php-general Digest 5 Sep 2006 22:10:22 -0000 Issue 4331
Topics (messages 241368 through 241395):
Re: Is this unsecure?
241368 by: Ivo F.A.C. Fokkema
241369 by: Peter Lauri
241372 by: Ruben Rubio
241373 by: Jon Anderson
241375 by: Satyam
241377 by: Alex Turner
241380 by: tedd
241383 by: Satyam
241387 by: Oscar Gosdinski
241391 by: tedd
Re: How to add user to linux using php
241370 by: Jon Anderson
OT - PHP Hosting Service in UK?
241371 by: Miles Thompson
241374 by: John Nichel
241376 by: Robert Cummings
241378 by: Alex Turner
241379 by: Rory Browne
241381 by: John Nichel
241382 by: tedd
241384 by: tedd
241386 by: Alex Turner
241389 by: Alex Turner
241390 by: tedd
241395 by: Ryan A
PHP Access Violations
241385 by: Christopher Watson
error_log does not work
241388 by: Merlin
Quotes?
241392 by: Gustav Wiberg
241393 by: Martin Marques
241394 by: Dave Goodchild
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
On Tue, 05 Sep 2006 16:04:07 +0700, Peter Lauri wrote:
> Hi,
>
>
>
> I have bumped into a problem. I need to use a web service that is located on
> server B from server A. The server B will execute a script when the web
> service is accessed and an email is sent as an parameter. The problem is, if
> I only have the email as incoming parameter, anyone can just figure out the
> url for the web service, the name, and then just send the email to that
> address.
>
>
>
> To make this a little bit secure I setup so two parameters are sent, the
> email and a confirmation code. First I was just thinking to basically have a
> password sent with, and if that is correct just execute the script. However,
> due to server restrictions I can not run it on HTTPS, so that also looses
> value.
>
>
>
> So this is how I solved it:
>
>
>
> I send a parameter with the request that is the email, some extra characters
> and then MD5 on that. I do this on server A and then server B just checks if
> it is the same resulting string. If so, we know it comes from server A
> because that server is the only one that knows the extra characters used.
>
>
>
> $authstring = md5("asdf".$email."fdsa");
>
>
>
> Would this be hard to crack assuming that the one who cracks does not know
> the characters that are used to generate the $authstring?
>
>
>
> Maybe someone have experience with this? Or just a comment?
This seems the easiest for me:
- Determine IP address of Server A.
- At Server B:
<?php
if ($_SERVER['REMOTE_ADDR'] != SERVER_A_IP) {
die('Get lost, will you.');
}
.... rest of code ...
How's that? You could, of course, still add the md5 check, which sounds
pretty good.
HTH
Ivo
--- End Message ---
--- Begin Message ---
[snip]
This seems the easiest for me:
- Determine IP address of Server A.
- At Server B:
<?php
if ($_SERVER['REMOTE_ADDR'] != SERVER_A_IP) {
die('Get lost, will you.');
}
.... rest of code ...
How's that? You could, of course, still add the md5 check, which sounds
pretty good.
HTH
Ivo
[/snip]
Then some one with an account on that server can also do the same thing :) A
combination is probably the best...
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>
> $authstring = md5("asdf".$email."fdsa");
>
md5 is unsecure.
Use sha1 ( http://www.php.net/sha1 ) instead
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE/XjEIo1XmbAXRboRAh14AJ9eqyWj6bRCfCG3bGi9A94uQxJz4wCfbyeS
Wt9KKC7QrRCoJDCDRG5I/kY=
=JTiq
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Ruben Rubio wrote:
md5 is unsecure.
Use sha1 ( http://www.php.net/sha1 ) instead
SHA1 has also been partially broken. Until more hash algorithms work
their way into PHP, using both md5 and sha1 plus the remote IP as
mentioned in a previous email would certainly add to the security of the
system.
Personally, I think that md5 is fine for the purpose outlined. I believe
that md5's weakness is in that it's possible to generate collisions, so
since in this case the original email is known, collisions are less
relevant. (They're trying to crack the "password" that is the appended
letters, by brute-forcing combinations of "<character group
1><email><character group 2>". It seems to me that collisions don't
help. Please correct me if I'm wrong - I'm definitely no cryptographer. ;-)
jon
--- End Message ---
--- Begin Message ---
What you are doing is what banks have been doing for ages with wire
transfers and it is called MAC, Message Authentication Code (not related to
an Ethernet MAC address at all).
Wire transfers are sent in clear text amongst banks. Each bank has set a
'signature' (a code) with each other. They use an algorithm which includes
the message itself and that code. Notice that the message is send in clear
text. It doesn't matter that MD5 is not secure or that it can be decripted
(which, in fact, it cannot, since it is a one-way code), the important point
here is that the extra code appended to the clear message is never found.
Actually, amongst banks not only the message is sent in clear text but the
algorith is well know, the only thing that is not known is the validation
code, which is changed every so often so that even if found out, it cannot
be used for long.
Just make sure that you have a safe means of exchanging keys in between the
servers every now and then. Banks usually send a book of keys for a certain
period physically amongst them and only when they are received and it is
certain they have not been intercepted or tampered with they get used.
Satyam
----- Original Message -----
From: "Peter Lauri" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Tuesday, September 05, 2006 11:04 AM
Subject: [PHP] Is this unsecure?
Hi,
I have bumped into a problem. I need to use a web service that is located
on
server B from server A. The server B will execute a script when the web
service is accessed and an email is sent as an parameter. The problem is,
if
I only have the email as incoming parameter, anyone can just figure out
the
url for the web service, the name, and then just send the email to that
address.
To make this a little bit secure I setup so two parameters are sent, the
email and a confirmation code. First I was just thinking to basically have
a
password sent with, and if that is correct just execute the script.
However,
due to server restrictions I can not run it on HTTPS, so that also looses
value.
So this is how I solved it:
I send a parameter with the request that is the email, some extra
characters
and then MD5 on that. I do this on server A and then server B just checks
if
it is the same resulting string. If so, we know it comes from server A
because that server is the only one that knows the extra characters used.
$authstring = md5("asdf".$email."fdsa");
Would this be hard to crack assuming that the one who cracks does not know
the characters that are used to generate the $authstring?
Maybe someone have experience with this? Or just a comment?
Best regards,
Peter Lauri
www.lauri.se <http://www.lauri.se/> - personal web site
www.dwsasia.com <http://www.dwsasia.com/> - company web site
--- End Message ---
--- Begin Message ---
Peter Lauri wrote:
Isn't that just to send a username and password with the request? Or is the
username and password protected somehow in that process?
-----Original Message-----
From: Paul Scott [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 05, 2006 4:08 PM
To: Peter Lauri
Cc: [email protected]
Subject: Re: [PHP] Is this unsecure?
On Tue, 2006-09-05 at 16:04 +0700, Peter Lauri wrote:
I have bumped into a problem. I need to use a web service that is located
on
server B from server A. The server B will execute a script when the web
service is accessed and an email is sent as an parameter. The problem is,
if
I only have the email as incoming parameter, anyone can just figure out
the
url for the web service, the name, and then just send the email to that
address.
Why not just use SOAP envelope authentication?
--Paul
Peter,
The approach is fairly secure. But it would be much better to use the
output buffer to append a chunk of characters to the whole page and then
md5 that. This makes it much less likely that a snooper could bruit
force attack the system.
The next stage beyond that is just to AES encrypt the whole
communication. As you have access to both ends, there is no requirement
for asymmetric cryptography. Then simply put a known phrase as the
start of the request then the other end checks for after decryption and
if it is not there it rejects the message.
Crank that up to 256Bit encryption and you have a commercial spec system :-)
Cheers
AJ
PPS as MD5 is now part cracked, if you are truly paranoid, use SHA.
--
www.deployview.com
www.nerds-central.com
www.project-network.com
--- End Message ---
--- Begin Message ---
At 4:48 PM +0200 9/5/06, Satyam wrote:
It doesn't matter that MD5 is not secure or that it can be
decripted (which, in fact, it cannot, since it is a one-way code),
Not that you said otherwise.
It's my understanding that while MD5 has cannot be decrypted some
encryption can be cracked by matching matching results. They don't
have to work the code backwards.
For example, if I MD5 "apple" -- it will produces a corresponding
code (1f3870be274f6c49b3e31a0c6728957f). If a cracker has a library
of dictionary hash codes, it's a simple matter to compare all those
hash codes with my code to find a corresponding match, thus exposing
"apple" as the encrypted word.
That's one of the reasons why one shouldn't use a real word as a password.
tedd
PS: I wish my server had php5 for several reasons, including the
crack functions -- fascinating
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
I didn't mean to contradict anyone, I just meant to make sure that Peter
knew that in this case it didn't matter.
Satyam
----- Original Message -----
From: "tedd" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Tuesday, September 05, 2006 6:18 PM
Subject: Re: [PHP] Is this unsecure?
At 4:48 PM +0200 9/5/06, Satyam wrote:
It doesn't matter that MD5 is not secure or that it can be decripted
(which, in fact, it cannot, since it is a one-way code),
Not that you said otherwise.
It's my understanding that while MD5 has cannot be decrypted some
encryption can be cracked by matching matching results. They don't have to
work the code backwards.
For example, if I MD5 "apple" -- it will produces a corresponding code
(1f3870be274f6c49b3e31a0c6728957f). If a cracker has a library of
dictionary hash codes, it's a simple matter to compare all those hash
codes with my code to find a corresponding match, thus exposing "apple" as
the encrypted word.
That's one of the reasons why one shouldn't use a real word as a password.
tedd
PS: I wish my server had php5 for several reasons, including the crack
functions -- fascinating
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
On 9/5/06, tedd <[EMAIL PROTECTED]> wrote:
At 4:48 PM +0200 9/5/06, Satyam wrote:
It's my understanding that while MD5 has cannot be decrypted some
encryption can be cracked by matching matching results. They don't
have to work the code backwards.
For example, if I MD5 "apple" -- it will produces a corresponding
code (1f3870be274f6c49b3e31a0c6728957f). If a cracker has a library
of dictionary hash codes, it's a simple matter to compare all those
hash codes with my code to find a corresponding match, thus exposing
"apple" as the encrypted word.
That's one of the reasons why one shouldn't use a real word as a password.
If you are going to validate a e-mail address and a password i think
that is a better approach to generate the following hash:
$hash = md5($email . $password)
In this case, there is no way to get the clear password if you know
hash and have a database of hash codes.
--
Saludos
Oscar
--- End Message ---
--- Begin Message ---
At 12:10 PM -0500 9/5/06, Oscar Gosdinski wrote:
On 9/5/06, tedd <[EMAIL PROTECTED]> wrote:
At 4:48 PM +0200 9/5/06, Satyam wrote:
It's my understanding that while MD5 has cannot be decrypted some
encryption can be cracked by matching matching results. They don't
have to work the code backwards.
For example, if I MD5 "apple" -- it will produces a corresponding
code (1f3870be274f6c49b3e31a0c6728957f). If a cracker has a library
of dictionary hash codes, it's a simple matter to compare all those
hash codes with my code to find a corresponding match, thus exposing
"apple" as the encrypted word.
That's one of the reasons why one shouldn't use a real word as a password.
If you are going to validate a e-mail address and a password i think
that is a better approach to generate the following hash:
$hash = md5($email . $password)
In this case, there is no way to get the clear password if you know
hash and have a database of hash codes.
Yes, and there are lot's of different techniques shown in the
comments under function HD5 in the php manual.
http://us3.php.net/manual/en/function.md5.php
I think it pays off in terms of security to consider adding
additional characters to passwords.
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
J R wrote:
1. give user apache the addusser priviledge (which is very unsecure),
then
execute shell_exe as root would.
2. create a root process like a cron job which will start at boot of your
server, then on your shell_exe pass your command to that process and have
that root process execute that command (bit more secure).
Or create a simple shell/perl/php/whatever wrapper for adduser, and
allow sudo for that wrapper by the web server user only.
For example, you could create a wrapper that only allows one
alphanumeric argument for the username, and another for the password.
The wrapper could use defaults like /home/webusers/<username>, and
/bin/false as the shell, etc, etc.
jon
--- End Message ---
--- Begin Message ---
I have a Canadian client, presently living in England, who is setting up a
vary basic web site. The business is located in the UK, it makes sense to
have the web hosting service in the UK as well.
Would anyone who is happy with a UK hosting service offering PHP
(preferably 5) and MySQL please make a suggestion. (I'm willing to accept
one or two outages a years, more importantly, if there is a problem with
email, etc., are they responsive?)
Regards - Miles Thompson
(902) 440-2010
"Ask the fruitful question."
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.405 / Virus Database: 268.11.7/437 - Release Date: 9/4/2006
--- End Message ---
--- Begin Message ---
Miles Thompson wrote:
I have a Canadian client, presently living in England, who is setting up
a vary basic web site. The business is located in the UK, it makes
sense to have the web hosting service in the UK as well.
Why? If they're not hosting it in-house, why does it matter where on
the globe it is?
Would anyone who is happy with a UK hosting service offering PHP
(preferably 5) and MySQL please make a suggestion. (I'm willing to
accept one or two outages a years, more importantly, if there is a
problem with email, etc., are they responsive?)
I can understand wanting the hosting service being on the same 'working'
hours as the client, but many hosts have 24 hour support. I don't
recommend places often, but if your client can accept a host outside of
the UK, look at http://www.jtlnet.com I used them for years, and
outside of great prices, their service is top notch.
Note: I am not associated with JTL in any way, shape or form these days.
--
John C. Nichel IV
Programmer/System Admin (ÜberGeek)
Dot Com Holdings of Buffalo
716.856.9675
[EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
On Tue, 2006-09-05 at 10:41 -0400, John Nichel wrote:
> Miles Thompson wrote:
> >
> > I have a Canadian client, presently living in England, who is setting up
> > a vary basic web site. The business is located in the UK, it makes
> > sense to have the web hosting service in the UK as well.
> >
>
> Why? If they're not hosting it in-house, why does it matter where on
> the globe it is?
Request latency due to distance and intermediate hops. The shorter the
distance and fewer hops the faster those little images, stylesheets, and
various other embedded media will load. This won't be very noticeable on
the first page load due to the download times, but other requests that
check timestamps against cache will appear more sluggish than necessary.
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
--- End Message ---
--- Begin Message ---
Miles Thompson wrote:
I have a Canadian client, presently living in England, who is setting up
a vary basic web site. The business is located in the UK, it makes
sense to have the web hosting service in the UK as well.
Would anyone who is happy with a UK hosting service offering PHP
(preferably 5) and MySQL please make a suggestion. (I'm willing to
accept one or two outages a years, more importantly, if there is a
problem with email, etc., are they responsive?)
Regards - Miles Thompson
(902) 440-2010
"Ask the fruitful question."
Miles,
I use:
http://websitters.co.uk/hosting.php
AJ
--
www.deployview.com
www.nerds-central.com
www.project-network.com
--- End Message ---
--- Begin Message ---
>
> Why? If they're not hosting it in-house, why does it matter where on
> the globe it is?
Request latency due to distance and intermediate hops. The shorter the
distance and fewer hops the faster those little images, stylesheets, and
various other embedded media will load. This won't be very noticeable on
the first page load due to the download times, but other requests that
check timestamps against cache will appear more sluggish than necessary.
It's also more fault tolerent. I don't imagine this ever happening, but if
the UK was somehow cut off from all other countries internet system, then
the UK customers would still be able to access sites in the UK, but not
sites outside of the UK. It's one less thing that can go wrong.
--- End Message ---
--- Begin Message ---
Rory Browne wrote:
>
> Why? If they're not hosting it in-house, why does it matter where on
> the globe it is?
Request latency due to distance and intermediate hops. The shorter the
distance and fewer hops the faster those little images, stylesheets, and
various other embedded media will load. This won't be very noticeable on
the first page load due to the download times, but other requests that
check timestamps against cache will appear more sluggish than necessary.
It's also more fault tolerent. I don't imagine this ever happening, but if
the UK was somehow cut off from all other countries internet system, then
the UK customers would still be able to access sites in the UK, but not
sites outside of the UK. It's one less thing that can go wrong.
Seems to me to be too much worrying about a, "vary basic web site". The
OP is willing to accept one or two outages a year, ya know?
--
John C. Nichel IV
Programmer/System Admin (ÜberGeek)
Dot Com Holdings of Buffalo
716.856.9675
[EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
At 10:41 AM -0400 9/5/06, John Nichel wrote:
don't recommend places often, but if your client can accept a host
outside of the UK, look at http://www.jtlnet.com
Strange web site -- for Safari it pulses (i.e., get's larger and
returns to normal size) about every three seconds.
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
I use:
http://websitters.co.uk/hosting.php
AJ
Interesting that they display compliance, but fail validation (89 errors?).
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
tedd wrote:
I use:
http://websitters.co.uk/hosting.php
AJ
Interesting that they display compliance, but fail validation (89 errors?).
tedd
May I quickly say that I have no involvement in this company other than
having sites hosted with them! (blush)
I will raise it with them!
Thanks for pointing that out.
AJ
--
www.deployview.com
www.nerds-central.com
www.project-network.com
--- End Message ---
--- Begin Message ---
tedd wrote:
I use:
http://websitters.co.uk/hosting.php
AJ
Interesting that they display compliance, but fail validation (89 errors?).
tedd
Are - the answer is that they recently updated all the pages, and the
buttons for validation should only be on the front page.
AJ
--
www.deployview.com
www.nerds-central.com
www.project-network.com
--- End Message ---
--- Begin Message ---
At 6:20 PM +0100 9/5/06, Alex Turner wrote:
tedd wrote:
I use:
http://websitters.co.uk/hosting.php
AJ
Interesting that they display compliance, but fail validation (89 errors?).
tedd
Are - the answer is that they recently updated all the pages, and
the buttons for validation should only be on the front page.
AJ
Ahhh, that's better -- and explains it.
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
Hey,
I did try need-space.co.uk
they were good for some time, then later sucked really
bad, then insulted me via online support when i asked
for my $$ back after hosting with them for just over a
month... then later apoligised and got good again (and
returned my $$), they say they have changed the rude
support person...
no idea if its true (as i left them) but you might
want to check them out.
I hate it when people link or 'advise' on a site and
fail to mention that they are somehow "connected" to
that site and get a payback in some way...thats just
sly and low..
Reading the above it should be clear that i am in NO
way involved with them :D but just in case;
I am in NO way involved with that site.
Any questions about my experience with them, mail me
offlist.
HTH and good luck!
Cheers!
Ryan
------
- The faulty interface lies between the chair and the keyboard.
- Creativity is great, but plagiarism is faster!
- Smile, everyone loves a moron. :-)
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--- End Message ---
--- Begin Message ---
OK, this is starting to get really annoying. I think it's time I
posted this to php-general, and see if there is anything anyone knows
about it.
For a while now (about two years), I have been developing on a laptop
configured as listed below. I'll provide the versions of software I
am currently working with, although the problems I will describe have
been occurring with regularity over several previous versions of the
software.
HP Pavilion zx5000 notebook computer
1 GB RAM
120 GB HD
Windows XP Pro (SP2)
PHP 5.1.6 (running as ISAPI)
MySQL Server 5.0.24
SQLyog Enterprise 5.17
The problem became so bad and pervasive that I decided the best thing
do (about two week ago) was to wipe this machine completely and
rebuild it from the ground up. The main partition was deleted,
recreated, slow-formatted, and Windows XP re-installed clean (with ALL
updates installed as well). The latest versions of PHP, MySQL, and my
client admin program, SQLyog we re-installed. I haven't put much of
anything else on this machine, aside from Homesite (to write PHP), and
MySQL Administrator to manage users. Process count is low and managed
well. There is nothing stupid on this laptop.
But the problem persists!
Basically, it's an intermittent but frequent "Access Violation" within
PHP. It happens at complete unpredictable times. Meaning, I cannot
reproduce the problem using a recipe. There are no known sequence of
events that cause the problem to occur.
After boot, I start developing. I'm running Homesite, writing code,
saving it. I'm using IE to run locally the PHP/Fusebox app I have
written, using localhost. I have a virtual directory set up in IIS
for the app. I test my code, running through several circuits and
functions. I use SQLyog Enterprise to make and alter tables, adjust
data, perform other analyses through manual queries, etc. etc. Lots
of querying going on to the local MySQL server from the app. This is
an astronomical data management system, so it is query-heavy. I'm
using PEAR::DB and mysqli to do all the PHP/MySQL stuff. My code is
two years old and quite robust. It is fully debugged, and I think I
write pretty good code that does the right thing. But after a while
(again, the time span is unpredictable), things suddenly die. On one
request, I won't get back what I'm expecting. Usually a partial page.
On the next invocation of PHP, I get an error about an "Access
violation" PHP has encountered. At that point, I am dead in the
water. PHP simply won't work any more. I have to reboot the system
to get it back up and running.
This will happen during very single development session. Eventually,
after working with Homesite, SQLyog and IE to run and test the app, it
WILL die. And it's PHP giving me the error. It seems as if there is
nothing I can do to modify my development practices to eliminate or
even lessen the frequency of this error.
You have to understand that this machine was WIPED CLEAN a couple of
weeks ago, and I haven't installed anything on it except the OS and
essential development tools. This machine is devoid of any malware,
and is extremely process poor. It's a super clean system.
Does someone, anyone, has any insight into this? Please help me!
Christopher Watson
--- End Message ---
--- Begin Message ---
Hi there,
I can not find a way to get this working on one server of mine. The
error_log() funciton does not result in an entry to this log. The log
exists and php.ini is configured to write error warnings out (so it does
on system warnings). The same thing workes excellent on another server
of mine.
Can somebody please shed some light on that?
Thank you in advance,
merlin
--- End Message ---
--- Begin Message ---
I want to save this to a string...
<script language="javascript">
var uri = 'http://impse.tradedoubler.com/imp/img/16352388/1122503?' + new
String (Math.random()).substring (2, 11);
document.write('<a
href="http://clk.tradedoubler.com/click?p=48859&a=1122503&g=16352388";
target="_blank"><img src="'+uri+'" border=0></a>');
</script><br><br>
How could i type?
I've tried with ' and ".. but can't get it to work.
tested diffrent types..
$str = '<script language="javascript">';
$str = 'var uri = 'http://impse.tradedoubler.com/imp/js/16350344/1122503?' +
new String (Math.random()).substring (2, 11);';
$str = ""document.write('<sc'+'ript language="JavaScript" src="'+uri+'"
charset="ISO-8859-1"></sc'+'ript>');"";
$str = ""</script><br><br>"";
Best regards
/Gustav Wiberg
Stammis Internet
--- End Message ---
--- Begin Message ---
On Tue, 5 Sep 2006, Gustav Wiberg wrote:
I want to save this to a string...
<script language="javascript">
var uri = 'http://impse.tradedoubler.com/imp/img/16352388/1122503?' + new
String (Math.random()).substring (2, 11);
document.write('<a
href="http://clk.tradedoubler.com/click?p=48859&a=1122503&g=16352388";
target="_blank"><img src="'+uri+'" border=0></a>');
</script><br><br>
How could i type?
Escape " and ', like this: \" and \'.
--
21:50:04 up 2 days, 9:07, 0 users, load average: 0.92, 0.37, 0.18
---------------------------------------------------------
Lic. Martín Marqués | SELECT 'mmarques' ||
Centro de Telemática | '@' || 'unl.edu.ar';
Universidad Nacional | DBA, Programador,
del Litoral | Administrador
---------------------------------------------------------
--- End Message ---
--- Begin Message ---
Or use a heredoc?
--
http://www.web-buddha.co.uk
http://www.projectkarma.co.uk
--- End Message ---
