|
This is the code I'm having a problem with:
$sql = "SELECT SQL_CALC_FOUND_ROWS * FROM " . TBL_MEMBERS . " ORDER BY $order LIMIT $startRow, $numRows";
try {
$st = $conn->prepare( $sql );
$st->bindValue( ":startRow", $startRow, PDO::PARAM_INT );
$st->bindValue( ":numRows", $numRows, PDO::PARAM_INT );
echo "sql string = " . $sql . "<br />";
echo "just before we hit the execute<br />";
$st->execute();
echo "just hit the execute<br />";
$members = array();
foreach ( $st->fetchAll() as $row ) {
echo "pre";print_r($row);echo "/pre";
$members[] = new Member( $row );
echo "pre";print_r($members);echo "/pre";
}
ok had to remove the <> from the pre tags to makes it easier to read...
Ok, if I run the non-commented out version of the SQL it works fine and I get the result I expect, however if I run the commented out version I get the following error:
Query failed 1: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''5'' at line 1
I printed this out at the start of the function to check the values:
startRow = 0 and numRows = 5
I'm sure it's something stupid as I only spend about 5 - 10 hours a month doing PHP, so thank you in advance!
oh yeah:
mysql> select version();
+-------------------------+
| version() |
+-------------------------+
| 5.5.24-0ubuntu0.12.04.1 |
+-------------------------+
1 row in set (0.00 sec)
modified 20-Jul-12 13:55pm.
|
|
|
|
|
I figured it out... I checked the type of the variables and it thought the second was a string so I made some code changes and it's now a INT. Love those descriptive error messages, guess they have learned a few things from M$
|
|
|
|
|
hi there
how can i rebind and reuse a port that i make it busy in perior session?
in typical we close a busy port with socket_close() in php but when i click on X button on my browser for exit, the port left busy and i cant use it for next time.
by the way how can i close a socket when user click on X button for exit?
Thank you for your thoughts on this
|
|
|
|
|
i could not solve my problem
no body can help me?
|
|
|
|
|
I don't think you understand how client/server HTTP applications work. You cannot tell when a browser disappears, because HTTP is stateless and request/response based.
And if you're opening sockets in the server side code you're almost certainly doing something wrong. PHP is not the right tool for a stateful persistent TCP connection.
|
|
|
|
|
thanks for your reply BobJanova
i solve my problem with this code:
<?php
$fp = fsockopen("127.0.0.1", 26002, $errno, $errstr, 30);
fclose($fp);
?>
by this i could close my last open port, maybe is not a good solution
i found it here:http://php.net/manual/en/function.fsockopen.php[^]
PHP is not the right tool for a stateful persistent TCP connection.
so, what is good for do this?
and what are the chatroom that creates on php?
|
|
|
|
|
hi there
im new in php and want to create a chat server/client service for my project
so, do i have to start from socket programming in php for start?
what topics i must know?
should I use a specific framework like cake , zend , ... or it is soon to use theme?
by the way does php/mysql has offline help like msdn for asp or sth like SQL SERVER help?
please help me
thanks so much
modified 12-Jul-12 13:17pm.
|
|
|
|
|
excuse me but why nobody answer me?
i need your helps
plz answer me
tnx
|
|
|
|
|
|
Welcome to php world!
Here you will find many examples of what you are trying to achieve, but you got to look for the best rated one -
chat app[^]
It will be too early for you to use any framework.
Yes, you can download php manual here - php manual download[^]
Hope this helps!
|
|
|
|
|
You almost certainly want to use AJAX for this, and some form of data store for the 'chatrooms'. That way it will work in browsers and be resource-light. Alternatively, if you want a client/server non-HTTP chat, you don't want to be using PHP to write it.
|
|
|
|
|
thanks so much
BobJanova wrote: , if you want a client/server non-HTTP chat, you don't want to be using PHP to write it.
but my project title is "create a server/client chat service in php"
this is why that i want to create it in php
|
|
|
|
|
BobJanova wrote: if you want a client/server non-HTTP chat, you don't want to be using PHP to write it.
I hope you'll find the above added emphasis clears your doubt.
|
|
|
|
|
|
Hello guys;
I am from .NET background where I write data access code to any database platform using the DbFactory and the like.
I need a sample code that can connect to any database that all i need to supply is the database provider name, database name, user name, password, etc.
Thank you for your understanding and support.
|
|
|
|
|
PHP Manual
>> Function Reference
>> >> Database Extensions
>> >> >> Abstraction Layers
Peter
Software rusts. Simon Stephenson, ca 1994. So does this signature. me, 2012
|
|
|
|
|
|
hi ,
if you want to connect to the Mysql database you can use the below code to connect and select your database
<?php
mysql_connect("localhost", "admin", "1admin") or die(mysql_error());
echo "Connected to MySQL<br />";
mysql_select_db("test") or die(mysql_error());
echo "Connected to Database";
?>
|
|
|
|
|
I truly appreciate your response.
|
|
|
|
|
Ah the joys, 9 million pieces of advice, guidance and code and not one agrees with another.
So I spent some time reading around and checking out the source for PEAR Mail and PHP Mailer and this is what I've managed to surmise - bearing in mind I am a beginner in most things and definitely in PHP, regex etc. (and essentially at zero when it comes to RFC822, SMTP etc. etc.)
What I really want to understand (rather than simply solve) is how to best protect a web contact form from being used maliciously.
Based on my limited understanding, one approach might be this - so, is it good, bad, misleading, wrong or (and this would be a surprise) not half bad?
1/ First use filter_var twice, once with FILTER_SANITIZE_EMAIL and then FILTER_VALIDATE_EMAIL on the from address only (since we supply the to address)
2/ Optionally use the PHP Mailer regex as belt and braces, again on the from address only ->
return preg_match('/^(?:[\w\!\#\$\%\&\'\*\+\-\/\=\?\^\`\{\|\}\~]+\.)*[\w\!\#\$\%\&\'\*\+\-\/\=\?\^\`\{\|\}\~]+@(?:(?:(?:[a-zA-Z0-9_](?:[a-zA-Z0-9_\-](?!\.)){0,61}[a-zA-Z0-9_-]?\.)+[a-zA-Z0-9_](?:[a-zA-Z0-9_\-](?!$)){0,61}[a-zA-Z0-9_]?)|(?:\[(?:(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.){3}(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\]))$/', $address);
3/ Optionally test user data such as subject, name etc. (anything that goes in the header) with the regex from phundamentals ->
function safe( $name ) {return( str_ireplace(array( "\r", "\n", "%0a", "%0d", "Content-Type:", "bcc:","to:","cc:" ), "", $name ) );}
4/ Then build the headers array and use string replacement or preg_replace to remove line endings
5/ This could be as simple as the PHP Mailer string replace -> ("\r", "\n") or the more 'complex' PEAR Mail preg_replace ->
=((<CR>|<LF>|0x0A/%0A|0x0D/%0D|\\n|\\r)\S).*=i which appears to define extra descriptions of an EOL - for PHP v5+, could use str_ireplace instead of preg_replace
For reference here are the notes I made that led to my uninformed and speculative ideas above:
function safe( $name ) {return( str_ireplace(array( "\r", "\n", "%0a", "%0d", "Content-Type:", "bcc:","to:","cc:" ), "", $name ) );}
$reply_to = filter_var($reply_to, FILTER_VALIDATE_EMAIL); if(!$reply_to) {...}
function sanitize(&$array) { foreach($array as &$data) $data = str_replace(array("\r", "\n", "%0a", "%0d"), '', stripslashes($data)); } }
if (function_exists('filter_var')) {
if(filter_var($address, FILTER_VALIDATE_EMAIL) === FALSE) {
return false;
} else {
return true;
}
} else {
return preg_match('/^(?:[\w\!\#\$\%\&\'\*\+\-\/\=\?\^\`\{\|\}\~]+\.)*[\w\!\#\$\%\&\'\*\+\-\/\=\?\^\`\{\|\}\~]+@(?:(?:(?:[a-zA-Z0-9_](?:[a-zA-Z0-9_\-](?!\.)){0,61}[a-zA-Z0-9_-]?\.)+[a-zA-Z0-9_](?:[a-zA-Z0-9_\-](?!$)){0,61}[a-zA-Z0-9_]?)|(?:\[(?:(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.){3}(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\]))$/', $address);
}
public function SecureHeader($str) { return trim(str_replace(array("\r", "\n"), '', $str)); }
function _sanitizeHeaders(&$headers)
{
foreach ($headers as $key => $value) {
$headers[$key] = preg_replace('=((<CR>|<LF>|0x0A/%0A|0x0D/%0D|\\n|\\r)\S).*=i', null, $value);
}
}
Mike
|
|
|
|
|
SMTP is a text format with CRLFs (line breaks) used in the header section. So make sure nothing which the user enters for the header section (probably just an email address) contains a line break.
Then, if you're using simple text format, the message is ended by a dot on a line on its own. So make sure the message doesn't contain that, or use a multipart format where you set the boundary (and, obviously, pick something which doesn't occur in the text).
|
|
|
|
|
Thanks for the reply.
That recommendation is in quite a few places but if it's so simple why do PHP Mailer and PEAR Mail (for example) do far more than just that?
I'm assuming the developers aren't dim so there must be a reason for it - that's what I'm trying to understand.
Mike
|
|
|
|
|
In short they are sanity checking for valid input (i.e. trying to determine that an email address is valid), not just protecting you from service abuse (i.e. using features of the protocol to make the system do something unexpected).
|
|
|
|
|
Thanks for sticking with me (and the long delays between replies).
So, given that this is an age old problem, how come they both take different strategies to sanity checking and injection prevention? You'd have thought that for such a well known issue there's almost be an industry 'standard' approach for both issues and which is optimised in every which way, well tested and verified etc. For two of the major OS projects delivering this functionality to be taking different approaches / models seems kinda odd - you know, learn what is best from each other and slowly but surely they coalesce onto the exact same code.
Also interested to know if you add the 'correct' rules to Quickform2 then do you get the same / better / worse sanity / injection checking that PHP Mailer and PEAR Mail provide?
Thanks again,
Mike
|
|
|
|
|
please help!
this is the errors
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/content/12/8488612/html/users/1000.php:2) in /home/content/12/8488612/html/users/1000.php on line 3
Warning: Cannot modify header information - headers already sent by (output started at /home/content/12/8488612/html/users/1000.php:2) in /home/content/12/8488612/html/users/1000.php on line 20
modified 6-Jul-12 13:39pm.
|
|
|
|
|