Re: [PHP] placing values in html teaxtarea
textareas do not use the value attribute. instead, the value is placed between the textarea/textarea tags: textarea name=zoutput rows=20 cols=70 wrap /? echo $test; ?/textarea At 08:09 AM 7/12/2004, Hull, Douglas D wrote: After doing calculations etc on my data I am wanting to place it in a textarea form in html. I am having trouble getting my data to show up in my texarea. For example, say after all my calculations I my field called $test ends up containing This is a test. Here is what I tried: textarea name=zoutput rows=20 cols=70 wrap value=? echo $test; ? / /textarea I can add the $test to input like this but not a textarea. Name: input type=text name=zfname value=? echo $test; ?/ br Is this possible? Thanks, Doug -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] OO woes
$query = 'INSERT into aeMail set test=\''.$_POST[test].'\'';
Your quotes look screwy to me. You seem to be missing both trailing single
quotes.
try this:
$query = 'INSERT into aeMail set test=\'''.$_POST[test].'\''';
At 01:07 PM 7/12/2004, Matthew Sims wrote:
PHP version 5.0.0RC3 (cgi) (built: Jul 9 2004 13:18:24)
I'm just getting my feet wet with OO and have run into a problem that I'm
not familiar with...yet.
I have a class that does a database connection and query all together. It
all works nicely untiluntil my query has a word with quotes around it.
I've tried addslashes and mysql_escape_string but when I do I get a Fatal
Error. It occurs in the execute($query) function down below.
I'm also using the recommended php.ini file...magic quotes off and all.
*
class DB_Mysql {
protected $user; // Database username
protected $pass; // Database password
protected $dbhost;// Database host
protected $dbname;// Database name
protected $dbh; // Database handle
public function __construct($user, $pass, $dbhost, $dbname) {
$this-user = $user;
$this-pass = $pass;
$this-dbhost = $dbhost;
$this-dbname = $dbname;
}
protected function connect() {
$this-dbh = mysql_connect($this-dbhost, $this-user, $this-pass);
if (!is_resource($this-dbh)) {
throw new Exception;
}
if (!mysql_select_db($this-dbname, $this-dbh)) {
throw new Exception;
}
}
public function execute($query) {
if (!$this-dbh) {
$this-connect();
}
// My $query has quotes in it
// I try to escape the quotes
$query = mysql_escape_string($query);
// It causes an error
$ret = mysql_query($query, $this-dbh);
if (!$ret) {
// An Exception error is thrown
throw new Exception;
} elseif (!is_resource($ret)) {
return TRUE;
} else {
$statment = new DB_MysqlStatement($this-dbh, $query);
return $statement;
}
}
}
*
My query statement is:
$query = 'INSERT into aeMail set test=\''.$_POST[test].'\'';
I call the class as follows:
$dbh = new DB_Mysql(user,passwd,localhost,test);
$query = 'INSERT into aeMail set test=\''.$_POST[test].'\'';
$dbh-execute($query);
If the $_POST variable does not contain any quotes, the class works
perfectly. But whenever quotes are passed through, I get the following
error:
Fatal error: Uncaught exception 'Exception' in
/www/htdocs/classes/db_class.php:53 Stack trace: #0
/www/htdocs/letter.php(51): DB_Mysql-execute('INSERT into aeM...') #1
{main} thrown in /www/htdocs/classes/db_class.php on line 53
--Matthew Sims
--http://killermookie.org
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Malicious SQL
For example, if you are not quoting your criteria: sql = mysql_query(select * from users where name=.$name); if someone enters the following in the name field, you're toast: Jim; delete from users; on the contrary: sql = mysql_query(select * from users where name='.$name.'); will simply look for a user with a name of Jim; delete from users; and return no results found. This is just one example. Your queries look fine. At 08:58 AM 7/7/2004, Gabe wrote: Can someone help me understand how people are able to use SQL maliciously if you don't protect against it in PHP? For example, I've written a very simple search SQL statement that takes the value of a variable for the search criteria ( from a webpage form ). I don't understand how someone could enter an SQL statement that could be malicious. Here's the SQL statement that I run once I have the search criteria stored in $strCriteria: SELECT autoQuesID, fldQuesTitle, fldBody FROM tblFAQ_Question WHERE (blnHidden = FALSE AND ((fldBody LIKE '%$strCriteria%') OR (fldQuesTitle LIKE '%$strCriteria%'))); I know in general that protecting against someone entering SQL is a must . So I guess I'm just wondering if anyone has any real-world experience with how people can take advantage of SQL and forms. Thanks! Gabe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] binary data over UDP with PHP?
I use the following without problem:
$fp = fsockopen(udp://www.server.com, 24250, $errno, $errstr, .2);
if (!$fp) {
$status = Server not available;
} else {
$trigger =
chr(hexdec('FF')).chr(hexdec('FF')).chr(hexdec('01')).chr(hexdec('00'));
fwrite($fp,$trigger); # Send trigger to the
status server
$junk = fread($fp, 4); # discard echoed command
from status server
}
Keith
At 04:23 PM 7/7/2004, coder_1024 wrote:
I'm trying to send some binary data to a UDP server using PHP. The examples
I've been able to find show sending binary data over TCP, or they show
sending text over UDP.
I'm constructing the messages using the below:
$text_msg = Hello, World\r\n;
$binary_msg = chr(0x01).chr(0x02).chr(0x00).chr(0xAD);
$binary_msg_size = 4;
I've tried a couple methods of sending the data:
$fp = fsockopen(udp:// . $host,$port,);
fwrite($fp,$binary_msg,$binary_msg_size);
and
$sock = socket_create(AF_INET,SOCK_DGRAM,SOL_UDP);
socket_sendto($sock,$binary_msg,$binary_msg_size,0,$host,$port);
In either case, a UDP packet is sent, but with a zero data size. If I
instead send the $text_msg, it works as expected. For some reason sending
the binary data doesn't work.
Does anyone have insight into how to send binary data over UDP using PHP?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] images outside of document root
I use a system like that described below, however I added some checks to
thwart attack.
first, the image serving script checks to make sure the user has a session
id. This prevents people just loading the script to get the images, and
also deters hot linking.
second, I have a script that runs once an hour and generates a random word
and saves it to a text file. That file is read by the page that calls the
image serving script, and the word contained within is md5 hashed, then
passed to the image serving script like this:
img src='imgserv.php?i=joe.jpgh=fc5e038d38a57032085441e7fe7010b0' border=0
the image serving script then loads the same text file, hashes the word
within and compares the hashes. If they don't match, the link is over an
hour old and the image isn't served.
I know there are circumstances where an image can be hotlinked and
viewable, but the hotlink only works for an hour, and only for people who
have actually visited my site during their current browser session, and
this I can live with.
Keith
At 01:20 PM 7/6/2004, Dennis Gearon wrote:
I may do that, but the 'showimage.php' file then has to be in the document
root, and can be attacked a LOT.
I have found ways to do inline images, without javascript, I believe.
Curt Zirzow [EMAIL PROTECTED] wrote:
* Thus wrote Dennis Gearon:
I want to keep an entire library OUTSIDE of the document root. The
library includes some imgages. How can I have the browser include the imageges?
I've hard of BASE64'ing the images into the header and decoding them
using javascript. Is this the best way? Where is code to do that?
no, its probably the worst way.
To have the browser reference images outside the document root
you'll have to create a php wrapper function that decides on what
to do:
img src=/showimage.php?file=foobar.jpg
showimage.php:
?php
$file = $_GET['file'];
// authentication if needed...
// check for valid file, etc..
header('Content-Type: image/jpeg'); // send right content type
readfile($path_outside_docroot . $file);
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] include question
Aaron,
I copied your code to a test file called test.php and created the following
pages as dummy includes:
verify_faculty_info.php, functions.php and accesscontrol.php
in functions.php, I created a dummy search function:
function search(){
return Found!BR;
}
in verify_faculty_info.php, I made a call to the search function thusly:
echo search();
the test page, when called with the action=verify outputs the following:
verifying nowFound!
Found!
If you are not getting the output you are expecting, it probably isn't
because of a function not being available, but more like variables are not
available to the function.
Are you getting any error messages at all?
Keith
At 08:31 AM 6/21/2004, Aaron Axelsen wrote:
Below is the chunk of code i am using. In the verify_faculty_info.php
file i call the search function. The search function is coded in the
function.php file which is included in the accesscontrol.php.
I thought that it would carry over to the verify_Faculty_info.php file.
Was I mistaken?
Thanks
?php
include('accesscontrol.php');
if (isset($_GET['action'])){
if ($_GET['action'] == add $_SESSION['role'] == 1) {
include('includes/add_product.php');
} elseif ($_GET['action'] == verify) {
echo verifying now;
search();
include('includes/verify_faculty_info.php');
} else {
echo action asked for is not specified;
}
} else {
echo action is not specified;
}
?
--
Aaron Axelsen
aim: aaak2
email: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: What's this
This stuff is common in PHPbb. Usually you will find the constants like
that located in the template files. The definitions for those constants are
usually found in the php file associated with that template file. For example,
if you found form method=post action={S_MODE} in
/templates/subsilver/memberlist_body.tpl, the definition for that constant
would probably be found in /memberlist.php, like this:
'S_MODE' = append_sid(memberlist.$phpEx))
Hope this helps.
Keith
At 05:30 AM 6/17/2004, Pieter from SA wrote:
This type of action is used in a lot of files in PHPbb.
I need to change someting in the Jump to at the bottom of Search and
memberlist pages.
Pieter From Sa [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hi
This has me confused, is this Java or a php class, a constant or what?, i
have never seen this kind of action.
form method=post action={S_MODE}
In what type of file will i find the S_MODE.
Thanks
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] src=test.php
I don't think there is a standard for the extensions of these files. In fact, this page: http://www.w3c.org/TR/CSS1#basic-concepts uses a url of http://style.com/cool; as an example of an external style sheet. Also, I use a .php file as a javascript include on my site. The script is included on other websites as a js include as well so others can see what's new on my site. I haven't had any problems or complaints so far. At 10:58 AM 6/16/2004, Chris W. Parker wrote: Gerben mailto:[EMAIL PROTECTED] on Wednesday, June 16, 2004 10:38 AM said: I wondering how browsers handle the following html-codes: link rel=stylesheet src=style.php / and script type=text/javascript src=code.php/script are there any browser that will choke in it because the files don't have the appropriate (.css and .js) extension? although i don't have an answer specifically, you might try having your webserver process .js and .css files just like it would .php files. that way you can use the correct extensions in your html and *still* have the web server do what you want it to do. chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What is white space
It's not a bug. Anything (including spaces, newlines etc) that is not inside ? and ? is output directly to the browser. At 03:49 PM 11/15/2003, you wrote: Robert Cummings wrote: FYI, if you're woprried about the header cannot be sent due to output... error, then if your file only has code and no HTML, then you can omit the ? tag at the end of your script. This solves countless issues with there being a space, a tab, a newline, or any whitespace after the closing tag. And when that bug is fixed? -- The above message is encrypted with double rot13 encoding. Any unauthorized attempt to decrypt it will be prosecuted to the full extent of the law. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Alternet row colors
It's so much easier to use the mod (%) operator:
using the mod operator, you can check if a variable is divisible by some
other number without leaving a remainder.
For this example, we want to change every other row, so we would compare
our $count against 2 to see if it leaves a remainder:
$bg = ($count%2==0) ? #00 : FF;
What this line does is FIRST, it checks to see if $count/2 leaves no
remainder. If this is true, it sets the $bg var to #00
If it is false, it sets $bg to #FF
It only requires the addition of one line of code, and to replace your row
background color with a php variable.
Also, you don't need to use printf(), since you aren't specifying any
formatting.
See code below:
code:---
$result = mysql_query(SELECT * FROM albums where id 15);
$Count = @mysql_num_rows($result);
echo table border=1 cellpadding=3 cellspacing=0 bordercolor='#00'\n;
echo trtd bgcolor='#66'ID/tdtd
bgcolor='#66'ARTIST/tdtd bgcolor='#66'TITLE/tdtd
bgcolor='#66'LABEL/tdtd bgcolor='#66'PRICE/td/tr\n;
for ($count = 0; $count $Count; $count++) {
// Extract post details from database
$myrow = mysql_fetch_array($result);
$id = $myrow ['id'];
$artist = $myrow ['artist'];
$title = $myrow ['title'];
$label = $myrow ['label'];
$price = $myrow ['price'];
$bg = ($count%2==0) ? #00 : FF;
echo tr
bgcolor='.$bg.'td$id/tdtd$artist/tdtd$title/tdtd$label/tdtd£$price/tr\n;
}
echo /table\n;
At 01:08 PM 11/15/2003, you wrote:
Well, first of all Ill just scrap you script since this one is so easy
its better to do it from scratch.
OK, somewhere in your script you have the code that accually
aoutputs the tables you are working with. Im refferring to lines
here, and Im meaning the bottom of this document which is
the scipt you posted, and I have numbered the lines.
Overview of your script.
Line 5 - we print out the table header
Line 11 - 23 is the loop which prints out all the lines, or rows.
Line 24 closes the table.
So what we have to do?
First we need to declare the values we want to use as backround
colours, lets use logical names :
(fig a)
$backcolor1=#fafafa;
$backcolor2=#c0c0c0;
$backcolor=$backcolor1;// we assign color 1
This code has to be written before the loop starts, so somewhere
before line 11.
In the loop (11-23) we need to switch between the colours where
we write the colour of the tr. So we write something like :
(fig b)
echo 'tr style=background-color:' . $backcolor . ';';
// continue with the rest of td... /td/tr here
// which is - your code.
This will print out the first background color, nice. Now we need it
to switch color, so we need to add a little logic. This will be inserted
right before the loop ends (infact, you can put it where ever you like
aslong as its in the loop).
(fig c)
if($backcolor=backcolor1)
$backcolor=$backcolor2;
else
$backcolor=$backcolor1;
As you see above the logic is quite simple, if the color is 1 - we set it
to 2,
else we set it to 1. If you think of it, if you process this logic over and
over again
you will infact get 1, 2, 1, 2, 1, 2, 1, 2 all the time, :) Nice!
There you have it, and I hope you got the hang of it.
To take your code and implement my colorswither all you need to do is,
1. On line 21 replace #00 width $backcolor
2. Insert the logic (figc), all lines, into line 19
3. Place fig a in line 4.
--
Kim Steinhaug
---
There are 10 types of people when it comes to binary numbers:
those who understand them, and those who don't.
---
The code for return the top ten result is :
1 $result = mysql_query(SELECT * FROM albums where id 15);
2
3 $Count = @mysql_num_rows($result);
4
5 echo table border=1 cellpadding=3 cellspacing=0
6 bordercolor='#00'\n;
7echo trtd bgcolor='#66'ID/tdtd
8 bgcolor='#66'ARTIST/tdtd bgcolor='#66'TITLE/tdtd
9 bgcolor='#66'LABEL/tdtd bgcolor='#66'PRICE/td/tr\n;
10
11 for ($count = 0; $count $Count; $count++) {
12 // Extract post details from database
13$myrow = mysql_fetch_array($result);
14 $id = $myrow ['id'];
15 $artist = $myrow ['artist'];
16 $title = $myrow ['title'];
17 $label = $myrow ['label'];
18 $price = $myrow ['price'];
19
20 printf(tr
21bgcolor='#00'td$id/tdtd$artist/tdtd$title/tdtd$label/t
d
22td£$price/tr\n);
23}
24 echo /table\n;
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What is white space
Yep. It allows you to only use php where needed, and use HTML for the rest. At 04:02 PM 11/15/2003, you wrote: On Sat, 2003-11-15 at 18:49, Leif K-Brooks wrote: Robert Cummings wrote: FYI, if you're woprried about the header cannot be sent due to output... error, then if your file only has code and no HTML, then you can omit the ? tag at the end of your script. This solves countless issues with there being a space, a tab, a newline, or any whitespace after the closing tag. And when that bug is fixed? Isn't that a feature? Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What is white space
Ok, you're getting into semantics now. http://www.php.net/manual/en/language.basic-syntax.php doesn't say whether it is acceptable or not, but as Robert pointed out, if your script is purely php, omitting it is a good way of eliminating the headache of trailing white spaces that may interfere with headers. Keith At 04:41 PM 11/15/2003, Leif K-Brooks wrote: Keith Greene wrote: That's not a bug either. Leaving out the ? is simply telling the php parser that it has to parse the rest of the script. Where's the manual page saying that's allowed? -- The above message is encrypted with double rot13 encoding. Any unauthorized attempt to decrypt it will be prosecuted to the full extent of the law. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php Losing apache environment vars
Greetings list, I have run into a problem that has me at my wits end. We run an affiliate program, and have forum software (phpBB) wrapped in our menu system. There are 2 sides to the site, Affiliates and Admin, and I have 2 installs of the board using the same database. This all works fine. The mind-boggling problem is that while the board works perfectly from the Affiliate side of the site, it exhibits some strange behavior from the Admin side of the site. In particular, we are using an apache environment variable to point to our includes directory, and any time an http post is made from the admin side of the board, php loses the environment vars and throws all kinds of errors about not being able to find the includes. The only difference between the Affiliate and Admin sides is the include used for the actual menu, though the only difference in those files is the actual links that make up the menu. I have never seen this behavior, and was wondering if anyone has seen anything like it before, and possibly found a solution. We are running php 4.3.2, Apache 1.3.26 on FreeBSD 4.5. Any help would be very appreciated. Keith -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php Losing apache environment vars
After restarting apache, the error is gone. Still not sure what was causing it. The site was running fine to begin with, and the environment vars have been in use for over a year throughout the site. Keith At 12:56 PM 11/10/2003, Keith Greene wrote: Greetings list, I have run into a problem that has me at my wits end. We run an affiliate program, and have forum software (phpBB) wrapped in our menu system. There are 2 sides to the site, Affiliates and Admin, and I have 2 installs of the board using the same database. This all works fine. The mind-boggling problem is that while the board works perfectly from the Affiliate side of the site, it exhibits some strange behavior from the Admin side of the site. In particular, we are using an apache environment variable to point to our includes directory, and any time an http post is made from the admin side of the board, php loses the environment vars and throws all kinds of errors about not being able to find the includes. The only difference between the Affiliate and Admin sides is the include used for the actual menu, though the only difference in those files is the actual links that make up the menu. I have never seen this behavior, and was wondering if anyone has seen anything like it before, and possibly found a solution. We are running php 4.3.2, Apache 1.3.26 on FreeBSD 4.5. Any help would be very appreciated. Keith -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
