nakins

Hi, First, my head is stopped up and I'm not operating at full capacity this morning. I've had an online form that collects data from an HTML form and creates a FDF file. This FDF file is then emailed to me via the PHP script. Once I receive the FDF files, I open each one up in IE and it fetches the Matching unfilled PDF and presents the filled in pdf on screen, where I save it to a directory and then manually e-mail the filled in pdf to the proper person. I wanted to fix this and produce a filled in pdf on the server, and have the server email it directly to the proper person. This website is an education related site that my employeer sponsors.It is on a shared server at Liqiud Web. I found PDF Took Kit, and I was told by a Liquid Web person that I could add "Stuff" to my site as long as it was local to my account. Has anyone set up PDF Tool Kit on a shared server? Is this something that can be done on a shared server? PDFtk has to be compiled, and I'm not sure if I can do that. Any other options? Any suggestions?

I'm trying to validate form input that will be written directly into a csv file. I want to have a simple expression that only allows common name and addressing character, like # and @ and . and , and -. But everything I've tried doesn't seem to work. Does anyone have a expression that they use for general name and address validation?

Ok, thank you both for replying. It did clear up a few things for me.

<?php class Phash { public function __construct(){ const saltLenght = 20; public $_salt; } public function getSalted($_POST['password'], $_salt) { if ($_salt === null) { $_salt = substr(md5(uniqid(rand(), true)), 0, saltLenght); } else { $_salt = substr($_salt, 0, saltLenght); } return $_salt . sha1($_salt . $_POST['password']); } }

Yeah, it's all messed up. I was in a hurry to post it and didn't look it over. I was focused on getting Phash into Login and passing the argument and returning the value, trying to understand that. I'll try again.

I'm trying to get a handle on OOP and classes by creating a user management system. I've started with the login and I have a Login class and a Phash Class. Phash creates a hashed and salted password. And I call it from inside the Login class. (I will have a Register class where I will use the Phash class in it too.) I've removed some of the other stuff not relevant to the password operations. And basically, I'm wondering if I'm doing this right. <?php class Login { include('class.Phash.php'); private $_salted; private $_password; private $_passhash; $salted = new Phash(); public function __construct() { $this->_salted = ""; $this->_password = ($this->_login)? $this->filter($_POST['password']) : ''; $this->_passhash = ($this->_login)? $this->_salted) : $_SESSION[_salted]; } $data = mysql_query("SELECT ID FROM users WHERE username = '{$this->_username}' AND password = '{$this->_passhash}'"); <?php class Phash { define('SALT_LENGTH', 20); function generateHash($_password, $salt = null) { if ($salt === null) { $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH); } else { $salt = substr($salt, 0, SALT_LENGTH); } return $salt . sha1($salt . $plainText); } } ?>

I'm trying to use PDO and get used to doing things this way. I've been away from php/mysql for a few years, so, I'm crusty. I'm not getting any error messages back on this code, but the insert just doesn't happen. My first guess is that I'm doing something wrong with the datetime now() function. But, I may not have the PDO code right. I tried the script the old fashion way with mysql_query() and that worked. So, it has to be something in this code. I believe my server is set up to do PDO as it shows: PDO PDO support enabled PDO drivers mysql, sqlite pdo_mysql PDO Driver for MySQL, client library version 5.0.45 My php version is 5.2.14 and Mysql is 5.0.45. Any help would be appreciated. $DBH = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass); $DBH->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION ); $sql=$DBH->prepare("INSERT INTO assets(asset_name,date_added,short_desc) VALUES (:asset_name,NOW(),:short_desc)"); $sql->bindParam(':asset_name',$asset_name); $sql->bindParam(':short_desc',$short_desc); $name=$_POST["input1"]; $short_desc=$_POST["input2"]; $DBH->exec(); echo $name; echo "\nPDO::errorInfo():\n"; print_r($DBH->errorInfo()); } catch(PDOException $e) { echo "Syntax Error: ".$e->getMessage(); }

Hi, I've been away from writing php/mysql stuff for a few years now and I'm getting back into it. I've been reading about PDO and will probably use that. What I was wondering is if PDO is a cure all for SQL injection? I'm trying to pick up the security subject that I need to get a handle on. I know XSS is another security issue I need to be aware of. Anything else I need to be aware of? Thanks

I trying to deliver by email a filled in pdf from an html data input page. I have this created using the FDF stuff, but this delivers an FDF file. The person requesting this wants a regular PDF with it filled in and flattened. I'm aware of PDFlib, FPDF, PDFTK, and PDF-TOOLS. Each of these either costs lots and lots of money, or is command line. This site is on a shared server, so, I guessing command line stuff is out. Any one have any other suggestions for PDF/PHP options? Thanks