[PHP] Trasformazione XSLT
Ciao a tutti, ho bisogno di qualche dritta: Voglio utilizzare la trasformazione xslt ma mi servirebbe un modello xslt di esempio per vedere se il mio è errato Allego il mio di test: ?xml version=1.0 ? xsl:stylesheet version=1.0 xmlns:xsl=http://www.w3.org/TR/WD-xsl; xsl:template match=/ html head titlexsl:value-of select=catalogo/data//title /head body xsl:value-of select=catalogo/ /body /html /xsl:template /xsl:stylesheet Quando faccio la trasformazione il risultato è uguale al xsl e non alla fusione col documento xml. Allego anche la prima parte per chiarezza: ?php $doc = domxml_new_doc(1.0); $catalogo = $doc-add_root('catalogo'); $data = $catalogo-new_child('data','oggi'); $xml_string=$doc-dump_mem(true); $xsl_file='style.xsl'; $xsl_parames=; XSLTrasform($xml_string,$xsl_file,$xsl_params); function XSLTrasform($xml_string,$xsl_file,$xsl_params){ $xsl_string=join(,file($xsl_file)); $arg_buffer=array(/xml =$xml_string,/xslt=$xsl_string); $xp=xslt_create() or die (Non posso creare il processo); $cwd='file://'.dirname($_SERVER['SCRIPT_FILENAME'])./; xslt_set_base($xp,$cwd); if ($result=xslt_process($xp,arg:/xml,arg:/xslt,null,$arg_buffer)){ echo $result; }else{ echo (Errore nell'elaborazione); }; xslt_free($xp); return; }; ? Distinti saluti, P.I. Agnoletto Christian CEDA Computers S.r.l. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ideas for articles?
My first guess would be exec('lpr somefile'); Jim Hatridge wrote: Hi Justin et al... On Thursday 24 October 2002 04:29, Justin French wrote: Hi, I've been approached by a couple of site to write an article or two on PHP. Any ideas on a topic that I might want to tackle? What do people want to learn about? Justin For me an article on how to print from PHP (under Linux) to my HP laserjet. I mean real paper and ink. It seems everytime I find something about printing it only talks about printing to the screen (or at very best to file). In fact if any one can give me a hint about this ? Thanks JIM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How many is too many?
This depends on the filesystem used, but I would recomend you to organized them by year. Now you have few hundred articles, two or three years later it might be 1000, and reorganize it then would be much harder then to create the directories now. Monty wrote: This is a more general server question: I know that having a large number of files in one folder can slow down a web server, but, how many would it take for this to be a problem? Wondering if I should store all articles for a content site in one big 'articles' folder with each article having it's own folder within (/articles/article_id/), or if I should organize them by year then article name (/articles/2002/article_id). The site will only produce a few hundred articles a year. I'd like the keep the file structure shallow and simple if possible, but, if it could potentially slow the server down by putting so many folder in one I'll split them up more. Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] sessions
hi, When using sessions , how can i test if a browser supports cookies on the clients browser. When i use cookies why does the PHPSESSID=blah visible in the url. Is it dangerous to let php handle the sid in the url if a browser does not support cookies?Can someone send me an example of good login code. ps Im a beginner , so go easy on me Thanks Shaun -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] sessions
Hi Shaun, how can i test if a browser supports cookies Try and set one on page A, and then read it on page B. If it's not there, the browser doesn't support cookies. Is it dangerous to let php handle the sid in the url if a browser does not support cookies? There's an extremely remote possibility a session can be hijacked. Can someone send me an example of good login code. Sure: http://zend.com/zend/tut/authentication.php Cheers Jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Adding to cart function.
My boss wants me to add a number of items to the cart based on a user form input. At the moment my add to cart function checks if anything is in it and then increments one item (using this code). I can supply the full function if required but just this part would get me away I think. if($cart[$new]) $cart[$new]++; Instead of incrementing by one how do I increment by a variable which would be the form input? Steve Jackson Web Developer Viola Systems Ltd. http://www.violasystems.com [EMAIL PROTECTED] Mobile +358 50 343 5159 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] processing form checkboxes
add squere brackets to the name and loop through $_POST['state'], as this will become an array now James Taylor wrote: Heya folks, not sure if this is more of a php question or an html question, though I'm right now leaning towards a 50% php, 50% html, so I think this is on topic still. I have a form filled with checkboxes, each representing one of the 50 states. A user can check as many states as they want, then post the data - The checkbox form would look *something* like: tdinput type=checkbox name=state value=1nbsp;nbsp;Alabama/td tdinput type=checkbox name=state value=2nbsp;nbsp;Alaska/td tdinput type=checkbox name=state value=3nbsp;nbsp;Arizona/td Instead of assigning a unique name to each checkbox, I know there's *some* way to make it so the same name has multiple values, as I've seen it done before (somehow). When posting the data though, the script is only recognizing the box checked with the highest value foreach ($_POST as $value) { echo $valuebr/\n; } ^^^ Only shows the highest value Any ideas on how to do this without having to check for isset($_POST['california']), isset($_POST['alabama']) etc. etc.? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Adding to cart function.
Hi ? $newamount = 5; if($cart[$new]) $cart[$new] = $cart[$new] + $newamount; ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Register Globals Off in .htacces
Hi to Everyone, I just want to know if there is a way that i can have register_globals On in my php.ini file but for some application i can turn that Off perhaps with a .htacces file. Thx for any help. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session_start... twice?
I have a single page site I'm working on that displays the contents of your current session. Users can clear the contents by clicking a link that triggers a $PHP_SELF?clear=1 - Before any headers are sent out, the script checks for $_GET['clear'], and if it's set, it does a session_destroy();. For some reason though, the contents of the session are STILL displayed until you do a refresh on the page. However, for some bizarre reason, if I call session_start() at the very beginning, call session_destroy(); and then session_start() AGAIN after the destroy, it seems to work like it's supposed to. Is this a bug, or is it working properly? Also - I'm sure there's a better method than this - Any suggestions on what that might be? If there are no better methods well... Are there any downsides to what I'm doing? Below is a sample version of the script, to give you an idea of what I mean incase my ramblings above didn't make sense. Thanks!. ?php session_start();// Start the session if (isset($_GET['clear'])) { session_destroy(); // If they chose to clear the session, then we do so } session_start(); // Start it again; it works for whatever reason ? htmlbody (some other stuff) ? /* Here I just print out whatever's in the session. Unless session_start is called the second time after the destroy, a user will have to click refresh before the data appears to be gone */ if (isset($_SESSION['states'])) { foreach ($_SESSION['states'] as $value) { echo $valuebr/\n; } } // and lastly, here's our clear session link below ? a href=index.php?clear=1Clear the session/a /body/html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Register Globals Off in .htacces
Hi, I just want to know if there is a way that i can have register_globals On in my php.ini file but for some application i can turn that Off perhaps with a .htacces file. In your .htaccess: php_flag register_globals on or php_flag register_globals off Manual pages at http://www.php.net/manual/en/configuration.changes.php Cheers Jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Register Globals Off in .htacces
Thx for your reply It is working. I also found from php.net that it's possible to set register_globals to off on a site-by-site basis via Apache, thus overriding the global setting of register_globals in php.ini: In httpd.conf: VirtualHost 127.0.0.1 ServerName localhost DocumentRoot /var/www/html/mysite php_value register_globals 0 (or 1 for on) /VirtualHost That way, sites with old code can have register globals turned on, but for all new developments it will be disabled. Jon Haworth wrote: Hi, I just want to know if there is a way that i can have register_globals On in my php.ini file but for some application i can turn that Off perhaps with a .htacces file. In your .htaccess: php_flag register_globals on or php_flag register_globals off Manual pages at http://www.php.net/manual/en/configuration.changes.php Cheers Jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Register Globals Off in .htacces
Hi, Thx for your reply It is working. No probs, glad to help. I also found from php.net that it's possible to set register_globals to off on a site-by- site basis via Apache, thus overriding the global setting of register_globals in php.ini: VirtualHost 127.0.0.1 ServerName localhost DocumentRoot /var/www/html/mysite php_value register_globals 0 (or 1 for on) /VirtualHost Yup, or even in directories: Directory /var/www/html/mysite/foo php_value register_globals 0 /Directory Which might be handy if you're updating scripts on a live site. Cheers Jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Mail form
Why my mail prcessing script don't recognize the value from the form file. If I call the $numele variable it's just output a null. This is the form.html html head titleNumele/title body form name=form method=post action=mail.php p align=centerNume: input name=numele type=text value=Cum vrei tu /p div align=center input type=submit name=Submit value=Trimite /div /form /body /html And this is mail.php html/headtitleMesajul este trimis/title ?php $email = Nume:\t$numele; $to = [EMAIL PROTECTED]; $subject = Nume; # mail($to, $subject, $email); ? /head bodydiv align=justify ? echo (Ai trimis numele $numele); ? /div /body /html the mail command is commentet for testing purpose, I don't want to receive a e-mail every time I test the script. -- Trasca Ion-Catalin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session_start... twice?
This has to do with how php works with session internaly. $_SESSION is set after the fist call to session_start(), session_destroy() destroys only data that are already stored, the second call to session_start() tries to retrieve these data, but there are none. Use $_SESSION=array() before session_destroy() as the documentation sugests James Taylor wrote: I have a single page site I'm working on that displays the contents of your current session. Users can clear the contents by clicking a link that triggers a $PHP_SELF?clear=1 - Before any headers are sent out, the script checks for $_GET['clear'], and if it's set, it does a session_destroy();. For some reason though, the contents of the session are STILL displayed until you do a refresh on the page. However, for some bizarre reason, if I call session_start() at the very beginning, call session_destroy(); and then session_start() AGAIN after the destroy, it seems to work like it's supposed to. Is this a bug, or is it working properly? Also - I'm sure there's a better method than this - Any suggestions on what that might be? If there are no better methods well... Are there any downsides to what I'm doing? Below is a sample version of the script, to give you an idea of what I mean incase my ramblings above didn't make sense. Thanks!. ?php session_start();// Start the session if (isset($_GET['clear'])) { session_destroy(); // If they chose to clear the session, then we do so } session_start(); // Start it again; it works for whatever reason ? htmlbody (some other stuff) ? /* Here I just print out whatever's in the session. Unless session_start is called the second time after the destroy, a user will have to click refresh before the data appears to be gone */ if (isset($_SESSION['states'])) { foreach ($_SESSION['states'] as $value) { echo $valuebr/\n; } } // and lastly, here's our clear session link below ? a href=index.php?clear=1Clear the session/a /body/html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mkdir and directory permissions
On Friday 25 October 2002 06:51, Matias Silva wrote: Hi-ya all, here's a quickie... In my script I create a directory (mysql.backup.timestamp/) within a directory called backup/. I use the function mkdir(mysql.backup.timestamp, 0777); and it shows the permissions as after the function executes: drx--t 2 nobodydaemon1024 Oct 24 15:16 mysql.backup.October-24-2002-1516 Where's the permissions (drx--t 2 nobody daemon) coming from? Is it the php.ini, apache conf or the operating system? The permissions (rx--t) is coming from your mode setting in your mkdir() function AND from the system setting umask -- see manual - umask() and check out user comments as well. I would like to set the owner to root and the group to nc. How can this be achieved by the php script? Or do I have set this up in the other environments (OS or Apache)? You can't. The user:group comes from the user running the webserver, which in your case is nobody:daemon. Only root can the the user:group ownership of files and directories. So unless your webserver is running as root you cannot use chown()/chgrp(). -- Jason Wong - Gremlins Associates - www.gremlins.com.hk Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * /* After years of research, scientists recently reported that there is, indeed, arroz in Spanish Harlem. */ -- Jason Wong - Gremlins Associates - www.gremlins.com.hk Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * /* Richard B. Johnson wrote: It's a tomorrow thing. Ten hours it too long to stare at a screen. Sissy! - Jens Axboe on linux-kernel */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Looking for an open source PHP editor on linux
Dear All I am wondering if anyone know, some good open source editor for PHP on linux/Unix Hopping for The Best :) Tariq -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mkdir and directory permissions
Actualy, you can use chgrp(), but apache must be a member of the group you are changing to. Jason Wong wrote: On Friday 25 October 2002 06:51, Matias Silva wrote: Hi-ya all, here's a quickie... In my script I create a directory (mysql.backup.timestamp/) within a directory called backup/. I use the function mkdir(mysql.backup.timestamp, 0777); and it shows the permissions as after the function executes: drx--t 2 nobodydaemon1024 Oct 24 15:16 mysql.backup.October-24-2002-1516 Where's the permissions (drx--t 2 nobody daemon) coming from? Is it the php.ini, apache conf or the operating system? The permissions (rx--t) is coming from your mode setting in your mkdir() function AND from the system setting umask -- see manual - umask() and check out user comments as well. I would like to set the owner to root and the group to nc. How can this be achieved by the php script? Or do I have set this up in the other environments (OS or Apache)? You can't. The user:group comes from the user running the webserver, which in your case is nobody:daemon. Only root can the the user:group ownership of files and directories. So unless your webserver is running as root you cannot use chown()/chgrp(). -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Looking for an open source PHP editor on linux
Have a look at www.jedit.org This editor is not specific to PHP but it does handle PHP well. Clint -Original Message- From: Tariq Murtaza [mailto:tariq;smeda.org.pk] Sent: Friday, October 25, 2002 6:01 AM To: [EMAIL PROTECTED] Subject: [PHP] Looking for an open source PHP editor on linux Dear All I am wondering if anyone know, some good open source editor for PHP on linux/Unix Hopping for The Best :) Tariq -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Register Globals Off in .htacces
On Fri, 25 Oct 2002 13:16:27 +0300 Tjoumaidis [EMAIL PROTECTED] wrote: Hi to Everyone, I just want to know if there is a way that i can have register_globals On in my php.ini file but for some application i can turn that Off perhaps with a .htacces file. I prefer it Off in php.ini and On in the .htaccess file. php_flag register_globals On Yes, you can do it. Alister -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: the xml functions [worth a read]
Thank you for your response. First of all, I'm not sure if you are familiar, but I am working on a project called eNetwizard Content Management Server. More is available here: http://www.sourceforge.net/projects/enetwizard/ Content is stored as XML, but not in the usual manner. eNetwizard is able to manage an unlimited number of domains and websites from a central web environment. It does this because it acts as a web server and determines what content to deliver based on the URL string. Content is stored in a matrix folder like this: /matrix /matrix/net /matrix/net/enetwizard /matrix/net/enetwizard/www In this manner, all content for www.enetwizard.net http://www.enetwizard.net/ is stored in the /matrix/net/enetwizard/www folder. However, it is even more complicated than that. Content is compiled by scope. /matrix is considered the global scope. /matrix/net/enetwizard is in the domain scope. /matrix/net/enetwizard/www is in the website scope. And the files in that directory are in the page scope. Each of these directories can have a file (_.rsw) which is a part of the eNetwizard XML that is compiled. It must be fully-conformant XML and this is determined by the class I wrote to validate it. My understanding is that PHP does not have the ability to use DTD's - am I wrong about this? Anyway, the reason for the scope is to build complex templates and pages. For example, maybe you want a copyright at the bottom of every page that is on the enetwizard.net domain - you simply put it in the TAIL section of the domain scope .RSW file. When eNetwizard is called, it compiles it all, validates it, and then converts it to HTML (or anything else you want it to really). Here's an example: www.natural-law.net/default.exml (this file is the result of compiling and validating the .RSW files) www.natural-law.net/default.ehtml (this file is the result of converting it) Now, to get to what I'm trying to get at: I understand that XML used the ampersands as reserved words. This is a good thing in most instances, because it will be nice to define these entities, but how do I do that with the limitations of the PHP parser functions? And what is the way around this? I believe that the way I have things set up now, I would like it to simply treat them as CDATA, because these can be dealt with in the $Server class later on (when doing the conversions to HTML, etc.) Also, in order to validate the DTD (that I could make if PHP can work with it) - it would have to wait till after the compilation of the .RSW files - the .RSW files are also parsed as XML and first put into an associative array - it organizes them by their main grouping and scope -- STYLE, META, HEAD, BODY, and TAIL -- it works really nicely, as those two links will show... If you'd like to see the code for these two classes, let me know, and I'll send them to you, and you can see how I have this set up. It may help to have a more interactive tour of how all of this works, but I haven't gotten that far in the project yet. I just finished the last of the core (this XML stuff) and am about to start creating the wizards (management panels) for the project, then the documentation, then the release... Thanks very much if you can give me an idea on how to tackle this unique issue. -Samuel Robert Samuel White wrote: I am having a hard time understanding one of the features of the xml parser functions. If the string I am parsing includes nbsp; or something similar, it encounters an error. I've read the docs and I don't understand how to have the parser process these. Any advice would be great. Basically, unless you've coded something to deal with them ampersands are the ultimate reserved word in XML. The easiest way to deal with them is to scrub them to amp;nbsp; before they go through the XML parser. The right way to deal with them is to define nbsp; as a valid entity in your DTD and make sure that all XML strings have a DTD when they are fed through the parser. J Wynia phpgeek.com
Re: [PHP] Looking for an open source PHP editor on linux
Thanks Clint Tredway Actually i am looking for syntax highlighting / help feature of PHP in editor. Any body Tariq Clint Tredway wrote: Have a look at www.jedit.org This editor is not specific to PHP but it does handle PHP well. Clint -Original Message- From: Tariq Murtaza [mailto:tariq;smeda.org.pk] Sent: Friday, October 25, 2002 6:01 AM To: [EMAIL PROTECTED] Subject: [PHP] Looking for an open source PHP editor on linux Dear All I am wondering if anyone know, some good open source editor for PHP on linux/Unix Hopping for The Best :) Tariq -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Looking for an open source PHP editor on linux
the personal edition (2.0) from www.zend.com well - its not open source but it has nice help and debug-features for PHP. Tariq Murtaza wrote: Dear All I am wondering if anyone know, some good open source editor for PHP on linux/Unix Hopping for The Best :) Tariq -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] using curl to get part of the html
You have the page in $result, so you need $result=explode(\n,$result), and echo $result[0] - [99] Patrick Hsieh wrote: Hello list, I am writing a php script to fetch a html page and verify its content which generated by a remote cgi program. The special cgi program generates endless content to the http client. Therefore, I need to figure out a solution for curl to fetch part of the html source code(In fact, I only need the first 100 lines of the html source). I tried CURLOPT_TIMEOUT, but when curl_exec() timeouts, it will not return part of the html source it already fetched--actually it returns nothing at all. Is there any way to work around this? #!/usr/bin/php4 -q ?php $url = http://www.example.com/cgi-bin/large_output.cgi;; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 3); $result = curl_exec($ch); curl_close($ch); echo $result; ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Mail form
Register globals problem - either use $_POST['numele'] (prefered), or turn register_globals on. Trasca Ion-Catalin wrote: Why my mail prcessing script don't recognize the value from the form file. If I call the $numele variable it's just output a null. This is the form.html html head titleNumele/title body form name=form method=post action=mail.php p align=centerNume: input name=numele type=text value=Cum vrei tu /p div align=center input type=submit name=Submit value=Trimite /div /form /body /html And this is mail.php html/headtitleMesajul este trimis/title ?php $email = Nume:\t$numele; $to = [EMAIL PROTECTED]; $subject = Nume; # mail($to, $subject, $email); ? /head bodydiv align=justify ? echo (Ai trimis numele $numele); ? /div /body /html the mail command is commentet for testing purpose, I don't want to receive a e-mail every time I test the script. -- Trasca Ion-Catalin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Mail form
Now I noticed that I can't take any variable from another file. It's my programs fault or I have to modify something in Apache or PHP? -- Trasca Ion-Catalin Trasca Ion-Catalin [EMAIL PROTECTED] wrote in message news:20021025100207.89943.qmail;pb1.pair.com... Why my mail prcessing script don't recognize the value from the form file. If I call the $numele variable it's just output a null. This is the form.html html head titleNumele/title body form name=form method=post action=mail.php p align=centerNume: input name=numele type=text value=Cum vrei tu /p div align=center input type=submit name=Submit value=Trimite /div /form /body /html And this is mail.php html/headtitleMesajul este trimis/title ?php $email = Nume:\t$numele; $to = [EMAIL PROTECTED]; $subject = Nume; # mail($to, $subject, $email); ? /head bodydiv align=justify ? echo (Ai trimis numele $numele); ? /div /body /html the mail command is commentet for testing purpose, I don't want to receive a e-mail every time I test the script. -- Trasca Ion-Catalin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP with FTP support on a Raq4 Server
Hi People, I am running PHP 4.1.2 on a Cobalt Raq4 server. I'm pretty new to Linux and can't understand why the server has come preinstalled with 2 diffrent versions of PHP. When I run phpinfo() from scripts on the site through my browser it says PHP is installed as an Apache module, but when I run it from the command line it still has the same version number but says its a CGI install. I'm trying to use the ftp_connect() function in a script that is run from the command line, ie. the CGI version and everytime I run it it says 'Call to undefined function ftp_connect()' yet when I run it through the browser on my site which is running the same version of PHP just the Apache module it works fine. Does anyone know what causes this strange behaviour or what I can do to get my ftp_connect() function working from the command line on a Raq4 server? Thanks for any help. Chris Morrow -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] re: mail form
You need to use $_POST[numele] instead of $numele - that or edit your php.ini file. Now I noticed that I can't take any variable from another file. It's my programs fault or I have to modify something in Apache or PHP? -- Trasca Ion-Catalin Trasca Ion-Catalin [EMAIL PROTECTED] wrote in message news:20021025100207.89943.qmail;pb1.pair.com... Why my mail prcessing script don't recognize the value from the form file. If I call the $numele variable it's just output a null. This is the form.html html head titleNumele/title body form name=form method=post action=mail.php p align=centerNume: input name=numele type=text value=Cum vrei tu /p div align=center input type=submit name=Submit value=Trimite /div /form /body /html And this is mail.php html/headtitleMesajul este trimis/title ?php $email = Nume:\t$numele; $to = [EMAIL PROTECTED]; $subject = Nume; # mail($to, $subject, $email); ? /head bodydiv align=justify ? echo (Ai trimis numele $numele); ? /div /body /html the mail command is commentet for testing purpose, I don't want to receive a e-mail every time I test the script. -- Trasca Ion-Catalin
Re: [PHP] Looking for an open source PHP editor on linux
You can try http://quanta.sourceforge.net or. http://nusphere.com/products/phpadv.htm (this one isn't free) Tariq Murtaza wrote: Thanks Clint Tredway Actually i am looking for syntax highlighting / help feature of PHP in editor. Any body Tariq Clint Tredway wrote: Have a look at www.jedit.org This editor is not specific to PHP but it does handle PHP well. Clint -Original Message- From: Tariq Murtaza [mailto:tariq;smeda.org.pk] Sent: Friday, October 25, 2002 6:01 AM To: [EMAIL PROTECTED] Subject: [PHP] Looking for an open source PHP editor on linux Dear All I am wondering if anyone know, some good open source editor for PHP on linux/Unix Hopping for The Best :) Tariq -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Looking for an open source PHP editor on linux
VIM :) -- Maxim Maletsky [EMAIL PROTECTED] www.PHPBeginner.com // PHP for Beginners www.maxim.cx // my Home // my Wish List: ( Get me something! ) http://www.amazon.com/exec/obidos/registry/2IXE7SMI5EDI3 Tariq Murtaza [EMAIL PROTECTED] wrote... : Dear All I am wondering if anyone know, some good open source editor for PHP on linux/Unix Hopping for The Best :) Tariq -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] extract($_POST)
$_GET is definately insecure because the user can insert values into the URL line, which may expose data which should be secure (depending upon how you've written your scripts). $_POST is more secure, if you add additional protective coding. An excellent example was provided a couple days ago. In the following, assume $admin must be set to trustme and is set from a form: INSECURE method 1: if( ISSET($admin) ) { print $sensitive_data; } INSECURE method 2: if( $admin==trustme ) { print $sensitive data; } MORE SECURE method: $admin = ; extract($_POST); if( $admin == trustme ) { print $sensitive_data; } The insecure methods can be fooled by the user guessing/inserting a variable named $admin, set to trustme in the URL. The more secure method ensures it MUST come from a form. Be advised: the user can create his own form with $admin as a variable and submit it to your PHP script. Therefore, additional precautions and authentication are warranted. - Original Message - From: Monty [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 25, 2002 12:37 AM Subject: Re: [PHP] extract($_POST) I'm devastated to hear that extract($_POST) or extract($_GET) are security risks because that's the method I went with for a bunch of scripts I'm writing now. But I don't understand how this... $admin = $_POST['admin']; ... is more secure? Isn't the security risk that they can hijack your var data? If so, I don't see how the above would make it possible to know whether the data in $_POST isn't coming from your own scripts. Especially for forms where it's not really efficient to validate every possibility for a field, such as a Country field. But maybe I'm missing the point, and if so I'd like to understand so I can make my scripts more secure when passing data. It seems like I will need to basically re-define every form field and GET variable at the beginning of each script literally. Monty From: [EMAIL PROTECTED] (Mike Ford) Newsgroups: php.general Date: Thu, 24 Oct 2002 18:41:04 +0100 To: '1LT John W. Holmes' [EMAIL PROTECTED], Rick Emery [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: [PHP] extract($_POST) -Original Message- From: 1LT John W. Holmes [mailto:holmes072000;charter.net] Sent: 23 October 2002 19:51 Say you have something like this: if($_POST['name'] == John) { $admin = TRUE; } if($admin) { show_sensitive_data(); } Now, if you're using extract(), I can send $admin through the post data and you'll extract it into your script. That's where the security flaw lies, but the flaw is in the programming, not PHP. You can have a secure example by doing this: $admin = FALSE; if($_POST['name'] == John) { $admin = TRUE; } Or just $admin = $_POST['name']==John; Actually, I'd also collapse this into the subsequent if, and write it like this: if ($admin = $_POST['name']==John): show_sensitive_data(); endif; I love languages where assignments are expressions! Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] extract($_POST)
The more secure method ensures it MUST come from a form. Be advised: the user can create his own form with $admin as a variable and submit it to your PHP script. Therefore, additional precautions and authentication are warranted. And what should these precautions be? If a malicious user can submit his own form and you are looking for a POST variable, how can you ensure that $admin came from your form and not that user's? And if that same user can hijack a session, that makes it so you have even less precautions you can take. I'm honestly interested in this. I've read the security section of the manual, read similar threads and each time, I've come to the conclusion that you can really only ever be so secure. And that all of the tests, checks, balances you may implement are all for naught where a really determined malicious user is concerned. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] extract($_POST)
A determined hacker can get through. Period. Additional safeguards might include username/password authentication against a database. You can only make it more difficult for a hacker to break-in. You can never have absolute certainty he won't. - Original Message - From: Chris Boget [EMAIL PROTECTED] To: Rick Emery [EMAIL PROTECTED] Cc: PHP General [EMAIL PROTECTED] Sent: Friday, October 25, 2002 8:53 AM Subject: Re: [PHP] extract($_POST) The more secure method ensures it MUST come from a form. Be advised: the user can create his own form with $admin as a variable and submit it to your PHP script. Therefore, additional precautions and authentication are warranted. And what should these precautions be? If a malicious user can submit his own form and you are looking for a POST variable, how can you ensure that $admin came from your form and not that user's? And if that same user can hijack a session, that makes it so you have even less precautions you can take. I'm honestly interested in this. I've read the security section of the manual, read similar threads and each time, I've come to the conclusion that you can really only ever be so secure. And that all of the tests, checks, balances you may implement are all for naught where a really determined malicious user is concerned. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Register Globals Off in .htacces
it works only if i put it in my httpd.conf - yes allowoveride is set to all :/ i'm using apache 1.3.27 on win2k. Jon Haworth wrote: Hi, Thx for your reply It is working. No probs, glad to help. I also found from php.net that it's possible to set register_globals to off on a site-by- site basis via Apache, thus overriding the global setting of register_globals in php.ini: ServerName localhost DocumentRoot /var/www/html/mysite php_value register_globals 0 (or 1 for on) Yup, or even in directories: php_value register_globals 0 Which might be handy if you're updating scripts on a live site. Cheers Jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Register Globals Off in .htacces
Hi Frank, ServerName localhost DocumentRoot /var/www/html/mysite php_value register_globals 0 (or 1 for on) it works only if i put it in my httpd.conf - yes allowoveride is set to all :/ i'm using apache 1.3.27 on win2k. Well, you're doing *something* wrong, 'cos it works fine here :-) You have got an AccessFileName .htaccess directive, right? You might like to try asking in news:comp.infosystems.www.servers.ms-windows, or hanging around here until an Apache guru turns up... Cheers Jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Register Globals Off in .htacces
well, i found my mistake ;) on windows i forgot to change the name of the .htaccess-files because on win they couldnt have a extentsion without a name. So i've named them now only htaccess without the dot and it works fine Frank W. wrote: it works only if i put it in my httpd.conf - yes allowoveride is set to all :/ i'm using apache 1.3.27 on win2k. Jon Haworth wrote: Hi, Thx for your reply It is working. No probs, glad to help. I also found from php.net that it's possible to set register_globals to off on a site-by- site basis via Apache, thus overriding the global setting of register_globals in php.ini: ServerName localhost DocumentRoot /var/www/html/mysite php_value register_globals 0 (or 1 for on) Yup, or even in directories: php_value register_globals 0 Which might be handy if you're updating scripts on a live site. Cheers Jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Ereg help
Hey all, I've been fighting this all night, I need a bit of help. I have a string like. #21-935 Item Description: $35.95 Where the part # could be 10-2034 a combination of 2 and 3 or 4 digits, and the price could be a combination of 1,2,3 . 2 digits. I want to chop that string into Part # / Description / Price. I'd appreciate any help, I know this is probably real simple :) Thanks in advance. Thanks, William Glenn Import Parts Plus http://www.importpartsplus.com
[PHP] Re: Ereg help
William Glenn [EMAIL PROTECTED] wrote in message news:003101c27c3b$ff8c61a0$6401a8c0;cortez.co.charter.net... Hey all, I've been fighting this all night, I need a bit of help. I have a string like. #21-935 Item Description: $35.95 Where the part # could be 10-2034 a combination of 2 and 3 or 4 digits, and the price could be a combination of 1,2,3 . 2 digits. I want to chop that string into Part # / Description / Price. I'd appreciate any help, I know this is probably real simple :) Thanks in advance. Try: ? $item = '#21-935 Item Description: $35.95'; $all = explode( ' ', $item ); $part_nr = substr( array_shift( $all ), 1 ); $rest = explode( '$', implode( ' ', $all ) ); $description = substr( trim( $rest[0] ), 0, -1 ); $price = $rest[1]; ? I bet there is a much nicer (and maybe faster way), but this is by far the easiest (it doesn't cost one night) ;-)) One hundred thousand of these iterations took about 2 seconds... Grtz Erwin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] writing pdf files to physical files...
I presently generate pdf files as required... I use FPDF for writing PDF... I require to save these to file... is it a simple case of: where the script: generate_stats_view_table_pdf.php generates the PDF... ? $fcontents= file ('http://www.domain.com/autoreport/generate_stats_view_table_pdf.php'); while (list ($line_num, $line) = each ($fcontents)) { $display .= $line; } $fp=fopen(/usr/local/psa/home/vhosts/domain.com/httpdocs/admin/hourly/stats _detailed.pdf,w); fputs($fp,$display); fclose($fp); ? TIA... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Quick way to test series of integers
Paul Kaiser [EMAIL PROTECTED] wrote in message news:58851.208.216.64.17.1035495310.squirrel;illinimedia.com... I have around 50 checkboxes on an HTML form. Their value is 1. So, when a user check the box, then no problem -- the value returned by the form is 1 and I can enter that into my SQL database. HOWEVER... If the user does not check the box, I'm in trouble, because the value does not default to 0, but rather nil I'm guessing... You can take advantage of the way PHP parses passed values... If you have two (or more) form inputs with the same name, the last value over-writes the previous one(s). ie if your script is called like myscript.php?n=0n=1 then you get $_GET[n] == 1 Sure, you say, but how can I make use of that? Well, if the last value weren't sent, you would still have the previous value, ie $_GET[n] == 0 Try this: input type=hidden name=n value=0// this value is *always* sent input type=checkbox name=n value=1// this value is only sent if checked! NOTE: the order is important! The conditional input must come *after* the default! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Looking for an open source PHP editor on linux
I think Glimmer is pretty good. http://glimmer.sourceforge.net/ Brad On Fri, 2002-10-25 at 07:49, Maxim Maletsky wrote: VIM :) -- Maxim Maletsky [EMAIL PROTECTED] www.PHPBeginner.com // PHP for Beginners www.maxim.cx // my Home // my Wish List: ( Get me something! ) http://www.amazon.com/exec/obidos/registry/2IXE7SMI5EDI3 Tariq Murtaza [EMAIL PROTECTED] wrote... : Dear All I am wondering if anyone know, some good open source editor for PHP on linux/Unix Hopping for The Best :) Tariq -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Ereg help
?php $s = #12-3456 The Item description $35.43; $qq = ereg(#([0-9]*-[0-9]*) ([a-zA-Z0-9 ]*) \\$([0-9]{1,3}\.[0-9]{2}), $s,$a); $val = $a[1]./.$a[2]./.$a[3]; print $val; ? - Original Message - From: William Glenn [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 25, 2002 10:34 AM Subject: [PHP] Ereg help Hey all, I've been fighting this all night, I need a bit of help. I have a string like. #21-935 Item Description: $35.95 Where the part # could be 10-2034 a combination of 2 and 3 or 4 digits, and the price could be a combination of 1,2,3 . 2 digits. I want to chop that string into Part # / Description / Price. I'd appreciate any help, I know this is probably real simple :) Thanks in advance. Thanks, William Glenn Import Parts Plus http://www.importpartsplus.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: An interesting one!!!
Tim Haynes [EMAIL PROTECTED] wrote in message news:20021023162115.16675.qmail;pb1.pair.com... Here is a puzzle, infact it is a game that I need to do in PHP, here is the spec 3 prizes to be won every day over a month by clicking on 24 seperate windowsand thats it How could I go about deciding whether a user that clicked on one of the windows is a winner or not, obviously I wouln't want the prizes to go in the first hour of the day, so would need to spread it out abit. Obviously you don't know how many contestants you will have, so you can't base it on that. What about varying the probability of a win by the time since the last page-view? You could adjust this by hourly activity (to decrease the advantage for people hitting it at 2am) and by (time remaining / prizes remaining) to ensure coming out near your number-of-prizes target. Does it *have* to be three prizes per day, or is that *on average*? I prefer the latter; it makes things more tractable. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] extract($_POST)
And what should these precautions be? If a malicious user can submit his own form and you are looking for a POST variable, how can you ensure that $admin came from your form and not that user's? The problem is when a cracker uses form variables in an attempt to set the values of flag variables kept only in the session, for example, $isAdmin. As far as the form variables *you* put in your form, it doesn't matter whether the user submits your form or a form they made themselves. Those form variables are just data you are trying to collect. With register_globals on, PHP takes *all* variables (GET, POST, COOKIE) received from the client and assigns them to global variables. So if the user posts a value for $isAdmin, she can give herself admin privileges. The key is to retrieve *only* the form variables *you* put in the form from the the $_POST array. So don't write a loop and grab *everything* from that array. Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Problem with set_time_limit() and uploading large files
Hi, I am having a major problem getting set_time_limit() to work at all with PHP 4.2.3 running as a CGI program under IIS for Windows 2000 (I originally posted this message to php-win, but am hoping someone here can shed some light on this). I have a form that accepts large files for upload, with the following lines at the top of the form action script: ?php // let this script take as long as it needs to complete its work // and ignore if user hits stops button in his browser set_time_limit(0); ignore_user_abort(true); // include site-wide configs and other include files require_once('../includes/site.php'); ... If the file upload takes longer than 30 seconds, PHP bombs out with the following error: Fatal error: Maximum execution time of 30 seconds exceeded in D:\InetPub\test.php on line 3 I've also tried adding: ini_set('max_execution_time', 6); before the set_time_limit() function, but to no avail. PHP is not running in safe mode. Does anyone have any ideas why this is not working as expected? I'm sure it's something obvious, but I don't know what it is. Thanks in advance, -f -- Derek Fong Web Application Developer subtitle designs inc. http://www.subtitled.com/ Mistakes are the portals of discovery. --James Joyce GPG key/fingerprint available upon request -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] cutted values after posting multiple select list
Hi i struggling with multiple select lists in HTML forms. The resulting $_REQUEST array cuts some characters from the values. If the value is value=99 i will get 99 after posting... my php file: *** htmlhead/head ?php echo {$_SERVER['REQUEST_URI']} br; echo First: {$_REQUEST['msel'][0]} br; echo Count: . count($_REQUEST['msel']) . brhr; $i = 0; foreach ($_REQUEST['msel'] as $v) { echo $i: $v br; $i++; } ? form method=GET action=?= $_SERVER['PHP_SELF'] ? select name=msel[] size=6 multiple=multiple option value=99erwin/option option value=9admin/option option value=hm10/option option value=999hm30/option option value=99muhe/option option value=9hannes/option /select input type=submit /form /body/html *** The result after selecting all: /PARAMOUNT/multisel2.php?msel%5B%5D=99msel%5B%5D=9msel%5B%5D=msel%5B%5D=999msel%5B%5D=99msel%5B%5D=9 First: 99 Count: 6 0: 99 1: 9 2: 3: 999 4: 99 5: 9 MY system: PHP Version 4.2.3 Apache/1.3.26 SuSE Linux 8.1 When I use the same php file on a MS windows apache, it works Regards Heiko -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] cutted values after posting multiple select list
use $_POST, not $_REQUEST - Original Message - From: Heiko Mundle [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 25, 2002 10:39 AM Subject: [PHP] cutted values after posting multiple select list Hi i struggling with multiple select lists in HTML forms. The resulting $_REQUEST array cuts some characters from the values. If the value is value=99 i will get 99 after posting... my php file: *** htmlhead/head ?php echo {$_SERVER['REQUEST_URI']} br; echo First: {$_REQUEST['msel'][0]} br; echo Count: . count($_REQUEST['msel']) . brhr; $i = 0; foreach ($_REQUEST['msel'] as $v) { echo $i: $v br; $i++; } ? form method=GET action=?= $_SERVER['PHP_SELF'] ? select name=msel[] size=6 multiple=multiple option value=99erwin/option option value=9admin/option option value=hm10/option option value=999hm30/option option value=99muhe/option option value=9hannes/option /select input type=submit /form /body/html *** The result after selecting all: /PARAMOUNT/multisel2.php?msel%5B%5D=99msel%5B%5D=9msel%5B%5D=msel%5B%5D=999 msel%5B%5D=99msel%5B%5D=9 First: 99 Count: 6 0: 99 1: 9 2: 3: 999 4: 99 5: 9 MY system: PHP Version 4.2.3 Apache/1.3.26 SuSE Linux 8.1 When I use the same php file on a MS windows apache, it works Regards Heiko -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] DomDocument-dump_file don't work!
I can't get the DomDocument-dump_file($file, false, true); to work.! help needed! Everyting else works just fine. Running IIS5 PHP 4.2.3 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: writing pdf files to physical files...
yes it does... /me answered myself again ;) Brian McGarvie [EMAIL PROTECTED] wrote in message news:20021025145239.65314.qmail;pb1.pair.com... I presently generate pdf files as required... I use FPDF for writing PDF... I require to save these to file... is it a simple case of: where the script: generate_stats_view_table_pdf.php generates the PDF... ? $fcontents= file ('http://www.domain.com/autoreport/generate_stats_view_table_pdf.php'); while (list ($line_num, $line) = each ($fcontents)) { $display .= $line; } $fp=fopen(/usr/local/psa/home/vhosts/domain.com/httpdocs/admin/hourly/stats _detailed.pdf,w); fputs($fp,$display); fclose($fp); ? TIA... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php and databases
Is there anyway to have php convert a database from mySQL to Access via a webpage? I have a couple of people here who use Access to do mail merging things with word and it would make my life a ton easier if I did not have to convert the db's everytime they want the info. If anyone has any thoughts on how to go about this it would be greatly appreciated. Thanks in advance. Bobby _ Surf the Web without missing calls! Get MSN Broadband. http://resourcecenter.msn.com/access/plans/freeactivation.asp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
php-general Digest 25 Oct 2002 16:40:19 -0000 Issue 1665
php-general Digest 25 Oct 2002 16:40:19 - Issue 1665 Topics (messages 121385 through 121443): Sessions help Please 121385 by: Bryan McLemore 121387 by: Peter Houchin 121389 by: Justin French Re: How many is too many? 121386 by: Justin French 121388 by: Leif K-Brooks 121393 by: Monty 121396 by: Marek Kilimajer Re: Adding Content Management to live site 121390 by: Tariq Murtaza using curl to get part of the html 121391 by: Patrick Hsieh 121417 by: Marek Kilimajer Re: extract($_POST) 121392 by: Monty 121424 by: Rick Emery 121425 by: Chris Boget 121426 by: Rick Emery 121437 by: Johnson, Kirk Trasformazione XSLT 121394 by: Agnoletto Christian Re: ideas for articles? 121395 by: Marek Kilimajer sessions 121397 by: Shaun 121398 by: Jon Haworth Adding to cart function. 121399 by: Steve Jackson 121401 by: Justin French Re: processing form checkboxes 121400 by: Marek Kilimajer Register Globals Off in .htacces 121402 by: Tjoumaidis 121404 by: Jon Haworth 121405 by: Tjoumaidis 121406 by: Jon Haworth 121413 by: Alister 121427 by: Frank W. 121428 by: Jon Haworth 121429 by: Frank W. session_start... twice? 121403 by: James Taylor 121408 by: Marek Kilimajer Mail form 121407 by: Trasca Ion-Catalin 121418 by: Marek Kilimajer 121419 by: Trasca Ion-Catalin 121421 by: Robert Samuel White Re: mkdir and directory permissions 121409 by: Jason Wong 121411 by: Marek Kilimajer Looking for an open source PHP editor on linux 121410 by: Tariq Murtaza 121412 by: Clint Tredway 121415 by: Tariq Murtaza 121416 by: Frank W. 121422 by: John Nichel 121423 by: Maxim Maletsky 121434 by: Brad Pauly Re: the xml functions [worth a read] 121414 by: Robert Samuel White PHP with FTP support on a Raq4 Server 121420 by: Chris Morrow Ereg help 121430 by: William Glenn 121431 by: Erwin 121435 by: Rick Emery writing pdf files to physical files... 121432 by: Brian McGarvie 121442 by: Brian McGarvie Re: Quick way to test series of integers 121433 by: Hugh Bothwell Re: An interesting one!!! 121436 by: Hugh Bothwell Problem with set_time_limit() and uploading large files 121438 by: derek fong cutted values after posting multiple select list 121439 by: Heiko Mundle 121440 by: Rick Emery DomDocument-dump_file don't work! 121441 by: Magnus Stålberg php and databases 121443 by: Tyler Durdin Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- ---BeginMessage--- Hi guys I'm a little confused on how sessions work. ok I use session_start(); to get started I know that but then the manual starts to confuse me with all of the garbled text about passing the SID. How do I tell if it was compiled with transparent SID passing? Also I'm not sure how to use cookies and this is just a small application for private use so I don't mind passing it using urls for this iteration of the project. Also I'm not quite sure how to auctually perserve the variables across pages. Thanks, Bryan ---End Message--- ---BeginMessage--- have a look on phpbeginner there is a couple of articles/tutorials that explain this also look at previous posts :) -Original Message- From: Bryan McLemore [mailto:Kaelten;worldnet.att.net] Sent: Friday, 25 October 2002 6:39 AM To: PHP - General Subject: [PHP] Sessions help Please Hi guys I'm a little confused on how sessions work. ok I use session_start(); to get started I know that but then the manual starts to confuse me with all of the garbled text about passing the SID. How do I tell if it was compiled with transparent SID passing? Also I'm not sure how to use cookies and this is just a small application for private use so I don't mind passing it using urls for this iteration of the project. Also I'm not quite sure how to auctually perserve the variables across pages. Thanks, Bryan ---End Message--- ---BeginMessage--- on 25/10/02 6:38 AM, Bryan McLemore ([EMAIL PROTECTED]) wrote: Hi guys I'm a little confused on how sessions work. ok I use session_start(); to get started I know that but then the manual starts to confuse me with all of the garbled text about passing the SID. How do I tell if it was compiled with transparent SID passing? make a ? phpinfo() ? file -- it will explain what PHP was compiled with up the top-ish. Also I'm not sure how to use cookies and this is just a small
Re: [PHP] php and databases
On Fri, 25 Oct 2002, Tyler Durdin wrote: -Is there anyway to have php convert a database from mySQL to Access via a -webpage? I have a couple of people here who use Access to do mail merging -things with word and it would make my life a ton easier if I did not have to -convert the db's everytime they want the info. If anyone has any thoughts on -how to go about this it would be greatly appreciated. Thanks in advance. What comes to mind first is letting them use their Access to access the MySQL tables directly through the MyODBC capabilities. It works pretty well, but will take some setup. This may prove to be the best way to copy an Access accessed MySQL toa native Access database. The only thing I can think of PHP helping you out here is by generating a good delimited file available for download which Access or Excel should be able to swallow whole. - -Bobby - - - - - -_ -Surf the Web without missing calls! Get MSN Broadband. -http://resourcecenter.msn.com/access/plans/freeactivation.asp - - --- -PHP General Mailing List (http://www.php.net/) -To unsubscribe, visit: http://www.php.net/unsub.php - ** John Huggins [EMAIL PROTECTED] http://www.phphosts.com/ ** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php and databases
[snip] Is there anyway to have php convert a database from mySQL to Access via a webpage? I have a couple of people here who use Access to do mail merging things with word and it would make my life a ton easier if I did not have to convert the db's everytime they want the info. If anyone has any thoughts on how to go about this it would be greatly appreciated. Thanks in advance. [/snip] Open and read the data via mysql_ ..() functions into an array. Then open an ODBC connection to the acce$$ database and insert the data from the array. Shouldn't be too hard. HTH! Jay -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Simple form problem -
First time playing with PHP, Apache, and MySQL. I have a simple form error and I don't know how to solve it. I was doing the Webmonkey PHP/MySQL tutorial and when I started using forms with $PHP_SELF I started getting errors with variables not defined. PHP 4.2.3 MySQL 4.0 Windows 2000 Apache 1.3.27 (Since I was not able to get 2.0 working on Windows 2K Pro) My code is: //-- START OF CODE -- htmlbody?php $db = mysql_connect(localhost, root); mysql_select_db(mydb,$db); $result = mysql_query(SELECT * FROM employees,$db); if ($myrow = mysql_fetch_array($result)) { do { printf( a href=\%s?id=%s\%s %s/abr\n, $PHP_SELF, $myrow[id], $myrow[first], $myrow[last] ); } while ($myrow = mysql_fetch_array($result)); } else { echo Sorry, no records were found!; } ? /body/html //- My ERROR is: Notice: Undefined variable: PHP_SELF in C:\Program Files\Apache Group\Apache\htdocs\mysql2.php on line 11 Bob Smith Notice: Undefined variable: PHP_SELF in C:\Program Files\Apache Group\Apache\htdocs\mysql2.php on line 11 John Roberts Notice: Undefined variable: PHP_SELF in C:\Program Files\Apache Group\Apache\htdocs\mysql2.php on line 11 Brad Johnson Notice: Undefined variable: PHP_SELF in C:\Program Files\Apache Group\Apache\htdocs\mysql2.php on line 11 Mar f --- END OF ERROR I am able to connect to the MySQL DB and retrieve info, but I don't get the error. I changed the REGISTER_GLOBALS of the php.ini file to ON and I still get the variables error. I also added $_POST as stated in another form issue but it did not resolve my problem. It must be simple but I don't know enough to identify the issue. Thanks for any help or input. Mario [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Ereg Help
Hi William, try this: ^(#[0-9]{2}-[0-9]{2,4} Item Description: [\$][0-9]{1,3}[\.][0-9]{2})$ I've just been putting a number of expressions together for validation myself. Regards, Dave Pratt -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: php and databases
I found some products that may be of help to you. http://www.mysql.com/documentation/mysql/bychapter/manual_Contrib.html#SEC67 4 MyAccess is an AddIn for MS Access 97/2000 that allows you to manage MySQL databases from within Access. Main functions are: a.. Create/Modify Tables b.. Execute Queries against MySQL c.. Extract ''Create Table-Scripts'' from MySQL d.. Import/Export tables from Access to MySQL and vice versa e.. Log Changes f.. Show a Database Definition Report Written by Hubertus Hiden. The MyAccess homepage is at http://www.accessmysql.com/. Tyler Durdin [EMAIL PROTECTED] wrote in message news:F559P7jAPGXlrrXoSYA09f7;hotmail.com... Is there anyway to have php convert a database from mySQL to Access via a webpage? I have a couple of people here who use Access to do mail merging things with word and it would make my life a ton easier if I did not have to convert the db's everytime they want the info. If anyone has any thoughts on how to go about this it would be greatly appreciated. Thanks in advance. Bobby _ Surf the Web without missing calls! Get MSN Broadband. http://resourcecenter.msn.com/access/plans/freeactivation.asp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Simple form problem -
The simple but potentially wrong..harmful solution is to turn on register globals in php.ini, The right solution is to use $_SERVER['PHP_SELF']; On Fri, 2002-10-25 at 11:48, Mario Montag wrote: First time playing with PHP, Apache, and MySQL. I have a simple form error and I don't know how to solve it. I was doing the Webmonkey PHP/MySQL tutorial and when I started using forms with $PHP_SELF I started getting errors with variables not defined. PHP 4.2.3 MySQL 4.0 Windows 2000 Apache 1.3.27 (Since I was not able to get 2.0 working on Windows 2K Pro) My code is: //-- START OF CODE -- htmlbody?php $db = mysql_connect(localhost, root); mysql_select_db(mydb,$db); $result = mysql_query(SELECT * FROM employees,$db); if ($myrow = mysql_fetch_array($result)) { do { printf( a href=\%s?id=%s\%s %s/abr\n, $PHP_SELF, $myrow[id], $myrow[first], $myrow[last] ); } while ($myrow = mysql_fetch_array($result)); } else { echo Sorry, no records were found!; } ? /body/html //- My ERROR is: Notice: Undefined variable: PHP_SELF in C:\Program Files\Apache Group\Apache\htdocs\mysql2.php on line 11 Bob Smith Notice: Undefined variable: PHP_SELF in C:\Program Files\Apache Group\Apache\htdocs\mysql2.php on line 11 John Roberts Notice: Undefined variable: PHP_SELF in C:\Program Files\Apache Group\Apache\htdocs\mysql2.php on line 11 Brad Johnson Notice: Undefined variable: PHP_SELF in C:\Program Files\Apache Group\Apache\htdocs\mysql2.php on line 11 Mar f --- END OF ERROR I am able to connect to the MySQL DB and retrieve info, but I don't get the error. I changed the REGISTER_GLOBALS of the php.ini file to ON and I still get the variables error. I also added $_POST as stated in another form issue but it did not resolve my problem. It must be simple but I don't know enough to identify the issue. Thanks for any help or input. Mario [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: mkdir and directory permissions
Cool! the umask() is what I have to set prior to mkdir() for this to work. Thanks Jason Marek -Matias Matias Silva [EMAIL PROTECTED] wrote in message news:20021024225108.24906.qmail;pb1.pair.com... Hi-ya all, here's a quickie... In my script I create a directory (mysql.backup.timestamp/) within a directory called backup/. I use the function mkdir(mysql.backup.timestamp, 0777); and it shows the permissions as after the function executes: drx--t 2 nobodydaemon1024 Oct 24 15:16 mysql.backup.October-24-2002-1516 Where's the permissions (drx--t 2 nobody daemon) coming from? Is it the php.ini, apache conf or the operating system? I would like to set the owner to root and the group to nc. How can this be achieved by the php script? Or do I have set this up in the other environments (OS or Apache)? Cheers! -Matias -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Looking for an open source PHP editor on linux
I would also recommend jedit. It is a VERY nice IDE. Supports a TON of language, any operating system that supports Java, syntax highlighting. etc. Tyler Lane [EMAIL PROTECTED] On Fri, 2002-10-25 at 04:14, Clint Tredway wrote: Have a look at www.jedit.org This editor is not specific to PHP but it does handle PHP well. Clint -Original Message- From: Tariq Murtaza [mailto:tariq;smeda.org.pk] Sent: Friday, October 25, 2002 6:01 AM To: [EMAIL PROTECTED] Subject: [PHP] Looking for an open source PHP editor on linux Dear All I am wondering if anyone know, some good open source editor for PHP on linux/Unix Hopping for The Best :) Tariq -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] extract($_POST)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Friday 25 October 2002 11:23 am, Johnson, Kirk wrote: And what should these precautions be? If a malicious user can submit his own form and you are looking for a POST variable, how can you ensure that $admin came from your form and not that user's? The problem is when a cracker uses form variables in an attempt to set the values of flag variables kept only in the session, for example, $isAdmin. As far as the form variables *you* put in your form, it doesn't matter whether the user submits your form or a form they made themselves. Those form variables are just data you are trying to collect. With register_globals on, PHP takes *all* variables (GET, POST, COOKIE) received from the client and assigns them to global variables. So if the user posts a value for $isAdmin, she can give herself admin privileges. The key is to retrieve *only* the form variables *you* put in the form from the the $_POST array. So don't write a loop and grab *everything* from that array. Kirk Exactly! Not only should you retrieve *only* the vars you need from POST, you should also filter them to make sure they contain what you're looking for.is_alpha($_POST['name']). And no, php doesn't have an 'is_alpha' functionI created that as part of a filtering class. ~Paul - -- ~Paul Nicholson Design Specialist @ WebPower Design The webthe way you want it! [EMAIL PROTECTED] It said uses Windows 98 or better, so I loaded Linux! Registered Linux User #183202 using Register Linux System # 81891 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9uXoKDyXNIUN3+UQRAkugAJ0aftPjxhmV0tSk125UZSTCuWp47QCfaKJ7 z5+ja1P4NtWUwVMCMsFVt2M= =UG2o -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Fw: [PHP] Simple form problem -
As was already mentioned, $_SERVER['PHP_SELF'] is what you want. But on a side note you may consider changing the way you're checking for results in that if() statment. You will end up with another error if no records are returned. So instead you should check for the nubmer of records returned with.. if (mysql_num_rows($result) 0) { //.. } Just one of those little details you don't learn about until you're staring down a cryptic error message. :) -Kevin - Original Message - From: Mario Montag [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 25, 2002 10:48 AM Subject: [PHP] Simple form problem - First time playing with PHP, Apache, and MySQL. I have a simple form error and I don't know how to solve it. I was doing the Webmonkey PHP/MySQL tutorial and when I started using forms with $PHP_SELF I started getting errors with variables not defined. PHP 4.2.3 MySQL 4.0 Windows 2000 Apache 1.3.27 (Since I was not able to get 2.0 working on Windows 2K Pro) My code is: //-- START OF CODE -- htmlbody?php $db = mysql_connect(localhost, root); mysql_select_db(mydb,$db); $result = mysql_query(SELECT * FROM employees,$db); if ($myrow = mysql_fetch_array($result)) { do { printf( a href=\%s?id=%s\%s %s/abr\n, $PHP_SELF, $myrow[id], $myrow[first], $myrow[last] ); } while ($myrow = mysql_fetch_array($result)); } else { echo Sorry, no records were found!; } ? /body/html //- My ERROR is: Notice: Undefined variable: PHP_SELF in C:\Program Files\Apache Group\Apache\htdocs\mysql2.php on line 11 Bob Smith Notice: Undefined variable: PHP_SELF in C:\Program Files\Apache Group\Apache\htdocs\mysql2.php on line 11 John Roberts Notice: Undefined variable: PHP_SELF in C:\Program Files\Apache Group\Apache\htdocs\mysql2.php on line 11 Brad Johnson Notice: Undefined variable: PHP_SELF in C:\Program Files\Apache Group\Apache\htdocs\mysql2.php on line 11 Mar f --- END OF ERROR I am able to connect to the MySQL DB and retrieve info, but I don't get the error. I changed the REGISTER_GLOBALS of the php.ini file to ON and I still get the variables error. I also added $_POST as stated in another form issue but it did not resolve my problem. It must be simple but I don't know enough to identify the issue. Thanks for any help or input. Mario [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Creating Directories
Thanks, but what are the parameters to make the dir? - Original Message - From: John W. Holmes [EMAIL PROTECTED] To: 'Stephen' [EMAIL PROTECTED]; 'PHP List' [EMAIL PROTECTED] Sent: Thursday, October 24, 2002 8:27 PM Subject: RE: [PHP] Creating Directories mkdir() -Original Message- From: Stephen [mailto:webmaster;melchior.us] Sent: Thursday, October 24, 2002 8:41 PM To: PHP List Subject: [PHP] Creating Directories Hello, I have a newsletter script with a very (going to be I hope) cool skinning system. One part is creating a new skin and to do so, it needs to create a directory to hold the template files in. How exactly can this be done? Thanks, Stephen Craton http://www.melchior.us http://php.melchior.us -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Simple form problem -
Thanks for the tip. I have another issue once I click on a form. Could you take a quick look at this one: //--- START OF CODE -- htmlbody form method=post action=?php echo $_SERVER['PHP_SELF']? First name:input type=Text name=firstbr Last name:input type=Text name=lastbr Address:input type=Text name=addressbr Position:input type=Text name=positionbr input type=Submit name=submit value=Enter information /form /body/html // -- END OF CODE I open it and I get the following text boxes: First name: BALANK TEXT BOX Last name: BALANK TEXT BOX Address: BALANK TEXT BOX Position: BALANK TEXT BOX Enter Information BUTTON IS HERE Once I click onthe Enter Information button I get the following error: // START OF ERROR -- Forbidden You don't have permission to access /br /bNotice/b: Undefined variable: PHP_SELF in bC:/Program Files/Apache Group/Apache/htdocs/mysql4.php/b on line b2/bbr / on this server. Apache/1.3.27 Server at localhost Port 80 // END OF ERROR - Thanks again for you help Mario Vidyut Luther [EMAIL PROTECTED] wrote in message news:1035565328.1171.2.camel;lapdog.linuxpowered.com... The simple but potentially wrong..harmful solution is to turn on register globals in php.ini, The right solution is to use $_SERVER['PHP_SELF']; On Fri, 2002-10-25 at 11:48, Mario Montag wrote: First time playing with PHP, Apache, and MySQL. I have a simple form error and I don't know how to solve it. I was doing the Webmonkey PHP/MySQL tutorial and when I started using forms with $PHP_SELF I started getting errors with variables not defined. PHP 4.2.3 MySQL 4.0 Windows 2000 Apache 1.3.27 (Since I was not able to get 2.0 working on Windows 2K Pro) My code is: //-- START OF CODE -- htmlbody?php $db = mysql_connect(localhost, root); mysql_select_db(mydb,$db); $result = mysql_query(SELECT * FROM employees,$db); if ($myrow = mysql_fetch_array($result)) { do { printf( a href=\%s?id=%s\%s %s/abr\n, $PHP_SELF, $myrow[id], $myrow[first], $myrow[last] ); } while ($myrow = mysql_fetch_array($result)); } else { echo Sorry, no records were found!; } ? /body/html //- My ERROR is: Notice: Undefined variable: PHP_SELF in C:\Program Files\Apache Group\Apache\htdocs\mysql2.php on line 11 Bob Smith Notice: Undefined variable: PHP_SELF in C:\Program Files\Apache Group\Apache\htdocs\mysql2.php on line 11 John Roberts Notice: Undefined variable: PHP_SELF in C:\Program Files\Apache Group\Apache\htdocs\mysql2.php on line 11 Brad Johnson Notice: Undefined variable: PHP_SELF in C:\Program Files\Apache Group\Apache\htdocs\mysql2.php on line 11 Mar f --- END OF ERROR I am able to connect to the MySQL DB and retrieve info, but I don't get the error. I changed the REGISTER_GLOBALS of the php.ini file to ON and I still get the variables error. I also added $_POST as stated in another form issue but it did not resolve my problem. It must be simple but I don't know enough to identify the issue. Thanks for any help or input. Mario [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] extract($_POST)
And if you want to take it a step further, to ensure that the values are submitted from YOUR form, check the $_SERVER['HTTP_REFERER'] to see if it's coming from your domain | page. Paul Nicholson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Friday 25 October 2002 11:23 am, Johnson, Kirk wrote: And what should these precautions be? If a malicious user can submit his own form and you are looking for a POST variable, how can you ensure that $admin came from your form and not that user's? The problem is when a cracker uses form variables in an attempt to set the values of flag variables kept only in the session, for example, $isAdmin. As far as the form variables *you* put in your form, it doesn't matter whether the user submits your form or a form they made themselves. Those form variables are just data you are trying to collect. With register_globals on, PHP takes *all* variables (GET, POST, COOKIE) received from the client and assigns them to global variables. So if the user posts a value for $isAdmin, she can give herself admin privileges. The key is to retrieve *only* the form variables *you* put in the form from the the $_POST array. So don't write a loop and grab *everything* from that array. Kirk Exactly! Not only should you retrieve *only* the vars you need from POST, you should also filter them to make sure they contain what you're looking for.is_alpha($_POST['name']). And no, php doesn't have an 'is_alpha' functionI created that as part of a filtering class. ~Paul - -- ~Paul Nicholson Design Specialist @ WebPower Design The webthe way you want it! [EMAIL PROTECTED] It said uses Windows 98 or better, so I loaded Linux! Registered Linux User #183202 using Register Linux System # 81891 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9uXoKDyXNIUN3+UQRAkugAJ0aftPjxhmV0tSk125UZSTCuWp47QCfaKJ7 z5+ja1P4NtWUwVMCMsFVt2M= =UG2o -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: include_path in php.ini
please delete Paul Reisinger [EMAIL PROTECTED] wrote in message news:20021024144642.71222.qmail;pb1.pair.com... I think my problem lies in the php.ini file. What should my include_path be set to in my php.ini file?? Whenever I try and include anything I get the error message below. Prachait Saxena [EMAIL PROTECTED] wrote in message news:20021023212920.66050.qmail;pb1.pair.com... Hello Paul Fine tell is the path of the file which u wourld like to include and in which u want to include Paul Reisinger [EMAIL PROTECTED] wrote in message news:20021023144811.38123.qmail;pb1.pair.com... I am new to installing and configuring php especially on a windowzzz server. I am having trouble getting php includes to work. example: (?php include(http://mywebsite.com/forum/ssi.php;); ?) I get this error: Warning: Failed opening 'http://mywebsite.com/forum/ssi.php'for inclusion (include_path='D:\Inetpub\NewIntraRoot') in D:\Inetpub\NewIntraRoot\test.php on line 6 I know the include path is wrong but I've tried so many different paths. I've searched the php manual but it doesnt give me a good understanding of what really needs to be configured and how to do it. I have also searched the web. It's probobly so simple that it doesnt need any more explanation. Could someone out there give me any advice? System Windows NT 5.0 build 2195 Build Date Sep 6 2002 10:38:51 Server API CGI Virtual Directory Support enabled Configuration File (php.ini) Path C:\WINNT\php.ini Debug Build no Thread Safety enabled implicit_flush Off Off include_path D:\Inetpub\NewIntraRoot D:\Inetpub\NewIntraRoot log_errors Off Off php is installed on C but the site is hosted on D. Does this make sense? Its dones not have any problem ?include(c:/myfile.php);? work fine where these lines are addedd in d:/index.php -- Bye, and Have a nice day. Prachait Saxena If you do for other's ! Other's will do for you !! Visit me at http://www.Prachait.Com/ http://www.SitesOnTesting.Com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] extract($_POST)
HTTP_REFERRER can be spoofed, so don't rely on it for much. ---John Holmes... - Original Message - From: John Nichel [EMAIL PROTECTED] To: Paul Nicholson [EMAIL PROTECTED] Cc: Johnson, Kirk [EMAIL PROTECTED]; PHP General [EMAIL PROTECTED] Sent: Friday, October 25, 2002 2:07 PM Subject: Re: [PHP] extract($_POST) And if you want to take it a step further, to ensure that the values are submitted from YOUR form, check the $_SERVER['HTTP_REFERER'] to see if it's coming from your domain | page. Paul Nicholson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Friday 25 October 2002 11:23 am, Johnson, Kirk wrote: And what should these precautions be? If a malicious user can submit his own form and you are looking for a POST variable, how can you ensure that $admin came from your form and not that user's? The problem is when a cracker uses form variables in an attempt to set the values of flag variables kept only in the session, for example, $isAdmin. As far as the form variables *you* put in your form, it doesn't matter whether the user submits your form or a form they made themselves. Those form variables are just data you are trying to collect. With register_globals on, PHP takes *all* variables (GET, POST, COOKIE) received from the client and assigns them to global variables. So if the user posts a value for $isAdmin, she can give herself admin privileges. The key is to retrieve *only* the form variables *you* put in the form from the the $_POST array. So don't write a loop and grab *everything* from that array. Kirk Exactly! Not only should you retrieve *only* the vars you need from POST, you should also filter them to make sure they contain what you're looking for.is_alpha($_POST['name']). And no, php doesn't have an 'is_alpha' functionI created that as part of a filtering class. ~Paul - -- ~Paul Nicholson Design Specialist @ WebPower Design The webthe way you want it! [EMAIL PROTECTED] It said uses Windows 98 or better, so I loaded Linux! Registered Linux User #183202 using Register Linux System # 81891 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9uXoKDyXNIUN3+UQRAkugAJ0aftPjxhmV0tSk125UZSTCuWp47QCfaKJ7 z5+ja1P4NtWUwVMCMsFVt2M= =UG2o -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] extract($_POST)
I thought of this was well and into the PHP documentation about this option. Here's a side note that the documentation includes: Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted. Even thought it's not a sure-fire method, it can be included along with other security methods to increase the amount of security on a script. Ed Curtis On Fri, 25 Oct 2002, John Nichel wrote: And if you want to take it a step further, to ensure that the values are submitted from YOUR form, check the $_SERVER['HTTP_REFERER'] to see if it's coming from your domain | page. Paul Nicholson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Friday 25 October 2002 11:23 am, Johnson, Kirk wrote: And what should these precautions be? If a malicious user can submit his own form and you are looking for a POST variable, how can you ensure that $admin came from your form and not that user's? The problem is when a cracker uses form variables in an attempt to set the values of flag variables kept only in the session, for example, $isAdmin. As far as the form variables *you* put in your form, it doesn't matter whether the user submits your form or a form they made themselves. Those form variables are just data you are trying to collect. With register_globals on, PHP takes *all* variables (GET, POST, COOKIE) received from the client and assigns them to global variables. So if the user posts a value for $isAdmin, she can give herself admin privileges. The key is to retrieve *only* the form variables *you* put in the form from the the $_POST array. So don't write a loop and grab *everything* from that array. Kirk Exactly! Not only should you retrieve *only* the vars you need from POST, you should also filter them to make sure they contain what you're looking for.is_alpha($_POST['name']). And no, php doesn't have an 'is_alpha' functionI created that as part of a filtering class. ~Paul - -- ~Paul Nicholson Design Specialist @ WebPower Design The webthe way you want it! [EMAIL PROTECTED] It said uses Windows 98 or better, so I loaded Linux! Registered Linux User #183202 using Register Linux System # 81891 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9uXoKDyXNIUN3+UQRAkugAJ0aftPjxhmV0tSk125UZSTCuWp47QCfaKJ7 z5+ja1P4NtWUwVMCMsFVt2M= =UG2o -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] embedding pdf files in website
Hi, I have a website with lots of stories (each story is about 20 pages long). The list of stories is in a MySQL database. I've read somewhere that pdf files can be embeded on a webpage. I want my visitor to use the navigation system of my website. (and don't want them to leave my website while reading the pdf documents). I Don't like my visitors to scroll down i rather like to use buttons previous and next How do you do such a thing in php, or wher can i find some info? (i have no solution in html) Danny -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] extract($_POST)
Yes, but that's what we've been discussing. Nothing is bulletproof, unless your box has no route to the outside world, no Nic, no modem, etc. But, depending on how security conscience (paranoid *G*) you may be, there are different steps to 'add' security, and keep out all but the most determined hackers. I guess if you even want to go crazy overboard with security, you could set a cookie on your form page, and check for it's existance on the processing end. Or randomly generate an image with a number on the form page, and have the user input that number. 1LT John W. Holmes wrote: HTTP_REFERRER can be spoofed, so don't rely on it for much. ---John Holmes... - Original Message - From: John Nichel [EMAIL PROTECTED] To: Paul Nicholson [EMAIL PROTECTED] Cc: Johnson, Kirk [EMAIL PROTECTED]; PHP General [EMAIL PROTECTED] Sent: Friday, October 25, 2002 2:07 PM Subject: Re: [PHP] extract($_POST) And if you want to take it a step further, to ensure that the values are submitted from YOUR form, check the $_SERVER['HTTP_REFERER'] to see if it's coming from your domain | page. Paul Nicholson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Friday 25 October 2002 11:23 am, Johnson, Kirk wrote: And what should these precautions be? If a malicious user can submit his own form and you are looking for a POST variable, how can you ensure that $admin came from your form and not that user's? The problem is when a cracker uses form variables in an attempt to set the values of flag variables kept only in the session, for example, $isAdmin. As far as the form variables *you* put in your form, it doesn't matter whether the user submits your form or a form they made themselves. Those form variables are just data you are trying to collect. With register_globals on, PHP takes *all* variables (GET, POST, COOKIE) received from the client and assigns them to global variables. So if the user posts a value for $isAdmin, she can give herself admin privileges. The key is to retrieve *only* the form variables *you* put in the form from the the $_POST array. So don't write a loop and grab *everything* from that array. Kirk Exactly! Not only should you retrieve *only* the vars you need from POST, you should also filter them to make sure they contain what you're looking for.is_alpha($_POST['name']). And no, php doesn't have an 'is_alpha' functionI created that as part of a filtering class. ~Paul - -- ~Paul Nicholson Design Specialist @ WebPower Design The webthe way you want it! [EMAIL PROTECTED] It said uses Windows 98 or better, so I loaded Linux! Registered Linux User #183202 using Register Linux System # 81891 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9uXoKDyXNIUN3+UQRAkugAJ0aftPjxhmV0tSk125UZSTCuWp47QCfaKJ7 z5+ja1P4NtWUwVMCMsFVt2M= =UG2o -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] pass globals to functions???
On Friday 25 October 2002 03:52, Shawn McKenzie wrote: Some have eluded to this but I haven't seen a working example. I would like to declare globals in my main script and then inside functions that need these globals just somehow use the $GLOBALS or something to declare the variables global in the function. What I've seen eluded to is loading your $GLOBALS array into an array... In short, if I add a variable to my globals line in my main script, I don't want to have to go and add it to the functions that need it. Make sense??? A global declaration only has effect INSIDE a function. Having it outside of a function does not make sense (rtfm) and would probably be ignored. Rather than repeating the examples in the manual here, I suggest you read up on the section Variable scope. -- Jason Wong - Gremlins Associates - www.gremlins.com.hk Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * /* indent does _not_ solve the problem of: * buggers who think that MyVariableIsBiggerThanYourVariable is a good name - Alexander Viro on coding style */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Creating Directories
On Saturday 26 October 2002 01:23, Stephen wrote: Thanks, but what are the parameters to make the dir? Try searching manual for: mkdir() ?? -- Jason Wong - Gremlins Associates - www.gremlins.com.hk Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * /* Vote anarchist. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mkdir and directory permissions
Hi Jason, I have a follow-up question about mkdir. If the files created by mkdir are owned by 'nobody', does that create a security risk for those files? If so, how does one get around accepting files via an upload form that are assigned to a user other than 'nobody'? Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Understanding the = operator...
Ok, let me see if I have this right: When you do: $var = new myClass(); $var instantiates and holds a copy of myClass. But when you do: $var = new myClass(); $var instantiates and references that instantiation? If so, then I'm curious - if you do: $var2 = new myClass(); and you modify the member variables in $var2, will the member variables of $var be modified as well? Or does $var2 reference a seperate instantiation? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] extract($_POST)
Okay, I really want to understand how to make $_GET and $_POST more secure because it means changing a fundamental way my scripts are now working. So, it sounds like what I need to do in order to make form data more secure is something like this... $isAdmin = $_POST['isAdmin']; $myName = $_POST['myName']; $myPrefs = $_GET['myPrefs']; Instead of this... extract($_POST); extract($_GET); Is this correct?? Now, I can see how this will prevent a cracker from flooding a script with invalid variables that are all extracted into local vars, but, I don't see how this will prevent someone from hijacking the vars and inserting their own data. Validating that kind of attack seems almost impossible to do especially for things like forms that collect contact info. I really don't want to have to validate every field for every legal possibility (especially fields like Country). I've read here that HTTP_REFERER is unreliable and can be easily spoofed, but, is there a more reliable way to know where the $_POST and $_GET data is coming from? Perhaps by IP of my server, or using $_SERVER['SERVER_NAME']? Is there any superglobal variable that would be unique to my web server that CANNOT be spoofed or easily changed by a cracker that I can use as a check to be sure the data is being submitted from a form on my site on not from someone else's site? Thanks a lot, guys! Monty From: [EMAIL PROTECTED] (Paul Nicholson) Organization: WebPower Design Newsgroups: php.general Date: Fri, 25 Oct 2002 13:06:10 -0400 To: Johnson, Kirk [EMAIL PROTECTED], PHP General [EMAIL PROTECTED] Subject: Re: [PHP] extract($_POST) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Friday 25 October 2002 11:23 am, Johnson, Kirk wrote: And what should these precautions be? If a malicious user can submit his own form and you are looking for a POST variable, how can you ensure that $admin came from your form and not that user's? The problem is when a cracker uses form variables in an attempt to set the values of flag variables kept only in the session, for example, $isAdmin. As far as the form variables *you* put in your form, it doesn't matter whether the user submits your form or a form they made themselves. Those form variables are just data you are trying to collect. With register_globals on, PHP takes *all* variables (GET, POST, COOKIE) received from the client and assigns them to global variables. So if the user posts a value for $isAdmin, she can give herself admin privileges. The key is to retrieve *only* the form variables *you* put in the form from the the $_POST array. So don't write a loop and grab *everything* from that array. Kirk Exactly! Not only should you retrieve *only* the vars you need from POST, you should also filter them to make sure they contain what you're looking for.is_alpha($_POST['name']). And no, php doesn't have an 'is_alpha' functionI created that as part of a filtering class. ~Paul - -- ~Paul Nicholson Design Specialist @ WebPower Design The webthe way you want it! [EMAIL PROTECTED] It said uses Windows 98 or better, so I loaded Linux! Registered Linux User #183202 using Register Linux System # 81891 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9uXoKDyXNIUN3+UQRAkugAJ0aftPjxhmV0tSk125UZSTCuWp47QCfaKJ7 z5+ja1P4NtWUwVMCMsFVt2M= =UG2o -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP installation with MySQL Support
Where should you point the command --with-mysql to. The binary, header files, what? Currently I have MySQL installed at /usr/lib/mysql/. And this is a RedHat Linux 8.0. Suggestions? ~ Matthew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP installation with MySQL Support
Hello, MET [EMAIL PROTECTED] wrote: Where should you point the command --with-mysql to. The binary, header files, what? Currently I have MySQL installed at /usr/lib/mysql/. And this is a RedHat Linux 8.0. Suggestions? Try --with-mysql=/usr - E ...[snip]... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] extract($_POST)
You can still use extract($_POST). It is as safe/vulernable as $_POST['isAdmin']. In either case, use only variables that you know are yours and be certain these contain values which you believe to be safe. For instance, if you expect a variable called $firstname to contain a name to be stored in a SQL database, be certain it does not contain SQL commands which can damage your database. Also, if a cracker simply floods your script with variables, they will not do damage if you have verified their contents. For instance: $isAdmin = ; extract($_POST); if( $isAdmin==JohnDoe) { do secure stuff; } In the above code, if a cracker has inserted a variable called $isAdmin, it will be nulled before extracting from the form. Be advised, that a cracker can create his own form with $isAdmin in it and submit it to your script. Using $_POST['isAdmin'] will NOT protect you. Bottom line: you can be cracked. There are no certain protections. - Original Message - From: Monty [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 25, 2002 3:13 PM Subject: Re: [PHP] extract($_POST) Okay, I really want to understand how to make $_GET and $_POST more secure because it means changing a fundamental way my scripts are now working. So, it sounds like what I need to do in order to make form data more secure is something like this... $isAdmin = $_POST['isAdmin']; $myName = $_POST['myName']; $myPrefs = $_GET['myPrefs']; Instead of this... extract($_POST); extract($_GET); Is this correct?? Now, I can see how this will prevent a cracker from flooding a script with invalid variables that are all extracted into local vars, but, I don't see how this will prevent someone from hijacking the vars and inserting their own data. Validating that kind of attack seems almost impossible to do especially for things like forms that collect contact info. I really don't want to have to validate every field for every legal possibility (especially fields like Country). I've read here that HTTP_REFERER is unreliable and can be easily spoofed, but, is there a more reliable way to know where the $_POST and $_GET data is coming from? Perhaps by IP of my server, or using $_SERVER['SERVER_NAME']? Is there any superglobal variable that would be unique to my web server that CANNOT be spoofed or easily changed by a cracker that I can use as a check to be sure the data is being submitted from a form on my site on not from someone else's site? Thanks a lot, guys! Monty From: [EMAIL PROTECTED] (Paul Nicholson) Organization: WebPower Design Newsgroups: php.general Date: Fri, 25 Oct 2002 13:06:10 -0400 To: Johnson, Kirk [EMAIL PROTECTED], PHP General [EMAIL PROTECTED] Subject: Re: [PHP] extract($_POST) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Friday 25 October 2002 11:23 am, Johnson, Kirk wrote: And what should these precautions be? If a malicious user can submit his own form and you are looking for a POST variable, how can you ensure that $admin came from your form and not that user's? The problem is when a cracker uses form variables in an attempt to set the values of flag variables kept only in the session, for example, $isAdmin. As far as the form variables *you* put in your form, it doesn't matter whether the user submits your form or a form they made themselves. Those form variables are just data you are trying to collect. With register_globals on, PHP takes *all* variables (GET, POST, COOKIE) received from the client and assigns them to global variables. So if the user posts a value for $isAdmin, she can give herself admin privileges. The key is to retrieve *only* the form variables *you* put in the form from the the $_POST array. So don't write a loop and grab *everything* from that array. Kirk Exactly! Not only should you retrieve *only* the vars you need from POST, you should also filter them to make sure they contain what you're looking for.is_alpha($_POST['name']). And no, php doesn't have an 'is_alpha' functionI created that as part of a filtering class. ~Paul - -- ~Paul Nicholson Design Specialist @ WebPower Design The webthe way you want it! [EMAIL PROTECTED] It said uses Windows 98 or better, so I loaded Linux! Registered Linux User #183202 using Register Linux System # 81891 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9uXoKDyXNIUN3+UQRAkugAJ0aftPjxhmV0tSk125UZSTCuWp47QCfaKJ7 z5+ja1P4NtWUwVMCMsFVt2M= =UG2o -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Creating Directories
Thanks again but one more question. How would you then delete a directory? - Original Message - From: 1LT John W. Holmes [EMAIL PROTECTED] To: Stephen [EMAIL PROTECTED] Sent: Friday, October 25, 2002 1:32 PM Subject: Re: [PHP] Creating Directories www.php.net/mkdir ---John Holmes... - Original Message - From: Stephen [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 25, 2002 1:23 PM Subject: Re: [PHP] Creating Directories Thanks, but what are the parameters to make the dir? - Original Message - From: John W. Holmes [EMAIL PROTECTED] To: 'Stephen' [EMAIL PROTECTED]; 'PHP List' [EMAIL PROTECTED] Sent: Thursday, October 24, 2002 8:27 PM Subject: RE: [PHP] Creating Directories mkdir() -Original Message- From: Stephen [mailto:webmaster;melchior.us] Sent: Thursday, October 24, 2002 8:41 PM To: PHP List Subject: [PHP] Creating Directories Hello, I have a newsletter script with a very (going to be I hope) cool skinning system. One part is creating a new skin and to do so, it needs to create a directory to hold the template files in. How exactly can this be done? Thanks, Stephen Craton http://www.melchior.us http://php.melchior.us -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] HTML filtering
I have a problem, I need to filter HTML from data but want to preserve the br tags in it, is there any function that allows this? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] extract($_POST)
Hello, Monty [EMAIL PROTECTED] wrote: Okay, I really want to understand how to make $_GET and $_POST more secure because it means changing a fundamental way my scripts are now working. So, it sounds like what I need to do in order to make form data more secure is something like this... $isAdmin = $_POST['isAdmin']; $myName = $_POST['myName']; $myPrefs = $_GET['myPrefs']; Instead of this... extract($_POST); extract($_GET); Is this correct?? Yes and no. I think it'd be a better idea to validate your $_POST['something'] or $_GET['something'] before assigning them to $something. Now, I can see how this will prevent a cracker from flooding a script with invalid variables that are all extracted into local vars, but, I don't see how this will prevent someone from hijacking the vars and inserting their own data. I'm not really sure what you meant by this but the point is nothing is really secure and you should validate the data that'll come from the user. As always pointed out, never trust the user. Validating that kind of attack seems almost impossible to do especially for things like forms that collect contact info. I really don't want to have to validate every field for every legal possibility (especially fields like Country). There are many places (websites) wherein you can choose the country from a pulldown menu. This prevents somebody (somehow) from posting something illegal. Besides, if the values assigned are numbers (e.g. option value=100My Country/option) then you can check whether the value is_numeric() or something. Or, even if it's a text field, perhaps you can use some regex to make sure that you only accept certain characters. (i.e. alphabet, etc.) Just some ideas... - E ...[snip]... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HTML filtering
You could delete all HTML tags. Then use nl2br() to re-insert the BR tags - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 25, 2002 3:28 PM Subject: [PHP] HTML filtering I have a problem, I need to filter HTML from data but want to preserve the br tags in it, is there any function that allows this? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP on WinXP with Apache
I am trying to install php-4.2.3-Win32 on MS WinXP using apache_2.0.43-win32-x86-no_ssl. I have followed instructions included in the php package only I have changed: LoadModule php4_module C:/php/sapi/php4apache.dll to LoadModule php4_module C:/php/sapi/php4apache2.dll I am receiving: apache: module c:\php4build\snap\sapi\apache2filter\sapi_apache2.c is not compatible with this version of Apache (found 20020628, need 20020903). Please contact the vendor for the correct version. I have looked around and it appears as though several other people have had this problem, but I havent been able to find a solution. It looks like it is a bug, but it has been around for quite some time and I just downloaded the Win32 installer for php today. Does anyone have any suggestions? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Creating Directories
Hello, Please check the manual first before posting questions. ;) It seems like you're dealing with files/directories so you may want to read up a bit here: http://www.php.net/manual/en/ref.filesystem.php Stephen [EMAIL PROTECTED] wrote: Thanks again but one more question. How would you then delete a directory? http://www.php.net/manual/en/function.rmdir.php - E ...[snip]... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] extract($_POST)
This thread has been great! I've learned so much useful stuff. For instance, if you expect a variable called $firstname to contain a name to be stored in a SQL database, be certain it does not contain SQL commands which can damage your database. This is another thing I'd be interested in hearing more about. If all you are doing is storing and retrieving data, what commands could possibly be defined that could damage your database? $firstName = Chris; mysql_query( INSERT INTO names ( first_name ) VALUES ( \$firstName\ ) ); $result = mysql_query( SELECT first_name FROM names ); while( $dataArray = mysql_fetch_assoc( $result )) { echo $dataArray[first_name] } If $firstName was set by a form submission, what malicious SQL code could damage your database? All you are doing is storing, retreiving and displaying data... Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Understanding the = operator...
Hello, Chris Boget [EMAIL PROTECTED] wrote: Ok, let me see if I have this right: When you do: $var = new myClass(); $var instantiates and holds a copy of myClass. But when you do: $var = new myClass(); $var instantiates and references that instantiation? If so, then I'm curious - if you do: $var2 = new myClass(); Perhaps, you meant: $var2 = $var; Then changing something in $var2 will also change it in $var, no? - E ...[snip]... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP on WinXP with Apache
Hello, Erich Kolb [EMAIL PROTECTED] wrote: I am trying to install php-4.2.3-Win32 on MS WinXP using apache_2.0.43-win32-x86-no_ssl. I have followed instructions included in the php package only I have changed: LoadModule php4_module C:/php/sapi/php4apache.dll to LoadModule php4_module C:/php/sapi/php4apache2.dll I am receiving: apache: module c:\php4build\snap\sapi\apache2filter\sapi_apache2.c is not compatible with this version of Apache (found 20020628, need 20020903). Please contact the vendor for the correct version. I have looked around and it appears as though several other people have had this problem, but I havent been able to find a solution. It looks like it is a bug, but it has been around for quite some time and I just downloaded the Win32 installer for php today. Does anyone have any suggestions? Be patient and wait a bit more. ;) As previously discussed, it's not yet a good idea to have php 4.2x/apache2--they're working on it I'm sure. If you insist, try the CVS version. (?) - E -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] extract($_POST)
Lets say you have a statement like: $query = SELECT * FROM mytable WHERE firstname=$firstname; And if $firstname is set to: xyz; DELETE FROM mytable Then this is executed as: SELECT* FROM mytable WHERE firstname=xyz;DELETE FROM mytable This can wipe out your table...a bad thing... - Original Message - From: Chris Boget [EMAIL PROTECTED] To: Rick Emery [EMAIL PROTECTED]; [EMAIL PROTECTED]; Monty [EMAIL PROTECTED] Sent: Friday, October 25, 2002 3:41 PM Subject: Re: [PHP] extract($_POST) This thread has been great! I've learned so much useful stuff. For instance, if you expect a variable called $firstname to contain a name to be stored in a SQL database, be certain it does not contain SQL commands which can damage your database. This is another thing I'd be interested in hearing more about. If all you are doing is storing and retrieving data, what commands could possibly be defined that could damage your database? $firstName = Chris; mysql_query( INSERT INTO names ( first_name ) VALUES ( \$firstName\ ) ); $result = mysql_query( SELECT first_name FROM names ); while( $dataArray = mysql_fetch_assoc( $result )) { echo $dataArray[first_name] } If $firstName was set by a form submission, what malicious SQL code could damage your database? All you are doing is storing, retreiving and displaying data... Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mkdir and directory permissions
Hello, Just a few comments... And no, I'm not Jason :) Monty [EMAIL PROTECTED] wrote: Hi Jason, I have a follow-up question about mkdir. If the files created by mkdir are owned by 'nobody', does that create a security risk for those files? No, not really. If so, how does one get around accepting files via an upload form that are assigned to a user other than 'nobody'? Perhaps, you can check this: (Also see: User Contributed Notes) http://www.php.net/manual/en/function.chown.php - E -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] extract($_POST)
Hello, Rick Emery [EMAIL PROTECTED] wrote: Lets say you have a statement like: $query = SELECT * FROM mytable WHERE firstname=$firstname; And if $firstname is set to: xyz; DELETE FROM mytable Then this is executed as: SELECT* FROM mytable WHERE firstname=xyz;DELETE FROM mytable This can wipe out your table...a bad thing... Well, one way you can avoid similar things to happen is, you can do something like, say, create a user that can only SELECT. If the user can only SELECT then it cannot DELETE. - E ...[snip]... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HTML filtering
[EMAIL PROTECTED] wrote: I have a problem, I need to filter HTML from data but want to preserve the br tags in it, is there any function that allows this? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Doesn't get any simpler... string strip_tags ( string str [, string allowable_tags]) Beers, Rob. -- .-. | Robert Cummings | :-`. | Webdeployer - Chief PHP and Java Programmer | :--: | Mail : mailto:robert.cummings;webmotion.com | | Phone : (613) 731-4046 x.109 | :--: | Website : http://www.webmotion.com | | Fax : (613) 260-9545 | `--' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with set_time_limit() and uploading large files
Hello, Just a few ideas... derek fong [EMAIL PROTECTED] wrote: Hi, I am having a major problem getting set_time_limit() to work at all with PHP 4.2.3 running as a CGI program under IIS for Windows 2000 (I originally posted this message to php-win, but am hoping someone here can shed some light on this). I have a form that accepts large files for upload, with the following lines at the top of the form action script: ?php // let this script take as long as it needs to complete its work // and ignore if user hits stops button in his browser set_time_limit(0); Try another number. Who knows? Might work... :) ...[snip]... I've also tried adding: ini_set('max_execution_time', 6); + Check whether ini_set() was successful. + I know you can change max_execution_time inside your script but try changing it in php.ini and restart your server. + Perhaps, you can lower the number. (Is that 60,000 seconds?) - E ...[snip]... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Understanding the = operator...
Chris Boget [EMAIL PROTECTED] wrote in message news:023501c27c62$23b74dd0$8c01a8c0;ENTROPY... Ok, let me see if I have this right: When you do: $var = new myClass(); $var instantiates and holds a copy of myClass. No. The new operator makes a new object which is an instance of class myClass. But when you do: $var = new myClass(); $var instantiates and references that instantiation? No, this is no different than your first example. Maybe this is even a syntax error, I'm not positive about that though. If so, then I'm curious - if you do: $var2 = new myClass(); and you modify the member variables in $var2, will the member variables of $var be modified as well? Or does $var2 reference a seperate instantiation? They are separate instances, because the new operator made a brand new object each time it was called. To make them reference the same object, you'd instantiate $var1 and then do $var2 = $var1; -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Creating Directories
Please do a little reading on your own. Ulink(), I think... it's in the same manual section as mkdir(). ---John Holmes... -Original Message- From: Stephen [mailto:webmaster;melchior.us] Sent: Friday, October 25, 2002 4:30 PM To: PHP List Subject: Re: [PHP] Creating Directories Thanks again but one more question. How would you then delete a directory? - Original Message - From: 1LT John W. Holmes [EMAIL PROTECTED] To: Stephen [EMAIL PROTECTED] Sent: Friday, October 25, 2002 1:32 PM Subject: Re: [PHP] Creating Directories www.php.net/mkdir ---John Holmes... - Original Message - From: Stephen [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 25, 2002 1:23 PM Subject: Re: [PHP] Creating Directories Thanks, but what are the parameters to make the dir? - Original Message - From: John W. Holmes [EMAIL PROTECTED] To: 'Stephen' [EMAIL PROTECTED]; 'PHP List' [EMAIL PROTECTED] Sent: Thursday, October 24, 2002 8:27 PM Subject: RE: [PHP] Creating Directories mkdir() -Original Message- From: Stephen [mailto:webmaster;melchior.us] Sent: Thursday, October 24, 2002 8:41 PM To: PHP List Subject: [PHP] Creating Directories Hello, I have a newsletter script with a very (going to be I hope) cool skinning system. One part is creating a new skin and to do so, it needs to create a directory to hold the template files in. How exactly can this be done? Thanks, Stephen Craton http://www.melchior.us http://php.melchior.us -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] extract($_POST)
No, this can't happen. There can only be one SQL query per mysql_query(). Google for SQL injection or something and I'm sure you'll find examples. ---John Holmes... -Original Message- From: Rick Emery [mailto:remery;emeryloftus.com] Sent: Friday, October 25, 2002 4:59 PM To: Chris Boget; [EMAIL PROTECTED]; Monty Subject: Re: [PHP] extract($_POST) Lets say you have a statement like: $query = SELECT * FROM mytable WHERE firstname=$firstname; And if $firstname is set to: xyz; DELETE FROM mytable Then this is executed as: SELECT* FROM mytable WHERE firstname=xyz;DELETE FROM mytable This can wipe out your table...a bad thing... - Original Message - From: Chris Boget [EMAIL PROTECTED] To: Rick Emery [EMAIL PROTECTED]; [EMAIL PROTECTED]; Monty [EMAIL PROTECTED] Sent: Friday, October 25, 2002 3:41 PM Subject: Re: [PHP] extract($_POST) This thread has been great! I've learned so much useful stuff. For instance, if you expect a variable called $firstname to contain a name to be stored in a SQL database, be certain it does not contain SQL commands which can damage your database. This is another thing I'd be interested in hearing more about. If all you are doing is storing and retrieving data, what commands could possibly be defined that could damage your database? $firstName = Chris; mysql_query( INSERT INTO names ( first_name ) VALUES ( \$firstName\ ) ); $result = mysql_query( SELECT first_name FROM names ); while( $dataArray = mysql_fetch_assoc( $result )) { echo $dataArray[first_name] } If $firstName was set by a form submission, what malicious SQL code could damage your database? All you are doing is storing, retreiving and displaying data... Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] extract($_POST)
This thread has been great! I've learned so much useful stuff. For instance, if you expect a variable called $firstname to contain a name to be stored in a SQL database, be certain it does not contain SQL commands which can damage your database. This is another thing I'd be interested in hearing more about. If all you are doing is storing and retrieving data, what commands could possibly be defined that could damage your database? $firstName = Chris; mysql_query( INSERT INTO names ( first_name ) VALUES ( \$firstName\ ) ); $result = mysql_query( SELECT first_name FROM names ); while( $dataArray = mysql_fetch_assoc( $result )) { echo $dataArray[first_name] } If $firstName was set by a form submission, what malicious SQL code could damage your database? All you are doing is storing, retreiving and displaying data... If you are using addslashes() or magic_quotes_gpc on $firstName, then you're safe from any SQL attack. Also, you are safer because you are first naming the column your updating, then providing the value. If there is any injection to affect another column, it'll cause an error. Say you are doing this to insert a general user who is not an admin (admin=0) INSERT INTO table (name,admin) values ('$name',0) If you are not checking name, and escaping single quotes, a malicious user could submit this value: John',1)# Which will make a name of john, set admin to one, and make the remainder of the SQL a comment. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] extract($_POST)
[snip] There are many places (websites) wherein you can choose the country from a pulldown menu. This prevents somebody (somehow) from posting something illegal. Besides, if the values assigned are numbers (e.g. option value=100My Country/option) then you can check whether the value is_numeric() or something. Or, even if it's a text field, perhaps you can use some regex to make sure that you only accept certain characters. (i.e. alphabet, etc.) A drop down doesn't save you from validating what the user sent. Just because your form has a drop down, it doesn't mean the one I re-create on my page has one (while I'm spoofing HTTP_REFERRER, mind you). It may have a text box so I can send you any value. ---John Holmes.. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] upload files
Hello everybody, I want to allow the client to upload a text file on my web server, so I use this code : html head/head body Uploaded files detailsbr ?php printf(Name : %s br, $HTTP_POST_FILES[userfile][name]); printf(Temporary Name : %s br, $HTTP_POST_FILES[userfile][tmp_name]); printf(Size : %s br, $HTTP_POST_FILES[userfile][size]); printf(Type : %s br, $HTTP_POST_FILES[userfile][type]); if (copy ($HTTP_POST_FILES[userfile][tmp_name],temp/.$HTTP_POST_FILES[userfile ][name])) { printf(File successfully copied);} else{ printf(Error: failed to copy file);} ? /body /html the $http_post_files doesn't return me anything, anybody would have a clue ?? ( roughly speaking I am not able to retrieve the field the client try to send me). Thanks a lot. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] extract($_POST)
You can still create a sub-query to do the damage. Jason -Original Message- From: John W. Holmes [mailto:holmes072000;charter.net] Sent: Friday, October 25, 2002 4:01 PM To: 'Rick Emery'; 'Chris Boget'; [EMAIL PROTECTED]; 'Monty' Subject: RE: [PHP] extract($_POST) No, this can't happen. There can only be one SQL query per mysql_query(). Google for SQL injection or something and I'm sure you'll find examples. ---John Holmes... -Original Message- From: Rick Emery [mailto:remery;emeryloftus.com] Sent: Friday, October 25, 2002 4:59 PM To: Chris Boget; [EMAIL PROTECTED]; Monty Subject: Re: [PHP] extract($_POST) Lets say you have a statement like: $query = SELECT * FROM mytable WHERE firstname=$firstname; And if $firstname is set to: xyz; DELETE FROM mytable Then this is executed as: SELECT* FROM mytable WHERE firstname=xyz;DELETE FROM mytable This can wipe out your table...a bad thing... - Original Message - From: Chris Boget [EMAIL PROTECTED] To: Rick Emery [EMAIL PROTECTED]; [EMAIL PROTECTED]; Monty [EMAIL PROTECTED] Sent: Friday, October 25, 2002 3:41 PM Subject: Re: [PHP] extract($_POST) This thread has been great! I've learned so much useful stuff. For instance, if you expect a variable called $firstname to contain a name to be stored in a SQL database, be certain it does not contain SQL commands which can damage your database. This is another thing I'd be interested in hearing more about. If all you are doing is storing and retrieving data, what commands could possibly be defined that could damage your database? $firstName = Chris; mysql_query( INSERT INTO names ( first_name ) VALUES ( \$firstName\ ) ); $result = mysql_query( SELECT first_name FROM names ); while( $dataArray = mysql_fetch_assoc( $result )) { echo $dataArray[first_name] } If $firstName was set by a form submission, what malicious SQL code could damage your database? All you are doing is storing, retreiving and displaying data... Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: upload files
I'm not sure of the backwards compatibility, but if you're running PHP 4.2.x (I think? Maybe it came in earlier) .. use the $_FILES global variable, in place of $HTTP_POST_FILES. The array is exactly the same: $_FILES[name_of_file][attributes] Hopefully this helps? -Jason Cyrille Andres wrote: Hello everybody, I want to allow the client to upload a text file on my web server, so I use this code : Uploaded files details , $HTTP_POST_FILES[userfile][name]); printf(Temporary Name : %s , $HTTP_POST_FILES[userfile][tmp_name]); printf(Size : %s , $HTTP_POST_FILES[userfile][size]); printf(Type : %s , $HTTP_POST_FILES[userfile][type]); if (copy ($HTTP_POST_FILES[userfile][tmp_name],temp/.$HTTP_POST_FILES[userfile ][name])) { printf(File successfully copied);} else{ printf(Error: failed to copy file);} ? the $http_post_files doesn't return me anything, anybody would have a clue ?? ( roughly speaking I am not able to retrieve the field the client try to send me). Thanks a lot. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] extract($_POST)
You assume mysql. Other SQL databases allow multiple statements. -Original Message- From: Rick Emery [mailto:remery;emeryloftus.com] Sent: Friday, October 25, 2002 4:59 PM To: Chris Boget; [EMAIL PROTECTED]; Monty Subject: Re: [PHP] extract($_POST) Lets say you have a statement like: $query = SELECT * FROM mytable WHERE firstname=$firstname; And if $firstname is set to: xyz; DELETE FROM mytable Then this is executed as: SELECT* FROM mytable WHERE firstname=xyz;DELETE FROM mytable This can wipe out your table...a bad thing... - Original Message - From: Chris Boget [EMAIL PROTECTED] To: Rick Emery [EMAIL PROTECTED]; [EMAIL PROTECTED]; Monty [EMAIL PROTECTED] Sent: Friday, October 25, 2002 3:41 PM Subject: Re: [PHP] extract($_POST) This thread has been great! I've learned so much useful stuff. For instance, if you expect a variable called $firstname to contain a name to be stored in a SQL database, be certain it does not contain SQL commands which can damage your database. This is another thing I'd be interested in hearing more about. If all you are doing is storing and retrieving data, what commands could possibly be defined that could damage your database? $firstName = Chris; mysql_query( INSERT INTO names ( first_name ) VALUES ( \$firstName\ ) ); $result = mysql_query( SELECT first_name FROM names ); while( $dataArray = mysql_fetch_assoc( $result )) { echo $dataArray[first_name] } If $firstName was set by a form submission, what malicious SQL code could damage your database? All you are doing is storing, retreiving and displaying data... Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php