hobeau

Unfortunately I have been misunderstood. I do not mean that programming in an OOP language equals programming in an OOP way. I mean that to program at all with a language like C# or Java, you absolutely WILL use objects even if you do not write a class. For instance, if you want to connect to a database you will be using the System.Data namespace. Then you will be using the data classes to access the database and you must use the properties and methods of this class. In php, you have an option to do functions or object oriented. For instance, http://us.php.net/manual/en/mysqli.query.php you will see that there are 2 methods to connect to the database using the mysqli extensions. The first is a procedural method, the second is an object oriented method. C# and Java does not have this. This is what I meant. Sorry for the confusion.

Something to note. There are alot of other languages where understanding OOP is really not the issue. C#, Java, Python, you are an Object Oriented Programmer weather you know it or not. Its the best way of promoting reusable code. PHP started out as a Procedural Oriented language. There is alot of debate between the two. Object Oriented programmers would say that working with OOP is better because it is easier to create and maintain large enterprise systems that many developers work on together. It's all about the code readability and ease of use and reuse. Nothing redundant. On the other side of the spectrum, we have our procedural programmers who are all about performance. OOP causes alot of 'unnecessary overhead' that reduces performance. Procedural programming opts more for performance and focuses on creating user-defined functions or better yet language extensions (in this case c++ for PHP) that do not use OOP. There are compelling reasons to do both. You can definitely tell that PHP tends towards Procedural programming as there are over 3,000 built in functions. It is moving more towards OOP, and I personally believe this is a good thing, but there are a lot of compelling reasons to not overdo the OOP. PHP is very powerful in that you have more of a choice in what kind of developer you wish to be. However with that vast flexibility there is a price to pay. No one PHP developers code looks exactly the same as another. This is why there are so many frameworks out there such as Zend and Symphony. The idea is not only to create a rapid application development framework (RAD) but also to create boundaries. Boundaries are important when working in a multideveloper environment as no one would be on the same page about anything. What I like about PHP is the ability, power and flexability to define my own API and framework. You can do this in very unique ways as there are much fewer boundaries in PHP. Just a few random thoughts.

hi ds111, Instead of using a script, why not make it easy on yourself and use something like sqlyog (http://www.webyog.com/en/screenshots_sqlyog.php[/url)? That would make it much easier to either export a sql dump (data structure AND data) or into a csv or even transferring a table to another database instance.

I agree. Switch statements are faster than if/else statements.

Hey Boo-ums, Since no one has sent you any examples yet, here are a few that I've written: http://www.solutionbot.com/2008/12/27/secure-session-management/ http://www.solutionbot.com/2008/12/27/secure-file-upload/ http://www.solutionbot.com/2008/10/27/pdo-where-php-is-headed-php-data-objects/ The last one is an example of using PDO instead of mysql, or mysqli. This is the direction PHP is headed in the future. Mysql and Mysqli extensions are being phased into PDO (http://us2.php.net/manual/en/book.pdo.php).

Hey guys, I thought I'd participate. I'm Beau Brownlee, 26, married, and I live in the Washington DC area. I have been a javascript/XHTML/PHP/MySQL guy for awhile but also have done alot of development with other languages such as VB6 (back in the day), C#/Microsoft SQL, Python and some C++ (classic ASP if I have to admit it). My passion is building out load balanced distributed web applications instead of just single server solutions. I like working on large web apps and discovering new ways of distributing work between multiple languages (rock on json RPC!!!!).

Just using session_start() and your $_SESSION variable is not enough. There is a huge security hole called Session Fixation (http://en.wikipedia.org/wiki/Session_fixation) that hackers use to take advantage of web applications on literally a daily basis. To help to avoid that you must regenerate your session ID on each page, validate the ip address, the web domain referrer, and the client info such as the operating system and browser information. Here is a class that can help http://www.solutionbot.com/2008/12/27/secure-session-management/. When you verify your user login (aka, check the existence of the username and password in the database) simply do: <?php session::start_secure_session(); ?> This gets all of the initial information from your browser and passes into a session variable to get the users' 'fingerprint'. Next, on each page after, run: <?php if (!session::check()) { session::destroy(); header('Location: login.php'); die(); } ?> This validates the current client fingerprint against the initial fingerprint to make sure nothing has changed. If something has changed, we know that it is highly possible that there is a hacker trying to take advantage of session fixation and we must log the user account out immediately. Also, take note of the fact that the session::destroy() function actually destroys the session. A nuance with PHP is that to completely destroy a session you must set the session to a blank array, unset the session, and then run the session_destroy() function. session_destroy() alone will not destroy a session. There are also other functions such as add_param() and get_param() that have alot of built in functionality so that you don't have to worry about it. Session security is severely overlooked when building web applications and this is very unfortunate as hackers are having a ball getting into other peoples 'secure' accounts very easily. This is very bad for all php developers as php gets a bad reputation because of the lack of awareness.

good call chronister, I'm actually curious about that too. l_kris06 to login you usually check the existence of a pair of username/passwords and then start a secure session. Here's a secure login class i wrote http://www.solutionbot.com/2008/12/27/secure-session-management/ that may come in handy.

I would have the page post back to itself. In other words you would have your php script at the top of the page: <?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { //Do your login code here $username = "user"; $password = "password"; if ($username != $password) { $message = "Wrong username/password"; } else { header('Location: main.php'); } } ?> <html> <head> <title>login page</title> </head> <body> <form method='POST' action="<?= $_SERVER['PHP_SELF'] ?>"> <input type="text" name="username" /> <input type="password" name="password" /> <input type="submit" value="login" /> </form> </body> </html>

Hey ingeva, Try http://www.swiftmailer.org/ and save yourself alot of hassle. Really great library especially for sending email attachments.

oci_num_rows()

hunna03, I've had to fix many a site (not built by me) that were just querying and didn't escape their sql statements. It doesn't matter what you are trying to do, if it gets injected into your sql statement it can easily be turned into an insert, update, or delete statement (I'm assuming that $state is coming from the client).

Hey virtuexru, Here's a couple links that might help. Here is a function that will force a download of any file http://www.solutionbot.com/2009/01/06/php-force-download-file/ and here is a secure file uploader http://www.solutionbot.com/2008/12/27/secure-file-upload/. Check out some of what I wrote. It is very important to securely upload files as this is a wide open door for hackers if your not careful.

Ok, I'm going to make a couple assumptions: 1. Your using php to connect to a tcp listener. 2. I'm assuming we're talking about TCP and not UDP. Here is some code that might help. I tested it with a php tcp listener I wrote and it worked. I've not tested it in your environment though: <?php //The ip address of the host $address = gethostbyaddr('127.0.0.1); //Create a TCP socket in memory $socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP); if ($socket === false) { echo "socket_create() failed: reason: " . socket_strerror(socket_last_error()); } //Attempt to connect to the server //Here is the meat of it. Put your connection in a loop and try to connect a designated amount of times for ($i=0;, $i<100, $i++) { //Connect to whatever port you wish $result = socket_connect($socket, $address, 1015); if ($result !== false) { break; } } if ($result === false) { echo "socket_connect() failed: reason:" . socket_strerror(socket_last_error($socket)); } // ... your code after this ?> As you can see I just put the socket_connect() function in a loop and attempted to connect multiple times. If it connects then exit out of the loop and continue. I used a for loop instead of a while loop since this could run on forever if there really is something wrong with the listener.

Is the tcp listener (the socket handler) a forked php process (daemon) or is this written in another language and you are connecting to the tcp listener with php?

One more thing, you really should use mysql_real_escape_string($state). That is very important to prevent sql injection.

<?php $sql = "SELECT DISTINCT city FROM thelist WHERE state = '$state' ORDER BY city"; ?>

The fastest most efficient way to do this is to do this as a class constant: <?php class db { Const db_host = "localhost"; Const db_username = "username"; Const db_password = "password"; } ?> PHP handles class constants much better than global constants. To use this simply include the file and say: <?php mysql_connect(db::db_host, db::db_username, db::db_password) or die(mysql_error()); ?>

First, at the top you will need to defined $filename as I don't know what the filename is that your uploading so you will have to $filename = "whatever your file name is". Next it looks like you didn't terminate your string at $columns[F7] . "); it should be $columns[F7] . ")"; Another thing I noticed is that you are using F1, F2, F3, F4 etc... I'm not sure I understand why the 'F' as I believe it should just be an integer to define what element of the array to use. Also, you have one column defined ('Import_LapFree') and 7 values defined. You will need to define either 1 value, or 7 columns as this is a SQL error.

Helo big-dog-1965, First you will want to do a secure file upload,, not just a file upload. The consequences of having a public facing file upload that has no built in security can be devistating as any hacker that finds this WILL attack you. You can find a secure file uploader here http://www.solutionbot.com/2008/12/27/secure-file-upload/. The next thing you will need to do is to read the contents of the file into a variable and parse that variable into an array. Then iterate through the array and insert the values into the database. Here's what I would say about the data. Its very very difficult to parse the data you currently have. You need to convert it somehow to at least a minimum of: 1 2 34 20:25.37 Frank Sell jr 2 4 31 20:27.12 Andy Groening 3 8 30 20:33.49 Steve Nyquist 4 5 29 20:26.61 Jeff Werner 5 0 28 20:20.05 Bill Petersen 6 7 27 20:21.03 J.Johnson 7 9 26 18:55.02 Jon Tucker 8 1 25 20:07.78 Dan Roth 9 6 17 10:49.04 Chris(cool)Puller 10 3 7 5:27.73 Chris Pearce 1 9 28 20:25.50 Jon Tucker 2 4 28 20:33.43 Dan Roth 3 2 24 20:30.11 Jesse Hancock 1 2 34 20:38.41 Jason Howell 2 4 34 20:43.17 Frank Sell jr 3 7 32 20:20.89 Ken Perterson 4 6 32 20:32.91 Boyd Lemons 5 1 31 20:25.23 Dan Kennedy 6 5 30 20:18.04 Chris(cool)Puller 7 3 29 19:37.55 Phil Barger 8 8 29 20:29.00 Daryl Roqueplot 9 0 24 18:30.49 Chris Pearce 1 2 31 20:05.89 Chris(cool)Puller 2 5 30 20:20.45 Keith West 3 0 29 20:07.84 Sean Ormerod 4 4 10 6:39.60 Marc Simon 5 3 10 6:49.28 Steve Nyquist 6 1 3 1:40.57 Wallie Ormerod You will need to do this in the text file before you upload it to the database. Then when you upload it to the database you can use the following code: <?php //Read the contents of a file into a variable $handle = fopen($filename, "r"); $a = fread($handle, filesize($filename)); fclose($handle); // remove all double spaces while(strpos($a, " ") !== false) { $a = str_replace(" ", " ", $a); } // fill an array with each row $rows = explode("\r\n", $a); foreach ($rows as $row) { // fill an array with the individual column $columns = explode(" ", trim($row), 5); // insert the columns into the database $conn = mysql_connect('host', 'username', 'password') or die(mysql_error()); $sql = "INSERT INTO ...statement goes here ... VALUES(" . $columns[0] . ", " . $columns[1] . "...and so on...)"; mysql_query($sql, $conn) or die(mysql_error()); mysql_close($conn); } ?> This should read the contents of the file, break the contents up into an array, and insert each row into the database. Hope this helps!

Hi Goose87, Posts in a forum are saved in rows that have a column of a date time stamp. When you log into a forum the time you last logged in is saved in your user table and that date/time is saved to your session. When you go to the list of posts in a forum, the date time stamp in your session (which was the last time you logged in) is compared with the post date time stamp. That should do it.

Better (and more efficient) is to do: <html> <head> <title>My Title</title> </head> <body> <?php if ($foo) { ?> <!-- html goeth here --> <?= $var_to_be_echoed ?> <?php } else { ?> <!-- html goeth here --> <?= $var_to_be_echoed ?> <?php } ?> </body> </html>

typically you would have the users in one table related to their courses in another table. You would have them log into the application and then they would be transferred to their course page where it would query the courses table and based on the courses the student is taking you would loop through the list and show the links: <?php while ($data = mysql_fetch_array($result)) { ?> <a href="courseInfo.php?course=<?= $data[0] ?>&student=<?= $username?>">link goes here</a> <?php } ?> The $data[0] is assuming that you will change this number to whatever the column id is that you need. Hope this helps!!!

hello mattbarber, A couple comments. 9three is correct. You would store the level of access as a number in the database and then store that number in a secure session when the user has typed in their username/password and you have verified that they do exist in the database. You will want to make sure that you encrypt your passwords using md5() or some other type of one way encryption. Then, when they type in their user/pass you will encrypt the password they enter the same way and compare that with the table that has encrypted passwords. In this way, even if a hacker can get a list of the usernames and passwords it does not mean that they will be able to access the other users accounts. Also, you will want to make sure your session handling is secure. Check out http://www.solutionbot.com/2008/12/27/secure-session-management/ to find out more. This class will ensure that your users are not the victims of session fixation and that the data that you store in your sessions is secure and doesn't get hacked.

Hi phani_kosaraju, If you check out these two urls http://www.solutionbot.com/2008/12/27/secure-file-upload/ and http://www.solutionbot.com/2009/01/02/php-ftp-class/ this should at least get you started. The first url is a secure file uploading class that allows you to upload files safely to your server. Security is a HUGE issue here as you will read in the article since any hacker could upload a malicious .php file that would allow them to get a list of all of the files and read all the files in your directory and then read all the source code. This is just one possibility, but believe me there are many many more negative outcomes from this if you do not secure your code. The second one is an FTP class which is a wrapper class for ftp functions in PHP. What I'm thinking you could do is the following: <?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { $uploader = new file_upload(".", 'files'); $whitelist = array('jpg' => 'image/jpeg', 'gif' => 'image/gif'); if ($uploader->upload($whitelist)) { $server = new ftp('domain.com', 'username', 'password'); if ($server->connect()) { $server->chdir('my_upload_folder'); if ($server->put('**file to upload**', '**upload location**')) { echo 'File uploaded'; } else { echo 'File could not be uploaded'; } } else { echo 'could not connect'; } } } ?> This would upload the file to your first server and send the file through ftp to the second server. Hope this helps!!!