DavidT

Yep, DESCRIBE does work. $invalid_fields = array(); $table = 'myTable'; //Check for duplicate value in unique keys $res = mysql_query('DESCRIBE '.$table); $unique_fields = array(); //Find which fields have to be unique while($row = mysql_fetch_assoc($res)) { //Check if it is a unique field if ($row['Key'] == 'UNI') $unique_fields[] = $row['Field']; } //Check data user posted for the unique fields foreach ($unique_fields as $u) { $conditions[] = " `$u` = '".$FormData[$u]."'"; } //get db entries where some unique field has the same value as the one posted by the user $strSQL = "SELECT * FROM `$table` WHERE ".implode(' OR ',$conditions); $res = mysql_query($strSQL); if ($res) while ($a = mysql_fetch_assoc($res)) { //Loop the fields to see if some has the same value foreach($unique_fields as $u) { if ($FormData[$u] == $a[$u]) { $invalid_fields[$u] = 'duplicate'; } } } else { //query failed } if (empty($invalid_fields)) $valid = true; else $valid = false;

Thank you all! It?s a good point that the error will show only the first field where a duplicate entry occurs. Given that, I suppose the best way is to add a code to my validation function that checks if the posted values are already in the database. So, something like: foreach ($unique_fields as $u) { $conditions[] = " `$u` = ".$PostedValue[$u]; } //get db entries where some unique field has the same value as the one posted by the user $strSQL = "SELECT * FROM `table_name` WHERE ".implode(' OR ',$conditions); And then it will be easy to see which fields has duplicate value. However, is there any straightforward way to find out which unique fields the table has? Can I use "DESCRIBE"?

Hi everyone. I have a form to insert data in a mysql database, with some fields that are supposed to be unique. If there is a duplicate key I show user an error message, however I?d like to avoid show them the mysql error text itself, to not show informations about the database structure. If I use errno, instead, of course I could write a custom message. However, is there a straightforward way which key has a duplicate entry, so that I can point it out to the user? I could find it out in some way (using some queries to check or by splitting the error message), but it looks to me like a very clumsy way to do something so simple. Isn?t it? Thanks in advance.

Well I was indeed saving the whole order array in the cookie (so I had the keys code, value and caption, with this one relatively large), to have easy access to all the data. I’ll save only the code then, and retrieve other data only when necessary. Thank you for your answer!

First of all mysql_query() gives true if query succeeds, so you should not simply check its return value... Or actually you should, but only to see wheter the query succeeded or not, and if it did, then use a loop with mysql_fetch_array() or similar to get the actual result(s). In your case you don’t need to use a loop, since the result is only one anyway (provided that the "username" field is unique). So, for example: $result=mysql_query("SELECT password FROM user WHERE username='$user'"); if(!$result) { //Error, probably something wrong in query syntax } else { //Ok, query succeeded, now check the result if ($a = mysql_fetch_array($result)) { //now $a is an array that contains the retrieved fields } else { //No results found for this username } } This is the first thing that came to mind, probabily there is something else, you should specify what errors you get, if any, or anyway what the script returns.

Hi everybody. I had been using database to store data from a shopping cart, but now I am trying to create a simpler version using cookies, so that the user doesn‘t need to previously log in. The problem is that after adding a few element I found out the limit size in cookies, so I just got an error page saying: Size of a request header field exceeds server limit. Should I conclude that using cookies for a shopping cart is simply a bad idea, or is there some way to solve this problem? If it is a bad idea, how should I project my shopping cart instead? Thank you very much!

Won’t history.go(-1) still return the user to search engine, if that’s the case? Thanks xyph for the advice about sessions. I’m actually using this to store a $previous_page var, is there any other way to do this, then?

You may store the previous page information through a session.

Ok, I get it to work! The latter idea (using a $ref_id to identify the instance and getting all instances of the class through a function) was the correct one, I only had a mistake in the code (so the variable I was using was FALSE, not the instance of the class as I thought).

Thanks for your answer. I could do that (actually in some way it is so already, the debug is part of a class that tracks various informations, and the Site class extends it), but what I wanted to avoid is to need to pass all the time the class as a parameter, such as debug("Text", $this); But I´m not sure if it is possible. Trying to find out something...

Hi everybody, I am having a problem I’m not really sure how to turn around. Here is the thing: I have a class 'Site' that manage the pages itself, and some "minor" classes that performs some specific action. For example: class DBHandler { /*This may be one of the 'minor' class*/ } class Site { function debug($text) { /* Code goes here */ } function initDB() { $db = new DBHandler; return $db; } } The class 'Site' has a method 'debug', which I use to trace what happens and store single events in an array $debug_arr I want to be able to call this debug method from inside the inner class. So, what I actually want to do is to add a method 'debug' to the inner class too, in a way that calls the main class’ method. For example //This method goes in DBHandler class function debug($text) { $main_class->debug($text); } Now, the problem is how to define that $main_class? I have tried to pass it as parameter to an other method I call whithin the initDB: //This is in the DBHandler class function connect($main_class) { $this->main_class = $main_class; } //This is in the Site class function initDB() { $db = new DBHandler; $db->connect($this); return $db; } In this way, I though that I would be able to call inside the DBHandler $this->main_class->debug(); But I get the error: Call to a member function debug() on a non-object I tried an other approach too, by setting a var $ref_id to the Site class, then by using a function get_instances_of_class('Site'), find the calling instances through the ref_id value, and return the object in this way. However, when I try to call the debug() method I get the same error. I’ve been checking in internet and it seems that I cannot write the code in a way that depends on run-time information (error come since PHP cannot know the value of $this->main_class, which will be set as an object only while the script is executed). So, anybody has advices to this? In which other way my I get around this problem? Thanks in advance?

Ok, after a little pause I'm starting finally to making this script. Couple of further questions: is there any way to create a file "on the fly"? I mean, instead of doing this: $handle = fopen("file_to_upload","w"); $write = fwrite($handle,"This is the mail data which will be sent to the other server "); $upload = ftp_put($ftp_connection, "mailer_folder", "file_to_upload" ); to solve somehow so that it does need to create the file, and just doing something like $upload = ftp_put($ftp_connection, "mailer_folder", DATA ); The other question is: is there some reason why you told me to zip the file containing mail data? Maybe security reasons? Wouldn't it work same way if is just a plain file? Thanks in advance

Thanks a lot for both links!

I am now thinking one more thing. I use LIMIT 0,15 to limit the number of messages shown in the first page, however, I want that the script also gives me a number of the total messages. I cannot just use php to count the given elements, since this is limited to 15 because of the query string: is there a smarter way that doing two different queries, adding first "count" and then without it using LIMIT?

Great, thank you very much! Sorry for the very beginner question. I used mysql/php fo a while, but since I mostly need only the same, usual tasks, I've never actually heard of this joining system (I used LEFT JOIN by the way). Thanks again!

Hi there, I'm creating for my website a system that allows logged user to send a "mail", which is actually a mysql database entry. Through a simple form, user can insert subject and message, which will be stored and can be viewed by the website crew. The entry has an additional entry, the user id, from which we can get the user mail, name etc. Now I'm preparing the page where the crew can see the messages, which should create a table with the classic fields, such as: time&date - subject - user's username - user's mail I do a query to retrieve the message informations, and a loop to create the table. The problem is the following: since the user's nickname and mail are stored in a different table of the database, I have two choices: 1) for each message I create a new mysql query which gets the nickname and male associated to the stored id 2) I store all the id's of the showed messages, then I create a single query to get all the data together (something like SELECT * FROM `usr_messages` WHERE `id` = x1 OR `id` = x2 etc...) and then handle it through the script Which one is more performing? Thanks in advance

Thank you!

Hi there! I have two different hosting services: on the first one I can regularly use the function mail(), but the second does not allow me to send mails (it will block the account for mass mailing). I need to use mail to notify things to user who requested it, so I need to be able to send mail from this second server too. I thought that I will create a mailer script on the firs server, so that the second will simply call the script when needed, passing the e-mail addresses, the subject and content trough POST. Now, how to avoid that some malicious user uses my script to send own mails? I thought that I can send with the POST two vars, "time" and "secure_code" (I will eventually fake the names, so that is not so easy to recognize), where "time" is get by time(), and "secure_code" is a function depending on the value of "time". The mailer script gets the both values, and use the same function to verify if the "secure_code" is correct, according to time. Question is, is this safe? What kind of function shall I use? Also, how could I avoid that a malicious user simply same the "time" and "secure_code" in a certain moment, and use it again? Thanks in advance.

Indeed, your function should work just by separating the mkdir from chmod. That's quite understandable as there are no echos...

I guess that's the point... By using that explode system, the first time you're attempting to create "users/". That exists already, so you get error. You can try by setting $n=1 in the first for... but then it tries to create "Ivertel/" and this does exists also if I get it right, isn't it? Actually what's the point in all that explode stuff?

I found out the problem. I needed to create the parent dir with php. Then php is the owner and I can do whatever. I was creating the directory with the FTP client, so it wasn't giving to php the right to do what I needed. Thanks to HuggieBear for his advice.

Thanks for your answer and the links. So, basically, all the problem should be just in the upload script? Then, for example, if I check the uploaded file type I already should avoid any kind of problem, don't I? But, also, I was thinking to this... Let's say that on www.something.blah there is the directory /unsure with permission on 0777 If I write a script on my own website, and put this code: I guess that this should work, don´t it? And, then... what happens when I go on www.smething.blah/unsure/my_script.php ? Will this script work as if the webmaster had created it? If so, this potentially allows me to do whatever I want, right? Than, this means a really serious security problem... and the only protection from this is that the malicious user doesn't know if there is a 0777 directory and where. Can he get somehow this informations? Ahiahi, how this happened? Because of some error in the script or...? Just randomly? Do you know if there is any way to avoid this?

Hi everybody. I have a problem with a script what I can solve by setting a directory permission on 0777. Now, what exactly could happen if I leave it so? The users are supposed to be able to upload files in subdirectories of this main directory "projects". After the upload, the permission of the used subdirectory is set to 0775, so this should avoid that a malicious user can edit the files. Am I right? Then, the matter is that he could upload undesired files in the main dir? How? And, can he exploit this for executing scripts on his own? How? Any tip is welcome, thanks. Kind regards.

Mh, ok, it seems that the whole issue was because of the safe mode... Also, I've read that on windows hostings I cannot set the permissions while creating the directory. Actually my server is not windos based, but anyway by using simply mkdir with no permissions settings, and a chmod after it, the whole thing works. But there is one problem still. The basic script seems to work, IF the parent directory is on 0777. Which, I think, is not exactly a good thing. Even a chmod($root_path, 0777); is useless, as I got: Warning: chmod() [function.chmod]: Operation not permitted in /home/*****/public_html/prova.php on line 7 So, I have to find out some way to do this chmod, or I have to lead the parent directory on 777... Meanwhile, here is the code: So, the directory $new is correctly created, the permissions is correctly set to 0777 to permit the uploads, then it is correctly changed on 0775 to secure the system. The chmod on $root_path doesn't seem to have any effect (in the end it doesn't show the warning, but I've checked out the directory and it is still as before, so it didn't worked).

Ops, my bad, I made a spelling mistake while writing the directory path in the second case (with safe mode off). Here it create the directory, but not with the permission what I want, and, besides, it works only if I create it inside an other directory with permissions on 0777 (and I wouldn't like too much to leave such a directory on the website)...