mschrank

I have one page that I would like to run 'outside' of the user session. Is this possible? The active X control I am using for the site seems to crash when it tries to load pages in a session, so I was thinking the quick fix may be to simply have the page that serves the activex control from the DB run outside the session. However, I can't do session_destroy() because I use sessions for the rest of the site. Any ideas? Am I being clear enough in terms of what I want to do? Thanks Matthew

Serving script: get_binary.php <?php session_start(); // if this is not commented out, the thing does not work $what = $_GET['what']; $child_id = $_GET['child_id']; $conn = pg_connect(not putting string in for security reasons); // --------- GET BINARY   $rs = pg_exec($conn, "SELECT ". $what. " FROM child_visual WHERE child_id = '". $child_id. "'");   $row = pg_fetch_row($rs, 0);   pg_exec($conn, "begin");   $loid = pg_loopen($conn, $row[0], "r"); if ($what == "octree") { header("Content-type: application/x-octree"); } else { header("Content-type: img/jpeg"); }   pg_loreadall($loid);   pg_loclose($loid);   pg_exec ($conn, "commit");     pg_close($conn); ?> End-user webpage: object.php (I know there is no php but I just call it that out of habit) <html> <body>           <object classid="CLSID:EF0EA0D6-88E9-11D4-9908-00400543159B" codebase="http://www.octree.com/View.cab#version=2,0,0,4" width="200" height="200">                 <param name="Octree" value="testsec3.php" />                 <param name="_StockProps" value="0" />                 <param name="_Version" value="131108" />                 <param name="_ExtentX" value="6482" />                 <param name="_ExtentY" value="6482" />                 <param name="OptionArgs" value="" />                 <param name="CommandURL" value="" />               </object> </body> </html>

Hmm, why are you putting newlines at the end of your string arguements? (\r\n) Could that be it? I'd get rid of them and see.

My web app I am developing uses a propietary active X control called Octree View. Since we moved the server over to a HTTPS configuration, the  applet throws up a "0x800c0008" error and refuses to load the file. This problem only happens when a session is engaged with session_start or auto session in the php.ini. Otherwise the ActiveX program doesn't crash and everything loads fine from the loader script which pulls it from the database (postgresql using OID's). So... the problem is not in the data, which I hashed in both states (session on/off) and the hash is the same. It has to be the actual ActiveX program not liking being called from a session. However, this does not make sense, how does a client side activeX control know or care about what state the server is in??? I'll give a $50 reward to whoever can help me solve this problem! Either reply here or email me at nospam1(at)schrank[dot]ws (sorry I'm paranoid about spam, I even have a deletable alias going to my real email!)

Hi my client wants to be able to take online payments, but I don't know where to start. It needs to be a program that runs on our own server (ssl verisign certified) that talks to the credit card processing authority, then if the transaction goes through, sets a flag on the user's account which lets him use the system. I have seen many solutions on the net like paypal that seem easy but since they do not run on your own server it seems impossible to say "if it works, flag this value". We want it to update user accounts automatically, because we don't have a full time guy checking the paypal and verifying people by hand. Any help appreciated...

Try $row[0]['username'] etc... the best thing to do if that doesn't work is print_r($row) which will show you the data structure of the array so you can code accordingly. Good luck.

Thanks for your reply. Yes, I have tried "echo $sql;" and I get a statement which works when cut and pasted directly into my postgresql client. So there is no problem with the sql statement of the building of it. It seems to me that the query function of the DB class is not working. Yet I have no idea why and I get no error messages.

$pear_dsn = [i]xxxxx (confidential)[/i] require_once 'DB.php'; $options = array(     'debug'      => 2,     'portability' => DB_PORTABILITY_ALL, ); $db =& DB::connect($pear_dsn, $options); if (PEAR::isError($db)) {     die($db->getMessage()); } $db->setFetchMode(DB_FETCHMODE_ASSOC); $sql = "delete from child_basic where child_id = '". $_GET['child_id']. "'"; # send the query $query = $db->query($sql); if (PEAR::isError($db)) {     die($db->getMessage()); } ... This query has no effect whatsoever, but works when the SQL is echo'd and cut and pasted into the mysql client. Totally confused. -Matt

Basically it's a family web application, where the main identifier is the family_id, which the user never sees or changes. That is contained in the session object. However, within the family there are numerous children and parents/guardians. On the "edit parent details" screen, you have a list of registered parents and the user can click on a parent from a dynamically generated list from the DB and then go to another page that allows him to change the information for that particular parent. so that's why I need the querystring variable, because it's the only way to send data dynamically- session variables and other things like that require you to know what you need to send before hand, not after the generation of a list from a database.

But you can't set a session variable when a user clicks on a link. Can you?

This is difficult. I wish people just kept to nuclear families where we could have simple relationships but it's more complicated now. I've got the following tables (simplified of course): name: family columns: family_id, familyname name: child columns: firstname, lastname, child_id, family_id name: parent columns: firstname, lastname, parent_id, family_id name: relationship columns: parent_id, child_id, relationship Now I know how to get the kids out that are not in relationship at all: select * from child, relationship where relationship.child_id <> child.child_id But that's not what I want to do. I basically want to say, "find all the kids that are related to parent_id X" and then say "now show me all the kids that are not in that list"

Let's say you have a querystring like this: page.php?user=fred Now you don't fred to be able to log on and put in say, page.php?user=joe and load joe's information. So is it possible to have a kind of secure Querystring where the whole querystring is encrypted and fred isn't able to tweak around with the values to hack into other people's information? As you can see, I did some web searching and apparently ASP.net can do this. [a href=\"http://www.dotnetjunkies.com/HowTo/99201486-ACFD-4607-A0CC-99E75836DC72.dcik\" target=\"_blank\"]http://www.dotnetjunkies.com/HowTo/9920148...E75836DC72.dcik[/a] I would be quite suprised if the same doesn't exist for PHP. If not, what is a good way to pass variables to web pages in a secure manner? Thanks!