php-general Digest 2 Aug 2008 20:38:11 -0000 Issue 5603
Topics (messages 277606 through 277637):
Re: Exposing PHP/errors on production vs. dev
277606 by: mike
277607 by: Richard Heyes
277621 by: Robert Cummings
277622 by: Robert Cummings
277623 by: Al
277626 by: Daniel Brown
277627 by: Robert Cummings
277628 by: Daniel Brown
277629 by: Robert Cummings
277630 by: Daniel Brown
277631 by: mike
277632 by: Robert Cummings
anyone have HTML snippet example of HTTP method = put?
277608 by: mike
277609 by: n3or
277615 by: Richard Heyes
277616 by: Benjamin Hawkes-Lewis
277633 by: mike
Referencing files in cron jobs versus format when running from URL
277610 by: ioannes
277619 by: brian
E-Shop system
277611 by: Alain Roger
277614 by: Maciek Sokolewicz
Returning response includes HTML form data
277612 by: Edward Diener
277613 by: Maciek Sokolewicz
277618 by: Edward Diener
277620 by: brian
277634 by: Edward Diener
277635 by: Benjamin Hawkes-Lewis
277636 by: Edward Diener
Re: remembering where the user is on the page??
277617 by: brian
277624 by: Al
277625 by: Benjamin Hawkes-Lewis
PHP Memory Management
277637 by: Waynn Lue
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
On 8/2/08, Richard Heyes <[EMAIL PROTECTED]> wrote:
> > Personally, and I know I'm not alone here... I keep E_NOTICE enabled
>
> Then you're both mad. Users really shouldn't see any error regardless,
> so error reporting IMO should be off entirely. A blank screen that you
> can blame on a variety of things is far preferable to users knowing
> that your website is broken. In production I keep error_reporting set
> to 0. There are a variety of things you could also do like log them to
> a file or have them emailed to you so that you get notified when
> errors occur.
That's what we're saying.
He's saying he is LOGGING everything (error_reporting) not
display_errors - where it would output to the user :)
display_errors and maybe display_startup_errors are the key ones afaik
that expose any PHP related errors to the user. that's why I started
this thread to confirm my logic.
--- End Message ---
--- Begin Message ---
>> Then you're both mad. Users really shouldn't see any error regardless,
>> so error reporting IMO should be off entirely. A blank screen that you
>> can blame on a variety of things is far preferable to users knowing
>> that your website is broken. In production I keep error_reporting set
>> to 0. There are a variety of things you could also do like log them to
>> a file or have them emailed to you so that you get notified when
>> errors occur.
>
> That's what we're saying.
>
> He's saying he is LOGGING everything (error_reporting) not
> display_errors - where it would output to the user :)
Oopsy. Missed that. Well as long as display errors is off then I guess
there's no problem with error_reporting set to E_ALL, and it would
even be preferable I guess.
--
Richard Heyes
http://www.phpguru.org
--- End Message ---
--- Begin Message ---
On Sat, 2008-08-02 at 09:15 +0100, Richard Heyes wrote:
> > Personally, and I know I'm not alone here... I keep E_NOTICE enabled
>
> Then you're both mad. Users really shouldn't see any error regardless,
> so error reporting IMO should be off entirely. A blank screen that you
> can blame on a variety of things is far preferable to users knowing
> that your website is broken. In production I keep error_reporting set
> to 0. There are a variety of things you could also do like log them to
> a file or have them emailed to you so that you get notified when
> errors occur.
What are you smoking? I set display_errors to off and run a cron job
every hour or so to send me the error log contents.
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--- End Message ---
--- Begin Message ---
On Sat, 2008-08-02 at 10:32 +0100, Richard Heyes wrote:
> >> Then you're both mad. Users really shouldn't see any error regardless,
> >> so error reporting IMO should be off entirely. A blank screen that you
> >> can blame on a variety of things is far preferable to users knowing
> >> that your website is broken. In production I keep error_reporting set
> >> to 0. There are a variety of things you could also do like log them to
> >> a file or have them emailed to you so that you get notified when
> >> errors occur.
> >
> > That's what we're saying.
> >
> > He's saying he is LOGGING everything (error_reporting) not
> > display_errors - where it would output to the user :)
>
> Oopsy. Missed that. Well as long as display errors is off then I guess
> there's no problem with error_reporting set to E_ALL, and it would
> even be preferable I guess.
*lol* :)
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--- End Message ---
--- Begin Message ---
Here' the snippet I use on all my code files. Default is create and add to error log file on the
current dir.
I generally echo $error_reporting to remind myself that the error reporting is
active.
if(true) // TRUE for debug only
{
ini_set("display_errors", "on"); //use off if users will see them
error_reporting(E_ALL);
$error_reporting = '<span style="color:red">Error display and logging
on</span> ';
}
mike wrote:
Does this look right?
Obviously you still want to know about production errors, so I'd like
to log them.
Development I want to see -everything- and I want it to display on the
page. The assumption is production won't have any notices as the code
should be clean and our higher priority are fixing errors. But that
one is easily editable if needed :)
Production:
display_errors = Off
display_startup_errors = Off
error_reporting = E_ALL & ~E_NOTICE
expose_php = Off
log_errors = On
error_log = syslog
Dev:
display_errors = On
display_startup_errors = On
error_reporting = E_ALL
expose_php = On
log_errors = On
error_log = syslog
Am I missing any?
--- End Message ---
--- Begin Message ---
On Sat, Aug 2, 2008 at 12:52 PM, Al <[EMAIL PROTECTED]> wrote:
> Here' the snippet I use on all my code files. Default is create and add to
> error log file on the current dir.
>
> I generally echo $error_reporting to remind myself that the error reporting
> is active.
>
> if(true) // TRUE for debug only
> {
> ini_set("display_errors", "on"); //use off if users will see them
> error_reporting(E_ALL);
>
> $error_reporting = '<span style="color:red">Error display and logging
> on</span> ';
> }
Quit top-posting, Al, or we'll feed you to the sheep. ;-P
I do a similar thing, but with on-the-fly error display for
debugging. Using sessions, only those with a developer flag see any
errors. The rest are handled in logs (and yes, using E_ALL).
One of my systems uses ~E_CUMMINGS though, because it reports
things too violently.
--
</Daniel P. Brown>
Better prices on dedicated servers:
Intel 2.4GHz/60GB/512MB/2TB $49.99/mo.
Intel 3.06GHz/80GB/1GB/2TB $59.99/mo.
Dedicated servers, VPS, and hosting from $2.50/mo.
--- End Message ---
--- Begin Message ---
On Sat, 2008-08-02 at 13:34 -0400, Daniel Brown wrote:
> On Sat, Aug 2, 2008 at 12:52 PM, Al <[EMAIL PROTECTED]> wrote:
> > Here' the snippet I use on all my code files. Default is create and add to
> > error log file on the current dir.
> >
> > I generally echo $error_reporting to remind myself that the error reporting
> > is active.
> >
> > if(true) // TRUE for debug only
> > {
> > ini_set("display_errors", "on"); //use off if users will see them
> > error_reporting(E_ALL);
> >
> > $error_reporting = '<span style="color:red">Error display and logging
> > on</span> ';
> > }
>
> Quit top-posting, Al, or we'll feed you to the sheep. ;-P
>
> I do a similar thing, but with on-the-fly error display for
> debugging. Using sessions, only those with a developer flag see any
> errors. The rest are handled in logs (and yes, using E_ALL).
>
> One of my systems uses ~E_CUMMINGS though, because it reports
> things too violently.
Hmmpf!
--
http://www.interjinn.com
Application and Templating Framework for PHP
--- End Message ---
--- Begin Message ---
On Sat, Aug 2, 2008 at 1:40 PM, Robert Cummings <[EMAIL PROTECTED]> wrote:
>
> Hmmpf!
Oh, God, it's tasted human blood!
Cut the crap, Rob. Don't even try to act innocent in front of the
list, denying that you threw that chair through my window and punched
me in the throat all because I forgot a semicolon. I told you I was
sorry!
--
</Daniel P. Brown>
Better prices on dedicated servers:
Intel 2.4GHz/60GB/512MB/2TB $49.99/mo.
Intel 3.06GHz/80GB/1GB/2TB $59.99/mo.
Dedicated servers, VPS, and hosting from $2.50/mo.
--- End Message ---
--- Begin Message ---
On Sat, 2008-08-02 at 13:53 -0400, Daniel Brown wrote:
> On Sat, Aug 2, 2008 at 1:40 PM, Robert Cummings <[EMAIL PROTECTED]> wrote:
> >
> > Hmmpf!
>
> Oh, God, it's tasted human blood!
>
> Cut the crap, Rob. Don't even try to act innocent in front of the
> list, denying that you threw that chair through my window and punched
> me in the throat all because I forgot a semicolon. I told you I was
> sorry!
Sorry, I hired a profession for the chair throwing-- my bulldog Steve
Ballmer!
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--- End Message ---
--- Begin Message ---
On Sat, Aug 2, 2008 at 1:58 PM, Robert Cummings <[EMAIL PROTECTED]> wrote:
>
> Sorry, I hired a profession for the chair throwing-- my bulldog Steve
> Ballmer!
More wasteful spending by the Canadian. You know that he's just
going to wind up finding a way to introduce new bugs into the act of
domestic violence, right? Like fear that emits an unpleasant odor or
bruises that cause herpes.
--
</Daniel P. Brown>
Better prices on dedicated servers:
Intel 2.4GHz/60GB/512MB/2TB $49.99/mo.
Intel 3.06GHz/80GB/1GB/2TB $59.99/mo.
Dedicated servers, VPS, and hosting from $2.50/mo.
--- End Message ---
--- Begin Message ---
On 8/2/08, Al <[EMAIL PROTECTED]> wrote:
> Here' the snippet I use on all my code files. Default is create and add to
> error log file on the current dir.
The problem is if the script is fubar, it won't read the error_log ini
override...
Open question for all:
Even though I have error_reporting set to on, and display_errors set
to on, sometimes errors occur and it just shows a blank page. Why is
that? I used to always get -some- output, now I get nothing. It's
quite annoying.
I am excited for PHP 5.3's ini settings features - then I can create a
PHP error log per each docroot (manually, for now), or I suppose if I
can remember the syntax in php-fpm I can already do that. Problem is
then I just need to configure things to rotate/reset those logs every
so often. (heads up: feature request, error_log_max_filesize!)
--- End Message ---
--- Begin Message ---
On Sat, 2008-08-02 at 14:01 -0400, Daniel Brown wrote:
> On Sat, Aug 2, 2008 at 1:58 PM, Robert Cummings <[EMAIL PROTECTED]> wrote:
> >
> > Sorry, I hired a profession for the chair throwing-- my bulldog Steve
> > Ballmer!
>
> More wasteful spending by the Canadian. You know that he's just
> going to wind up finding a way to introduce new bugs into the act of
> domestic violence, right? Like fear that emits an unpleasant odor or
> bruises that cause herpes.
Given the goal was to enact violence... I think fear and herpes would
count as "features"! With respect to wasteful spending... I think you're
forgetting that the US dollar is on target for devaluation similar to
that of Zimbabwean currency.
:B
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--- End Message ---
--- Begin Message ---
I have this:
<form method="PUT" action="work.php">
File: <input type="file" />
<input type="submit" value="Submit" />
</form>
Looking in my webserver logs, it changes that to a GET.
Ideas anyone? The receiver is PHP and I am pretty sure I know how to
handle it once it is properly PUT-ted.
(I run nginx for the server and have enabled PUT as a method, supposedly)
Maybe I need to do something different on the web form though?
thanks!
--- End Message ---
--- Begin Message ---
enctype="multipart/form-data" eventually?!
mike schrieb:
I have this:
<form method="PUT" action="work.php">
File: <input type="file" />
<input type="submit" value="Submit" />
</form>
Looking in my webserver logs, it changes that to a GET.
Ideas anyone? The receiver is PHP and I am pretty sure I know how to
handle it once it is properly PUT-ted.
(I run nginx for the server and have enabled PUT as a method, supposedly)
Maybe I need to do something different on the web form though?
thanks!
--
Viele Grüße
Dominik Strauß - www.n3or.de
Webentwicklung, PHP und Linux
Mobil: 0178 4940605
Internet: www.n3or.de
E-Mail: [EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
> <form method="PUT" action="work.php">
> File: <input type="file" />
> <input type="submit" value="Submit" />
> </form>
>
> Looking in my webserver logs, it changes that to a GET.
You could use Fiddler to verify what type of requests your browser is making:
http://www.fiddlertool.com
If it is indeed the browser, chances are it doesn't support PUT.
--
Richard Heyes
http://www.phpguru.org
--- End Message ---
--- Begin Message ---
mike wrote:
I have this:
<form method="PUT" action="work.php">
File: <input type="file" />
<input type="submit" value="Submit" />
</form>
Looking in my webserver logs, it changes that to a GET.
Ideas anyone? The receiver is PHP and I am pretty sure I know how to
handle it once it is properly PUT-ted.
(I run nginx for the server and have enabled PUT as a method, supposedly)
Maybe I need to do something different on the web form though?
I can appreciate why one might imagine otherwise, but XHTML 1.x forms
only support GET and POST. GET and POST are the only allowed values for
the "method" attribute.
If you were validating your markup ( http://validator.w3.org/ ) you'd
have caught that error; if you'd read the HTML documentation for the
FORM element you wouldn't have made it in the first place:
http://www.w3.org/TR/html401/interact/forms.html#h-17.3
There are no conformance criteria in the HTML specification for how user
agents should handle your error; it appears the client you were testing
with submitted the form with the GET method instead.
There are proposals to add PUT and DELETE to the supported methods in a
future version of HTML.
Hard to be sure, but judging from your markup, you might well be using
the wrong HTTP method anyway. The "action" attribute specifies where the
URL the form submits to. In the case of a PUT method, the server is
supposed to replace the resource represented by that URL with the entity
dispatched in the request:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.6
So unless you're intending that, after submission, a GET request to
work.php should return the uploaded file, you're using the wrong method.
I suspect you want the POST method, where the server may do basically
anything with the dispatched entity, such as taking an uploaded file and
making it available at an arbitrary URL (like images/495005.jpg):
http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.5
I note in passing that if you're intending to use that markup in
production, you should really enclose the text "File: " in a "label"
element associated with the "input" element by having a "for" attribute
matching an "id" attribute adding to the "input". This will allow user
agents to accurately associate the label with the file upload control,
for example screen readers and voice browsers can speak or braille
"File: " when the focus enters the control. For a detailed explanation, see:
http://reference.sitepoint.com/html/label
http://www.w3.org/TR/WCAG20-TECHS/H44.html
http://green-beast.com/blog/?p=254
http://www.w3.org/TR/html401/interact/forms.html#h-17.9
Hope that helps.
--
Benjamin Hawkes-Lewis
--- End Message ---
--- Begin Message ---
On 8/2/08, Benjamin Hawkes-Lewis <[EMAIL PROTECTED]> wrote:
> I can appreciate why one might imagine otherwise, but XHTML 1.x forms only
> support GET and POST. GET and POST are the only allowed values for the
> "method" attribute.
Sigh. That makes sense then.
So to test my script I need to use curl or something, I was hoping to
test my browser directly. I thought at least PUT would work. Obviously
not every DAV command or anything else.
> There are proposals to add PUT and DELETE to the supported methods in a
> future version of HTML.
Well, I won't actually be using this in production this way anyway, I
just wanted to do some testing at home using PUT first. Looks like I
will have to use curl or another method that isn't in-browser.
> Hard to be sure, but judging from your markup, you might well be using the
> wrong HTTP method anyway. The "action" attribute specifies where the URL the
> form submits to. In the case of a PUT method, the server is supposed to
> replace the resource represented by that URL with the entity dispatched in
> the request:
Yeah - that is why I had set my webserver as dav_access readonly. I
was wanting to see it first PUT the file, see if PHP accepted it, or
it just said "access denied"
I need to PUT a file but use a PHP script as a wrapper, and my
webserver is nginx.
> I note in passing that if you're intending to use that markup in production,
> you should really enclose the text "File: " in a "label" element associated
> with the "input" element by having a "for" attribute matching an "id"
> attribute adding to the "input". This will allow user agents to accurately
> associate the label with the file upload control, for example screen readers
> and voice browsers can speak or braille "File: " when the focus enters the
> control. For a detailed explanation, see:
Thanks for the tip.
--- End Message ---
--- Begin Message ---
I have a file that works from the URL like:
www.mysite.com/cronjob.php
and this file includes references to uploaded files like this:
/home/mysite/public_html/dir/subdir/filename.xml
and this is used in functions like filemtime(). The uploaded files are
found on the server using the above path in the code of the php file.
However, when I cron the php file from the server using:
/ramdisk/bin/php4 -q /home/mysite/public_html/cronjob.php
(using the server cPanel Cron Manager Linux command type set up page),
the php file does not find the uploaded files, presumably because the
above format of /home/mysite/public_html/dir/subdir/filename.xml needs
to be a different path. This must be familiar to many, can you help in
suggesting change in path required?
John
--- End Message ---
--- Begin Message ---
ioannes wrote:
I have a file that works from the URL like:
www.mysite.com/cronjob.php
and this file includes references to uploaded files like this:
/home/mysite/public_html/dir/subdir/filename.xml
and this is used in functions like filemtime(). The uploaded files are
found on the server using the above path in the code of the php file.
However, when I cron the php file from the server using:
/ramdisk/bin/php4 -q /home/mysite/public_html/cronjob.php
(using the server cPanel Cron Manager Linux command type set up page),
the php file does not find the uploaded files, presumably because the
above format of /home/mysite/public_html/dir/subdir/filename.xml needs
to be a different path. This must be familiar to many, can you help in
suggesting change in path required?
The path to your file doesn't need to be changed. It is where it is.
Do you have the path hard-coded in the script? Or, are you resolving it
using the $_SERVER or $_ENV array? When cron executes your script, it's
doing so directly (ie. CLI) rather than through httpd, so you'll find
that the environment is a little bit different.
Try running a CLI-executed phpinfo() script and compare to what you'd
normally get when hitting the same script through a browser. If you
don't have terminal access, run it with cron and have it capture and
mail the output to you.
b
--- End Message ---
--- Begin Message ---
Hi,
i'm currently analyzing an e-shop system.
i understand how to display products and so on, however i still have some
question marks on the following topics:
1. what is the best way for showing product image ?
- to store them in DB or onto filesystem as simple image files ?
- each product should have 2 images (1 small when user browser the
catalogue, 1 huge (standard) when user wants to see how product looks like).
Should be 1 or 2 images ? I mean should i store in DB/filesystem the
standard file and reduce size for user browsing ?
2. billing interaction
basically i was thinking to allow users to pay via PayPal, Bank2Bank and by
credit card.
- What i do not understand is how can i interact with such third party
company ?
- for paypal: how can i redirect user to PayPal and pay to my account and
how to get back information that he paid (and that i can send the good) ?
- Bank transfer: how can i control it ?
- Credit card payment: how can i be sure that when user give me his credit
card number, my application will secure it enough ? how can i get back
information that it's true...user paid the good and i can send him the
product ?
thanks a lot for all your feedback.
--
Alain
------------------------------------
Windows XP SP2
PostgreSQL 8.2.4 / MS SQL server 2005
Apache 2.2.4
PHP 5.2.4
C# 2005-2008
--- End Message ---
--- Begin Message ---
Alain Roger wrote:
Hi,
i'm currently analyzing an e-shop system.
i understand how to display products and so on, however i still have some
question marks on the following topics:
1. what is the best way for showing product image ?
- to store them in DB or onto filesystem as simple image files ?
touchy point there, some people do the first, others the other. If there
is no need for any metadata to be stored with the images (apart from a
productid), and no specific access rules which would require satisfying,
you might aswell store it on the filesystem. It's actually a bit easier
on the server as you then just have apache pick it up, and the user
could cache it vs. having to query the database each time.
- each product should have 2 images (1 small when user browser the
catalogue, 1 huge (standard) when user wants to see how product looks like).
Should be 1 or 2 images ? I mean should i store in DB/filesystem the
standard file and reduce size for user browsing ?
Reduce in what way? You can have the user look at the full image and
then downsize it via CSS/html-properties, but that usually results in
crappy quality. Instead most people create a thumbnail on the server
when the product is added, store it somewhere and then just have their
image-tags point at that.
2. billing interaction
basically i was thinking to allow users to pay via PayPal, Bank2Bank and by
credit card.
- What i do not understand is how can i interact with such third party
company ?
It all depends on what way the company allows to be used. Usually what
happens is that you redirect the user to some specific URL on the
company's site including some info like the vendor (=you), the amount to
be paid, the product name, the url for the redirect back to you. Then
when the company has finished the whole payment thing, it will redirect
back to the page you told it to redirect back to. Next what (usually)
happens is that the payment-company's server makes a connection to some
script on your server (usually via http), and sends over information
about the payment (orderid, amount paid, etc).
Once you recieve that, you can do with it whatever you want. Systems may
vary though, depending on which you use.
- for paypal: how can i redirect user to PayPal and pay to my account and
how to get back information that he paid (and that i can send the good) ?
Check the paypal website, it has excellent documentation on this.
- Bank transfer: how can i control it ?
What's there to control ?
- Credit card payment: how can i be sure that when user give me his credit
card number, my application will secure it enough ? how can i get back
information that it's true...user paid the good and i can send him the
product ?
Don't do it yourself, have a trusted 3rd party company do it for you
(ie. interpay or equens)
thanks a lot for all your feedback.
--- End Message ---
--- Begin Message ---
I have a PHP file which does an:
echo "someresponse"
to return some data. When I run it from a Windows client program, the
response I am seeing is not only the "someresponse" above but also has
the entire HTML form in the PHP file appended to it.
Naturally I do not want the form to be included in the response and do
not understand how or why I am getting it back ? Does anybody know why
this is happening ?
As an example of what is happening my form data in the PHP file looks like:
<form ENCTYPE="multipart/form-data" ACTION="" METHOD="POST">
<input NAME="name1" TYPE="file">
<input NAME="name2" TYPE="text">
<input NAME="name3" TYPE="text">
<input VALUE="submit" TYPE="submit"></form>
Somewhere in the PHP file I am doing:
echo "someresponse"
and the data being read back in the response is a string of:
"someresponse\n<form ENCTYPE="multipart/form-data"
ACTION=""METHOD="POST">\n<input NAME="name1" TYPE="file">\n<input
NAME="name2" TYPE="text">\n<input NAME="name3" TYPE="text">\n<input
VALUE="submit" TYPE="submit"></form>"
--- End Message ---
--- Begin Message ---
Edward Diener wrote:
I have a PHP file which does an:
echo "someresponse"
to return some data. When I run it from a Windows client program, the
response I am seeing is not only the "someresponse" above but also has
the entire HTML form in the PHP file appended to it.
Naturally I do not want the form to be included in the response and do
not understand how or why I am getting it back ? Does anybody know why
this is happening ?
As an example of what is happening my form data in the PHP file looks like:
<form ENCTYPE="multipart/form-data" ACTION="" METHOD="POST">
<input NAME="name1" TYPE="file">
<input NAME="name2" TYPE="text">
<input NAME="name3" TYPE="text">
<input VALUE="submit" TYPE="submit"></form>
Somewhere in the PHP file I am doing:
echo "someresponse"
and the data being read back in the response is a string of:
"someresponse\n<form ENCTYPE="multipart/form-data"
ACTION=""METHOD="POST">\n<input NAME="name1" TYPE="file">\n<input
NAME="name2" TYPE="text">\n<input NAME="name3" TYPE="text">\n<input
VALUE="submit" TYPE="submit"></form>"
My magical sight into your code reveals.... nothing.
Why? because I can't see it, I don't have any magical sight, so if you
don't post any code, I don't know what it is.
Now, usually this is simply a designflaw, eg. you have a script like so:
<?php
// do something
echo "someresponse";
// do something else
// do even more
echo '<form ENCTYPE="multipart/form-data"
ACTION=""METHOD="POST">\n<input NAME="name1" TYPE="file">\n<input
NAME="name2" TYPE="text">\n<input NAME="name3" TYPE="text">\n<input
VALUE="submit" TYPE="submit"></form>';
// do more stuff
?>
Probably your code further on doesn't check if you really want to show
it or not, there are 2 ways to resolve this:
1. exit after your response (using eg. die() or exit)
2. surround your form with an if() which checks that you really DO wish
to show it.
But, it might also be something else (though I doubt it), in which case:
Post your code, fool!! ([TM] mr. T)
- Tul
--- End Message ---
--- Begin Message ---
Maciek Sokolewicz wrote:
Edward Diener wrote:
I have a PHP file which does an:
echo "someresponse"
to return some data. When I run it from a Windows client program, the
response I am seeing is not only the "someresponse" above but also has
the entire HTML form in the PHP file appended to it.
Naturally I do not want the form to be included in the response and do
not understand how or why I am getting it back ? Does anybody know why
this is happening ?
As an example of what is happening my form data in the PHP file looks
like:
<form ENCTYPE="multipart/form-data" ACTION="" METHOD="POST">
<input NAME="name1" TYPE="file">
<input NAME="name2" TYPE="text">
<input NAME="name3" TYPE="text">
<input VALUE="submit" TYPE="submit"></form>
Somewhere in the PHP file I am doing:
echo "someresponse"
and the data being read back in the response is a string of:
"someresponse\n<form ENCTYPE="multipart/form-data"
ACTION=""METHOD="POST">\n<input NAME="name1" TYPE="file">\n<input
NAME="name2" TYPE="text">\n<input NAME="name3" TYPE="text">\n<input
VALUE="submit" TYPE="submit"></form>"
My magical sight into your code reveals.... nothing.
Why? because I can't see it, I don't have any magical sight, so if you
don't post any code, I don't know what it is.
Now, usually this is simply a designflaw, eg. you have a script like so:
<?php
// do something
echo "someresponse";
// do something else
// do even more
echo '<form ENCTYPE="multipart/form-data"
ACTION=""METHOD="POST">\n<input NAME="name1" TYPE="file">\n<input
NAME="name2" TYPE="text">\n<input NAME="name3" TYPE="text">\n<input
VALUE="submit" TYPE="submit"></form>';
// do more stuff
?>
Probably your code further on doesn't check if you really want to show
it or not, there are 2 ways to resolve this:
1. exit after your response (using eg. die() or exit)
2. surround your form with an if() which checks that you really DO wish
to show it.
But, it might also be something else (though I doubt it), in which case:
Post your code, fool!! ([TM] mr. T)
Here is the code, with names suitable changed to protect actual
functionality of proprietary software:
-----------------------------------------------------------------------
<?php
if ( ! (isset($_GET['zzzzz']) && $_GET['zzzzz'] == 124) )
{
?>
<script>
alert(" UnAuthorised Access..............");
window.location ="ascript.php";
</script>
<?php
echo " UnAuthorised Access..............";
exit;
}
function MyExampleFunction($param1, $param2, $param3,$param4="")
{
$param5 = 'Info1' . "\r\n";
$param5 .= 'Info2' . "\r\n";
$param5 .= 'Info3';
if(SomePHPFunction($param1,$param3,$param2."\r\n\r\n",$param5))
echo "SomePHPFunction called for $param1 OK.\n";
else
echo "Could not call SomePHPFunction for $param1.\nError:
".$param4."\n";
}
if ($_FILES['AFileName']['name'] == "")
{
echo "No AFileName.";
exit;
}
if ($_POST['AInput1'] == "")
{
echo "No AInput1.";
exit;
}
if ($_POST['AInput2'] == "")
{
echo "No AInput2.";
exit;
}
$AVariable1 = $_POST['AInput1'];
$AVariable2 = $_POST['AInput2'];
$size = filesize($_FILES['AFileName']['tmp_name']);
$fp = fopen ($_FILES['AFileName']['tmp_name'], "r");
$AVariable3 = fread($fp, $size);
fclose ($fp);
@MyExampleFunction($AVariable1, $AVariable3, $AVariable2);
?>
<form ENCTYPE="multipart/form-data" ACTION="" METHOD="POST">
<input NAME="AFileName" TYPE="file">
<input NAME="AInput1" TYPE="text">
<input NAME="AInput2" TYPE="text">
<input VALUE="submit" TYPE="submit"></form>
-----------------------------------------------------------
The code takes to input fields and a single file upload,
calls the MyExampleFunction, which calls the SomePHPFunction
successfully. The SomePHPFunction is a function in one of PHP's
libraries.
The response comes from the:
echo "SomePHPFunction called for $param1 OK.\n";
statement, plus
<form ENCTYPE="multipart/form-data" ACTION="" METHOD="POST">
<input NAME="AFileName" TYPE="file">
<input NAME="AInput1" TYPE="text">
<input NAME="AInput2" TYPE="text">
<input VALUE="submit" TYPE="submit"></form>
I have no idea why all the form data is being appended to the response.
--- End Message ---
--- Begin Message ---
Edward Diener wrote:
Maciek Sokolewicz wrote:
Edward Diener wrote:
I have a PHP file which does an:
echo "someresponse"
to return some data. When I run it from a Windows client program, the
response I am seeing is not only the "someresponse" above but also
has the entire HTML form in the PHP file appended to it.
Here is the code, with names suitable changed to protect actual
functionality of proprietary software:
-----------------------------------------------------------------------
<?php
if ( ! (isset($_GET['zzzzz']) && $_GET['zzzzz'] == 124) )
{
?>
<script>
alert(" UnAuthorised Access..............");
window.location ="ascript.php";
</script>
<?php
echo " UnAuthorised Access..............";
exit;
}
function MyExampleFunction($param1, $param2, $param3,$param4="")
{
$param5 = 'Info1' . "\r\n";
$param5 .= 'Info2' . "\r\n";
$param5 .= 'Info3';
if(SomePHPFunction($param1,$param3,$param2."\r\n\r\n",$param5))
echo "SomePHPFunction called for $param1 OK.\n";
else
echo "Could not call SomePHPFunction for $param1.\nError:
".$param4."\n";
}
if ($_FILES['AFileName']['name'] == "")
{
echo "No AFileName.";
exit;
}
if ($_POST['AInput1'] == "")
{
echo "No AInput1.";
exit;
}
if ($_POST['AInput2'] == "")
{
echo "No AInput2.";
exit;
}
$AVariable1 = $_POST['AInput1'];
$AVariable2 = $_POST['AInput2'];
$size = filesize($_FILES['AFileName']['tmp_name']);
$fp = fopen ($_FILES['AFileName']['tmp_name'], "r");
$AVariable3 = fread($fp, $size);
fclose ($fp);
@MyExampleFunction($AVariable1, $AVariable3, $AVariable2);
?>
<form ENCTYPE="multipart/form-data" ACTION="" METHOD="POST">
<input NAME="AFileName" TYPE="file">
<input NAME="AInput1" TYPE="text">
<input NAME="AInput2" TYPE="text">
<input VALUE="submit" TYPE="submit"></form>
-----------------------------------------------------------
The code takes to input fields and a single file upload,
calls the MyExampleFunction, which calls the SomePHPFunction
successfully. The SomePHPFunction is a function in one of PHP's
libraries.
The response comes from the:
echo "SomePHPFunction called for $param1 OK.\n";
statement, plus
<form ENCTYPE="multipart/form-data" ACTION="" METHOD="POST">
<input NAME="AFileName" TYPE="file">
<input NAME="AInput1" TYPE="text">
<input NAME="AInput2" TYPE="text">
<input VALUE="submit" TYPE="submit"></form>
I have no idea why all the form data is being appended to the response.
Because you haven't included any conditions to test whether or not to
output the form, nor exited the script before the form is parsed. Pick
one or the other.
b
--- End Message ---
--- Begin Message ---
brian wrote:
Edward Diener wrote:
Maciek Sokolewicz wrote:
Edward Diener wrote:
I have a PHP file which does an:
echo "someresponse"
to return some data. When I run it from a Windows client program,
the response I am seeing is not only the "someresponse" above but
also has the entire HTML form in the PHP file appended to it.
Here is the code, with names suitable changed to protect actual
functionality of proprietary software:
-----------------------------------------------------------------------
<?php
if ( ! (isset($_GET['zzzzz']) && $_GET['zzzzz'] == 124) )
{ ?>
<script>
alert(" UnAuthorised Access..............");
window.location ="ascript.php";
</script>
<?php
echo " UnAuthorised Access..............";
exit;
}
function MyExampleFunction($param1, $param2, $param3,$param4="")
{
$param5 = 'Info1' . "\r\n";
$param5 .= 'Info2' . "\r\n";
$param5 .= 'Info3';
if(SomePHPFunction($param1,$param3,$param2."\r\n\r\n",$param5))
echo "SomePHPFunction called for $param1 OK.\n";
else
echo "Could not call SomePHPFunction for $param1.\nError:
".$param4."\n";
}
if ($_FILES['AFileName']['name'] == "")
{
echo "No AFileName.";
exit;
}
if ($_POST['AInput1'] == "")
{
echo "No AInput1.";
exit;
}
if ($_POST['AInput2'] == "")
{
echo "No AInput2.";
exit;
}
$AVariable1 = $_POST['AInput1'];
$AVariable2 = $_POST['AInput2'];
$size = filesize($_FILES['AFileName']['tmp_name']);
$fp = fopen ($_FILES['AFileName']['tmp_name'], "r");
$AVariable3 = fread($fp, $size);
fclose ($fp);
@MyExampleFunction($AVariable1, $AVariable3, $AVariable2);
?>
<form ENCTYPE="multipart/form-data" ACTION="" METHOD="POST">
<input NAME="AFileName" TYPE="file">
<input NAME="AInput1" TYPE="text">
<input NAME="AInput2" TYPE="text">
<input VALUE="submit" TYPE="submit"></form>
-----------------------------------------------------------
The code takes to input fields and a single file upload,
calls the MyExampleFunction, which calls the SomePHPFunction
successfully. The SomePHPFunction is a function in one of PHP's
libraries.
The response comes from the:
echo "SomePHPFunction called for $param1 OK.\n";
statement, plus
<form ENCTYPE="multipart/form-data" ACTION="" METHOD="POST">
<input NAME="AFileName" TYPE="file">
<input NAME="AInput1" TYPE="text">
<input NAME="AInput2" TYPE="text">
<input VALUE="submit" TYPE="submit"></form>
I have no idea why all the form data is being appended to the response.
Because you haven't included any conditions to test whether or not to
output the form, nor exited the script before the form is parsed. Pick
one or the other.
I do not understand what you mean by your first statement above when you
say 'you haven't included any conditions to test whether or not to
output the form'. Am I not 'responding' to the form in my PHP code based
on the input parameters to the form in my PHP code ? I also do not
understand what you mean by 'nor exited the script before the form is
parsed'. Does not the script 'exit' when the PHP code reaches the ending
'?>' tag ?
As I understand it the PHP code, in between the '<?php' and '?>' tag, is
there to process the form, in essence responding to a request on the
form. Is this incorrect ? In my PHP code the 'echo' statement sends a
response back for the request. Is that not correct ?
--- End Message ---
--- Begin Message ---
Edward Diener wrote:
Does not the script 'exit' when the PHP code reaches the ending
'?>' tag ?
Not exactly. PHP processes the remainder of the file too, it just
doesn't find any PHP code to execute therein. It does find some text to
output, and it outputs it. That text happens to be a form.
--
Benjamin Hawkes-Lewis
--- End Message ---
--- Begin Message ---
Benjamin Hawkes-Lewis wrote:
Edward Diener wrote:
Does not the script 'exit' when the PHP code reaches the ending
'?>' tag ?
Not exactly. PHP processes the remainder of the file too, it just
doesn't find any PHP code to execute therein. It does find some text to
output, and it outputs it. That text happens to be a form.
Now I see. Just like in normal HTML processing a request to a URL which
is an HTML page, sends the HTML markup back to the client. My PHP page
is a normal HTML page with PHP processing embedded in it. Hit me on the
head and wake me up <g>.
How does one stop PHP from outputting data in a PHP file outside of the
PHP tags ? Hopefully there is a technique for that. can I just 'exit' in
the PHP processing code in order to do that ? It seems that should work
and I will try it.
In my case I am using the form data just to process the request and not
to be sent back to the client, especially as a form itself is not a
complete HTML page.
--- End Message ---
--- Begin Message ---
Jim Lucas wrote:
Rod Clay wrote:
I'm creating a website in php and I've noticed that many websites seem
to "remember where the user is on the page,"
You are probably referring to <a name=""></a> tag placement.
If in your web page you place an anchor tag like this:
<a name="SomeName"></a>
Then in the URL you add this to the end #SomeName it will try and
place that position at the top of your viewable area in your web browser.
http://example.com/myfunpage.html#SomeName
A better way to do that is to give some block element--a header, a div,
etc.--an ID. That works exactly the same as <a name="...">. That way,
there can be many anchored locations on a page without having to add
otherwise superfluous tags. I *suspect* that the <a name=""> thing is
deprecated, even.
In any case, I wonder if the OP is referring to the fact that many
user-agents will scroll to the previous spot when the "back" button is
used. No extra mark-up or hints required.
b
--- End Message ---
--- Begin Message ---
I've never tried it for this type of application; but, html Map may be a neat approach since you
won't need JS or any special client-side code, just plain old html.
Rod Clay wrote:
I'm creating a website in php and I've noticed that many websites seem
to "remember where the user is on the page," so that, for example, the
user can click on a link and go to another page, but, when the user
comes back to the original page, it is displayed so that the user is
looking at the same part of the page that s/he was looking at when s/he
clicked the link. This is a mystery to me! How do you create a webpage
so that it "remembers" where the user is on the page and takes her/him
back to that same place on the page when the user returns? There must
be some "trick" to making this happen because a lot of pages do it and a
lot don't (like mine! :-( ). But I'd like to make mine do it too!!
Thanks for any light you can shed for me on this "mystery."
--- End Message ---
--- Begin Message ---
brian wrote:
A better way to do that is to give some block element--a header, a div,
etc.--an ID. That works exactly the same as <a name="...">.
It should work the same. But it doesn't in older user agents or with
older assistive technology:
http://stevenclark.com.au/2008/07/11/named-anchors-and-skip-navigation/
I *suspect* that the <a name=""> thing is
deprecated, even.
Not in HTML:
http://www.w3.org/TR/REC-html40/struct/links.html#adef-name-A
It's deprecated in XHTML 1.0 (i.e. it's valid to use):
http://www.w3.org/TR/xhtml1/#h-4.10
It's removed in XHTML 1.1 (i.e. it's not valid to use):
http://www.w3.org/TR/xhtml11/changes.html#a_changes
Its removal from XHTML isn't particularly relevant to most web authors,
as Trident (and hence both IE and older assistive technology that only
supports IE) doesn't support XHTML except when served as text/html (i.e.
tag soup), XHTML 1.0 has no advantages when served as tag soup, and
XHTML 1.1 must not be served as text/html. ;)
--
Benjamin Hawkes-Lewis
--- End Message ---
--- Begin Message ---
I've been running the script below:
<?php
$appIds = getLotsOfAppIds();
foreach ($appIds as $appId) {
echo "$appId\n";
//echo memory_get_usage() . "\n";
try {
$getBundles = getBundles($appId);
$numBundles = count($registeredBundles);
echo $numBundles . "\n";
continue;
}
}
?>
And I get PHP Fatal Error: Allowed Memory Size Exhausted after it runs for a
bit. Looking at the memory usage, it's because $getBundles (an array) is
huge, and keeps growing. What I'm confused by is why setting it to
something else in the next iteration of the foreach loop doesn't free the
previously allocated array, since there shouldn't be any more references to
it. I've worked around it by explicitly calling unset($getBundles), but
just wanted to understand why it's working the way it does.
Thanks,
Waynn
--- End Message ---
