php-general Digest 11 Feb 2008 15:25:09 - Issue 5287
Topics (messages 269064 through 269084):
Trouble with PHP server script
269064 by: Robert Cox
269065 by: Nirmalya Lahiri
269066 by: Jim Lucas
269072 by: Nathan Rixham
Re: urgent !!! Please Help
Eric Butera wrote:
Why is it a security concern to execute another bit of code?
I really fail to see any security concern in doing e.g.
exec('gzip -c /tmp/myinputfile')
In the real world would that be your exact usage? Would the file to
be compressed be a variable by chance?
I think in
Stut wrote:
Per Jessen wrote:
Eric Butera wrote:
You should never use exec friends when there is another way around
the problem. It is a security concern.
Why is it a security concern to execute another bit of code?
I really fail to see any security concern in doing e.g.
Richard Kurth wrote:
Is there a way that I can call a function that will send an email and
then move on redirecting to another website without having to what for
the email to send?
SendEmail($memberemail,$MailFrom,$MailHost);
header(Location:http://domain.com;);
Yes:
mail( );
Paul Scott wrote:
Either that or in a db, but if you are already in clustering, you
probably have a memcached instance already right?
Am I right in thinking that memcached will replicate session information
across a cluster, and that your application is only safe as long as you
stick _all_
implement session_set_save_handler() with a database, or
ideally, memcache.
I use memcache with a secondary db backing. Works pretty well. I use it
for session data as well as any other uses I want to make of memcache.
Memcache makes it fast and using the db makes it more persistent and
able
Hi, can any suggest me how to read and display the content in a html page.
I tried phpexcelreadrer at http://sourceforge.net/projects/phpexcelreader/
but got error
Warning: require_once(Spreadsheet/Excel/Reader/OLERead.php)
[function.require-once]: failed to open stream: No such
On Feb 11, 2008 5:51 PM, srihari naidu [EMAIL PROTECTED] wrote:
Hi, can any suggest me how to read and display the content in a html page.
I tried phpexcelreadrer at http://sourceforge.net/projects/phpexcelreader/
but got error
Warning:
Hello Group,
I work for an executive search firm in Denver. I work with a handful of
carefully selected clients that are offering excellent opportunities for PHP
professionals. We are very excited to be working with these clients as they
offer extraordinary opportunities and top notch
Per Jessen wrote:
mike wrote:
Check out persistency in LVS for instance:
http://www.linuxvirtualserver.org/docs/persistence.html
i know persistence handling is an option in LVS, but i haven't seen
the need to use it. i use LVS right now without even bothering with
any of that.
Because
Per Jessen wrote:
Richard Kurth wrote:
Is there a way that I can call a function that will send an email and
then move on redirecting to another website without having to what for
the email to send?
SendEmail($memberemail,$MailFrom,$MailHost);
header(Location:http://domain.com;);
Yes:
On 2/11/08, Per Jessen [EMAIL PROTECTED] wrote:
Because you've chosen another option - memcached presumably - which is
more expensive over all. (IMHO).
mysql (stated above), and i already have a connection open each page...
On the next request, LVS will know not to try that server, and the
mike wrote:
Check out persistency in LVS for instance:
http://www.linuxvirtualserver.org/docs/persistence.html
i know persistence handling is an option in LVS, but i haven't seen
the need to use it. i use LVS right now without even bothering with
any of that.
Because you've chosen another
On Feb 11, 2008 12:47 PM, chetan rane [EMAIL PROTECTED] wrote:
Hi all
can you please let me know where i can find about Mem cache.
http://us.php.net/manual/en/ref.memcache.php
-nathan
Hi all
can you please let me know where i can find about Mem cache.
On Feb 11, 2008 11:11 PM, Nathan Nobbe [EMAIL PROTECTED] wrote:
On Feb 11, 2008 12:33 PM, chetan rane [EMAIL PROTECTED] wrote:
HI All
Can any one tell me what will be the best way to maintain session
information on a
On Mon, 2008-02-11 at 23:03 +0530, chetan rane wrote:
Can any one tell me what will be the best way to maintain session
information on a Multi Server Architecture i.e a Web Cluster.
Memcached session handler. Provides failover as well as speeding things
up significantly.
Either that or in a
HI All
Can any one tell me what will be the best way to maintain session
information on a Multi Server Architecture i.e a Web Cluster.
--
Have A pleasant Day
Chetan. D. Rane
Location: India
Contact: +91-9986057255
other ID: [EMAIL PROTECTED]
[EMAIL PROTECTED]
Per Jessen wrote:
Eric Butera wrote:
You should never use exec friends when there is another way around
the problem. It is a security concern.
Why is it a security concern to execute another bit of code?
I really fail to see any security concern in doing e.g.
exec('gzip -c
On Feb 11, 2008 11:58 AM, Per Jessen [EMAIL PROTECTED] wrote:
Eric Butera wrote:
You should never use exec friends when there is another way around
the problem. It is a security concern.
Why is it a security concern to execute another bit of code?
I really fail to see any security
On Feb 11, 2008 11:45 AM, David Giragosian [EMAIL PROTECTED] wrote:
At the request of a supervisor who only programs in Java, I installed
JavaBridge on an intranet web server running Apache 2.0.59 and PHP 5.1.6,
and we've gotten a few PHP/Java applications up and running.
Problem is, unless
Eric Butera wrote:
You should never use exec friends when there is another way around
the problem. It is a security concern.
Why is it a security concern to execute another bit of code?
I really fail to see any security concern in doing e.g.
exec('gzip -c /tmp/myinputfile')
/Per
At the request of a supervisor who only programs in Java, I installed
JavaBridge on an intranet web server running Apache 2.0.59 and PHP 5.1.6,
and we've gotten a few PHP/Java applications up and running.
Problem is, unless I'm having a senior moment, they only work if a user is
logged into the
On Feb 10, 2008 1:03 PM, Per Jessen [EMAIL PROTECTED] wrote:
Yep, you're right - I read mysql_query where the OP said mysql_result.
Don't feel bad. I did the exact same thing when I was reading
over the post just now.
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--;
On Feb 11, 2008 11:11 AM, Eric Butera [EMAIL PROTECTED] wrote:
On Feb 11, 2008 11:08 AM, Daniel Brown [EMAIL PROTECTED] wrote:
should work fine
if you don't have to. :)
which is my point. ;-P
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
On Feb 11, 2008 11:08 AM, Daniel Brown [EMAIL PROTECTED] wrote:
should work fine
That is enough of a point, right? Why even take the risk if you don't
have to. :)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Feb 11, 2008 10:59 AM, Eric Butera [EMAIL PROTECTED] wrote:
You should never use exec friends when there is another way around
the problem. It is a security concern.
Only as much as the design of the script allows.
Properly-filtered code (including using escapeshellarg() and
On Feb 11, 2008 7:41 AM, Hiep Nguyen [EMAIL PROTECTED] wrote:
any suggestion for a tutorial on session in php??? thanks.
http://www.google.com/search?q=working+with+php+sessions
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General
Eric Butera wrote:
I like it from a coding point of view (it's neat and elegant), but I
don't think it achieves anything else than my initial suggestion of
using exec(gzip -c).
Except for that little thing where you shouldn't be using execs in
public facing code.
Why not?
/Per
Injections only work on sloppy code.
If you are using globals you are asking for injections. Turn your globals off,
use $_POST[var_name] and filter all user input.
Just my opinion, I am sure some will disagree.
Richard L. Buskirk
## Show me a man with no fear, I will point out the date on his
I think i am not clear with my question. I know that the files are missing at
the correct location.
Please suggest me any other free code that i can use instead of the code
i tried.
Thanks in advance.
Regards,
Sri Hari.
Jay Blanchard [EMAIL PROTECTED] wrote:
[snip]
[snip]
Hi, can any suggest me how to read and display the content in a html
page.
I tried phpexcelreadrer at
http://sourceforge.net/projects/phpexcelreader/ but got error
Warning: require_once(Spreadsheet/Excel/Reader/OLERead.php)
[function.require-once]: failed to open stream: No
On Feb 11, 2008 4:55 PM, Stut [EMAIL PROTECTED] wrote:
Per Jessen wrote:
On the next request, LVS will know not to try that server, and the user
will move to another one. Obviously the session-context will die, but
is that really a big deal? How often does one of your servers die?
vote - combine richard and daniels replies and you have a winner!
Nathan
Richard Kurth wrote:
Is there a way that I can call a function that will send an email and
then move on redirecting to another website without having to what for
the email to send?
Per Jessen wrote:
Stut wrote:
Per Jessen wrote:
Eric Butera wrote:
You should never use exec friends when there is another way around
the problem. It is a security concern.
Why is it a security concern to execute another bit of code?
I really fail to see any security concern in doing
Yes, read the documentation and look at include and require in the php
documentation.
-Original Message-
From: srihari naidu [EMAIL PROTECTED]
Sent: Monday, February 11, 2008 5:51 PM
To: PHP Mail List php-general@lists.php.net
Subject: [PHP] How to read excel sheet and display it's
On 2/11/08, Nathan Nobbe [EMAIL PROTECTED] wrote:
when i was in dc at the conference last year, there were several speakers
from facebook. they claimed they have (had) 400 servers w/ 4TB of memory
at on the memcache tier.
actually, it's ~ 400 according to this (200 active / 200 hot spare) -
On 2/11/08, Per Jessen [EMAIL PROTECTED] wrote:
mike wrote:
I hope not. I've worked with this type of load-distribution since the
early 90s. (far from always IP-address based).
Check out persistency in LVS for instance:
http://www.linuxvirtualserver.org/docs/persistence.html
i know
mike wrote:
On 2/11/08, Per Jessen [EMAIL PROTECTED] wrote:
Make sure all requests from the same client go to the same server.
This is often done by IP-address.
isn't that an archaic piece of advice?
I hope not. I've worked with this type of load-distribution since the
early 90s. (far
On Feb 11, 2008 2:23 PM, Richard Kurth [EMAIL PROTECTED] wrote:
Is there a way that I can call a function that will send an email and
then move on redirecting to another website without having to what for
the email to send?
SendEmail($memberemail,$MailFrom,$MailHost);
chetan rane wrote:
HI All
Can any one tell me what will be the best way to maintain session
information on a Multi Server Architecture i.e a Web Cluster.
Make sure all requests from the same client go to the same server. This
is often done by IP-address.
/Per Jessen, Zürich
--
PHP
On Feb 11, 2008 12:33 PM, chetan rane [EMAIL PROTECTED] wrote:
HI All
Can any one tell me what will be the best way to maintain session
information on a Multi Server Architecture i.e a Web Cluster.
implement session_set_save_handler() with a database, or
ideally, memcache.
-nathan
As much as I admire Daniel, I think who ever sent me this question needs to
rethink thier naming convention.
On Feb 9,2008 12:47 PM, WHOAMI [EMAIL PROTECTED] wrote:
Would you use this to server auth?
if($_REQUEST['from']!=1567d5af328786cdc81ed0f456bf)
{
$DanielBrown_rules =
On Feb 11, 2008 10:40 AM, [EMAIL PROTECTED] wrote:
HEllo
with the next code i am trying for loading one file
$mibool = FALSE;
$Descriptor2 = fopen(usuarios.txt,r);
Does this file exist in the directory from which the script is
ultimately run, and is it readable?
yes (both)
On Feb 11, 2008 10:44 AM, Per Jessen [EMAIL PROTECTED] wrote:
Eric Butera wrote:
I like it from a coding point of view (it's neat and elegant), but I
don't think it achieves anything else than my initial suggestion of
using exec(gzip -c).
Except for that little thing where you
HEllo
with the next code i am trying for loading one file
$mibool = FALSE;
$Descriptor2 = fopen(usuarios.txt,r);
$usuarios=array();
$i=0;
while(!feof($Descriptor2)){
$buffer = fgets($Descriptor2,4086);
$usuarios[$i]=$buffer;
$i++;
}
fclose($Descriptor2);
$miusername =
Thanks. Sure, I know how to escape and filter the input.. But since not
all my sites use PDO yet, and I use some external code it would be a
good idea to also use an sql injection scanner.
Emil
[EMAIL PROTECTED] wrote:
Injections only work on sloppy code.
If you are using globals you are
This latest one is a new solution to me, but I have tried several others,
only to have them fail in short order. Seems that excel formats have
changed many times, and while some of these solutions work well with a
particular release of excel (2007 for this one, I think), I found that every
user
Stut wrote:
Yes:
mail( );
header(Location:http://domain.com;);
mail() only takes as long as it takes to drop the mail in your local
filesystem.
Not necessarily. As discussed at length on this list last month
sendmail (or a substitute) may try to deliver the message rather than
On 2/7/08, Daniel Brown [EMAIL PROTECTED] wrote:
Because who's to say you're selling to one client? If it's your
Intellectual Property, wouldn't you want to protect it, at least as
much as possible?
No, I think protecting software in any way is a waste if resources,
especially software
I've found it to be a lost cause to add pure white space in tabs during emails.
Most clients are helpful in making things user friendly by removing
leading white space. What i found did work on most machines at the time was
either just a newline or a Q: question\nA: answer\n which isn't as
I've just started using Try/catch and found the doc is a bit weak.
Best I can tell most, and likely all, our regular system functions do not throw
and an exception for the Exception handler.
Thus, you can put your code in a personal function, with a throw, or use the old
fashion way, e.g.,
On Fri, 8 Feb 2008, Jason Pruim wrote:
On Feb 8, 2008, at 10:14 AM, Hiep Nguyen wrote:
On Fri, 8 Feb 2008, Per Jessen wrote:
Hiep Nguyen wrote:
is there anyway to generate this into xls file w/o using fopen
fwrite to the server? my goal is to have a link after the table and
user can
I need to open a remote file with file() and I would like to put it
inside a try-catch but as far as I can tell file() does not raise an
exception if it fails. The following code:
try {
$data = file('http://myserver.com/myfile.txt');
$date = substr($data, 0);
exactly as stut said, try using double /n's or convert the email to html.
whilst testing always view email source to verify what your creating.
Nath
Stut wrote:
Angelo Zanetti wrote:
I am making email text based on some fields the user fills in and then
email
the admin the details.
I am
Angelo Zanetti wrote:
I am making email text based on some fields the user fills in and then email
the admin the details.
I am having a problem where sometimes the \n (new line) works and sometimes
it just does nothing. Im not sure the cause but I cant seem to figure it
out.
Looks like you're
Hi guys,
I am making email text based on some fields the user fills in and then email
the admin the details.
I am having a problem where sometimes the \n (new line) works and sometimes
it just does nothing. Im not sure the cause but I cant seem to figure it
out.
Here is a segment of code:
Robert Cox wrote:
Is it possible to use the $_SERVER['PHP_AUTH_USER']; construct in a URL
forwarded site? I am trying to find the authorised user id so that I can
access an SQL database with it. Anyone got some ideas?
PHP looks like this
?php
//Get User
$user =
On 2/11/08, Per Jessen [EMAIL PROTECTED] wrote:
Make sure all requests from the same client go to the same server. This
is often done by IP-address.
isn't that an archaic piece of advice?
with shared storage and database/memcache for sessions, i don't find
this is necessary at all. in fact,
Hi,
I have a strange problem here. I try to authenticate users with LDAP
at an Active Directory Server (AD). Everything works fine. Just in
some cases, authentication is not possible. As we discovered, this has
something to do with a strange DNS Server setting. Sometimes a nslookup
for the
On Mon, 2008-02-11 at 12:48 -0500, Nathan Nobbe wrote:
http://us.php.net/manual/en/ref.memcache.php
and http://www.danga.com/memcached/
--Paul
All Email originating from UWC is covered by disclaimer
http://www.uwc.ac.za/portal/public/portal_services/disclaimer.htm
--
PHP General
Daniel Brown wrote:
On Feb 11, 2008 11:12 AM, [EMAIL PROTECTED] wrote:
On Feb 11, 2008 10:40 AM, [EMAIL PROTECTED] wrote:
HEllo
with the next code i am trying for loading one file
$mibool = FALSE;
$Descriptor2 = fopen(usuarios.txt,r);
Does this file exist in the directory from which
No clue Daniel, was sent to me directly using a non returnable email. I had to
post it here because it had your name all over it.
I agree not your style at all.
Just beware another name for fan is (Stalker). lol
Rich.
On Feb 11, 2008 11:19 AM, [EMAIL PROTECTED] wrote:
As much as I admire
On Feb 11, 2008 11:19 AM, [EMAIL PROTECTED] wrote:
As much as I admire Daniel, I think who ever sent me this question needs to
rethink thier naming convention.
On Feb 9,2008 12:47 PM, WHOAMI [EMAIL PROTECTED] wrote:
Would you use this to server auth?
On Feb 11, 2008 10:40 AM, [EMAIL PROTECTED] wrote:
HEllo
with the next code i am trying for loading one file
$mibool = FALSE;
$Descriptor2 = fopen(usuarios.txt,r);
Does this file exist in the directory from which the script is
ultimately run, and is it readable?
$usuarios=array();
On Feb 11, 2008 7:10 AM, Angelo Zanetti [EMAIL PROTECTED] wrote:
Hi guys,
I am making email text based on some fields the user fills in and then email
the admin the details.
I am having a problem where sometimes the \n (new line) works and sometimes
it just does nothing. Im not sure the
Stut wrote:
Per Jessen wrote:
mike wrote:
Check out persistency in LVS for instance:
http://www.linuxvirtualserver.org/docs/persistence.html
i know persistence handling is an option in LVS, but i haven't seen
the need to use it. i use LVS right now without even bothering with
any of
[snip]
I think i am not clear with my question. I know that the files are
missing at the correct location.
Please suggest me any other free code that i can use instead of
the code i tried.
[/snip]
Convert the spreadsheet to CSV and then you can use fopen, fgets, etc.
to read the file.
--
Is there a way that I can call a function that will send an email and
then move on redirecting to another website without having to what for
the email to send?
SendEmail($memberemail,$MailFrom,$MailHost);
header(Location:http://domain.com;);
--
PHP General Mailing List (http://www.php.net/)
To
2008. 02. 11, hétfő keltezéssel 14.34-kor John Papas ezt írta:
I need to open a remote file with file() and I would like to put it
inside a try-catch but as far as I can tell file() does not raise an
exception if it fails. The following code:
try {
$data =
Richard Lynch wrote:
I don't know if it's before/after, but PHP can't change the GET
request to something it wasn't...
So THAT was the URL requested.
You might have some kind of funky mod_rewrite rule messing you up...
On Tue, January 29, 2008 5:22 am, Mick wrote:
Richard Lynch wrote:
On Feb 11, 2008 11:12 AM, [EMAIL PROTECTED] wrote:
On Feb 11, 2008 10:40 AM, [EMAIL PROTECTED] wrote:
HEllo
with the next code i am trying for loading one file
$mibool = FALSE;
$Descriptor2 = fopen(usuarios.txt,r);
Does this file exist in the directory from which the script
On Feb 10, 2008 10:09 PM, Robert Cox [EMAIL PROTECTED] wrote:
Is it possible to use the $_SERVER['PHP_AUTH_USER']; construct in a URL
forwarded site? I am trying to find the authorised user id so that I can
access an SQL database with it. Anyone got some ideas?
Once again I'll defer to
Tried http://www.codeplex.com/PHPExcel ?
I think i am not clear with my question. I know that the files are missing at the correct location.
Please suggest me any other free code that i can use instead of the code i tried.
Thanks in advance.
Regards,
Sri Hari.
Jay
2008. 02. 1, péntek keltezéssel 04.40-kor Robert Cummings ezt írta:
On Fri, 2008-02-01 at 10:11 +0100, Zoltán Németh wrote:
2008. 01. 31, csütörtök keltezéssel 12.47-kor Robert Cummings ezt írta:
On Thu, 2008-01-31 at 18:18 +0100, Jochem Maas wrote:
Eric Butera schreef:
On Jan 31,
Looks like you're using Outlook. It has an annoying feature where it
helpfully removes extra line breaks. This would appear to be what's
happening here.
When it does this it usually displays a notice somewhere to say it's
done this and offers a way to undo it.
Thanks, dam I
Hi!
I've been trying Nessus to search for sql injections and other security
issues. I'm quite sure Nessus is missing a lot of possible sql
injections (and maybe other stuff too). Are there any other tools that I
can install on my server that searches a bit more carefully? What do you
use and
On Feb 10, 2008 2:33 PM, Per Jessen [EMAIL PROTECTED] wrote:
Andrés Robinet wrote:
How about something like this? (Needs debugging and testing, but...
just a hint after all)
?php
ob_start(ob_gzhandler);
while ($someString = getTheNextPartOfTheLargeFile()) {
echo $someString;
I have to agree with this, CSV is the way to go. While you have to train your
users to save as CSV, you are better off using a more universal standard the
microshaft standards.
Sorry for the top posting, the Q doesn't like to bottom post. :/
Wolf
-Original Message-
From: Jay
mike wrote:
On 2/11/08, Per Jessen [EMAIL PROTECTED] wrote:
Because you've chosen another option - memcached presumably - which
is more expensive over all. (IMHO).
mysql (stated above), and i already have a connection open each
page...
Ah, so all you need is per-connection persistency.
79 matches
Mail list logo
