Re: [PHP] How can I secure database passwords used by PHP webpages
Rob Tanner wrote: WE have a number of PHP webpages that access one of several MySql databases and while the PHP files that contain the passwords cannot be accessed via the web, we are becoming increasingly concerned over the possibility of other webpage maintainers viewing those files. How have other folks protected database passwords needed by PHP apps? Who are these "other webpage maintainers" and why do they have access to your PHP source code? This isn't a PHP issue. The MySQL password has to be in a file as plain text; there's no getting around that (as recently discussed on here). Your issue is controlling access to the machine and the files, so is an OS/policy/trust issue, imo. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] textarea posting duplicate text
Elizabeth Lawrence wrote: Thanks, Dan. I copied your code exactly and posted it here: http://www.tidefans.com/test.php I pasted a large part of O'Henry's "Gift of the Magi" into the textarea, and it gets repeated, as before. There was an Apache2/PHP bug going around that had this issue. It was an older version of PHP and/or Apache2 that I thought was fixed, though. Maybe your running into this same issue? Try searching the PHP bug database for "apache2 duplicate" and see if you can find the old bug/issue. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Not able to add data to a MySQL database
Richard Lynch wrote: Vaibhav Sibal wrote: Hi, I am not able to insert data into my mysql database using php even if i use a simple code as follows : ADD SOME ERROR CHECKING!!! http://php.net/die and http://us2.php.net/mysql_error ;) -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem submitting a POST request "by hand"
Vallo wrote: > Client sends request (submits form to my script) to me (i.e. server) and I want to send back to client a page with POST parameters from my script. But the page doesn't display in the clients browser (blank page opens). Question: what is missing in this script? echo and/or print? -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php DBMS
Gerben wrote: I'm wondering if there is any DBMS, like MySQL, which is (fully) implemented in php. This so you don't have to buy a MySQL database. I'm currently trying to put something together, but this would be a waste of time if it already exists. SQLite is probably what you're after. It comes with PHP5 and can be built into PHP4, iirc. Of course, I'm assuming what you mean by "fully implemented" is included with PHP, not written with it. A database written in PHP would not be good, imo. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] get_defined_vars in all scopes?
> I'm using this at the end of a script > > echo ''; var_dump(get_defined_vars()); echo ''; > > but it only returns what get_defined_vars gives, which is what's > available in the current scope. Is there any way to get also the vars > used in functions that weren't globalized? No, not unless you call this in the functions, also. The variables don't exist after the function is completed. ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] http referer
Sebastian wrote: ok, so i made a file manager and i need to prevent people from linking directly to files that do not come from another part of the site. i know i can use http_referer, but i wonder how fool proof it is, i dont want to spit out errors to a legit user that actually came from a valid page before trying to access the file url. some people have said http_referer is not always accurate. I wouldn't rely on http_referer at all. Why not start a session when people enter your site and ensure a valid session is created before your file manager serves the file? -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HOWTO read PHP source code into a textarea
Tim Burgan wrote: I was trying to use file(), with some problems.. thank you for your suggestions to use file_get_contents(). Perfect! You're all right, it works really well. I hope you didn't miss the mention of htmlentities(), also. If you did, then you'll figure it out the first time you try to load a file with the string "" in it, I guess. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quoting and $_POST['Name'] problem
zzapper wrote: Hi, It's been a long day, but what's wrong here?. echo $_POST['Location']; # good echo ""; echo "$_POST['Location']"; # bad nothing appears If you're going to display an array value within a string, put it in brackets. echo "my value: {$array['key']}"; This also works: echo "my value $array[key]"; but it's better to use the brackets so it's clear exactly what variable you are displaying. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] String validation
Ashley M. Kirchner wrote: How can I check that a string is no more than 6 characters long and only contains alpha characters (no numbers, spaces, periods, hyphens, or anything else, just letters.) if(preg_match('/^[a-zA-Z]{0,6}$/',$string)) { echo 'good'; } else { echo 'bad'; } Change to {1,6} if you want to ensure the string isn't empty. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Help with a query please - unable to error check!
Shaun wrote: I have a problem with a query, I get the following error message: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 23 If I echo the query to the screen and run the query to the database via SSH it executes correctly. Does anyone have any ideas on what else I can check for here? Check for the actual query you're using. If Query X gives the above error when run in PHP, then copy and pasting it into the command line will give the same error. Maybe you're not echoing/running the right query? Errors like that are normally caused by a variable being empty. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Unable to load dynamic library 'C:\PHP\ext\php_mssql.dll'
[EMAIL PROTECTED] wrote: I have solved this problem before but cannot remember how. The php.ini is set up any ideas?? Make sure libmysql.dll is in the windows or windows/system32 directory. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Creating a varable with a name held in a string
Randy Johnson wrote: I like to do this: foreach( $row as $key=>$val) { $$key = $row[$key]; } You're just recreating a slower version of extract()... -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Creating a varable with a name held in a string
Ben Edwards (lists) wrote: I have the following code;_ $sql = "select * from text where id= '$id' "; $row = fetch_row_row( $sql, $db ); $img_loc= $row["img_loc"]; $text_type = $row["text_type"]; $seq= $row["seq"]; $rec_type = $row["rec_type"]; $section= $row["section"]; $code = $row["code"]; $repeat = $row["repeat"]; $description= $row["description"] ); $text = $row["text"] ); Was wondering if there was a clever way of doing this with foreach on $row. something like foreach( $row as $index => value ) { create_var( $index, $value ); } So the question is is there a function like create_var which takes a string and a value and creates a variable? I think extract() is what you're after. Just note that the quickest way to do things isn't always the best. Is $description going to be shown to the users? How are you protecting it so that it doesn't contain HTML/JavaScript code? Is any of this going into form elements? How are you preparing it so that a double/single quote doesn't end the form element? Just pointing out that although you can quickly create the variables you're after with extract(), there may still be other things you should do before you use them. Also, why are you wasting processing time creating $text instead of just using $row['text'] in whatever output you have? It's a few more characters to type, but it takes away one level of possible confusion when you come back to this code later. Just my $0.02. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mail() function
Bosky, Dave wrote: I can't seem to get the mail function to work. Is there a way to authenticate before sending mail, I believe this is my issue. No. Manuel will be along soon to tell you to look at the SMTP classes on phpclasses.org, though. ;) There are classes there that do this, so try them. Also in my php.ini file the parameter sendmail_path is empty. Is this a required parameter for sending mail? I'm using Windows/IIS. No, since you're not using sendmail on Windows. What are your SMTP settings in php.ini? -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Control Structures
Wil wrote: The following code is attempting to compare the salary to the four other pre-defined variables with if and else statements. So the final output should result in 4 different statements. [snip] if ($salary < maximum1); { Take out the semi-colon in the above line and others like it. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Connecting To Multiple MySQL Databases
Tony Di Croce wrote: OK... Here's a slightly different, but related question... Can database connection resources be serialiazed and re-used in a different script invocation? For example, can I open a DB connection, assign it to a $_SESSION[] variable and then later use it on a different page? Somehow, I doubt it... No. The connection is automatically closed at the end of the script if you don't do it yourself. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Connecting To Multiple MySQL Databases
NathanielGuy#21 wrote: I know this may be slightly off topic for a PHP listserv but I cant find my answer anywhere else. I start off generating a page connected to one database as a certain user and I call a script that requires a connection to a second database as a different user. Is there any way I could open that connection while maintaining the current one aswell? The connection of the script is opend and closed before any more of the other page is generated. Im not sure how to go about solving this problem other than rewriting my script. Any ideas? Yes, it's possible. That's why mysql_connect() returns a connection resource. So assign the result of each mysql_connect() to a different variable so you can keep them apart. It's also why mysql_query() accepts a connection parameter, so you can designate which connection the query is being sent to. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] simple question
Pagongski wrote: I have this function: function supscript($texto) { print("".$texto.""); } But when i do: print "2".supscript("3"); I get the "3" before the "2", how is that posible? Your function should return the value, not print it. The way you have it now, the function must be ran before the original string can be printed. That's why you see the 3 before the 2. function supscript($texto) { return "{$texto}"; } -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] escaping quotes
Giles wrote: Hi Guys Really simple question. How do I change the following: print("value='" . $attributes["messageSubject"] . "'"); to have double quotes around the subject field instead. i.e.: print("value="" . $attributes["messageSubject"] . """); print("value="\" . $attributes["messageSubject"] . "\""); print("value=\"{$attributes['messageSubject']}\""); Although, to prevent any vulnerabilities, you probably want: print("value="\" . htmlentities($attributes["messageSubject"]) . "\""); if you're not already doing so at some point. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Id_num = ""
Steve Marquez wrote: If I do the following, it gives me a blank page. However, instead of using the variable, if I put in $id_num = "191" Then it will display the information. view Use $_GET['id_num'] instead of $id_num and read up on the register_globals setting. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Get full url
Dmitry wrote: How? Dont tell me about simple solutions such as $_SERVER["HTTPS"] . $_SERVER["REMOTE_ADDR"] . $_SERVER["SERVER_PORT"] . $_SERVER["PHP_SELF"] . $_SERVER["QUERY_STRING"] I want get really good solution. I want a million dollars and hot redheaded twin mistresses... we don't always get what we want, do we? -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Echoing Variables Names
Phillip S. Baker wrote: I am generating some variable variables. I am interested for testing purposes in finding out the names of the variables that are actually being generated. Since I want to make sure that that my following conditional statements are working properly and the values are set. So is there a way to print out the name of the variables? I agree with the recommendation to just use an array. Variable variables are almost always just a workaround for an array. That being said, if you're creating the variable then you can create the name. If you're saying $a = 'x'; $b = 'y'; $c = 'z'; $xyz = 'foobar'; //Get name of "variable" $name = $a.$b.$c; // $name = "xyz" //Get value of variable $value = ${$a.$b.$c}; // $value = "foobar" Show some code if that doesn't clue you in. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Building key sequences from strings
Bruce Cooper wrote: I'm trying to set up a custom sort for multi-level [i.e. nested] arrays. The problem is I can't seem to get PHP to recognize syntax such as follows $test=$test_array.'[index][next]'; Maybe $test = ${$test_array.'[index][next]'}; -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: What program to use to make thumbnail images?
zerof wrote: John Holmes wrote: What do you guys recommend for making thumbnails from uploaded images? I know of the GD extension, Imagemagik and netpbm. Any other recommendations or opinions on which of the above work best with PHP? Thanks. -- Good choice, http://coppermine.sourceforge.net/demo/ Thank you for reading my question... oh wait... -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_REQUEST
Benjamin Edwards wrote: I am kind of assuming that $_REQUEST is and aggregate of $_POST, $_GET and $_FILES. Is this correct or are there differences. It's a combo of $_GET, $_POST and $_COOKIE. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] What program to use to make thumbnail images?
What do you guys recommend for making thumbnails from uploaded images? I know of the GD extension, Imagemagik and netpbm. Any other recommendations or opinions on which of the above work best with PHP? Thanks. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Website and Mozilla/Firefox
Lester Caine wrote: All of a sudden I am having problems with www.php.net, selecting download or manual flashes up the relevant page, and then it goes blank. It's doing it on three machines that have been accessing those pages fine for weeks, with both Firefox1 and Mozilla1.7, and nothing has been changed on the machines. If I switch to my gash client machine that has IE on, things are OK, and changing mirrors gives the same problem. I switched from using the us2.php.net mirror to the us4.php.net mirror and things were fine. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Php error with MySql
> From: "Wil Hitchman" <[EMAIL PROTECTED]> > > I get the following error > > Warning: mysql_num_rows(): supplied argument is not a valid MySQL result > resource in /home/wilmail/public_html/elblog.php on line 7 > &n=& //error ends here > > with the following bit of code > > $qResult = mysql_query ("SELECT * FROM blog_entries ORDER BY id DESC"); > > $nRows = mysql_num_rows($qResult); > $rString ="&n=".$nRows; Your query has failed for some reason, so $qResult is not a valid result set. Use mysql_error() to find out why. ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: XML Filters for illegal characters
Jones, Douglas 1 wrote: I think that a function just like htmlentities but one > that just removes characters that are illegal but can not > be fixed would be the ideal solution. How do you define what can and cannot be fixed, though? You'd have to know the "bad" characters and in that case, a simple str_replace() is all you need. $bad_characters = array('^','*','#'); $text = str_replace($bad_characters,'',$text); $text = htmlentities($text); Or, since you don't really know what's "bad" then you'd want to define what's good. You could use get_html_translation_table() to find everything that htmlentities() will convert and then combine those characters, alphanumeric characters and whitespace into a preg_replace to match anything that's *not* one of those characters and erase it. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Regular help
M. Sokolewicz wrote: > Uroš Gruber wrote: >> I need correct regular expression to get string between " >> >> but if I use 2 pair of " must also work >> >> "this is" "some kind" "of a test" >> >> matches would be >> >> this is >> some kind >> of a test > preg_match_all('/"(.+)"/U', $string, $result); If the text between quotes can include newlines, you'll want to use preg_match_all('/"(.+)"/Us', $string, $result); or what I replied with in my other post. :) -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Regular help
Uroš Gruber wrote: I need correct regular expression to get string between " but if I use 2 pair of " must also work "this is" "some kind" "of a test" matches would be this is some kind of a test preg_match_all('/"[^"]*"/',$text,$matches); [^"]* matches anything that is not a double quote -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] XML Filters for illegal characters
Jones, Douglas 1 wrote: I'm wondering if anyone knows of a filter > that can take data to be wrapped in XML tags > and filter this data encoding any illegal XML characters Have you tried htmlentities()? -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Register Globals=ON
HarryG wrote: Having register_globals=on and referring to variables as if($name){} or using $_GET & $_POST statements like if(isset($_GET['name']))? What is the main advantage/disadvantage in both cases. Doesn't matter if it's on or off, really. 1) Don't trust any input from the user 2) Always initialize any variables you use Follow those two rules and you can program secure programs that will not depend upon register globals. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Total Server Sessions
HarryG wrote: Is there an easier way to count the total number of sessions running on a PHP webserver? something like session_count(); I've seen some php site where it tells you how many people are currently online, which I guess is being done by keeping a count of total sessions running on the server $num_sessions = count(glob(session_save_path() . '/sess_*')); echo "There are about {$num_sessions} active sessions."; It will be fairly active so long as your garbage collection is triggered fairly often. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to argue with ASP people...
mail.pmpa wrote: I used response.redirect in asp to avoid form re-submit, so I can have form handling functions and other related functions on the same file. new_customer_form.php : < form action="form_results.php" > Customer fills form and hits submit button. form_results.php : function validate_form_data(){ if true show_results(); } function show_results() {...} Now customer is on results page in show_results(). If he hits the Refresh button or Back then Forward buttons in he will be prompt to resubmit the form data or cancel. If I add header("Location: form_results.php") inside function validate_form_data() instead of calling function show_results() I can avoid this behaviour. I don't know if this is the right procedure, i am learning as I develop. This was a workaround for shopping cart and customer area form handling form handling code. Probably I'm doing it all wrong :) Yeah, this is a good method for a lot of form processing. It's as simple as having the processing/validating in one area and the form/error display in another. Once the form is accepted/rejected, you just header() redirect to the form or error page. Too easy and it prevents a lot of confusion for your users. And Robby thanks for the ob_start() tip! This is a workaround, really. Your code should be structured so that you can decide if you need to perform a redirect before any output is sent to the browser. If you're going to send them to another page, why would you have any output anyhow? Using templates sometimes forces you to do this, as you perform all of your business logic / PHP code before hand and then display the appropriate templates. If you need to send the user to another page, it's easy to do so at any point before your templates are shown. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Apache 2.0.52 / PHP 4.3.10 Integration Question...
Mark Charette wrote: Robin Getz wrote: I guess the question is - how to make a file that does not end in .php or have any extension, be understood as a php file? ForceType directive. I was thinking the same thing, but after doing some reading it seems Apache 2 uses a different method now (setinputfilter/setoutputfilter). Just acknowledging my mistake and passing this along for others, too. :) Happy new year. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Apache 2.0.52 / PHP 4.3.10 Integration Question...
Robin Getz wrote: I have a file named /www/projects which is a php script. When I type the url: www.site/projects/variable I want variable passed to the script "projects" I have the the http.conf set up as: SetInputFilter PHP SetOutputFilter PHP AcceptPathInfo On Which used to work with apache 2.0.40 and php 4.2.3 - but what happens now, is I actually get passed the php script back as text to the browser. All of the methods I've seen in the past used a "Forcetype" directive and PATH_INFO. ForceType application/x-httpd-php Is this SetInputFilter and SetOutputFilter the Apache2 equivilent of the Forcetype or another way of doing it? Have you tried Forcetype? -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to argue with ASP people...
mail.pmpa wrote: Can I do any session handling before calling header("Location: $url"); ? Yeah, sure. You just can't have any output before you redirect with a Location header (unless you use output buffering as a workaround). This is basic HTTP and ASP has to play by the same rules. If you can have output before Response.Redirect, then ASP is just doing the buffering for you before it sends a Location header. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Why extra slashes???
Wiberg wrote: Right now I'm creating a form that saves the text from a textarea to an array. That doesn't seem to be any problem. But when I save the contents, I get extra / ? http://us4.php.net/manual/en/ref.info.php#ini.magic-quotes-gpc -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Installing on Windows.... CGI v. ISAPI?
GH wrote: #2 which method is better to install PHP with IIS? ISAPI or CGI? ISAPI... no idea what it stands for though, but installing PHP that way will make it a module within the server instead of an .exe file that's loaded with each PHP request... -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [PHP-DB] How to process a query form with CHECKBOX Please help
S Kumar wrote: I have a database and one table in it deals with my patient information. Depending on their condition I divided their age groups into 3 categories. In my database a table patient_data has a column age_group and a patient can be any one of young, middle or old category. Now the possibility is that a user can selecct 1 or 2 or all three options. In the query form, I gave the option for a user as a check box. The piece of html code is as below: Age group Young Middle Old Problem: I want to capture the user options and create an SQL statement: > Select age_group from patient_data where age_group = > young and old ; Young Middle Old Then in your code: if(!empty($_GET['agegroup']) && is_array($_GET['agegroup'])) { $in = "'" . implode("','",$_GET['agegroup']) . "'"; $query = "SELECT * FROM table WHERE age_group IN ($in)"; } Next time just post this to php-general or php-db... no need to include both of them. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Making includes and requires safe.
> It uses search engines including Google, Yahoo and AOL to identify exploitable Web pages written in PHP that use the functions "include()" and "require()" in an insecure manner, K-OTik said. Exactly how is a worm going to know if I have include($crap) in my code by searching google? Is it searching source code on sourceforge or something? Is it targetting certain applications again? If so, why not tell us which ones so we can remove them until a fix is in place. Does anyone have any more details on this "new" worm? Eliminating the security flaws exploited by the newer versions of Santy involves no new tricks, and is simply a matter of applying long-known sound programming principles. That sums it up exactly. Poor programmers incorrectly using include() and require() will probably never go away. I could write the exact same article for any other web scripting language. So what's the point here? Nothing I've seen details how this worm is targetting my web server... Is this just more FUD against PHP? How many bosses are now going demand PHP be disabled or not installed on company machines because of all these "vulnerabilities" when it's really just poor programming like it's always been? -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] authentication
Ali wrote: can anyone lead me to a good tutorial on authentication...it wud be good if i can get a one in connection with a database.. $all_good = query("SELECT valid_user FROM table"); or use Google. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to set an absolute include path?
Brian Dunning wrote: Is there a command that will set the include path to the web server root? I'm trying to set up a directory structure where include files will be called from all different folder depths, so I'll need to call them absolutely like: include('/includes/file.php'); where the above will work no matter from which level it's called. Thanks... That should work from anywhere it's called because it's an absolute path, but I doubt you have an "includes" directory at the root level, do you? Either way, you can set the include path in php.ini, an .htaccess file or using ini_set(). -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Help with code
karl james wrote: Can you tell me why this code is not working? I get a query is empty at the moment. http://www.theufl.com/php/wrox_php/movie_details.phps Didn't we already see this once? From File: > $movie_query in mysql_query(); What kind of PHP code is that? You could really help yourself by telling us what query failed... what line it's on and only that line and a couple around it. Do you think a lot of other people are boring like me and going to read your code on Christmas? If you don't know what query is failing, then use more than mysql_error() in your die statements... $review_result = mysql_query($review_query) or die('Query to pull reviews has failed. Reason: ' . mysql_error()); -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] Problem of varibles between webpages
> From: [EMAIL PROTECTED] > Dear John, > > I have just test a sample through the link, but fail... > So, I'm check my php config ( ini file ), and would you mind to tell me which > setting must be disabled / enabled ? John is very helpful and loves to dedicate his time to helping new users. If you don't get a response within the next 10 minutes (he's always available), just continue to write him and ask him for help. It's the Christmas season, right??? Merry Christmas John, ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] Problem of varibles between webpages
> From: [EMAIL PROTECTED] > For table form format ( sample ), > > > > Your Name : maxlength="60"> > Address? maxlength="60"> > > > > "name" and "address" is varible, so how can we pass these two varible without > register_globals function ( actually it is disable ) to another webpage ? Did you read what I wrote? register_globals has nothing to do with how you pass variables. You create a form the same way with it ON or OFF... The difference is in how you access the variables in the PHP script. In this instance, since you haven't specified a method for your form, GET is assumed. So you can access the form variables in $_GET['name'] and $_GET['address']. If you used POST in your form method, then $_POST['name'] and $_POST['address'] can be used. Regardless of the method, you can use $_REQUEST['name'] and $_REQUEST['address']... catching on? ;) ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] Destroying session data
From: Philip Thompson <[EMAIL PROTECTED]> > On Dec 23, 2004, at 2:59 PM, Matt M. wrote: > > this might be coming into play: > > http://us4.php.net/session > > > > session.gc_maxlifetime integer > > > > session.gc_maxlifetime specifies the number of seconds after which > > data will be seen as 'garbage' and cleaned up. > > Okay, lemme see if I understand how it works. Even if it "sees" it as > garbage, it will not destroy it until the session has ended? or will > destroy when that time is reached? So can I set session.gc_maxlifetime > to be a low number (e.g., 10 seconds) and it will still behave > appropriately? Currently, it's set to the default - 1440. The gc_maxlifetime setting controls how "old" files can be before the garbage collection process deletes them, when it's actually started. This is why your file system must support atime as mentioned before. If the file has not been accessed in over 1440 seconds (by default) then if the garbage collection process is started, it'll be deleted. Like I said in my other post, though, there's only a 1% chance of the garbage collection process being started (by default). These old files you see are probably there because you don't have enough traffic to trigger garbage collection or your using a file system that doesn't support atime. ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] A serious bug? "or" operator gives out diffferent results dependin
> From: Comex <[EMAIL PROTECTED]> > > Uh.. $y is > 5. What an insightful post, but it depends on the value of $y, no? Maybe next time you'd like to post some of the original message so we know wtf you're talking about? I know what thread you're talking about... but what point are you trying to make that hasn't already been made obvious? ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Destroying session data
> From: Philip Thompson <[EMAIL PROTECTED]> > My question is: when the session is "logged out" or ended (via closing > the browser or however), should these data files (which look like > sess_fd983aedf93ceeioa8332890bcd, etc) not be destroyed? If not, is > there a way to automatically destroy them because I don't want to have > to go in each day/week/month and delete these session data files > manually? Are these data files considered to be cookies? They are not cookies and they should be deleted automatically by the garbage collection process. However, by default, there is only a 1% chance that the garbage collection process is triggered when a session is started. So, if this is a low traffic server, you may not have triggered garbage collection at all. They are not deleted automatically when the session is ended. You can up the probability, if you want, but I wouldn't worry too much about it. Or you can write your own session handler to handle deleting the files. ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A serious bug? "or" operator gives out diffferent results depending
> From: Bogdan Ribic <[EMAIL PROTECTED]> > Here's a little test script: > > > $x = 2; > $y = 10; > > $b1 = is_null($x) or ($y > 5); > $b2 = ($y > 5) or is_null($x); > > var_dump($b1); > var_dump($b2); > > > Obviously, it should be false for both $b1 and $b2, but the output is: > > bool(false) > bool(true) > > Is this a bug? I tried dumping values of two expressions, they are both > boolean and correct value. Tried assigning values to two temp vars and > then or-ing these two, and that gave correct results. = has a higher precedence than OR and OR is not the same as || http://www.php.net/manual/en/language.operators.php#language.operators.precedence So you should use $b1 = is_null($x) || ($y > 5); ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Checking Original URL
> From: The Disguised Jedi <[EMAIL PROTECTED]> > That runs all fine and dandy, but I want to check the absolute URL > that is calling it to make sure it is an approved URL. (For example, > I need the URL of the HTML file that contains the tag that is > requesting the image from the php script) $_SERVER['HTTP_REFERER'] should contain the script that's requesting the image, but it can be spoofed. Are you using sessions at all? You could start a session on the main page (that requests the images) and then check for the same session on the page that creates the images. If a session isn't created (a certain variable isn't set), then don't serve the image or serve something else. A fun thing to do if you have a lot of people hotlinking to your images is to set it up so it works for the first 10 minutes or so but then changes to serving some nasty gay porn image (after they've probably posted it to their site somewhere)... heh... but I digress... ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem of varibles between webpages
> From: [EMAIL PROTECTED] > After disable the globals varibles function... > Then how to transfer varibles between webpages with the following ways ? register_globals has nothing to do with how you pass variables... you still use the URL or forms. It only changes how you access them in PHP scripts, i.e. using $_GET['var'] instead of $var. > 1, Table form format. wtf is this? > 2, Hyperlink ( click and go to another webpage ) format. The variables passed in a URL are available in $_GET and $_REQUEST. > 3, upload file ( through php into database ). $_FILES ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] Compiling PHP Source guides
> OK, I guess I'll try to read the instructions again. I *have* tried > reading them on multiple occasions but its just greek to me. Then your next question to the list should be along the lines of: "I have tried the instructions at http://... I got to step X and couldn't get any further. I typed in xxx and expected to see xxx, but saw xxx. I'm using xxx as my OS and trying to compile PHP version xxx. Can anyone help me through the next step?" Good luck. :) ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] PHP Exploit via phpBB?
> Stop relying on RPMs and compile Apache + PHP from source. That way you can > get all the latest bugs. Hmmm... I hope you meant "fix" the latest bugs... ;) ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Strange issues with header output
> From: <[EMAIL PROTECTED]> > Hi there, I have been building a player script which outputs a windows > media asx playlist with theheader output type of video-ms-wmv. I have > experienced some wierd issues > when i use ifstatements at certain points with the header tag enclosed within > it, i get > unexpected results on themac plugin. "Playlist format is unrecognised" Ie > > if ($_SESSION['referer_checked']) { > > header(aplicationtype ...); > echo $asx_playtlist here > } > > Is there somehow that an if statement is adding stuff to the header when > it shouldnt be ? An IF statement isn't going to affect headers. There must be something else in your code doing the damage. Start printing things out or logging values to a file so you can track what's going on and what changes there are. The only way an IF could affect something is if you mistakenly put if($somevar = 'somevalue') which is an _assignment_ instead of an _equality_ check and always comes out true. Then if you used "$somevar" somewhere it's value may be messed up and corrupt your file or headers. ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] PHP Exploit via phpBB?
> From: John Nichel <[EMAIL PROTECTED]> > http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240513 wow... all this fuss because they ran urldecode() on something that was already decoded (and what they do with the data after the fact, of course)... ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] PHP Exploit via phpBB?
> From: "Ashley M. Kirchner" <[EMAIL PROTECTED]> > >I thought we all knew better than to use phpBB? > > > I'd be interested to know what other applications you suggest that > compares to phpBB. Just for my own curiosity. Invision Power Board or vBulletin. Yes, both cost money (now, at least) but they are cheap and worth it. Older versions of Invision Power Board were free, so you can use them if you can find them (my site came with v1.2 for free). Free is good, but take a look at the track record and make your own decisions. I'm also not saying that either of the above are better simply because you pay for them. They are simply better and worth the small cost ($70-80US) for a serious web site. I'd purchase IPB in a second if I had to pay for a forum. It really all comes to personal preference, though. ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] PHP Exploit via phpBB?
> From: John Nichel <[EMAIL PROTECTED]> > I'm currently going thru logs from previous days to see if I was getting > this 'attack' before upgrading to php v4.3.10 > > That's why I'm wanted to post this here...just in case it isn't phpBB > problem. Many people were trying to tie the vulnerabilities with PHP 4.3.9 to this attack the vulnerabilities in phpBB, but from what I read they were unrelated. Are you on a shared server at all? It may be possible that someone else got attacked and took everyone with them... ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Exploit via phpBB?
> From: John Nichel <[EMAIL PROTECTED]> > I haven't fully researched it yet, but our domains were just hacked, and > from the looks of it, the attack came in thru phpBB. Not keeping up with the news, eh? ;) There was a big discussion about this on slashdot and other news sites. The worm actually uses Google to search for sites "Powered by phpBB" and then attacks them. I thought we all knew better than to use phpBB? Why not just install phpNuke and some random guestbook and shell access script while you're at it?!?! ;) ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Replacing whole words only
> From: "Chris Boget" <[EMAIL PROTECTED]> > Is there a way to replace/remove *whole* words from a > phrase? For example: [snip] > $stringToParse = str_replace( $exceptionPhrase, '', trim( > $stringToParse )); Try this instead of str_replace() $stringToParse = preg_replace("/(^|\\W){$exceptionPhrase}(\\W|$)/i",'\\1',$stringToParse); ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] help with coding #3
> From: "karl james" <[EMAIL PROTECTED]> > Ok I will try the links again, sorry about the hassel, Did I miss the first part of this message? > http://www.theufl.com/movie_details.phps > > website > > http://www.theufl.com/php/wrox_php/movie_details.php > > Are you able to tshoot it and see whats going on? > > Im not able to get the code working. First thing I noticed is here: $movie_query = "SELECT * FROM movie WHERE movie_id ='".$_GET['movie_id']."'"; $movie_result = mysql_query($query,$link) or die(mysql_error()); Shouldn't that be $movie_query in mysql_query()?? ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] String parsing issue in PHP 4.3.10?
> You will notice > that the previous line also contains a '?>' sequence, so I'm confused > as to why this would "die" on one line but not the other? Or is this > some freak combination of comments and PHP tags? :-o It is, I guess. '; $b = ' ?> '; ?> will work just fine. If you try to comment out either line, though, the PHP processing will end at the ?> and spit out the rest as plain text. So, text can have as many ?> as you want and the only issue comes when you try to comment one of them out. ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: How to set register_globals=off in the script?
From: Jason Barnett <[EMAIL PROTECTED]> > Jerry Swanson wrote: > > I have PHP 5.1, is it possible in the code set register_globals=off > > for specific scripts. > > You can change this, and other php.ini directives, with the PHP function > ini_set No, you can't. register_globals cannot be set with ini_set and must be set in php.ini or an .htaccess file. ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to set register_globals=off in the script?
> From: Jerry Swanson <[EMAIL PROTECTED]> > I know that "register_globals = on" is not secure. bah... you can write secure scripts with it on or off. having it off by default simply helps to lessen some of the security issues that new programmers may not be aware of. > But one program > requires to use register_globals=on. So in php.ini register_globals is > set to on. > > I have PHP 5.1, is it possible in the code set register_globals=off > for specific scripts. > > So I want to keep PHP register_globals=on in php.ini, but in local > files set to off? > > How I can do this? You can use an .htaccess file to turn it on or off for directories. I don't think it works for individual scripts, though. ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] OT Re: [PHP] can I compile php source
> From: "Larry E. Ullman" <[EMAIL PROTECTED]> > Do you honestly think people are learning __anything__ > when you reply with a "Yes"? Yes. ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] String parsing issue in PHP 4.3.10?
> From: Steve Brown <[EMAIL PROTECTED]> > Unexpected results: > If line 16 (indicated below) is commented out, the '?>' in the string > on line 17 makes PHP stop parsing and the rest of the script is simply > dumped to stdout. If line 16 is NOT commented out, the '?>' is NOT > picked up as being a PHP tag and it parses the script as PHP. Quote: The one-line comment styles actually only comment to the end of the line or the current block of PHP code, whichever comes first. This means that HTML code after // ?> WILL be printed: ?> skips out of the PHP mode and returns to HTML mode, and // cannot influence that. If asp_tags configuration directive is enabled, it behaves the same with // %>. From: http://www.php.net/manual/en/language.basic-syntax.comments.php I remember running into this, also, so don't feel bad about not noticing it. ;) ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] This list is dying: was:can I compile php source OT
> Subject: [PHP] This list is dying: Wait.. has Netcraft confirmed it? FYI, I don't think the list is any different... ups and downs...it's always the same questions, flamers, newbies, etc. All that changes are the names. Whoever this "John Nichel" character is though should be banned... ;) ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] sanitizing/security
> From: "Sebastian" <[EMAIL PROTECTED]> > just a question, what is the best way to sanitize your scripts when you're > using $_GET or $_REQUEST in a query? > > eg, i usually just do: > > if(is_numeric($_REQUEST['id'])) > { > mysql_query("SELECT id FROM table WHERE > id=".intval($_REQUEST['id']).""); > } > > what about when the GET is text? just use htmlspecialchars? > just looking for some advice to help keep my apps secure. Sanitize it for what? Insertion into the database? Displaying to a user? Putting into an email? file? xml? There's no one solution for sanitizing, it's all a matter of what you're doing with the data and what you expect the data to be. If you expect the data to be an integer, then make it an integer. $input['value'] = (int)$_GET['value']; Now you can range check it or whatever. is_numeric() works, but will accept floating point and scientific numbers, by the way. You need addslashes() (or mysql_real_escape_string(), if appropriate) for text data going into the database. htmlspecialchars() or htmlentities() is appropriate for text that'll be shown to users on a web site. Text going into the headers of an email should normally be filtered for newlines so malicious users cannot inject additional headers. Shall I go on?? ;) ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How do I find my php.ini file?
Don wrote: Hi, Fedora Core 3, PHP 5.03, MySQL 4.17, Apache 2.0.52 Recent PHP installation. I created a phpinfo() page. When I display it in my browser, it says: Configuration File (php.ini) Path/etc Yet when I log on to my server and look for it in /etc, it is not there. How can I find it??? You don't have a php.ini file and PHP is using the defaults. If there was a php.ini file, it would be listed in the path, i.e. "/etc/php.ini" instead of just "/etc". Sample php.ini files are included with the source as php.ini-recommended and php.ini-dist (or file names that are close to that). Edit and rename to php.ini and place it in the path above (where PHP is expecting to find the file, /etc). -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] getting a date 25 years back
Merlin wrote: Hi there, I am trying to create a date which is 25 years back from today. The purpose of this is to be able to query a mysql database "date" field for columns smaller than this date. I tried this: $years = 25; $start_from = date("Y-m-d",strtotime("- ".$years." year")); Somehow it always ads the years instead of subtracting. Has anybody an idea on how to do that? You can use mktime() and subtract 25 from the year argument. Or just do it in your query... SELECT * FROM yourtable WHERE your_date_column < NOW() - INTERVAL 25 YEAR; -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Turn off "out of offfice" messages for the list, please
List, I'm sure many of us will be taking some time off for the holidays (if you aren't already). Just a friendly reminder to either 1) unsubscribe while you're gone (you won't miss much, trust me) or 2) set your notice to not reply to postings to the list. These get quite annoying after a while, if you can imagine. Yes, I know how to filter them to my Junk folder, but let's try to stop it at the source instead, eh? ;) Happy Holidays, -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] fopen/fpassthur
Sebastian wrote: Q> I hope you have some good data validation going on too :) I am not too sure about how secure it is. basically, the files are called by an ID eg, download?type=file&id=3 so i query the db to get check if its a valid id and get the filename from the db as well. if its not found it errors out.. i was under the impression that is more secure to get files by an id from db than doing something like download?file=filename.zip i am worried about security as i am not even sure if this method would allow people to download any file from the server. maybe if you have time you can look at the script for me and find any flaws While this method may not present a clear security danger, how does the data get into the database? If I can feed a "filename" of anything on your system that you blindly put in the database, then I can call it with an appropriate URL. So... you can trust data coming from your database only if it was trusted/validated/sanitized going in. :) -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] sharing info between websites with XML?
> From: p80 <[EMAIL PROTECTED]> > >> I have several website that use mysql as a database and I would like them > >>to access each other DB. The problem is that I can't connect to each other > >>mysql > >> DB so I'm looking for a way to do so. > > >Why aren't you able to connect to the other databases? > cause hosters forbid it. Then get another host or somewhere else to host your databases. Not a PHP issue, though. ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] empty() problem
Ahmed Abdel-Aliem wrote: Hi Group Members i have a problem with function empty() i use it to check if user entered the form fields and store it in array for example : if (empty($Game_rating)) $errors[] = "You didn't enter the Online Status for the Game."; the problem when the user enters 0 in the form field the empty function returns the error. Is $Game_rating supposed to be an integer? If so, then make it one and check for <= to zero. if(!isset($_Game_rating) || (int)$Game_rating <= 0) { $errors[] = "You didn't enter the Online Status for the Game."; } Now you _know_ $Game_rating is an integer above zero and is safe to display and/or put into a query. Simply checking for if($Game_rating == '') will throw notices on some setups about an undefined variable (depending upon error_reporting level) and will allow text through when it's supposed to just be an integer. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I need to pass vars to external cgi script ?
> From: "Dave Carrera" <[EMAIL PROTECTED]> > I need to send some vars to a cgi script. > > The script url is like this > > http://www.example.com/cgi-bin/script.cgi?var1=my_first_php_var;var2=my_seco > nd_php_var and so on. > > How do I send / call this script from inside my php script ? $file = fopen('http://www.example.com/cgi-bin/script.cgi?var1=my_first_php_var&var2=my_second_php_var&var3=...'); or $file = fopen("httpscript.cgi?var1=$phpvar1&var2=$phpvar2..."); although you'd want to urlencode() the PHP variables if you need something like the second method. ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] Close all open tags in HTML text
> From: "Richard Lynch" <[EMAIL PROTECTED]> > Matt Palermo wrote: > > but just make sure that ending > > tags exist, so it doesn't screw up the rest of the page. Strip tags would > > just wipe out the HTML rather than allowing it and ending it safely. > > Strip tags will allow you to wipe out *DANGEROUS* HTML which will make > your web server a source of problems not only to you, but to me as well. > > Please use strip_tags to allow only the tags you *NEED* the users to be > able to use. > > It will only take you seconds, and it will save you (and us) a lot of > grief in the long run. strip_tags() is a rather worthless function, if you ask me. It strips such evil code as or anything else surrounded by < and >. It's "allowed tags" attribute is misleading, also. You can think you're safe by allowing tags, but I can include onmouseover (or any other) events to trigger javascript and XSS attacks. You're better to roll your own solution or just run everything through htmlentities()/htmlspecialchars() and show the user exactly what they typed. I'm on a crusade against the use of strip_tags(), if you haven't figured that out yet. :) ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Forms and viewing Text Area
Ben C wrote: I have a form which has a text box which then stores in MySQL. When I write seperate paragraphs and try and then view what I wrote it lumps it all together in one paragraph when I echo. I am sure I am doing something simply wrong. Anyone have any ideas? The line breaks are preserved. If you look at the HTML source of your page, you'll see that. HTML does not render line breaks, though, you need tags. So using nl2br() or something similar would work. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Implementing database cache.
Bruno B B Magalhães wrote: Hi again guys, does anybody have am idea of witch are the required functions to implement a database query cache? What database are you using? I think most of the common ones already have a cache built into them that you'd just have to enable. That'd be the best route, imo. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Security Question with my password protected login script...
Richard Lynch wrote: Ian Gray wrote: My question is, how secure is this? I have the password, username etc in a MYSQL database but I haven't encrypted it (don't know how) The MySQL 'password' function at http://mysql.com would work. For something that is portable to non MySQL systems, you can use http://php.net/crypt You should not use the MySQL PASSWORD() function within your own applications. MD5() is a good alternative as it's implemented in many programs including PHP and MySQL. Other suggestions were good, though. :) -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PARSE ERROR, unexpected T_$VARIABLE
Robert Sossomon wrote: Parse error: parse error, expecting `T_VARIABLE' or `'$'' in c:\fourh\leadership\registration_post.php on line 29 [snip] $0405distoffice= $_POST['04_05_dist_office']; //line29 $0506distoffice= $_POST['05_06_dist_office']; Variable names cannot start with a number. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Please save me from insanity - PHP4 / OO
Ben wrote: class Ob { var $prop; } class Test { function setMe(&$ob) { $ob->prop = $this; } } $ob = new Ob(); $test = new Test(); $test->setMe($ob); if ($ob->prop) error_log("PHP is OK"); else error_log("PHP is a fucking MARE"); What is my problem here? Please help! How about you explain what you're trying to do instead of asking why some random code snippet doesn't work (according to you)? The code does "work" for me, btw... for whatever it's supposed to be doing. $ob->prop is now a "Test" object...which is what the code does... For example, if you added var $foo = 'bar'; to the Test object and then printed out $ob->prop->foo, you'd get 'bar'. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] record ID problem
Ahmed Abdel-Aliem wrote: i have a script which reads and edit and delete records from a database table. the proplem is i nthe ID field. when i delete a row the sequence of numbers still the same, i need a function which return the IDs in the form of 1 2 3 4 5 6 7 8 9 instead of 1 3 7 9, can anyone help me plz ? How about you describe what you're trying to do instead of what you think you need to accomplish it. If you need a continuous count, then use a variable and start a counter as you print out rows. If holes in your record ID column is messing up your application, you're using it for the wrong reasons. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Strange character conversion when converting XML by XSLT in PHP
Age Bosma wrote: I'm converting, or at least trying, one XML file to another XML format using XSLT parsing it with PHP. I'm using a lot of characters in the following style "& #34;", "& #42;", etc. (without the space, added now the prevent any conversion in this e-mail) in the XML file and I would like to keep it that way. PHP is converting every string like these to e.g. "&qout;" or "*". What can be done to prevent this conversion? As far as I understand this is default behaviour of the parser and can not be prevented. Personally I consider this a bug because what if I just want to use "& #34;" (without the space) as a normal string value? The parser shouldn't touch it at all. Can someone enlighten me a bit more on this one? :-) If you want a literal " in your data, then you should have ", iirc. Maybe you could run the data through a preparser to match "&#xx;" patterns and convert the & to & ?? -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Organisation of classes
Peter Lauri wrote: For the moment I have all my classes saved in a file called classes.php in a subdirectory /classes/. I have started to get to many classes in the same file. In java I do this the default way, just naming them myclass.class. Is there a similar way to do this so that I do not need to include every file as a .php class in every php that I want to use the class? Save each class into its own name.class.php file. As for the includes, if there are a lot of classes and you actually need _all_ of them loaded, then just make one "include.php" that includes all of the class files and then just add "include('include.php')" into each script that needs these classes. You should really take a look at what classes need to be loaded in each page, though. If you have 10 classes, but a page only uses 3 of them, then it's a waste of time to load those other 7 classes. That's basically what you're doing now with everything in one file. Think about using extra classes that load the others that are needed for specific functios. Load a "show" class that'll load 4 of the 10 classes needed for showing records, load an "edit" class that'll load 7 of the 10 classes needed for editing, etc... -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Date Manipulation
Christopher Weaver wrote: I've looked at the date functions in the manual but can't find what I need. All I want to do is add and subtract days without ending up with bogus date values. IOW, Nov. 29 + 7 days shouldn't be Nov. 36. Just a nod in the write direction would be great. mktime() or strtotime() -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Have I learned nothing .> Foreach()
Stuart Felenstein wrote: --- Marek Kilimajer <[EMAIL PROTECTED]> wrote: print_r($_SESSION['schools']); here Then finally on the transaction page, some pages down the road: and also print_r($_SESSION['schools']); here foreach($_SESSION['schools'] as $school) What have you find out? They don't exist. Then print_r($_POST) or print_r($_POST['schools']) and see what they contain. Are you sure you're using POST and not GET? Are you actually selecting any "schools" when you submit the form? If you aren't, then $_POST['schools'] won't exist. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Happy Thanksgiving
John Nichel wrote: Happy Turkey Day ladies and gents. Disclaimer : If you are not in the US, or do not celebrate Thanksgiving, you are still allowed to have a 'happy' day. ;) What's this got to do with PHP? I'm on a 1.4bps connection and it took me all day to download your message. For each email I get my ISP requires me to give away my first born in order to read it! You are wasting my time. My religion forbids any king of thanks, so now I have to spend the next 4 days in church and my ISP is going to charge me over 1200 dollars just to reply to you. Happy day my ass... -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Capturing phpinfo()
> From: "Ashley M. Kirchner" <[EMAIL PROTECTED]> > How can I stick phpinfo() at the bottom of a page in such a way that > it doesn't display the data in the page, but instead creates a log file > and dumps everything in there) The log file should either be appended > to every time, or if not, a unique one created every time (one per > transaction.) Is this even possible? Of course it's possible. Just fopen() a file at the end of the script, capture phpinfo() output with an output buffer (ob_start(), etc) and write it to the file. I can imagine the file getting very large very quick, though. Alternatively, you could put echo ''; or ob_start(); phpinfo(); $phpinfo = ob_get_contents(); ob_end_clean(); echo ""; (from memory, so functions might be slightly different)... ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [php] What does PHP mean?
John Taylor-Johnston wrote: I'm writing an article where I'm going to explain what PHP is in a short sentence. PHP once meant Personal Home Page, right? PHP, originally an anacronym for "Personal Home Page", is a textual, "general-purpose scripting language" (www.PHP.net) designed to collect and process data between HTML pages and the Internet. Any objections? There was an article someplace about Rasmus Lerdorf calling it such, in the beginning. (http://www.php.net/manual/en/history.php) (recursive acronym for "PHP: Hypertext Preprocessor") PHP/FI stands for "Personal Home Page / Forms Interpreter" and PHP stands for "PHP: Hypertext Preprocessor"... all of which is explained on the page you linked to... :/ -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Tabs or Spaces?
Ryan King wrote: I agree. I can't imagine that having more whitespace characters in a script will significantly effect the performance of said script. I would guess that there would always be more significant issues to deal with in regards to performance- php compiling and optimizing SQL queries being chief in my mind. Its silly and inefficient (work-wise) to optimize the small issues in programming. Just remember, "Premature optimization is the root of all evil." (Knuth) Wait... I'm writing an extension to remove spaces and convert double quotes to single and use echo instead of print... are you saying that's silly? Bah! -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] include files, ".php" or ".inc" ?
Perry Jönsson wrote: Does it make any difference if you include (include/require/include_once/require_once) files with extension ".inc" or ".php"? It makes no difference as far as PHP is concerned. You're just telling PHP what file to load. However, .inc files are generally served up as plain text if requested on their own. This means that anyone can view the PHP code (and possibly passwords?) they contain. So many people will just name them with a .php extension so nothing is returned to the user. This has it's own set of problems because now the files can be run out of context. Depending on your application, this could be a big issue; what if they could bypass your security measures by requesting files on their own? This is a fairly frequently asked question and the number one suggestion is always to place the files outside of your web root so they can not be requested through a browser at all. PHP can still include them, you just have to provide the correct path. Then you can give them any extension you want. This isn't always possible or ideal, though and then you have to resort to either naming them with .php extensions (and being aware of the issue discussed above) or relying on an .htaccess file to deny access to any .inc files (so people cannot view/run them out of context). .htaccess is not an entirely portable solution, though, so you have to take that into consideration also. Good luck with your decision. I personally use .inc.php (for visual reference of which ones are include files) and stay aware of what could happen if these files are run out of context. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Mysql Connect Help
Nathan Mealey wrote: The following line of code: mysql_connect('database','user','password'); [with values of course] Generates the following error: Fatal error: Call to undefined function: mysql_connect() in /var/www/html/phptest.php on line 3 My PHP info page says that PHP (4.3) was compiled with MySQL, and extensions_dir is correct (although the extensions_dir itself is empty, but I don't know if this matters). So PHP itself is working. When you say the "info page" do you mean the output from phpinfo()? Does that page show a box with the MySQL information or does it just show on the options line? I installed MySQL 4.1 from RPM (client and server RPMs) on Redhat 8.0 this morning. You should use the mysqli extension for MySQL 4.1. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What should I name my base class?
Brent Clements wrote: I know this probably doesn't matter, but what is the pretty standard naming convention for base class names? Should I name it "base.class", "main.class", or the name of my application, "application.class"? Application.class.php If you name it application.class, it'll more than likely be served up as plain text and "main" or "base" are too generic. You could end up with conflicts with other programs that haven't thought this out. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How do I get referer in php?
John Nichel wrote: M. Sokolewicz wrote: I'm sure he meant echo '',print_r($_SERVER,1),''; ---^---^ then... ;) hadn't noticed that param... I feel ashamed... :$ Didn't notice that those were commas and not periods either, eh? ;) Didn't notice the result is the same either way, eh? ;) -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How do I get referer in php?
M. Sokolewicz wrote: Chris W. Parker wrote: echo "",print_r($_SERVER),""; why are you echoing the result of print_r ?! The result is a boolean true or false. the actual output ON SCREEN is done from WITHIN the function automatically. Echoing the result is useless, and even more, it adds to confusion because of a '1' appearing all of a sudden on screen. I'm sure he meant echo '',print_r($_SERVER,1),''; then... ;) -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] unable to upload a directory using the web brower (HTTP).
> From: "Scott Fletcher" <[EMAIL PROTECTED]> > I found that on most web browsers, I can not upload the > folder via HTTP using hte web browser upload dialog box. > So, I can't use the php's function, is_uploaded_file and > move_uploaded_file. Because the web browser see the folder > as something to open with, like going down one directory. > So, any advice or suggestion?? You can't upload folders over HTTP, only files. ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html replyAll Description: null -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Simple XML
Octavian Rasnita wrote: Does anyone know if PHP has a library for getting the content of an XML file like XML::Simple in perl? In that perl library I can get the whole content of an XML file in a reference to an array of arrays of arrays... with only 3 lines of code. Is there such a simple method in PHP? Uhmm... SimpleXML? http://us2.php.net/simplexml -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Current URL?
Jason Paschal wrote: Trying to get the current viewed page's URL (query string intact). this works, but infrequently: $url = $_SERVER['URI']; How about $_SERVER['REQUEST_URI'] and this ignores the query string: $url = $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']; or you could add/check for $_SERVER['QUERY_STRING'] here. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php