Re: [PHP] web services
Hello, Hi Guys, I want to create webservices using NUSoap + PHP. I have gone through NUSoap Site at http://dietrich.ganx4.com/nusoap/faq.php but havenot found any thing to start with. Can any body point me to some good examples + Manuals on the matter. PHP Webservices sounds promising and i think using NUSoap is the best alternative at present. Does any one have better ideas ? You will find our open source Krysalis platform interesting for PHP web services. http://www.interakt.ro/products/Krysalis/ You can also read my chapter for the Wrox (it's bancrupcy is a major losss..) Professional PHP Web Services at ftp://www.interakt.ro/pub/Krysalis/Professional%20web%20services%20with%20Kr ysalis.pdf We hope that this will give you a healthy start. Krysalis does not include an API like (SOAPx4 or NuSOAP), but is based on XML streaming and transformation, ans you will see an alternative of using SOAP for other goals than RPC. Alexandru Thanks and Regards, Nikunj Virani -- Alexandru COSTIN Chief Operating Officer http://www.interakt.ro/ +4021 411 2610 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] variales within define constants
hi guys i'm sure i've done this before but is it possible ? i would like it to show up like this define('CONSTANT','Hello $var'); $var = Dan; echo CONSTANT -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: fast template class
Gilberto Garcia Jr. [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I´m a newbie on this class. But i´m getting this error. can you post snippet of the code and exact error that you get? rush -- http://www.templatetamer.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] variales within define constants
Just try it :) -Original Message- From: Dan Rossi [mailto:[EMAIL PROTECTED] Sent: Samstag, 22. März 2003 08:09 To: Php-General Subject: [PHP] variales within define constants hi guys i'm sure i've done this before but is it possible ? i would like it to show up like this define('CONSTANT','Hello $var'); $var = Dan; echo CONSTANT -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
php-general Digest 22 Mar 2003 13:25:23 -0000 Issue 1953
php-general Digest 22 Mar 2003 13:25:23 - Issue 1953 Topics (messages 140651 through 140677): md5 cookies 140651 by: Sebastian Re: Sessions question 140652 by: Beauford.2002 140673 by: Jason Wong Resume PHP Sockets? 140653 by: Richard Mikalsen Re: How to delay a header( Location: ) 140654 by: Richard Mikalsen Re: detecting end of line - php 4.1.2 140655 by: Travers Carter retrieve data from mysql db 140656 by: gert vonck Re: Apache + PHP - when using as module, can one have PHPs run as 140657 by: ADFH Re: Cookie or Session?? 140658 by: Justin French 140672 by: Jason Wong Re: How to detect if a cookie is set? 140659 by: Paonarong Buachaiyo Re: Session Not Working 140660 by: Paonarong Buachaiyo Re: Sessions 140661 by: Justin French 140669 by: Adam - how to test string to see if it is a date or time? 140662 by: DomIntCom Test the server. 140663 by: Vincent M. 140665 by: Sebastian Wrapping text output 140664 by: Philip J. Newman 140666 by: Sebastian 140671 by: Justin French Re: web services 140667 by: Nikunj Virani 140674 by: Alexandru COSTIN Re: ob_start problem 140668 by: Mr Percival Compile problem. 140670 by: Serge Paquin variales within define constants 140675 by: Dan Rossi 140677 by: Daniel Diehl Re: fast template class 140676 by: rush Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- ---BeginMessage--- hello all, Cookie noob here :s how do I add md5 hash so it encrypts the password only in the cookie? and how do I increase the expire time to 30 days? Here's the snip: setcookie(pass,$HTTP_POST_VARS[password],time()+(3600*24*7)); Thanks in advanced. cheers, - Sebastian ---End Message--- ---BeginMessage--- I don't quite understand this. If a user is on my site and then decides to go into his favourites and go to yahoo.com - this won't work. I think you are assuming the user is going to click on something I have set up - I want this to be invisible - however this user decides to leave my site. It appears though from the answers I have received - that this is not possible B. - Original Message - From: Kevin Stone [EMAIL PROTECTED] To: PHP General [EMAIL PROTECTED] Sent: Friday, March 21, 2003 4:21 PM Subject: Re: [PHP] Sessions question This is one of those rare things in programming that can only be done one way. Absolutely the only way to kill the session when a user leaves your site is to go through a script and then redirect after the session has been destroyed. For this to work every outgoing link on your website will have to point to a script. Then you'll pass the redirect url or url id (that referse to a url in your database) through the link and redirect after session_destroy() has killed the session. The link can look like this: a href=exit.php?url=http://www.thiersite.com;www.theirsite.com/a The script will look something like this: ? // exit.php session_start(); session_destroy(); header(Location: .$_POST['url']); ? Keep in mind if you want to do this then the user will not be able to use his/her back button in order to return to your website unless you define an additional redirect in a conditional that states if the session is not active then go here. Voodoo. *LOL* - Kevin - Original Message - From: Beauford.2002 [EMAIL PROTECTED] To: Ford, Mike [LSS] [EMAIL PROTECTED]; 'Justin French' [EMAIL PROTECTED]; PHP General [EMAIL PROTECTED] Sent: Friday, March 21, 2003 12:56 PM Subject: Re: [PHP] Sessions question So is there anyway to do this - perl, javascript, voodo? - Original Message - From: Ford, Mike [LSS] [EMAIL PROTECTED] To: 'Justin French' [EMAIL PROTECTED]; Beauford.2002 [EMAIL PROTECTED]; PHP General [EMAIL PROTECTED] Sent: Friday, March 21, 2003 11:04 AM Subject: RE: [PHP] Sessions question -Original Message- From: Justin French [mailto:[EMAIL PROTECTED] Sent: 21 March 2003 15:59 on 22/03/03 2:27 AM, Beauford.2002 ([EMAIL PROTECTED]) wrote: What about cookies - someone said if you put no time limit on a cookie it dies when you leave the site - I'm not sure about this, but any help is appreciated. I think it's defined as when the browser is closed, not when the browser is no longer in your domain That is correct. Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham
[PHP] upload files and file types
hi there , i was wondering on security of file uploads , i am currently using the pear uploader class , i can check for allowed file extensions , but it doesnt seem to check for file type , i can currently rename say an image to zip and it uploads , is there anyway a hacker could rename an executable to a zip and able to upload it and execute it ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] variales within define constants
?? why would i not try it before posting heh :O -Original Message- From: Daniel Diehl [mailto:[EMAIL PROTECTED] Sent: Sunday, March 23, 2003 12:23 AM To: 'Dan Rossi'; 'Php-General' Subject: RE: [PHP] variales within define constants Just try it :) -Original Message- From: Dan Rossi [mailto:[EMAIL PROTECTED] Sent: Samstag, 22. März 2003 08:09 To: Php-General Subject: [PHP] variales within define constants hi guys i'm sure i've done this before but is it possible ? i would like it to show up like this define('CONSTANT','Hello $var'); $var = Dan; echo CONSTANT -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Parsing results from mySQL query
Hi everyone, I have ALMOST gotten this working (mySQL part works). I have gotten the advice that this is easier to do in PHP then to try and make this query work in mySQL. Here is the query and a sampling of the current results (from phpMyAdmin) SELECT p.fname, p.lname, w.web_link, a.dra_id, dra.area, t.title FROM tbl_personnel p LEFT JOIN tbl_personnel_weblinks w ON p.id = w.person_id LEFT JOIN tbl_personnel_dras a ON p.id = a.person_id LEFT JOIN tbl_dra dra ON a.dra_id = dra.id LEFT JOIN tbl_personnel_titles t ON p.id = t.person_id; Because some of these people have multiple records in tbl_personnel_dras AND in tbl_personnel_titles - I get many repeats of each person (one for every combo). I was told this would be really messy to deal with in SQL (though I am open) - but I have no idea where to start in PHP. I would like to display the data to the web like: fname lname title(s) - (this would be the list of titles for this person) Areas: area, area, area (this would be the list of areas in one place as opposed to making the record repeat) Thank you for any help. The above query returns something like this (the first set are the column names): fname lname web_link dra_id area title Jeffrey Whittle NULL NULL NULL Investigator Jeffrey Whittle NULL NULL NULL Staff Physician Adam Gordon NULL 5 Mental Illness Staff Physician Adam Gordon NULL 5 Mental Illness Assistant Professor of Medicine Adam Gordon NULL 5 Mental Illness Investigator, VISN4 Mental Illness Research, Educa... Adam Gordon NULL 5 Mental Illness Investigator, Center for Research on Health Care Adam Gordon NULL 5 Mental Illness Investigator Adam Gordon NULL 8 Special (Underserved, High Risk) Populations Staff Physician Adam Gordon NULL 8 Special (Underserved, High Risk) Populations Assistant Professor of Medicine Adam Gordon NULL 8 Special (Underserved, High Risk) Populations Investigator, VISN4 Mental Illness Research, Educa... Adam Gordon NULL 8 Special (Underserved, High Risk) Populations Investigator, Center for Research on Health Care Adam Gordon NULL 8 Special (Underserved, High Risk) Populations Investigator -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [SOAP] web services
Unless, of course, you need real text encoding. XML-RPC *only* supports USASCII. No unicode, not even ISO-8859-1. And it's spec author actively fights /against/ improving this situation. -Bill Kearney Tony Bibbs [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] That seems network intensive to me. Offering web services for some basic tasks makes sense but not making an entire application that does all functionality over the web will be slow and impractical. Also, consider XML-RPC. Some people insist on hammering a nail with a sledgehammer (soap) when a XML-RPC implementation (the hammer) is better suited. That said, I use both raw XML, XML-RPC and SOAP for various tasks. It doesn't have to be all or the other (not that you implied that)... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] sha1 hash in old php?
Anyone got a php script for generating sha1sum hashes from a short bit of text? The target platform does not have any of the libraries, let alone the latest php, installed. So before I rewrite it in PHP I figured I'd ask -Bill Kearney -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Password Authentication
I am trying to build password authentication into a database front end for a MySQL DB. I find the php docs on this point quite confusing so I have a lot of questions. I can use a one-way hash to do this if that's the best way, as I don't need to retrieve the password. However if I could do so that has some small advantages. So I am open to either symmetric or one-way approaches. First off, there are multiple encryption methods out there -- PHP crypt() and the mcrypt functions, and MySQL encrypt(), for encryption; and the md5 etc. functions for hashing. Is there any information on best practices here, particularly in using PHP's encryption vs MySQL's? Second, the PHP docs on crypt are, to me, a mess. Much of it suggests passing the password back in as the salt for crypt, but this appears to me to only be workable if DES is being used and the first two characters of the password are the DES salt value. Since the actual encryption method is installation-dependent the code in the docs: # You should pass the entire results of crypt() as the salt # for comparing a password, to avoid problems when different # hashing algorithms are used. (As it says above, standard # DES-based password hashing uses a 2-character salt, but # MD5-based hashing uses 12.) if (crypt($user_input,$password) == $password) { echo Password verified!; } seems to me to be exactly wrong -- what it does is *create* problems with different hashing algorithms. Using $password as the salt here only works for DES, for md5-based encryption it will fail as the first 12 characters of the password are not the md5 salt (are they?). What am I missing here? Third, I am curious as to the repeated statements as to why one must use a different salt every time. For example, here's a user comment on the crypt docs from the PHP web site: The only only important consideration when generating a salt is to make sure that all salts are unique--that way the same password will be encrypted differently (i.e. the encrypted passwords will look different) for different users. One of the simplest ways to generate a unique salt is to use some string that will be different every time the procedure is called. Here's a simple example: $jumble = md5(time() . getmypid()); $salt = substr($jumble,0,$salt_length); My question is, why would I do this? If you are going to save the password you can't use a random salt without saving the salt along with the password so you can test it later. And if you do that, the randomness loses its value -- if someone breaks in and finds the encrypted password, they also get the salt. Again, am I missing something? Is there some potential attack where the attacker can use the repeatability of the password encryption or hashing algorithm to their advantage even if they cannot break into the server to see the encrypted data? If not, and they have to be able to break in to do the attack then, again, they can read the salt. Thanks for any comments or input. -- Tom Rawson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Removing Risky Characters
When validating user input to remove quotes and other characters that can be used for hacks, does one need to be concerned about the high- ASCII characters which have 'quote' meanings (e.g. 0x91 - 0x94). I presume not, but just wanted to verify that PHP will not interpret these as quotes. -- Tom Rawson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions question
Why? You wouldn't even know it happened - nor would the site. This is just a security precaution. - Original Message - From: Jason Wong [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, March 22, 2003 2:25 AM Subject: Re: [PHP] Sessions question On Saturday 22 March 2003 08:09, Beauford.2002 wrote: I don't quite understand this. If a user is on my site and then decides to go into his favourites and go to yahoo.com - this won't work. I think you are assuming the user is going to click on something I have set up - I want this to be invisible - however this user decides to leave my site. It appears though from the answers I have received - that this is not possible You're right it is not possible and quite rightly so. I wouldn't want a site to know when I have 'left' their site. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* Lee's Law: Mother said there would be days like this, but she never said that there'd be so many! */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Password Authentication
I just md5() the passwords, and reset them if needed... rather than retrieving. The advantage for me on this is that it's portable... md5() is part of the base PHP install, whereas the mcrypt stuff isn't (or wasn't). Justin on 23/03/03 1:31 AM, [EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote: I am trying to build password authentication into a database front end for a MySQL DB. I find the php docs on this point quite confusing so I have a lot of questions. I can use a one-way hash to do this if that's the best way, as I don't need to retrieve the password. However if I could do so that has some small advantages. So I am open to either symmetric or one-way approaches. First off, there are multiple encryption methods out there -- PHP crypt() and the mcrypt functions, and MySQL encrypt(), for encryption; and the md5 etc. functions for hashing. Is there any information on best practices here, particularly in using PHP's encryption vs MySQL's? Second, the PHP docs on crypt are, to me, a mess. Much of it suggests passing the password back in as the salt for crypt, but this appears to me to only be workable if DES is being used and the first two characters of the password are the DES salt value. Since the actual encryption method is installation-dependent the code in the docs: # You should pass the entire results of crypt() as the salt # for comparing a password, to avoid problems when different # hashing algorithms are used. (As it says above, standard # DES-based password hashing uses a 2-character salt, but # MD5-based hashing uses 12.) if (crypt($user_input,$password) == $password) { echo Password verified!; } seems to me to be exactly wrong -- what it does is *create* problems with different hashing algorithms. Using $password as the salt here only works for DES, for md5-based encryption it will fail as the first 12 characters of the password are not the md5 salt (are they?). What am I missing here? Third, I am curious as to the repeated statements as to why one must use a different salt every time. For example, here's a user comment on the crypt docs from the PHP web site: The only only important consideration when generating a salt is to make sure that all salts are unique--that way the same password will be encrypted differently (i.e. the encrypted passwords will look different) for different users. One of the simplest ways to generate a unique salt is to use some string that will be different every time the procedure is called. Here's a simple example: $jumble = md5(time() . getmypid()); $salt = substr($jumble,0,$salt_length); My question is, why would I do this? If you are going to save the password you can't use a random salt without saving the salt along with the password so you can test it later. And if you do that, the randomness loses its value -- if someone breaks in and finds the encrypted password, they also get the salt. Again, am I missing something? Is there some potential attack where the attacker can use the repeatability of the password encryption or hashing algorithm to their advantage even if they cannot break into the server to see the encrypted data? If not, and they have to be able to break in to do the attack then, again, they can read the salt. Thanks for any comments or input. -- Tom Rawson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Password Authentication
On 23 Mar 2003 Justin French wrote: I just md5() the passwords, and reset them if needed... rather than retrieving. The advantage for me on this is that it's portable... md5() is part of the base PHP install, whereas the mcrypt stuff isn't (or wasn't). Something like that was my inclination as it seems simpler. One could also md5 the combined user / PW string, so the hash doesn't correspond to a single password. Do you know why there is all the stuff in the docs about using random salts? That didn't make much sense to me. -- Tom Rawson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session's length.
- php-general. I used such code: $exp = 60*60*24*10; # for ten days. session_set_cookie_params($exp); But it works wrong - cookies were removed right after i have rebooted. The other way is to put session id into the cookies, but... Isn't it the same? Thank you. Yours, L0vCh1Y [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ob_start problem
Warning: ob_gzhandler() [ref.outcontrol]: output handler 'ob_gzhandler' cannot be used twice in /blahblah/includes/bottom.inc on line 25 I can't speak as to why this would only happen occasionally, but I believe that you should comment out the output_buffering line in the php.ini file when using the ob_gzhandler function. Or so says a user-contributed note in the PHP manual... Larry -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] upload files and file types
hi there , i was wondering on security of file uploads , i am currently using the pear uploader class , i can check for allowed file extensions , but it doesnt seem to check for file type , i can currently rename say an image to zip and it uploads , is there anyway a hacker could rename an executable to a zip and able to upload it and execute it ? I can't address your specific question but here are a couple of recommendations: -Rename the uploaded file so that the user won't know what it's called on the server. -Store the file outside of the Web directory so it's not accessible via HTTP. Hope that helps, Larry -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Removing Risky Characters
On Sat, 22 Mar 2003 09:34:03 -0500, you wrote: When validating user input to remove quotes and other characters that can be used for hacks, does one need to be concerned about the high- ASCII characters which have 'quote' meanings (e.g. 0x91 - 0x94). I presume not, but just wanted to verify that PHP will not interpret these as quotes. You should probably look at this function: http://www.php.net/manual/en/function.htmlentities.php The thing that is most likely to trip you up is people who cut'n'paste from Word. High-ASCII characters can slip in like that, also some characters that are common in European languages (accents and umlauts). All of these need to be translated into HTML entities. (ISTR there are a few additional characters you should add to the translation table if you're doing WML, too.) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] variales within define constants
yes, you can do this, but you have the order wrong. you must set the variable before you use it. and you must have double quotes around the variable in the define() call single quotes denotes a literal string which will not include the value of a variable, you would end up echo'ing Hello $var instead of Hello Dan $var = Dan; define('CONSTANT', Hello $var); echo CONSTANT Jim Lucas - Original Message - From: Dan Rossi [EMAIL PROTECTED] To: Daniel Diehl [EMAIL PROTECTED]; 'Php-General' [EMAIL PROTECTED] Sent: Saturday, March 22, 2003 4:44 AM Subject: RE: [PHP] variales within define constants ?? why would i not try it before posting heh :O -Original Message- From: Daniel Diehl [mailto:[EMAIL PROTECTED] Sent: Sunday, March 23, 2003 12:23 AM To: 'Dan Rossi'; 'Php-General' Subject: RE: [PHP] variales within define constants Just try it :) -Original Message- From: Dan Rossi [mailto:[EMAIL PROTECTED] Sent: Samstag, 22. März 2003 08:09 To: Php-General Subject: [PHP] variales within define constants hi guys i'm sure i've done this before but is it possible ? i would like it to show up like this define('CONSTANT','Hello $var'); $var = Dan; echo CONSTANT -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Password Authentication
On Sat, 22 Mar 2003 09:31:14 -0500, you wrote: First off, there are multiple encryption methods out there -- PHP crypt() and the mcrypt functions, and MySQL encrypt(), for encryption; and the md5 etc. functions for hashing. Is there any information on best practices here, particularly in using PHP's encryption vs MySQL's? I would suggest using the MySQL ENCRYPT(), SHA1(), or MD5() functions, simply because if you write a new front-end in a different language, there's no danger of losing native support for the hashing algorithm. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] sha1 hash in old php?
Chris Monson has written a pure PHP implemntation of SHA. It is available on PHP Classes at http://phpclasses.promoxy.com/browse.html/package/65.html. Jason Bill Kearney wrote: Anyone got a php script for generating sha1sum hashes from a short bit of text? Hi Bill, The target platform does not have any of the libraries, let alone the latest php, installed. So before I rewrite it in PHP I figured I'd ask -Bill Kearney -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Separators in variable values causing MySQL commands to fail
In my PHP script I have coded e.g.: $sql = INSERT INTO `$owners` ( `FirstName`, `LastName`) VALUES ( '$firstname' , '$lastname' ); $result = mysql_query($sql); So along comes e.g. John O'Groats and nothing gets inserted into the database. OK, I can bypass my oversight by stripping out apostophes from the variable values. There has to be a better way please. TIA Mike -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Test the server.
Sebastian wrote: put this in a .php file: ?php phpinfo(); ? it'll tell you what OS, (usually) check if safe mode is on.. if it's on then usually you can't exec anything. cheers, - Sebastian Yes I know but my aim is to make a php script which checks automaticly if the php and the shell functions I need are available. Vincent. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Separators in variable values causing MySQL commands to fail
you must remove the backticks. Jim - Original Message - From: rentAweek Ltd [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, March 22, 2003 9:50 AM Subject: [PHP] Separators in variable values causing MySQL commands to fail In my PHP script I have coded e.g.: $sql = INSERT INTO `$owners` ( `FirstName`, `LastName`) VALUES ( '$firstname' , '$lastname' ); $result = mysql_query($sql); So along comes e.g. John O'Groats and nothing gets inserted into the database. OK, I can bypass my oversight by stripping out apostophes from the variable values. There has to be a better way please. TIA Mike -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Separators in variable values causing MySQL commands to fail
On Sat, 22 Mar 2003 17:50:30 +, you wrote: OK, I can bypass my oversight by stripping out apostophes from the variable values. There has to be a better way please. http://www.php.net/manual/en/function.mysql-escape-string.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Separators in variable values causing MySQL commands to fail
and , you need to escape the values that you are inputing ie. htmlspecialchars() or htmlentities() those values Jim - Original Message - From: rentAweek Ltd [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, March 22, 2003 9:50 AM Subject: [PHP] Separators in variable values causing MySQL commands to fail In my PHP script I have coded e.g.: $sql = INSERT INTO `$owners` ( `FirstName`, `LastName`) VALUES ( '$firstname' , '$lastname' ); $result = mysql_query($sql); So along comes e.g. John O'Groats and nothing gets inserted into the database. OK, I can bypass my oversight by stripping out apostophes from the variable values. There has to be a better way please. TIA Mike -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Separators in variable values causing MySQL commands to fail
OK, I can bypass my oversight by stripping out apostophes from the variable values. There has to be a better way please. Turn on Magic Quotes GPC or use the addslashes() function. Or, if you want to be more precise and MySQL-specific, use the mysql_escape_string() or mysql_real_escape_string() functions. Larry -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Test the server.
On Sat, 22 Mar 2003 12:59:19 -0800, you wrote: Yes I know but my aim is to make a php script which checks automaticly if the php and the shell functions I need are available. If you look at the output of phpinfo() you'll see a whole bunch of variables that are set differently depending on the OS (eg SERVER_SOFTWARE, SystemRoot, _SERVER), although personally I would set the name of the current OS in a configuration file. Less room for error that way. To discover whether an application exists, use system() to call it and check the return value provided by the OS. I think you'll find it returns FALSE on failure. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Fwd: Re: [PHP] Separators in variable values causing MySQL commands to fail
- rentAweek, rL In my PHP script I have coded e.g.: rL $sql = INSERT INTO `$owners` ( `FirstName`, `LastName`) VALUES ( rL '$firstname' , '$lastname' ); rL $result = mysql_query($sql); rL So along comes e.g. John O'Groats and nothing gets inserted into the rL database. rL OK, I can bypass my oversight by stripping out apostophes from the rL variable values. There has to be a better way please. Why not just use addslashes() (mysql_escape_string()) check if $result==true? Yours, L0vCh1Y -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Session's length.
from the user posts at php.net http://www.php.net/manual/en/function.session-set-cookie-params.php The idea of a session is that it ends when the user closes the browser (maybe even before hand). If you want a cookie to last longer, than use the setcookie() function. -Kevin Sent out by Joel Colombo L0vch1y [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] - php-general. I used such code: $exp = 60*60*24*10; # for ten days. session_set_cookie_params($exp); But it works wrong - cookies were removed right after i have rebooted. The other way is to put session id into the cookies, but... Isn't it the same? Thank you. Yours, L0vCh1Y [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session's length.
Hi, As I belive, the sessions (session cookies) will expire after the browser has been restarted. So even if you put the session id in a cookie, after ten days you might have your old session id, but it would be delete from the server long ago. The server doesn't keep session for that log periods of time due to the fact it would take up a lot of hard disk... Session data, is stored on the server, cookies on the browser.. If you wish to use the cookies and keep them for 10 days on the user's computer you would just want to user normal cookies.. You would want to put this at the top of your page - before any output has been sent... ? setcookie(nameofcookie, value of cookie, time()+600, /); ? the time()+600 is in seconds 600 = ten mins, so if you wanted in to expire in ten days do the math.. :) as for the / means that it will be sent to all your files.. hope this helps in some way... I'm no expert... Adam At 07:10 PM 3/22/2003 +0300, you wrote: - php-general. I used such code: $exp = 60*60*24*10; # for ten days. session_set_cookie_params($exp); But it works wrong - cookies were removed right after i have rebooted. The other way is to put session id into the cookies, but... Isn't it the same? Thank you. Yours, L0vCh1Y [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Date Diff
Greetings all, A while ago I was using asp and when I started using php the harder thing to learn was Dealing with dates. There isn't a datediff function like asp.. Instead you have timestamps. Powerful it may be but a little hard to learn about and use. Other wise I find php to be very nice and simple as well powerful. So what happens if you have two timestamps and you want to find out what the difference is? There has to be some function that I don't know about.. I have to be missing somethig! Adam -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Session's length.
Hello Joel, Saturday, March 22, 2003, 9:52:20 PM, you wrote: JC from the user posts at php.net JC http://www.php.net/manual/en/function.session-set-cookie-params.php JC The idea of a session is that it ends when the user closes the browser JC (maybe even before hand). If you want a cookie to last longer, than use the JC setcookie() function. JC -Kevin JC Sent out by JC Joel Colombo Manual was the first place i've looked into. session_set_cookie_params($exp) is function, entered to able sessions to long as much as needed, as it sets up cookies sent by sessions (equal to same function, working with cookies). But it's look like server removes session's data much earlier, then i need... -- Best regards, L0vCh1Ymailto:[EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] creating mailing list in php?
Hi y'all. I am working on a mail list app that's pretty simple...don't need to let users post, only admins, and it's very straightforward. I tested it out with mail() on 50 addresses, and it took 78 seconds plus massive server load. Part of that may be the mail scanner we have, but I also know mail() opens a socket each time, and that's gonna make it pretty slow too. Does anyone have any suggestions, or even examples of what you've done for this type of thing? The load is about 3000 emails daily, all at once (the client emails out daily specials to their clients), which at this rate would take over an hour to send. Also, and I might just not be paying attention, but is there any word about this list going phpBB or the like sometime soon? That would be great. Thanks again for your help. -jason
Re: [PHP] Date Diff
Hello Adam, Since timestamps are in seconds you just subtract them and then use date to convert it to a more human readable format. ?php $yesterday = time() - 86400; print date('m/d/y', $yesterday); ? You could also use the strtotime function to convert a string to a timestamp. PHP has many date and time functions, take a look at http://www.php.net/manual/en/ref.datetime.php. Jason Adam - wrote: Greetings all, A while ago I was using asp and when I started using php the harder thing to learn was Dealing with dates. There isn't a datediff function like asp.. Instead you have timestamps. Powerful it may be but a little hard to learn about and use. Other wise I find php to be very nice and simple as well powerful. So what happens if you have two timestamps and you want to find out what the difference is? There has to be some function that I don't know about.. I have to be missing somethig! Adam -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Test the server.
At 21:59 22.03.2003, Vincent M. said: [snip] Yes I know but my aim is to make a php script which checks automaticly if the php and the shell functions I need are available. [snip] You can use function_exists() and class_exists() o test against needed implementations. Some extensions may have functions returning the installed version as well. -- O Ernest E. Vogelsinger (\)ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] array insert help
I need to create a form where work/home address details need to be entered. I'd like to have these listed as 2 entries in the mysql db so I'm assuming I need to create an array and loop through the array to do the insert. So I have an address[1] and address[2] for example for a total of 12 address fields in each set. (6 each) My problem is that I'm not sure how to set up the array for the fields and how to take the input fields and insert them. Do I need a multidimensional array for this? ie. input type=text name=address[address][] input type=text name=address[city][] How would I decode that to create an insert statement?? Any suggestions are greatly appreciated! Jason -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] array insert help
At 20:59 22.03.2003, Jason Dulberg said: [snip] My problem is that I'm not sure how to set up the array for the fields and how to take the input fields and insert them. Do I need a multidimensional array for this? ie. input type=text name=address[address][] input type=text name=address[city][] How would I decode that to create an insert statement?? [snip] I believe your example would work. However since you have a definite number of adresses you could add the index directly, as here: bHome Address:/bbr / input type=text name=address[address][0] input type=text name=address[city][0] bWork Address:/bbr / input type=text name=address[address][1] input type=text name=address[city][1] When the form is received you will have an array for adress that looks like this: $_REQUEST['address'] = array( 'address' = array(0 = 'home address', 1 = 'work address'), 'city' = array(0 = 'home city', 1 = 'work city')); To insert the home address you'd create an SQL statement like this: for($i = 0; $i = $number_of_addresses; ++$i) { $sql = insert into address(adress, city) values ( . {$_REQUEST['address']['address'][$i]}, . {$_REQUEST['address']['city'][$i]}); // more code } Hope this helps, -- O Ernest E. Vogelsinger (\)ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] array insert help
Thanks for your help... I tried the code as you suggested however when I attempted to echo the variables for testing but nothing showed. for($i = 0; $i = 1; ++$i) { echo paddress.$_POST['address']['address'][$i]; echo brcity.$_POST['address']['city'][$i]; } The form fields are as you suggested as well. Thanks again! Jason -Original Message- From: Ernest E Vogelsinger [mailto:[EMAIL PROTECTED] Sent: March 22, 2003 4:05 PM To: Jason Dulberg Cc: [EMAIL PROTECTED] Subject: Re: [PHP] array insert help At 20:59 22.03.2003, Jason Dulberg said: [snip] My problem is that I'm not sure how to set up the array for the fields and how to take the input fields and insert them. Do I need a multidimensional array for this? ie. input type=text name=address[address][] input type=text name=address[city][] How would I decode that to create an insert statement?? [snip] I believe your example would work. However since you have a definite number of adresses you could add the index directly, as here: bHome Address:/bbr / input type=text name=address[address][0] input type=text name=address[city][0] bWork Address:/bbr / input type=text name=address[address][1] input type=text name=address[city][1] When the form is received you will have an array for adress that looks like this: $_REQUEST['address'] = array( 'address' = array(0 = 'home address', 1 = 'work address'), 'city' = array(0 = 'home city', 1 = 'work city')); To insert the home address you'd create an SQL statement like this: for($i = 0; $i = $number_of_addresses; ++$i) { $sql = insert into address(adress, city) values ( . {$_REQUEST['address']['address'][$i]}, . {$_REQUEST['address']['city'][$i]}); // more code } Hope this helps, -- O Ernest E. Vogelsinger (\)ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] creating mailing list in php?
Just don't use PHP for sending the mail like that. It's better to have the mailserver run the list management. Then you only send one message to the server, and its distribution list system handles the delivery of all the messages. Depending on the mailserver, your PHP would then only have to need to deal with sending corrections for the dist list. All mailservers are designed to handle massive mail loads like that. A HTTP server with PHP definitely ain't. Nomatter what kind of mail actions you do, you should always try to keep them away from the HTTP and other webservice servers. HTTP management is alot more complex than mail handling, since the server has to deal with serving files while processing requests. A mail server's job is usually done by just trotting through the message from end to end ... which uses far less resources... By using the mail listserver method, you also free up the HTTP server for other tasks. It only has to generate the message once, and not n times... HTH Rene On Sat, 22 Mar 2003 14:20:39 -0500, Jason Jacobs wrote about [PHP] creating mailing list in php? what the universal translator turned into this: Hi y'all. I am working on a mail list app that's pretty simple...don't need to let users post, only admins, and it's very straightforward. I tested it out with mail() on 50 addresses, and it took 78 seconds plus massive server load. Part of that may be the mail scanner we have, but I also know mail() opens a socket each time, and that's gonna make it pretty slow too. Does anyone have any suggestions, or even examples of what you've done for this type of thing? The load is about 3000 emails daily, all at once (the client emails out daily specials to their clients), which at this rate would take over an hour to send. Also, and I might just not be paying attention, but is there any word about this list going phpBB or the like sometime soon? That would be great. Thanks again for your help. -jason -- Rene Brehmer This message was written on 100% recycled spam. Come see! My brand new site is now online! http://www.metalbunny.net -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] variales within define constants
hmm there is a problem, i set my defines in a defines.php file , i place it right at the top of my main includes file , which sets the paths for other include files , i have my funtion within a class , so the order is include(defines.php); include(class.php); $class = new class; would it work if it switch it ? include(class.php); $class = new class; include(defines.php); the variable is set within the class , its an internal variable ie $this-_variable; -Original Message- From: Jim Lucas [mailto:[EMAIL PROTECTED] Sent: Sunday, March 23, 2003 3:43 AM To: Dan Rossi; Daniel Diehl; 'Php-General' Subject: Re: [PHP] variales within define constants yes, you can do this, but you have the order wrong. you must set the variable before you use it. and you must have double quotes around the variable in the define() call single quotes denotes a literal string which will not include the value of a variable, you would end up echo'ing Hello $var instead of Hello Dan $var = Dan; define('CONSTANT', Hello $var); echo CONSTANT Jim Lucas - Original Message - From: Dan Rossi [EMAIL PROTECTED] To: Daniel Diehl [EMAIL PROTECTED]; 'Php-General' [EMAIL PROTECTED] Sent: Saturday, March 22, 2003 4:44 AM Subject: RE: [PHP] variales within define constants ?? why would i not try it before posting heh :O -Original Message- From: Daniel Diehl [mailto:[EMAIL PROTECTED] Sent: Sunday, March 23, 2003 12:23 AM To: 'Dan Rossi'; 'Php-General' Subject: RE: [PHP] variales within define constants Just try it :) -Original Message- From: Dan Rossi [mailto:[EMAIL PROTECTED] Sent: Samstag, 22. März 2003 08:09 To: Php-General Subject: [PHP] variales within define constants hi guys i'm sure i've done this before but is it possible ? i would like it to show up like this define('CONSTANT','Hello $var'); $var = Dan; echo CONSTANT -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] array insert help
At 22:24 22.03.2003, Jason Dulberg said: [snip] Thanks for your help... I tried the code as you suggested however when I attempted to echo the variables for testing but nothing showed. for($i = 0; $i = 1; ++$i) { echo paddress.$_POST['address']['address'][$i]; echo brcity.$_POST['address']['city'][$i]; } [snip] Jason, I tried the following and it worked: form method=post bHome Address:/bbr / input type=text name=address[address][0] value=?php echo $_POST['address']['address'][0]; ? input type=text name=address[city][0] value=?php echo $_POST['address']['city'][0]; ? br / bWork Address:/bbr / input type=text name=address[address][1] value=?php echo $_POST['address']['address'][1]; ? input type=text name=address[city][1] value=?php echo $_POST['address']['city'][1]; ? br / input type=submit /form ?php for($i = 0; $i = 1; ++$i) { echo paddress $i: .$_POST['address']['address'][$i]; echo brcity $i: .$_POST['address']['city'][$i]; } -- O Ernest E. Vogelsinger (\)ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] how to pass variable for $_GET
ok - I know how to pass these variables by appending variables to the link. however, I'm trying to pass the following string; '2003-1-1 00:00:01' AND '2003-3-20 23:59:59' now - when I pass it what I get is the following; date='2003-2-1%2000:00:01'%20AND%20'2003-3-1%2023:59:59' it seems what I'm going to have to do is replace %20 with a space, but I'm unclear of how to do that with php. thanks, Jeff -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP and IIS
I just installed Win2k server and IIS (need it for a project I am doing) and get the following error after installing PHP. All permissions are set correctly. This appears to be a common problem as a search comes up with hundreds of the same problem - funny though - no answers. Any help is appreciated. Technical Information (for support personnel) a.. Background: You have attempted to execute a CGI, ISAPI, or other executable program from a directory that does not allow programs to be executed. b.. More information: Microsoft Support -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP and IIS
Hi, Just a thought. Have u put all the dlls in the system32 forlder? Denis - Original Message - From: Beauford.2002 [EMAIL PROTECTED] To: PHP General [EMAIL PROTECTED] Sent: Sunday, March 23, 2003 8:03 AM Subject: [PHP] PHP and IIS I just installed Win2k server and IIS (need it for a project I am doing) and get the following error after installing PHP. All permissions are set correctly. This appears to be a common problem as a search comes up with hundreds of the same problem - funny though - no answers. Any help is appreciated. Technical Information (for support personnel) a.. Background: You have attempted to execute a CGI, ISAPI, or other executable program from a directory that does not allow programs to be executed. b.. More information: Microsoft Support -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] variales within define constants
ok i need to e able to predefine messages in a settings file , but need dynamic variables to print out , the variables are within a class , basically i want the message settings seperate from the class itself so they are configurable, this is mostly need for when emailing messages , i need to be able to go Hello $username or Hello $this-username for example , is there any way to do this ? -Original Message- From: Dan Rossi [mailto:[EMAIL PROTECTED] Sent: Sunday, March 23, 2003 9:09 AM To: Jim Lucas; Daniel Diehl; 'Php-General' Subject: RE: [PHP] variales within define constants hmm there is a problem, i set my defines in a defines.php file , i place it right at the top of my main includes file , which sets the paths for other include files , i have my funtion within a class , so the order is include(defines.php); include(class.php); $class = new class; would it work if it switch it ? include(class.php); $class = new class; include(defines.php); the variable is set within the class , its an internal variable ie $this-_variable; -Original Message- From: Jim Lucas [mailto:[EMAIL PROTECTED] Sent: Sunday, March 23, 2003 3:43 AM To: Dan Rossi; Daniel Diehl; 'Php-General' Subject: Re: [PHP] variales within define constants yes, you can do this, but you have the order wrong. you must set the variable before you use it. and you must have double quotes around the variable in the define() call single quotes denotes a literal string which will not include the value of a variable, you would end up echo'ing Hello $var instead of Hello Dan $var = Dan; define('CONSTANT', Hello $var); echo CONSTANT Jim Lucas - Original Message - From: Dan Rossi [EMAIL PROTECTED] To: Daniel Diehl [EMAIL PROTECTED]; 'Php-General' [EMAIL PROTECTED] Sent: Saturday, March 22, 2003 4:44 AM Subject: RE: [PHP] variales within define constants ?? why would i not try it before posting heh :O -Original Message- From: Daniel Diehl [mailto:[EMAIL PROTECTED] Sent: Sunday, March 23, 2003 12:23 AM To: 'Dan Rossi'; 'Php-General' Subject: RE: [PHP] variales within define constants Just try it :) -Original Message- From: Dan Rossi [mailto:[EMAIL PROTECTED] Sent: Samstag, 22. März 2003 08:09 To: Php-General Subject: [PHP] variales within define constants hi guys i'm sure i've done this before but is it possible ? i would like it to show up like this define('CONSTANT','Hello $var'); $var = Dan; echo CONSTANT -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Password Authentication
on 23/03/03 2:02 AM, [EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote: On 23 Mar 2003 Justin French wrote: I just md5() the passwords, and reset them if needed... rather than retrieving. The advantage for me on this is that it's portable... md5() is part of the base PHP install, whereas the mcrypt stuff isn't (or wasn't). Something like that was my inclination as it seems simpler. One could also md5 the combined user / PW string, so the hash doesn't correspond to a single password. Do you know why there is all the stuff in the docs about using random salts? That didn't make much sense to me. That's in the user notes... ignor it... md5() does not have to be salted... infact, you WANT the md5() to be static... because you will compare the md5()'d password in the database with the md5()'d password that they submit on a form. Justin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Password Authentication
You can use a static salt from within your application though. Jason Justin French wrote: on 23/03/03 2:02 AM, [EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote: On 23 Mar 2003 Justin French wrote: I just md5() the passwords, and reset them if needed... rather than retrieving. The advantage for me on this is that it's portable... md5() is part of the base PHP install, whereas the mcrypt stuff isn't (or wasn't). Something like that was my inclination as it seems simpler. One could also md5 the combined user / PW string, so the hash doesn't correspond to a single password. Do you know why there is all the stuff in the docs about using random salts? That didn't make much sense to me. That's in the user notes... ignor it... md5() does not have to be salted... infact, you WANT the md5() to be static... because you will compare the md5()'d password in the database with the md5()'d password that they submit on a form. Justin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: how to pass variable for $_GET
ok - found urldecode which is now giving me the following; \'2003-1-3 00:00:01\' AND \'2003-3-10 23:59:59\' original string; '2003-1-3 00:00:01' AND '2003-3-10 23:59:59' Domintcom [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] ok - I know how to pass these variables by appending variables to the link. however, I'm trying to pass the following string; '2003-1-1 00:00:01' AND '2003-3-20 23:59:59' now - when I pass it what I get is the following; date='2003-2-1%2000:00:01'%20AND%20'2003-3-1%2023:59:59' it seems what I'm going to have to do is replace %20 with a space, but I'm unclear of how to do that with php. thanks, Jeff -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] regex
hi, i need to search $final_footer for a string such as %INCLUDE_FILE[/path/to/file]% (where /path/to/file could be anything) and delete it from the string. it being %INCLUDE_FILE[/path/to/file]% (not just /path/to/file) im new to regexps but im guessing I should use preg_match for this? Can someone give me a code example? thanks much Nate -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
php-general Digest 23 Mar 2003 01:53:33 -0000 Issue 1954
php-general Digest 23 Mar 2003 01:53:33 - Issue 1954 Topics (messages 140678 through 140723): upload files and file types 140678 by: Dan Rossi 140690 by: Larry E. Ullman Re: variales within define constants 140679 by: Dan Rossi 140692 by: Jim Lucas 140714 by: Dan Rossi 140719 by: Dan Rossi Parsing results from mySQL query 140680 by: Charles Kline Re: [SOAP] web services 140681 by: Bill Kearney sha1 hash in old php? 140682 by: Bill Kearney 140694 by: Jason Sheets Password Authentication 140683 by: trlists.clayst.com 140686 by: Justin French 140687 by: trlists.clayst.com 140693 by: David Otton 140720 by: Justin French 140721 by: Jason Sheets Removing Risky Characters 140684 by: Tom Rawson 140691 by: David Otton Re: Sessions question 140685 by: Beauford.2002 Session's length. 140688 by: L0vCh1Y 140703 by: Joel Colombo 140704 by: Adam - 140706 by: L0vCh1Y Re: ob_start problem 140689 by: Larry E. Ullman Separators in variable values causing MySQL commands to fail 140695 by: rentAweek Ltd 140697 by: Jim Lucas 140698 by: David Otton 140699 by: Jim Lucas 140700 by: Larry E. Ullman 140702 by: L0vCh1Y Re: Test the server. 140696 by: Vincent M. 140701 by: David Otton 140709 by: Ernest E Vogelsinger Date Diff 140705 by: Adam - 140708 by: Jason Sheets creating mailing list in php? 140707 by: Jason Jacobs 140713 by: -{ Rene Brehmer }- array insert help 140710 by: Jason Dulberg 140711 by: Ernest E Vogelsinger 140712 by: Jason Dulberg 140715 by: Ernest E Vogelsinger how to pass variable for $_GET 140716 by: DomIntCom 140722 by: DomIntCom PHP and IIS 140717 by: Beauford.2002 140718 by: Denis L. Menezes regex 140723 by: Nate Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- ---BeginMessage--- hi there , i was wondering on security of file uploads , i am currently using the pear uploader class , i can check for allowed file extensions , but it doesnt seem to check for file type , i can currently rename say an image to zip and it uploads , is there anyway a hacker could rename an executable to a zip and able to upload it and execute it ? ---End Message--- ---BeginMessage--- hi there , i was wondering on security of file uploads , i am currently using the pear uploader class , i can check for allowed file extensions , but it doesnt seem to check for file type , i can currently rename say an image to zip and it uploads , is there anyway a hacker could rename an executable to a zip and able to upload it and execute it ? I can't address your specific question but here are a couple of recommendations: -Rename the uploaded file so that the user won't know what it's called on the server. -Store the file outside of the Web directory so it's not accessible via HTTP. Hope that helps, Larry ---End Message--- ---BeginMessage--- ?? why would i not try it before posting heh :O -Original Message- From: Daniel Diehl [mailto:[EMAIL PROTECTED] Sent: Sunday, March 23, 2003 12:23 AM To: 'Dan Rossi'; 'Php-General' Subject: RE: [PHP] variales within define constants Just try it :) -Original Message- From: Dan Rossi [mailto:[EMAIL PROTECTED] Sent: Samstag, 22. März 2003 08:09 To: Php-General Subject: [PHP] variales within define constants hi guys i'm sure i've done this before but is it possible ? i would like it to show up like this define('CONSTANT','Hello $var'); $var = Dan; echo CONSTANT -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php ---End Message--- ---BeginMessage--- yes, you can do this, but you have the order wrong. you must set the variable before you use it. and you must have double quotes around the variable in the define() call single quotes denotes a literal string which will not include the value of a variable, you would end up echo'ing Hello $var instead of Hello Dan $var = Dan; define('CONSTANT', Hello $var); echo CONSTANT Jim Lucas - Original Message - From: Dan Rossi [EMAIL PROTECTED] To: Daniel Diehl [EMAIL PROTECTED]; 'Php-General' [EMAIL PROTECTED] Sent: Saturday, March 22, 2003 4:44 AM Subject: RE: [PHP] variales within define constants ?? why would i not try it before posting heh :O -Original Message- From: Daniel Diehl [mailto:[EMAIL PROTECTED] Sent: Sunday, March 23, 2003 12:23 AM
[PHP] Re: [PHP-DB] Gathering data from a database
- Mike, MD I have been having this problem for a while now, and I cant figure it out. the code is: MD ? MD $host = localhost; MD $uname = sniper; MD $pass = starcraft; MD $database = sha; MD $tablename = members; MD $connect = mysql_connect ($host, $uname, $pass); MD $select = mysql_select_db ($database); MD $query = SELECT * from $tablename; MD $result = mysql_query ($query, $connect); MD while ($row = mysql_fetch_array($result)) MD { MD print_r( $row ); MD echo mysql_error(); MD } ? MD mysql has an error on line 19. Line 19 is while ($row = mysql_fetch_array($result)). What am I doing wrong? MD Thanks for your help, MD Mike ensure $result is correct: ? $host = localhost; $uname = sniper; $pass = starcraft; $database = sha; $tablename = members; $connect = mysql_connect ($host, $uname, $pass); what is that? ;] - $select = mysql_select_db ($database); # why do u use ? $query = SELECT * from $tablename; $result = mysql_query ($query, $connect); while ($row = mysql_fetch_array($result)) { print_r( $row ); echo mysql_error(); } ? Yours L0vCh1Y -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to pass variable for $_GET
http://www.php.net/manual/en/ref.info.php#ini.magic-quotes-gpc DomIntCom wrote: ok - found urldecode which is now giving me the following; \'2003-1-3 00:00:01\' AND \'2003-3-10 23:59:59\' original string; '2003-1-3 00:00:01' AND '2003-3-10 23:59:59' Domintcom [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] ok - I know how to pass these variables by appending variables to the link. however, I'm trying to pass the following string; '2003-1-1 00:00:01' AND '2003-3-20 23:59:59' now - when I pass it what I get is the following; date='2003-2-1%2000:00:01'%20AND%20'2003-3-1%2023:59:59' it seems what I'm going to have to do is replace %20 with a space, but I'm unclear of how to do that with php. thanks, Jeff -- The above message is encrypted with double rot13 encoding. Any unauthorized attempt to decrypt it will be prosecuted to the full extent of the law.
Re: [PHP] regex
Try this (entirely untested!): $final_footer = preg_replace('%INCLUDE_FILE\\[[^\\]]*\\]%','',$final_footer); Nate wrote: hi, i need to search $final_footer for a string such as %INCLUDE_FILE[/path/to/file]% (where /path/to/file could be anything) and delete it from the string. it being %INCLUDE_FILE[/path/to/file]% (not just /path/to/file) im new to regexps but im guessing I should use preg_match for this? Can someone give me a code example? thanks much Nate -- The above message is encrypted with double rot13 encoding. Any unauthorized attempt to decrypt it will be prosecuted to the full extent of the law. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: how to pass variable for $_GET
stripslashes(\'2003-1-3 00:00:01\' AND \'2003-3-10 23:59:59\'); Domintcom [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] ok - found urldecode which is now giving me the following; \'2003-1-3 00:00:01\' AND \'2003-3-10 23:59:59\' original string; '2003-1-3 00:00:01' AND '2003-3-10 23:59:59' Domintcom [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] ok - I know how to pass these variables by appending variables to the link. however, I'm trying to pass the following string; '2003-1-1 00:00:01' AND '2003-3-20 23:59:59' now - when I pass it what I get is the following; date='2003-2-1%2000:00:01'%20AND%20'2003-3-1%2023:59:59' it seems what I'm going to have to do is replace %20 with a space, but I'm unclear of how to do that with php. thanks, Jeff -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] regex
Thanks! That worked almost. It removed everything except for the 2 % signs. How might I remove those as well? Leif K-Brooks [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... Try this (entirely untested!): $final_footer = preg_replace('%INCLUDE_FILE\\[[^\\]]*\\]%','',$final_footer); Nate wrote: hi, i need to search $final_footer for a string such as %INCLUDE_FILE[/path/to/file]% (where /path/to/file could be anything) and delete it from the string. it being %INCLUDE_FILE[/path/to/file]% (not just /path/to/file) im new to regexps but im guessing I should use preg_match for this? Can someone give me a code example? thanks much Nate -- The above message is encrypted with double rot13 encoding. Any unauthorized attempt to decrypt it will be prosecuted to the full extent of the law. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] regex
Thanks! That worked almost. It removed everything except for the 2 % signs. How might I remove those as well? Leif K-Brooks [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Try this (entirely untested!): $final_footer = preg_replace('%INCLUDE_FILE\\[[^\\]]*\\]%','',$final_footer); Nate wrote: hi, i need to search $final_footer for a string such as %INCLUDE_FILE[/path/to/file]% (where /path/to/file could be anything) and delete it from the string. it being %INCLUDE_FILE[/path/to/file]% (not just /path/to/file) im new to regexps but im guessing I should use preg_match for this? Can someone give me a code example? thanks much Nate -- The above message is encrypted with double rot13 encoding. Any unauthorized attempt to decrypt it will be prosecuted to the full extent of the law. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] regex
Whoops! Try this: preg_replace('|%INCLUDE_FILE\\[[^\\]]*\\]%|','',$final_footer); Nate Sanden wrote: Thanks! That worked almost. It removed everything except for the 2 % signs. How might I remove those as well? Leif K-Brooks [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Try this (entirely untested!): $final_footer = preg_replace('%INCLUDE_FILE\\[[^\\]]*\\]%','',$final_footer); Nate wrote: hi, i need to search $final_footer for a string such as %INCLUDE_FILE[/path/to/file]% (where /path/to/file could be anything) and delete it from the string. it being %INCLUDE_FILE[/path/to/file]% (not just /path/to/file) im new to regexps but im guessing I should use preg_match for this? Can someone give me a code example? thanks much Nate -- The above message is encrypted with double rot13 encoding. Any unauthorized attempt to decrypt it will be prosecuted to the full extent of the law. -- The above message is encrypted with double rot13 encoding. Any unauthorized attempt to decrypt it will be prosecuted to the full extent of the law.
Re: [PHP] regex
Worked great. Thanks so much. Leif K-Brooks [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Whoops! Try this: preg_replace('|%INCLUDE_FILE\\[[^\\]]*\\]%|','',$final_footer); Nate Sanden wrote: Thanks! That worked almost. It removed everything except for the 2 % signs. How might I remove those as well? Leif K-Brooks [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Try this (entirely untested!): $final_footer = preg_replace('%INCLUDE_FILE\\[[^\\]]*\\]%','',$final_footer); Nate wrote: hi, i need to search $final_footer for a string such as %INCLUDE_FILE[/path/to/file]% (where /path/to/file could be anything) and delete it from the string. it being %INCLUDE_FILE[/path/to/file]% (not just /path/to/file) im new to regexps but im guessing I should use preg_match for this? Can someone give me a code example? thanks much Nate -- The above message is encrypted with double rot13 encoding. Any unauthorized attempt to decrypt it will be prosecuted to the full extent of the law. -- The above message is encrypted with double rot13 encoding. Any unauthorized attempt to decrypt it will be prosecuted to the full extent of the law. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP and IIS
On March 22, 2003 04:03 pm, Beauford.2002 wrote: I just installed Win2k server and IIS (need it for a project I am doing) and get the following error after installing PHP. All permissions are set correctly. This appears to be a common problem as a search comes up with hundreds of the same problem - funny though - no answers. Any help is appreciated. Are you absolutely sure the permissions are all set correctly? I can't see how this problem could be coming from anything else. Remember to give the IUSR_YOURMACHINENAME account execute access to php.exe as well as access to uploadtemp and sessionsdata directories. Also in IIS enable script execution for your website or virtual folder. Leo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP and IIS
I'm an Apache user - I had runscripts on for the main server, but I had a virtual host which did not - I assumed incorrectly that the virtual would inherit the other settings. I was wrong. B. - Original Message - From: Burhan Khalid [EMAIL PROTECTED] To: Beauford.2002 [EMAIL PROTECTED] Sent: Saturday, March 22, 2003 9:32 PM Subject: Re: [PHP] PHP and IIS Hello Beauford.2002, Saturday, March 22, 2003, 6:03:38 PM, you wrote: B2 I just installed Win2k server and IIS (need it for a project I am doing) and B2 get the following error after installing PHP. All permissions are set B2 correctly. This appears to be a common problem as a search comes up with B2 hundreds of the same problem - funny though - no answers. B2 Any help is appreciated. In the IIS properties -- make sure you have run scripts enabled for the folder in question. -- Best regards, Burhan mailto:[EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] SSL
Greetings! Is there a PHP function that will allow a script to connect to a web server using SSL? I would need to post data from a script to a remote server securely. The remote server has SSL enabled. Thanks, Rod CinchHost.com - Web Hosting Made Easier ASP, PHP, CGI, WEBMAIL, And More Packages as Low as $9.99 - No Set Up fees http://www.cinchhost.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SSL
Hello Rodney, You can use Curl to send post requests, take a look at http://www.php.net/curl If you have compiled PHP --with-openssl you can also access https locations with functions such as file_get_contents. If Curl is not an option and you have PHP compiled with streams and --with-openssl you can use streams to post data over SSL, take a look at Example 2 at http://us2.php.net/manual/en/ref.stream.php. Jason Rodney Green wrote: Greetings! Is there a PHP function that will allow a script to connect to a web server using SSL? I would need to post data from a script to a remote server securely. The remote server has SSL enabled. Thanks, Rod CinchHost.com - Web Hosting Made Easier ASP, PHP, CGI, WEBMAIL, And More Packages as Low as $9.99 - No Set Up fees http://www.cinchhost.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [php] Re: [PHP] SSL
You can use Curl to send post requests, take a look at http://www.php.net/curl If you have compiled PHP --with-openssl you can also access https locations with functions such as file_get_contents. If Curl is not an option and you have PHP compiled with streams and --with-openssl you can use streams to post data over SSL, take a look at Example 2 at http://us2.php.net/manual/en/ref.stream.php. Hi Jason. Thanks for the reply and information. It'll give me a good start to figuring out the best way to do this. I've put in a support request with my hosting provider to ask if they have cURL installed. I'm hoping they do as it will probably make it easier for me. Thanks, Rod CinchHost.com - Web Hosting Made Easier ASP, PHP, CGI, WEBMAIL, And More Packages as Low as $9.99 - No Set Up fees http://www.cinchhost.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] [php] nomenclature
Hi, I'm writing an academic paper detailing how my bibliographic database works. $myinput = mysql_query($sql) or die(print font color=red.mysql_error()./font); while ($mydata = mysql_fetch_object($myinput)) { } What is the usual, normal, standard nomenclature for $myinput and $mydata? How do people usually declare/name/type $myinput and $mydata?, usually speaking? I want to pick something normal they might encounter in their travels at www.php.net etc. Thanks, John compcanlit.ca -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] more issues with variales within strings
hi guys , i am sure this worked on an earlier version of php, 'NOT_ALLOWED_EXTENSION' = Not Allowed File Extension, the following filetypes are allowed : ($this-type)\n, this is inside an array then i used to do $this-extract_filetypes($this-imgtypes); $this-error_codes[NOT_ALLOWED_EXTENSION]; where extract filetypes returned $this-type , is there a way to do this now ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [php] nomenclature
$result = mysql_query($sql) ; ^ while ($rec = mysql_fetch_object($results)) ^ On Saturday 22 March 2003 11:56 pm, you wrote: Hi, I'm writing an academic paper detailing how my bibliographic database works. $myinput = mysql_query($sql) or die(print font color=red.mysql_error()./font); while ($mydata = mysql_fetch_object($myinput)) { } What is the usual, normal, standard nomenclature for $myinput and $mydata? How do people usually declare/name/type $myinput and $mydata?, usually speaking? I want to pick something normal they might encounter in their travels at www.php.net etc. Thanks, John compcanlit.ca -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [php] nomenclature
On Sunday 23 March 2003 13:13, John Hicks wrote: $result = mysql_query($sql) ; ^ while ($rec = mysql_fetch_object($results)) ^ I think $row is more commonly used than $rec. And you have an extra 's' on the second $result. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* broad-mindedness, n: The result of flattening high-mindedness out. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] more issues with variales within strings
never mind this is the only way i can probaly do this 'NOT_ALLOWED_EXTENSION' = Not Allowed File Extension, the following filetypes are allowed : (.$_SESSION['ext_type'].) -Original Message- From: Dan Rossi [mailto:[EMAIL PROTECTED] Sent: Sunday, March 23, 2003 2:56 PM To: Php-General Subject: [PHP] more issues with variales within strings hi guys , i am sure this worked on an earlier version of php, 'NOT_ALLOWED_EXTENSION' = Not Allowed File Extension, the following filetypes are allowed : ($this-type)\n, this is inside an array then i used to do $this-extract_filetypes($this-imgtypes); $this-error_codes[NOT_ALLOWED_EXTENSION]; where extract filetypes returned $this-type , is there a way to do this now ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] [php] Blind?
I'm blind or tired or both. Anyone see anything wrong with: $sql = 'SELECT * FROM '.$table.' WHERE MATCH (author,title,book,journal,volumenumber,issuenumber,placeofpublication,publisher,year,pages) AGAINST (\''.stripslashes($searchenquiry).'\' IN BOOLEAN MODE) ORDER BY id asc;'; I've tried looking at it in a .phps but don't see it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [php] nomenclature
Thanks jason, john. http://www.php.net/manual/en/function.mysql-fetch-object.php $row and $result Jason Wong wrote: On Sunday 23 March 2003 13:13, John Hicks wrote: $result = mysql_query($sql) ; ^ while ($rec = mysql_fetch_object($results)) ^ I think $row is more commonly used than $rec. And you have an extra 's' on the second $result. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [php] Blind?
Hi, Sunday, March 23, 2003, 4:25:29 PM, you wrote: JTJ I'm blind or tired or both. Anyone see anything wrong with: JTJ $sql = 'SELECT * FROM '.$table.' WHERE MATCH JTJ (author,title,book,journal,volumenumber,issuenumber,placeofpublication,publisher,year,pages) JTJ AGAINST (\''.stripslashes($searchenquiry).'\' IN BOOLEAN MODE) ORDER BY id asc;'; JTJ I've tried looking at it in a .phps but don't see it. Is that an extra ; near the end ;'; -- regards, Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [php] Blind?
Yeah, but it works it you pass it into MySQl. Obligatory I think. I found my problem 10 lines up. A missing ; but singled out that line - just to confuse me. Sorry, it wasn't that after all. Thanks, John Tom Rogers wrote: Hi, Sunday, March 23, 2003, 4:25:29 PM, you wrote: JTJ I'm blind or tired or both. Anyone see anything wrong with: JTJ $sql = 'SELECT * FROM '.$table.' WHERE MATCH JTJ (author,title,book,journal,volumenumber,issuenumber,placeofpublication,publisher,year,pages) JTJ AGAINST (\''.stripslashes($searchenquiry).'\' IN BOOLEAN MODE) ORDER BY id asc;'; JTJ I've tried looking at it in a .phps but don't see it. Is that an extra ; near the end ;'; -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php