NYCPHP Meetup

NYPHP.org

[nycphp-talk] Operation must use an updateable query.

Anthony Papillion II papillion at gmail.com
Fri Aug 26 14:52:46 EDT 2005


Even though this is a PHP discussion list this problem has a quick 
enough answer for me to offer an answer here.

The most probable cause is that the IUSER account doesn't have modify or 
update permissions on the folder the database is in. Make sure IUSER has 
the right permissions on the folder and try again. This will probably 
solve your problem.

Anthony

rinaldy roy wrote:

>  I've just started my first  HTML and MS Acces as below, but come up 
> with error:
>  
> # Error Type:
> Microsoft OLE DB Provider for ODBC Drivers (0x80004005)
> [Microsoft][ODBC Microsoft Access Driver] Operation must use an 
> updateable query.
> */pelanggan_tulis_2.asp, line 20*
> # Browser Type:
> Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
> # Page:
> POST 24 bytes to /pelanggan_tulis_2.asp
> # POST Data:
> Ipelanggan=aa&Ialamat=bb
>  
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <html>
> <head>
>  <title>CekCon</title>
> </head>
> <body>
> <%
> ipelanggan=Request("Ipelanggan")
> ialamat=Request("Ialamat")
> ' Set koneksi ke database
> Set conn=Server.Createobject( "ADODB.Connection" )
>       conn.Mode = 3 ' adModeReadWrite
>    conn.Open "DSN=pelanggan;uid=Admin;pwd=;"
>    Set rs = Server.CreateObject("ADODB.Recordset")
>    sql="INSERT INTO master_pelanggan(nama_pelanggan, alamat)"
>    sql=sql & "VALUES('"& ipelanggan &"', '"& ialamat &"')"
>    set RS=Conn.Execute(SQL)
> Response.write "data masuk"
> %>
> </body>
> </html>
>
>  
> ---------------
> How to fix it?
>  
> RRY
> */talk-request at lists.nyphp.org/* wrote:
>
>     Send talk mailing list submissions to
>     talk at lists.nyphp.org
>
>     To subscribe or unsubscribe via the World Wide Web, visit
>     http://lists.nyphp.org/mailman/listinfo/talk
>     or, via email, send a message with subject or body 'help' to
>     talk-request at lists.nyphp.org
>
>     You can reach the person managing the list at
>     talk-owner at lists.nyphp.org
>
>     When replying, please edit your Subject line so it is more specific
>     than "Re: Contents of talk digest..."
>
>
>     Today's Topics:
>
>     1. MD5 + Flash (-sry Boston)
>     2. Re: MD5 + Flash (Hans Zaunere)
>     3. OWASP 9/29 Save The Date (Thomas Brennan)
>     4. Re: Session basics (Billy Pilgrim)
>     5. Re: MD5 + Flash (csnyder)
>
>
>     ----------------------------------------------------------------------
>
>     Message: 1
>     Date: Sun, 21 Aug 2005 13:23:30 -0500
>     From: "-sry Boston"
>     Subject : [nycphp-talk] MD5 + Flash
>     To: talk at lists.nyphp.org
>     Message-ID:
>     Content-Type: text/plain; format=flowed
>
>     Hiya,
>
>     If you're over on WWWAC you've already seen this but I'm asking here
>     from another slant. I have no idea what I can or can't do withOUT
>     having to create/manage a mySQL db...my server will let me do this
>     easily enough but it's been over a year since I've thought of PHP or
>     mySQL and I don't want to get so distracted by the programming
>     mindset that I forget what I was doing in the first place (trying to
>     do some marketing).
>
>     Below is the process I'm trying to implement - step 5 is where I'm
>     fuzzy...I know I could definitely have the URL come back to a
>     PHP page that looks up the string in a db (and a very simple one,
>     I'm sure, since it's just a list) but I'd rather just have the URL
>     come
>     back to the Flash file and do the checking from within the .swf,
>     with ActionScript - is that easier or harder? Since you guys all love
>     PHP and probably only half of you even like AS, I know it's a biased
>     answer I'll get :-) but try to be objective and not play favorites
>     on the languages here.
>
>     What I want to do:
>
>     (1) user gives me email address
>
>     (2) with a PHP script (free from http://www.allhype.co.uk/tools/md5/
>     and a very nice script actually!!) I MD5 their email address
>
>     (3) I send user a message (to validate the address works) that has
>     their MD5'd address as a link for them to come back and get what
>     they want
>
>     (4) user clicks unique query string in the email I've sent them
>
>     (4) I validate the string .....how/from where is the ??? :)
>
>     (5) if valid, give them the Flash file; if not, give them an error
>     message
>
>     Any help much appreciated!
>
>     -sry
>     Sarah R. Yoffa
>     http://books.sarahryoffa.com/
>     books at sarahryoffa.com
>     *********************
>     Look for the exciting release of the newly-edited
>     THE PHOENIX SHALL RISE AGAIN
>     Coming to online booksellers - New Year's 2006.
>     *********************
>
>     _________________________________________________________________
>     Express yourself instantly with MSN Messenger! Download today -
>     it's FREE!
>     http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
>
>
>     ------------------------------
>
>     Message: 2
>     Date: Sun, 21 Aug 2005 17:45:41 -0400
>     From: "Hans Zaunere"
>     Subject: Re: [nycphp-talk] MD5 + Flash
>     To: "'NYPHP Talk'"
>     Message-ID: <0MKp2t-1E6xdN3S4E-0001Lu at mrelay.perfora.net>
>     Content-Type: text/plain; charset="us-ascii"
>
>
>
>     talk-bounces at lists.nyphp.org wrote on Sunday, August 21, 2005 2:24 PM:
>     > Hiya,
>     >
>     > If you're over on WWWAC you've already seen this but I'm asking here
>     > from another slant. I have no idea what I can or can't do withOUT
>     > having to create/manage a mySQL db...my server will let me do this
>     > easily enough but it's been over a year since I've thought of PHP or
>     > mySQL and I don't want to get so distracted by the programming
>     > mindset that I forget what I was doing in the first place (trying to
>     > do some marketing).
>     >
>     > Below is the process I'm trying to implement - step 5 is where I'm
>     > fuzzy...I know I could definitely have the URL come back to a
>     > PHP page that looks up the string in a db (and a very simple one,
>     > I'm sure, since it's just a list) but I'd rather just have
>     > the URL come
>     > back to the Flash file and do the checking from within the .swf,
>     > with ActionScript - is that easier or harder? Since you guys all
>     love
>     > PHP and probably only half of you even like AS, I know it's a biased
>     > answer I'll get :-) but try to be objective and not play
>     favorites on
>     > the languages here.
>     >
>     > What I want to do:
>     >
>     > (1) user gives me email address
>     >
>     > (2) with a PHP script (free from http://www.allhype.co.uk/tools/md5/
>     > and a very nice script actually!!) I MD5 their email address
>     >
>     > (3) I send user a message (to validate the address works) that has
>     > their MD5'd address as a link for them to come back and get what
>     they
>     > want
>     >
>     > (4) user clicks unique query string in the email I've sent them
>     >
>     > (4) I validate the string .....how/from where is the ??? :)
>     >
>     > (5) if valid, give them the Flash file; if not, give them an
>     > error message
>
>     You could do all of this with just Flash, etc. assuming Flash has
>     MD5, as
>     I'm sure it does, but you'll be limited. If you want to track who has
>     downloaded what files, the browser they're using, etc. you won't
>     be able to
>     do so without a DB.
>
>     There's also a security concern here. There's no way to know that
>     the email
>     address you've gotten originally, i s the same as the one that's
>     coming from
>     the link. Since you're not storing anything anywhere, you have no
>     way to
>     keep persistent data. If I know that you're checking that an MD5
>     matches
>     the MD5 of the email address, I can pass you any MD5 I want, and it'll
>     validate.
>
>     H
>
>
>
>     ------------------------------
>
>     Message: 3
>     Date: Sun, 21 Aug 2005 20:16:17 -0400
>     From: "Thomas Brennan"
>     Subject: [nycphp-talk] OWASP 9/29 Save The Date
>     To:
>     Message-ID:
>     <1DA2AD8042527B4199C09042CFC0A94D18794B at jinx.datasafeservices.net>
>     Content-Type: text/plain; charset="US-ASCII"
>
>     I would like to provide you with advanced notice and extend a special
>     invite for you to join us at the next Open Web Application Security
>     Meeting (OWASP) NJ Chapter meeting. The next event will be held at
>     September 29th at ABN AMRO in Jersey City (across from the path
>     station)
>     - full details, speakers an d RSVP information is located at the
>     chapter
>     website online:
>
>     http://www.owasp.org/local/nnj.html
>
>     Currently on the September Agenda:
>
>     SPEAKER - OWASP - Topic: Review of OWASP Security Guide v2.0.1
>     Released
>     at BlackHat
>
>     SPEAKER - eEye Digital Security - Topic: Worm / Vulnerability
>     Management
>
>
>     SPEAKER - Application Security - Topic: Database Attacks
>
>     SPEAKER - NitroSecurity - Topic: Analysis of Network Attacks
>
>     ** You are encouraged to forward this email to others that you believe
>     would benefit from this non-profit, educational peer-to-peer
>     networking
>     opportunity -- RSVP is required due to building security requirements
>     see: http://www.owasp.org/local/nnj.html for details.
>
>     At our November meeting we are looking forward to having NYPHP/Hans
>     Zaunere speak concerning PHP Security Issues
>
>     Enjoy the rest of your summer!
>
>     Thomas Brennan, CISSP, CFSO, MCSA, C|EH
>     DATA SAFE SERVICES
>     "Because Security i s NOT the default"
>     831-B Route 10 East, Whippany NJ 07981
>     Tel: 973-795-1046 | Fax: 973-428-0293
>     Web: www.datasafeservices.com
>
>
>     ------------------------------
>
>     Message: 4
>     Date: Sun, 21 Aug 2005 22:48:19 -0400
>     From: Billy Pilgrim
>     Subject: Re: [nycphp-talk] Session basics
>     To: NYPHP Talk
>     Message-ID: <6ee3253b050821194874c5ddf0 at mail.gmail.com>
>     Content-Type: text/plain; charset=ISO-8859-1
>
>     On 8/19/05, Chris Shiflett wrote:
>     > Aaron Fischer wrote:
>     > > If the session has expired such as in browser close or
>     timeout, the
>     > > bookmarked page won't be a liability as the session id in the
>     URL won't
>     > > find a matching session id on the server.
>     >
>     > The server doesn't know when the browser is closed, so that
>     part's not
>     > right. It is true that a session timeout (on the server side) offers
>     > some protection against this ty pe of accidental hijacking.
>
>     A bookmarked session id might not result in a hijacked session, but
>     it's not a good idea have session ids exposed and kept around like
>     that.
>
>     Consider another example: Someone is logged into a newspaper site and
>     sees an interesing article. The user copies the url (with session id)
>     and pastes it in an email to a friend. If the friend receives the
>     email quickly and the server has a long timeout, accidential session
>     hijacking could occur.
>
>     The primary reason to have a session id in the url is if the browser
>     doesn't support cookies, right?
>
>
>     ------------------------------
>
>     Message: 5
>     Date: Mon, 22 Aug 2005 08:35:30 -0400
>     From: csnyder
>     Subject: Re: [nycphp-talk] MD5 + Flash
>     To: NYPHP Talk
>     Message-ID:
>     Content-Type: text/plain; charset=ISO-8859-1
>
>     On 8/21/05, -sry Boston wrote:
>
>     > What I want to do:
>     >
>     > (1) user gives me email address
>     >
>     > (2) with a PHP script (free from http://www.allhype.co.uk/tools/md5/
>     > and a very nice script actually!!) I MD5 their email address
>     >
>     > (3) I send user a message (to validate the address works) that has
>     > their MD5'd address as a link for them to come back and get what
>     > they want
>     >
>     > (4) user clicks unique query string in the email I've sent them
>     >
>     > (4) I validate the string .....how/from where is the ??? :)
>     >
>     > (5) if valid, give them the Flash file; if not, give them an
>     error message
>     >
>     > Any help much appreciated!
>
>     I think you have the purpose of the MD5 hash confused. In this case,
>     you want it to be an *unguessable* token that the user can bring back
>     to you to prove that they got they got your validation message, and
>     that they own the mailbox associ ated with the provided email address.
>
>     In other words, it should be random. If it's just the hash of their
>     email address, then an impersonator could easily generate the right
>     token and validate an address that isn't their own (as Hans pointed
>     out).
>
>     You will need some sort of DB -- MySQL or flat file or otherwise -- to
>     store the email address and the random token in the same record, so
>     that when the user clicks the link with the token in it, you can look
>     up the email and mark it valid.
>
>     -- 
>     Chris Snyder
>     http://chxo.com/
>
>
>     ------------------------------
>
>     _______________________________________________
>     talk mailing list
>     talk at lists.nyphp.org
>     http://lists.nyphp.org/mailman/listinfo/talk
>
>
>     End of talk Digest, Vol 27, Issue 50
>     ************************************
>
> ------------------------------------------------------------------------
> Yahoo! Mail for Mobile
> Take Yahoo! Mail with you! 
> <http://us.rd.yahoo.com/evt=31132/*http://mobile.yahoo.com/learn/mail> 
> Check email on your mobile phone.
>
>------------------------------------------------------------------------
>
>_______________________________________________
>New York PHP Talk Mailing List
>AMP Technology
>Supporting Apache, MySQL and PHP
>http://lists.nyphp.org/mailman/listinfo/talk
>http://www.nyphp.org
>




More information about the talk mailing list