RE: [PHP] Intuitive Interfaces
Cesar Cordovez wrote: Chris Shiflett wrote: Some Web sites I have visited think it is helpful to use some client-side scripting to move the focus from the first text field to the second after three numbers have been entered. I think this is the worst thing to do. If they are going to this jump to the next field when this is full script why don't they put one field to start with? Can somebody explain why some developers do this? Some possible reasons why: 1. Some developers are preoccupied with creating a cool interface, rather than focusing on what the user finds usable. 2. Customary separtor punctuation, e.g., the dashes in a social security number (US), 123-45-6789, can be inserted between the input controls, thus subtly instructing the user that they don't have to enter the punctuation. Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] echo or print
when should i use echo ' '; vs. print ' '; Here's a link listed in the manual at http://www.php.net/manual/en/function.print.php http://www.faqts.com/knowledge_base/view.phtml/aid/1/fid/40 Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] what ever happened to http referrer
I'm running php 4.3.4 and do not see any mention of HTTP_REFERRER. I tried $_SERVER['HTTP_REFERRER'] which is what I thought it was but to no avail. Any comments on the location/status of this? You spell too well, try HTTP_REFERER, without the double R ;) Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] upload file size
this could really kill my bandwidth. is there a way to check the file size without fully uploading the file? Although it has been called an urban legend :), you could try the old MAX_FILE_SIZE trick. For this, add a hidden tag before the input type=file tag: input type=hidden name=MAX_FILE_SIZE value=(your $ of bytes here) This is an instruction to the browser to restrict the size of files that it will attempt to upload, but browers are not required to honor it. Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] session variables scope problem. HELP!
It seems that once a session is started and variables set, I can access the variables on the page on which they are set, but on subsequent pages via link or Header redirect the session variables are not set and cannot be accesses. Be sure you have session_start() at the top of *all* pages. Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] References and memory efficiency
I've been working on a database wrapper class for a while now, MySQL to be specific. Until now, I've simply had a fetch function that returned an array of all the rows that the database returned, only because I have gotten so tired of always writing the same while loop to iterate through all the rows. However, I have discovered that the method I'm using, passing around large multidimensional arrays of text by copy, is extremely memory inefficient, so I am working on a new method. Tell me if this is any better: [...snip...] Where fetch($query, $array) is the header. In the second case, the fetch function would therefore write the rows directly to the array which was passed as a reference rather than returning a copy. Am I right in thinking that this is a better method? I hope your new method is the right one, because I do it the same way and for the same reason :) I haven't done any benchmarks, though. I use procedural code, but the idea is the same. The calling routine builds the query string and passes it into a function that executes the query, processes the results set, puts the results into a hash, and returns a reference to the hash. The calling routine then gets what it needs out of the hash. So, one simple scalar gets passed in both directions. I use that one function for all queries. Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] magic_quotes_gpc and \
If I have a form that POSTS a textarea that contains PHP code. Say some code that contains legitimate escapes \ like: echo a href=\http://somewhere.com\;Click/a; When the data is posted and received in the destination script, additional escapes \ are added. So how do I get to the original code above? strip_slashes will strip all slashes, even the original ones that are supposed to be there. How about doing an ereg_replace on '\\' to '\'? Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] LiteSpeed Web Server 1.1
No doubt, Apache is a good web server, everyone use it. ;-) What the heck? Is this thread headed somewhere? Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Do not use Apache 2.0 and PHP in a production environme nt neither on Unix nor on Windows.
-Original Message- From: Dave Restall - System Administrator [mailto:[EMAIL PROTECTED] how long it will be before PHP/Apache 2 is considered stable enough to be used in a production environment ?. Below is how Rasmus answered this question back on 7/4/03. Kirk Apache2 has a number of different modes it can work in. These modes are called MPM's. The default MPM is called Worker which is a multithreaded model. PHP, mod_perl, mod_python, and any other similar technology which links directly into the httpd processes will need to be perfectly threadsafe and reentrant to work effectively with a threaded Apache2 mpm. This is doable for the core of PHP, but there are literally hundreds of 3rd party libraries that can be linked into PHP and nobody whether or not these libraries are threadsafe. And figuring out if a specific library is threadsafe or not is non-trivial and it can very from one platform to another. And just to make it even harder, this stuff will appear to work fine until you put it under load or hit very specific race conditions which makes it nearly impossible to debug. So, since we can't tell you for sure that a threaded Apache2 mpm + PHP will work we do not suggest you use it for a production server. And since we can't know for sure, none of the main PHP developers use this combination for our own servers which compounds the problem because it is not receiving anywhere near the amount of realworld testing required to work out all the little issues above and beyond this threading unknown. There is an Apache2 mpm, called prefork, which isn't threaded and basically makes Apache2 look like Apache1. But hey, we have a very good server already that looks like Apache1. In the end I don't see Apache2+PHP ever becoming a production platform with the current architecture. The only way I see it ever working is to pull PHP out of Apache and use a fastcgi approach. Or, with time, perhaps we will learn how to make sure a library is perfectly threadsafe and safe to use in a multithreaded Apache2. For now, I really see no reason not to simply use Apache1 if you want a robust, fast and stable web server. -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Removing empty array values.
On Mon, 18 Aug 2003 08:03:25 -0400, you wrote: How do I remove empty array values? This will remove the empty values and re-index the array so there are no holes. $new_array = array_values($old_array); Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] session bug or feature
Under 4.3.2, and register_globals on, $foo and $_SESSION[foo] both contain a reference that points to the same memory location. So, assigning to either one effectively causes the same assignment in the other. If you can't turn register_globals off, consider making a copy of $_SESSION at the top of the script, then use that copy at the end of the script to restore any session values you need. You could also rename the global variables, e.g., $foo - $g_foo. I don't see an easy way out if you can't turn off register_globals, you are going to have to do some work. Kirk register_global is currently on. The problem is, I am hacking into someone else's (awful awful) code, and if I turned off register_globals, the whole application would go kaput. I am not even using the old session_x functions, just the new associative session array $_SESSION. Curt Zirzow [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] * Thus wrote Christian Calloway ([EMAIL PROTECTED]): Hey Everyone, I am running Apache 2.047 with PHP (as module) 4.3.2. I ran into something interesting and I wanted to know if it was a bug, or actually supposed to be that way. Given the following lines of code: ?php session_start(); // lets say this equals bar and it was set on a previous page $_SESSION[foo]; $foo = rab; echo $_SESSION[foo]; ? The problem is, when I set the global variable $foo=rab, when I echo the session variable $_SESSION[foo], it outputs rab instead of bar?! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] session bug or feature
?php session_start(); // lets say this equals bar and it was set on a previous page $_SESSION[foo]; $foo = rab; echo $_SESSION[foo]; ? The problem is, when I set the global variable $foo=rab, when I echo the session variable $_SESSION[foo], it outputs rab instead of bar?! Try setting register_globals to off in your php.ini file. Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Debugging a Session Problem
I am out of ideas, short of rebuilding PHP. Sessions work, I just don't see what is wrong in this situation. Sorry, good luck. Kirk -Original Message- From: Lee Stewart [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 30, 2003 4:11 PM To: [EMAIL PROTECTED] Subject: RE: [PHP] Debugging a Session Problem The only thing in the Apache error log is: [Fri Jul 25 16:19:31 2003] [error] PHP Notice: Undefined variable: test in /srv/www/htdocs/page2.php on line 3 No other messages I can find in any logs. df shows the file system only 70% full... At 08:38 AM 7/28/2003, Johnson, Kirk wrote: Anything in the Apache or PHP error logs? Permissions are OK, there is space on the drive? Kirk -- Lee Stewart, Senior SE Sytek Services, a Division of DSG (719) 566-0188 , Fax (719) 566-0655 [EMAIL PROTECTED] www.sytek-services.com www.dsgroup.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Debugging a Session Problem
Anything in the Apache or PHP error logs? Permissions are OK, there is space on the drive? Kirk -Original Message- From: Lee Stewart [mailto:[EMAIL PROTECTED] Sent: Friday, July 25, 2003 6:00 PM To: [EMAIL PROTECTED] Subject: RE: [PHP] Debugging a Session Problem Using the $_SESSION[] style produces the same results... Zero length session file in /tmp, and no data passed... (available at http://4.43.81.92/page1a.php) So where do I go from here...Is there any way to debug it? Like I said, I suspect it's not a PHP code bug, but I'm at a loss as to where to go from here (other than re-writing the entire application in some other language -- which I really don't want to do)... Help? Lee -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Debugging a Session Problem
I'm moving an application that I'm in the trying to move to a new platform. It was running fine on an older Linux platform with PHP 4.0.3 and Apache 1.3.14. The new platform is also Linux, with PHP 4.2.2 and Apache 1.2.26 -- with register_globals on. (I just upgraded it from 4.2.2.36 to 4.2.2.69 which is the latest rpm on SuSE's site, with no change in the problem.) The symptom is that when I attempt to save a session variable, it creates the session file in /tmp, but with a zero length - no variable names or values stored. If you are relying on cookies to transmit the session ID, make sure you have session cookies enabled in your browser. Also check that you don't have an .htacess file in your directory that is overriding the register_globals setting. Turn your error_reporting up to E_ALL and see if PHP has anything to say to you. Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Debugging a Session Problem
Your original code works for me, so it is a config issue somewhere. Add this code to each file, to verify that the session ID is being correctly passed: echo session id is . session_id() . br; Also, is your php.ini in /usr/local/lib? If PHP can't find it, it will use its built-in defaults, which is register_globals off. Kirk -Original Message- From: Lee Stewart [mailto:[EMAIL PROTECTED] Sent: Friday, July 25, 2003 2:00 PM To: [EMAIL PROTECTED] Subject: RE: [PHP] Debugging a Session Problem At 11:55 AM 7/25/2003, you wrote: If you are relying on cookies to transmit the session ID, make sure you have session cookies enabled in your browser. Also check that you don't have an .htacess file in your directory that is overriding the register_globals setting. Turn your error_reporting up to E_ALL and see if PHP has anything to say to you. Yes, cookies are enabled in the browser (and the same browser works with the application on the old system). And no .htaccess files. When I set error_reporting to E_ALL I do get: Notice: Undefined variable: test in /srv/www/htdocs/etrak/page2.php on line 3 which is the reference to $test in echo test is $testbr; because $test was to have been a session variable, but wasn't passed. Other than that, no errors. CPT John W. Holmes wrote: Seem to remember something about starting a session and then redirecting with header causing trouble. Try using session_write_close() before you redirect. I also tried adding the session_write_close() with no change... Each time I get a new session file in /tmp, but all are zero length... ls -l /tmp drwxrwxrwt6 root root 592 Jul 25 12:48 . drwxr-xr-x 18 root root 408 Jul 25 12:47 .. -rw---1 wwwrun nogroup 0 Jul 25 12:49 sess_39e04150efb3de58764ce04dae572401 -rw---1 wwwrun nogroup 0 Jul 25 11:57 sess_4d9573209bf3688c380d33c94f64be47 -rw---1 wwwrun nogroup 0 Jul 17 16:55 sess_5160b002714849a598a8a1e62a78a2eb -rw---1 wwwrun nogroup 0 Jul 20 08:36 sess_7a053a0dd515170e6d0ace739860b71f -rw---1 wwwrun nogroup 0 Jul 25 11:55 sess_903ef4579ee2f596981aad08efd3bc9d Thanks for any debugging suggestions... Lee -- Lee Stewart, Senior SE Sytek Services, a Division of DSG (719) 566-0188 , Fax (719) 566-0655 [EMAIL PROTECTED] www.sytek-services.com www.dsgroup.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Debugging a Session Problem
Sorry, I am stumped. I don't see any problems in the .ini file. Have you
tried some simple code in register_globals off style?
?
session_start();
$_SESSION['test'] = 'foobar';
header('Location: page2.php');
?
?
session_start();
echo test is {$_SESSION['test']}br;
?
Kirk
-Original Message-
From: Lee Stewart [mailto:[EMAIL PROTECTED]
Sent: Friday, July 25, 2003 4:27 PM
To: [EMAIL PROTECTED]
Subject: RE: [PHP] Debugging a Session Problem
I agree that it's probably a config problem -- somewhere...
Yes, the session ID is passed correctly, but since page1.php
doesn't end up
with any variables or values in the session file, so
regardless that it has
the right session ID, there's nothing in the session file to
restore...
The php.ini file is in /etc/php.ini (but that's where it's
supposed to be
in this distribution), and phpinfo shows it there, and when I turn
register_globals on and off there, I see it change both in
phpinfo and from
a php script.
And if you want to look, a copy of my php.ini is available at
http://4.43.81.92/phpini.txt
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] session data missing
After creating a new session with session_start() and
inserting a few values
e.g $HTTP_SESSION_VARS['foo'] = 'bar'; a file
/tmp/sess_{session_id} is
created.
The problem is that this file is empty! 0 bytes. no data is stored.
I'm using php 4.0.6 on linux with apache 1.3 something.
Check the register_globals setting in php.ini. If it is set to On, then
code like this:
session_start();
$foo = 'bar';
session_register('foo');
echo $foo;
If register_globals is set to Off, then code as you are already doing:
session_start();
$HTTP_SESSION_VARS['foo'] = 'bar';
echo {$HTTP_SESSION_VARS['foo']};
Kirk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Sessions
This works fine on my development PC, (PHP v 4.3.1) and on my primary test site (PHP v4.2.2). However when I try it on the target site (PHP v4.1.2) then I find that immediately after starting the session everything works fine, however when I move to any other page the session information is lost and I'm redirected to log in again. Also check the register_globals setting in the various php.ini files. It is probably set to off on your dev and test sites, but may be set to on on the target site. Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SQL injection
Hi, Is there any way, doc, article, example, idea, suggestion to how to prevent sql injection on php sites... http://www.nextgenss.com/papers/advanced_sql_injection.pdf http://www.nextgenss.com/papers/more_advanced_sql_injection.pdf Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: correct session format?
So what is the diffirent between :
session_start ();
$_SESSION['eventid'] = 'arma2';
and
session_start ();
session_register('arama2');
Use the first method to create session variables when register_globals is
off in the php.ini file. Use the second method when it is On.
http://www.php.net/session
Kirk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Problem with GET variables
Set register_globals to On in php.ini. Kirk -Original Message- From: Sid [mailto:[EMAIL PROTECTED] Sent: Monday, June 23, 2003 3:52 PM To: [EMAIL PROTECTED] Subject: [PHP] Problem with GET variables Hello, I just updated PHP on my local computer from PHP 4.0.2 to 4.3.2 (Yes, I know, its a very very long time). I also downloded the latest version of Apache and installed PHP as a module. Now PHP runs fine on the server. I have a small problem though. Variables being sent via the GET method are not getting parsed. I can acess these variables via the $_GET[variable] method but not through $variable. Any idea why. Most of my old PHP scripts accessed the variables directly by their name and so this will be a very very big problem for me. Any idea how I can get this old feature back. Thank you. - Sid -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Migrating pre-4.1 code to a post-4.1 server with regist er_globals on
-Original Message-
From: Ford, Mike [LSS] [mailto:[EMAIL PROTECTED]
Sent: Friday, June 20, 2003 2:57 AM
To: Johnson, Kirk; [EMAIL PROTECTED]
Subject: RE: [PHP] Migrating pre-4.1 code to a post-4.1 server with
regist er_globals on
-Original Message-
From: Johnson, Kirk [mailto:[EMAIL PROTECTED]
Sent: 19 June 2003 20:31
To: [EMAIL PROTECTED]
Subject: [PHP] Migrating pre-4.1 code to a post-4.1 server with
register_globals on
A heads-up to those who are moving old code with
register_globals on to a
server with a newer PHP version and register_globals still on:
In the old days, the rule was simple. For a session variable,
whatever value
was in the global variable at the end of the script was what
was saved to
the session, and that value was restored on the next page.
Under a newer version of PHP, e.g., 4.3.2, this is no longer
true in one
case. Assume we have a session variable, 'a', that has been
assigned some
value:
$a = 'someValue';
session_register('a');
Then
unset($a);
will unset the global variable, $a, but NOT the corresponding
element in the
two session arrays, $HTTP_SESSION_VARS and $_SESSION.
Actually, this should only be true for versions 4.1.0 to
4.2.3 -- the manual
page at http://uk.php.net/manual/en/ref.session.php
(admittedly a *long* way
down it and hidden under the Examples heading!) contains
this warning:
There is a defect in PHP 4.2.3 and earlier. If you register
a new session
variable by using session_register(), the entry in the global
scope and the
$_SESSION entry will not reference the same value until the next
session_start(). I.e. a modification to the newly registered
global variable
will not be reflected by the $_SESSION entry. This has been
corrected in PHP
4.3.
Please let me clarify what I am saying. The manual reference above is
correct, *to a point*.
In 4.3.2, when you *assign* to any one of the session variable $a,
$HTTP_SESSION_VARS['a'], or $_SESSION['a'], you simultaneously *assign* to
the other two. For example,
$HTTP_SESSION_VARS['a'] = 'iguana';
simultaneously *assigns* 'iguana' to $a and $_SESSION['a'].
However, unset($a) does NOT unset $HTTP_SESSION_VARS['a'] or $_SESSION['a'],
with two results. One, the value of the session variable, $a, is no longer
in sync with $HTTP_SESSION_VARS['a'] and $_SESSION['a']. Two, $a will have
the value 'iguana' restored on the next session_start(). This is unexpected
behavior and not explained in the manual, AFAIK.
Kirk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Migrating pre-4.1 code to a post-4.1 server with register_globals on
A heads-up to those who are moving old code with register_globals on to a
server with a newer PHP version and register_globals still on:
In the old days, the rule was simple. For a session variable, whatever value
was in the global variable at the end of the script was what was saved to
the session, and that value was restored on the next page.
Under a newer version of PHP, e.g., 4.3.2, this is no longer true in one
case. Assume we have a session variable, 'a', that has been assigned some
value:
$a = 'someValue';
session_register('a');
Then
unset($a);
will unset the global variable, $a, but NOT the corresponding element in the
two session arrays, $HTTP_SESSION_VARS and $_SESSION.
The result is that ** $a will be restored with its original value ** on the
next page, which is definitely different behavior than that for the same
code under older versions of PHP.
Or did I screw up my tests somehow? ;)
Kirk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Using register_globals [ note on multi-developer env ]
-Original Message- From: Jay Blanchard [mailto:[EMAIL PROTECTED] In the corporate environment with multiple developers we have to initialize every variable (it's a rule). We even scan code once a day for variables that have not been declared. It's part of our documentation. Jay, is your scan something other than setting error reporting to E_ALL? A tool or script that is freely available? TIA Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php session not persisting
Thanks. I'm using PHP-4.3.1. The problem is not with $_SESSION. I used session_is_registered(sess_var); to check from the second script and cannot see the variable(sess_var). Can anyone tell me why? Your code should work for register_globals on. Check that: - php.ini is where it is supposed to be (/usr/local/lib/, I think). - register_globals is really to set to on in php.ini. - that cookies are enabled in your browser. - you don't have an .htaccess file in your directory with register_globals turned off in it. Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php session not persisting
Set your error reporting to E_ALL, to see if anything else is going on.
Add this line right after session_start() in both files, to make sure the
session ID is getting passed correctly. The same ID should be displayed in
both files:
echo ID = . session_id() . BR;
-Original Message-
From: Eric D. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 03, 2003 3:01 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] php session not persisting
Thanks Kirk! I have all of the conditions you set out met.
And still doesn't
work.
I also added session__is_registered(sess_var) to check and
it tells me
that it's not registered.
1st script - page1.php:
?
session_start();
session_register(sess_var);
$sess_var = Hello world!;
echo The content of \$sess_var is $sess_varbr; //echos
fine here
?
a href = page2.phpNext page/a
2nd script - page2.php:
?
session_start();
if (session_is_registered(sess_var))
{ echo truebrbr;}
else
{echo falsebr;}
echo The content of \$sess_var is $sess_varbr;
//$sess_var NOT printed
echo sess_var = $_SESSION[sess_var]br;
session_unregister(sess_var);
?
Kirk Johnson [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Thanks. I'm using PHP-4.3.1.
The problem is not with $_SESSION. I used
session_is_registered(sess_var);
to check from the second script and cannot see the
variable(sess_var). Can
anyone tell me why?
Your code should work for register_globals on. Check that:
- php.ini is where it is supposed to be (/usr/local/lib/, I think).
- register_globals is really to set to on in php.ini.
- that cookies are enabled in your browser.
- you don't have an .htaccess file in your directory with
register_globals
turned off in it.
Kirk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: PHP OOP x Procedural Performance
One thing I'd like to abundantly point out is that NOT EVERYTHING BELONGS IN OOP! For instance, if you're building classes that output HTML - you've skipped a few chapters in your OOP design books. Joe, I am curious about this opinion, could you elaborate a bit, please? I am not an OOP programmer, and I'm just interested in your thoughts on this, if you have time. Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Question
SInce register_globals() is ON on my server, I need to be able to figure out a way to ensure session security. The single most important thing to do is initialize all your variables. The way to ensure that you have done that is to set the error reporting level to E_ALL (which is max). The server will then report it if you use a variable that hasn't yet been assigned a value. Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] str_replace() problem
You could replace the longer one, Blueberry, first. Then, the only remaining occurrences of Blue will be ones that you really want. Kirk I am performing a str_replace() on a large string, and everything works fine, except that two of the elements I'm searching for (and replacing) have the same first letters. To keep it the issue clear, here's a simple example of what I'm talking about: Blue Blueberry Now, if I use: str_replace(Blue,Red,$paragraph); str_replace(Blueberry,Strawberry,$paragraph); ...all occurrences of Blueincluding Blueberrywill be replaced with Red. The result will be something like: Red Redberry ...But what I want is... Red Strawberry -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Checking a string for # of charactors.
http://www.php.net/manual/en/function.strlen.php Kirk I would like to check that a string as more than 20 charactors in it. Can someone point me in the right direction. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] What am I not understanding about $GLOBALS['myvar'] vs global $myvar?
I think you either want to use no quotes or double quotes, but not single quotes. Double quotes will interpolate the variable, single quotes will not, i.e. $key becomes a string literal rather than a variable. No quotes will work, although the docs seem to indicate it is deprecated syntax. Not everyone agrees that it is deprecated, though ;) Kirk $GLOBALS[$key] is incorrect and depricated AFAIK. $GLOBALS['$key'] (with the single quotes) is the proper way to write these types of associative arrays/hashs. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] How to detect if a cookie is set?
Hi I'm trying to make a script that first figures out if a cookie is set, if not,do this, if so, do that. Can I use: Isset($HTTP_COOKIE_VARS['nick'] or what should I use? Yes. If you have PHP 4.1.0 or higher, you can also use the recommended $_COOKIES['nick']. Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] OT Inactivity Timeout
But how can I set up an inactivity timeout that will logout a person after let's say 20 minutes of inactivity? You could put a meta refresh on the page, that redirects to an inactivity page. Set the refresh time to the timeout value. Put some logout code on the inactivity page. Otherwise, you need to use JavaScript, as far as I know. Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] IF statement madness
Comparing a float with an integer can have problems. You could try something
like:
if(abs($i - $target) .1) {
//then they are essentially equal
}
Kirk
-Original Message-
From: James E Hicks III [mailto:[EMAIL PROTECTED]
Sent: Friday, March 14, 2003 11:22 AM
To: [EMAIL PROTECTED]
Subject: [PHP] IF statement madness
Help save my sanity! What can I do to the IF statement in the
following code to
make it print the line that says By God they are equal in
value.? I have tried
the following changes;
1. using === instead of ==
2. placing (float) in front of the $i and $target
inside and before the IF
statement.
?
$start = 215;
$end = 217;
$target = 216;
for ($i=$start; $i=$end; $i+=.1){
if ( $i == $target ){
echo (BR$i - $target, By God, the are
equal in value.);
} else {
echo (BR$i - $target, Eternal Damnation,
they aren't
equal!);
}
}
?
James E Hicks III
Noland Company
2700 Warwick Blvd
Newport News, VA 23607
757-928-9000 ext 435
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] delete from array
How do I delete a specific time out of the array or
how do I delete
a range of times out of the array? I would like to be able to delete
12:05:00 but if I want, delete a range like 12:05:00 to
12:10:00.
Here's some code.
Kirk
function remove_array_values($valuesToRemove, $array)
{
if (is_array($array))
{
// convert the input to an array, so only one logic block is needed
below
if (!is_array($valuesToRemove))
{
$valuesToRemove = (array) $valuesToRemove;
}
foreach ($valuesToRemove as $value)
{
$match = true;
// use the do...while to get multiple occurrences of the value to
delete
do
{
// array_search returns 'null' or 'false' if the value is not found,
// and the index if the value is found, so any number indicates a
match
$index = array_search($value, $array);
if (is_numeric($index))
{
unset($array[$index]);
}
else
{
$match = false;
}
}
while ($match);
}
// re-index the array
return array_values($array);
}
else
{
// return false on bad input
return false;
}
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session variable under PHP 4.0.6
In the first file, replace this line:
$HTTP_SESSION_VARS['variable']=the variables value;
with these two lines:
$variable = the variables value;
session_register('variable');
This is because 'register_globals' is enabled in the php.ini file.
Kirk
-Original Message-
From: Henry Grech-Cini [mailto:[EMAIL PROTECTED]
Sent: Monday, March 03, 2003 9:34 AM
To: [EMAIL PROTECTED]
Subject: [PHP] Session variable under PHP 4.0.6
Hi All,
I'm having a problem with session variables under PHP 4.0.6
on a secure
server. I ran phpinfo and have attached the resulting page
after the main
body of this message.
My test code looks like this
Filename: index.php
Page Start --
?php
session_start();
$HTTP_SESSION_VARS['variable']=the variables value;
?
a href=index2.phpclick here/a to go to the next page
Page End --
Next file
Filename: index2.php
Page Start --
?php
session_start();
print_r($HTTP_SESSION_VARS);
echo --gt;.$HTTP_SESSION_VARS['variable'].lt;--;
?
Page End --
Suffice to say it doesn't work. The first page displays
click here to go to the next page
as expected. However clicking on the link takes you to
index2.php and the
following is displayed:
Array ( )
Namely that the session variable called variable is not set in the
session.
I have run the exact same code on a machine running PHP 4.2.3
(non secure
servers) and it works perfectly! And outputs:
Array ( [variable] = the variables value ) --the variables
value--
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session variable under PHP 4.0.6
That Caution message is not the full story, read some more on
register_globals.
If register_globals is On in php.ini, then do the following:
- use session_register() to create your session variables;
- use the global variable to access the variable, not the $HTTP_SESSION_VARS
array.
Example:
$myVar = 'test';
session_register('myVar');
$myVar = 'some new value';
print $myVar;
Note: the value of $myVar is what is stored to the session at the end of the
script. And, since it is stored after the script ends, its value is not
available via $HTTP_SESSION_VARS[] until the next page.
If register_globals is Off in php.ini, then do the following:
- do not use session_register(), etc.
- use $HTTP_SESSION_VARS for all accesses.
Example:
$HTTP_SESSION_VARS['myVar'] = 'test';
$HTTP_SESSION_VARS['myVar'] = 'some new value';
print $HTTP_SESSION_VARS['myVar'];
Kirk
-Original Message-
From: Henry Grech-Cini [mailto:[EMAIL PROTECTED]
Sent: Monday, March 03, 2003 10:29 AM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] Session variable under PHP 4.0.6
Thanks that works in my testing example. But why? The manual says:
Caution
If you are using $_SESSION (or $HTTP_SESSION_VARS), do not use
session_register(), session_is_registered() and session_unregister().
But in index2.php I am using $HTTP_SESSION_VARS and it works?!
Need a bit of clarification since my actual app still doesn't work!
Henry
Kirk Johnson [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
In the first file, replace this line:
$HTTP_SESSION_VARS['variable']=the variables value;
with these two lines:
$variable = the variables value;
session_register('variable');
This is because 'register_globals' is enabled in the php.ini file.
Kirk
-Original Message-
From: Henry Grech-Cini [mailto:[EMAIL PROTECTED]
Sent: Monday, March 03, 2003 9:34 AM
To: [EMAIL PROTECTED]
Subject: [PHP] Session variable under PHP 4.0.6
Hi All,
I'm having a problem with session variables under PHP 4.0.6
on a secure
server. I ran phpinfo and have attached the resulting page
after the main
body of this message.
My test code looks like this
Filename: index.php
Page Start --
?php
session_start();
$HTTP_SESSION_VARS['variable']=the variables value;
?
a href=index2.phpclick here/a to go to the next page
Page End --
Next file
Filename: index2.php
Page Start --
?php
session_start();
print_r($HTTP_SESSION_VARS);
echo --gt;.$HTTP_SESSION_VARS['variable'].lt;--;
?
Page End --
Suffice to say it doesn't work. The first page displays
click here to go to the next page
as expected. However clicking on the link takes you to
index2.php and the
following is displayed:
Array ( )
Namely that the session variable called variable is not
set in the
session.
I have run the exact same code on a machine running PHP 4.2.3
(non secure
servers) and it works perfectly! And outputs:
Array ( [variable] = the variables value ) --the variables
value--
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] How can I detetct if session cookies are enabled?
Is there a way (PHP code if possible please) to verify if session cookies are enabled in the user's browser? On the *second* request, check if $_COOKIES['PHPSESSID'] is set. On the initial request, PHP sends the 'PHPSESSID' cookie as part of the response. The browser then returns that cookie in its next request. Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] When is garbage collection initiated?
I need a better understanding of when garbage collection is initiated under PHP's default session handling. It is not clear to me if the gc_probability is based on: - each *request* to the server, or, - each time a *new session file is created*, or, - each time a request causes a *session file to be created or accessed*. Does anyone know this? Below is the documentation I found. I added the underscores for emphasis. - At http://www.php.net/manual/en/ref.session.php#AEN83911: session.gc_probability specifies the probability that the gc (garbage collection) routine is started on each _request_ in percent. - In the php.ini file: ; Percentual probability that the 'garbage collection' process is started ; on every _session initialization_. TIA Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] array question
http://www.php.net/manual/en/language.variables.variable.php Kirk -Original Message- From: Bob Irwin [mailto:[EMAIL PROTECTED] Sent: Monday, February 24, 2003 3:28 PM To: php-general Subject: Re: [PHP] array question Hi Guys, This might be a bit of a newbie question, but I'm not sure how to search for this particular information as its hard to put in search terms. Say I have a mysql/file with information about variables. Eg, I have a string from a mysql database of 'test' Am I able to then, in PHP, assign whatever that string is to a variable name? Eg, the string 'test' is used to create the variable '$test'... What is in that variable, doesn't matter, just the fact that the script knows the name of the variable (which can change depending on what the strings are) I'm sure its an easy piece of code, like a string function, but I'm buggered if I can find it! Best Regards Bob Irwin Server Admin Web Programmer Planet Netcom Scanned by PeNiCillin http://safe-t-net.pnc.com.au/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: register_globals On
-Original Message- An alternative... 1. register_globals off use the command import_request_variables(PC,_p); now you can get the variables like user as $p_user. The get variables will be ignored! Still, If a user developes a special browser, exclusively to hack, he may be able to send post variables... Anybody, anywhere in the world, can send any data they want (POST, GET, COOKIE) to your scripts. They key is to grab only the data you are expecting to receive. Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] missing simple php functionality
The field name in the form is user_name, and the echo is for name. Are you copying the value from $user_name to $name at some point? Kirk -Original Message- From: ML [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 20, 2003 2:04 PM To: [EMAIL PROTECTED] Subject: [PHP] missing simple php functionality Hello all. Im having a strange problem. My php outputs html correctly, and Ive tried other builtin functions like date and that works too. But when I try to do something as simple as passing a value from a form to a php file and display that value, no go. the HTML: html body h1Enter Your Name/h1 form action=simplephp.php action=POST input type=text size=20 maxlength=20 name=user_name input type=submit value=Submit Your Name /form /body /html the PHP file: ?php echo Your name is $name; ? I fill in my name, I click submit, and where the name should be displayed it shows nothing. I have gone over this again and again and I just don't know whats wrong. I also noticed that register globals was OFF so I just turned that on, but still I have the same problemany ideas? I really appreciate any feedback. Thank you! -Mike L -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: recursion?????
% The benefit of checking in javascript(which I suspect is enabled in most Not me! Not me! Not me! It is by no means ubiquitous. Anyone who even moderately considers security will have it turned off. The latest survey I've seen indicates that about 11% of browsers have JS disabled. About the same percent have cookies disabled. Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] register_globals On
I'm thinking of running a shopping cart package (osCommerce)
that requires
register_globals to be enabled. With all the warnings about
security with
register_globals enabled I'm worried.
How dangerous is it?
The key defensive step is to initialize all of your session variables at the
time you create them, like so:
$isAdmin = '';
session_register('isAdmin');
PHP will do the rest ;)
Kirk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Redirect without header or javascipt
Is there any to redirect in php with using header() and without the use of javascript? You can use an html meta tag with http-equiv=refresh. Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Problem with Date (2003-03-30)
-Original Message- From: Gareth Mulholland [mailto:[EMAIL PROTECTED]] I'm having problems with mktime and Midnight on 30th March 2003. The code I'm using is: echo mktime(0,0,1,'03','29','2003'); echo mktime(0,0,1,'03','30','2003'); echo mktime(0,0,1,'03','31','2003'); but the result is: 1048896001 -3661 1049065201 I ran your exact code and got this: 1048921201 1049007601 1049094001 Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Found a PHP bug!!!!!!!!!
-Original Message- From: Scott Fletcher [mailto:[EMAIL PROTECTED]] Found a PHP bug, I'm using PHP version 4.2.3. I have been struggling with why PHP code failed to work with the month is August or September I stumbled into this one a short while ago myself. It is not a bug, but a feature! ;) When passing values of 08 or 09 (Aug and Sep), PHP interprets them as octal numbers (because of the leading 0). However, 08 and 09 are invalid octal numbers, so PHP converts them to zero. The fixes are numerous: - remove the leading zero; - add zero to them before passing (addition forces a type conversion to int); - force a type conversion to integer using (int); - quote them (when PHP converts a string to an integer, it removes the leading zero); Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] dreading OOP
-Original Message- However, my mind apparently works different and I keep trying to relate the OOP structure to what I already know which equates an object to a function. I am resolving to purchase a book dedicated to instruction in the inns and outs of OOP. Specifically at it relates to PHP would be great but my emphasis is towards something that teaches someone that is stubborn in his reliance on previously learned methods. I hope this makes sense and I'm not alone on this. :) My only suggestion is that you re-consider why you want to take up OOP. If a procedural approach works for you, go with it. It's not like we're building air traffic control systems here ;) Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] mktime() and the format of the day number entry
OK, I am mktime() challenged. Can someone please explain these results to me? I have some test dates in October of 1998. For the days numbered 1-7, mktime() does not care whether I have a leading zero on the day or not, I get the same timestamp regardless, e.g., both a '7' and a '07' for the day number give the same timestamp. However, for the days 8-9, I get different timestamps for each if I use '8' versus '08' and '9' versus '09'. In these latter two cases, mktime treats both '08' and '09' as '0', and it gives the same timestamp as Oct 0 1998. What's up? The code is below if you want to have a look. Kirk Kirk Johnson [EMAIL PROTECTED] 0, as a number, is just as important as any other number. ? $tmp = mktime(0,0,0,10,0,1998); echo $tmpbr; $tmp = mktime(0,0,0,10,00,1998); echo $tmpbr; $tmp = mktime(0,0,0,10,1,1998); echo $tmpbr; $tmp = mktime(0,0,0,10,01,1998); echo $tmpbr; $tmp = mktime(0,0,0,10,2,1998); echo $tmpbr; $tmp = mktime(0,0,0,10,02,1998); echo $tmpbr; $tmp = mktime(0,0,0,10,3,1998); echo $tmpbr; $tmp = mktime(0,0,0,10,03,1998); echo $tmpbr; $tmp = mktime(0,0,0,10,4,1998); echo $tmpbr; $tmp = mktime(0,0,0,10,04,1998); echo $tmpbr; $tmp = mktime(0,0,0,10,5,1998); echo $tmpbr; $tmp = mktime(0,0,0,10,05,1998); echo $tmpbr; $tmp = mktime(0,0,0,10,6,1998); echo $tmpbr; $tmp = mktime(0,0,0,10,06,1998); echo $tmpbr; $tmp = mktime(0,0,0,10,7,1998); echo $tmpbr; $tmp = mktime(0,0,0,10,07,1998); echo $tmpbr; $tmp = mktime(0,0,0,10,8,1998); echo $tmpbr; $tmp = mktime(0,0,0,10,08,1998); echo $tmpbr; $tmp = mktime(0,0,0,10,9,1998); echo $tmpbr; $tmp = mktime(0,0,0,10,09,1998); echo $tmpbr; ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] mktime() and the format of the day number entry
The month behaves the same: both '08' and '09' are treated as zero by mktime(). Kirk -Original Message- From: Paul Roberts [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 02, 2003 4:24 PM To: Johnson, Kirk Cc: [EMAIL PROTECTED] Subject: Re: [PHP] mktime() and the format of the day number entry same here win 2K apache php4.21 output 0,0,0,10,0,1998 = 90711 0,0,0,10,00,1998 = 90711 0,0,0,10,1,1998 = 907196400 0,0,0,10,01,1998 = 907196400 0,0,0,10,2,1998 = 907282800 0,0,0,10,02,1998 = 907282800 0,0,0,10,3,1998 = 907369200 0,0,0,10,03,1998 = 907369200 0,0,0,10,4,1998 = 907455600 0,0,0,10,04,1998 = 907455600 0,0,0,10,5,1998 = 907542000 0,0,0,10,05,1998 = 907542000 0,0,0,10,6,1998 = 907628400 0,0,0,10,06,1998 = 907628400 0,0,0,10,7,1998 = 907714800 0,0,0,10,07,1998 = 907714800 0,0,0,10,8,1998 = 907801200 0,0,0,10,08,1998 = 90711 0,0,0,10,9,1998 = 907887600 0,0,0,10,09,1998 = 90711 code ?php $tmp = mktime(0,0,0,10,0,1998); echo 0,0,0,10,0,1998 = $tmpbr; $tmp = mktime(0,0,0,10,00,1998); echo 0,0,0,10,00,1998 = $tmpbr; $tmp = mktime(0,0,0,10,1,1998); echo 0,0,0,10,1,1998 = $tmpbr; $tmp = mktime(0,0,0,10,01,1998); echo 0,0,0,10,01,1998 = $tmpbr; $tmp = mktime(0,0,0,10,2,1998); echo 0,0,0,10,2,1998 = $tmpbr; $tmp = mktime(0,0,0,10,02,1998); echo 0,0,0,10,02,1998 = $tmpbr; $tmp = mktime(0,0,0,10,3,1998); echo 0,0,0,10,3,1998 = $tmpbr; $tmp = mktime(0,0,0,10,03,1998); echo 0,0,0,10,03,1998 = $tmpbr; $tmp = mktime(0,0,0,10,4,1998); echo 0,0,0,10,4,1998 = $tmpbr; $tmp = mktime(0,0,0,10,04,1998); echo 0,0,0,10,04,1998 = $tmpbr; $tmp = mktime(0,0,0,10,5,1998); echo 0,0,0,10,5,1998 = $tmpbr; $tmp = mktime(0,0,0,10,05,1998); echo 0,0,0,10,05,1998 = $tmpbr; $tmp = mktime(0,0,0,10,6,1998); echo 0,0,0,10,6,1998 = $tmpbr; $tmp = mktime(0,0,0,10,06,1998); echo 0,0,0,10,06,1998 = $tmpbr; $tmp = mktime(0,0,0,10,7,1998); echo 0,0,0,10,7,1998 = $tmpbr; $tmp = mktime(0,0,0,10,07,1998); echo 0,0,0,10,07,1998 = $tmpbr; $tmp = mktime(0,0,0,10,8,1998); echo 0,0,0,10,8,1998 = $tmpbr; $tmp = mktime(0,0,0,10,08,1998); echo 0,0,0,10,08,1998 = $tmpbr; $tmp = mktime(0,0,0,10,9,1998); echo 0,0,0,10,9,1998 = $tmpbr; $tmp = mktime(0,0,0,10,09,1998); echo 0,0,0,10,09,1998 = $tmpbr; ? - Original Message - From: Johnson, Kirk [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, January 02, 2003 8:50 PM Subject: [PHP] mktime() and the format of the day number entry OK, I am mktime() challenged. Can someone please explain these results to me? I have some test dates in October of 1998. For the days numbered 1-7, mktime() does not care whether I have a leading zero on the day or not, I get the same timestamp regardless, e.g., both a '7' and a '07' for the day number give the same timestamp. However, for the days 8-9, I get different timestamps for each if I use '8' versus '08' and '9' versus '09'. In these latter two cases, mktime treats both '08' and '09' as '0', and it gives the same timestamp as Oct 0 1998. What's up? The code is below if you want to have a look. Kirk Kirk Johnson [EMAIL PROTECTED] 0, as a number, is just as important as any other number. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Apache 2 and PHP
Last I heard, PHP and Apache 2 were not yet ready for production environments. Are there any further updates? What is the best way to keep up on the status of this? Any good sites in particular? TIA Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Apache 2 and PHP
Thanks for your reply, Davy. We are running *nix boxes, so I don't have any thoughts on XP and Apache. Kirk -Original Message- From: Davy Obdam [mailto:info;davyobdam.com] Sent: Thursday, November 07, 2002 3:29 PM To: Johnson, Kirk; [EMAIL PROTECTED] Subject: RE: [PHP] Apache 2 and PHP Hi Kirk,. I run apache 2.0.40 and PHP 4.2.3 without no problem on my windows XP machine. I use it for testing, but i would think its stable enough for a production environment aswell. I actualy think that on a win32 platform Apache 2 is a better choice instead of 1.3.x. Whats your opinion about this? Best regards, Davy Obdam mailto:info;davyobdam.com -Oorspronkelijk bericht- Van: Johnson, Kirk [mailto:kjohnson;zootweb.com] Verzonden: donderdag 7 november 2002 16:26 Aan: [EMAIL PROTECTED] Onderwerp: [PHP] Apache 2 and PHP Last I heard, PHP and Apache 2 were not yet ready for production environments. Are there any further updates? What is the best way to keep up on the status of this? Any good sites in particular? TIA Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] extract($_POST)
And what should these precautions be? If a malicious user can submit his own form and you are looking for a POST variable, how can you ensure that $admin came from your form and not that user's? The problem is when a cracker uses form variables in an attempt to set the values of flag variables kept only in the session, for example, $isAdmin. As far as the form variables *you* put in your form, it doesn't matter whether the user submits your form or a form they made themselves. Those form variables are just data you are trying to collect. With register_globals on, PHP takes *all* variables (GET, POST, COOKIE) received from the client and assigns them to global variables. So if the user posts a value for $isAdmin, she can give herself admin privileges. The key is to retrieve *only* the form variables *you* put in the form from the the $_POST array. So don't write a loop and grab *everything* from that array. Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] pass globals to functions???
?
// this is main
$foo = 'bar';
test();
test2();
function test() {
global $foo;
echo foo is $foobr;
}
function test2() {
echo foo is {$GLOBALS['foo']}br;
}
?
Kirk
Some have eluded to this but I haven't seen a working
example. I would like
to declare globals in my main script and then inside
functions that need
these globals just somehow use the $GLOBALS or something to
declare the
variables global in the function.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] global AND Register Globals with PHP 4.0.6 ??
register_globals() adds a variable to the *session*. The global statement brings a global variable into the *scope* of a function. Kirk What is the difference? variable. I read that register globals has some security issues. Are these the same, or is setting a variable as global and register globals different? NOTE: I am using PHP 4.0.6. Thanks for any assistance. :-) John Negretti Web Applications Developer Cox Communications www.cox.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: unless something...
There is no 'unless' in PHP, so you just have to grind it out. If you are
searching for known strings, rather than string *patterns*, use the strstr()
function here: http://www.php.net/manual/en/function.strstr.php.
So, something like:
if(!strstr($c,$a) !strstr($c,$b)) {
bla;
exit;
}
Completely untested ;) If you are looking for patterns, see preg_match(),
linked to from the link above.
Kirk
Magnus Solvang [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I'm used to the unless-statement in perl... How do I do this:
if string A or B are NOT in string C, then do something and quit.
In perl, I would do this:
unless ($c =~ /$a|$b/) {
blabla
exit 0
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: unless something...
Indeed, it is a negated something or other. -Original Message- From: David Buerer [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 12, 2002 11:23 AM To: '[EMAIL PROTECTED]' Subject: RE: [PHP] Re: unless something... True, but isn't unless just a negated while? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Project Suggestions
Things I want to do:
- convert this site into a dynamic one, where I can very easily
change the layout of things whenever it comes time to revamp
the site into a new design.
I have not worked with any of the templating systems, but here is a
home-grown one. Separate the page HTML into 3 pieces. Two of the pieces form
the shell, which is the HTML that is constant across groups of pages. The
third piece is the HTML that varies with each page. Build the two shell
files so that they form an empty td, into which the dynamic piece goes:
?
include(htmlShellHead.inc);
buildCurrentPage(); // or another include()
include(htmlShellFoot.inc);
?
Then, if you need to add a right-hand sidebar, for example, you just edit
the shell files, and all the pages using that shell get updated at once.
Simple way to update the look and feel across the whole site.
- insert all the products, their prices and related data into
a database (which would tie in with the above item, maybe by
means of functions, say, 'function
show_product('inkjet_prints')'
Sounds good.
- make it so that those responsible for price changes can make
their own changes to the database, so I don't have to deal with
it every time.
Making your own forms is probably best. We have done this with Java applets,
which may be overkill for you. The main thing to think about here is
authentication: making sure people can access only their own data and nobody
else's. Also, make sure everyone involved shares a clear idea of who bears
responsibility for update mistakes. If the user has the ability to change
their data, they have the ability to screw it up. Make a clear oversight
plan: how much reviewing of their changes you will do before the changes go
live, etc.
Good luck!
Kirk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Sessions...
Kondwani Spike Mkandawire wrote: Am I mistaken to assume that a Session is automatically destroyed if a Window Browser is closed? *Eventually* it is destroyed, but not at the instant the browser is closed. See the session.gc_maxlifetime and session.gc_probability settings in php.ini. If the session file is not accessed for a specified period of time, then it is deleted. Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Dynamically check radio buttons
If you made an array for your buttons, then you could use PHP's looping
constructs to process the array. Write the input tag like this:
INPUT NAME=Game[1] VALUE=1Chicago
The processing code will then have access to the array $Game indexed by the
game number, e.g., $Game[1].
Good luck!
Kirk
-Original Message-
From: Shew [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 01, 2002 9:19 AM
To: [EMAIL PROTECTED]
Subject: [PHP] Re: Dynamically check radio buttons
OK, changed the subject to what I think it should be about.
Anybody?
Shew [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Hi - I'm a TOTAL php NEWBIE - my 1st bit of code!!!.
Basically the input form page has 17 sets of radio buttons, each
representing one game with 2 options - team 1 and team 2.
What I want to
do
is a better way of checking each radio button value instead
of using an if
statement for each. This code doesn't really work - it
finds that vars
ALWAYS exist.
IE:
INPUT NAME=Game1 VALUE=1Chicago
INPUT NAME=Game1 VALUE=2whatever
INPUT NAME=Game2 VALUE=3Minny
INPUT NAME=Game2 VALUE=1Nobody
Code above is processed by the following code:
for ($GameIdx = 1; $GameIdx = 17; $GameIdx++) {
/* instead hardcoding each radio button name - just do it
programmatically
by concatenating / creating the name */
$frmGame = Game + $GameIdx;
if ($frmGame) {
/* U want to check if the length is 5 or 6 bytes because
it could be
game1 or game14 */
$Length = strlen($frmGame);
if ($Length == 5) {
$GetNumber = 1;
}
else {
$GetNumber = 2;
}
$GameID = intval(substr($frmGame, $Length - $GetNumber,
$GetNumber));
print Game --- $GameIdx - $frmGame - $GetNumber - $GameID BR;
if ($GameID == $GameIdx) {
print Yeah Match - $GameID = $GameIdx BR;
/* OK, here is where U want to do the actual insert */
}
} /* $frmGame endif */
}
?
Thanks
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] New way to make select boxes auto select
Nathan, this is a new idea to me and very interesting. Do you know what happens here if the error reporting is set to max? Are a bunch of unitialized variables warnings issued? Thanks for contributing this to the list. Kirk -Original Message- From: Nathan Cook [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 25, 2002 10:34 AM To: Php List Cc: David Chase Subject: [PHP] New way to make select boxes auto select You may already be doing it like this, but I think I found a new way to make select boxes auto-select (what data they put in) a lot easier. All you have to do is put a variable in each select tag that is equal to the value of the select option i.e.: option value=teacher $teacher -- then all you have to do is base the variable on that select name=interest $$interest = selected; quick and easy with out having to loop through an if elseif statement. Let me know if you like that method or have any objections. Full example below. print(select name=interest\n); // creates a variable with a name based on // the value of interest with a value of selected $$interest = selected; print(option value=- Select One -/option\n); print(option value=teacher $teacherTeacher/option\n); print(option value=lego $legoLego Enthusiast/option\n); print(option value=ymca $ymvaYMCA/option\n); print(/selectnbsp;nbsp;\n); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Sessions / logins / cookies / security
What I'm looking to do is when a user logs in, I start up the session.. I then have the registered session var to verify they are authenticated as they move throughout the site. Now, when they close the browser and come back, I want them to still be authenticated. I don't think this can be a secure authentication. By relying on a cookie for the authentication, the computer is being authenticated, not the user. So anyone using the machine will be seen as authenticated. Anyone who finds the cookie on a particular machine can place it on their own machine, then their machine becomes authenticated. If you need secure, real authentication, proof of the user's identity, the user has to be asked to login each visit, IMO. In theory, only they know their username and password. Am I understanding the goal? Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] gc_probability: requests tallied per server or domain?
On Tue, 2 Jul 2002, Johnson, Kirk wrote: Is the number of requests (used for garbage collection), tallied on a per server basis, or on a per domain basis? Pretty fair bet it's a per-server basis. miguel Thanks, miguel. That would be my guess, too. If both of us guessed the same thing, then we must be right. Right?!? ;) Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Need Help with $_SESSION.
Now, I still can not understand why the 2nd page show the $_SESSION as
blank. It is suppose to contain datas. The php.net stated
that $_SESSION
is global. Any comments?
register_globals on
---
Page 1
?
session_start();
$foo = 'bar';
session_register('foo');
$foo = 'someNewValue';
?
Page 2:
?
session_start();
echo $foo;
$foo = 'aDifferentValue';
?
register_globals off
Page 1:
?
session_start();
$_SESSION['foo'] = 'bar';
$_SESSION['foo'] = 'someNewValue';
?
Page 2:
?
session_start();
echo {$_SESSION['foo']}; // several syntaxes to do this
$_SESSION['foo'] = 'aDifferentValue';
?
Kirk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] gc_probability: requests tallied per server or domain?
Is the number of requests (used for garbage collection), tallied on a per server basis, or on a per domain basis? What about in a load-balanced environment? TIA Kirk 0, as a number, is just as important as any other number. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] How to use Session Variables
With register_globals on:
1. Put session_start() at the top of each page.
2. Initialize the variable, then call session_register():
$foo = 'bar';
session_register('foo');
3. Do all assignments to $foo, not $HTTP_SESSION_VAR['foo'], since $foo gets
written to $HTTP_SESSION_VAR['foo'] at the end of the current page, and so
will overwrite anything that was assigned to $HTTP_SESSION_VAR['foo'].
4. Because of #3, the value assigned to $foo won't be available in
$HTTP_SESSION_VAR['foo'] until the next page.
Clear as mud? I thought so ;)
Kirk
-Original Message-
From: Brandon [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 01, 2002 4:02 PM
To: [EMAIL PROTECTED]
Subject: [PHP] How to use Session Variables
Could anybody point me to a good tutorial/howto on how to
make a variable
accessible to all of my PHP pages? I'm running PHP 4.0.6 with
register_globals set to ON... (I cant change that). I've
tried with the
$HTTP_SESSION_VAR,$_SESSION, and session_register() method
but just can't
seem to make it work. Any help would be appreciated.
Thanks,
Brandon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] function definition causing problems?
Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting
T_STRING or T_VARIABLE or T_NUM_STRING in
C:\inetpub\wwwroot\PHP\cat_proto3.php on line 46
Line 46 corresponds to the form tag, as follows:
FORM ACTION=?php echo $_SERVER['PHP_SELF'] ? method=POST
When you echo out an array element, the name needs to be enclosed in
curlies, e.g.,
echo {$_SERVER['PHP_SELF']}
Sorry, can't give you the manual reference.
Kirk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] function definition causing problems?
I thought this syntax, an unquoted key name, was deprecated ;) From the manual at http://www.php.net/manual/en/language.types.array.php: You should always use quotes around an associative array index. Kirk Nope, use: echo This script is called $_SERVER[PHP_SELF]; -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] tracing include
You could look at $HTTP_SERVER_VARS['SCRIPT_NAME'] in the included file, for one. Kirk Hi, is there any way to know in the included file the filename of the parent file? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Netiquette
Foul! Top-post ;) *gives Ed a noogie* Concise is also good ;) *gives Erik a noogie* Erik wrote: I was going to stay out of the thread, because people have ways of doing -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] sessions trouble
Check the register_globals setting in php.ini. It looks like it is on on
the problem server. If so, then you have two choices:
1. Turn it off
2. Change your code to this style:
session_start();
$node = 10.2;
session_register('node');
echo $node;
Kirk
-Original Message-
From: Leston Drake [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 18, 2002 11:48 AM
To: [EMAIL PROTECTED]
Subject: [PHP] sessions trouble
Hello,
I am unable to retrieve session variables on my local server.
I'm using some code like this to test it (thanks to Ed):
--
session_start();
echo : . $_SESSION[node] . br;
$_SESSION[node] = 10.2;
echo : . $_SESSION[node] . br;
--
Then there is an href link to the same document, to test
whether or not it
can see $_SESSION[node] the next time.
It can't.
The output for both requests looks like this:
--
Warning: Undefined index: node in c:\program files\apache
group\apache\htdocs\test5.php on line 3
:
:10.2
test
--
On another server
(http://www.lpsoftware.com/phptest/test5.php) it works as
expected. But I can't figure out why it doesn't work here.
I'm running WinME, Apache 1.3.2, Php 4.1.2
I have cookies enabled (actually prompted so I can 'see' it) for my browser.
Is there some setting in php.ini that I need to change?
BTW, being a php newbie I really appreciate the helpful people on this
list! You're a great resource.
TIA,
Leston
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] sessions trouble
Is your version of PHP new enough to support the new $_SESSION[] array? If
it is not, use $HTTP_SESSION_VARS[].
-Original Message-
From: Leston Drake [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 18, 2002 12:29 PM
To: Johnson, Kirk
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP] sessions trouble
I have register_globals=Off (which is what I prefer to program for).
But if I change register_globals to On, and use the
session_register()
function, it works.
With register_globals Off, using $_SESSION doesn't work.
I thought that $_SESSION would work regardless of whether
register_globals
was On or Off.
At 12:19 PM 6/18/2002, you wrote:
Check the register_globals setting in php.ini. It looks like
it is on on
the problem server. If so, then you have two choices:
1. Turn it off
2. Change your code to this style:
session_start();
$node = 10.2;
session_register('node');
echo $node;
Kirk
-Original Message-
From: Leston Drake [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 18, 2002 11:48 AM
To: [EMAIL PROTECTED]
Subject: [PHP] sessions trouble
Hello,
I am unable to retrieve session variables on my local server.
I'm using some code like this to test it (thanks to Ed):
--
session_start();
echo : . $_SESSION[node] . br;
$_SESSION[node] = 10.2;
echo : . $_SESSION[node] . br;
--
Then there is an href link to the same document, to test
whether or not it
can see $_SESSION[node] the next time.
It can't.
The output for both requests looks like this:
--
Warning: Undefined index: node in c:\program files\apache
group\apache\htdocs\test5.php on line 3
:
:10.2
test
--
On another server
(http://www.lpsoftware.com/phptest/test5.php) it works as
expected. But I can't figure out why it doesn't work here.
I'm running WinME, Apache 1.3.2, Php 4.1.2
I have cookies enabled (actually prompted so I can 'see' it)
for my browser.
Is there some setting in php.ini that I need to change?
BTW, being a php newbie I really appreciate the helpful
people on this
list! You're a great resource.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] sessions trouble
Do you have an .htaccess file lying around that is changing the
register_globals setting? I think there was also a bug in the session
handling for one of the newer windows versions of PHP. You might check into
that, if it applies.
-Original Message-
From: Leston Drake [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 18, 2002 3:30 PM
To: Johnson, Kirk
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP] sessions trouble
I am using PHP 4.1.2, which I assume supports the $_SESSION
global array.
I've tried ...sigh... using $HTTP_SESSION_VARS, with the same result,
unfortunately.
At 02:12 PM 6/18/2002, you wrote:
Is your version of PHP new enough to support the new
$_SESSION[] array? If
it is not, use $HTTP_SESSION_VARS[].
-Original Message-
From: Leston Drake [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 18, 2002 12:29 PM
To: Johnson, Kirk
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP] sessions trouble
I have register_globals=Off (which is what I prefer to
program for).
But if I change register_globals to On, and use the
session_register()
function, it works.
With register_globals Off, using $_SESSION doesn't work.
I thought that $_SESSION would work regardless of whether
register_globals
was On or Off.
At 12:19 PM 6/18/2002, you wrote:
Check the register_globals setting in php.ini. It looks like
it is on on
the problem server. If so, then you have two choices:
1. Turn it off
2. Change your code to this style:
session_start();
$node = 10.2;
session_register('node');
echo $node;
Kirk
-Original Message-
From: Leston Drake [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 18, 2002 11:48 AM
To: [EMAIL PROTECTED]
Subject: [PHP] sessions trouble
Hello,
I am unable to retrieve session variables on my local server.
I'm using some code like this to test it (thanks to Ed):
--
session_start();
echo : . $_SESSION[node] . br;
$_SESSION[node] = 10.2;
echo : . $_SESSION[node] . br;
--
Then there is an href link to the same document, to test
whether or not it
can see $_SESSION[node] the next time.
It can't.
The output for both requests looks like this:
--
Warning: Undefined index: node in c:\program files\apache
group\apache\htdocs\test5.php on line 3
:
:10.2
test
--
On another server
(http://www.lpsoftware.com/phptest/test5.php) it works as
expected. But I can't figure out why it doesn't work here.
I'm running WinME, Apache 1.3.2, Php 4.1.2
I have cookies enabled (actually prompted so I can 'see' it)
for my browser.
Is there some setting in php.ini that I need to change?
BTW, being a php newbie I really appreciate the helpful
people on this
list! You're a great resource.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] the ?PHPSESSID=spoofme 'bug'
OK, I have questions. A session *file* is created, but it is empty. I know of only one way to get data into it, that is through a session variable. Session variables are controlled by the programmer, so unless the programmer is careless with their validation or register_globals setting, I don't see how anything harmful can get into the empty session file. The empty file will get cleaned up by garbage collection, like any other session file. I guess this could be a DOS attack, by filling up the inode space in /tmp, or making a really big table if the sessions are stored in the database. Anyone can easily get the name of a legitimate session file, so I don't see how things are worse off by creating a session file with a certain name. So, yes, I guess I do need more! :) Kirk -Original Message- From: Giancarlo Pinerolo [mailto:[EMAIL PROTECTED]] Sent: Friday, June 07, 2002 1:44 AM To: [EMAIL PROTECTED] Subject: [PHP] the ?PHPSESSID=spoofme 'bug' Can I tell you more than what the subject says? proceeding: Close the browser, clean all your cookies, and open any page with that ?PHPSESSID=spoofme appended. And see what happens. 1) No cookies are left 2) a session 'spoofme' is created Do you need more? Javascript url injection ad cross site scripting become obsolete with this 'feature'. PLS! I mean, as the zend site doesn't quite work like this (do the same test proceeding as described above...) Their session to append to your cookie-enabled browser location are Zend_Session_DB=whatever and Zend_Session_DB_SECURE=whatever2 on their login page. I don't know if this is related to the free downloadable version, and the one they sell and adopt is more 'fortified'... they should clearly state it then! Gian -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] comment followed by ? fails to parse
I have wondered for some time if this is a bug or just an interesting design choice ;) I agree with you, I was surprised when I first encountered this. But it is what it is, so code accordingly. Kirk -Original Message- From: Thalis A. Kalfigopoulos [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 28, 2002 1:21 PM To: [EMAIL PROTECTED] Subject: [PHP] comment followed by ? fails to parse If I write a comment line with // and I include in it ? then it fails to parse the rest of the page because (i'm guessing) the parser gets confused and goes off PHP mode. Is this normal? Shouldn't I be able to write literally ANYTHING on a comment line? Sample Code: ? //bla bla ? $var=1; ? Output: $var=1; ? cheers, thalis -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] comment followed by ? fails to parse
Which begs the question, why does PHP see a '?' in a '//' comment line, but not in a multi-line comment, e.g., /* ? */ ? -Original Message- From: Ed Gorski [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 28, 2002 2:46 PM To: Leotta Natalie (NCI/IMS); 'Jonathan Rosenberg'; Johnson, Kirk; [EMAIL PROTECTED] Subject: RE: [PHP] comment followed by ? fails to parse No the parser sees the ? after a // because it needs to see when to quit out (unlike traditional, compiled languages) but it won't have this same effect in a string literal. ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] comment followed by ? fails to parse
Well, one thing I know for sure is that there are members of the PHP develpment team that monitor this list. Maybe one of them will clear this up for us ;) Kirk -Original Message- From: Ed Gorski [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 28, 2002 3:04 PM To: Kevin Stone; [EMAIL PROTECTED] Subject: Re: [PHP] comment followed by ? fails to parse From my experience the PHP parser acts much like the HTML parser in the fact that it doesn't give a damn about carriage returns ed At 03:01 PM 5/28/2002 -0600, Kevin Stone wrote: Exactly.. it doesn't seem to make any sense. Esspecially since it's such as absolutely incredibly undeniably easy thing to check for. :) If the code doesn't end with an uncommented ? then just parse the code as text. That's what it does anyway so why catch commented code at all? - Original Message - From: Johnson, Kirk [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, May 28, 2002 2:55 PM Subject: RE: [PHP] comment followed by ? fails to parse Which begs the question, why does PHP see a '?' in a '//' comment line, but not in a multi-line comment, e.g., /* ? */ ? -Original Message- From: Ed Gorski [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 28, 2002 2:46 PM To: Leotta Natalie (NCI/IMS); 'Jonathan Rosenberg'; Johnson, Kirk; [EMAIL PROTECTED] Subject: RE: [PHP] comment followed by ? fails to parse No the parser sees the ? after a // because it needs to see when to quit out (unlike traditional, compiled languages) but it won't have this same effect in a string literal. ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] in_array problems (another pair of eyes?)
Unless you are using PHP version 4.2 or higher, the first argument can't be
an array.
Kirk
-Original Message-
From: Jas [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 21, 2002 11:46 AM
To: [EMAIL PROTECTED]
Subject: [PHP] in_array problems (another pair of eyes?)
I don't think I am using the syntax correctly, I have been
looking at this
function on php.net and everything I have seen says my code should be
working.
A form allows the user to upload a file:
form name=img1 method=post action=upload_done.php
enctype=multipart/form-data
input type=file name=img1 size=25
input type=submit name=Submit value=save
input type=reset name=reset value=reset
/form
Resulting file (upload_done.php):
?php
$types = array(.gif,
.jpg,
.jpeg,
.htm,
.pdf); //place file type into array
if (in_array(array ('.jpg', '.jpeg'), $types)) { //this is
the error line
(line 7)
print jpg file; }
?
And here is my error:
Warning: Wrong datatype for first argument in call to in_array in
upload_done.php on line 7
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] session_start() times and resets?
See session.gc_maxlifetime in php.ini. The session timer is based on the session file access (or modified?) timestamp. It gets reset every time the session data is accessed, which is every time a page using that session is requested. Kirk -Original Message- From: Smileyq [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 24, 2002 11:35 PM To: [EMAIL PROTECTED] Subject: [PHP] session_start() times and resets? I have one question that I've been working about. When you setup a session to last a particular time say 1 week. If the user comes back to that page because the week is over to reset the session does the user then at that time reset the timer to yet another week. I'm trying to figure out a way to set something like this up so that if they choose not to come back for a period of time the session will delete but if they do come back it will just reset for another week . -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Won't save session ids?
The coding style needs to match the register_globals setting in php.ini. register_globals on: $accountsession = $session; $accountemail = $email; session_register(accountsession); session_register(accountemail); register_globals off: Do just like you have it below, except remove the calls to session _register(). Kirk -Original Message- From: Johan Holst Nielsen [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 25, 2002 6:14 AM To: [EMAIL PROTECTED] Subject: [PHP] Won't save session ids? Hi people, I have a problem with my PHP scripts. I hope someone can help me? I run PHP 4.0.6, Redhat 7.1 When i tries to set a session and then redirect to the next page, the sessions is empty? Someone know how to solve this problem? The script looks like this: session_start(); session_register(accountsession); session_register(accountemail); $HTTP_SESSION_VARS[accountsession] = $session; $HTTP_SESSION_VARS[accountemail] = $email; header(Location: ./main.php); //The session and email variabel is from a output from a mysql query!! And this works fine! The mainpage tries to get the sessions. session_start(); echo Email:.$HTTP_SESSION_VARS[accountemail].br.$HTTP_SESSI ON_VARS[accountsession]; But i just get a Email: without any content? Please help me? Someone know whats wrong? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] what constants are in php like __FILE__
I'm just curious what other constants in php are defined. any hints where or how to find a list? http://www.php.net/manual/en/reserved.constants.php Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] How long does a session last? Need to have it at 20mins
Garbage collection is launched according to the gc_probablility. If it finds a session file that has not been modified for a longer time than gc_maxlifetime, it deletes it. So, whenever a user requests a page, they essentially reset the session timer to zero for that particular session, since the session file gets modified on each page request for that session. If you want to set a hard timeout of 20 minutes, you may need to write your own garbage collection process. Kirk -Original Message- From: Phil Powell [mailto:[EMAIL PROTECTED]] Sent: Friday, April 19, 2002 1:02 AM To: [EMAIL PROTECTED] Subject: [PHP] How long does a session last? Need to have it at 20mins I had thought that a session would last only 20 mins if session.gc_maxlifetime is set at 1440. Was I wrong in assuming this? I have pages that have session_start() at the top to persist the session throughout the life-cycle of these pages, however, I want the session to expire after 20 mins or so of use. How can I assure that the session will expire after 20 mins? Thanx Phil -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] parse error= doc contains no data
Try setting error_reporting = E_ALL ~E_NOTICE, or just E_ALL, in php.ini. Kirk -Original Message- From: Pedro Garre [mailto:[EMAIL PROTECTED]] Sent: Friday, April 19, 2002 11:25 AM To: php-general Subject: [PHP] parse error= doc contains no data I set my own error handler as described in the documentation. It seems to work, as I can catch NOTICE errors. The problem is that PARSE errors do not display anywhere, nor are catched by my error handler. The browser just says document contains no data. I know parse errors are not supposed to be catched by my error handler, but ... why are not them processed anywhere ? (display_errors is On in php.ini) Thanks in advance. Pedro. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] parse error= doc contains no data
Sorry, I missed the main point of your original question. No more ideas here. -Original Message- From: Pedro Garre [mailto:[EMAIL PROTECTED]] Sent: Friday, April 19, 2002 3:23 PM To: php-general Subject: Re: [PHP] parse error= doc contains no data *This message was transferred with a trial version of CommuniGate(tm) Pro* My php.ini has E_ALL and E_NOTICE I have tried several values with function error_reporting, including error_reporting(0) as recommended in the documentation. I am using the example of error handler function provided in the documentation. Note that if I don't set my own error_handler everything works and parse error messages are displayed as usual. More ideas ? Pedro. Johnson, Kirk escribió: *This message was transferred with a trial version of CommuniGate(tm) Pro* Try setting error_reporting = E_ALL ~E_NOTICE, or just E_ALL, in php.ini. Kirk -Original Message- From: Pedro Garre [mailto:[EMAIL PROTECTED]] Sent: Friday, April 19, 2002 11:25 AM To: php-general Subject: [PHP] parse error= doc contains no data I set my own error handler as described in the documentation. It seems to work, as I can catch NOTICE errors. The problem is that PARSE errors do not display anywhere, nor are catched by my error handler. The browser just says document contains no data. I know parse errors are not supposed to be catched by my error handler, but ... why are not them processed anywhere ? (display_errors is On in php.ini) Thanks in advance. Pedro. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Still having session problems
Are you absolutely positive register_globals is off? Is there an .htaccess
file laying around someplace that overrides php.ini and turns it on?
Sorry, I don't have any other ideas.
Kirk
-Original Message-
From: Patrick Aland [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 16, 2002 5:39 AM
To: [EMAIL PROTECTED]
Subject: [PHP] Still having session problems
I cannot for the life of me get the new $_SESSION method working.
Running php4.1.2 on apache 1.3.24 on RH6.2 Using the code below:
?
session_start();
if (!isset($_SESSION[count]))
{
$_SESSION[count] = 0;
}
else
{
$_SESSION[count]++;
}
print($_SESSION[count].BR\n);
?
A tmp file is created in /tmp but nothing is put in it.
If I turn register_globals on, the page above still doesn't
work, however if I start and
register the session via another page using the old method:
?
session_start();
if (!isset($count))
{
$count = 0;
}
else
{
$count++;
}
session_register(count);
print($count.BR\n);
?
and then go to the first page it does work and updates the
tmp file. Any
There is a bug for similar behavior in 4.1.2 on Windows but I
don't see
a reference to the linux version.
Any ideas? Thanks.
--
Patrick Aland [EMAIL PROTECTED]
Network Administrator Voice: 386.822.7217
Stetson University Fax: 386.822.7367
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] session_is_registered
With register_globals off, try this:
?php
session_start();
// Try either one of these to assign the session var.
$_SESSION['barney'] = A big purple dinosaur;
$HTTP_SESSION_VARS['barney'] = A big purple dinosaur;
header('Location: /');
exit;
?
?php
// Another page...
session_start();
// Try either one of these to echo the session var.
echo($_SESSION['barney']);
echo($HTTP_SESSION_VARS['barney']);
?
Kirk
-Original Message-
From: Norman Zhang [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 16, 2002 12:15 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] session_is_registered
Sorry. I'm still getting empty output. Are there some global
variables that
I must set in php.ini? phpinfo() tells me that I have
register_globals off
Session Support enabled
session.auto_startoff
session.cache_limiter nocache
session.cookie_secure off
Regards,
Norman
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] placing data outside the server root
Sure, just give it a try! Kirk -Original Message- From: andy [mailto:[EMAIL PROTECTED]] Sent: Monday, April 15, 2002 5:13 AM To: [EMAIL PROTECTED] Subject: [PHP] placing data outside the server root Hi there, is it possible to place data like images outside the server root, and if so does php still get access to them for displaying? thanx, Andy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Making sure a post request came from your site
Good starters. I would add one more starter item: don't blindly grab everything out of the $_POST[] array. Instead, only grab the variables that *you* put on the form page. A cracker might send you a name/value pair like $admin=1, trying to guess what flag you are using for admin users. Kirk -Original Message- From: Jason Wong [mailto:[EMAIL PROTECTED]] Sent: Friday, April 05, 2002 11:42 AM To: [EMAIL PROTECTED] Subject: Re: [PHP] Making sure a post request came from your site Ok, then how do you go about checking to make sure that submitted data is, in fact, benign and acceptable for your use? For starters: If it's supposed to be a number make sure that it is a number. If it's supposed to be a name make sure it only contains letters a-z A-Z spaces. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] clarification on magic quotes
I believe the escaping only occurs at the time GET/POST/COOKIE data is brought into the PHP namespace from the server. I recommend you don't removing escapes from a security standpoint. Do a search on SQL injection to find info on how crackers can mess with you when data from the client is not escaped. If you do choose to remove the escapes, be certain to really tighten down your input validation before writing any of the user input to a database. Kirk -Original Message- From: Erik Price [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 04, 2002 11:50 AM To: [EMAIL PROTECTED] Subject: [PHP] clarification on magic quotes The following quote is from http://www.php.net/manual/en/configuration.php#ini.magic-quotes-gpc magic_quotes_gpc boolean Sets the magic_quotes state for GPC (Get/Post/Cookie) operations. When magic_quotes are on, all ' (single-quote), (double quote), \ (backslash) and NUL's are escaped with a backslash automatically. If magic_quotes_sybase is also on, a single-quote is escaped with a single-quote instead of a backslash. I was hoping someone could just clarify something for me -- exactly WHAT is a Get/Post/Cookie operation in this case -- is it just during the uploading of Get/Post/Cookie data from the user agent, or is it also when I am taking a $_POST variable and passing it through a string-altering function, etc? I have a MySQL DB on the other side of my PHP scripts from the user, and am trying to decide whether or not I should stripslash() the data before entering it into the DB. This would defeat the purpose, but otherwise I end up with columns with values like Mike\'s Pleasure Hut or Jean D\'Arc, and this will make queries tricky in the future. Thank you for your advice. Erik Erik Price Web Developer Temp Media Lab, H.H. Brown [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Can not get session value???
Do you have a call to session_start() in the second file? You need this to access the session variables on the second page. Kirk -Original Message- From: N.D. Andini [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 02, 2002 3:20 AM To: [EMAIL PROTECTED] Subject: [PHP] Can not get session value??? I use php4.0.5, OS : WIN2000, Webserver : Apache I want to use session to make global variable in file php.ini. I have set item below become enabled - register_globals - auto_start - use_trans_sid (to compiled with --enable-trans-sid) in my first file myfirst.php, I register session like below : session_register (ses_useid); session_register (ses_usename); $ses_useid=4; $ses_usename=toto; and on second file mysecond.php, I get value of those session to check session value like below: print $ses_useid; print $ses_usename; but I have no result from mysecond.php Is there anybody can help me??? thx regards, Dini... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Emulating POST ?
http://www.zend.com/zend/spotlight/mimocsumissions.php#Heading6 http://marc.theaimsgroup.com/?l=php-generalm=92353052714384w=2 Kirk -Original Message- From: Devin Atencio [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 28, 2002 12:14 PM To: [EMAIL PROTECTED] Subject: [PHP] Emulating POST ? I need to somehow write a PHP Script that will POST XML type stuff to UPS like this: -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Adding stuff to the end of strings
Close! $message .= Some text here; Kirk -Original Message- From: David Johansen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 27, 2002 12:03 PM To: [EMAIL PROTECTED] Subject: [PHP] Adding stuff to the end of strings I was just wondering if there was a way to add new text to the end of strings. I tried doing $message += Some text here; but that just set $message to 0. I'm sure it's something simple but I couldn't find anything on it in the documentation. Dave -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Require variable declaration?
You can catch typos by setting the error reporting level to E_ALL (in php.ini). PHP will then give you a warning whenever a variable is used before it has been assigned a value. Kirk That's too bad, I used to do some ASP which is weakly typed too but I still could use Option Explicit to require variables to be declared. Then a small typo would produce very hard-to-find errors. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] header and session?
With register_globals on, $a and $b need to be registered using
session_register(). Don't assign them to $_SESSION, PHP does that for you
with register_globals on.
1.php
-
session_start();
$a = 'some_value';
$b = 'nuther_value';
session_register('a','b');
header(location: 2.php);
2.php
-
session_start();
echo a is $a;
echo b is $b;
-Original Message-
From: bob [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 25, 2002 8:52 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] header and session?
On Mon, 25 Mar 2002 08:54:27 -0700, [EMAIL PROTECTED] (Johny? ?rk)
wrote:
Do you have register_globals turned on or off in php.ini?
What values are $a
and $b being set to?
Kirk
-Original Message-
From: bob [mailto:[EMAIL PROTECTED]]
Sent: Sunday, March 24, 2002 4:21 PM
To: [EMAIL PROTECTED]
Subject: [PHP] header and session?
1.php?2.php
session_start(); session_start();
..
..
$_SESSION['a'] =$a; echo $_SESSION['a'];
$_SESSION['b'] =$b; echo $_SESSION['b'];
header(location: 2.php);
after jump to 2.php ,there is an warning: undefined index a ,b
if i change 1.php to
session_start();
..
$_SESSION['a'] =$a;
$_SESSION['b'] =$b;
a href='2.php' go on /a
it works well!
register_globals is on.$a,$b is set to $_SESSION array,which is
global in any scope.
the problem is i submit a login form to 1.php,which register some
session variable.then,in 2.php,i fail to print them out.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] [Session]
I am probably wrong about this, but I thought that you could register
session variables using this technique only if you are using
PHP 4.1.x
and you use the format:
$_SESSION['v_s'] = 500;
The key point is the register_globals setting in php.ini. If it is set to
on, then register variables this way, regardless of the version:
$v_s = 500;
session_register{'v_s');
If it is set to off, then do as above, assuming your version is new enough
to support the new array $_SESSION[]:
$_SESSION['v_s'] = 500;
The array $_SESSION[] is pretty new, maybe 4.1.2? Even with this new array,
you can still use the old method for registering variables. Also, in a
recent release, or else coming up shortly, the default setting for
register_globals will be changed from on to off.
Kirk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] header and session?
Do you have register_globals turned on or off in php.ini? What values are $a and $b being set to? Kirk -Original Message- From: bob [mailto:[EMAIL PROTECTED]] Sent: Sunday, March 24, 2002 4:21 PM To: [EMAIL PROTECTED] Subject: [PHP] header and session? 1.php?2.php session_start(); session_start(); .. .. $_SESSION['a'] =$a; echo $_SESSION['a']; $_SESSION['b'] =$b; echo $_SESSION['b']; header(location: 2.php); after jump to 2.php ,there is an warning: undefined index a ,b if i change 1.phpto session_start(); .. $_SESSION['a'] =$a; $_SESSION['b'] =$b; a href='2.php' go on /a it works well! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Stripslashes addslashes question ...
Have you echo'd the variables before the addslashes() call, to be sure that
the stripslashes() call is being executed?
Kirk
-Original Message-
From: John Kelly [mailto:[EMAIL PROTECTED]]
Sent: Saturday, March 23, 2002 12:59 AM
To: [EMAIL PROTECTED]
Subject: [PHP] Stripslashes addslashes question ...
Hi, can someone tell me why the following results in
evaluated variables
with 2 slashes in front of apostrophys instead of one and how
I can modify
it to only add 1? Thanks!
foreach($_POST as $k=$v){
if (get_magic_quotes_gpc()){
$_POST[$k] = stripslashes($v);
}
$_POST[$k] = addslashes($v);
eval( \$$k = \$_POST[$k]\; );
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] echo and Session Variables
Please note that an unquoted array key is now deprecated syntax. See
http://www.php.net/manual/en/language.types.array.php
Kirk
The single quotes in $_SESSION['myvar'] are not necessary. You're
reading an associative array in which a string is acting as a
pointer to
the index.
Example..
$myarray = array ('myvar' = 'myvalue');
echo $myarray[myvar]; // prints out 'myvalue'
-Kevin
-Original Message-
From: David Johansen [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 21, 2002 4:26 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] echo and Session Variables
Thanks that fixed the problem, but I have a question then. Am
I supposed
to
put the ' in the $_SESSION[] in the normal parts of code. Thanks,
Dave
Miguel Cruz [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
On Thu, 21 Mar 2002, David Johansen wrote:
I was just wondering if there's a way to use echo with session
variables.
When I try to do this:
?php
if (isset($_SESSION['x_Email']))
echo value=\$_SESSION['x_Email']\;
?
The issue is with the syntax you're using to refer to arrays within
double
quotes.
echo value=\{$_SESSION[x_Email]}\;
miguel
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP 4.2.0 Release Candidate 1
Where can we read a description of what is in this release? TIA Kirk A release candidate for PHP 4.2.0 has just been packed. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
