php-general Digest 9 Dec 2005 04:56:49 -0000 Issue 3840
Topics (messages 227149 through 227168):
Re: array carrying from one php page to another
227149 by: Sandy Keathley
Re: broken code....
227150 by: Mark Steudel
227152 by: Ben Blay
227156 by: Mark Steudel
set quota to disable ...
227151 by: Marc G. Fournier
Re: Preventing Cross Site Scripting Vulnerbilities
227153 by: Michael B Allen
Re: Mime-type handling
227154 by: Zack Bloom
Re: configuring the CLI version of PHP
227155 by: jonathan
QUERY_STRING Variables and POST
227157 by: Michael B Allen
227158 by: Roman Ivanov
227159 by: Michael B Allen
227161 by: Zack Bloom
227162 by: Chris Shiflett
227163 by: Michael Hulse
227164 by: Michael B Allen
href difference between OS's.
227160 by: Marlin Unruh
Curl Content-Encoding header?
227165 by: Kenneth Andresen
Re: What software do you use for writing PHP?
227166 by: Zack Bloom
227167 by: shining
Re: Call to undefined function mysql_real_escape_string()]
227168 by: Curt Zirzow
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
> I have an array $journal that I want to carry from a page (where it was
> created) to another page (a popup that shows the variables contents). Is
> this automatically available? or do I have to do something special to php??
One way:
$serArray = serialize($array);
<input type=hidden name=serArray value="<?php echo $serArray ?>">
At other end:
$array = unserialize($_POST['serArray']);
======================================
OR
session_start();
.
.
.
$_SESSION['array'] = serialize($array);
At other end:
$array = unserialize($_SESSION['array']);
If you change or repopulate the array, use the same session name, or, to be
safe,
$_SESSION['array'] = null;
before repopulating the session.
Make sure session_start() is on every page that needs access to the session
variable, including the popup.
SK
************************************************************
WebDesigns Internet Consulting
E-commerce Solutions
Application Development
Sandy Keathley
Zend Certified Engineer
[EMAIL PROTECTED]
972-569-8464
http://www.KeathleyWebs.com/
************************************************************
--- End Message ---
--- Begin Message ---
What happens when you print out journal?:
print_r( $journal );
Are your keys the exact case as your table fields?
ID vs id or Date vs date
-----Original Message-----
From: Eternity Records Webmaster [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 07, 2005 11:31 PM
To: [email protected]
Subject: [PHP] broken code....
I have this code that doesnt print the db results like they should... it
uses pear::db package for the database. Was wondering if anybody can figure
out how come it doesnt work...
<?php
require_once 'DB.php';
error_reporting('E_ALL');
$db =& DB::connect('mysql://root:[EMAIL PROTECTED]/eternityrecords');
if (PEAR::isError($db)) {
die($db->getMessage()); }
$results->query('select * from eternityrecords.journal'); if
(PEAR::isError($results)) { die($db->getMessage()); } //test the results
out..
?>
<table>
<?php
while($results->fetchInto($journal, DB_FETCHMODE_ASSOC)){ ?> <tr> <td><?php
echo $journal['ID']; ?></td> <td> <?php echo $journal['Date']; ?> </td> <td>
<?php echo $journal['Subject']; ?> </td> <td> <?php echo $journal['Entry'];
?> </td> </tr> <?php }?> </table> <?php $db->disconnect(); ?>
--
PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
> $results->query('select * from eternityrecords.journal');
Should this not be:
$results = $db->query('select * from eternityrecords.journal');
See:
http://pear.php.net/manual/en/package.database.db.db-result.fetchinto.php
Ben
--- End Message ---
--- Begin Message ---
Good catch:
So I normally do
$results =& $db->query ( "SELECT * FROM table" );
What is the difference between using the & and not using the &.
-----Original Message-----
From: Ben Blay [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 08, 2005 10:27 AM
To: [email protected]
Subject: Re: [PHP] broken code....
> $results->query('select * from eternityrecords.journal');
Should this not be:
$results = $db->query('select * from eternityrecords.journal');
See:
http://pear.php.net/manual/en/package.database.db.db-result.fetchinto.php
Ben
--
PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Has something changed in recent versions of cyrus imapd? I'm trying to
code up a PHP interface, or, rather, fix one ... according to the php man
age, I should be able to do:
imap_set_quota($mbox, 'user.'.$user, -1);
to disable it ... but if I do, it doesn't do anything ... and I can't pass
it "none", since the function above only accepts an int value ... did
doing:
sq user.scrappy -1
used to work from cyradm, and get changed at some point to only accept
'none'? and the php interface just hasn't caught up yet ... ?
thanks ...
----
Marc G. Fournier Hub.Org Networking Services (http://www.hub.org)
Email: [EMAIL PROTECTED] Yahoo!: yscrappy ICQ: 7615664
--- End Message ---
--- Begin Message ---
On Wed, 07 Dec 2005 14:33:07 -0500
Chris Shiflett <[EMAIL PROTECTED]> wrote:
> Michael B Allen wrote:
> > Can someone recommend a general method for avoiding / eliminating XSS
> > vulnerbilities with PHP?
>
> Yeah, escape output. It's really that simple.
Well after looking at this for a while I agree that makes the most
sense. It's a little unnerving to let scripts find their way into the
database but with in combination with strong validation that can be
minimized and in many cases eliminated.
Mike
--- End Message ---
--- Begin Message ---
mime types are very unreliable and should never be used for file type
authentication (they can also be faked by users). Instead you could try
using the extension of the file or an identifying statement in the file.
On 12/8/05, Manuel Vacelet <[EMAIL PROTECTED]> wrote:
>
> Hi all,
>
> I'm facing a bad behaviour of 'file' command used by fileinfo PECL module
> (recommanded for mime-type checking):
> * Some Microsoft Excel documents are detected as Microsoft Word documents
> * Some HTML files are just text/plain
> * ...
>
> I tested on multiple machines (with different version of file) and I
> sometimes obtain a diffrent behaviour but never the one expected :/ I also
> looked for the latest version of file but it seems that the file used to
> detect the mime-type is out of date...
>
> My questions are:
> * If you already encounter this problem, how did you solve it ?
> * Where can I find an up-to-date version of magic number list usable with
> file for mime type checking ?
>
> Thanks,
> Regards,
> Manuel
>
>
--- End Message ---
--- Begin Message ---
so the web server is running 5.0.4 and the cli version is running
4.3.11. Is there an easy way for me to switch the cli version to the
web version without a recomplie?
-jonathan
On Dec 6, 2005, at 1:10 AM, Marco Kaiser wrote:
Hi Jonathan,
/usr/bin/php
/usr/include/php
/usr/lib/php
How would I know which version in which?
"which php" should tell where your phpcli binary are.
php -v should tell you which php version you are running.
--
Marco Kaiser
--- End Message ---
--- Begin Message ---
I'm using the POST method but I would also like to access QUERY_STRING
parameters. Is there a convienient global array for these? If not,
what is the definitive method for accessing them?
Thanks,
Mike
--- End Message ---
--- Begin Message ---
Michael B Allen wrote:
I'm using the POST method but I would also like to access QUERY_STRING
parameters. Is there a convienient global array for these? If not,
what is the definitive method for accessing them?
$_GET
$_REQUEST
+
read manual
--- End Message ---
--- Begin Message ---
On Thu, 08 Dec 2005 17:56:14 -0500
Roman Ivanov <[EMAIL PROTECTED]> wrote:
> Michael B Allen wrote:
> > I'm using the POST method but I would also like to access QUERY_STRING
> > parameters. Is there a convienient global array for these? If not,
> > what is the definitive method for accessing them?
>
> $_GET
> $_REQUEST
> +
> read manual
Using the POST method and a URL like:
http://server.com/foo.php?name=value
I get:
$_SERVER['QUERY_STRING'] // empty string
$_GET['name'] // not defined
$_SERVER['PHP_SELF'] // no ?name=value
$_REQUEST['QUERY_STRING'] // empty string
Any ideas?
Thanks,
Mike
--- End Message ---
--- Begin Message ---
use $_REQUEST['name'] to get value
On 12/8/05, Michael B Allen <[EMAIL PROTECTED]> wrote:
>
> On Thu, 08 Dec 2005 17:56:14 -0500
> Roman Ivanov <[EMAIL PROTECTED]> wrote:
>
> > Michael B Allen wrote:
> > > I'm using the POST method but I would also like to access QUERY_STRING
> > > parameters. Is there a convienient global array for these? If not,
> > > what is the definitive method for accessing them?
> >
> > $_GET
> > $_REQUEST
> > +
> > read manual
>
> Using the POST method and a URL like:
>
> http://server.com/foo.php?name=value
>
> I get:
>
> $_SERVER['QUERY_STRING'] // empty string
> $_GET['name'] // not defined
> $_SERVER['PHP_SELF'] // no ?name=value
> $_REQUEST['QUERY_STRING'] // empty string
>
> Any ideas?
>
> Thanks,
> Mike
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
Michael B Allen wrote:
I'm using the POST method but I would also like to access
QUERY_STRING parameters. Is there a convienient global array
for these?
Yeah, $_GET. I know it seems a bit confusing, since the request method
is POST, not GET, but it's a reference to how data is passed when the
GET method is indicated in a form's method attribute.
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--- End Message ---
--- Begin Message ---
On Dec 8, 2005, at 2:46 PM, Michael B Allen wrote:
I'm using the POST method but I would also like to access QUERY_STRING
parameters. Is there a convienient global array for these? If not,
what is the definitive method for accessing them?
Not sure if this script will help, but you can point your form to it
and get back some useful info:
<?php
if (count($_REQUEST) > 0) {
echo 'Post '.count($_REQUEST)."Variables<br />\n";
while (list ($key, $val) = each ($_REQUEST)) {
$$key = $val;
if(is_array($$key)) {
for($a=0;$a<count($$key);$a++) echo $key."[".$a."] =
\"".$val[$a]."\"<br />\n";
} else { print "$key = \"$val\"<br />\n"; }
}
}
?>
--- End Message ---
--- Begin Message ---
Solved. My mistake. I was visiting the form with a URL that had
QUERY_STRING parameters but when I submit the form the QUERY_STRING is
not propagated.
In my particular case I replaced the form tag with the following PHP:
<?php
echo "<form action=\"" . $_SERVER['REQUEST_URI'] . "\" method=\"post\">";
?>
Also, regarding my original question, I think parse_str is what I want.
Thanks,
Mike
--- End Message ---
--- Begin Message ---
I have written a PHP script that creates dynamic links to CAD files on a
local machine. The anchors/links work on two W2K pro machines, but does
nothing on a XP pro machine where I really need the script to reside. I
am stumped if it is an Apache setting, IE setting, or what. I'm getting
desperate to get this going and get on with life (real work).
On the w2k machines while the pointer is over the link, the browser
status bar shows "file:///actual_path_to_file". On the XP machine the
status bar shows "Shortcut to file:///absolute_path_to_file(local)".
I have never got the links to work with Firefox (preferred browser) on
the w2k machines, but I'm sure it security issues. Probably the thing
with the XP machine.
--
Regards,
Marlin Unruh
Sunco Systems Inc.
(308) 326-4400
--- End Message ---
--- Begin Message ---
Hello all,
I have been trying to get the Content-Encoding header from Curl, but
have yet to manage.
Using curl from command line I have no problems simply using:
curl --compress page_to_get -o local_page_copy -D dumpheader.txt
The data gets compressed and uncompressed also in PHP, I am just looking
for a way to capture whether the compression was used or not, and in
case it was used, what Content-Encoding was used.
I would be happy for a tip to simply get the full response header too ;)
In advance thanks!
--- End Message ---
--- Begin Message ---
Notepad++ is inherently better then notepad (and textpad) and free.
I wish I had the punch card version. I have to rewire my php box everytime
I want to change something.
On 12/8/05, David Robley <[EMAIL PROTECTED]> wrote:
> John Nichel wrote:
>
> > Miles Thompson wrote:
> >> At 11:45 AM 12/7/2005, Jay Blanchard wrote:
> >>
> >>> [snip]
> >>> > Two words .... punch cards. 'Nuff said.
> >>> >
> >>>
> >>> Come on now Jay, we know you're old and all, but everyone knows that
> you
> >>> cannot edit php with punch cards. Hanging chads will cause too many
> >>> fatal errors. ;)
> >>> [/snip]
> >>>
> >>>
> >>> ROFLMMFAO!!!!
> >>
> >>
> >> Why these clumsy interfaces?
> >>
> >> Just plug the Firewire in your ear!
> >
> > n00b
> >
> > ;)
> >
>
> Punch cards? Looxury. Toggle switches on the front of the computer....
>
>
>
> Cheers
> --
> David Robley
>
> Circular Definition: see Definition, Circular.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
> Jim Moseby wrote:
>
> >>
> >> Curt Zirzow wrote:
> >> > On Tue, Dec 06, 2005 at 06:36:33PM +0100, M. Sokolewicz wrote:
> >> >
> >> >>Jason Petersen wrote:
> >> >>
> >> >>>On 12/6/05, Jeff McKeon <[EMAIL PROTECTED]> wrote:
> >> >>>
> >> >>>
> >> >>>>Hey all,
> >> >>>>
> >> >>>>Forever now I've been using Frontpage for all my web work
> >> including php.
> >> >>>>I'm sure there's better software out there that is more suited to
> >> >>>>writing and editing PHP pages. What do you all use?
> >> >>>>
> >> >>>
> >> >>>
> >> >>>Vim is my editor of preference. If I have to use Windows,
> >> I usually go
> >> >>>with
> >> >>>Homesite (because I already have a licensed copy) or
> >> Textpad (because it's
> >> >>>better than Notepad).
> >> >>>
> >> >>>IDEs? Who needs 'em ;)
> >> >>>
> >> >>>Best,
> >> >>>Jason
> >> >>>
> >> >>
> >> >>same here :)
> >> >>Vim on UNIX machines, and Textpad on Windows
> >> >
> >> >
> >> > man you guys are wimps.. gvim on windows... :)
> >>
> >> Pffffttttt....'Edit' in DOS. ;)
> >>
> >
> > (Pfffft * 2) 'edlin' in DOS. :P
>
> (Pfffft * 3) SPF on IBM mainframe
>
>
> Cheers
> --
> David Robley
>
> You have two choices for dinner: Take it or Leave it.
>
> --
> PHP General Mailing List (http://www.php.net/ )
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
Eclipse+PHPEclipse
2005/12/9, Zack Bloom <[EMAIL PROTECTED]>:
>
> Notepad++ is inherently better then notepad (and textpad) and free.
>
>
>
>
>
> I wish I had the punch card version. I have to rewire my php box
> everytime
> I want to change something.
>
>
> On 12/8/05, David Robley <[EMAIL PROTECTED]> wrote:
>
> > John Nichel wrote:
> >
> > > Miles Thompson wrote:
> > >> At 11:45 AM 12/7/2005, Jay Blanchard wrote:
> > >>
> > >>> [snip]
> > >>> > Two words .... punch cards. 'Nuff said.
> > >>> >
> > >>>
> > >>> Come on now Jay, we know you're old and all, but everyone knows that
> > you
> > >>> cannot edit php with punch cards. Hanging chads will cause too many
> > >>> fatal errors. ;)
> > >>> [/snip]
> > >>>
> > >>>
> > >>> ROFLMMFAO!!!!
> > >>
> > >>
> > >> Why these clumsy interfaces?
> > >>
> > >> Just plug the Firewire in your ear!
> > >
> > > n00b
> > >
> > > ;)
> > >
> >
> > Punch cards? Looxury. Toggle switches on the front of the computer....
> >
> >
> >
> > Cheers
> > --
> > David Robley
> >
> > Circular Definition: see Definition, Circular.
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> > Jim Moseby wrote:
> >
> > >>
> > >> Curt Zirzow wrote:
> > >> > On Tue, Dec 06, 2005 at 06:36:33PM +0100, M. Sokolewicz wrote:
> > >> >
> > >> >>Jason Petersen wrote:
> > >> >>
> > >> >>>On 12/6/05, Jeff McKeon <[EMAIL PROTECTED]> wrote:
> > >> >>>
> > >> >>>
> > >> >>>>Hey all,
> > >> >>>>
> > >> >>>>Forever now I've been using Frontpage for all my web work
> > >> including php.
> > >> >>>>I'm sure there's better software out there that is more suited to
> > >> >>>>writing and editing PHP pages. What do you all use?
> > >> >>>>
> > >> >>>
> > >> >>>
> > >> >>>Vim is my editor of preference. If I have to use Windows,
> > >> I usually go
> > >> >>>with
> > >> >>>Homesite (because I already have a licensed copy) or
> > >> Textpad (because it's
> > >> >>>better than Notepad).
> > >> >>>
> > >> >>>IDEs? Who needs 'em ;)
> > >> >>>
> > >> >>>Best,
> > >> >>>Jason
> > >> >>>
> > >> >>
> > >> >>same here :)
> > >> >>Vim on UNIX machines, and Textpad on Windows
> > >> >
> > >> >
> > >> > man you guys are wimps.. gvim on windows... :)
> > >>
> > >> Pffffttttt....'Edit' in DOS. ;)
> > >>
> > >
> > > (Pfffft * 2) 'edlin' in DOS. :P
> >
> > (Pfffft * 3) SPF on IBM mainframe
> >
> >
> > Cheers
> > --
> > David Robley
> >
> > You have two choices for dinner: Take it or Leave it.
> >
> > --
> > PHP General Mailing List (http://www.php.net/ )
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
>
--- End Message ---
--- Begin Message ---
On Thu, Dec 08, 2005 at 08:32:56AM -0500, Paul Hickey wrote:
> I have PHP compiled with mysqli.
>
> The standard answer from the Joomla forums is that I need to have
> "mysql" vice "mysqli". I was looking for a more global solution than
> having to modify the code for every component, module, mambot I want to
> use.
Well there is a rather global solution, but will require some work.
You would have to create a wrapper for all mysql* calls to use
mysqli, so for example:
<?php
if( !function_exists('mysql_connect') &&
function_exists('mysqli_real_connect') ) {
function mysql_connect($server, $username, $password) {
gobal $_mysql_mysqli_dbh_;
$_mysql_mysqli_dbh_ = mysqli_init();
return mysqli_real_connect($_mysql_mysqli_dbh_, $server, $username,
$password);
}
function mysql_real_escape_string($string, $dbh=false) {
if($dbh === $false) {
gobal $_mysql_mysqli_dbh_;
$dbh = $_mysql_mysqli_dbh_;
}
return mysqli_real_escape_string($dbh, $string);
}
// any other interface needed.
}
?>
I've been meaning to write something like this for the
Pear::PHP_Compat tool, it could help upgrading all your scripts to
mysqli interface, not to mention upgrading to php5.1
Curt.
--
cat .signature: No such file or directory
--- End Message ---
