php-general Digest 15 Mar 2006 16:51:06 -0000 Issue 4017
Topics (messages 231922 through 231952):
display array problem
231922 by: Mark
231923 by: Chris
dynamic form
231924 by: Mark
231927 by: Chris
Re: umlaut problem in firefox
231925 by: Andy
231926 by: Barry
231928 by: Andy
231946 by: tedd
string to integer conversion
231929 by: suresh kumar
231930 by: João Cândido de Souza Neto
231931 by: Robin Vickery
PHP HOSTNAME environment variable poltergeist
231932 by: Ruben Rubio Rey
please do my homework for me[was] Re: [PHP] string to integer conversion
231933 by: Jochem Maas
to check idle time of users
231934 by: suresh kumar
231935 by: Jay Blanchard
231940 by: Barry
231941 by: Miles Thompson
231945 by: Peter Lauri
Re: PHP/Oracle : bug with accent...
231936 by: Burhan
Re: Creating a unique index ID
231937 by: Burhan
Re: Printing library in PHP ?
231938 by: Burhan
Re: setcookie security concerns
231939 by: David Tulloh
231944 by: tedd
Re: Hostname Filtering
231942 by: Dan
Last array element not found
231943 by: Roman Rumisek
231952 by: Roman Rumisek
[NEWBIE GUIDE] For the benefit of new users
231947 by: Jay Blanchard
231950 by: John Nichel
231951 by: Jay Blanchard
REG-EXPR: Allowing limited number of special chars in usernames
231948 by: Holger Sunke
231949 by: Barry
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
php-general@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
Can anyone help me with this problem please!
the code below shows a football fixture for the entire season , round 1-22
but this takes up to much space on the webpage (very long page).
Is it possible to display one round at a time so its automatic.
At the moment- each week the admin closes a round ie: (round 2 closed) so i
want the page to display round 3 fixtures only for the entire week.
Can a script show the next round after the closed round (if round 1 is
closed go to next round -2- if thats closed go to next round which is 3,
until it gets a round thats not closed and shows the results.
The table
FIXTURES
Field Type Null Default
id int(11) No
round char(2) No 0
game int(11) No 0
date text No
home text No
away text No
winner text No
draw text No
closed char(1) No 0
comp_id int(11) No 0
margin int(11) No 0
<table width="100%" border="0" align="left" cellpadding="0"
cellspacing="0">
<tr bordercolor="#333333" bgcolor="#999999" class="tdb1">
<td align="center" bgcolor="#CCCCCC"
class="style23"><strong><font color="#000000">Round</font></strong></td>
<td align="center" bgcolor="#CCCCCC"
class="style23"><strong><font color="#000000">Game</font></strong></td>
<td align="center" bgcolor="#CCCCCC"
class="style23"><strong><font color="#000000">Date</font></strong></td>
<td align="center" bgcolor="#CCCCCC"
class="style23"><strong><font color="#000000">Home</font></strong></td>
<td width="26%" align="center" bgcolor="#CCCCCC"
class="style23"><strong><font color="#000000">Away</font></strong></td>
</tr>
<?php
//get fixtures
$query = mysql_query("SELECT * FROM fixtures WHERE comp_id = $comp_id");
$c = 0;
while ($result = mysql_fetch_array($query)) {
if ($c == 0) { ?>
<tr class="trb1">
<?php } else { ?>
<tr class="tdb1">
<?php } ?>
<td width="13%" align="center" bordercolor="#FFFFFF"
class="style23"><?php echo $result['round']; ?></td>
<td width="12%" align="center" bordercolor="#FFFFFF"
class="style23"><?php echo $result['game']; ?></td>
<td width="28%" align="center" bordercolor="#FFFFFF"
class="style23"><?php echo $result['date']; ?></td>
<td width="21%" align="center" bordercolor="#FFFFFF"
class="style23"><?php echo $result['home']; ?></td>
<td colspan="2" align="center" bordercolor="#FFFFFF"
class="style23"><?php echo $result['away']; ?></td>
</tr>
<?php
if ($c == 0) {
$c = 1;
} else {
$c = 0;
}
}
?>
</table>
--- End Message ---
--- Begin Message ---
Mark wrote:
Can anyone help me with this problem please!
the code below shows a football fixture for the entire season , round 1-22
but this takes up to much space on the webpage (very long page).
Is it possible to display one round at a time so its automatic.
At the moment- each week the admin closes a round ie: (round 2 closed) so i
want the page to display round 3 fixtures only for the entire week.
Can a script show the next round after the closed round (if round 1 is
closed go to next round -2- if thats closed go to next round which is 3,
until it gets a round thats not closed and shows the results.
The table
FIXTURES
Field Type Null Default
id int(11) No
round char(2) No 0
game int(11) No 0
date text No
home text No
away text No
winner text No
draw text No
closed char(1) No 0
comp_id int(11) No 0
margin int(11) No 0
I assume 'closed' becomes '1' when it's over.
change
SELECT * FROM fixtures WHERE comp_id = $comp_id
to
SELECT * FROM fixtures WHERE comp_id = $comp_id WHERE closed='0' ORDER
BY round ASC LIMIT 1;
The limit 1 will stop it fetching all rounds - if you don't want that,
remove the "limit 1".
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
Can anyone help to make this form dynamic, at hte moment a user picks a
round number from 1-22 but if that round is closed then sends them back to
this page. Anyway of making the form show the current round (as in sports
round fixtures) without adding another field to the table.
table below: ( round is initially '0' or 'Y' (when its closed))
<form name="form1" method="post" action="selections.php">
<table width="15%" border="0" align="center" cellpadding="4"
cellspacing="0">
<tr>
<td valign="top" class="trb1"><b>Round</b></td>
<td class="tdb1">
<select name="round">
<option value="1" selected>1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option>
<option value="11">11</option>
<option value="12">12</option>
<option value="13">13</option>
<option value="14">14</option>
<option value="15">15</option>
<option value="16">16</option>
<option value="17">17</option>
<option value="18">18</option>
<option value="19">19</option>
<option value="20">20</option>
<option value="21">21</option>
<option value="22">22</option>
<option value="QF">QF</option>
<option value="SF">SF</option>
<option value="PF">PF</option>
<option value="GF">GF</option>
</select>
</td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" name="select" value="Select">
</td>
</tr>
</table>
</form>
FIXTURES
Field Type Null Default
id int(11) No
round char(2) No 0
game int(11) No 0
date text No
home text No
away text No
winner text No
draw text No
closed char(1) No 0
comp_id int(11) No 0
margin int(11) No 0
--- End Message ---
--- Begin Message ---
On 3/15/06, Mark <[EMAIL PROTECTED]> wrote:
> Can anyone help to make this form dynamic, at hte moment a user picks a
> round number from 1-22 but if that round is closed then sends them back to
> this page. Anyway of making the form show the current round (as in sports
> round fixtures) without adding another field to the table.
<snip>
> FIXTURES
>
> Field Type Null Default
> id int(11) No
> round char(2) No 0
> game int(11) No 0
> date text No
> home text No
> away text No
> winner text No
> draw text No
> closed char(1) No 0
> comp_id int(11) No 0
> margin int(11) No 0
Get the current round the same way from your other question:
$query = "select round from fixtures where comp_id='x' where
closed='0' order by round asc limit 1";
$result = mysql_query($query);
$row = mysql_fetch_assoc($result);
$current_round = $row['round'];
then use that to pre-select your dropdown list.
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
My problem still remains open!!!! Help!!!
I noticed that if the umlauts are received correctly but they are not
submitted in the right way.
For a ö I receive a POST as: ö
From the DB I get the text correctly.
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
The DB encoding is : iso-8859-1.
Now, the strange thing is that is does not appear ALWAYS and only sometimes
and only in firefox.
So.. I cannot really reproduce the error every time.... which is hard to
debug.
Regards.
----- Original Message -----
From: "Barry" <[EMAIL PROTECTED]>
To: <php-general@lists.php.net>
Sent: Friday, February 17, 2006 11:05 AM
Subject: [PHP] Re: umlaut problem in firefox
Andy wrote:
Hi to all,
I just reinstalled one of our servers last week, and I am noticing a
wierd
problem.
On the old one was php4 running. Suse 9.1 OS. Everything worked very
well.
On the new one Suse 10. Php5.
Only with firefox (sometimes and not always!!!!) and only on some
computers
the umlauts öäüüü characters are not displayed correctly and they are not
submitted correctly to the system. Since then we have some strange
problems
with our application.
Example:
S�dbrookmerland instead of Südbrookmerland
It seems like an encoding problem, but I really didn't figure it out
untill
now.
Any ideeas???
Best Regards,
Andy.
This looks like a problem with your encoding.
Have you added this to your HTML header?
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
Do you get the Text out of the database?
How is it encoded?
Also you can use recode() to recode a string.
http://de3.php.net/manual/en/function.recode-string.php
Greets Barry
--
Smileys rule (cX.x)C --o(^_^o)
Dance for me! ^(^_^)o (o^_^)o o(^_^)^ o(^_^o)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Andy wrote:
My problem still remains open!!!! Help!!!
I noticed that if the umlauts are received correctly but they are not
submitted in the right way.
For a ö I receive a POST as: ö
From the DB I get the text correctly.
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
The DB encoding is : iso-8859-1.
Now, the strange thing is that is does not appear ALWAYS and only sometimes
and only in firefox.
So.. I cannot really reproduce the error every time.... which is hard to
debug.
-snip-
POST as: ö
-snap-
This is Unicode UTF-8 encoding.
If this error occours again check the following:
added tag in HTML:
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
If this is set check if the browser is set correctly:
View -> charencoding/websitencoding
Check if it is set to Western ISO 8859-1
check how it is given out in the sourcecode.
check if there are entries which have an other kollation than the other
entries.
This is what i can think of.
--
Smileys rule (cX.x)C --o(^_^o)
Dance for me! ^(^_^)o (o^_^)o o(^_^)^ o(^_^o)
--- End Message ---
--- Begin Message ---
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
This is in the header. If I look at page info in firefox I get: text/html;
charset=iso-8859-1. So the setted encoding is correct.
The problem that I noticed is that the umlauts are displayed correctly but
when I submit them in the POST or GET array I receive them modified.
This happens on 2 different servers. The same behavior. Apache2 + php5. With
php4 I didn't have this problem.
The really stupid thing is.... that.... sometimes works well.
Andy.
----- Original Message -----
From: "Barry" <[EMAIL PROTECTED]>
To: <php-general@lists.php.net>
Sent: Wednesday, March 15, 2006 11:21 AM
Subject: Re: [PHP] Re: umlaut problem in firefox
Andy wrote:
My problem still remains open!!!! Help!!!
I noticed that if the umlauts are received correctly but they are not
submitted in the right way.
For a ö I receive a POST as: ö
From the DB I get the text correctly.
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
The DB encoding is : iso-8859-1.
Now, the strange thing is that is does not appear ALWAYS and only
sometimes
and only in firefox.
So.. I cannot really reproduce the error every time.... which is hard to
debug.
-snip-
POST as: ö
-snap-
This is Unicode UTF-8 encoding.
If this error occours again check the following:
added tag in HTML:
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
If this is set check if the browser is set correctly:
View -> charencoding/websitencoding
Check if it is set to Western ISO 8859-1
check how it is given out in the sourcecode.
check if there are entries which have an other kollation than the other
entries.
This is what i can think of.
--
Smileys rule (cX.x)C --o(^_^o)
Dance for me! ^(^_^)o (o^_^)o o(^_^)^ o(^_^o)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
My problem still remains open!!!! Help!!!
I noticed that if the umlauts are received
correctly but they are not submitted in the
right way.
For a ö I receive a POST as: ö
From the DB I get the text correctly.
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
The DB encoding is : iso-8859-1.
Now, the strange thing is that is does not appear ALWAYS and only sometimes
and only in firefox.
So.. I cannot really reproduce the error every time.... which is hard to
debug.
As Barry said, the is a Unicode UTF-8 encoding.
So, instead of charset=iso-8859-1 it should be charset=UTF-8
Then, I suggest you look-up the code-point of the
character you want to use and remember that
code-points (HEX) don't work in html (DEC), so
you'll have to make that translation to display
them.
This link might help:
http://robinv.pastebin.com/592400
HTH's
tedd
--
--------------------------------------------------------------------------------
http://sperling.com
--- End Message ---
--- Begin Message ---
i am facing one problem in type casting.
$accno="00002927";
$accno=$accno+1;
its o/p is 2928. but i want output to be 00002928.i am
waiting response from u.
__________________________________________________________
Yahoo! India Matrimony: Find your partner now. Go to http://yahoo.shaadi.com
--- End Message ---
--- Begin Message ---
Try this:
$accno="00002927";
$accno=substr("00000000",0,(8-strlen($accno+1))).($accno+1);
I don't test, but i hope it'll work fine.
suresh kumar wrote:
> i am facing one problem in type casting.
> $accno="00002927";
> $accno=$accno+1;
> its o/p is 2928. but i want output to be 00002928.i am
> waiting response from u.
>
>
>
> __________________________________________________________
> Yahoo! India Matrimony: Find your partner now. Go to
> http://yahoo.shaadi.com
--
---------------------------------------------------
João Cândido de Souza Neto
Web Developer
--- End Message ---
--- Begin Message ---
On 15/03/06, suresh kumar <[EMAIL PROTECTED]> wrote:
> i am facing one problem in type casting.
> $accno="00002927";
> $accno=$accno+1;
> its o/p is 2928. but i want output to be 00002928.i am
> waiting response from u.
$accno = sprintf('%08d', $accno+1);
-robin
--- End Message ---
--- Begin Message ---
Im having again a problem with hostname environment varible.
Hostname is set OK and it is now shown in phpinfo().
But if I run "php -i" hostname is set!
Any ideas?
Php version: 5.1.2
Configure './configure' '--with-apxs2=/usr/local/apache2/bin/apxs'
'--with-gettext' '--with-pgsql' '--enable-track-vars'
'--enable-force-cgi-redirect' '--with-mime-magic'
Thanks in advance, Im completely lost.
Any ideas will be appreciated.
Note 1: I have another server (shold be exactly the same in
configuracion, at least in apache and php _IS_ exactly the same) and
hostname variable is shown in phpinfo.
Note 2: hostname command and echo $HOSTNAME shows correctly hosname.
Note 3: Php bug?
--- End Message ---
--- Begin Message ---
suresh kumar wrote:
i am facing one problem in type casting.
$accno="00002927";
$accno=$accno+1;
its o/p is 2928. but i want output to be 00002928.i am
my h/t is g/d but if d/l is w/h then I w/s but only if it's g/v
waiting response from u.
from what I gather your always waiting for a response. here is a
not so subtle hint: READ THE F***ING MANUAL AND SEARCH THE F***ING WEB.
seeing as you know both the terms 'PHP' and 'type casting' you might consider
starting off by using those as search terms - search terms are generally
entered into what we like to call a search engine. here is a link to one just
in case the concept is completely alien to you:
http://yahoo.com/
and if your feeling really adventurous why not try writing a few lines of
code to investigate the problem.
e.g.
php -r '$a = "000281";var_dump(($a + 1), ($a . 1), ($a . strval(1)));'
OUTPUTS:
int(282)
string(7) "0002811"
string(7) "0002811"
__________________________________________________________
Yahoo! India Matrimony: Find your partner now. Go to http://yahoo.shaadi.com
--- End Message ---
--- Begin Message ---
in windows,if user idle for 1 minute,his desktop
screen is changed to screen saver.i like to implement
the same logic in my project if user is idle for 3
minutes its session will have to automatically
destroy.i am waiting for or response.
__________________________________________________________
Yahoo! India Matrimony: Find your partner now. Go to http://yahoo.shaadi.com
--- End Message ---
--- Begin Message ---
[snip]
in windows,if user idle for 1 minute,his desktop
screen is changed to screen saver.i like to implement
the same logic in my project if user is idle for 3
minutes its session will have to automatically
destroy.i am waiting for or response.
[/snip]
Wow dude, you really have never RTFM and don't want to, do you?
http://www.php.net/session
--- End Message ---
--- Begin Message ---
suresh kumar wrote:
in windows,if user idle for 1 minute,his desktop
screen is changed to screen saver.i like to implement
the same logic in my project if user is idle for 3
minutes its session will have to automatically
destroy.i am waiting for or response.
__________________________________________________________
Yahoo! India Matrimony: Find your partner now. Go to http://yahoo.shaadi.com
~ set php.ini session timeout ~
--
Smileys rule (cX.x)C --o(^_^o)
Dance for me! ^(^_^)o (o^_^)o o(^_^)^ o(^_^o)
--- End Message ---
--- Begin Message ---
At 09:32 AM 3/15/2006, suresh kumar wrote:
in windows,if user idle for 1 minute,his desktop
screen is changed to screen saver.i like to implement
the same logic in my project if user is idle for 3
minutes its session will have to automatically
destroy.i am waiting for or response.
Fergawdsake - read the bloody manual!!
Hint anything associated with "session" is a good place to start
looking. You ask question after question that can be solved by checking
the docs.
Further hint - you're earning a rep for asking questions easily resolved
from the docs. Two things can now happen: people will filter you out, or
when you have a real problem it will not be looked at.
And don't be so damned arrogant you end with "i am waiting for or (sic)
reponse". No one on this list is another's servant.
Regards - Miles
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.375 / Virus Database: 268.2.1/279 - Release Date: 3/10/2006
--- End Message ---
--- Begin Message ---
Miles,
Please do not scare away people from the list. There can be many reasons why
he asks this question without looking at the documentation first.
1: He/She is maybe new to this subject, and do not have a lot of experience
with reading docs.
2: He/She maybe don't have English as mother language that will make manuals
difficult to understand etc.
In the beginning of my "life" in the PHP and web programming world, I found
the docs extremely difficult to understand. You learn by doing, and this is
maybe his way to start to learn.
If you find this so "Fergawdsake", just ignore it, someone else might see
this in a deeper way then you seem to do. You just reference to you
knowledge, without being able to reference to others depth of knowledge.
Miles, sit down and read your reply again, and you might learn something you
too.
Best regards,
Peter Lauri
PS! This post might not belong to the list, but I think it is important to
address that we can not all be best, we are all at different levels and see
problems different DS!
-----Original Message-----
From: Miles Thompson [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 15, 2006 9:55 PM
To: php
Subject: Re: [PHP] to check idle time of users
At 09:32 AM 3/15/2006, suresh kumar wrote:
>in windows,if user idle for 1 minute,his desktop
>screen is changed to screen saver.i like to implement
>the same logic in my project if user is idle for 3
>minutes its session will have to automatically
>destroy.i am waiting for or response.
Fergawdsake - read the bloody manual!!
Hint anything associated with "session" is a good place to start
looking. You ask question after question that can be solved by checking
the docs.
Further hint - you're earning a rep for asking questions easily resolved
from the docs. Two things can now happen: people will filter you out, or
when you have a real problem it will not be looked at.
And don't be so damned arrogant you end with "i am waiting for or (sic)
reponse". No one on this list is another's servant.
Regards - Miles
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.375 / Virus Database: 268.2.1/279 - Release Date: 3/10/2006
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
David BERCOT wrote:
Hi,
I have a big problem with my Debian server (Apache 2, PHP 5, Oracle
Instant Client). I've modified the environment variable NLS_LANG and,
with SQL*Plus, everything is ok ! But, in a PHP page, I can't insert a
value with accent (ex: Irène). I can read data with accent, but not
inserting !!!
I searched all the afternoon, testing many solutions, without success. I
think I'm not alone with this problem but...
Do you have any clue ? Something to look at ?
Try looking at the multi-byte string functions. Not sure if that would
help you or not though.
--- End Message ---
--- Begin Message ---
tedd wrote:
Hey all,
I've got a project where I'm taking form information from the user and
writing records to several tables in a MySQL database.
The problem I'm having is I need to write a unique number for the ID
column of the records. Auto increment won't work because I could have
conflicts due to replication of the database servers. Anyone have any
techique they use for creating unique ID field entries in a db table?
I was thinking maybe using a random 3 digit number and a unix timestamp?
Jeff
Jeff:
Look into getmypid() and uniqid() or combine the two.
How about using a DB abstraction layer that provides its own method of
implementing sequences? Wouldn't this take away the auto_increment problem?
--- End Message ---
--- Begin Message ---
robert mena wrote:
Hi Manuel,
I am trying to print from the client side. The client will be windows.
Use ActiveX if you can get them to stick with IE (shouldn't be a problem).
Google for 'ScriptX.cab' -- a free printing control that lets to fine
tune printing.
--- End Message ---
--- Begin Message ---
>>
>> If this is the value directly from the cookie, it's an example of a
>> cross-site scripting (XSS) vulnerability.
>>
>>> header("Location: $HTTP_REFERER");
>>
>>
>> This is an HTTP response splitting vulnerability, because the Referer
>> header (like the Cookie header) is provided by the client. Future
>> versions of PHP will not allow more than one header per header() call,
>> but this has been possible until now.
>>
>>
>>> 3. If so, what do I do to correct this?
>>
>>
>> Don't trust any input without inspecting it first. In your case, this
>> is particularly easy, because you can just make sure that the value is
>> one of the few valid values.
>>
>> Hope that helps.
>>
>> Chris
>
>
> Chris:
>
> Yes, it helps and I thank you for your comments.
>
> Your question: "It's not entirely clear from this example, but am I
> correct in assuming that $thestyle is the same as $_COOKIE['thestyle']
> in this case? In other words, are you relying on register_globals or
> assigning the value yourself?"
>
> The example is here:
>
> http://www.sperling.com/examples/styleswitch/
>
> The complete php code (i.e., switch.php) is:
>
> <?php
> setcookie ('thestyle', $set, time()+31536000, '/', '', 0);
> header("Location: $HTTP_REFERER");
> ?>
>
> And the value is assigned by the user via a click:
>
> <a href="switch.php?set=style2">Green</a> or <a
> href="switch.php?set=style1">Red</a>
>
> And, the style sheet is determined by:
>
> <link rel="stylesheet" type="text/css" media="screen" href="<?php
> echo(!$thestyle)?'style1':$thestyle ?>.css" >
>
> As such, I am expecting the user to provide the value of 'thestyle' via
> his choice.
>
> However, let's say a malicious user would try to do something -- what
> could he actually do?
The user could insert arbitary HTML where you have the variable. For
example they could insert:
style1.css"><script language="JavaScript"
type="text/JavaScript">...</script><meta name="bye" content="
This would allow them to run arbitary javascript on the clients computer.
An interesting question in this case is how to do an injection using
cookies, injection attacks are generally performed using post & get data
as they can be inserted to a link on another page. Getting a working
exploit would probably come down to how the browser implemented the
cookie security; who can set cookies where.
Regardless, it's not worth the risk. Checking for valid values or using
htmlentities to make the variable safe is a quick and simple solution.
Getting into the practice of screening all user data either manually or
using the input_filter extension will also save you from these problems
in the future.
David
--- End Message ---
--- Begin Message ---
An interesting question in this case is how to do an injection using
cookies, injection attacks are generally performed using post & get data
as they can be inserted to a link on another page. Getting a working
exploit would probably come down to how the browser implemented the
cookie security; who can set cookies where.
Regardless, it's not worth the risk. Checking for valid values or using
htmlentities to make the variable safe is a quick and simple solution.
Getting into the practice of screening all user data either manually or
using the input_filter extension will also save you from these problems
in the future.
David
David:
I thank you for your explanation.
I experienced an injection attack on a php-form I wrote/provided
where someone entered an incomplete html tag that created problems
for the form. So, I realize the potential, I just don't know the
scope of those types of problems and that was one of the reasons why
I asked about this specific cookie issue.
What could a hacker do by injecting whatever into a cookie that
resides client-side on his computer?
tedd
ps: With the form, I solved it by using htmlentities
--
--------------------------------------------------------------------------------
http://sperling.com
--- End Message ---
--- Begin Message ---
The hostname lookup does not impact performance at all. I am only
doing a look-up on the remote ip of the user not on my full blacklist.
I am using this on a site to log hits to a banner ad and on listings
on a ebay style marketplace. I log the IP and the hostname on a look-
up.
Dan T
On Mar 14, 2006, at 11:30 AM, Philip Hallstrom wrote:
I have a few PHP scripts where I log hit to a page i.e. IP and
hostname via a look up.
What I want to do is create essentially a blacklist to prevent
bots and other hosts and IP from being logged and skewing my
stats. My local IP/host and the MSN and Googlebot hits should not
be in my stats or at least I can flag them to hide them.
For example:
$blacklist = array(
'*.wavefront.ca',
'*.googlebot.com',
'msnbot.msn.com',
'*.inktomisearch.com',
'68.146.96.245'
);
So lets say I have my host:
$host = 'lj602144.inktomisearch.com';
I want to quickly parse this array and return a simple boolean if
I am in the blacklist. I could create a loop and cycle through
the array valves and to a regex on each but I was hoping someone
would have a more elegant solution.
http://us3.php.net/in_array
You might want to rethink things though... if you list hostnames
you're going to have to do a DNS lookup for *every* request to that
script. That's going to take some time.
So you might want to log everything, then after the fact prune the
results. Just be sure to use some sort of dns caching strategy...
-philip
--- End Message ---
--- Begin Message ---
Hi,
this code fragment give following result in my error log:
foreach($reg_array as $region_item)
$tmp_reg_array[] = $region_item[0];
$sel_region = explode(',', $_POST[CLIENT_REGION]);
foreach($sel_region as $sel_region_item)
if(!in_array($sel_region_item, $tmp_reg_array))
{
my_error_log("Unknown region: $sel_region_item, region array: ".
var_export($tmp_reg_array, TRUE));
header("Location: ".
get_error_result(
$state_def[$_SESSION[STATE_VAR]][STATE_REDIR_PAGE])
);
exit;
}
The result:
[15-Mar-2006 15:29:25] 0# - client.php : 327:Unknown region:
38579a8bd51c2d656450bc41360362f39fdc528eca7b98b1c05221c676a0ce278cf30109fa1cd9cb5453fb91242176d83595a509,
region array: array (
0 =>
'38579a8bd51c2d656450bc41360362f39fdc528eca7b98b1c05221c676a0ce278cf30109fa1cd9cb5453fb91242176d833f01a86',
1 =>
'38579a8bd51c2d656450bc41360362f39fdc528eca7b98b1c05221c676a0ce278cf30109fa1cd9cb5453fb91242176d8323627c2',
2 =>
'38579a8bd51c2d656450bc41360362f39fdc528eca7b98b1c05221c676a0ce278cf30109fa1cd9cb5453fb91242176d83595a509',
)
Is it a bug of php ?
Thanks
Rumisek
--- End Message ---
--- Begin Message ---
Sorry, this is my bug.
Roman Rumisek wrote:
> Hi,
>
> this code fragment give following result in my error log:
>
> foreach($reg_array as $region_item)
> $tmp_reg_array[] = $region_item[0];
> $sel_region = explode(',', $_POST[CLIENT_REGION]);
> foreach($sel_region as $sel_region_item)
> if(!in_array($sel_region_item, $tmp_reg_array))
> {
> my_error_log("Unknown region: $sel_region_item, region array: ".
> var_export($tmp_reg_array, TRUE));
> header("Location: ".
> get_error_result(
> $state_def[$_SESSION[STATE_VAR]][STATE_REDIR_PAGE])
> );
> exit;
> }
>
> The result:
>
> [15-Mar-2006 15:29:25] 0# - client.php : 327:Unknown region:
>
38579a8bd51c2d656450bc41360362f39fdc528eca7b98b1c05221c676a0ce278cf30109fa1cd9cb5453fb91242176d83595a509,
> region array: array (
> 0 =>
>
'38579a8bd51c2d656450bc41360362f39fdc528eca7b98b1c05221c676a0ce278cf30109fa1cd9cb5453fb91242176d833f01a86',
> 1 =>
>
'38579a8bd51c2d656450bc41360362f39fdc528eca7b98b1c05221c676a0ce278cf30109fa1cd9cb5453fb91242176d8323627c2',
> 2 =>
>
'38579a8bd51c2d656450bc41360362f39fdc528eca7b98b1c05221c676a0ce278cf30109fa1cd9cb5453fb91242176d83595a509',
> )
>
> Is it a bug of php ?
>
> Thanks
>
> Rumisek
--- End Message ---
--- Begin Message ---
=========================================================
Please feel free to add more points and updates.
20050322jb - Note the new location of PHP Editors list.
=========================================================
Topics:
=======
- Where to Find More Information
- Diagnosing the problem.
- Some Quick Guidelines on Posting
- Contributors to this document
Where to Find More Information
===============================
If you have any queries/problems about PHP, the online manual (you can
get
an offline copy as well) is a good tool to become familiar with.
http://php.net/manual
Some Key sections of the PHP Manual:
- Installation and Configuration
http://php.net/install
- Language Reference
http://php.net/langref
- Function Reference
http://php.net/funcref
tip: if you know the function name but forget exactly how
it works just type the name of the function ie:
http://php.net/array_merge
- The PHP FAQ
http://php.net/faq
Try http://www.google.com/ Searching for "php YOUR QUERY" may
fetch you relevant information within the first 10 results.
There is a searchable archive of the mailing list discussion at
http://phparch.com/mailinglists. Many of the common topics are
discussed repeatedly, and you may get answer to your query from
the earlier discussions.
For example: One of the repeatedly discussed question in the
list is "Best PHP editor". Everyone has his/her favourite
editor. You can get all the opinions by going through the list
archives. If you want a chosen list try this link:
[1] http://www.thelinuxconsultancy.co.uk/phpeditors.php
Diagnosing the problem.
==========================
Not sure if PHP is working or you want find out what extensions are
available to you? Or you're not sure exactly how php is
configured? Just put the following code into a file with a
.php extension and access it through your webserver:
<?php
phpinfo();
?>
If PHP is installed you will see a page with a lot of
information on it. If PHP is not installed (or not working
correctly) your browser will try to download the file.
One useful trick is to print the variable that you are
having troubles with using print or echo command and check whether
you get what you expected.
PHP is a server side scripting language. Whatever processing PHP
does takes place BEFORE the output reaches the client.
Therefore, it is not possible to access users' computer related
information (OS, screen size etc) using PHP. Nor can you modify
any the user side settings. You need to go for JavaScript and
ask the question in a JavaScript list.
After diagnosing the problem, send the details of your efforts
(following 'Where to find more information') and ask for help.
Some Quick Guidelines on Posting
===============================
- Provide a clear descriptive subject line. Avoid general subjects
like "Help!!", "A Question" etc. Especially avoid blank subjects.
- Don't just state it doesn't work, be descriptive in why you don't
think it works.
- Don't send you're 200+ line script to the mailing list and expect
an answer to why line 198 doesn't work. If you need to post a
large amount of code, provide a link to a page that shows the
code, or use a pastebin site like:
http://www.pastebin.com/
- When you want to start a new topic, open a new mail composer and
enter the mailing list address php-general@lists.php.net instead
of replying to an existing thread and replacing the subject and
body with your message.
- When replying try to include the mailing list with the reply,
unless of course it is personal. A common way is by using your
email/news readers' "reply to all" functionality.
- Compose your message in a format that everyone will be able to
read. This means that it would be best to send your message in
plain/text format. If you do send in HTML be sure to send your
message that includes a plain/text format.
- It's always a good idea to post back to the list once you've
solved your problem. People usually add [SOLVED] to the subject
line of their email when posting solutions. By posting your
solution you're helping the next person with the same question.
- Ask smart questions
http://catb.org/~esr/faqs/smart-questions.html
- More on the traditional netiquette. Although the following
suggestions have been known to be debatable they should help you
in general internet mailing list
a. Please do not top post as it is hard to follow. If you are
unfamiliar with the concept it is the posting of the reply
ABOVE the thing that is being replied to.
b. When Replying. Where possible trim your posts so that only
relevant portions of the message are being discussed. Replies
that become too lengthy are likely to be ignored.
Following these guidelines will ensure that you get effective
responses from the list members. Otherwise, your questions might
not be answered.
Contributors to this document
==============================
Jay Blanchard
Christophe Chisogne
Burhan Khalid
Chris W Parker
Teren
Curt Zirzow
And of course everyone that ever posted to php-general.
===============================================
Hope you have a good time programming with PHP.
===============================================
--- End Message ---
--- Begin Message ---
Jay Blanchard wrote:
<snip>
And of course everyone that ever posted to php-general.
</snip>
Even the people who top post?
*ducks*
--
John C. Nichel IV
Programmer/System Admin (ÜberGeek)
Dot Com Holdings of Buffalo
716.856.9675
[EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
[snip]
Even the people who top post?
*ducks*
[/snip]
...you cannot be hit by someone who top posts.
If you duck...
You know what struck me as funny about this?
--- End Message ---
--- Begin Message ---
Hello,
I dont know that much aboput regular expressions and just want to know how to
find out the number of special (non alphanumeric) characters in a string or how
to match a string that contains less than 3 special chars.
urrently im using a function
function valid_username($string) {
if(strlen($string)<=16&&strlen($string)>5) {
return(preg_match('/^[ -~äöüßÄÖÜ]+$/',$string));
} else {
return FALSE;
}
}
This allows usernames of 6 to 16 length containing many special chars and
German "Umlaute".
But this also allows usernames like "=)/(&%$" what should not be.
So how to limit the number of special chars? This function should just return
fals if number of special chars > X
Greets,
Holger Sunke
--- End Message ---
--- Begin Message ---
Holger Sunke wrote:
Hello,
I dont know that much aboput regular expressions and just want to know how to
find out the number of special (non alphanumeric) characters in a string or how to match a string that contains less than 3 special chars.
urrently im using a function
function valid_username($string) {
if(strlen($string)<=16&&strlen($string)>5) {
return(preg_match('/^[ -~äöüßÄÖÜ]+$/',$string));
} else {
return FALSE;
}
}
This allows usernames of 6 to 16 length containing many special chars and German
"Umlaute".
But this also allows usernames like "=)/(&%$" what should not be.
So how to limit the number of special chars? This function should just return fals
if number of special chars > X
Greets,
Holger Sunke
One thing that comes to my mind would be splitting up the string into
letters, numbers and signs with ereg()/preg() and count each one.
Greets
Barry
--
Smileys rule (cX.x)C --o(^_^o)
Dance for me! ^(^_^)o (o^_^)o o(^_^)^ o(^_^o)
--- End Message ---
