phpTodo[/a], you can see how I handled this. Basically, you use php sessions. If the user has a session, and the parameters match what you have in the database, you let them in. Using the sec_check.php file from phpTodo, you can check authentication on each page using the following code : [code]    // If the user is not authenticated, jump them to the login page    if (! $user_obj = authenticate()) {       login_redirect();       exit;    } [/code] $user_obj is an object that can contain anything you need to know about a user.

Hrm.. framework.. That would be the new buzzword for an old-school API.. :) I'd be interested in checking it out, but I'm currently using PHP 4... This new framework leverages the new OO capabilities in PHP 5?

It sounds like you just want logging.. Based on the $_SESSION object, you can take the username and create a log entry each time a page is accessed by an authenticated user. Something like this : [code] session_start(); // Check to see if the user is logged in if (! $_SESSION['islogged']) {    header('/login.php');    exit; } // Open the log file and write a log entry to it fopen($logfile, 'a'); fwrite($logfile, $_SESSION['username'] . ' accessed page mypage.php'); fclose($logfile); // Continue with the rest of what mypage.php should do [/code] I'm definitely no expert with file access as I don't use it very heavily, so there may be a better way to do the file handling bit. But, the above code should get your foot in the door... Also note, the mere use of session_start() does not mean that you have a secure site. It's fairly easy to steal sessions. I use a SQL database to store additional information such as session ID, ip address, etc. to ensure that the session doesn't migrate somewhere else.

[!--quoteo(post=350367:date=Feb 28 2006, 04:12 PM:name=hitman6003)--][div class=\'quotetop\']QUOTE(hitman6003 @ Feb 28 2006, 04:12 PM) [snapback]350367[/snapback][/div][div class=\'quotemain\'][!--quotec--] Well, your query is probably going to fail, desc is a reserved word in SQL. Other than that, I don't think that you can really reduce that any more than it already is. Not sure what your hoping for. [/quote] Well, the query was bogus, so that's not an issue. :) I was really just wondering if this was the best way to do this or not.. Seems like a lot of code for a simple function.. But then, I guess a larger, more complex program is nothing more than a lot of these simple functions strung together.. :)

[!--quoteo(post=350364:date=Feb 28 2006, 04:10 PM:name=mlnn)--][div class=\'quotetop\']QUOTE(mlnn @ Feb 28 2006, 04:10 PM) [snapback]350364[/snapback][/div][div class=\'quotemain\'][!--quotec--] 2. how to get the name of the file? because i get: [a href=\"http://domain.com/file123.ext\" target=\"_blank\"]http://domain.com/file123.ext[/a] (the extention i also managed to get so i only have: [a href=\"http://domain.com/file123\" target=\"_blank\"]http://domain.com/file123[/a] ). how is it possible to get only the name of the file? (file123)? [/quote] Hrm.. how about some regex wizardry? [code] preg_match('/^http:\/\/(?:.*\/)(.*)$/', $url, $matches); [/code] $matches should have the filename.. Or, if you strip off the htttp://, you can use basename() to get the filename...

Try printing the query to make sure it's what you're expecting.

It sounds like imageshack is merely taking the supplied URL and downloading the file directly. Nothing fancy there.. Although I suspect they would check file size first..

Greetings, I'm trying to determine if there's a better way to return results and place them into an array. Essentially, I'm just trying to write less code, and I'm curious if there's a better way to do this. An example will probably help. Today, I do it like this : [code] $query = 'SELECT id, desc FROM table'; $result = mysql_query($query) or die ( 'Error: Query: ' . mysql_error() ); // Place the results into an array $id = Array(); $desc = Array(); while ($line = mysql_fetch_array($result)) {    array_push($id, $line[0]);    array_push($desc, $line[1]); } // Free the result mysql_free_result($result); // Assign the array to the smarty template $smarty->assign('id', $id); $smarty->assign('desc', $desc); [/code] The purpose here is to assign this to a smarty template where the following would be used : [code] <select name='select_box'>    {html_options values=$id output=$desc} </select> [/code] Any tips on reducing my line count on this? Thanks!

Be careful, however. This strips tags, but does not strip quotes. If you're storing the comment in a database, you could open yourself up to a security problem. I urlencode the strings before storing them in the database, then use the following to display it later (note, I use smarty templates, but this should work for straight php as well) : // "Fix" the free-form text and assign it to the template if (get_magic_quotes_gpc()) { $smarty->assign('impact', stripslashes(urldecode($impact))); } else { $smarty->assign('impact', urldecode($impact)); } XenoPhage

The reason the original code does not work is that the first mysql_fetch_array takes the first result and places it into $row. Think of $results as a stack. Whenever you call mysql_fetch_array, you pop the top result off the stack. So, when you enter the while loop, it pops the next result off and the first one is lost since it was never used anywhere. XenoPhage