On 2006-04-03 17:06:11 -0000 (Mon, Apr), muralidhar sortur wrote:
>
> Hi ,
> Here is the complete description of the problem ...
>
> I have newly installed fedora core 4 with option as everyting.
[...]
> -------------------------------------------------------------
> Error i get is
> [client 127.0.0.1] PHP Warning: pg_connect(): Unable to connect to
> PostgreSQL server: could not connect to server: Permission
> denied\n\tIs the server running locally and accepting\n\tconnections
> on Unix domain socket "/tmp/.s.PGSQL.5432"? in
> /var/www/html/add-entry.php on line 5, referer:
> http://localhost/add.html
How does the file /tmp/.s.PGSQL.* look like? Does 'www' user have access
to it?
ls -l /tmp/.s.PGSQL.*
As you enabled network interface in postgresql, you may try to add
'host=127.0.0.1' to your pg_connect function. This should let 'www'
user to connect.
> [root@localhost html]# telnet localhost 5432
> Trying 127.0.0.1...
> Connected to localhost.localdomain (127.0.0.1).
> Escape character is '^]'.
>
>
> Connection closed by foreign host.
>
> data/pg_log/postgresql-Mon.log contains
>
> LOG: invalid length of startup packet
Telnet is not the best tool for binary protocols.
You may try netcat (nc), but anyway - this test is not significant
here.
By the way, you used this construction:
> $Name=$_GET['Name'];
> $Email=$_GET['Email'];
> $Phone=$_GET['Phone'];
>
> $query = "INSERT INTO Addresses VALUES( '$Name', '$Phone', '$Email' );";
Forgive me if that is only because this is test, and you know that, but
I just HAVE to say:
Don't let the untrusted parameters to go into query. Someone may call
your page like this:
http://example.com/add-entry.php?Email=a'); delete from Addresses; --
As *MINIMAL* precaution use:
$Name = pg_escape_string( $_GET['Name');
--
No virus found in this outgoing message.
Checked by "grep -i virus $MESSAGE"
Trust me.