Re: [PHP] placing values in html teaxtarea
textareas do not use the value attribute. instead, the value is placed between the textarea/textarea tags: textarea name=zoutput rows=20 cols=70 wrap /? echo $test; ?/textarea At 08:09 AM 7/12/2004, Hull, Douglas D wrote: After doing calculations etc on my data I am wanting to place it in a textarea form in html. I am having trouble getting my data to show up in my texarea. For example, say after all my calculations I my field called $test ends up containing This is a test. Here is what I tried: textarea name=zoutput rows=20 cols=70 wrap value=? echo $test; ? / /textarea I can add the $test to input like this but not a textarea. Name: input type=text name=zfname value=? echo $test; ?/ br Is this possible? Thanks, Doug -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] OO woes
$query = 'INSERT into aeMail set test=\''.$_POST[test].'\''; Your quotes look screwy to me. You seem to be missing both trailing single quotes. try this: $query = 'INSERT into aeMail set test=\'''.$_POST[test].'\'''; At 01:07 PM 7/12/2004, Matthew Sims wrote: PHP version 5.0.0RC3 (cgi) (built: Jul 9 2004 13:18:24) I'm just getting my feet wet with OO and have run into a problem that I'm not familiar with...yet. I have a class that does a database connection and query all together. It all works nicely untiluntil my query has a word with quotes around it. I've tried addslashes and mysql_escape_string but when I do I get a Fatal Error. It occurs in the execute($query) function down below. I'm also using the recommended php.ini file...magic quotes off and all. * class DB_Mysql { protected $user; // Database username protected $pass; // Database password protected $dbhost;// Database host protected $dbname;// Database name protected $dbh; // Database handle public function __construct($user, $pass, $dbhost, $dbname) { $this-user = $user; $this-pass = $pass; $this-dbhost = $dbhost; $this-dbname = $dbname; } protected function connect() { $this-dbh = mysql_connect($this-dbhost, $this-user, $this-pass); if (!is_resource($this-dbh)) { throw new Exception; } if (!mysql_select_db($this-dbname, $this-dbh)) { throw new Exception; } } public function execute($query) { if (!$this-dbh) { $this-connect(); } // My $query has quotes in it // I try to escape the quotes $query = mysql_escape_string($query); // It causes an error $ret = mysql_query($query, $this-dbh); if (!$ret) { // An Exception error is thrown throw new Exception; } elseif (!is_resource($ret)) { return TRUE; } else { $statment = new DB_MysqlStatement($this-dbh, $query); return $statement; } } } * My query statement is: $query = 'INSERT into aeMail set test=\''.$_POST[test].'\''; I call the class as follows: $dbh = new DB_Mysql(user,passwd,localhost,test); $query = 'INSERT into aeMail set test=\''.$_POST[test].'\''; $dbh-execute($query); If the $_POST variable does not contain any quotes, the class works perfectly. But whenever quotes are passed through, I get the following error: Fatal error: Uncaught exception 'Exception' in /www/htdocs/classes/db_class.php:53 Stack trace: #0 /www/htdocs/letter.php(51): DB_Mysql-execute('INSERT into aeM...') #1 {main} thrown in /www/htdocs/classes/db_class.php on line 53 --Matthew Sims --http://killermookie.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Malicious SQL
For example, if you are not quoting your criteria: sql = mysql_query(select * from users where name=.$name); if someone enters the following in the name field, you're toast: Jim; delete from users; on the contrary: sql = mysql_query(select * from users where name='.$name.'); will simply look for a user with a name of Jim; delete from users; and return no results found. This is just one example. Your queries look fine. At 08:58 AM 7/7/2004, Gabe wrote: Can someone help me understand how people are able to use SQL maliciously if you don't protect against it in PHP? For example, I've written a very simple search SQL statement that takes the value of a variable for the search criteria ( from a webpage form ). I don't understand how someone could enter an SQL statement that could be malicious. Here's the SQL statement that I run once I have the search criteria stored in $strCriteria: SELECT autoQuesID, fldQuesTitle, fldBody FROM tblFAQ_Question WHERE (blnHidden = FALSE AND ((fldBody LIKE '%$strCriteria%') OR (fldQuesTitle LIKE '%$strCriteria%'))); I know in general that protecting against someone entering SQL is a must . So I guess I'm just wondering if anyone has any real-world experience with how people can take advantage of SQL and forms. Thanks! Gabe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] binary data over UDP with PHP?
I use the following without problem: $fp = fsockopen(udp://www.server.com, 24250, $errno, $errstr, .2); if (!$fp) { $status = Server not available; } else { $trigger = chr(hexdec('FF')).chr(hexdec('FF')).chr(hexdec('01')).chr(hexdec('00')); fwrite($fp,$trigger); # Send trigger to the status server $junk = fread($fp, 4); # discard echoed command from status server } Keith At 04:23 PM 7/7/2004, coder_1024 wrote: I'm trying to send some binary data to a UDP server using PHP. The examples I've been able to find show sending binary data over TCP, or they show sending text over UDP. I'm constructing the messages using the below: $text_msg = Hello, World\r\n; $binary_msg = chr(0x01).chr(0x02).chr(0x00).chr(0xAD); $binary_msg_size = 4; I've tried a couple methods of sending the data: $fp = fsockopen(udp:// . $host,$port,); fwrite($fp,$binary_msg,$binary_msg_size); and $sock = socket_create(AF_INET,SOCK_DGRAM,SOL_UDP); socket_sendto($sock,$binary_msg,$binary_msg_size,0,$host,$port); In either case, a UDP packet is sent, but with a zero data size. If I instead send the $text_msg, it works as expected. For some reason sending the binary data doesn't work. Does anyone have insight into how to send binary data over UDP using PHP? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] images outside of document root
I use a system like that described below, however I added some checks to thwart attack. first, the image serving script checks to make sure the user has a session id. This prevents people just loading the script to get the images, and also deters hot linking. second, I have a script that runs once an hour and generates a random word and saves it to a text file. That file is read by the page that calls the image serving script, and the word contained within is md5 hashed, then passed to the image serving script like this: img src='imgserv.php?i=joe.jpgh=fc5e038d38a57032085441e7fe7010b0' border=0 the image serving script then loads the same text file, hashes the word within and compares the hashes. If they don't match, the link is over an hour old and the image isn't served. I know there are circumstances where an image can be hotlinked and viewable, but the hotlink only works for an hour, and only for people who have actually visited my site during their current browser session, and this I can live with. Keith At 01:20 PM 7/6/2004, Dennis Gearon wrote: I may do that, but the 'showimage.php' file then has to be in the document root, and can be attacked a LOT. I have found ways to do inline images, without javascript, I believe. Curt Zirzow [EMAIL PROTECTED] wrote: * Thus wrote Dennis Gearon: I want to keep an entire library OUTSIDE of the document root. The library includes some imgages. How can I have the browser include the imageges? I've hard of BASE64'ing the images into the header and decoding them using javascript. Is this the best way? Where is code to do that? no, its probably the worst way. To have the browser reference images outside the document root you'll have to create a php wrapper function that decides on what to do: img src=/showimage.php?file=foobar.jpg showimage.php: ?php $file = $_GET['file']; // authentication if needed... // check for valid file, etc.. header('Content-Type: image/jpeg'); // send right content type readfile($path_outside_docroot . $file); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] include question
Aaron, I copied your code to a test file called test.php and created the following pages as dummy includes: verify_faculty_info.php, functions.php and accesscontrol.php in functions.php, I created a dummy search function: function search(){ return Found!BR; } in verify_faculty_info.php, I made a call to the search function thusly: echo search(); the test page, when called with the action=verify outputs the following: verifying nowFound! Found! If you are not getting the output you are expecting, it probably isn't because of a function not being available, but more like variables are not available to the function. Are you getting any error messages at all? Keith At 08:31 AM 6/21/2004, Aaron Axelsen wrote: Below is the chunk of code i am using. In the verify_faculty_info.php file i call the search function. The search function is coded in the function.php file which is included in the accesscontrol.php. I thought that it would carry over to the verify_Faculty_info.php file. Was I mistaken? Thanks ?php include('accesscontrol.php'); if (isset($_GET['action'])){ if ($_GET['action'] == add $_SESSION['role'] == 1) { include('includes/add_product.php'); } elseif ($_GET['action'] == verify) { echo verifying now; search(); include('includes/verify_faculty_info.php'); } else { echo action asked for is not specified; } } else { echo action is not specified; } ? -- Aaron Axelsen aim: aaak2 email: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: What's this
This stuff is common in PHPbb. Usually you will find the constants like that located in the template files. The definitions for those constants are usually found in the php file associated with that template file. For example, if you found form method=post action={S_MODE} in /templates/subsilver/memberlist_body.tpl, the definition for that constant would probably be found in /memberlist.php, like this: 'S_MODE' = append_sid(memberlist.$phpEx)) Hope this helps. Keith At 05:30 AM 6/17/2004, Pieter from SA wrote: This type of action is used in a lot of files in PHPbb. I need to change someting in the Jump to at the bottom of Search and memberlist pages. Pieter From Sa [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi This has me confused, is this Java or a php class, a constant or what?, i have never seen this kind of action. form method=post action={S_MODE} In what type of file will i find the S_MODE. Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] src=test.php
I don't think there is a standard for the extensions of these files. In fact, this page: http://www.w3c.org/TR/CSS1#basic-concepts uses a url of http://style.com/cool; as an example of an external style sheet. Also, I use a .php file as a javascript include on my site. The script is included on other websites as a js include as well so others can see what's new on my site. I haven't had any problems or complaints so far. At 10:58 AM 6/16/2004, Chris W. Parker wrote: Gerben mailto:[EMAIL PROTECTED] on Wednesday, June 16, 2004 10:38 AM said: I wondering how browsers handle the following html-codes: link rel=stylesheet src=style.php / and script type=text/javascript src=code.php/script are there any browser that will choke in it because the files don't have the appropriate (.css and .js) extension? although i don't have an answer specifically, you might try having your webserver process .js and .css files just like it would .php files. that way you can use the correct extensions in your html and *still* have the web server do what you want it to do. chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What is white space
It's not a bug. Anything (including spaces, newlines etc) that is not inside ? and ? is output directly to the browser. At 03:49 PM 11/15/2003, you wrote: Robert Cummings wrote: FYI, if you're woprried about the header cannot be sent due to output... error, then if your file only has code and no HTML, then you can omit the ? tag at the end of your script. This solves countless issues with there being a space, a tab, a newline, or any whitespace after the closing tag. And when that bug is fixed? -- The above message is encrypted with double rot13 encoding. Any unauthorized attempt to decrypt it will be prosecuted to the full extent of the law. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Alternet row colors
It's so much easier to use the mod (%) operator: using the mod operator, you can check if a variable is divisible by some other number without leaving a remainder. For this example, we want to change every other row, so we would compare our $count against 2 to see if it leaves a remainder: $bg = ($count%2==0) ? #00 : FF; What this line does is FIRST, it checks to see if $count/2 leaves no remainder. If this is true, it sets the $bg var to #00 If it is false, it sets $bg to #FF It only requires the addition of one line of code, and to replace your row background color with a php variable. Also, you don't need to use printf(), since you aren't specifying any formatting. See code below: code:--- $result = mysql_query(SELECT * FROM albums where id 15); $Count = @mysql_num_rows($result); echo table border=1 cellpadding=3 cellspacing=0 bordercolor='#00'\n; echo trtd bgcolor='#66'ID/tdtd bgcolor='#66'ARTIST/tdtd bgcolor='#66'TITLE/tdtd bgcolor='#66'LABEL/tdtd bgcolor='#66'PRICE/td/tr\n; for ($count = 0; $count $Count; $count++) { // Extract post details from database $myrow = mysql_fetch_array($result); $id = $myrow ['id']; $artist = $myrow ['artist']; $title = $myrow ['title']; $label = $myrow ['label']; $price = $myrow ['price']; $bg = ($count%2==0) ? #00 : FF; echo tr bgcolor='.$bg.'td$id/tdtd$artist/tdtd$title/tdtd$label/tdtd£$price/tr\n; } echo /table\n; At 01:08 PM 11/15/2003, you wrote: Well, first of all Ill just scrap you script since this one is so easy its better to do it from scratch. OK, somewhere in your script you have the code that accually aoutputs the tables you are working with. Im refferring to lines here, and Im meaning the bottom of this document which is the scipt you posted, and I have numbered the lines. Overview of your script. Line 5 - we print out the table header Line 11 - 23 is the loop which prints out all the lines, or rows. Line 24 closes the table. So what we have to do? First we need to declare the values we want to use as backround colours, lets use logical names : (fig a) $backcolor1=#fafafa; $backcolor2=#c0c0c0; $backcolor=$backcolor1;// we assign color 1 This code has to be written before the loop starts, so somewhere before line 11. In the loop (11-23) we need to switch between the colours where we write the colour of the tr. So we write something like : (fig b) echo 'tr style=background-color:' . $backcolor . ';'; // continue with the rest of td... /td/tr here // which is - your code. This will print out the first background color, nice. Now we need it to switch color, so we need to add a little logic. This will be inserted right before the loop ends (infact, you can put it where ever you like aslong as its in the loop). (fig c) if($backcolor=backcolor1) $backcolor=$backcolor2; else $backcolor=$backcolor1; As you see above the logic is quite simple, if the color is 1 - we set it to 2, else we set it to 1. If you think of it, if you process this logic over and over again you will infact get 1, 2, 1, 2, 1, 2, 1, 2 all the time, :) Nice! There you have it, and I hope you got the hang of it. To take your code and implement my colorswither all you need to do is, 1. On line 21 replace #00 width $backcolor 2. Insert the logic (figc), all lines, into line 19 3. Place fig a in line 4. -- Kim Steinhaug --- There are 10 types of people when it comes to binary numbers: those who understand them, and those who don't. --- The code for return the top ten result is : 1 $result = mysql_query(SELECT * FROM albums where id 15); 2 3 $Count = @mysql_num_rows($result); 4 5 echo table border=1 cellpadding=3 cellspacing=0 6 bordercolor='#00'\n; 7echo trtd bgcolor='#66'ID/tdtd 8 bgcolor='#66'ARTIST/tdtd bgcolor='#66'TITLE/tdtd 9 bgcolor='#66'LABEL/tdtd bgcolor='#66'PRICE/td/tr\n; 10 11 for ($count = 0; $count $Count; $count++) { 12 // Extract post details from database 13$myrow = mysql_fetch_array($result); 14 $id = $myrow ['id']; 15 $artist = $myrow ['artist']; 16 $title = $myrow ['title']; 17 $label = $myrow ['label']; 18 $price = $myrow ['price']; 19 20 printf(tr 21bgcolor='#00'td$id/tdtd$artist/tdtd$title/tdtd$label/t d 22td£$price/tr\n); 23} 24 echo /table\n; -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What is white space
Yep. It allows you to only use php where needed, and use HTML for the rest. At 04:02 PM 11/15/2003, you wrote: On Sat, 2003-11-15 at 18:49, Leif K-Brooks wrote: Robert Cummings wrote: FYI, if you're woprried about the header cannot be sent due to output... error, then if your file only has code and no HTML, then you can omit the ? tag at the end of your script. This solves countless issues with there being a space, a tab, a newline, or any whitespace after the closing tag. And when that bug is fixed? Isn't that a feature? Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What is white space
Ok, you're getting into semantics now. http://www.php.net/manual/en/language.basic-syntax.php doesn't say whether it is acceptable or not, but as Robert pointed out, if your script is purely php, omitting it is a good way of eliminating the headache of trailing white spaces that may interfere with headers. Keith At 04:41 PM 11/15/2003, Leif K-Brooks wrote: Keith Greene wrote: That's not a bug either. Leaving out the ? is simply telling the php parser that it has to parse the rest of the script. Where's the manual page saying that's allowed? -- The above message is encrypted with double rot13 encoding. Any unauthorized attempt to decrypt it will be prosecuted to the full extent of the law. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php Losing apache environment vars
Greetings list, I have run into a problem that has me at my wits end. We run an affiliate program, and have forum software (phpBB) wrapped in our menu system. There are 2 sides to the site, Affiliates and Admin, and I have 2 installs of the board using the same database. This all works fine. The mind-boggling problem is that while the board works perfectly from the Affiliate side of the site, it exhibits some strange behavior from the Admin side of the site. In particular, we are using an apache environment variable to point to our includes directory, and any time an http post is made from the admin side of the board, php loses the environment vars and throws all kinds of errors about not being able to find the includes. The only difference between the Affiliate and Admin sides is the include used for the actual menu, though the only difference in those files is the actual links that make up the menu. I have never seen this behavior, and was wondering if anyone has seen anything like it before, and possibly found a solution. We are running php 4.3.2, Apache 1.3.26 on FreeBSD 4.5. Any help would be very appreciated. Keith -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php Losing apache environment vars
After restarting apache, the error is gone. Still not sure what was causing it. The site was running fine to begin with, and the environment vars have been in use for over a year throughout the site. Keith At 12:56 PM 11/10/2003, Keith Greene wrote: Greetings list, I have run into a problem that has me at my wits end. We run an affiliate program, and have forum software (phpBB) wrapped in our menu system. There are 2 sides to the site, Affiliates and Admin, and I have 2 installs of the board using the same database. This all works fine. The mind-boggling problem is that while the board works perfectly from the Affiliate side of the site, it exhibits some strange behavior from the Admin side of the site. In particular, we are using an apache environment variable to point to our includes directory, and any time an http post is made from the admin side of the board, php loses the environment vars and throws all kinds of errors about not being able to find the includes. The only difference between the Affiliate and Admin sides is the include used for the actual menu, though the only difference in those files is the actual links that make up the menu. I have never seen this behavior, and was wondering if anyone has seen anything like it before, and possibly found a solution. We are running php 4.3.2, Apache 1.3.26 on FreeBSD 4.5. Any help would be very appreciated. Keith -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php