答复: [PHP] Close all open tags in HTML text

2004-12-08 Thread yangshiqi 
May be you could use a iframe to ensure your own page much safer,
despite show the users' inputs is very dangerous.

-邮件原件-
发件人: Raditha Dissanayake [mailto:[EMAIL PROTECTED] 
发送时间: 2004年12月9日 12:26
抄送: [EMAIL PROTECTED]
主题: Re: [PHP] Close all open tags in HTML text


Matt Palermo wrote:

>I am allowing users to imput HTML code into a textarea.  After they input 
>this, I wany to output their HTML to the browser.  In order for the
document 
>to be safe, I need to close all open HTML tags that have been left open by 
>the user, along with any open comments.  Is there a way to take an HTML 
>string and add closing tags and comments to it if needed?
>  
>
Certainly not impossible but by no means an easy task. You would be 
doing the job of an html validator and it's probably better for you to 
use a third party library for that than to code it yourself.

>Thanks,
>
>Matt 
>
>  
>


-- 
Raditha Dissanayake.
--
http://www.radinks.com/print/card-designer/ | Card Designer Applet
http://www.radinks.com/upload/  | Drag and Drop Upload 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

答复: [PHP] Pass mysql array into SESSION?

2004-12-08 Thread yangshiqi 
Yes. And also look at your php.ini, if the session's name and path is not
set ,
You must set it above session_start();
Like :
session_name('test');
session_save_path("/homes/eric/temp");
session_start();
...

-邮件原件-
发件人: Marek Kilimajer [mailto:[EMAIL PROTECTED] 
发送时间: 2004年12月9日 10:15
收件人: Jerry Swanson
抄送: PHP List
主题: Re: [PHP] Pass mysql array into SESSION?

Jerry Swanson wrote:
> I want to pass an array from one page to excell generation page. I
> tried to pass through session($_SESSION['sql'] = $var). But value is
> not set.
> 
> The array is actually $result = mysql_query($query);
> 

did you call session_start() at the beginning of your scripts? Is the 
query executed without an error? Are there any rows returned?

Start with something simple and see if it works:

Page 1:
session_start();

query database...

print_r() the result

store the result in session variable

link to Page 2


Page 2:

session_start();

print_r the session variable

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] about installing php

2004-12-08 Thread Janet Valade 
satya bharti wrote:
sir, 
I am using Red Hat Linux 8.0, and tried many times to install apache 2.0 and php4.0  many times, the message comes that apache and php has installed on my system. when i execute a php program through my web brouser it shows blank. what causes this and how can I solve this problem? plz help on this matter.
with regards:- 
There are two likely sources of this problem.
1. Are you sure you are accessing your PHP program by typing the name 
into the browser address field, e.g., localhost/test.php. You cannot use 
File->Open File.

2. The lines you added to httpd.conf are not correct. Check the lines 
carefully. You may have a typo. You need to add two lines in the correct 
location:

LoadModule php4_module libexec/libphp4.so
AddType application/x-httpd-php .php
Janet

Satya Prakash.
Yahoo! India Matrimony: Find your life partneronline.

--
Janet Valade -- janet.valade.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Installing Apache and PHP from scratch

2004-12-08 Thread David Robley 
On Thu, 9 Dec 2004 08:34, Don wrote:

> Hi,
>  
> Have been using RedHat and Fedora Systems.  When I install the OS, Apache
> is
> usually installed already and I download PHP and install manually.  I'd
> like
> to install Apache itself but not sure what configuration to use.  Is there
> a command similar to the phpinfo() command that can tell me how an already
> installed Apache in configured?

Enable server-info in your httpd.conf and be amazed at the amount of
information http;//localhost/server-info will chuck at you.

-- 
David Robley

Useless Invention: Laundromat in a nudist colony.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] login.php

2004-12-08 Thread Warren Vail 
You can find lots of information on your own by reading the manual, always a
good place to start.

Try http://us2.php.net/manual/en/ref.ldap.php

Google is another source.

good luck,

Warren

> -Original Message-
> From: badlya badlu [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, December 08, 2004 9:27 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] login.php
>
>
> Hi All
>
> This is my first mail to php mailing list. i want to
> create one login.php program in linux. i want this
> page to go the ldap server for authentication. how
> should i do it.
> thanks in advance.
>
> badlya
>
>
>
>
>
> __
> Do you Yahoo!?
> Read only the mail you want - Yahoo! Mail SpamGuard.
> http://promotions.yahoo.com/new_mail
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] about installing php

2004-12-08 Thread satya bharti 
sir, 
I am using Red Hat Linux 8.0, and tried many times to install apache 2.0 and 
php4.0  many times, the message comes that apache and php has installed on my 
system. when i execute a php program through my web brouser it shows blank. 
what causes this and how can I solve this problem? plz help on this matter.
with regards:- 
Satya Prakash.

Yahoo! India Matrimony: Find your life partneronline.

[PHP] login.php

2004-12-08 Thread badlya badlu 
Hi All

This is my first mail to php mailing list. i want to
create one login.php program in linux. i want this
page to go the ldap server for authentication. how
should i do it.
thanks in advance.

badlya





__ 
Do you Yahoo!? 
Read only the mail you want - Yahoo! Mail SpamGuard. 
http://promotions.yahoo.com/new_mail 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Close all open tags in HTML text

2004-12-08 Thread Raditha Dissanayake 
Matt Palermo wrote:
I am allowing users to imput HTML code into a textarea.  After they input 
this, I wany to output their HTML to the browser.  In order for the document 
to be safe, I need to close all open HTML tags that have been left open by 
the user, along with any open comments.  Is there a way to take an HTML 
string and add closing tags and comments to it if needed?
 

Certainly not impossible but by no means an easy task. You would be 
doing the job of an html validator and it's probably better for you to 
use a third party library for that than to code it yourself.

Thanks,
Matt 

 


--
Raditha Dissanayake.
--
http://www.radinks.com/print/card-designer/ | Card Designer Applet
http://www.radinks.com/upload/  | Drag and Drop Upload 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Close all open tags in HTML text

2004-12-08 Thread Matt Palermo 
I am allowing users to imput HTML code into a textarea.  After they input 
this, I wany to output their HTML to the browser.  In order for the document 
to be safe, I need to close all open HTML tags that have been left open by 
the user, along with any open comments.  Is there a way to take an HTML 
string and add closing tags and comments to it if needed?

Thanks,

Matt 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] help me split chars w/o spaces by 2... like: 2004

2004-12-08 Thread Louie Miranda 


outputs: 2004

Whats the correct syntax for it? The manual said.. 

This function is an alias of rtrim(). 

and: 

rtrim
(PHP 3, PHP 4 )

rtrim --  Strip whitespace from the end of a string 



On Wed, 08 Dec 2004 18:11:19 -0800, Tyler Replogle <[EMAIL PROTECTED]> wrote:
> have you tride using chop() ?
> # begin code
> $year_split = date("Y");
> $chars = chop($year_split);
> $chars[0] // = 2
> $chars[1] // = 0
> $chars[2] // = 0
> $chars[3]  //= 4
> # end code
> I hope that will help
> 
> >From: Louie Miranda <[EMAIL PROTECTED]>
> >Reply-To: Louie Miranda <[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED]
> >Subject: [PHP] help me split chars w/o spaces by 2... like: 2004
> >Date: Thu, 9 Dec 2004 09:55:57 +0800
> >MIME-Version: 1.0
> >Received: from pb1.pair.com ([216.92.131.4]) by mc6-f24.hotmail.com with
> >Microsoft SMTPSVC(5.0.2195.6713); Wed, 8 Dec 2004 17:56:52 -0800
> >Received: (qmail 21242 invoked by uid 1010); 9 Dec 2004 01:56:02 -
> >Received: (qmail 21150 invoked by uid 1010); 9 Dec 2004 01:56:01 -
> >X-Message-Info: 6sSXyD95QpUKIecQn+Z/xIP21pcg8LTu
> >Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
> >Precedence: bulk
> >list-help: 
> >list-unsubscribe: 
> >list-post: 
> >Delivered-To: mailing list [EMAIL PROTECTED]
> >Delivered-To: [EMAIL PROTECTED]
> >Delivered-To: [EMAIL PROTECTED]
> >DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;s=beta;
> >d=gmail.com;
> >h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding;
> >
> >b=gp2OcpYqK7wZkSMBhO5OvxdTzhTOQdM1+n9ZtLJ4lmsKWFpVRb9Y2kyjNIrRIX/rvXeFfwCVGh7LT6kub0DMmCGdeRiLKeCjJkxK4fWxSrP2D+FexciD2lT8ASKD7TNYC3YGIZLZbk5UEJIq9Yx2TkbIdgNd/Op3+iEviy1scI4=
> >Return-Path: [EMAIL PROTECTED]
> >X-OriginalArrivalTime: 09 Dec 2004 01:56:53.0406 (UTC)
> >FILETIME=[5AF313E0:01C4DD92]
> 
> 
> >
> >Help me split chars w/o spaces by 2... like: 2004
> >How can i make it?
> >
> >first: 20
> >second: 04
> >
> >Im working on this..
> >
> ># begin code
> >$year_split = date("Y");
> >$chars = preg_split('//', $year_split, -1, PREG_SPLIT_NO_EMPTY);
> ># end code
> >
> >But it splits the whole "2004" string..
> >
> >Array
> >(
> > [0] => 2
> > [1] => 0
> > [2] => 0
> > [3] => 4
> >)
> >
> >
> >--
> >Louie Miranda
> >http://www.axishift.com
> >
> >--
> >PHP General Mailing List (http://www.php.net/)
> >To unsubscribe, visit: http://www.php.net/unsub.php
> >
> 
> 


-- 
Louie Miranda
http://www.axishift.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] help me split chars w/o spaces by 2... like: 2004

2004-12-08 Thread Robby Russell 
On Thu, 2004-12-09 at 09:55 +0800, Louie Miranda wrote:
> Help me split chars w/o spaces by 2... like: 2004
> How can i make it?
> 
> first: 20
> second: 04
> 
> Im working on this..
> 
> # begin code
> $year_split = date("Y");
> $chars = preg_split('//', $year_split, -1, PREG_SPLIT_NO_EMPTY);
> # end code
> 
> But it splits the whole "2004" string..
> 
> Array
> (
> [0] => 2
> [1] => 0
> [2] => 0
> [3] => 4
> )
> 
> 

First of all, what sort of code are you building that needs to split the
year by 2 sets of 2 digits?

Second, you can do this like so:

$foo = date("Y");

$bar = array();

$bar[] = substr($foo,0,2);
$bar[] = substr($foo,2,2);

print_r($bar);


> Array
> (
> [0] => 20
> [1] => 04
> )


-Robby

-- 
/***
* Robby Russell | Owner.Developer.Geek
* PLANET ARGON  | www.planetargon.com
* Portland, OR  | [EMAIL PROTECTED]
* 503.351.4730  | blog.planetargon.com
* PHP/PostgreSQL Hosting & Development
*--- Now supporting PHP5 ---
/


signature.asc
Description: This is a digitally signed message part

Re: [PHP] Pass mysql array into SESSION?

2004-12-08 Thread Marek Kilimajer 
Jerry Swanson wrote:
I want to pass an array from one page to excell generation page. I
tried to pass through session($_SESSION['sql'] = $var). But value is
not set.
The array is actually $result = mysql_query($query);
did you call session_start() at the beginning of your scripts? Is the 
query executed without an error? Are there any rows returned?

Start with something simple and see if it works:
Page 1:
session_start();
query database...
print_r() the result
store the result in session variable
link to Page 2
Page 2:
session_start();
print_r the session variable
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Implementing database cache.

2004-12-08 Thread Manuel Lemos 
Hello,
Bruno b b magalhães wrote:
does anybody have am idea of witch are the required functions to 
implement a database query cache? I have a very nice and fast database 
layer, witch I use in all my projects (about 19 sites and a lot of 
others hot-sites and systems like intranet and extranets). Here is my 
idea of the functions:

is_cached();
read_cache();
clear_cache();
write_cache();
And what is the fastest way, shared memory perhaps? And I would have to 
use serialize function to store query results right? and about the cache 
name (or cache_id whatever) I was thinking about using a md5 hash of the 
query itself.
I use this class below to cache arbitrary data, for a given period or 
until you an arbitrary moment when something else is updated in your site.

http://www.phpclasses.org/filecache
Of course, you can use it to retrieve the results into an array and 
store the serialized array in the cache.

However, in practice it is much more efficient if you cache the actual 
HTML of the pages that are generated from one or more queries. This way 
you may be saving many more database access queries with a single cache 
and also the actual CPU time  your script takes to generate the cached 
HTML pages.

--
Regards,
Manuel Lemos
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
PHP Reviews - Reviews of PHP books and other products
http://www.phpclasses.org/reviews/
Metastorage - Data object relational mapping layer generator
http://www.meta-language.net/metastorage.html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] help me split chars w/o spaces by 2... like: 2004

2004-12-08 Thread Tyler Replogle 
have you tride using chop() ?
# begin code
$year_split = date("Y");
$chars = chop($year_split);
$chars[0] // = 2
$chars[1] // = 0
$chars[2] // = 0
$chars[3]  //= 4
# end code
I hope that will help
From: Louie Miranda <[EMAIL PROTECTED]>
Reply-To: Louie Miranda <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [PHP] help me split chars w/o spaces by 2... like: 2004
Date: Thu, 9 Dec 2004 09:55:57 +0800
MIME-Version: 1.0
Received: from pb1.pair.com ([216.92.131.4]) by mc6-f24.hotmail.com with 
Microsoft SMTPSVC(5.0.2195.6713); Wed, 8 Dec 2004 17:56:52 -0800
Received: (qmail 21242 invoked by uid 1010); 9 Dec 2004 01:56:02 -
Received: (qmail 21150 invoked by uid 1010); 9 Dec 2004 01:56:01 -
X-Message-Info: 6sSXyD95QpUKIecQn+Z/xIP21pcg8LTu
Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
Precedence: bulk
list-help: 
list-unsubscribe: 
list-post: 
Delivered-To: mailing list [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;s=beta; 
d=gmail.com;
h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; 
   
b=gp2OcpYqK7wZkSMBhO5OvxdTzhTOQdM1+n9ZtLJ4lmsKWFpVRb9Y2kyjNIrRIX/rvXeFfwCVGh7LT6kub0DMmCGdeRiLKeCjJkxK4fWxSrP2D+FexciD2lT8ASKD7TNYC3YGIZLZbk5UEJIq9Yx2TkbIdgNd/Op3+iEviy1scI4=
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 09 Dec 2004 01:56:53.0406 (UTC) 
FILETIME=[5AF313E0:01C4DD92]

Help me split chars w/o spaces by 2... like: 2004
How can i make it?
first: 20
second: 04
Im working on this..
# begin code
$year_split = date("Y");
$chars = preg_split('//', $year_split, -1, PREG_SPLIT_NO_EMPTY);
# end code
But it splits the whole "2004" string..
Array
(
[0] => 2
[1] => 0
[2] => 0
[3] => 4
)
--
Louie Miranda
http://www.axishift.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: mail with attachment

2004-12-08 Thread Manuel Lemos 
Hello,
Dre wrote:
> Thanks Manuel, I will check the class
>
> and here is the code of the mail sending script
> //==
>$att_name = $_POST['att'];
>   echo $att_name;
>   $att_size = filesize($att_name);
>   $handle= fopen($att_name, "r");
>   $file = fread($handle, $att_size);
You need to open the file as binary but I do not think that could cause 
the problem that you described. Did you try the class that I mentioned? 
Did it work?

--
Regards,
Manuel Lemos
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
PHP Reviews - Reviews of PHP books and other products
http://www.phpclasses.org/reviews/
Metastorage - Data object relational mapping layer generator
http://www.meta-language.net/metastorage.html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] help me split chars w/o spaces by 2... like: 2004

2004-12-08 Thread Louie Miranda 
Help me split chars w/o spaces by 2... like: 2004
How can i make it?

first: 20
second: 04

Im working on this..

# begin code
$year_split = date("Y");
$chars = preg_split('//', $year_split, -1, PREG_SPLIT_NO_EMPTY);
# end code

But it splits the whole "2004" string..

Array
(
[0] => 2
[1] => 0
[2] => 0
[3] => 4
)


-- 
Louie Miranda
http://www.axishift.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] For Loop

2004-12-08 Thread Travis Conway 
try
for($i=0;$i>$months_arr_length;$i++)
look at it as this:
for(i as starting point; till i is what? greater than my length; increment i 
how? by 1) {

HTH
Trav
- Original Message - 
From: "R. Van Tassel" <[EMAIL PROTECTED]>
To: "'PHP general'" <[EMAIL PROTECTED]>
Sent: Wednesday, December 08, 2004 3:41 PM
Subject: [PHP] For Loop


I have a question about the following code:
**
$months_arr = array("JAN", "FEB", "MAR", "APR", "MAY", "JUN", "JUL", 
"AUG",
"SEP", "OCT", "NOV", "DEC");
$months_arr_length = count($months_arr);

for($i = 0; $i = $months_arr_length; $i++){
echo $months_arr[1]." ";
}
***
When I run the code above it continues and never stops. According to the 
PHP
documentation the second condition works as follows:

"In the beginning of each iteration, expr2 is evaluated. If it evaluates 
to
TRUE, the loop continues and the nested statement(s) are executed. If it
evaluates to FALSE, the execution of the loop ends."

In the first iteration of the loop $i would equal 0 and the array length 
is
12. 12 is consistent. To it seems that the loop should STOP when the 
counter
reaches 12, equal to the length of the array. Why is it continuing in a
neverending loop? What am I missing?

Changing the condition of the for loop to $i <= $months_arr_length; fixes
everything and it works properly.
Can someone please explain where my confusion is?
Thanks,
~R. Van Tassel
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php 
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Implementing database cache.

2004-12-08 Thread Bruno B B Magalhães 
I am using mysql with cache results enable, but as every addicted I 
want more and more... course I have to benchmark it to see if its 
worth...

Regards,
Bruno B B Magalhães
On Dec 8, 2004, at 8:34 PM, John Holmes wrote:
Bruno B B Magalhães wrote:
Hi again guys,
does anybody have am idea of witch are the required functions to 
implement a database query cache?
What database are you using? I think most of the common ones already 
have a cache built into them that you'd just have to enable. That'd be 
the best route, imo.

--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP Security

2004-12-08 Thread Chris Shiflett 
--- Richard Lynch <[EMAIL PROTECTED]> wrote:
> I personally think that if you can't upload your images outside
> your web tree then, in fact, your server admin is at fault for not
> providing you a directory structure that allows that. Good
> security requires cooperation from both admin and Programmer.

I agree with both of these points. In fact, if the temporary upload
directory is within document root, there exists a security vulnerability,
regardles of the code. I can upload a file to any PHP script, and PHP
provides the script with the $_FILES superglobal array, including the
temporary name and location of the file that I uploaded. You don't have to
actually use $_FILES for this to happen.

> Also, you *SHOULD* force the file to be saved on your server
> with the correct extension. If a user can upload a JPEG with
> .php on the end, or worse, with php in the middle of the
> filename, and then your server puts that file in the web tree or
> otherwise allows it to be executed, *YOU* (and your server
> admin) screwed up your security, not PHP.

Trusting the name provided by the client is certainly a bad practice, but
I wouldn't consider "php" in the middle of a filename to be worse than
extension manipulation. I'm not sure what gave you that idea, but it's
just not true.

> Under *NO* circumstances should a file uploaded by an
> untrusted user be put into your web tree. You should *KEEP* it
> outside the web tree, and use PHP to http://php.net/readfile it
> when it needs to be displayed. Since you are using PHP's
> readfile function to *READ* the file, Apache won't have any
> chance to get fooled into thinking it's supposed to be a PHP file
> and be parsed by PHP.

This is misleading. It is fine to put uploaded files within document root,
and in fact many applications may require this. Using readfile() is not
realistic except for small sites - the performance penalty alone makes
this a poor approach, since it provides very little value.

That being said, it's true that you should not trust the name provided by
the client (or anything provided by the client), but this is much
different than blind paranoia. If this perspective were applied to HTML
forms, no one could use them.

Chris

=
Chris Shiflett - http://shiflett.org/

PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming Soon http://httphandbook.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Security

2004-12-08 Thread Chris Shiflett 
--- Richard Lynch <[EMAIL PROTECTED]> wrote:
> There are times when one needs to parse a file that ends in .jpg
> (or .jpeg) as PHP.

I can't think of any, unless it's prove that you can do it. :-)

> Specifically, broken browsers (various versions of IE) that ignore
> Content-type: headers and use the URL to determine the MIME
> type will not correctly display a URL such as:
> 
> http://l-i-e.com/gd_example.php

IE still ignores Content-Type in most cases (way to go, Microsoft), but
this problem doesn't exist in recent versions, to my knowledge.

> Said browser will, however, correctly handle:
> http://l-i-e.com/gd_example.jpg
> 
> Note that both images are dynamic and, in fact, the two source
> files are Linux symbolic (hard) links, as is this PHP source code:
> http://l-i-e.com/gd_example.phps

There are better ways to do this than parsing .jpg files as PHP. One
obvious one is:

http://example.org/image.php/foo.jpg

Another one that I've seen referenced frequently (especially back when
this was a larger and more common problem) is this:

http://example.org/image.php?iesucks=foo.jpg

Chris

=
Chris Shiflett - http://shiflett.org/

PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming Soon http://httphandbook.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP Security

2004-12-08 Thread Chris Shiflett 
--- Greg Donald <[EMAIL PROTECTED]> wrote:
> http://seclists.org/lists/security-basics/2004/Dec/0080.html

Most of this is actually true.

The one statement that is unclear is the following:

"There are two kinds of flaws : 
- flaws inherent to the php langage itself, as seen before, in file 
uploads. 
- danger in uploading files at all on the server, not dependent
on the langage used to handle the actual upload, but regarding
the potential execution of uploaded files."

This may have meant meant hypothetically, meaning that there are two areas
where flaws could potentially exist - in the language or in the code. If
this was meant to suggest that there are existing flaws in the language,
then this is never justified.

Another misleading suggestion is that all uploaded files should be stored
outside of document root. Not only is this not possible in some cases (if
your application depends on this for some reason), it's also not a large
risk. The point to take from this, however, is that if you don't
necessarily need a file within document root (and the only reason is that
you need a URL to be associated with the file), don't put it there. A risk
is still a risk, and an unnecessary risk is always a poor choice.

Chris

=
Chris Shiflett - http://shiflett.org/

PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming Soon http://httphandbook.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Installing Apache and PHP from scratch

2004-12-08 Thread Greg Donald 
On Wed, 8 Dec 2004 17:04:26 -0500, Don <[EMAIL PROTECTED]> wrote:
> Have been using RedHat and Fedora Systems.  When I install the OS, Apache is
> usually installed already and I download PHP and install manually.  I'd like
> to install Apache itself but not sure what configuration to use.  Is there a
> command similar to the phpinfo() command that can tell me how an already
> installed Apache in configured?

For apache 1.x, I'd use:

./configure --with-layout=RedHat --enable-module=so


-- 
Greg Donald
Zend Certified Engineer
http://gdconsultants.com/
http://destiney.com/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Implementing database cache.

2004-12-08 Thread John Holmes 
Bruno B B Magalhães wrote:
Hi again guys,
does anybody have am idea of witch are the required functions to 
implement a database query cache? 
What database are you using? I think most of the common ones already 
have a cache built into them that you'd just have to enable. That'd be 
the best route, imo.

--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] For Loop

2004-12-08 Thread hitek 
$i = $months_arr_length is an assignment, not a comparison, so it will always 
evaluate to true, and you are setting your counter var to 12 every time the 
loop runs, that's why it runs infinitely.


> 
> From: "R. Van Tassel" <[EMAIL PROTECTED]>
> Date: 2004/12/08 Wed PM 04:41:00 EST
> To: "'PHP general'" <[EMAIL PROTECTED]>
> Subject: [PHP] For Loop
> 
> I have a question about the following code:
> 
> **
> 
> $months_arr = array("JAN", "FEB", "MAR", "APR", "MAY", "JUN", "JUL", "AUG",
> "SEP", "OCT", "NOV", "DEC");
> $months_arr_length = count($months_arr);
> 
> for($i = 0; $i = $months_arr_length; $i++){
>   echo $months_arr[1]." ";
> }
> 
> ***
> 
> When I run the code above it continues and never stops. According to the PHP
> documentation the second condition works as follows:
> 
> "In the beginning of each iteration, expr2 is evaluated. If it evaluates to
> TRUE, the loop continues and the nested statement(s) are executed. If it
> evaluates to FALSE, the execution of the loop ends."
> 
> In the first iteration of the loop $i would equal 0 and the array length is
> 12. 12 is consistent. To it seems that the loop should STOP when the counter
> reaches 12, equal to the length of the array. Why is it continuing in a
> neverending loop? What am I missing?
> 
> Changing the condition of the for loop to $i <= $months_arr_length; fixes
> everything and it works properly.
> 
> Can someone please explain where my confusion is?
> 
> Thanks,
> ~R. Van Tassel
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] For Loop

2004-12-08 Thread Gareth Williams 
What happens is (if I understand it correctly):
First, PHP sets $i to equal 0, and then immediately sets $i to 
$months_arr_length.

Every time the loop executes, it resets $1 to $months_arr_length, so 
you are stuck in an infinite loop.

The reason behind this is you are using assignment equals (=) instead 
of comparison equals(==).  It's a mistake I've made myself quite a few 
times.

As an aside, a neater way of using a for loop on an array is the 
following:

foreach ($months_arr as $key => $value)
{
echo $value."";
}

On 8 Dec 2004, at 22:41, R. Van Tassel wrote:
I have a question about the following code:
**
$months_arr = array("JAN", "FEB", "MAR", "APR", "MAY", "JUN", "JUL", 
"AUG",
"SEP", "OCT", "NOV", "DEC");
$months_arr_length = count($months_arr);

for($i = 0; $i = $months_arr_length; $i++){
echo $months_arr[1]." ";
}
***
When I run the code above it continues and never stops. According to 
the PHP
documentation the second condition works as follows:

"In the beginning of each iteration, expr2 is evaluated. If it 
evaluates to
TRUE, the loop continues and the nested statement(s) are executed. If 
it
evaluates to FALSE, the execution of the loop ends."

In the first iteration of the loop $i would equal 0 and the array 
length is
12. 12 is consistent. To it seems that the loop should STOP when the 
counter
reaches 12, equal to the length of the array. Why is it continuing in a
neverending loop? What am I missing?

Changing the condition of the for loop to $i <= $months_arr_length; 
fixes
everything and it works properly.

Can someone please explain where my confusion is?
Thanks,
~R. Van Tassel
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Implementing database cache.

2004-12-08 Thread Bruno B B Magalhães 
Hi again guys,
does anybody have am idea of witch are the required functions to 
implement a database query cache? I have a very nice and fast database 
layer, witch I use in all my projects (about 19 sites and a lot of 
others hot-sites and systems like intranet and extranets). Here is my 
idea of the functions:

is_cached();
read_cache();
clear_cache();
write_cache();
And what is the fastest way, shared memory perhaps? And I would have to 
use serialize function to store query results right? and about the 
cache name (or cache_id whatever) I was thinking about using a md5 hash 
of the query itself.

I would love any ideas! :)
Nice regards.
Bruno B B Magalhaes
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Pass mysql array into SESSION?

2004-12-08 Thread Jerry Swanson 
I want to pass an array from one page to excell generation page. I
tried to pass through session($_SESSION['sql'] = $var). But value is
not set.

The array is actually $result = mysql_query($query);

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Installing Apache and PHP from scratch

2004-12-08 Thread Don 
Hi,
 
Have been using RedHat and Fedora Systems.  When I install the OS, Apache is
usually installed already and I download PHP and install manually.  I'd like
to install Apache itself but not sure what configuration to use.  Is there a
command similar to the phpinfo() command that can tell me how an already
installed Apache in configured?
 
Thanks,
Don

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.806 / Virus Database: 548 - Release Date: 12/5/2004
 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] For Loop

2004-12-08 Thread R. Van Tassel 
I have a question about the following code:

**

$months_arr = array("JAN", "FEB", "MAR", "APR", "MAY", "JUN", "JUL", "AUG",
"SEP", "OCT", "NOV", "DEC");
$months_arr_length = count($months_arr);

for($i = 0; $i = $months_arr_length; $i++){
echo $months_arr[1]." ";
}

***

When I run the code above it continues and never stops. According to the PHP
documentation the second condition works as follows:

"In the beginning of each iteration, expr2 is evaluated. If it evaluates to
TRUE, the loop continues and the nested statement(s) are executed. If it
evaluates to FALSE, the execution of the loop ends."

In the first iteration of the loop $i would equal 0 and the array length is
12. 12 is consistent. To it seems that the loop should STOP when the counter
reaches 12, equal to the length of the array. Why is it continuing in a
neverending loop? What am I missing?

Changing the condition of the for loop to $i <= $months_arr_length; fixes
everything and it works properly.

Can someone please explain where my confusion is?

Thanks,
~R. Van Tassel

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] How to make a PHP Socket client crash-proof?

2004-12-08 Thread René Fournier 
Hi all,
I have a Socket Client that connects to a Server. (It is not  
multi-socket or multi-anything.) It is VERY simple. How it works:

0. CLIENT connects to SERVER.
1. CLIENT waits for incoming data.
2. If there is no data for a while, CLIENT sends a "ping" to the SERVER.
3.	If the SERVER responds, CLIENT continues waiting.
4.	If the SERVER doesn't respond (and a few seconds pass), CLIENT  
closes socket and restarts (Go to Step 0.)
5. Once in a while, CLIENT must send some data to the SERVER
6.	If the SERVER acknowledges the data, CLIENT begins waiting again for  
data from the SERVER (Go to Step 1.)
7.	If the SERVER doesn't acknowledge, CLIENT closes socket and restarts  
(Go to Step 0.)

In a perfect world, the above script would run forever without trouble.  
Unfortunately, the world is not perfect.
Sometimes, the Server "dies" or "disappears" unexpectedly, at which  
point my Client hangs and starts consuming 100% CPU.  (The problem.)

As I understand it, I must change the Client in a couple ways.
1. Set the Client's socket to NON-BLOCKING, so that it doesn't hang the  
script when the Server up and vanishes.
2. Use SOCKET_SELECT().

Now, I've read the docs and several good tutorials code examples, such  
as:

http://us2.php.net/manual/en/function.socket-select.php
http://us2.php.net/manual/en/function.socket-set-nonblock.php
http://dave.dapond.com/socketselect.php.txt
http://labs.jed.bz/HCJ/load.php.txt
http://www.amk.ca/python/howto/sockets/ 
sockets.html#SECTION00051
http://www.catalyst.com/support/tutorials/tcpintro/page9.html

Unfortunately, all examples appear to differ from  my Client in very  
one important way: They do not contain lines 5-7. None of them have to  
periodically stop listening for incoming data and check if they need to  
write to the socket (like mine does).

My Client MUST periodically check a database for new messages waiting  
to be sent. If there are any, it must write them to the Server. In my  
old code (which hangs when the Server disappears), I simply set the  
socket to blocking and give it a timeout of a couple seconds. So, every  
two seconds the Client times out, checks if there are any messages to  
send to the Server, sends them if there are, and then returns to  
waiting

If it helps, I can post snippets of my code, before (working, but not  
crash-proof) and after (not working at all, just looping endlessly,  
really fast).

Many thanks in advance for any suggestions you can offer.
...René
---
René Fournier
www.renefournier.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Security Question with my password protected login script...

2004-12-08 Thread John Holmes 
Richard Lynch wrote:
Ian Gray wrote:
My question is, how secure is this?  I have the password, username etc in
a
MYSQL database but I haven't encrypted it (don't know how)
The MySQL 'password' function at http://mysql.com would work.
For something that is portable to non MySQL systems, you can use
http://php.net/crypt
You should not use the MySQL PASSWORD() function within your own 
applications. MD5() is a good alternative as it's implemented in many 
programs including PHP and MySQL.

Other suggestions were good, though. :)
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] fread()

2004-12-08 Thread Justin Palmer 
I believe that fread uses the handle pointer from when it was opened
so...

None of the code is tested, I just typed it in.

class FileReader
{
//private
var $handle;

function FileReader($filePath)
{
$this->handle = fopen($filePath,'r');
}

/*public*/function read($bytes)
{
return fread($this->handle,$bytes);
}

/*public*/function isEndOfFile()
{
return feof($this->handle);
}

//...
}

USAGE:
$strFile = "";
$fr =& new FileReader("example.txt");
While(!$fr->isEndOfFile())
{
$strPartialFile = $fr->read(1000);
$strFile .= $strPartialFile;
}

More at: php.net/fread

Regards,

Justin Palmer
__
KISS (Keep It Simple, SEARCH)!
Google::getUri( http://www.google.com );
Archives::getUri( http://marc.theaimsgroup.com/?l=php-general );



-Original Message-
From: Russell P Jones [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 08, 2004 12:20 PM
To: [EMAIL PROTECTED]
Subject: [PHP] fread()


Is there any way to use fread() or a similar function to read a section
of a document NOT starting at the beginning...

for example, I can read the first 1000 bytes of a document with

fread($doc, 1000);

Is there any way to read the second 1000 bytes?

perhaps, fread($doc, 1000, 2000); who knows

or would substr work?

russ

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Populating forms in MMEX (Mail EX)

2004-12-08 Thread Jason Manaigre 
Hi everyone, apparently I've come across a situation which should be
simple, but I'm not sure where to start.

I've configured a mailing script (MMEX) on my site and all work just
fine.

But what I can't figure out is how to prepopulate my registration form.

On this page http://www.canadiantravelnews.com/ under the Xmas blowout
I've got the form setup, but it's ugly, I don't the user to have to
enter all this data for this specific trip, I want to use hidden fields
to populate my form here http://www.canadiantravelnews.com/booking.php
were as many fields as possible are populated, the user then just has to
fill in their name and email/phone and hit submit, once submitted it
gets emailed to us.

Does anyone have any tutorials or examples for this? I just don't know
where to start.

Appreciate any help people.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] stupid question about a class

2004-12-08 Thread Richard Lynch 
Richard Kurth wrote:
>
> I have a stupid question but I can not figure it out
> I am using a class that creates the select statement for mysql.
> I am ale to add all the data with out any problem. But when I run the
> class to get the results. I can only see the results by running echo in
> front of the call to the class .
> echo $q->getQuery();
> Output SELECT * FROM listing WHERE state='wa'
> if I
> $q->getQuery();
> echo $g;
> Output Object id #1
> How do I use the results in my mysql query If I can not move it to a
> variable

You are confusing the object itself ($g) with one of its member functions
($g->getQuery())

If you echo $g, you will see only the object itself.
If you echo $g->getQuery() you will see the query you built.

If you want that query in a variable, you could do:
$query = $g->getQuery();
mysql_query($query);

You could even do:
mysql_query($g->getQuery());

But you wouldn't be able to do:
mysql_query($g);
because $g isn't a string, it's an object.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Security Question with my password protected login script...

2004-12-08 Thread Richard Lynch 
Ian Gray wrote:
> Hello all,
> My question is, how secure is this?  I have the password, username etc in
> a
> MYSQL database but I haven't encrypted it (don't know how)

The MySQL 'password' function at http://mysql.com would work.

For something that is portable to non MySQL systems, you can use
http://php.net/crypt

> Should I have login.inc in a folder below my public_html directory?

Ideally, *NO* you should not.

It should be a in a directory that is *NOT* below your public_html directory.

Make a directory called 'includes' or 'php' or something similar that is
*NEXT* to your public_html directory.

Then, using either .htaccess and:
php_value include_path "./:/complete/path/from/root/of/server/to/includes"

or perhaps http://php.net/set_include_path or http://php.net/set_ini you
want to convince PHP that the directory you just created is in your
include_path.

> I have removed some details such as passwords and swapped that with
> question
> marks.

Good!

>  session_start(); // start session.
> if(!isset($username) | !isset($password)) {

This should be || and not |, really.

> // escape from php mode.
> ?>
>
> http://www.w3.org/1999/xhtml";>
...
> 
>  exit();
> }
>
> // If all is well so far.
> session_register("IIDD");
> session_register("firstname");
> session_register("username");
> session_register("password"); // register username and password as session
> variables.

Not such a good idea, maybe.

They end up being in a file that *ANY* PHP script on your server can use.

If you are on a shared server, that means *EVERY* other user on your
machine that has access to PHP can read the username and password from
your session files.

What you might consider is storing their PHPSESSID into a table in your
database with their username.  You then can look them up with the PHPSESID
that will be given back to you from their browser on each page.  Also
store the date/time, and update it to now() in every script/page. 
Anything older than X minutes, you should consider an expired login, and
force them back to logging in again.

> // Here you would check the supplied username and password against your
> database to see if they exist.
> // For example, a MySQL Query, your method may differ.
> $link = mysql_connect("?", "?", "?") or die("Could not
> connect");
> mysql_select_db("s??") or die("Could not select database");
> $sql = mysql_query("SELECT customerID, password, firstname FROM
> customer_details WHERE username = '$username'");

If you use MySQL's 'password' function, you can do like:

"SELECT customer_ID, password = password('$password'), firstname FROM ..."

You'll get either 1 or 0 if their password matches the encrypted version
in your database, but you won't actually have their password stored in the
database, and that's Good.

If you want to use crypt, something more like:

"SELECT ..., password, ... FROM ...";
.
.
.
if (crypt($password, substr($fetch_em["password"], 0, 2)) ==
$fetch_em["password"]){
   $valid_user = 1;
}
else{
  $valid_user = 0;
}

> $fetch_em = mysql_fetch_array($sql);
> $numrows = mysql_num_rows($sql);
>
> if($numrows != "0" & $password == $fetch_em["password"]) {
> $valid_user = 1;
> }
> else {
> $valid_user = 0;
> }
>
> $firstname = $fetch_em["firstname"];
> $IIDD = $fetch_em["customerID"];
> // If the username exists and pass is correct, don't pop up the login code
> again.
> // If info can't be found or verified
>
> if (!($valid_user))
> {
> session_unset();   // Unset session variables.
> session_destroy(); // End Session we created earlier.
> // escape from php mode.
> ?>
> http://www.w3.org/1999/xhtml";>
...

> 
>  exit();
> }
> ?>


Since all the HTML in the two places I put ... is the same (right?) then
that should be an include file, so you can't get them out of sync.

Better yet, would be to re-structure your page so that the first form is
just not there, and you only TRY to log in if (isset($_POST['username']))

So your page is more like this:


login form


-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] null as function argumnent?

2004-12-08 Thread Bas Jobsen 
Hi,

I want to use a ?: statement. If not true de default function argument have to 
be used. How to do this



What do i have to pass instead of null to get default print?

Tnx,

Bas

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] null as function argumnent?

2004-12-08 Thread Michael Sims 
Bas Jobsen wrote:
> Hi,
> 
> I want to use a ?: statement. If not true de default function
> argument have to be used. How to do this
> 
>  function test($test='default')
> {
> echo $test;
> }
> test(($value==1)?'no default':null);
>> 
> 
> What do i have to pass instead of null to get default print?

Try this:

function test($test = null) {
  if (is_null($test)) { $test = 'default'; }
  echo $test;
}

test(($value == 1) ? 'no default' : null);

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Magic Quotes Issue

2004-12-08 Thread Tim Owens 

Shaun wrote:
> function db_query($query) {
>   if(!magic_quotes_gpc()){
> $qid = mysql_query(addslashes($query));
>   } else {
> $qid = mysql_query($query);
>   }
>   return $qid;
> }
>
> But this adds too many slashes! Has anyone come to a better solution
> regarding this?

I believe you should be performing this on each data item individually,
not the entire SQL statement. I presume it's escaping the quotes you're
using to quote the strings in your SQL.

Anyone know of a better was of doing this? We have to run our code on a
variety of public servers, some with magic quotes and some more
enlightened servers without. Might be nice to have a mq_addslashes
function.

Or I could write one myself of course...

Tim

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] fread()

2004-12-08 Thread Russell P Jones 
Is there any way to use fread() or a similar function to read a section of
a document NOT starting at the beginning...

for example, I can read the first 1000 bytes of a document with

fread($doc, 1000);

Is there any way to read the second 1000 bytes?

perhaps, fread($doc, 1000, 2000); who knows

or would substr work?

russ

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Security

2004-12-08 Thread Richard Lynch 
Rory Browne wrote:
>> There are times when one needs to parse a file that ends in .jpg (or
>> .jpeg) as PHP.
>>
>> Specifically, broken browsers (various versions of IE) that ignore
>> Content-type: headers and use the URL to determine the MIME type will
>> not
>> correctly display a URL such as:
>>
>> http://l-i-e.com/gd_example.php
>>
>> Said browser will, however, correctly handle:
>> http://l-i-e.com/gd_example.jpg
>
> You sure about that? AFAIK so long as the filename ends on .jpg as
> shown by the browser, then you're okay. Provided you use PATH_INFO,
> then, you can use http://example.com/make_image.php/dummy.jpg

Actually, I have generalized a whole plethora of Microsoft IE bugs in one
giant mess as the following truism:

Microsoft does not believe in dynamic rich media content.

Netscape doesn't always get it right either, btw.

It is *possible* that I am mistaken in the case of JPEGs, and
http://example.com/make_image.php/dummy.jpg will work on every MSIE
browser, and even on every browser that pretends to support JPEGs at all.

*HOWEVER* I can guarantee that:

http://example.com/make_pdf.php/whatever.pdf?input_to_pdf=42

will *BREAK* MSIE/Adobe launching of the Reader, even though:

http://example.com/make_pdf.php/whatever.pdf

works just fine.

And I can guarantee that Expiration headers with JPEG or PDF breaks some
browsers.

Now, I could sit here and try to remember every possible combination of
URL, mime type, file extension, and query string presence that may or may
not break one or more releases of MSIE and/or Netscape (or any other
browser) in some way...

Or, I could do what I have decided is the better solution:

Never give Microsoft the opportunity to screw this up.  Ever.

Always present MSIE with a URL that the browser *CANNOT*, by definition,
believe to be anything more than what I want the browser to believe it is.

If it's a JPEG, I'm going to give them a URL like:

http://example.com/scriptname/var1=value1/var2=value2/filename.jpg

where 'filename.jpg' is what I want MSIE to believe is the name of the JPEG.


They cannot even remotely stay close to HTTP spec and believe that that is
not a static JPEG on my server.  My directory names with = in them might
be a bit strange, but it's just a URL to them.

If it's a PDF, I'll do the same damn thing with .pdf on the end.

There will be no .php in the URL.

There will be no ? in the URL.

There will be no headers about content expiration for them to ignore, or
worse, to fail to deliver content because Microsoft doesn't understand
that rich media content *can* expire.

That last may be the one Netscapre screwed up.  Whatever.  I don't care
any more which browser screws what up.  I ain't gonna let any of them ever
mess with me again.

I simply refuse to give MSIE the opporunity to waste any more of my
valuable time figuring out which of their stupid browsers won't follow the
HTTP standard and do what it is supposed to do.

I *WILL* hand them a URL indistinguishable from a static URL to content.

If it's dynamic content, that URL *will* contain a random string that will
force them to re-load the content every page hit.  If that ruins their
caching system, that's their fault for not accepting expiration on rich
media in the first place.  Not my problem.

I've had it with MSIE (and Netscape too, for that matter) on this issue.

The browser makers have repeatedly *failed* to understand dynamic rich
media content.  I will simply not give them the opporunity, across the
board, to screw it up again, because they will not be able to (easily)
distinguish my dynamic rich media content from boring static rich media
content.

Can you tell I'm more than a little irked by browser handling of dynamic
rich media content, across the board?

This is a systemic browser problem that has remained unaddressed for
*YEARS* by the browser makers.  Instead, they've focused on
oh-so-important issues like the BLINK tag, and adding features no user
knows how to use, and adding platform-dependent tags and widgets out the
wazoo.  Gee, thanks.

Since they have repeatedly failed, I'm not willing to give them the
opportunity any more to fail.  They get a URL that looks just like the URL
they *can* handle, for all media types, and I'm done with all their flaky
browser inconsistencies in this arena.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Security

2004-12-08 Thread Rory Browne 
> There are times when one needs to parse a file that ends in .jpg (or
> .jpeg) as PHP.
> 
> Specifically, broken browsers (various versions of IE) that ignore
> Content-type: headers and use the URL to determine the MIME type will not
> correctly display a URL such as:
> 
> http://l-i-e.com/gd_example.php
> 
> Said browser will, however, correctly handle:
> http://l-i-e.com/gd_example.jpg

You sure about that? AFAIK so long as the filename ends on .jpg as
shown by the browser, then you're okay. Provided you use PATH_INFO,
then, you can use http://example.com/make_image.php/dummy.jpg


> 
> Note that both images are dynamic and, in fact, the two source files are
> Linux symbolic (hard) links, as is this PHP source code:
> http://l-i-e.com/gd_example.phps
> 
> The real problem in the describe scenario is that somebody was foolish
> enough to take an image supplied by the untrusted USER and then feed it to
> PHP to be executed.
> 
> Well, duh.
> 
> Don't do that.
> 
> :-)
> 
> You could do the exact same thing in Perl, C, or maybe even ASP.
> [You'd really have to work at it in ASP, though, since ASP is broken.]
> 
> > Needless to say this discussion quickly caught my attention and I
> > began to defend PHP explaining how the unsafe functions could be
> > disabled via the php.ini and so forth.  But then I began to wonder..
> > surely if an exploit were possible the PHP folks would have been
> > informed and the source would have been patched by now, right?
> 
> If an exploit is possible, but has nothing to do with PHP specifically,
> and has everything to do with a bad programmer, bad admin, or just plain
> user stupidity (PHP user, not end user) then why would the PHP Development
> Team change PHP?
> 
> > I guess my question is.. is PHP's file upload functionality really
> > safe?  I myself have a lot at stake if it's not.
> 
> Is your car really safe?  I have a lot at stake if it's not.  Should we
> outlaw cars because some people drive drunk?
> 
> > I don't know much about writing exploits, I just try to keep up to
> > date on security patches and bulletins and all.  But these security
> > guys really seem to think PHP is insecure as far as file uploading, so
> > now I'm wondering about it all.
> 
> The best way to learn more about security, other than poring over security
> lists with way too much information, plus lots and lots of misinformation
> from well-meaning people, is to role-play yourself as the bad guy and ask
> yourself:  "If I was mean, how would I mess with this to break this guy's
> site?"
> 
> I'm no security expert, but it amazes me the stupidity of some coding I
> see.  It's not *that* tricky to put yourself in the bad guy's shoes.
> 
> --
> Like Music?
> http://l-i-e.com/artists.htm
> 
> 
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP Security

2004-12-08 Thread Richard Lynch 
Greg Donald wrote:
> On Wed, 8 Dec 2004 08:42:50 -0500, Joshua Beall <[EMAIL PROTECTED]>
> wrote:
>> Can you also provide a link to the relevant message in the mailing list
>> archive?  I would like to read this myself.
>
> http://seclists.org/lists/security-basics/2004/Dec/0080.html

Everything described herein falls under his second category of flaw,
which, loosely translated, is "Bad Programming"

Nowhere does he address the first category of flaw of an inherent flaw in
PHP file uploads, which *HAS* been seen before, but was patched by the PHP
Developers within hours of discovery.

Some minor nit-picking and more advice:

I personally think that if you can't upload your images outside your web
tree then, in fact, your server admin is at fault for not providing you a
directory structure that allows that.  Good security requires cooperation
from both admin and Programmer.  If your webhost does not provide you with
a directory outside your web tree, switch hosts *NOW*.  I can personally
recommend http://hostbaby.com, but there are a few million more providers
who will do this right for you.

Also, you *SHOULD* force the file to be saved on your server with the
correct extension.  If a user can upload a JPEG with .php on the end, or
worse, with php in the middle of the filename, and then your server puts
that file in the web tree or otherwise allows it to be executed, *YOU*
(and your server admin) screwed up your security, not PHP.

And, yes, you *SHOULD* use http://php.net/getimagesize to at least be sure
the beginning portion of the file is an image.  That function won't
guarantee that the image didn't have PHP tacked embedded in the image
file, but at least you'll weed out people trying to upload files that
can't even pretend to be an image file.

Under *NO* circumstances should a file uploaded by an untrusted user be
put into your web tree.  You should *KEEP* it outside the web tree, and
use PHP to http://php.net/readfile it when it needs to be displayed. 
Since you are using PHP's readfile function to *READ* the file, Apache
won't have any chance to get fooled into thinking it's supposed to be a
PHP file and be parsed by PHP.

All of this is up to a cooperative effort on the part of the sysadmin and
the programmer of a site:  The PHP Development Team can only do so much to
keep you from doing something dangerous, just as Detroit can only do so
much to keep you from driving unsafely.

There are *WAY* too many sites out there that do this wrong, because
Programmers can't be bothered learning their craft and understanding
Security issues.  My opinion on such programmers is unprintable. :-)

This is not rocket science, folks.

Somebody you don't trust shouldn't be allowed to dump crap into your web
space willy-nilly.   That's a "Duh" if you ask me.

Granted, how to make it hard for them to do that is not all that simple,
but the basic idea is quite plain, and having enough sense to FIND OUT how
to make it hard is a no-brainer.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] i'm beginner and i couldn't solve the problem

2004-12-08 Thread Richard Lynch 
Chris W. Parker wrote:
> Ford, Mike 
> on Wednesday, December 08, 2004 5:18 AM said:
>
>>> $sql = "INSERT INTO testTable values ('', '$_POST[testField]')";
>>>
>>> should be
>>>
>>> $var = $_POST["testField"];
>>> $sql = "INSERT INTO testTable values ('', '$var')";
>>
>> Nope -- the original is functionally identical to your suggested
>> correction.
>
> Hmm... I thought arrays don't work correctly within a string unless they
> are wrapped with { and }?

That is a misconception on your part.  Read the manual.  It's quite clear
and concise.

http://www.php.net/manual/en/language.types.string.php

Arrays of MORE THAN ONE DIMENSION will need { and }

One-dimension arrays work just fine without.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] stupid question about a class

2004-12-08 Thread Stefan 

In your class function you should move your query to a variable e.g. $query

Then:

return $query;


And in your main program:

$whatever = $q->getQuery();

__
Stefan


> -Ursprüngliche Nachricht-
> Von: Richard Kurth [mailto:[EMAIL PROTECTED]
> Gesendet: Mittwoch, 8. Dezember 2004 19:21
> An: PHP General
> Betreff: [PHP] stupid question about a class
> 
> 
> I have a stupid question but I can not figure it out
> I am using a class that creates the select statement for mysql.
> I am ale to add all the data with out any problem. But when I run the
> class to get the results. I can only see the results by running echo in
> front of the call to the class .
> echo $q->getQuery();
> Output SELECT * FROM listing WHERE state='wa'
> if I
> $q->getQuery();
> echo $g;
> Output Object id #1
> How do I use the results in my mysql query If I can not move it to a
> variable
> 
> 
> 
> 
> --
> Best regards,
>  Richard  mailto:[EMAIL PROTECTED]
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Drawing checkboxes

2004-12-08 Thread Richard Lynch 
> The problem is this. The Values are formatted like this...
>
> value1|value2|value3...etc...
>
> I use the strstr() function to check against the $default so I can check
> it
> if so.
>
> Well it works great..BUT, lets say the product has a category of "Coffee
> Pots", but the one of the values available is "Coffee".
>
> In this case both "Coffee" AND "Coffee Pots" get checked when only "Coffee
> Pots" should.

Personally, I wouldn't be passing in parameters with '|' as a delimiter in
the first place.  I'd have everything being an array.  What if some day
somebody *WANTS* | as part of their category? You're in deep trouble then.
 You'll have to write a string parser not unlike PHP's string parser with
an escape charachter to allow for "|" to be in the string and that's a TON
of work for what should be dirt simple.

The easiest fix, keeping your code mostly the same would be:

if (strstr("|$default|", "|" . $values[$i]['id'] . "|")


The trick is to get | on the beginning and end of the whole string, and
then your "Coffee" will be guaranteed to have | on each side of it, so
then you can search specifically for "|Coffee|" as a single term, and not
be fooled by "|Coffee Pot|" which is a different term.

Hope that helps.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] stupid question about a class

2004-12-08 Thread Richard Kurth 

I have a stupid question but I can not figure it out
I am using a class that creates the select statement for mysql.
I am ale to add all the data with out any problem. But when I run the
class to get the results. I can only see the results by running echo in
front of the call to the class .
echo $q->getQuery();
Output SELECT * FROM listing WHERE state='wa'
if I
$q->getQuery();
echo $g;
Output Object id #1
How do I use the results in my mysql query If I can not move it to a
variable


  

-- 
Best regards,
 Richard  mailto:[EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Security Question with my password protected login script...

2004-12-08 Thread Ian Gray 
Hello all,

I have the following script called login.inc which I include at the
beginning of each page on my customer control panel.  Basically it checks to
see if a session has been created with user details and if it has it carries
on with the rest of the page and if not the login screen is printed.

My question is, how secure is this?  I have the password, username etc in a
MYSQL database but I haven't encrypted it (don't know how)

Should I have login.inc in a folder below my public_html directory?

I have removed some details such as passwords and swapped that with question
marks.

Many thanks,

Ian Gray

Here is the code?




http://www.w3.org/1999/xhtml";>


Customer Login

Re: [PHP] Php in Cgi

2004-12-08 Thread Richard Lynch 
Peter Law wrote:
> I am learning Php and have a web site host where scripts have to be in the
> cgi-bin. What is put in the original web page to call a script from the
> cgi-bin? The info from the web host is below.

Something like this may be useful to you:

Make two files.

Name one of them: form.html

Put this in it:


  


  


Name the second file: form_processor.php

Put this in it:


Hello, 
Welcome to my website!
  

Now, upload the HTML page to the HTML part of your site, but put the PHP
page in your cgi-bin part of your site.

Visit the HTML page, and it *SHOULD* invoke the PHP page when you submit
the form.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Security

2004-12-08 Thread Richard Lynch 
Greg Donald wrote:
> The other day a post came across one of those mailing lists discussing
> PHP security.  One of the posters was describing how insecure PHP's
> file upload functionality is and went on to explain a simple method of
> attaching exploit code to the end of a jpeg or other image format,
> then proceeding in uploading the image to the target site that
> accepted image uploads.
> The code would be executed as PHP in spite of
> the file type detection.  I'd think there would be no need to parse a
> jpeg as PHP, right?

There are times when one needs to parse a file that ends in .jpg (or
.jpeg) as PHP.

Specifically, broken browsers (various versions of IE) that ignore
Content-type: headers and use the URL to determine the MIME type will not
correctly display a URL such as:

http://l-i-e.com/gd_example.php

Said browser will, however, correctly handle:
http://l-i-e.com/gd_example.jpg

Note that both images are dynamic and, in fact, the two source files are
Linux symbolic (hard) links, as is this PHP source code:
http://l-i-e.com/gd_example.phps

The real problem in the describe scenario is that somebody was foolish
enough to take an image supplied by the untrusted USER and then feed it to
PHP to be executed.

Well, duh.

Don't do that.

:-)

You could do the exact same thing in Perl, C, or maybe even ASP.
[You'd really have to work at it in ASP, though, since ASP is broken.]

> Needless to say this discussion quickly caught my attention and I
> began to defend PHP explaining how the unsafe functions could be
> disabled via the php.ini and so forth.  But then I began to wonder..
> surely if an exploit were possible the PHP folks would have been
> informed and the source would have been patched by now, right?

If an exploit is possible, but has nothing to do with PHP specifically,
and has everything to do with a bad programmer, bad admin, or just plain
user stupidity (PHP user, not end user) then why would the PHP Development
Team change PHP?

> I guess my question is.. is PHP's file upload functionality really
> safe?  I myself have a lot at stake if it's not.

Is your car really safe?  I have a lot at stake if it's not.  Should we
outlaw cars because some people drive drunk?

> I don't know much about writing exploits, I just try to keep up to
> date on security patches and bulletins and all.  But these security
> guys really seem to think PHP is insecure as far as file uploading, so
> now I'm wondering about it all.

The best way to learn more about security, other than poring over security
lists with way too much information, plus lots and lots of misinformation
from well-meaning people, is to role-play yourself as the bad guy and ask
yourself:  "If I was mean, how would I mess with this to break this guy's
site?"

I'm no security expert, but it amazes me the stupidity of some coding I
see.  It's not *that* tricky to put yourself in the bad guy's shoes.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Sessions problem

2004-12-08 Thread Dre 
if u can give me an instance of a writable path it would be great.
and yes the data do not get saved and I can not run any thing that depends
on sessions as they do not get registered

"Raditha Dissanayake" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Dre wrote:
>
> >Hi,
> >
> >I need to make sessions work in my local machine .. I'm using Apache
2.0.49
> >on WINDOWS XP PRO.
> >
> >my php.ini sessions section is
> >
> >session.save_handler = files
> >
> >session.save_path = "C:\php4\tmp"
> >
> >
> A common problem is that this path is not writable by the webserver
> please check for that.
>
> >I tried everything and sessions still not working, and I don't know what
is
> >worng .. help will be appreciated.
> >
> >
> Any error messages? or is it just that your data is not being saved?
> have you tried to print_r() or var_dump() to confirm this?
>
> >Thanks in advance
> >
> >
> >
>
>
> -- 
> Raditha Dissanayake.
> --
> http://www.radinks.com/print/card-designer/ | Card Designer Applet
> http://www.radinks.com/upload/  | Drag and Drop Upload

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] how to display the content step by step

2004-12-08 Thread Richard Lynch 
yangshiqi wrote:
> Just like many applications, I want to display my main content table a
> sector after a sector, may be row ater row.

Is there a specific *WEB* application you are thinking of that does this?

Because while many desktop applications may do this, web applications have
very little control over the rendering of the content, since that's done
by the browser, for better or worse.

> Coz the html may wait until the whole table be downloaded then to show it,
> but I see some application like the Web calendar
> http://www.k5n.us/webcalendar.php?topic=Demo
>
> Anyone here know about this?

I also am just seeing the whole page in an eye-blink.  Fast connection at
work...

You may want to try using:
http://php.net/flush
to force your content to be sent to the browser, and:
http://php.net/ob_flush
if you've got output buffering turned on, or just turn output buffering
*OFF* in the first place.  But then you'll need to understand HTTP headers
and http://php.net/header and actually structure your code properly so the
header function is always called before the content goes out.

In the end, though, it may turn out that the answer is that your HTML
doesn't allow your browser (and maybe or maybe not other browsers) to
render quickly.  Change your HTML is the answer, and what to change it to
has little to do with PHP.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] ini_set doesn't work

2004-12-08 Thread Richard Lynch 
Mukasa Assey Alfred wrote:
> Try ini_set(memory_limit, "-1");

Maybe the quotes on "-1" will help, but memory_limit should also have quotes.


> On Wed, 8 Dec 2004, Joerg P wrote:
>
>> hello,
>>
>> what do I have to change in php.ini, to allow thr
>> ini_set("memory_limit",-1);
>> command?
>>
>> It doesn't work in my script...

Can you define "doesn't work" a bit better?
Do you get an error message from ini_set?
Are you building an 8 Meg object and then get an error message?
What?

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP Security

2004-12-08 Thread Greg Donald 
On Wed, 8 Dec 2004 08:42:50 -0500, Joshua Beall <[EMAIL PROTECTED]> wrote:
> Can you also provide a link to the relevant message in the mailing list
> archive?  I would like to read this myself.

http://seclists.org/lists/security-basics/2004/Dec/0080.html


-- 
Greg Donald
Zend Certified Engineer
http://gdconsultants.com/
http://destiney.com/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] i'm beginner and i couldn't solve the problem

2004-12-08 Thread Richard Lynch 
Mecnun wrote:
> I'm usin php, apache and mysql on my computer. I have run some scripts. so
> i'm sure i installed them correctly. One of my script don't run properly,
> also it doesnt give error.
> I'm trying to send some data to my database by using a form. The database
> can get the auto incremented number but doesn't get whatever I type into
> the text box in the form. My code is below:
> --
>  //open the connection
> $conn = mysql_connect("localhost", "selimatmaca", "BETULBETUL");

If this is your real database username/password, go change it immediately!

You've just given your password to a billion people.

Also change any other accounts that use this password.

> //pick the database to use
> mysql_select_db("testDB", $conn);
> //create the sql statement
> $sql = "INSERT INTO testTable values ('', '$_POST[testField]')";
> //execute
> if (mysql_query($sql,$conn)){
> echo "Record Added";
> } else{
> echo "Somethin went wrong";
> }
> ?>

Which of these two messages do you see?

If it is 'Somethin went wrong' then you need to get more info about WHAT
went wrong.

Perhaps add:
echo mysql_error($conn);

Actually, better would be to add:
error_log(@mysql_error($conn));
and check your Apache error log file for the message.
http://php.net/error_log

> --
>
>
> mysql> select * from testTable;
> ++--+
> | id | testField|
> ++--+
> |  1 | some value   |
> |  2 | some value   |
> |  3 ||
> |  4 ||
> |  5 ||
> |  6 ||
> |  7 ||
> |  8 ||
> |  9 |  [testField]|
> | 10 | [testField]|
> | 11 ||
> | 12 ||
> | 13 ||
> | 14 ||
> ++--+
> 14 rows in set (0.00 sec)
>
>
> The database dont show the "testField" data, but it shows the numbers.

I'm seeing '[testField]' in there, which would indicate maybe you left out
$_POST for awhile...

Are you re-typing your source code here?  Or did you really copy/paste
your actual code?

What you have here looks okay to me...

But if that's not actually the code you are using...

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] i'm beginner and i couldn't solve the problem

2004-12-08 Thread Ford, Mike 
To view the terms under which this email is distributed, please go to 
http://disclaimer.leedsmet.ac.uk/email.htm



On 08 December 2004 16:58, Chris W. Parker wrote:

> Ford, Mike 
> on Wednesday, December 08, 2004 5:18 AM said:
> 
> > > $sql = "INSERT INTO testTable values ('', '$_POST[testField]')";
> > > 
> > > should be
> > > 
> > > $var = $_POST["testField"];
> > > $sql = "INSERT INTO testTable values ('', '$var')";
> > 
> > Nope -- the original is functionally identical to your suggested
> > correction.
> 
> Hmm... I thought arrays don't work correctly within a string
> unless they
> are wrapped with { and }?

They do if you treat them right.
 
>  
>   $sql = "INSERT INTO ... ('', '{$_POST['testField']}')";
> 
> Also you should always wrap the index name in single quotes (or maybe
> double quotes work also.)

RTFM -- this example taken from
http://uk2.php.net/manual/en/language.types.string.php#language.types.string
.parsing.simple illustrates the topic pretty well:

   $fruits = array('strawberry' => 'red', 'banana' => 'yellow');

   // Works but note that this works differently outside string-quotes
   echo "A banana is $fruits[banana].";

   // Works
   echo "A banana is {$fruits['banana']}.";

   // Works but PHP looks for a constant named banana first
   // as described below.
   echo "A banana is {$fruits[banana]}.";

   // Won't work, use braces.  This results in a parse error.
   echo "A banana is $fruits['banana'].";

   // Works
   echo "A banana is " . $fruits['banana'] . ".";

   // Works
   echo "This square is $square->width meters broad.";

   // Won't work. For a solution, see the complex syntax.
   echo "This square is $square->width00 centimeters broad.";
   ?>  

   For anything more complex, you should use the complex syntax. 

I wouldn't personally encourage the "... $fruits[banana] ..." style, but
it's valid and works perfectly well.

Cheers!

Mike

-
Mike Ford,  Electronic Information Services Adviser,
Learning Support Services, Learning & Information Services,
JG125, James Graham Building, Leeds Metropolitan University,
Headingley Campus, LEEDS,  LS6 3QS,  United Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730  Fax:  +44 113 283 3211 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP extensions with EasyPHP 1-7

2004-12-08 Thread Richard Lynch 
Michel Gangloff wrote:
> I try to use some PHP extensions with EasyPHP 1.7 on Windows XP
>
> I have checked the path for extensions in the "php.ini" file ; it is
> correct
> But when I want do add some extensions , some work well , and others
> don't (they are in the same directory )
>
>
> I get the following message :
>
> Unable to load dynamic library C:\Program
> Files\EasyPHP1-7\php\extensions\php_curl.dll  Could not find specified
> module
>
> Same problem for php_domxml.dll  ,  php_ldap.dll

What are the extensions that DO work?

Are you sure they are not just built-in to PHP already?

Can you use http://php.net/dl on those extensions instead of the php.ini
settings?  That would help you to confirm/deny that you really are loading
the extensions you think you are loading.

I seem to recall that Apache and php.ini did not like directory names with
spaces in them -- Try moving your extensions directory to C:\php (you'll
need to create that directory) and re-start Apache.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] i'm beginner and i couldn't solve the problem

2004-12-08 Thread Chris W. Parker 
Ford, Mike 
on Wednesday, December 08, 2004 5:18 AM said:

>> $sql = "INSERT INTO testTable values ('', '$_POST[testField]')";
>> 
>> should be
>> 
>> $var = $_POST["testField"];
>> $sql = "INSERT INTO testTable values ('', '$var')";
> 
> Nope -- the original is functionally identical to your suggested
> correction. 

Hmm... I thought arrays don't work correctly within a string unless they
are wrapped with { and }?



Also you should always wrap the index name in single quotes (or maybe
double quotes work also.)



Chris.

p.s. It's a bad idea to directly insert data from outside your script
into your database. Check the recent PHP Security thread for more info.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PEAR performance/overhead

2004-12-08 Thread Ryan King 
On Dec 7, 2004, at 12:34 PM, David Dickson wrote:
I was told that PEAR has too much overhead to be considered for a 
large scale site. Does any one feel the same? Is this an outrageous 
comment? I would like to hear comments from people who are using PEAR, 
or people who have considered PEAR but decided not to use it and your 
reasons.

The packages I am particularly interested in are HTML_QuickForm and DB.
I think that when most people say PEAR has big overhead they're 
referring to the parsing work that must be done. Under a plain PHP 
implementation it can be quite expensive to re-parse those two packages 
for every request. However, if you are concerned with performance on 
your site you should be using a compiler so that this does not occur. A 
php compiler will easily improve your site's performance by an order of 
magnitude.

-ryan
--
http://theryanking.com/blog
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP extensions with EasyPHP 1-7

2004-12-08 Thread Michel Gangloff 
I try to use some PHP extensions with EasyPHP 1.7 on Windows XP
I have checked the path for extensions in the "php.ini" file ; it is correct
But when I want do add some extensions , some work well , and others 
don't (they are in the same directory )

I get the following message :
Unable to load dynamic library C:\Program 
Files\EasyPHP1-7\php\extensions\php_curl.dll  Could not find specified 
module

Same problem for php_domxml.dll  ,  php_ldap.dll
Thanks
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Sessions problem

2004-12-08 Thread Raditha Dissanayake 
Dre wrote:
Hi,
I need to make sessions work in my local machine .. I'm using Apache 2.0.49
on WINDOWS XP PRO.
my php.ini sessions section is
session.save_handler = files
session.save_path = "C:\php4\tmp"
 

A common problem is that this path is not writable by the webserver 
please check for that.

I tried everything and sessions still not working, and I don't know what is
worng .. help will be appreciated.
 

Any error messages? or is it just that your data is not being saved? 
have you tried to print_r() or var_dump() to confirm this?

Thanks in advance
 


--
Raditha Dissanayake.
--
http://www.radinks.com/print/card-designer/ | Card Designer Applet
http://www.radinks.com/upload/  | Drag and Drop Upload 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: mail with attachment

2004-12-08 Thread Dre 
Thanks Manuel, I will check the class

and here is the code of the mail sending script
//==


//==


"Manuel Lemos" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hello,
>
> Dre wrote:
> > I'm trying to send a mail with attachment, using mail() fucntion ..
> > the mail is sent with the attached file, but when I open my mail box to
> > check the mail I sent using my script, I find the normal text contents
and
> > the attachment displayed as text too !!!
> > ex. if I attached a document, it will not be just attached when I open
the
> > mail, it will be displayed as text.
> > I'm using multipart MIME
>
> You are probably doing something wrong but without seeing the source of
> your code, it is hard to tell what is the problem.
>
> Anyway, you may want to try this class that is capable of composing and
> sending messages with as many attachments as you want and works properly:
>
> http://www.phpclasses.org/mimemessage
>
>
> -- 
>
> Regards,
> Manuel Lemos
>
> PHP Classes - Free ready to use OOP components written in PHP
> http://www.phpclasses.org/
>
> PHP Reviews - Reviews of PHP books and other products
> http://www.phpclasses.org/reviews/
>
> Metastorage - Data object relational mapping layer generator
> http://www.meta-language.net/metastorage.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Sessions problem

2004-12-08 Thread Dre 
Hi,

I need to make sessions work in my local machine .. I'm using Apache 2.0.49
on WINDOWS XP PRO.

my php.ini sessions section is

session.save_handler = files

session.save_path = "C:\php4\tmp"

session.use_cookies = 1

session.name = PHPSESSID

session.auto_start = 1

session.cookie_lifetime = 0

session.cookie_path = "/"

session.cookie_domain = "localhost"

session.serialize_handler = php

session.gc_probability = 1
session.gc_divisor = 100

session.gc_maxlifetime = 1440

session.bug_compat_42 = 1
session.bug_compat_warn = 1


I tried everything and sessions still not working, and I don't know what is
worng .. help will be appreciated.
Thanks in advance

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] (Quanta) php editor or php IDE for linux with autocompletion

2004-12-08 Thread [EMAIL PROTECTED] 
Jason Wong wrote:
> So are you looking to auto-complete (X)HTML tags or are you looking to
> auto-complete PHP keywords/functions? What is your question?
> 


We need to auto-complete PHP words and functions INDIPENDENTLY of the fact
that they are present or not in the page. For instance if one developer
digits

fun 

inside a php page, and between  tags, we expect the auto-completion
tool to propose 

function.

If the developer writes 

mysql_f

inside a php page, and between  tags, we expect the auto-completion
tool to propose
 
mysql_fetch_row()
mysql_free_result()
and so on

and she can choose from the list, and so on, son on.

This is the kind of auto-completion we are looking for, exactly as in the
case of Quanta and HTML / XHTML.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: mail with attachment

2004-12-08 Thread Manuel Lemos 
Hello,
Dre wrote:
I'm trying to send a mail with attachment, using mail() fucntion ..
the mail is sent with the attached file, but when I open my mail box to
check the mail I sent using my script, I find the normal text contents and
the attachment displayed as text too !!!
ex. if I attached a document, it will not be just attached when I open the
mail, it will be displayed as text.
I'm using multipart MIME
You are probably doing something wrong but without seeing the source of 
your code, it is hard to tell what is the problem.

Anyway, you may want to try this class that is capable of composing and 
sending messages with as many attachments as you want and works properly:

http://www.phpclasses.org/mimemessage
--
Regards,
Manuel Lemos
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
PHP Reviews - Reviews of PHP books and other products
http://www.phpclasses.org/reviews/
Metastorage - Data object relational mapping layer generator
http://www.meta-language.net/metastorage.html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] (Quanta) php editor or php IDE for linux with autocompletion

2004-12-08 Thread Jason Wong 
On Wednesday 08 December 2004 20:09, [EMAIL PROTECTED] wrote:
> Jason Wong wrote:
> > I think I may have misunderstood what you mean by auto-completion. What
> > Quanta does is auto-complete words that you *already* have in the
> > document.
>
> Not really. With HTML / XHTML Quanta does auto complete words, tags,
> properties, attributes which are in the DTD. Or am I wrong?

So are you looking to auto-complete (X)HTML tags or are you looking to 
auto-complete PHP keywords/functions? What is your question?

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
/*
Death is only a state of mind.

Only it doesn't leave you much time to think about anything else.
*/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Drawing checkboxes

2004-12-08 Thread Brent Baisley 
If I have to pass name/value pairs to a function or anything else, I 
always use an multidimensional associative array (that's a mouthful). 
Using a string delimiter is too unreliable and probably slower.
Something like this:

$checkBoxList[] = 
array('name'=>'Coffee','value'=>'Coffee','checked'=>'Y');
$checkBoxList[] = array('name'=>'Coffee Pot','value'=>'Coffee 
Pot','checked'=>'N');
$checkBoxList[] = array('name'=>'Tea Pot','value'=>'Tea 
Pot','checked'=>'Y');
draw_checkbox_menu($checkBoxList);

function draw_checkbox_menu($checkboxes,$parameters=false) {
foreach($checkboxes as $box) {
	$field .= '';
}
return $field;
}

A one line function to display your checkboxes. Of course, you need 
extra code to accommodate your parameters. I have a similar function 
where the parameters are how many rows or columns to create for the 
checkboxes. So I could create a checkbox area with 3 columns and x rows 
or 4 rows and x columns just by passing a different parameter.

On Dec 7, 2004, at 3:10 PM, Mike wrote:

Hello,
I am having a hard time figuring this one out, maybe someone here (with
fresh eyes) can offer a suggestion?
Here is the function...
// Draw Checkbox Menu
function draw_checkbox_menu($name, $values, $default = false, 
$parameters =
false) {


for ($i=0; $i
';
}
return $field;
}
This function is passed the name of the checkbox list($name), the 
values
that are available($values = array) along with the ones that should be
checked ($default). Parameters too , but not important.

The problem is this. The Values are formatted like this...
value1|value2|value3...etc...
I use the strstr() function to check against the $default so I can 
check it
if so.

Well it works great..BUT, lets say the product has a category of 
"Coffee
Pots", but the one of the values available is "Coffee".

In this case both "Coffee" AND "Coffee Pots" get checked when only 
"Coffee
Pots" should.

What can I do to this function eliminate this?
Thanks

++
Mike Yrabedra
[EMAIL PROTECTED]
Your Mac Intelligence Resource
++
W: http://www.macagent.com/
E: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
Brent Baisley
Systems Architect
Landover Associates, Inc.
Search & Advisory Services for Advanced Technology Environments
p: 212.759.6400/800.759.0577
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] how to display the content step by step

2004-12-08 Thread Brent Baisley 
As far as I know, there is no reliable way to force a browser to 
display data before the whole page is downloaded. A browser won't 
display information contained in an open tag, like a table. Once the 
tag is closed, the browser may display part of the data, but this 
depends on the browser. IE won't display anything until it gets a 
certain amount of data, regardless of open tags. I forget how much, 
maybe 32K. So if your page is 31K, there is no way to get IE to display 
part of the page.

The link you specified displays all at once for me, maybe because I'm 
on a T1, maybe because at the moment I'm using Firefox on a Mac. 
Perhaps if I had a slow connection or a slow computer, I could watch 
the screen draw.

On Dec 8, 2004, at 12:17 AM, yangshiqi wrote:
Just like many applications, I want to display my main content table a
sector after a sector, may be row ater row.

Coz the html may wait until the whole table be downloaded then to show 
it,
but I see some application like the Web calendar
http://www.k5n.us/webcalendar.php?topic=Demo


Anyone here know about this?



Best wishes,

Yangshiqi





--
Brent Baisley
Systems Architect
Landover Associates, Inc.
Search & Advisory Services for Advanced Technology Environments
p: 212.759.6400/800.759.0577
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: OT Re: Desparate

2004-12-08 Thread Peter Lauri 
I have looked there, did not find what I wanted :) Know of any open MySQL
newsgroup?

Java newsgroup?

/Peter


"David Robley" <[EMAIL PROTECTED]> skrev i meddelandet
news:[EMAIL PROTECTED]
> On Wed, 8 Dec 2004 16:31, Peter Lauri wrote:
>
> > Best groupmember,
> >
> > I just moved to Bangkok and have a huge problem. My ISP does not provide
a
> > news-server. For the news.php.net there is no problem, but I can not
> > locate any other discussion groups.
> >
> > Is there any open news-servers that can be used instead of ISP-connected
> > news-server? Ex: news.opennewsserver.com
> >
> > I know that this is not supposed to be posted in this group, not
relevant
> > to the subject, sorry about that. But I have tried to find a solution
for
> > two weeks now.
>
>
> Try something from here:
> http://directory.google.com/Top/Computers/Usenet/Public_News_Servers/
>
> Google is your friend
>
> --
> David Robley
>
> Thesaurus: ancient reptile with an excellent vocabulary.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: PHP Security

2004-12-08 Thread Joshua Beall 
"Greg Donald" <[EMAIL PROTECTED]> wrote in message 
news:[EMAIL PROTECTED]
> The other day a post came across one of those mailing lists discussing
> PHP security.  One of the posters was describing how insecure PHP's
> file upload functionality is and went on to explain a simple method of
> attaching exploit code to the end of a jpeg or other image format,
> then proceeding in uploading the image to the target site that
> accepted image uploads.  The code would be executed as PHP in spite of
> the file type detection.

Chris already gave a good response to all this, but I am curious myself - 
can this mystery antagonist provide an example exploit?  What he is 
suggesting seems impossible, unless for some strange reason you have set 
Apache to execute .jpg files at PHP code.  In which case the security hole 
is the admin who set things up like that, not PHP!

Can you also provide a link to the relevant message in the mailing list 
archive?  I would like to read this myself.

  -Josh 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: PEAR performance/overhead

2004-12-08 Thread Joshua Beall 

"David Dickson" <[EMAIL PROTECTED]> wrote in message 
news:[EMAIL PROTECTED]
>I was told that PEAR has too much overhead to be considered for a large 
>scale site. Does any one feel the same? Is this an outrageous comment? I 
>would like to hear comments from people who are using PEAR, or people who 
>have considered PEAR but decided not to use it and your reasons.

I wound up taking a hybrid approach, rolling my own DB abstraction layer 
that was more efficient than PEAR DB (and less full featured, as well), but 
suited our needs nicely.  By doing this I was able to reduce each page's 
memory footprint by about 50%, and execution time by about 40%.  I still use 
other components of PEAR, however, and I think it is a great resource.

Anyone who dismisses PEAR out of hand, without giving it a serious look, is 
insane.

> The packages I am particularly interested in are HTML_QuickForm and DB.

You'll have to write some tests and do some benchmarks to decide what the 
best answer is. 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] i'm beginner and i couldn't solve the problem

2004-12-08 Thread Ford, Mike 
To view the terms under which this email is distributed, please go to 
http://disclaimer.leedsmet.ac.uk/email.htm



On 08 December 2004 11:29, Sagar C Nannapaneni wrote:

> $sql = "INSERT INTO testTable values ('', '$_POST[testField]')";
> 
> should be
> 
> $var = $_POST["testField"];
> $sql = "INSERT INTO testTable values ('', '$var')";

Nope -- the original is functionally identical to your suggested correction.

Cheers!

Mike

-
Mike Ford,  Electronic Information Services Adviser,
Learning Support Services, Learning & Information Services,
JG125, James Graham Building, Leeds Metropolitan University,
Headingley Campus, LEEDS,  LS6 3QS,  United Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730  Fax:  +44 113 283 3211 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Pear libraries

2004-12-08 Thread eric LUDINART 
hi,
I search a package with all available libraries PEAR in on pack ...
for manual update ...

thanks.


eric

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] (Quanta) php editor or php IDE for linux with autocompletion

2004-12-08 Thread Raditha Dissanayake 
[EMAIL PROTECTED] wrote:
Jason Wong wrote:
 

I think I may have misunderstood what you mean by auto-completion. What
Quanta does is auto-complete words that you *already* have in the
document. 
   

Not really. With HTML / XHTML Quanta does auto complete words, tags,
properties, attributes which are in the DTD. Or am I wrong?
 

Ask in the quanta mailing list and someone will tell you.

--
Raditha Dissanayake.
--
http://www.radinks.com/print/card-designer/ | Card Designer Applet
http://www.radinks.com/upload/  | Drag and Drop Upload 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] (Quanta) php editor or php IDE for linux with autocompletion

2004-12-08 Thread [EMAIL PROTECTED] 
Jason Wong wrote:
> I think I may have misunderstood what you mean by auto-completion. What
> Quanta does is auto-complete words that you *already* have in the
> document. 

Not really. With HTML / XHTML Quanta does auto complete words, tags,
properties, attributes which are in the DTD. Or am I wrong?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] (Quanta) php editor or php IDE for linux with autocompletion

2004-12-08 Thread Jason Wong 
On Wednesday 08 December 2004 19:49, [EMAIL PROTECTED] wrote:
> Jason Wong wrote:
> > What version of quanta are you using? Autocompletion was available quite
> > a while ago.
>
> I am using Quanta 3.2.3, and php auto completion does not work. How do you
> activate it?

I think I may have misunderstood what you mean by auto-completion. What Quanta 
does is auto-complete words that you *already* have in the document. It 
doesn't (AFAIK) do php-specific auto-completion.

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
/*
  I tripped over a hole that was sticking up out of the ground.
*/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] (Quanta) php editor or php IDE for linux with autocompletion

2004-12-08 Thread [EMAIL PROTECTED] 
Jason Wong wrote:
> What version of quanta are you using? Autocompletion was available quite a
> while ago.

I am using Quanta 3.2.3, and php auto completion does not work. How do you
activate it?

 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php editor or php IDE for linux with autocompletion

2004-12-08 Thread [EMAIL PROTECTED] 
Steve Brown wrote:
> Eclipse: http://www.eclipse.org/
> PHPEclipse: http://www.phpeclipse.de/

What about Eclipse? Did anyone make it work?

How does it compare to Kdevelop?

I tried to install it, unsuccesfully, on Mandrake 10.1 CE. Apparently, one
library is missing (but the library does not exist).

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] i'm beginner and i couldn't solve the problem

2004-12-08 Thread Sagar C Nannapaneni 
$sql = "INSERT INTO testTable values ('', '$_POST[testField]')";

should be

$var = $_POST["testField"];
$sql = "INSERT INTO testTable values ('', '$var')";

/sagar

- Original Message -
From: "Mecnun" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, December 08, 2004 4:23 PM
Subject: [PHP] i'm beginner and i couldn't solve the problem


> I'm usin php, apache and mysql on my computer. I have run some scripts. so
i'm sure i installed them correctly. One of my script don't run properly,
also it doesnt give error.
> I'm trying to send some data to my database by using a form. The database
can get the auto incremented number but doesn't get whatever I type into the
text box in the form. My code is below:
> --
>  file://open the connection
> $conn = mysql_connect("localhost", "selimatmaca", "BETULBETUL");
> file://pick the database to use
> mysql_select_db("testDB", $conn);
> file://create the sql statement
> $sql = "INSERT INTO testTable values ('', '$_POST[testField]')";
> file://execute
> if
sql_query($sql,$conn)){ 
> echo "Record Added";
> } else{ 
> echo "Somethin went wrong";
> }
> ?>
> --
>  
>  
> mysql> select * from testTable;
> ++--+
> | id | testField|
> ++--+
> |  1 | some value   |
> |  2 | some value   |
> |  3 ||
> |  4 ||
> |  5 ||
> |  6 ||
> |  7 ||
> |  8 ||
> |  9 |  [testField]|
> | 10 | [testField]|
> | 11 ||
> | 12 ||
> | 13 ||
> | 14 ||
> ++--+
> 14 rows in set (0.00 sec)
>  
>  
> The database dont show the "testField" data, but it shows the numbers.
> Also this is my html form:
>  
>  
>  
> 
> 
> 
> An Insert Form
> 
> 
> 
> 
>  Type something in:
> 
> 
> 
> 
> 
> 
>
>
>  There is another script for which I dont use a html form. I send the data
directly from the script and it works fine. Codes are here:
>
> 
> 
> Untitled Document
> 
> 
> 
>  $conn = mysql_connect("localhost", "selimatmaca", "BETULBETUL");
> mysql_select_db("testDB", $conn);
> $sql = "INSERT INTO testTable values ('', 'some value')";
> if (mysql_query($sql, $conn))
>  {
>  echo "record added";
>  }
>  else
>  {
>  echo "Something went wrong";
>  }
> ?>
> 
> 
>
>
> so, please tell me where I'm doing wrong. Thanks a lot.
>
>
> -
> Do you Yahoo!?
>  Yahoo! Mail - Find what you need with new enhanced search. Learn more.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] mail with attachment

2004-12-08 Thread Dre 
Hi,

I'm trying to send a mail with attachment, using mail() fucntion ..
the mail is sent with the attached file, but when I open my mail box to
check the mail I sent using my script, I find the normal text contents and
the attachment displayed as text too !!!
ex. if I attached a document, it will not be just attached when I open the
mail, it will be displayed as text.
I'm using multipart MIME

thanks in advance



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] i'm beginner and i couldn't solve the problem

2004-12-08 Thread Mecnun 
I'm usin php, apache and mysql on my computer. I have run some scripts. so i'm 
sure i installed them correctly. One of my script don't run properly, also it 
doesnt give error. 
I'm trying to send some data to my database by using a form. The database can 
get the auto incremented number but doesn't get whatever I type into the text 
box in the form. My code is below:
--

--
 
 
mysql> select * from testTable;
++--+
| id | testField|
++--+
|  1 | some value   |
|  2 | some value   |
|  3 ||
|  4 ||
|  5 ||
|  6 ||
|  7 ||
|  8 ||
|  9 |  [testField]|
| 10 | [testField]|
| 11 ||
| 12 ||
| 13 ||
| 14 ||
++--+
14 rows in set (0.00 sec)
 
 
The database dont show the "testField" data, but it shows the numbers.
Also this is my html form:
 
 
 



An Insert Form




 Type something in:







 
 There is another script for which I dont use a html form. I send the data 
directly from the script and it works fine. Codes are here: 
 


Untitled Document







 
so, please tell me where I'm doing wrong. Thanks a lot.


-
Do you Yahoo!?
 Yahoo! Mail - Find what you need with new enhanced search. Learn more.