Re: [PHP] Date Q

2002-05-09 Thread Jason Wong

On Friday 10 May 2002 13:14, Jason Soza wrote:
> Thanks for the code, but I already have:
> $result = mysql_query("SELECT * FROM table");

  select *, min(datefield) as mindate, max(datefield) as maxdate from table;

Should work.

> It's been my general understanding that querying twice in one script is
> bad. How do I incorporate your code into my script w/o querying again?

Nothing inherently bad about that. After all if you can't do it in one query, 
what's to stop you using two or more?

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.com.hk
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *

/*
Great American Axiom:
Some is good, more is better, too much is just right.
*/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] Web hoster solution?

2002-05-09 Thread Darren Gamble

Good day,

A friend of mine has been asked to set up a simple website for a third
party, which will be used by visitors to order products.

She has been programming for a little while now, but, she doesn't have much
experience with other web hosting companies (and neither do I, really).  I
know that some hosters provide "shopping cart" programs with their packages,
which would probably make things much easier.  She's also willing to try to
install something PHP-ish (or even in ASP) if that's not an option.

The site wouldn't have a lot of visitors- 1000 a month, tops, so there isn't
much need for a lot of bandwidth.  And, other than this purchasing
interface, their needs are pretty basic, so a low cost is probably the most
important thing.

What would people here recommend?  I know that this question has been asked
before, but her needs are a little bit simpler than the average PHP'er on
this list. =)

Thanks,


Darren Gamble
Planner, Regional Services
Shaw Cablesystems GP
630 - 3rd Avenue SW
Calgary, Alberta, Canada
T2P 4L4
(403) 781-4948

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Adding up values

2002-05-09 Thread Jason Wong

On Friday 10 May 2002 14:27, Miguel Cruz wrote:
> There's really not much to it. The intval of '-' is 0, so it doesn't cause
> any problems.
>
>   $numbers = file('path/logfile.txt');
>   $total = 0;
>   foreach ($numbers as $num) $total += intval($num);

Or use array_sum():

  $numbers = file('path/logfile.txt');
  $total = array_sum($numbers);

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.com.hk
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *

/*
"What if" is a trademark of Hewlett Packard, so stop using it in your
sentences without permission, or risk being sued.
*/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] Array usage affecting server

2002-05-09 Thread Kevin Meredith

Hi.

When a database query is done and the results are put into an array, what
are the resources used?  I name all arrays differently and was wondering how
it would affect the performance of the server if many people connected with
many arrays being full.  I am assuming the array gets 'dropped' when you
connect to another page but if I keep on the same page using PHP_SELF?

Basically I am just trying to find out what is the best way of using arrays
without using all the servers resources.

Thanks
Kevin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] Getting the HTML Name Value in Forms(newbie)

2002-05-09 Thread Daniel

ok, i have the following script

 HTML File ---


Your name: 

You email: 

Product1
Product2



--- End HTML Form ---

Ok, its just a simple purchase script for a free online game..
I know how to get the value of the thing via $Prod1 or $Prod2.. however this
form is emailed, so how can i get it to list the product's Name (name="")
field?
I've looked around and can't work out how to do this.

Theres 800 items at the moment and i don't want to have to type out all the
names, just get the names on the ones selected..

Can someone help?

Regards,
Daniel Maddern




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] PHP builds

2002-05-09 Thread Liam MacKenzie

Hi all,

I need some opinions, what are some good modules to build into PHP?
I'm starting a hosting service (properly) 

Thanks!



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Adding up values

2002-05-09 Thread Miguel Cruz

There's really not much to it. The intval of '-' is 0, so it doesn't cause 
any problems.

  $numbers = file('path/logfile.txt');
  $total = 0;
  foreach ($numbers as $num) $total += intval($num);

miguel

On Fri, 10 May 2002, Liam MacKenzie wrote:
> another real basic question, how would I add up all the numbers in a log
> file in this format?
> 
> Start log file
> 
> 
> 6353
> 3309
> 294
> 762
> 6443
> 6353
> 3309
> -
> -
> -
> -
> -
> -
> 294
> 762
> 6353
> 6443
> 3309
> -
> -
> -
> -
> -
> -
> -
> -
> 294
> 867
> 859
> 7695
> 97
> 49
> -
> -
> -
> -
> 
> ---
> end log file
> 
> 
> how can I add all the numbers without having those dashes causing a problem?
> 
> cheers,
> Liam
> 
> 
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] php_register_variable()

2002-05-09 Thread Serguei I. Ivantsov

Hello!

I need some help with subj function.

I execute that function before php_execute_script() but variables seems to
be not available within my script.

How can I register variable from the C program (/sapi/cli) to see it available in the
script ?


--
 Regards,
  Serguei I. Ivantsov




[PHP] Adding up values

2002-05-09 Thread Liam MacKenzie

Hey all,

another real basic question, how would I add up all the numbers in a log
file in this format?

Start log file


6353
3309
294
762
6443
6353
3309
-
-
-
-
-
-
294
762
6353
6443
3309
-
-
-
-
-
-
-
-
294
867
859
7695
97
49
-
-
-
-

---
end log file


how can I add all the numbers without having those dashes causing a problem?

cheers,
Liam



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




RE: [PHP] Date Q

2002-05-09 Thread Martin Towell

if you insist in using your existing loop, try this (in pseudo-code)

min_date = some really large date (31-Dec-2100 maybe?)
max_date = some really small date (01-Jan-1970 maybe?)
while (row = fetch(result))
{
  if (curr_date > max_date)  max_date = curr_date
  if (curr_date < min_date)  min_date = curr_date
  ...
  // other code here
}


same logic can be used for numbers, strings, etc, etc.

-Original Message-
From: Miguel Cruz [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 10, 2002 3:13 PM
To: Jason Soza
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP] Date Q


On Thu, 9 May 2002, Jason Soza wrote:
> Thanks for the code, but I already have:
> $result = mysql_query("SELECT * FROM table");
> 
> And I use while ($row = mysql_fetch_array($result)) along with
extract($row)
> to get my data.
> 
> It's been my general understanding that querying twice in one script is
bad.
> How do I incorporate your code into my script w/o querying again?

What's bad is using more database queries than you need.

If you need to know two different things, query twice.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Re: why doesn't $books[$val][display] show the value

2002-05-09 Thread Peter J. Schoenster

On 9 May 2002 at 15:25, Philip Hallstrom wrote:

> It has to do with precedence (I think).  When inside a double quoted
> string PHP evalutes "$books[$val]" *first* and doesn't catch that
> there's more to it...
> 
> You can do this:
> 
> $html.= " Yaddda yadda " . $books[$val][display];
> 
> And I think this (or something close to it):
> 
> $html.= " Yaddda yadda {$books[$val][display]}";

Yes, I remember someone writing about "how good" it was to do that:

$html.= " Yaddda yadda " . $books[$val][display];

personally I hate it :) ... I use Template::Toolkit in Perl and I 
never muck about with html anything in my Perl. Someone once showed a 
template system in PHP but it required more than I was willing to try 
to do on my virtual server (had to install some Pear stuff on my 
local linux box and move it to my freebsd virtual server and hope :) 

Anyhow, thanks for the clues .. here is what I'm finding now:

http://www.php.net/manual/fi/language.operators.string.php

On the above page someone mentions what you do as well:

> "your choice is {$array['user']['choice']}"

odd thought that he single quoted the key names. I would have thought 
not since everything was in double quotes. Superflous? or necessary?  
Odd, imho. He also talks about better to single quote keys than 
double quote owing to bypassing the need to parse between the single 
quotes. 

He says:

> Generally programmers are better to use ' when ' is applicable to
> avoid parse overhead. For example, use $array['item'] rather than
> $array["item"]. Your script will be executed a bit faster.

I find leads here:

http://www.php.net/manual/en/language.types.string.php#language.types.
string.parsing

Where I see this example (in complex syntax section):

> // This is wrong for the same reason
> // as $foo[bar] is wrong outside a string. 
> echo "This is wrong: {$arr[foo][3]}"; 

there is no wrong reason above that example.

Note the single quote for the literal.  I myself prefer{} and I'll 
single quote all literals contained therein.

And then this is a nice page which kind of goes over the problem. 
I've got a dense head and don't fully understand it all.

http://www.zend.com/zend/tut/using-strings.php

Just following up with comments and links in case someone else gets 
bothered by this (got me for about 15 minutes before I just did what 
I did to get it to work)

Peter
-- http://www.readbrazil.com/
Answering Your Questions About Brazil


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Bandwidth monitoring {!?}

2002-05-09 Thread Miguel Cruz

On Fri, 10 May 2002, Liam MacKenzie wrote:
> I was wondering if anyone knows of a system that will keep track of the
> amount of bandwidth a site has used.
> For example, someone has webspace, but is limited to 1 gig of data transfer.
> Someone downloads a 500M file off their site, so they've obviously got 500M
> left.
> 
> Is there a script that can monitor this?

It should be recorded in the web server logs.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




RE: [PHP] Date Q

2002-05-09 Thread Miguel Cruz

On Thu, 9 May 2002, Jason Soza wrote:
> Thanks for the code, but I already have:
> $result = mysql_query("SELECT * FROM table");
> 
> And I use while ($row = mysql_fetch_array($result)) along with extract($row)
> to get my data.
> 
> It's been my general understanding that querying twice in one script is bad.
> How do I incorporate your code into my script w/o querying again?

What's bad is using more database queries than you need.

If you need to know two different things, query twice.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




RE: [PHP] Date Q

2002-05-09 Thread Jason Soza

Thanks for the code, but I already have:
$result = mysql_query("SELECT * FROM table");

And I use while ($row = mysql_fetch_array($result)) along with extract($row)
to get my data.

It's been my general understanding that querying twice in one script is bad.
How do I incorporate your code into my script w/o querying again?

-Original Message-
From: Jason Wong [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 09, 2002 8:59 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] Date Q


On Friday 10 May 2002 13:02, Jason Soza wrote:
> If I have a MySQL field full of dates and other info, and my PHP script
> displays all this, how would I isolate the min and max in the date field?
> Like I want to print something like:
>
> Information, from 01-03-2001 through 01-03-2002
>
> If someone could give me an example or point me to the manual section that
> describes this, that'd be great. Thanks!

   select min(datefield) as mindate, max(datefield) as maxdate from table;

--
Jason Wong -> Gremlins Associates -> www.gremlins.com.hk
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *

/*
QOTD:
The only easy way to tell a hamster from a gerbil is that the
gerbil has more dark meat.
*/


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Date Q

2002-05-09 Thread Jason Wong

On Friday 10 May 2002 13:02, Jason Soza wrote:
> If I have a MySQL field full of dates and other info, and my PHP script
> displays all this, how would I isolate the min and max in the date field?
> Like I want to print something like:
>
> Information, from 01-03-2001 through 01-03-2002
>
> If someone could give me an example or point me to the manual section that
> describes this, that'd be great. Thanks!

   select min(datefield) as mindate, max(datefield) as maxdate from table;

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.com.hk
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *

/*
QOTD:
The only easy way to tell a hamster from a gerbil is that the
gerbil has more dark meat.
*/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] Bandwidth monitoring {!?}

2002-05-09 Thread Liam MacKenzie

Hi all,

I was wondering if anyone knows of a system that will keep track of the
amount of bandwidth a site has used.
For example, someone has webspace, but is limited to 1 gig of data transfer.
Someone downloads a 500M file off their site, so they've obviously got 500M
left.

Is there a script that can monitor this?

Cheers,
Liam



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] Date Q

2002-05-09 Thread Jason Soza

If I have a MySQL field full of dates and other info, and my PHP script
displays all this, how would I isolate the min and max in the date field?
Like I want to print something like:

Information, from 01-03-2001 through 01-03-2002

If someone could give me an example or point me to the manual section that
describes this, that'd be great. Thanks!

Jason Soza


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Destroying Sessions

2002-05-09 Thread Chris Knipe

>   if ($VerifyPasword[ContactID] = $_SESSION['ContactID'])
>
> This statement is /always/ true if $_SESSION['ContactID'] is non-zero, or
> non-empty.
>
> If your code is copy-and-paste then the error is most likely because you
used
> a single 's' in $VerifyPasword[ContactID]. And also is better to
single-quote
> your array indices (see manual on arrays for reason):

GOD SAVE THE QUEEEN!!!

You're my hero!! Remind me to buy you a box of chocolates  Yes, I
haven't confirmed this, but the code is copy & paste, so you are right.
It's a freaking spelling mistake, and no, in after three days of battling
with this specific loop - I have not noticed it.

*makes  a eye test appointment to go for new glasses*

Thanks a MILION!!!


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] passing variables between php forms

2002-05-09 Thread Jason Wong

On Friday 10 May 2002 07:41, baldey_uk wrote:
> Hi sorry to annoy you AGAIN, but i cant seem to get it working i think
> its something to do with the order that i put things in:
>
>
> #end of html and start of php script
> 
>
> #Take the Variables from enterdetails.php that are posted from an html form
>
> $firstname=$_POST['txtFirstName'];
>
> $lastname=$_POST['txtLastName'];
>
> $email=$_POST['txtEmail'];
>
> $quantity=$_POST['txtJars'];
>
> $order_value=sprintf('%.2f', floatval($_POST['txtJars'])*7.0);
>
> echo '';
>
> ?>php
>
> # end of php script back into html
>
> Are your details correct?
> 
>  method="post">
> 
> 
>  action="updateaddress.php" method="post"> value="No ">
> 
> 
>
> If i put the echo or INPUT type outside of the php script this works, but
> obviously just returns a string '.$quantity.' and not waht the variable
> $quantity holds. This is extremely confusing. How do i get this php
> variable to be passed to the HTML so it can be posted  I thought the way i
> have it the echo would make the variable testvar available to the browser,
> and then i would be able to retrieve it by $_POST[testvar]; or
> $_POST[$testvar]; in either the confirm.php or updateaddress.php that the
> html posts to?

Your form element is outside the form so is invalid and ignored by the 
browser. What you need is something like:







And similarly for the second form.

But I hope you're only doing this as a test. If you're implementing some kind 
on online shopping thing then including the value of goods ordered on a form 
and relying on that value when someone posts the form is a VERY BAD thing. 
When the form is posted you should always re-calculate the value based on 
item and quantity.

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.com.hk
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *

/*
Every country has the government it deserves.
-- Joseph De Maistre
*/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Destroying Sessions

2002-05-09 Thread Jason Wong

On Friday 10 May 2002 10:52, Steve Buehler wrote:
>  Nokeep writing to the list.  Next time, you might actually

Good idea.

[snip]

> >What baffles me, is
> >
> > while ($VerifyPassword = mysql_fetch_array($PasswordCheckSQL)) {
> >   // Compare UserIDs
> >   if ($VerifyPasword[ContactID] = $_SESSION['ContactID']) {
> > $_SESSION['Authenticated'] = "True";
> > $AuthenticationFailure = "False";
> >   } else {
> > $_SESSION['Authenticated'] = "False";
> > $AuthenticationFailure = "True";
> >   }
> >
> >Works ($VerifiyPassword[ContactID] comes out of a MySQL Lookup,
> >$_SESSION['ContactID'] was previously, also looked up via a MySQL Query).
> >However, from what I understand in the documentation, in this case, the if
> >statement should be '==' in which case, it doesn't work ?!?!?!?!?!?!? 
> > This is exactly what I am talking about, and why it is so confusing. 
> > Everywhere, I use either a double =, or triple = in the if statements,
> > with a ! to use the is "not" true...  Only in this specific statement,
> > the only way I can get it to work, was with a single =.  Now what makes
> > that if statement so special over the others, that this one requires a
> > single = and not a double like all the other hundreds I have in my code?

What is confusing you is that the single equal sign /seems/ to work and is 
masking the real error(s) in your code.

  if ($VerifyPasword[ContactID] = $_SESSION['ContactID'])

This statement is /always/ true if $_SESSION['ContactID'] is non-zero, or 
non-empty.

If your code is copy-and-paste then the error is most likely because you used 
a single 's' in $VerifyPasword[ContactID]. And also is better to single-quote 
your array indices (see manual on arrays for reason):

  $VerifyPassword['ContactID']

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.com.hk
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *

/*
QOTD:
"A child of 5 could understand this!  Fetch me a child of 5."
*/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] gobbling replace

2002-05-09 Thread Analysis & Solutions

On Thu, May 09, 2002 at 11:39:34PM -0400, Analysis & Solutions wrote:
> On Thu, May 09, 2002 at 03:17:09PM -0400, Josh & Valerie McCormack wrote:
>
> >  6 123 123 123 123 123 123 John Smith 456 456 456 456 4
> 
> The odd replacement is due to the itterations for each record in the csv file

Pardon me, I meant to say "field" rather than "record."

--Dan

-- 
   PHP classes that make web design easier
SQL Solution  |   Layout Solution   |  Form Solution
sqlsolution.info  | layoutsolution.info |  formsolution.info
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7 Av #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] gobbling replace

2002-05-09 Thread Analysis & Solutions

On Thu, May 09, 2002 at 03:17:09PM -0400, Josh & Valerie McCormack wrote:
> I'm doing a str_replace (same thing happens with ereg and preg) and when 
> the pattern is found it's erasing everything after it and doing a 
> strange replace, too.
> 
> I'm using a seven column CSV (new_data.csv) where the first [0] column 
> is first name and the second [1] is last name. This is what I'm trying 
> to search for, and replace with with some characters on either side. So 
> it will find John Smith and replace it with 123 John Smith 456.
> 
> Here's the file I"m trying to do the replaces in (text.txt):
>  1 This is a test of the templating program. 
>  2 Here's hoping it's working. 
>  3 
>  4 
>  5
>  6 John Smith 
>  7
>  8 Peter Lem 
>  9
> 10 Shawn Adams 
> 
> Here's the program:
>  1   2 $row = 1;
>  3 $fp = fopen("new_data.csv", "r");
>  4 while ($data = fgetcsv ($fp, 1000, ",")) {
>  5 $num = count ($data);
>  6 $row++;
>  7 for ($c=0; $c < $num; $c++) {
>  8 $text   = fopen("text.txt", "r");
>  9 $merged = fopen("merged_text.html", "w");
> 10 $filecontents = fread($text,filesize("text.txt"));
> 11 $fullname = $data[0] . ' ' . $data[1];
> 12 $newfullname = "123 " .  $fullname . " 456";
> 13 $new_filecontents = str_replace($fullname, 
> $newfullname, $filecontents);
> 14 fwrite($merged,$new_filecontents);
> 15 fclose ($merged);
> 16 fclose ($text);
> 17 copy("merged_text.html", "text.txt");
> 18 }
> 19 }
> 20 fclose ($fp);
> 21 ?>
> 
> by the way, I know it's horribly ugly to open and close the file in the 
> loop like that, but when it was outside the loop no changes were saved.

Put ALL of the fopen()'s AND fread()'s before the while loop.

Put ALL of the fwrite()'s AND (unnecessary) fclose()'s after the end of the while 
loop.

The only thing you should be doing inside the loop is searching/replacing.  The while 
aspect will automaticall bring up the next names to be searching for.

That for loop shouldn't be there...


> Here's the ouput (merged_text.html):
>  1 This is a test of the templating program. 
>  2 Here's hoping it's working. 
>  3 
>  4 
>  5
>  6 123 123 123 123 123 123 John Smith 456 456 456 456 4

The odd replacement is due to the itterations for each record in the csv file caused
by mistakenly using that for loop.  Ditch it.

Enjoy,

--Dan

-- 
   PHP classes that make web design easier
SQL Solution  |   Layout Solution   |  Form Solution
sqlsolution.info  | layoutsolution.info |  formsolution.info
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7 Av #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Destroying Sessions

2002-05-09 Thread Chris Knipe

>  I am not an expert at PHP / MySQL.  To me it would sound like the
> one = is assigning the $VerifyPasword[ContactID] whatever is in
> $_SESSION['ContactID'] which would mean that the else part would never be
> executed.  Honestly though, there is a lot that I don't know.  I know very

I can't really agree with that (Although, you are more than likely right
It just sounds fishy for me that you can set two variables to the same value
inside a if statement, when a if statement is in fact there to rather
compare information - sort of, like a read-only state for the variables?)...
I'll keep my code here, and add / remove some debugging, and just let you
and the other's see what is actually going on here in regards to what
information the variables is actually caring and comparing...

Just to clarify myself above...
if ($var1 = $var2) { .

In my crazy head, I see $var1 and $var2 to be in a sort of "read-only" state
inside the () of the if statement.  For a if statement to be able to change
the values in that instance, would be wrong for me.  Afterall, the logic of
a if statement does go something in the lines of "if value equals value then
execute this, else, execute that" etc etc etc There's nothing in that
logic of setting or changing any values ?

Back to the matter at hand tho...

while ($VerifyPassword = mysql_fetch_array($PasswordCheckSQL)) {

echo "Session: " . $_SESSION['ContactID'] . ", DataBase: " .
$VerifyPassword[ContactID];
// In the browser, they are both returned as 1
//  Both the session and contact IDs are looked up from the same database,
through two
// different functions, they are the number from a auto_increment columb in
a table. And yes
// there is only one row in the table currently, the original selection is
done via a WHERE
// claues, and because there is only one row, both the $_SESSION and
$VerifiyPassword
// should thus return the same row number (auto_increment) because there is
only one
// row in the table?

  // Compare UserIDs
  if ($VerifyPasword[ContactID] = $_SESSION['ContactID']) {
$_SESSION['Authenticated'] = "True";
$AuthenticationFailure = "False";
// In this example, the if statement will exit here (which is
where it should exit)
  } else {
 $_SESSION['Authenticated'] = "False";
 $AuthenticationFailure = "True";
  }


// Now let's look at how I understand the if statement to be, and what
happens.  This is now,
// after I have confirmed above with the echo, that the two variables are in
fact the same...
if ($VerifyPassword[ContactID] == $_SESSION['ContactID']) {
  echo "they are the same";
} else {
  echo "if statement lied, and reported them as not being the same";
  // statement exists here.
}

if (($VerifyPassword[ContactID]) == ($_SESSION['ContactID'])) {
  echo "they are the same";
} else {
  echo "if statement lied, and reported them as not being the same";
  // statement exists here.
}

if (!($VerifyPassword[ContactID] == $_SESSION['ContactID'])) {
  echo "they are not the same";
  // statement exists here.
} else {
  echo "the same";
}

// Now, I force the data to not be the same...
$_SESSION['ContactID'] = "1000";
if ($VerifyPassword[ContactID] == $_SESSION['ContactID']) {
  echo "if statement lied, and reported them as being the same";
  // Statement exists here.
} else {
  echo "they are not the same";
}

What, on heavens name, is going on here :P  I'm not going to ditch PHP or
anything like that, I know that it definately is something that I am doing
wrong.  The problem is, I don't know what I'm doing wrong.  99.99% if all my
statements used in my PHP applications, uses == or === (if I know 100% that
I am comparing data of the same type).  This one specific one, refuses to
operate :-(  And it's starting to annoy me now very much to say the
least :-(

--
me




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Destroying Sessions

2002-05-09 Thread Steve Buehler

 Nokeep writing to the list.  Next time, you might actually 
give the example like you did here so that, hopefully someone will be able 
to answer you better (I have a problem of not including enough 
myself).  The first question, in itself, sounded like a basic question.  I 
would be surprised if you didn't get a lot of heckling about it.  I tried 
to keep my answer from sounding bad to you the first time because I have 
been there and still am there.  Most of us have, but some won't admit 
it.  Sometimes I forget it too. :)
 I am not an expert at PHP / MySQL.  To me it would sound like the 
one = is assigning the $VerifyPasword[ContactID] whatever is in 
$_SESSION['ContactID'] which would mean that the else part would never be 
executed.  Honestly though, there is a lot that I don't know.  I know very 
little compared to how much I don't know.  So I will also post this to the 
list and hopefully someone will know the answer to this.

At 08:09 PM 5/9/2002, "Chris Knipe" <[EMAIL PROTECTED]> wrote:
>I don't want to keep flooding the mailing lists now with my crap, and I do
>hope you don't mind me emailing you privately, but these if statements are
>annoying to say the lease.
>
> >From what I read on php.net (as well as on various other documents for other
>languages like C, and Perl), I am using if statements correctly - syntax
>wise at least.
>
>What baffles me, is
>
> while ($VerifyPassword = mysql_fetch_array($PasswordCheckSQL)) {
>   // Compare UserIDs
>   if ($VerifyPasword[ContactID] = $_SESSION['ContactID']) {
> $_SESSION['Authenticated'] = "True";
> $AuthenticationFailure = "False";
>   } else {
> $_SESSION['Authenticated'] = "False";
> $AuthenticationFailure = "True";
>   }
>
>Works ($VerifiyPassword[ContactID] comes out of a MySQL Lookup,
>$_SESSION['ContactID'] was previously, also looked up via a MySQL Query).
>However, from what I understand in the documentation, in this case, the if
>statement should be '==' in which case, it doesn't work ?!?!?!?!?!?!?  This
>is exactly what I am talking about, and why it is so confusing.  Everywhere,
>I use either a double =, or triple = in the if statements, with a ! to use
>the is "not" true...  Only in this specific statement, the only way I can
>get it to work, was with a single =.  Now what makes that if statement so
>special over the others, that this one requires a single = and not a double
>like all the other hundreds I have in my code?
>
>:)  Thanks.
>
>--
>me
>
>
>- Original Message -
>From: "Steve Buehler" <[EMAIL PROTECTED]>
>To: "Chris Knipe" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
>Sent: Thursday, May 09, 2002 11:04 PM
>Subject: Re: [PHP] Destroying Sessions
>
>
> > Best bet is to go to any book store that carries programming books and
>pick
> > up a book on PHP.  There are so many different things that you need to
>know
> > that nobody can mention them all here.  The other option is to go to
> > http://www.php.net and read everything the site has.
> > $var = $value
> > assigns $value to the variable $var.
> > $var == $value
> > tests to see if $var and $value are equal.
> >
> > Steve
> >
> > At 07:00 PM 5/8/2002, Chris Knipe wrote:
> > >Nevermind
> > >
> > >For it sorted...   Does anyone have any reference to any documentation on
> > >how to use if statements properly?
> > >
> > >I know this sounds silly now, but when exactly do you use $var = $value,
>or
> > >$var == $value, and all the other operators?
> > >
> > >I'd really like to read up on this if someone can point me to a good
> > >reference... I'm having the same type of situations with Perl as well...
> > >Maybe it's just be who is stupid here... But hey, I'm trying :)
> > >
> > >--
> > >me
> > >
> > >
> > >- Original Message -
> > >From: "Chris Knipe" <[EMAIL PROTECTED]>
> > >To: <[EMAIL PROTECTED]>
> > >Sent: Thursday, May 09, 2002 1:43 AM
> > >Subject: [PHP] Destroying Sessions
> > >
> > >
> > > > Hi all,
> > > >
> > > > Need some more help here unfortunately.  This time, I did check the
> > >manual,
> > > > and well, I'm not to sure what I'm doing wrong...
> > > >
> > > > From a global (shared) script, I start a session
> > > >
> > > > 
> > > >
> > > > I register session data, and use them throughout the site
> > > >
> > > > 
> > > >
> > > > Now, how on earth do I destroy that session?
> > > >
> > > >  > > >   include('../include/functions.inc');
> > > >   session_unset();
> > > >   $_SESSION = array();
> > > >   session_destroy();
> > > >   header ("Location: /index.php");
> > > > ?>
> > > >
> > > > I've tried all of that, to no prevail, the session remains, and my
>values
> > > > registered in $_SESSION['whatever'] still remains??
> > > >
> > > > Any help / pointers, much needed and appreciated.
> > > >
> > > > --
> > > > me
> > > >
> > > >
> > > >
> > > > --
> > > > PHP General Mailing List (http://www.php.net/)
> > > > To unsubscribe, visit: h

RE: [PHP] Genus who came up with "Self Destruct Code" & "Copy Pro tection"

2002-05-09 Thread David Freeman


 > Obviously most coders are in the middle ground.
 > They are not writing "the killer app of all time"
 > but is of significant value.  I don't know what
 > people on here are charging but I can't add $2880
 > a year to my overhead for the zend encoder.  Plus
 > add $1875 per cpu for the zend accelerator for
 > each project.

My personal opinion is that your code is either worth "protecting" or
it's not.  If it's worth "protecting" then that protection comes at a
price.  Sorry, commercial reality time here.  If you are going to
operate on a commercial basis then you have commercial decisions to
make.  This is one of them.

 > So you're bidding for a project and the guy asks,
 > "Let me get this straight, you're charging me more
 > then everyone else and I won't be able to edit the
 > code?"  I think you would simply pricing yourself
 > out of the market.

If that's what you're going to do then yes.  Ask yourself what people
like ISC (the people who do bind and sendmail do to make a living -
after all they have seriously commercial quality products available for
free) or people like RedHat (who give away their linux distro for nix if
you want to download it, or pay a small fee to whatever company
downloads it and sells CD-R burns of the iso's).  People can, and do,
make money giving away their code.

When you figure out how they are doing it, and the philosophy behind it,
then maybe that will ease these fears.

I can pretty much guarantee that if you come up with a "killer app" in
php that no matter how protected it is you will not be the only one with
a version of "killer app" for long.  Someone else will come along and
write something similar - if that person does it open source then
there's also a fair chance it will end up being better than your product
due to shear weight of numbers contributing to it.

In the end all this, and more, are your decisions.  Of course, if you
choose not to do this commercially then it's a whole different setup
with different goals and so on.

For the record, I pretty much release what I do to anyone who wants it.
Not that my efforts are of a standard that they are worth all that much
per se - they are often fairly specific to the project at hand and not
overly portable (in their released format).

I do have one intranet application under development for my own business
that may well end up with a strong commercial basis but it will never be
a single product but part of a much larger package my business is
currently planning.  Even then, the code associated with that project
may end up open sourced in some way.

Let's face it, there's even a move to replicate the zend encoder in open
source.

As has already been said, there also has to be a level of trust between
you and your client(s) if you are going to do business with them.  If
your clients see you as overly paranoid about your work they may end up
not wanting to deal with you anyway.

If you're that paranoid about losing control of your work offer it on a
"complete solution" basis - either you host it on a machine that they
have no "back end" access to or you provide the hardware as well as the
software and have it locked out in such a way that the code is not
easily "stolen".  Although, even here you'll sooner or later be
compromised I would think.

CYA, Dave



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] Array loop help

2002-05-09 Thread CDitty

Can someone offer any help with the code below? I have a cookie that is
set and is separated by pipes (|). For each segment, I have to look up
the id in a text file. I can loop through the cookie and get each segment,
but when I open the text file and loop through it, it only matches the
first segment.

Any help is appreciated.

";
 }
 }
 fclose($fd);
}
?>

Thanks

Chris



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] multiple db, multiple table join

2002-05-09 Thread Miguel Cruz

This really isn't a PHP question at all. Anyway, you just need to give 
nicknames to multiple instances of the same table (here I use e1 and e2). 
Something like...

  select order_id, e1.last_name, e2.last_name
  from tools.orders, hr.emp_master e1, hr.emp_master e2
  where orders.emp_id=e1.emp_id
  and orders.approved_by=e2.emp_id;

miguel

On Thu, 9 May 2002, Dan Vande More wrote:
> Good evening all,
> I have a strange situation which I cannot think myself out of. To make
> it simple my db looks like this
> (hr db, emp_master table)
> ++---+
> | emp_id | last_name |
> ++---+
> |  1 | smith   |
> |  3 | wesson|
> |  4 | doe |
> |  6 | clinton |
> |  7 | bush  |
> ++---+
> (tools db, orders table)
> ++-+-+
> | order_id | emp_id |approved_by |
> ++-+-+
> |  1 |   1|   6 |
> |  2 |   4|   7 |
> |  3 |   3|   4 |
> |  4 |   7|   3 |
> |  5 |   6|   1 |
> ++-+-+
> I want my query results to be similiar to this:
> if I'm selecting all, this is what I want:
> 1 smith clinton
> 2 doe   bush
> 3 wesson  doe
> 4 bush   wesson
> 5 clintonsmith
> It seems so easy, but I've tried hard and cannot get it to work I've
> been going along the lines (changed several times) of
> Select tools.orders.order_id, hr.emp_master.last_name as ordered_by,
> hr.emp_master.last_name as approved_by from tools.orders, hr.emp_master
> where ((tools.orders.emp_id=hr.emp_master.emp_id) and
> (tools.orders.approved_by=hr.emp_master.emp_id))
>  
> (I hope I wrote that right, it was freehand, not in db)
> Thank you for any direction you can give me!
> Dam
>  
>  
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




RE: [PHP] Genus who came up with "Self Destruct Code" & "Copy Pro tection"

2002-05-09 Thread SP

Obviously most coders are in the middle ground.
They are not writing "the killer app of all time"
but is of significant value.  I don't know what
people on here are charging but I can't add $2880
a year to my overhead for the zend encoder.  Plus
add $1875 per cpu for the zend accelerator for
each project.

So you're bidding for a project and the guy asks,
"Let me get this straight, you're charging me more
then everyone else and I won't be able to edit the
code?"  I think you would simply pricing yourself
out of the market.



-Original Message-
From: David Freeman
[mailto:[EMAIL PROTECTED]]
Sent: May 9, 2002 5:24 PM
To: [EMAIL PROTECTED]
Subject: RE: [PHP] Genus who came up with "Self
Destruct Code" & "Copy
Pro tection"



 > I was talking in general. The BBS was simply an
example to
 > make things clearer. I am *not* developing a BB
system!
 > If you want you can think of a immaginary tool
that makes
 > a website load twice as fast, need the half web
 > space and makes the website look nicer, of
course at lower

OK, if you're producing something with a
significant commercial value
then spring for the dollars to pay for zend
encoder and use it.  Seems
like some people want it both ways - my code is
different and unique and
has commercial value in and of itself but I'm not
prepared to spend real
dollars to protect it, I want free code to do
that.

I suspect that many people in this situation have
an overly high opinion
of their code and, in reality, there are open
source or free
alternatives that do much the same (albeit elegant
and easily
customisable or whatever) and, as such, not worth
spending the money on
zend.

CYA, Dave



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
http://www.php.net/unsub.php



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Multiple File Download

2002-05-09 Thread Steven Walker

Miguel,

Thanks for following up. I got the zip functions all working last night. 
I deconstructed a zip file created by ZipIt and was able to discover 
where the PHP class was going wrong. Basically, there is a segment 
called 'data descriptor' that was being written into the file without 
the proper bit flag set. I posted a brief message on the Zend site on 
the zip file article stating what I found.

I still have some testing to do to make sure this is all going to work 
out, but it looks very promising.

Thanks for offering your help!

Steven J. Walker
Walker Effects
www.walkereffects.com
[EMAIL PROTECTED]

On Thursday, May 9, 2002, at 02:19  PM, Miguel Cruz wrote:

> Any luck? I started playing with it but then ran into the fact that we
> don't have the gz functions compiled into our PHP. Before I really dug 
> in,
> thought I'd check whether you got it working.
>
> miguel
>
> On Tue, 7 May 2002, Steven Walker wrote:
>
>> Miguel,
>>
>> That is very nice of you! I found the zip class on the Zend website:
>>  http://www.zend.com/codex.php?id=696&single=1
>>
>> and here is an article pertaining to zip file creation:
>>  http://www.zend.com/zend/spotlight/creating-zip-files3.php
>>
>> When I try to open the php created zip file with Stuffit Expander, I 
>> get
>> the following message:
>>  "Unknown zip header format encountered. This operation cannot
>> continue."
>>
>> However, Zipit opens the archive fine. If I resave the archive from
>> Zipit, then Stuffit will read it without error. So far I have compared
>> the two files (the one created by php, and the one saved from Zipit).
>> The basic compressed data matches, but there definitely is a difference
>> in header structures.
>>
>> I have downloaded the zip file format specs, but am still pulling my
>> hair out trying to figure out what all the different parts are. I am 
>> not
>> accustomed to working with hex data, so that to is making it hard.
>>
>> I appreciate you taking the time to help! Thank you!
>>
>>
>> On Tuesday, May 7, 2002, at 12:39  PM, Miguel Cruz wrote:
>>
>>> Is it possible it's just a MIME type thing? Let me know how to find 
>>> the
>>> class you're using and I'll try to play with it this afternoon.
>>>
>>> miguel
>>>
>>> On Tue, 7 May 2002, Steven Walker wrote:
 You are right. I am testing this out now using a zip class I got
 through
 the Zend website. However, Stuffit Expander does not like the zip 
 files
 created by php. I am able to open the zip archive through Zipit just
 fine, and Stuffit Expander opens the Zipit files ok. So now I am 
 trying
 to figure out how to modify the php zip class to make a zip archive
 that
 Stuffit will read.

 Any thoughts?


 On Tuesday, May 7, 2002, at 11:39  AM, Miguel Cruz wrote:

> On Tue, 7 May 2002, Steven Walker wrote:
>> Does anyone know a way to download multiple files with a php
>> script? I
>> have 26 software products that can be purchased individually and I
>> want
>> to make the download process easier. I have looked into dynamically
>> creating zip files, but it is problematic for Mac users (which
>> account
>> for a large part of my user base).
>
> Are you sure it's a problem for your Mac users? Stuffit Expander,
> which
> has come with all Macs for a while now and which is pretty much an
> essential tool for everyone, handles zip files just fine.
>
> miguel
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


>>>
>>
>>
>>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] multiple db, multiple table join

2002-05-09 Thread Dan Vande More

Good evening all,
I have a strange situation which I cannot think myself out of. To make
it simple my db looks like this
(hr db, emp_master table)
++---+
| emp_id | last_name |
++---+
|  1 | smith   |
|  3 | wesson|
|  4 | doe |
|  6 | clinton |
|  7 | bush  |
++---+
(tools db, orders table)
++-+-+
| order_id | emp_id |approved_by |
++-+-+
|  1 |   1|   6 |
|  2 |   4|   7 |
|  3 |   3|   4 |
|  4 |   7|   3 |
|  5 |   6|   1 |
++-+-+
I want my query results to be similiar to this:
if I'm selecting all, this is what I want:
1 smith clinton
2 doe   bush
3 wesson  doe
4 bush   wesson
5 clintonsmith
It seems so easy, but I've tried hard and cannot get it to work I've
been going along the lines (changed several times) of
Select tools.orders.order_id, hr.emp_master.last_name as ordered_by,
hr.emp_master.last_name as approved_by from tools.orders, hr.emp_master
where ((tools.orders.emp_id=hr.emp_master.emp_id) and
(tools.orders.approved_by=hr.emp_master.emp_id))
 
(I hope I wrote that right, it was freehand, not in db)
Thank you for any direction you can give me!
Dam
 
 



Re: [PHP] passing variables between php forms

2002-05-09 Thread Bogdan Stancescu

What exactly goes wrong? Indeed, you _should_ have $_POST["testvar"] 
available in the next page... The only problem I see is that you first 
echo the input and only then do you start the forms... which is an HTML 
problem, not a PHP one.

Bogdan

baldey_uk wrote:

>Hi sorry to annoy you AGAIN, but i cant seem to get it working i think
>its something to do with the order that i put things in:
>
>
>#end of html and start of php script
>
>
>#Take the Variables from enterdetails.php that are posted from an html form
>
>$firstname=$_POST['txtFirstName'];
>
>$lastname=$_POST['txtLastName'];
>
>$email=$_POST['txtEmail'];
>
>$quantity=$_POST['txtJars'];
>
>$order_value=sprintf('%.2f', floatval($_POST['txtJars'])*7.0);
>
>echo '';
>
>?>php
>
># end of php script back into html
>
>Are your details correct?
>
>method="post">
>
>
>action="updateaddress.php" method="post">value="No ">
>
>
>
>If i put the echo or INPUT type outside of the php script this works, but
>obviously just returns a string '.$quantity.' and not waht the variable
>$quantity holds. This is extremely confusing. How do i get this php variable
>to be passed to the HTML so it can be posted  I thought the way i have it
>the echo would make the variable testvar available to the browser, and then
>i would be able to retrieve it by $_POST[testvar]; or $_POST[$testvar]; in
>either the confirm.php or updateaddress.php that the html posts to?
>
>Yet again thanks in advance for any help.
>
>Confused
>
>Cheers From
>
>baldey_uk
>
>
>




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] DOMXML in 4.2.0 problems

2002-05-09 Thread Thalis A. Kalfigopoulos

I'm trying to get DOMXML to work with PHP4.2.0. I've compiled with --with-dom and 
phpinfo() says it's there:
DOM/XML enabled
libxml Version 2.4.18
HTML Support enabled
XPath Support enabled
XPointer Support enabled

The following program though doesn't seem to work:

$xmlstring='a valid xml document here';
$domdoc=xmldoc($xmlstring);
$root=$doc->document_element();  <--- throw error

I get an error regarding the call to DomDocument->document_element(). Also I'm forced 
to use xmldoc() instead of the newer domxml_open_mem() because it is also not 
recognized. What am I missing?

thanks in advance,
Thalis


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] DOMXML......aaaahhhhhhhh!!!!!!!!!!!!!!!!!!!!!!!!!!!

2002-05-09 Thread Jarrad Kabral

Im tearing my hair out over how buggy DOMXML is!

Im trying to get my Hosting provider to update to PHP 4.2 cause I hear alot
of memory leaks for DOMXML are dealt with in this versioncan anyone who
has 4.2 confirm or deny this??


Thanking you all in advance
Jarrad Kabral

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] passing variables between php forms

2002-05-09 Thread baldey_uk

Hi sorry to annoy you AGAIN, but i cant seem to get it working i think
its something to do with the order that i put things in:


#end of html and start of php script
';

?>php

# end of php script back into html

Are your details correct?








If i put the echo or INPUT type outside of the php script this works, but
obviously just returns a string '.$quantity.' and not waht the variable
$quantity holds. This is extremely confusing. How do i get this php variable
to be passed to the HTML so it can be posted  I thought the way i have it
the echo would make the variable testvar available to the browser, and then
i would be able to retrieve it by $_POST[testvar]; or $_POST[$testvar]; in
either the confirm.php or updateaddress.php that the html posts to?

Yet again thanks in advance for any help.

Confused

Cheers From

baldey_uk



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] External authentication and PHP_AUTH_PW containing plaintext password

2002-05-09 Thread Rasmus Lerdorf

The code is pretty obvious in sapi/apache/mod_php4.c in the
init_request_info() function.

On Thu, 9 May 2002, Lenny Miceli wrote:

> I've tried to search the archives/bug reports/faq's and didn't find any
> definitive answers on the security issue dealing with the plain text password
> being kept in PHP_AUTH_PW even when you use external authentication.  Since
> it seems like the developers haven't answered any of the bug reports related
> to this issue, what has anyone done to remove this security issue of being
> able to grab user's passwords.  It seems in an older version of php you
> could (to quote the older manual):
>
> [Begin quote]
> Note however that the above does not prevent someone who controls a
> non-authenticated URL from stealing passwords from authenticated URL's on the
> same server. The PHP_AUTH_VARS define in php.h can be undefined to make sure
> that these variables will never be set and thus disable anybody from using
> mod_php to try to steal passwords.
> [End quote]
>
> Since it seems that variable (PHP_AUTH_VARS) doesn't exist any longer an
> admin can't use that method any longer.  Can someone please mail me what they
> modified in the code or configured to disable this *feature* of external
> passwords being kept in PHP_AUTH_PW.  I do NOT mind at all disabling PHP
> authentication entirely since we only use external authentication.
>
> Please mail me directly since I'm not on this list.
>
> Thanks for your time,
>   Lenny Miceli
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] register_globals in php4

2002-05-09 Thread Miguel Cruz

On Thu, 9 May 2002, Kevin Stone wrote:
>> If register_globals is off, then you'll get $_GET['id'] = 3 and
>> $_GET['sex'] = female. It's then up to you to make sure those are okay.
>> But at least $id and $sex won't get set until you explicitly set them in
>> your code.
> 
> Hmm.  No offense Miguel, but I don't believe turning Registered Globals off
> will have any effect on security.

If all programmers were perfect, very few security mechanisms would be 
necessary.

But they aren't, so things like this just make it a little bit easier to 
create secure software.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] Re: why doesn't $books[$val][display] show the value

2002-05-09 Thread Philip Hallstrom

It has to do with precedence (I think).  When inside a double quoted
string PHP evalutes "$books[$val]" *first* and doesn't catch that there's
more to it...

You can do this:

$html.= " Yaddda yadda " . $books[$val][display];

And I think this (or something close to it):

$html.= " Yaddda yadda {$books[$val][display]}";

On Thu, 9 May 2002, Peter J. Schoenster wrote:

> Hi,
>
> I've got an array like the following:
>
>   $books = array(
>   "1572316217" => array(
>   category=> 'tech',
>   display => 'Steve McConnell\'s Software Project 
>Survival Guide',
>   href=>
> 'http://www.amazon.com/exec/obidos/ASIN/1572316217/readbrazil07-20',
>   title   => 'Steve McConnell\'s Software Project 
>Survival Guide',
>   width   => '71',
>   height  => '90',
>   src => 
>'/images/1572316217.01.TZZZ.jpg',
>   vspace  => '3',
>   alt => 'Steve McConnell\'s Software 
>Project Survival Guide',
>   hspace  => '3',
>   comments=> "",
>   ),
>
> $books = $AfiliateLinkBuilder->get_books();
> srand ((float) microtime() * 1000);
> $rand_keys = array_rand ($books, 2);
>
> while (list ($key, $val) = each ($rand_keys)) {
>   $display = $books[$val][display];
>
> Why do I have to do this:
>   $display = $books[$val][display];
>
> rather than
>
> $html.= " Yaddda yadda $books[$val][display]";
>
>  $books[$val][display] in the double quotes only shows display. I
> thought that within double quotes I don't use double quotes for
> elements ... ? What's the rule on this. I could do the above in Perl.
>
> Thanks,
>
> Peter
>
>
> -- http://www.readbrazil.com/
> Answering Your Questions About Brazil
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] register_globals in php4

2002-05-09 Thread Kevin Stone

- Original Message -
From: "Miguel Cruz" <[EMAIL PROTECTED]>
To: "Patrick Hsieh" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, May 09, 2002 11:52 AM
Subject: Re: [PHP] register_globals in php4


> On Fri, 10 May 2002, Patrick Hsieh wrote:
> > php4.1 recommends to set register_globals=off in php.ini to make php
> > more strict.  My question is, if I turn off register_globals, what will
> > happen if any malicious user just try to modify the variable values in
> > the url? Say,
> >
> > http://www.domain.com/xxx.php?id=3&sex=female
> >
> > Does it work if user just change the value in the URL directly and send
> > the url directly to web server?
> >
> > How can we avoid the malicious attack by directly http GET/POST with
> > modified parameter values to make possible system error or compromise?
>
> If register_globals is off, then you'll get $_GET['id'] = 3 and
> $_GET['sex'] = female. It's then up to you to make sure those are okay.
> But at least $id and $sex won't get set until you explicitly set them in
> your code.
>
> miguel
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php


Hmm.  No offense Miguel, but I don't believe turning Registered Globals off
will have any effect on security.  Turning Registered Globals off just
provides a more strict environment for coding.  Example..

If the url were http://www.dom.com/index.php?password=xuUaB67sf


 .. is no more or less secure than..


> > How can we avoid the malicious attack by directly http GET/POST with
> > modified parameter values to make possible system error or compromise?

Security in this regard has everything to do with ensuring that the input
you're recieving is what you expect.  Some good tips would be to define
maximum string lengths, check for legal variable types, and look for invalid
characters.  If something doesn't look right then you simply don't allow the
request to proceed.  Example..

 $max_len)
return FALSE;
elseif (gettype($str) != "string")
return FALSE;
elseif (eregi(/whatever you think might be invalid/, $str));
return FALSE;
else
return TRUE;
}

if (validate($password))
{
echo $password;
}
else
{
echo "INVALID INPUT";
exit;
}
?>

Generally speaking this will be more than adequate.  But if you want to get
serious then you can record a timestamp and IP/domain  for every transaction
on your website then auto-block any user spamming your system.  For example,
if someone is trying out passwords over and over again, after 3 consecutive
tries your system could block the transaction and print out a warning.
After 3 batches of 3 consecutive tries the system could block the user and
email you a notice.  But becuase this user information can be faked the most
sophisticated systems.. the ones that corporations install behind their
firewalls and cost $20,000 for the installation alone, actually record and
analyze patterns of behavior using neural net software.

-Kevin



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] why doesn't $books[$val][display] show the value

2002-05-09 Thread Peter J. Schoenster

Hi,

I've got an array like the following:

$books = array(
"1572316217" => array(
category=> 'tech',
display => 'Steve McConnell\'s Software Project 
Survival Guide',
href=> 
'http://www.amazon.com/exec/obidos/ASIN/1572316217/readbrazil07-20',
title   => 'Steve McConnell\'s Software Project 
Survival Guide',
width   => '71',
height  => '90',
src => 
'/images/1572316217.01.TZZZ.jpg',
vspace  => '3',
alt => 'Steve McConnell\'s Software 
Project Survival Guide',
hspace  => '3',
comments=> "",
),

$books = $AfiliateLinkBuilder->get_books();
srand ((float) microtime() * 1000);
$rand_keys = array_rand ($books, 2);

while (list ($key, $val) = each ($rand_keys)) {  
$display = $books[$val][display];

Why do I have to do this:
$display = $books[$val][display];

rather than 

$html.= " Yaddda yadda $books[$val][display]";

 $books[$val][display] in the double quotes only shows display. I 
thought that within double quotes I don't use double quotes for 
elements ... ? What's the rule on this. I could do the above in Perl.

Thanks,

Peter


-- http://www.readbrazil.com/
Answering Your Questions About Brazil


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] register_globals in php4

2002-05-09 Thread 1LT John W. Holmes

- Original Message -
From: "Patrick Hsieh" <[EMAIL PROTECTED]>
> Hello list,
>
> php4.1 recommends to set register_globals=off in php.ini to make php
> more strict.  My question is, if I turn off register_globals, what will
> happen if any malicious user just try to modify the variable values in
> the url? Say,

The variables will get passed just like normal. You have no way of telling
if the values actually came from a form or if the user manipulated the data.
This goes for GET, POST, and COOKIE data.

> How can we avoid the malicious attack by directly http GET/POST with
> modified parameter values to make possible system error or compromise?

You can't stop it. The user can send anything to your site. It's up to you
to validate the data and make sure it's what it's supposed to be.

At least with register_globals = off, when you use $_GET["var"], you know
it's coming from the URL (or a GET form). Same thing with _POST, _SESSION,
and _COOKIE, etc. You know where the data should be coming from. You still
have to validate it. W/o register globals, you just use $var and have no
idea where it's coming from. You may think it's coming from a posted form,
but the user actually passed it in the url. Or, you use $var2, not expecting
it to come from the user at all, but the user passes it in the URL and it
overwrites $var2.

register_globals isn't always "bad". It just allows for more errors and
holes with it on if you're not careful.

---John Holmes...


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] External authentication and PHP_AUTH_PW containing plain text password

2002-05-09 Thread Lenny Miceli

I've tried to search the archives/bug reports/faq's and didn't find any
definitive answers on the security issue dealing with the plain text password
being kept in PHP_AUTH_PW even when you use external authentication.  Since
it seems like the developers haven't answered any of the bug reports related
to this issue, what has anyone done to remove this security issue of being
able to grab user's passwords.  It seems in an older version of php you
could (to quote the older manual):

[Begin quote]
Note however that the above does not prevent someone who controls a
non-authenticated URL from stealing passwords from authenticated URL's on the
same server. The PHP_AUTH_VARS define in php.h can be undefined to make sure
that these variables will never be set and thus disable anybody from using
mod_php to try to steal passwords.
[End quote]

Since it seems that variable (PHP_AUTH_VARS) doesn't exist any longer an
admin can't use that method any longer.  Can someone please mail me what they
modified in the code or configured to disable this *feature* of external
passwords being kept in PHP_AUTH_PW.  I do NOT mind at all disabling PHP
authentication entirely since we only use external authentication.

Please mail me directly since I'm not on this list.

Thanks for your time,
  Lenny Miceli

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] Is there any way to change the process user (logon user) for a running script??

2002-05-09 Thread Jeffrey D. Means

I have come across a situation where I need to temporarly change the user
profile in the middle of a script.  I would prefer to do this than to change
ownership of files to allow the script to be able to read them.  I don't
know whose files I will be reading when the script runs, however I need to
be able to read files from /home/*/Mail on a user by user basis.  Is this
possible??

Jeff Means
CIO for PicoTech.NET


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] Re: multi-dimensional array

2002-05-09 Thread J Smith


You can't set an array subscript using an array; it should be a numerical 
value or a string. 

What you want to do is 

$division[$div_id] = $array;

Better yet, try:

$divison[$div_id] = mysql_fetch_array($result, MYSQL_ASSOC);

J


Steve Buehler wrote:

> I am trying to learn some new things in the hopes that it would help me
> with my mysql/PHP programming.  The following code gives me an error: "
> Warning: Illegal offset type in z.php on line 25 ".
> 
> $result=mysql_query("SELECT * FROM division");
> while(($row=mysql_fetch_object($result))){
> $div_id=$row->div_id;
> $array=array("sub1" => $row->sub1,
>  "sub1d" => $row->sub1d,
>  "sub2" => $row->sub2,
>  "sub2d" => $row->sub2d,
>  "sub3" => $row->sub3,
>  "sub3d" => $row->sub3d,
>  "sub4" => $row->sub4,
>  "sub4d" => $row->sub4d,
>  "sub5" => $row->sub5,
>  "sub5d" => $row->sub5d,
>  "game_length" => $row->game_length);
> // The following is the line 25
> $division[$div_id][$array]=array();
> }
> 
> What I am trying to do is to be able to later call
> $division[$div_id][sub5]
> etc...  I sure hope that this can be done.  If not, I will just have to
> stick with temporary tables.
> 
> Thanks
> Steve


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




RE: [PHP] problems with

2002-05-09 Thread David Freeman


 > a table with several contents, and I have a form on every 
 > row, the problem is that the form is to big, so the tab le 
 > looks ugly, I tried with everything I could come up with, 

The  tags imply a break which adds space vertically.  It's
contrary to doing good html and will most likely cause errors in an html
validator but about the only way I've found to get around it is to bury
your  somewhere that the implied break won't do anything.
If you're using a table then between the  and  or between
 and  is a pretty good place.

CYA, Dave



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




RE: [PHP] Genus who came up with "Self Destruct Code" & "Copy Pro tection"

2002-05-09 Thread David Freeman


 > I was talking in general. The BBS was simply an example to 
 > make things clearer. I am *not* developing a BB system! 
 > If you want you can think of a immaginary tool that makes 
 > a website load twice as fast, need the half web 
 > space and makes the website look nicer, of course at lower 

OK, if you're producing something with a significant commercial value
then spring for the dollars to pay for zend encoder and use it.  Seems
like some people want it both ways - my code is different and unique and
has commercial value in and of itself but I'm not prepared to spend real
dollars to protect it, I want free code to do that.

I suspect that many people in this situation have an overly high opinion
of their code and, in reality, there are open source or free
alternatives that do much the same (albeit elegant and easily
customisable or whatever) and, as such, not worth spending the money on
zend.

CYA, Dave



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] Solved:->Simple array question (Walker,Cruz)

2002-05-09 Thread r

Hey guys,
Just wanted to let you know
Thanks for the help and solving my problem.
I posted that mail and 10 minutes later i got my answer...are these guys
(Matthew walker,Miguel cruz) helpful or what?
Helpful,kind people,quick answers this list is great, but its only the
people who make the listand a thumbs up to you people.
-Ryan.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] multi-dimensional array

2002-05-09 Thread Miguel Cruz

Line 25 looks like this:

   $division[$div_id][$array]=array();

The first subscript to division is $div_id, which is fine.

The second one is $array, which is an array. That doesn't make any sense. 
Array keys have to be strings or numbers. You'd have to create a separate 
array at each subscript of $division[$div_id] ...

  foreach ($array as $k => $v)
$division[$div_id][$k] = array();

miguel

On Thu, 9 May 2002, Steve Buehler wrote:
> I am trying to learn some new things in the hopes that it would help me 
> with my mysql/PHP programming.  The following code gives me an error: " 
> Warning: Illegal offset type in z.php on line 25 ".
> 
> $result=mysql_query("SELECT * FROM division");
> while(($row=mysql_fetch_object($result))){
> $div_id=$row->div_id;
> $array=array("sub1" => $row->sub1,
>  "sub1d" => $row->sub1d,
>  "sub2" => $row->sub2,
>  "sub2d" => $row->sub2d,
>  "sub3" => $row->sub3,
>  "sub3d" => $row->sub3d,
>  "sub4" => $row->sub4,
>  "sub4d" => $row->sub4d,
>  "sub5" => $row->sub5,
>  "sub5d" => $row->sub5d,
>  "game_length" => $row->game_length);
> // The following is the line 25
> $division[$div_id][$array]=array();
> }
> 
> What I am trying to do is to be able to later call $division[$div_id][sub5] 
> etc...  I sure hope that this can be done.  If not, I will just have to 
> stick with temporary tables.
> 
> Thanks
> Steve
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Multiple File Download

2002-05-09 Thread Miguel Cruz

Any luck? I started playing with it but then ran into the fact that we 
don't have the gz functions compiled into our PHP. Before I really dug in, 
thought I'd check whether you got it working.

miguel

On Tue, 7 May 2002, Steven Walker wrote:

> Miguel,
> 
> That is very nice of you! I found the zip class on the Zend website:
>   http://www.zend.com/codex.php?id=696&single=1
> 
> and here is an article pertaining to zip file creation:
>   http://www.zend.com/zend/spotlight/creating-zip-files3.php
> 
> When I try to open the php created zip file with Stuffit Expander, I get 
> the following message:
>   "Unknown zip header format encountered. This operation cannot 
> continue."
> 
> However, Zipit opens the archive fine. If I resave the archive from 
> Zipit, then Stuffit will read it without error. So far I have compared 
> the two files (the one created by php, and the one saved from Zipit). 
> The basic compressed data matches, but there definitely is a difference 
> in header structures.
> 
> I have downloaded the zip file format specs, but am still pulling my 
> hair out trying to figure out what all the different parts are. I am not 
> accustomed to working with hex data, so that to is making it hard.
> 
> I appreciate you taking the time to help! Thank you!
> 
> Steven J. Walker
> Walker Effects
> www.walkereffects.com
> [EMAIL PROTECTED]
> 
> On Tuesday, May 7, 2002, at 12:39  PM, Miguel Cruz wrote:
> 
> > Is it possible it's just a MIME type thing? Let me know how to find the
> > class you're using and I'll try to play with it this afternoon.
> >
> > miguel
> >
> > On Tue, 7 May 2002, Steven Walker wrote:
> >> You are right. I am testing this out now using a zip class I got 
> >> through
> >> the Zend website. However, Stuffit Expander does not like the zip files
> >> created by php. I am able to open the zip archive through Zipit just
> >> fine, and Stuffit Expander opens the Zipit files ok. So now I am trying
> >> to figure out how to modify the php zip class to make a zip archive 
> >> that
> >> Stuffit will read.
> >>
> >> Any thoughts?
> >>
> >>
> >> On Tuesday, May 7, 2002, at 11:39  AM, Miguel Cruz wrote:
> >>
> >>> On Tue, 7 May 2002, Steven Walker wrote:
>  Does anyone know a way to download multiple files with a php 
>  script? I
>  have 26 software products that can be purchased individually and I 
>  want
>  to make the download process easier. I have looked into dynamically
>  creating zip files, but it is problematic for Mac users (which 
>  account
>  for a large part of my user base).
> >>>
> >>> Are you sure it's a problem for your Mac users? Stuffit Expander, 
> >>> which
> >>> has come with all Macs for a while now and which is pretty much an
> >>> essential tool for everyone, handles zip files just fine.
> >>>
> >>> miguel
> >>>
> >>>
> >>> --
> >>> PHP General Mailing List (http://www.php.net/)
> >>> To unsubscribe, visit: http://www.php.net/unsub.php
> >>>
> >>>
> >>
> >>
> >
> 
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] multi-dimensional array

2002-05-09 Thread Steve Buehler

I am trying to learn some new things in the hopes that it would help me 
with my mysql/PHP programming.  The following code gives me an error: " 
Warning: Illegal offset type in z.php on line 25 ".

$result=mysql_query("SELECT * FROM division");
while(($row=mysql_fetch_object($result))){
$div_id=$row->div_id;
$array=array("sub1" => $row->sub1,
 "sub1d" => $row->sub1d,
 "sub2" => $row->sub2,
 "sub2d" => $row->sub2d,
 "sub3" => $row->sub3,
 "sub3d" => $row->sub3d,
 "sub4" => $row->sub4,
 "sub4d" => $row->sub4d,
 "sub5" => $row->sub5,
 "sub5d" => $row->sub5d,
 "game_length" => $row->game_length);
// The following is the line 25
$division[$div_id][$array]=array();
}

What I am trying to do is to be able to later call $division[$div_id][sub5] 
etc...  I sure hope that this can be done.  If not, I will just have to 
stick with temporary tables.

Thanks
Steve



Re: [PHP] Destroying Sessions

2002-05-09 Thread Steve Buehler

Best bet is to go to any book store that carries programming books and pick 
up a book on PHP.  There are so many different things that you need to know 
that nobody can mention them all here.  The other option is to go to 
http://www.php.net and read everything the site has.
$var = $value
assigns $value to the variable $var.
$var == $value
tests to see if $var and $value are equal.

Steve

At 07:00 PM 5/8/2002, Chris Knipe wrote:
>Nevermind
>
>For it sorted...   Does anyone have any reference to any documentation on
>how to use if statements properly?
>
>I know this sounds silly now, but when exactly do you use $var = $value, or
>$var == $value, and all the other operators?
>
>I'd really like to read up on this if someone can point me to a good
>reference... I'm having the same type of situations with Perl as well...
>Maybe it's just be who is stupid here... But hey, I'm trying :)
>
>--
>me
>
>
>- Original Message -
>From: "Chris Knipe" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Thursday, May 09, 2002 1:43 AM
>Subject: [PHP] Destroying Sessions
>
>
> > Hi all,
> >
> > Need some more help here unfortunately.  This time, I did check the
>manual,
> > and well, I'm not to sure what I'm doing wrong...
> >
> > From a global (shared) script, I start a session
> >
> > 
> >
> > I register session data, and use them throughout the site
> >
> > 
> >
> > Now, how on earth do I destroy that session?
> >
> >  >   include('../include/functions.inc');
> >   session_unset();
> >   $_SESSION = array();
> >   session_destroy();
> >   header ("Location: /index.php");
> > ?>
> >
> > I've tried all of that, to no prevail, the session remains, and my values
> > registered in $_SESSION['whatever'] still remains??
> >
> > Any help / pointers, much needed and appreciated.
> >
> > --
> > me
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] simple array question (Am a Newbie kindly excuse.)

2002-05-09 Thread Miguel Cruz

echo join (',', $a1);

On Fri, 10 May 2002, r wrote:
> Here is the code:
>  $a1[]="ryan1";
> $a1[]="ryan1.2";
> $a1[]="ryan2";
> $a1[]="ryan2.1.1.1.1.1";
> $a1[]="ryan3";
> $a1[]="ryan3.2";
> reset($a1);
> 
> print("Tesing arrays:");
> while(list($aa1,$aa2) = each ($a1))
> {
> print($aa2 . ",");
> }
> 
> ?>
> 
> Which gives out the output:
> Tesing arrays:
> ryan1,
> ryan1.2,
> ryan2,
> ryan2.1.1.1.1.1,
> ryan3,
> ryan3.2,
> 
> my question/problem is simply this: how do i stop the last comma from
> coming?

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




RE: [PHP] simple array question (Am a Newbie kindly excuse.)

2002-05-09 Thread Matthew Walker

Try this:

");
for($i=0; $i < count($a1); $i++) {
{
echo($a2[$i]);
if ($i != (count($a1) - 1)) {
echo ",";
}
}

?>


Matthew Walker
Senior Software Engineer
ePliant Marketing
 

-Original Message-
From: r [mailto:[EMAIL PROTECTED]] 
Sent: Friday, May 10, 2002 3:19 AM
To: [EMAIL PROTECTED]
Subject: [PHP] simple array question (Am a Newbie kindly excuse.)

Greetings my PHP people.
Will do things a bit backwork code first and what i want as that seems
the
easiest way to explain

Here is the code:
");
while(list($aa1,$aa2) = each ($a1))
{
print($aa2 . ",");
}

?>

Which gives out the output:
Tesing arrays:
ryan1,
ryan1.2,
ryan2,
ryan2.1.1.1.1.1,
ryan3,
ryan3.2,

my question/problem is simply this: how do i stop the last comma from
coming? because originally instead of giving the output to the browser i
want it to "feed" it to a hidden form field, which i enter into the
database
Yeah yeah yeah, wipe the tears of laugher from your eyes and remember,
you
too were once a newbie. :-o)
This list is great and i know i will get not one answer but many, thank
you
in advance.
-Ryan A.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.351 / Virus Database: 197 - Release Date: 4/19/2002
 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] simple array question (Am a Newbie kindly excuse.)

2002-05-09 Thread r

Greetings my PHP people.
Will do things a bit backwork code first and what i want as that seems the
easiest way to explain

Here is the code:
");
while(list($aa1,$aa2) = each ($a1))
{
print($aa2 . ",");
}

?>

Which gives out the output:
Tesing arrays:
ryan1,
ryan1.2,
ryan2,
ryan2.1.1.1.1.1,
ryan3,
ryan3.2,

my question/problem is simply this: how do i stop the last comma from
coming? because originally instead of giving the output to the browser i
want it to "feed" it to a hidden form field, which i enter into the
database
Yeah yeah yeah, wipe the tears of laugher from your eyes and remember, you
too were once a newbie. :-o)
This list is great and i know i will get not one answer but many, thank you
in advance.
-Ryan A.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Nitpicking - PHP 4.2.0 for windows says version is 4.1.2

2002-05-09 Thread Garth Dahlstrom

Interesting that you mention that, when I do PHP-CLI > test.html

I get Version 4.2.0 ... which is the CGI version Built April 20 2002

However my web server (I run it as an SAPI module) has: "Apache/1.3.20
(Win32) PHP/4.2.0 running..." in the console window and gives me Version
4.1.2, Build Mar 10 2002...

On Thu, 09 May 2002 21:09:12 +0100 Chris Hewitt wrote:

> Garth,
> 
> You might have two versions (cgi and module)?
> 
> Chris
> 
> Garth Dahlstrom wrote:
> 
> >Anyone notice this... when you do a 
> > >phpinfo();
> >?>
> >
> >you get "PHP Version 4.1.2", while my apache window
> >says "Apache/1.3.20 (Win32) PHP/4.2.0 running..."
> >
> >-G
> >
> >
> >
> 
> 



Northern.CA ===--
http://www.northern.ca 
Canada's Search Engine



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] fsockopen, and remaining data in buffer

2002-05-09 Thread Demitrious S. Kelly

Hello Guys!

 

I'm having troubles with not knowing the amount of data which is waiting
to be received in the buffer for a specific socket I can use fsockopen,
establish a connection, and write to the socket, I can read from the
socket just fine as well. The trouble I'm running into is illustrated in
this example

 

Eg: Open a socket to an ftp site (port 21). I can expect a banner from 

EG: the ftp server, but this is not always the case. if there is a 

EG: banner it is usually only one line, but this is not always the case.

EG: I can then fputs($fp, 'user anonymous'.chr(10)); After that fputs I 

EG: can expect one line to be in the buffer. I then fputs($fp, 'pass 

EG: [EMAIL PROTECTED]'.chr(10)); There can then be anything from 0 to 

EG: (lots) of bytes in the buffer, spanning multiple lines.

 

I want to be able to pull all of the waiting information out of the
socket, process it, and then proceed - not knowing the amount of data to
expect.  A while( $data=fgets($fp, ) ) works, but either a) hangs
when there is no more data to receive, or b) times the socket out when a
socket timeout on the file pointer is used, or c) is VERY unreliable
when the socket is set to non-blocking mode.  I've tried using
$var=socket_get_status($fp), but then $var['unread_bytes'] is always 0
or null... Am I missing something?

 

The development server is running slackware 8, kernel 2.4.18,
apache-1.3.24, and php 4.2

 

I'll send sample code if asked, Thanks in advance for the help!

 

 

 

 

-

  -- Demitrious S. Kelly

  -- Eagle Networks

 

-

 

 

 

 

-

  -- Demitrious S. Kelly

  -- Eagle Networks

 

-

 




Re: [PHP] Re: error-catching

2002-05-09 Thread Miguel Cruz

On Thu, 9 May 2002, Gert Mellak wrote:
>> If you just want to hide the error message, there's nothing wrong with
>> using @.
> 
> ok, it's a new point of view... I've always thought that this is bad
> programming style!

It's bad if you're using it to hide errors rather than fixing them.

If you have another reliable way of catching the same errors, then it's
fine.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




RE: [PHP] Re: how to send spaces in the url

2002-05-09 Thread Matthew Walker

Might I suggest using PHP's urlencode() to encode the string, and
Javascript's function unescape()?

Matthew Walker
Senior Software Engineer
ePliant Marketing
 

-Original Message-
From: Kevin Stone [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, May 09, 2002 11:37 AM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] Re: how to send spaces in the url

LOL!  A standard!?  In Javascript!?  You must be joking.  :-)

Nope. But it's not difficult.  You simply have to access the url string
with
'document.location.href', parse out the values individually and replace
the
space placeholders.  Can't remember what the exact javascript function
would
be.. I think it's 'string.replace' or something like that.  I'm certain
a
quick search.will reveal exactly what you need.
-Kevin

- Original Message -
From: "Pushkar Pradhan" <[EMAIL PROTECTED]>
To: "Kyle Gibson" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, May 09, 2002 10:24 AM
Subject: Re: [PHP] Re: how to send spaces in the url


> Thanks to all who responded.
> I think I should have mentioned that I am trying to send these vars.
in
> the url to a javascript pg. thus won't have access to php on the other
> side (i.e. I want to keep it this way for speed).
> So as Kyle suggested to replace the " " is the only way? This is fine
but
> isn't there something standard for this?
> > What you could do is think of some random sequence of characters,
say
> > |-| and use that for a space.
> >
> > Then, on the receiving script, just remember to use
> > str_replace("|-|"," ",$HTTP_SERVER_VARS["QUERY_STRING"])
> >
> >
> > If you don't have access to the receiving script, then you'll need
to
> > use "%20".
> >
> >
> > -Kyle
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
>
> -Pushkar S. Pradhan
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.351 / Virus Database: 197 - Release Date: 4/19/2002
 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] gobbling replace

2002-05-09 Thread Josh & Valerie McCormack

I'm doing a str_replace (same thing happens with ereg and preg) and when 
the pattern is found it's erasing everything after it and doing a 
strange replace, too.

I'm using a seven column CSV (new_data.csv) where the first [0] column 
is first name and the second [1] is last name. This is what I'm trying 
to search for, and replace with with some characters on either side. So 
it will find John Smith and replace it with 123 John Smith 456.

Here's the file I"m trying to do the replaces in (text.txt):
  1 This is a test of the templating program. 
  2 Here's hoping it's working. 
  3 
  4 
  5
  6 John Smith 
  7
  8 Peter Lem 
  9
 10 Shawn Adams 

Here's the program:
  1 

by the way, I know it's horribly ugly to open and close the file in the 
loop like that, but when it was outside the loop no changes were saved.

Here's the ouput (merged_text.html):
  1 This is a test of the templating program. 
  2 Here's hoping it's working. 
  3 
  4 
  5
  6 123 123 123 123 123 123 John Smith 456 456 456 456 4

Thanks for your help!

Josh


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] Nitpicking - PHP 4.2.0 for windows says version is 4.1.2

2002-05-09 Thread Garth Dahlstrom

Anyone notice this... when you do a 


you get "PHP Version 4.1.2", while my apache window
says "Apache/1.3.20 (Win32) PHP/4.2.0 running..."

-G



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] A pen pal system with Photo upload feature

2002-05-09 Thread Tyler Longren

This might help you:
http://www.phpbuilder.com/columns/william19990908.php3?page=1

Tyler Longren
Captain Jack Communications
[EMAIL PROTECTED]
www.captainjack.com

- Original Message - 
From: "Thomas Edison Jr." <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, May 09, 2002 12:23 PM
Subject: [PHP] A pen pal system with Photo upload feature


> Hi,
> 
> I've already built in a penpal system. Now i want to
> add a feature which allows user to upload his/her
> image. When other user's search for penpals, the
> photos should appear next to the record's details.
> 
> Can anyone guide me towards such a script/tutorial?
> 
> I'm using mySQL as my backend, on an Apache Web Server
> on Linux. 
> 
> Thanks,
> T. Edison jr.
> 
> 
> 
> =
> Rahul S. Johari (Director)
> **
> Abraxas Technologies Inc.
> Homepage : http://www.abraxastech.com
> Email : [EMAIL PROTECTED]
> Tel : 91-4546512/4522124
> ***
> 
> __
> Do You Yahoo!?
> Yahoo! Shopping - Mother's Day is May 12th!
> http://shopping.yahoo.com
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] Re: include text from a html-file online

2002-05-09 Thread Gert Mellak


Andreas Indahl <[EMAIL PROTECTED]> schrieb in im Newsbeitrag:
[EMAIL PROTECTED]
> I want to include text from a html-file that is online at another website.
> To be more precise: I want to include my seti-stats from
> http://setiathome.ssl.berkeley.edu/ on my own homepage. Can I do this with
> PHP?

certainly... just use the fopen-function and use the URL as the filename.
You handle it
the same way as a normal text-file.

Here's the link to the php-function:

http://www.php.net/manual/en/function.fopen.php

Greetings,

Gert.


I'm still confused - but on a much higher level...





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] error-catching

2002-05-09 Thread Herbert Mraz

Gert,

to prevent PHP to output any error messages, you can prefix the expression
with @, i.e.
$db = @mysql_connect( $host, $user, $password) or die ('Sorry, server is
down!');

Greetings,
Herb

- Original Message -
From: "Gert Mellak" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, May 09, 2002 4:00 PM
Subject: [PHP] error-catching


> Hi!
>
> When I open a database connection and i. e. the db-server is down,
> I get a very long, long error message telling me that the server is down.
>
> What I want to do is just echo a text, i. e. "DB-Server down" and leave
out
> the error message.
>
> Does anyone have an idea how to manage this?




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] include text from a html-file online

2002-05-09 Thread Andreas Indahl

I want to include text from a html-file that is online at another website.
To be more precise: I want to include my seti-stats from
http://setiathome.ssl.berkeley.edu/ on my own homepage. Can I do this with
PHP?

Sincerely
Andreas Indahl



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] Re: error-catching

2002-05-09 Thread Andreas Indahl

use or die ("DB-server down"); at the end of you line.
"Gert Mellak" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hi!
>
> When I open a database connection and i. e. the db-server is down,
> I get a very long, long error message telling me that the server is down.
>
> What I want to do is just echo a text, i. e. "DB-Server down" and leave
out
> the error message.
>
> Does anyone have an idea how to manage this?
>
> I'd be grateful for any information!
>
> TIA,
>
> Gert.
> [EMAIL PROTECTED]
> http://mellak.com
>
>
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Re: error-catching

2002-05-09 Thread Gert Mellak

J Smith <[EMAIL PROTECTED]> schrieb in im Newsbeitrag:
[EMAIL PROTECTED]
>
> You can write your own error handlers using set_error_handler(). Then,
> depending on the error code, you can decide whether you should display the
> error message, email it to you, log it, whatever.
>
> http://www.php.net/manual/en/function.set-error-handler.php

thank you very much! this seems to be what I was looking for!

>
> If you just want to hide the error message, there's nothing wrong with
using
> @.

ok, it's a new point of view... I've always thought that this is bad
programming style!

Thank you for your hints!

Gert.




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Re: error-catching

2002-05-09 Thread J Smith


You can write your own error handlers using set_error_handler(). Then, 
depending on the error code, you can decide whether you should display the 
error message, email it to you, log it, whatever.

http://www.php.net/manual/en/function.set-error-handler.php

If you just want to hide the error message, there's nothing wrong with using 
@.

J



Gert Mellak wrote:

>> $db_connect = mysql_connect($db_server, $db_user, $db_pass) or
> die('Couldn't
>> connect to database');
>>
>> $db_open = mysql_select_db($db_name, $db_connect) or die('Couldn't select
>> database');
> 
> well, I tried this out and if the mysql-server is down, I get the
> "Warning: Unable to connect to mysql-server"-stuff.
> 
> The only way I've found was to connect by @mysql_connect - but that's not
> the fine style, yeah?
> 
> Gert.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] PHP --> HTML

2002-05-09 Thread Matt Williams

On Thursday 09 May 2002 1:23 pm, Dan Hardiker wrote:

> You could also use some form of spider to go through your website. These
> are usually aimed at downloading a website to your local machine, or for
> mass caching.
> This should have the effect your after with minimum fuss and no rewriting
> of the .php scripts (or need to write another tool).

do a google for HTTRACK, very impressed with the sites we've had to cache 
locally

matt

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] A pen pal system with Photo upload feature

2002-05-09 Thread Bogdan Stancescu

You may also use blobs to store the images in the database. That may 
induce some major slowdown for large numbers of images. I would suggest 
going with a directory structure on the filesystem, managing the 
structure from PHP and allowing no more that 100 images per directory.

For example:
--
($count_limit-1)) {
$dir++;
mkdir($image_path.$dir);
$im=0;
  }
  // Ok, got the final image path - let's store it
  $image_path.=$dir.$im;

  // The file upload field is expected to be "image"
  if (is_uploaded_file($_POST["image"]) {
copy($_POST["image"],$image_path)
  }
  mysql_run_query("insert into entries set image_path=\"$dir$im\"");
?>
--

This is obviously just the skeleton of the upload page, but I hope it's 
explicit enough to start things going...

Bogdan

Jason Soza wrote:

>Couldn't you just add a column to your MySQL table where the image name 
>would be stored, then when you display your query results in your 
>script, just put something like:
>
>echo "";
>
>Seems easy enough.
>
>Jason Soza
>




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] register_globals in php4

2002-05-09 Thread Miguel Cruz

On Fri, 10 May 2002, Patrick Hsieh wrote:
> php4.1 recommends to set register_globals=off in php.ini to make php
> more strict.  My question is, if I turn off register_globals, what will
> happen if any malicious user just try to modify the variable values in
> the url? Say,
> 
> http://www.domain.com/xxx.php?id=3&sex=female
> 
> Does it work if user just change the value in the URL directly and send
> the url directly to web server?
> 
> How can we avoid the malicious attack by directly http GET/POST with
> modified parameter values to make possible system error or compromise?

If register_globals is off, then you'll get $_GET['id'] = 3 and 
$_GET['sex'] = female. It's then up to you to make sure those are okay. 
But at least $id and $sex won't get set until you explicitly set them in 
your code.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] register_globals in php4

2002-05-09 Thread Patrick Hsieh

Hello list,

php4.1 recommends to set register_globals=off in php.ini to make php
more strict.  My question is, if I turn off register_globals, what will
happen if any malicious user just try to modify the variable values in
the url? Say,

http://www.domain.com/xxx.php?id=3&sex=female

Does it work if user just change the value in the URL directly and send
the url directly to web server?

How can we avoid the malicious attack by directly http GET/POST with
modified parameter values to make possible system error or compromise?


-- 
Patrick Hsieh <[EMAIL PROTECTED]>
GPG public key http://pahud.net/pubkeys/pahudatpahud.gpg


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] date comparison again

2002-05-09 Thread Scott St. John

Thank you Miguel!  I was missing the /86400 and it works much better now 
:)






On Thu, 9 May 2002, Miguel Cruz wrote:

> On Wed, 8 May 2002, Scott St. John wrote:
> > Sorry to be so thick this morning, but I have a unix time stamp in my MS 
> > Sql server that is the date, plus 60 days to expire a password.  I want to 
> > take today's date and compare to the two to see:
> > 1)How many days until the password expires
> > 2)If the password already expired then force a password change. 
> > 
> > I am missing something I am sure because I am not getting the answer I am 
> > looking for with this code:
> > 
> > $expirePass = strtotime("now");  <-todays date
> > $myPassword = ("1026047985");<-from the MS Sql field
> > 
> > $itexpires = ($expirePass - $myPassword);
> 
> $daysleft = intval(($mypassword - now()) / 86400));
> 
> miguel
> 

-- 



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] date comparison again

2002-05-09 Thread Miguel Cruz

On Wed, 8 May 2002, Scott St. John wrote:
> Sorry to be so thick this morning, but I have a unix time stamp in my MS 
> Sql server that is the date, plus 60 days to expire a password.  I want to 
> take today's date and compare to the two to see:
> 1)How many days until the password expires
> 2)If the password already expired then force a password change. 
> 
> I am missing something I am sure because I am not getting the answer I am 
> looking for with this code:
> 
> $expirePass = strtotime("now");  <-todays date
> $myPassword = ("1026047985");<-from the MS Sql field
> 
> $itexpires = ($expirePass - $myPassword);

$daysleft = intval(($mypassword - now()) / 86400));

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Re: how to send spaces in the url

2002-05-09 Thread Kevin Stone

LOL!  A standard!?  In Javascript!?  You must be joking.  :-)

Nope. But it's not difficult.  You simply have to access the url string with
'document.location.href', parse out the values individually and replace the
space placeholders.  Can't remember what the exact javascript function would
be.. I think it's 'string.replace' or something like that.  I'm certain a
quick search.will reveal exactly what you need.
-Kevin

- Original Message -
From: "Pushkar Pradhan" <[EMAIL PROTECTED]>
To: "Kyle Gibson" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, May 09, 2002 10:24 AM
Subject: Re: [PHP] Re: how to send spaces in the url


> Thanks to all who responded.
> I think I should have mentioned that I am trying to send these vars. in
> the url to a javascript pg. thus won't have access to php on the other
> side (i.e. I want to keep it this way for speed).
> So as Kyle suggested to replace the " " is the only way? This is fine but
> isn't there something standard for this?
> > What you could do is think of some random sequence of characters, say
> > |-| and use that for a space.
> >
> > Then, on the receiving script, just remember to use
> > str_replace("|-|"," ",$HTTP_SERVER_VARS["QUERY_STRING"])
> >
> >
> > If you don't have access to the receiving script, then you'll need to
> > use "%20".
> >
> >
> > -Kyle
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
>
> -Pushkar S. Pradhan
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php