php-general Digest 18 Jun 2001 19:14:40 -0000 Issue 706 Topics (messages 54239 through 54256): Compiler advice please! 54239 by: Gerry ereg function 54240 by: Jay Paulson 54252 by: CC Zona Re: [PHP-DEV] Fork() in php? (äâà óäàðà - 8 äûðîê?) 54241 by: ~~~i LeoNid ~~ fdf and pfd functions in PHP 54242 by: David A Castillo 54243 by: mheumann.sei.cl Re: NEED BOOK: DB Abstaction 54244 by: Jon Haworth a little ot, mysql binary fields 54245 by: Christian Dechery Form security 54246 by: phpman 54247 by: James Stevens 54248 by: Peter Dudley 54251 by: mheumann.sei.cl 54253 by: phpman .htaccess and secure image directory 54249 by: bill pg_fetch_object() and composite field names 54250 by: Arcady Genkin Re: out file 54254 by: Hasan Niyaz Re: advice on 'Nusphere Mysql Package' appreciated 54255 by: scott [gts] Lists are back up 54256 by: Rasmus Lerdorf Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] ----------------------------------------------------------------------
Hi this is probably of the scope of the list since it is a c++ question. (sorry) I'm trying to learn a few things about c++ and I'm using "gcc" on my Linux box. The problem I encountered is with the floating point manipulation classes or functions like "fixed" and "showpoint", I get a compile error saying they are not declared. I triyed the gcc.gnu site but I could not find a support maillist like this one. After endless fruitless searches on the web I decided to give you a shot since you have answered many of my PHP questions and I know some of you do a lot more than just PHP related development. Could someone point me in the right direction please, maybe a site or mailgroup where I could ask about this? Thanks in advance and sorry for the inconvenience! Gerry
hello- I have a pretty easy question for some of you. I'm using the ereg function and it's not returning a true or false after it runs. Below is the code snippet I'm using. echo ereg("^[a-zA-Z]$", $fname); as you can see I'm just looking to make sure the variable $fname just has characters a-zA-Z and nothing else. Anyway, I'm running PHP 4.0.5 and I'm using the ereg function else where and it seems to work fine. Thanks, Jay Paulson
In article <002e01c0e46c$ec2459a0$6e00a8c0@webdesign>, [EMAIL PROTECTED] ("Jay Paulson") wrote: > echo ereg("^[a-zA-Z]$", $fname); > > as you can see I'm just looking to make sure the variable $fname just has > characters a-zA-Z and nothing else. Actually, you're checking whethere the variable is a single-character string a-zA-Z. For what you want: ereg("^[a-zA-Z]+$", $fname); //add plus sign Note also that although the docs imply that ereg() returns an integer value, it says further down "Returns true if a match for pattern was found in string, or false if no matches were found or an error occurred." In my experience, boolean values don't echo well. Try this instead: if(ereg("^[a-zA-Z]+$", $fname)) { echo "<p>Passed!</p>\n"; } else { echo "<p>Failed. Enter a different value.</p>\n"; } -- CC
On 21 May 2001 10:06:41 -0700 impersonator of [EMAIL PROTECTED] (Zeev Suraski) planted &I saw in php.general: >At 08:24 21/5/2001, Rasmus Lerdorf wrote: >>You are assuming they even read this mailing list. > >*ping* (in Tokyo, so it took me a while to catch up on my Email) > >Zeev > Sorry for _an_ intrusion her. I just unsuccsefully "ping"ed "zend" (on an address supplied on the page) of wich the author is co-founder co-developer, as i undustand:) So i publish my quest her. Hopefully it will be seen by some, besides maintainers:) Is there hope to get answer too? I hope. > I was checking on PHP en-coder (unfortunately, it only goes from 4.03:(so i didn't go *further*, but wanted to test Zend Optimizer too. But stoped at license item 8.2, and asked for an explanation, on witch i received *demon* response (below) - sorry it got compacted, as i forgot to close my copy/paste buffer compacter (and i am to lazy to copy it again:) Hope, you decipher:) Sincerely, LeonId AM i `disclosing´ by this?:) ------------------------d(a)emon--------advice----------------- Hi. This is the qmail-send program at mail.zend.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <[EMAIL PROTECTED]>: --- Below this line is a copy of the message. Return-Path: <[EMAIL PROTECTED]> Received: (qmail 6544 invoked by alias); 24 May 2001 14:37:03 -0000 Delivered-To: [EMAIL PROTECTED] Received: (qmail 6541 invoked from network); 24 May 2001 14:37:02 -0000 Received: from unknown (HELO mckexch02.mckusa01) (38.201.8.162) by mail.zend.com with SMTP; 24 May 2001 14:37:02 -0000 Received: from cheerleo (ip162-6.urbis.net.il [192.118.6.162]) by mckexch02.mckusa01 with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2448.0) id JHSZ36Z9; Thu, 24 May 2001 09:57:17 -0400 Message-ID: <000101c0e456$21997780$a20676c0@cheerleo> From: "LeoNid" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: ÌÉÃÅÎÓ point 8.2 (on zend optimizer) Date: Thu, 24 May 2001 17:33:30 +0400 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3612.1700 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3612.1700 ShaLom, What is the meaning of an item 8.2 of your license for ZendOptimizer. What kind of "confidential" infor., you supply for suppose to be freely downloadable software? Ain't - points - mentioning _no_ reverse engineering suffice? Inspite that I am considering download for myself only, I won't even think of it with such (funny unclear and absurd, unless proved otherwise:) restriction. Thank you for an explanation. ShaLom i Leonid. ---that's what _i_ saw in a license (if my MSG is delivered without alteration either:)--------- 8.2. Non-Disclosure. Licensee shall not permit anyone other than its own most trusted employees with a need to know to access or use the Licensor Proprietary Information. Licensee shall not disclose the Licensor Proprietary Information to any third party or use the Licensor Proprietary Information other than as authorized hereunder. Furthermore, Licensee: (a) recognizes that the unauthorized use or disclosure of Licensor Proprietary Information will give rise to irreparable injury to Licensor or its licensors for which monetary damages may be an inadequate remedy; and (b) agrees that Licensor or its licensors may seek and obtain injunctive relief against the breach or threatened breach of Licensee's obligations under this Agreement, in addition to any other legal and equitable remedies which may be available to Licensor.
Okay, I'm trying to teach myself how to utilize fdf and insert into pdf and I have a question for y'all. When using pfd forms to submit to an fdf file, the php script uses the variable $HTTP_RAW_POST_DATA as the source to write to the fdf file. If I use an HTML form to do the same thing, what variable would I use? I tried $HTTP_POST_DATA and it returned an empty variable set resulting in an empty fdf file. The code I'm using is as follows: <?php $fdffp = fopen("test.fdf","w"); fwrite($fdffp, $HTTP_POST_DATA, strlen($HTTP_POST_DATA)); fclose($fdffp); ?> Sorry for the basic question but I guess we all have to start somewhere! Cheers, Dave
Hi, I think this is more complicated. You'll need to create the FDF file manually pertaining to the format specifications. You will have to use the data posted from the HTML form, but just writing them out to the file won't do the trick. I haven't done this with PHP yet, maybe the fdf functions provided can help you somewhat with the format. Greetings, Michael. > Okay, I'm trying to teach myself how to utilize fdf and insert into pdf and > I have a question for y'all. When using pfd forms to submit to an fdf file, > the php script uses the variable $HTTP_RAW_POST_DATA as the source to write > to the fdf file. If I use an HTML form to do the same thing, what variable > would I use? I tried $HTTP_POST_DATA and it returned an empty variable set > resulting in an empty fdf file. The code I'm using is as follows: > > <?php > $fdffp = fopen("test.fdf","w"); > fwrite($fdffp, $HTTP_POST_DATA, strlen($HTTP_POST_DATA)); > fclose($fdffp); > ?> > > Sorry for the basic question but I guess we all have to start somewhere! > > Cheers, > > Dave > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED]
PHP 4 Bible (Converse/Park, IDG Books) has a chapter on OO programming that contains sample code for an entire DB layer... Failing that you can knock your own up really easily, using include() to stick it in whatever script you fancy. HTH Jon -----Original Message----- From: Erich Reimberg N. [mailto:[EMAIL PROTECTED]] Sent: 24 May 2001 16:48 To: [EMAIL PROTECTED] Subject: [PHP] NEED BOOK: DB Abstaction Hello, Can anyone here, please, recommend me a good book that covers the DB abstracion that has PHP4? Most of the books only deal with MySQL, and that's not always my choice for a DB administrator. So I need to program scripts that can connect to any DB. I use this in ASP: I write a tiny script that only connects to a DB, and then I include it in any script that needs DB connectivity. Then, If I change the DB, I only change the tiny script, and the rest works just like before. (By the way, is it possible to do this in PHP at all? I believe it is) Please, if you have any books you can recommend Cc to my email address: [EMAIL PROTECTED] Thanks, Erich Reimberg N -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] ********************************************************************** 'The information included in this Email is of a confidential nature and is intended only for the addressee. If you are not the intended addressee, any disclosure, copying or distribution by you is prohibited and may be unlawful. Disclosure to any party other than the addressee, whether inadvertent or otherwise is not intended to waive privilege or confidentiality' **********************************************************************
How do I backup a blob field in mysql? Every time I dump it (to a text file via phpMyAdmin)... it creates insert lines but the binary data is all screwed up and when I load it it gives me error messages...
Since nobody answered my last question (or any of them for that matter). Let me rephrase it a little different. Other then checking the referer (to make sure the posted data came from the right page) and user agent (to see if it exists), is there any other way to secure a form from having other forms submitting to it? -dave
Another way to do this is to have a form element with an odd name and value that you can check for before processing the post. This is not too secure if someone knows the name and value though. In that case you can use the referer _and_ a unique element name and value that is related to the referer. Checking for these items before processing the form should be pretty good. James -----Original Message----- From: phpman [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 24, 2001 10:04 AM To: [EMAIL PROTECTED] Subject: [PHP] Form security Since nobody answered my last question (or any of them for that matter). Let me rephrase it a little different. Other then checking the referer (to make sure the posted data came from the right page) and user agent (to see if it exists), is there any other way to secure a form from having other forms submitting to it? -dave -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Are you using sessions? You can register a tracking variable on the form page and then check that variable on the processing page. If the posted data comes from any page other than the one that you want it to, the variable will not be set. Not 100% sure, but I think this covers what you've asked. Pete. ""phpman"" <[EMAIL PROTECTED]> wrote in message 9ejeqp$gm7$[EMAIL PROTECTED]">news:9ejeqp$gm7$[EMAIL PROTECTED]... > Other then checking the referer (to make sure the posted data came from the > right page) and user agent (to see if it exists), is there any other way to secure a > form from having other forms submitting to it? > > -dave
Hi, you could use an additional parameter containing a checksum of the entire URL, that you check at the beginning. Of course, somebody with the right motivation could find out your checksum scheme (I would use a subset of the md5 function), but at least it won't be simple anymore. You could also use a Session ID that you generate somewhere on your site (usually the start page). You pass that along to the form and check it for validity. PHP 4 supports sessions. Hope this helps. Greetings, Michael. > Since nobody answered my last question (or any of them for that matter). Let > me rephrase it a little > different. > > Other then checking the referer (to make sure the posted data came from the > right page) > and user agent (to see if it exists), is there any other way to secure a > form from having other > forms submitting to it? > > -dave
I'm not trying to keep my script secure, I'm trying to get into another script, using cURL. I sent all of the POST fields, set my REFERER to be their referer page, even set my AGENT to be ie 5 on a Win2K box. Damn script is still not returning the right screen. When I copy the HTML code to my machine and run it locally (adjusting the FORM ACTION= to the remote script url) it works. I can even change the same form around and point it one of my scripts that prints every POST var out, I got them all. I checked for cookies - none. I'm not doing this to do anything illegal. I'm trying to link with this script... http://wwwapps.ups.com/servlet/QCCServlet to get shipping info (their XML integration is impossible with PHP - PHP cannot do it). This makes no sense to me, I can't think of anything I'm missing. I've gone through my code for typos and case sensitivities - even the order the POST vars are sent in is the same! Aaaaaauuugggggghhhh!!!!! -dave ""phpman"" <[EMAIL PROTECTED]> wrote in message 9ejeqp$gm7$[EMAIL PROTECTED]">news:9ejeqp$gm7$[EMAIL PROTECTED]... > Since nobody answered my last question (or any of them for that matter). Let > me rephrase it a little > different. > > Other then checking the referer (to make sure the posted data came from the > right page) > and user agent (to see if it exists), is there any other way to secure a > form from having other > forms submitting to it? > > -dave > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] >
If I upload images to a web directory using PHP, how can I prevent a web browser from getting a file list of the directory while still allowing it to be polled for specific images? kind regards, bill hollett
Suppose I have a query like this: $query = "select A.id, B.id from foo A, bar B where A.bleh=B.blob;"; $result = pg_exec( $db, $query); $obj = pg_fetch_object( $result, 0 ); My question is: How do I access the field names in the $obj now? I know that I can transform the query to avoid this problem, or use a function other than pg_fetch_object. But I'm interested whether pg_fetch_object _can_ be used here. Many thanks, -- Arcady Genkin
Hi, This is not very php related but if anyone can let me this simple question. I'm using a dos window to communicate with my MySQL server. What if i want to save the results in file. What is the command i should use. Thanks, Hasan
mandrake is easy to install, yes. :) mandrake is a full distribution... it's everything that most people need ....kernel, Xwindows, servers, apps, games, dev. libraries, languages, etc. etc... you can customize which programs get installed from the install program. it's a great system.... really easy to use and install. download the mandrake 8.0 ISO from their website if you've got a CD-R. it's free :) > -----Original Message----- > From: Johnny Smith [mailto:[EMAIL PROTECTED]] > Sent: Thursday, May 24, 2001 8:45 AM > To: [EMAIL PROTECTED] > Subject: RE: [PHP] advice on 'Nusphere Mysql Package' appreciated > > > Thanks for replying Scott... > > Are you trying to say that Mandrake has PHP, Mysql, Apache > and that the combination is easy to install correctly on > Mandrake? > > > > > >From: "scott [gts]" <[EMAIL PROTECTED]> > >To: "php" <[EMAIL PROTECTED]> > >Subject: RE: [PHP] advice on 'Nusphere Mysql Package' appreciated > >Date: Wed, 23 May 2001 14:43:38 -0400 > > > >Linux Mandrake (8.0) is extremely easy to install, > >(it's a complete linux distrib, based off of RedHat, > >so you can install it onto a clean machine) > > > >the install is *very* interactive and it comes fully > >loaded with almost everything you could want, > >and is free.... > > > >get the ISO's at : > > > >http://linux-mandrake.com/ > > > > > > > >-- > >PHP General Mailing List (http://www.php.net/) > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > >To contact the list administrators, e-mail: [EMAIL PROTECTED] > > > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com >
We have re-enabled the PHP mailing lists. They are now running from a temporary machine sitting on the floor of my spare bedroom. A more permanent home is in the works. -Rasmus