php-windows Digest 28 May 2005 09:02:11 -0000 Issue 2680

[php-windows-digest-help]

php-windows Digest 28 May 2005 09:02:11 -0000 Issue 2680

Topics (messages 26047 through 26049):

Re: [PHP] Stopping users to see uploaded files
        26047 by: Michael Adams

Re: Crazy user input with html in it
        26048 by: Louis Solomon [SteelBytes]

pop3 emailer
        26049 by: Mike Bellerby

Administrivia:

To subscribe to the digest, e-mail:
        [EMAIL PROTECTED]

To unsubscribe from the digest, e-mail:
        [EMAIL PROTECTED]

To post to the list, e-mail:
        php-windows@lists.php.net


----------------------------------------------------------------------

--- Begin Message ---

On Fri, 27 May 2005 11:59:53 +0100
symbulos <[EMAIL PROTECTED]> wrote:

> Dear friends,
> 
> we are using php for developing a small tool for uploading files for
> download 
> (publications). Using the usual move_uploaded_file, the publications
> are loaded into a directory where the webserver can write / read.
> 
> Unfortunately, that means every person who connects to the directory
> can see the files. If some of the files are for sale, how do you stop
> the user from seeing them / downloading them without permission?
> 
> Is there any other way to upload files using php?
> 
> Thanks in advance!

You are going the right way. Put an index.html file in that directory
that redirects people to your home page or whereever. You could
alternatively restrict the directory with password access.

 --
Michael

--- End Message ---

--- Begin Message ---

when storing, use mysql_real_escape_string (or equiv for what ever db)
eg,
$query = 'insert into table set 
field=\''.mysql_real_escape_string($valuefromuser).'\', set field2=...

when displaying user input (not matter where from), use htmlentities()
eg,
echo htmlentities($string_from_db);

-- 
Louis Solomon
www.SteelBytes.com

"Ross Honniball" <[EMAIL PROTECTED]> wrote in message 
news:[EMAIL PROTECTED]
> Hi all,
>
> Say you get some text field from a user and store it in a database. Then 
> later you display this input. If the user has coded html in the actual 
> input, without running this through some kind of parsing function, it 
> could give you some odd results.
>
> For example, say the user types in, as text <input type="text">
>
> Then when you display this data (echo it), your page will show an html 
> input box.
>
> I think there are a number of functions in php to cope with this, but 
> wondering what people find to be the best/most efficient or whatever one.
>
> What do you do?
> ..
> .. Ross Honniball. JCU Bookshop Cairns, Qld, Australia.
> .. 

--- End Message ---

--- Begin Message ---

Hi

What is the easist way to read an email account from php?

Thanks

Mike

--- End Message ---