|
PHP - Using Custom Environment Variables For Db Conn
What I have done in the past is created a conn.php file, used as an include, when I wish to connect to my DB.
As a security measure, rather than have my connection info in a file that could potentially get accessed by unauthorised users, I read that I could use environment variables and store the database connection string values i.e username, password etc for retrieval. Can anyone offer some guidance on going about this? Thanks Similar TutorialsWhat's the best way to cache things on the server? I've found some SetEnv things but this all seems to be a single key/value.
I'd like to cache an array of things that I can access later. Right now it's cached in $_SESSION which is fine, but still there's overhead on every first-time visitor to a site. Is there a way to add something to $_SERVER or elsewhere that ALL visitors to a website will ultimately be able to access?
I guess I want something like web.config in C#, where the first time a page is visited, the "app starts", as it were, and those things are now in cache on the server.
What's the best way to do this?
I've googled a lot but still can't find much of a clue for how to do this (printing all environment variables in PHP that is). I know it has something to do with $_ENV and $_SERVER but... I would be thrilled for some guidance! Best regards, Rasekamon I am by no means a security expert, but I would like to know if storing MySQL database information in an environment variable would be a good or bad idea. What are your thoughts? Not asking you to troubleshoot for me but to pop in any thoughts you might have on how YOU would troubleshoot this problem.. Thanks
This is a wp site.. and generated the following error.. Notice: Undefined index: USER_AGENT in /home/luxuryrealtygrp/public_html/wp-content/plugins/LRG/Masked/Filters.php on line 31
This is what line 31 that is being called out:
Line 31:
function lrg_masked_field($false, $field_name){
if(is_user_logged_in() || stripos($_SERVER['USER_AGENT'], 'google') !== false || stripos($_SERVER['USER_AGENT'], 'yahoo') !== false || stripos($_SERVER['USER_AGENT'], 'bing') !== false){
return false;
}
Just looking for ideas that might help to chase this down..
Edited December 17, 2020 by tommytx Hi guys, i have a ipn paypal setup where users can buy items from my custom made shop, however in original ipn code, the logged in users should have the same email with paypal to call on ipn which user has bought what, so I have decided to pass a custome variable as <input type="hidden" name="custom" value="<?php echo "$username";"> the hard part is in my ipn how im i going to recieve the username variable? what should i put in my ipn. In ipn code I have example code: $item_name = $_POST['item_name']; $item_number = $_POST['item_number']; $payment_status = $_POST['payment_status']; $payment_amount = $_POST['mc_gross']; $payment_currency = $_POST['mc_currency']; $txn_id = $_POST['txn_id']; $receiver_email = $_POST['receiver_email']; $payer_email = $_POST['payer_email']; but now, can u help me to recieve the username so i can match my mysql query which user has bought what? thanks in advance Hi Guys, I'm new to OOP. I've mastered some basic syntax, but am wondering about an issue of design. To clarify in this example, I'm simply looking to pull Team data from a Database (I've not included my db class (PDO wrapper) although I know it is working. Although I have seen this sort of method below in a book (I believe and on the net) and it does work, I cannot help thinking coupling the DB class so tightly with the Team Class isn't a great approach. Can anyone give me feedback as to whether my approach is valid? While I can see the negative issue of tight coupling (i.e. changes to any database method would require multiple changes in Team (as team methods were added), I cannot really see an alternative way of doing this? I guess this is an issue of a design pattern or more advance OOP. Can anyone suggest an alternative way and/or more reading on making the coupling looser while still achieving my objectives? Should, for example, all DB functionality in getName be done during implementation? I initally thought pushing all db related functionality inside a Team method was wise and the best way then to add further methods, i.e. getResults method would be similar to getName but obviously with a different query and processing afterwards inside Team, but now I wonder if all should be in the implementation, or is there another approach? Thanks in advance.
// create team class
class Team {
private $db;
private $team_name;
private $team_id;
private $result;
// in constructor lets pass DB object
public function __construct($db) {
$this->db = $db;
}
//function to get team name
public function getName($team_id) {
$this->team_id = $team_id;
$this->db->query("SELECT team_name, nickname, founded FROM club WHERE team_id=:teamid");
$this->db->bind(':teamid', $this->team_id);
if ($result = $this->db->single());
{
return $result[];
}
}
}// end class
// Implementation
$team_id=1; //passed from user input
// First Create Db Object with correct passed variables
$database = new Database($server,$db_type);
// Invoke DB connect method
$database->connect();
// Now create Team object, pass it database object
$team = new Team($database);
// call Team method
$team_display = $team->getName($team_id);
// close db
$database->closedb();
An insert function is not inserting. I keep getting "Could not store data, please try again." After some probing, it seems that "$result = $conn->query($user_degree_insert_query); " is where the problem is. Variables before it seem to pass testing. I can't figure out why this line is messing thins up though. Any idea? Thank you in advance for your help! The "//$degree_id = mysql_fetch_array($degree_id_query, MYSQL_BOTH) ;" is commented out because it was giving me trouble, i replaced it with the line above that $conn = db_connect(); $arraycount = count($degree_Array); //loop through the categories chosen and add them each into member-category for($i =0; $i < $arraycount; $i++){ $degree_id_query = "SELECT degree_id FROM degree WHERE degree_type ='".$degree_Array[$i]."'"; $result = $conn->query($degree_id_query); //place the id found into the array, which automatically cancatonates it. $degree_id = $result->fetch_array(); //$degree_id = mysql_fetch_array($degree_id_query, MYSQL_BOTH) ; $user_degree_insert_query = "INSERT INTO user-degree ( `user_id` , `degree_id` ) VALUES ( '".$user_id."', '".$degree_id[0]."' )"; $result = $conn->query($user_degree_insert_query); if($result) { header("Location: survey2.php"); }else { echo "<p>Could not store data, please try again.</p>"; exit; Hi,
I hope this belongs to the right sub-forum.
I'm gonna be on the move for quite some time, and I was wondering if there was an [almost] ideal portable PHP development environment, which I can treat just like the non-portable counterpart, which will include using Composer, Laravel, etc.
With a little research I found http://zwamp.sourceforge.net/ and http://www.codelobster.com, but I'm not sure how efficient they are.
Any of you guys use this approach?
Thanks.
I am trying a very simple thing , just to run an exe on local WAMP environment.The code below launches does launch notepad(can see in task manager) but doesn't show up.I want test.txt to be opened in a window. <?php $WshShell = new COM("WScript.Shell"); $oExec = $WshShell->Run("notepad.exe C:\wamp\www\test.txt", 3, true); ?> I have tried exec as well .Same problem.What modifications are needed? I'm sure it's not much, but I'm not understanding something with custom error handlers: I've created a custom error handler, which I initially set when my page loads : set_error_handler(array ( new ErrorHandler(), 'handleError' ));
It seems to catch all internal PHP errors, such as if I: var_dump($non_existing_var); right after the set_error_handler.... Now, I have an object that throws an exception after: set_error_handler(array ( new ErrorHandler(), 'handleError' )); $locale = new \CorbeauPerdu\i18n\Locale(...); // this should throw an exception ... I thought that with an error handler set, I could 'skip' the try/catch for it, but doing so, PHP spits out in its internal log: PHP Fatal error: Uncaught CorbeauPerdu\i18n\LocaleException: ....
My error handler doesn't catch it at all before, thus my page breaks!! If I want it to go through the error handler, I have to init my Locale with a try/catch and use trigger_error() like so:
set_error_handler(array ( new ErrorHandler(), 'handleError' ));
try {
$locale = new \CorbeauPerdu\i18n\Locale(...); // this should throw an exception
}
catch(Exception $e) {
trigger_error($e->getMessage(), E_USER_ERROR);
}
...
Is this normal ? I thought one of the goals of the error_handler was to catch anything that wasn't dealt with? Thanks for your answers! My local IT department is migrating to a "hardened" LAMP/PHP environment. The PHP application at http://library.uww.edu/php/showrp.php is being moved to this new "hardened" environment and the "Title/Subject/Issue:" search option does not work in this environment. The "Title/Subject/Issue:" search option does however work within the "non-hardened" environment at http://library.uww.edu/php/showrp.php. Attached is the source code for the showrp.php. What is likely causing the failure of the "Title/Subject/Issue:" search option. does anyone know how to decode this XML variable value into string values? I also need to know the oposite way: creating variable values into xml. I've tried several code examples but they did filter the requested data. Code: [Select] $xml='<?xml version="1.0" encoding="utf-8"?> <elements> <text identifier="ed9cdd4c-ae8b-4ecb-bca7-e12a5153bc02"> <value/> </text> <textarea identifier="a77f06fc-1561-453c-a429-8dd05cdc29f5"> <value><![CDATA[<p style="text-align: justify;">Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.</p>]]></value> </textarea> <textarea identifier="1a85a7a6-2aba-4480-925b-6b97d311ee6c"> <value><![CDATA[<p style="text-align: justify;">Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.</p>]]></value> </textarea> <image identifier="ffcc1c50-8dbd-4115-b463-b43bdcd44a57"> <file><![CDATA[images/stories/red/cars/autobedrijf.png]]></file> <title/> <link/> <target/> <rel/> <lightbox_image/> <width><![CDATA[250]]></width> <height><![CDATA[187]]></height> </image> <text identifier="4339a108-f907-4661-9aab-d6f3f00e736e"> <value><![CDATA[Kramer 5]]></value> </text> <text identifier="ea0666d7-51e3-4e52-8617-25e3ad61f8b8"> <value><![CDATA[6000 RS]]></value> </text> <text identifier="90a18889-884b-4d53-a302-4e6e4595efa0"> <value><![CDATA[Eindhoven]]></value> </text> <text identifier="410d72e0-29b3-4a92-b7d7-f01e828b1586"> <value><![CDATA[APK Pick up and return]]></value> </text> <text identifier="45b86f23-e656-4a81-bb8f-84e5ea76f71f"> <value><![CDATA[15% korting op grote beurt]]></value> </text> <text identifier="3dbbe1c6-15d6-4375-9f2f-f0e7287e29f3"> <value><![CDATA[Gratis opslag zomerbanden]]></value> </text> <text identifier="2e878db0-605d-4d58-9806-8e75bced67a4"> <value><![CDATA[Gratis abonnement of grote beurt]]></value> </text> <text identifier="94e3e08f-e008-487b-9cbd-25d108a9705e"> <value/> </text> <text identifier="73e74b73-f509-4de7-91cf-e919d14bdb0b"> <value/> </text> <text identifier="b870164b-fe78-45b0-b840-8ebceb9b9cb6"> <value><![CDATA[040 123 45 67]]></value> </text> <text identifier="8a91aab2-7862-4a04-bd28-07f1ff4acce5"> <value/> </text> <email identifier="3f15b5e4-0dea-4114-a870-1106b85248de"> <value/> <text/> <subject/> <body/> </email> <link identifier="0b3d983e-b2fa-4728-afa0-a0b640fa34dc"> <value/> <text/> <target/> <custom_title/> <rel/> </link> <relateditems identifier="7056f1d2-5253-40b6-8efd-d289b10a8c69"/> <rating identifier="cf6dd846-5774-47aa-8ca7-c1623c06e130"> <votes><![CDATA[1]]></votes> <value><![CDATA[1.0000]]></value> </rating> <googlemaps identifier="160bd40a-3e0e-48de-b6cd-56cdcc9db892"> <location><![CDATA[50.895711,5.955427]]></location> </googlemaps> </elements>'; Hi. I have some code which needs to return a single variable from the function and stored as a variable within this page, so it can be echoed later on in the page. I couldn't get it to return as a variable, so i used "return compact();" to return the variable and "extract (myFunction());" to extract it to variables. However, when I turned on php's display errors and error reporting function, I got an error message saying "Warning: extract() [function.extract]: First argument should be an array in /my/web/site/index.php on line 6" (which is where my extract function is). This works fine with passing more than one variables through, is there another way pass one variable from a function to be stored as a variable on the page which called the function? Here is the function: Code: [Select] <?php //This is a list of numeric error codes against their text. this will return the error code as the variable $issue function checkLoginIssue() { //If there is an error code if (isset($_GET["issue"])) { //cycle through the list until the code is reached, return the text and break the switch switch ($_GET["issue"]) { case "1": $issue = '<p class="warning">Please log in to view this page</p>'; break; case "2": $issue = '<p class="warning">Wrong Username or Password</p>'; break; case "3": $issue = '<p class="warning">No user found with those details</p>'; break; } //return the variable in an array with a single value return compact('issue'); } } ?> And here is the code which calls the function: Code: [Select] <?php extract(checkLoginIssue()); ?> I am in the process of learning MySQL and PHP. I have a real-world application that I would like to develop for someone using MySQL and PHP, provided I can end up with the necessary user interface for the application. The user will be launching a web browser to start the application. The application will be developed for two purposes: to record employee information (name, contact info, category of worker such as: cook, dishwasher, server, host) to record the hours worked by each worker for each day and then generate a report that can be sent to the accountant by email or fax Since the interaction will take place in a web browser, what are the possibilities as far as having customization for the text fields (controllable size of text field, larger than the form element), having start and end times with the colon symbol inserted automatically, to name a few. When a text field is inserted via HTML, the rectangle is rather small. Can the default sizes of form elements be enlarged? Hi Everyone. I'm trying to generate a non standard PK in the form of 000111-YU, where 0001 refers to the record number, the 11 refers to the year and the -YU is a set of random letters / numbers. The 0001 can increment throughout the year, but once 2012 occurs, the counter needs to be reset back to 0001. I need this number to be generated and inserted into the table, but I also need to have form fields inserted into the db. for eg. FirstName and LastName are names of textboxes in a form. this is what i have so far, but i keep receiving 'error, insert query failed.' <?php $db="db"; $link = mysql_connect('localhost', 'root', 'pw'); if (! $link) die(mysql_error()); mysql_select_db($db , $link) or die("Couldn't open $db: ".mysql_error()); $query = "INSERT INTO records (IDNumber, FirstName, LastName) SELECT * FROM ( SELECT # id CONCAT( # Sequential number, incremented, zero-padded LPAD((SUBSTR(COALESCE(MAX(IDNumber), '0'), 1, 4) + 1), 4, '0'), # Two-digit year DATE_FORMAT(CURRENT_DATE, '%y'), # Literal hyphen '-', # Two random letters (AA-ZZ) CHAR( FLOOR(65 + RAND() * 26), FLOOR(65 + RAND() * 26) ) ) FROM records WHERE IDNumber LIKE CONCAT('____', DATE_FORMAT(CURRENT_DATE, '%y'), '-__') ) "; mysql_query($query) or die('Error, insert query failed'); ?> When a user clicks on a topic they are transfered to its post, which is retrieved by the name of the topic as given by the url value. up to now i have just used urlencode. But its trickier when a user adds slashes and dots into the mix. for example the title of the post is testing/testing. The url will go to www.asimpleforum.co.uk/t/testing/testing. How would i get around this since url encode doesnt do the job? I could replace slashes and dots with their own unique symbol but that produces the problem when someone uses one of those symbols that i use to replace in their topic title. I know one site in particular that replaces all dots and slashes with a hyphen (-), but how would you know what to turn the hyphen into when you query the database for that topic? Anyone have any ideas? Hello. I am currently working on a new site (http://sa.cx) that is basically a free domain like this: (example.sa.cx). My main goal is to allow users to set the the full MX, CNAME, A and SOA records. Any ideas on how I could go about this using php? My initial thought would be via cURL. Hi. I was just wondering if it is possible to write custom mysql errors. I have hunted around for some but cant find any. Currently I write my errors like... or die (mysql_error()); How ever I see this as a problem! As Im not the best coder there are bound to be errors in my code. I dont want somebody who knows what they are doing to cause an error and then doing it (mysql_error()) will point them in the right direction to what I have missed. I would rather have my own error saying what line the issue is with. I have tried..... or die (mysql_error(My personal error here)) However this does not work. Please help. Thank you hi i am new in here and php coding. i got the following code frm my friend for making a name, address, passout of student searching database. <?php // TAKE THE INFORMATION FROM FORM. $search = $_GET['search']; // IF THERE IS NOT A KEYWORD GIVE A MISTAKE. if (!$search) echo "You didn't enter a keyword."."$text Back to Search Again <a href=searchform.php>Search</a>"; else { echo "<td>You searched for: <strong>$search </strong></td>"; mysql_connect('sql servername','sql server username','password'); mysql_select_db('database name'); $id=@$_GET['id']; //QUERY IS THE CODE WHICH WILL MAKE THE SEARCH IN YOUR DATABASE. //I WROTE AN EXPLANATION ABOUT IT AFTER THE CODE. $query="SELECT * FROM searchform WHERE MATCH(Name, Address, Pass) AGAINST('%$search%' IN BOOLEAN MODE)"; $result1 = MySQL_query($query); if(!$result1) { echo MySQL_error()."<br>$query<br>"; } if(MySQL_num_rows($result1) > 0) { echo "<table width='480' align='center' border='1' cellspacing='0' cellpadding='0'>"; while($result2 = MySQL_fetch_array($result1)) { //A short description from category. $description = $result2['category']; $searchPosition = strpos($description, $search); $shortDescription = substr($description, $searchPosition, 150); // I added a link to results which will send the user to your display page. echo "<tr><td>Name</td><td>Address</td><td>Pass</td></tr>"; echo "<tr><td>{$result2['Name']}</td><td>{$result2['Address']}</td><td>{$result2['Pass']}</td></tr>"; } echo "</table>"; }else { echo "No Results were found.<br>"."$text Back to Search Again <a href=searchform.php>Search</a>"; }echo "<br>"; } ?> every thing is working fine as i wanted. my database structure is below |NAME||ADDRESS||YEAR| |ABC|abc|1980| |XYZ||xyz||1980| but there is a small problem of showing the output result. when i search with 1980 it show 4 column 1st column is showing NAME, ADDRESS, YEAR 2nd column is showing |ABC|abc|1980| again 3rd column is showing NAME, ADDRESS, YEAR 4th column is showing |XYZ||xyz||1980| how i solve to not showing every column the NAME, ADDRESS, YEAR (3rd column) |
|||||||