[PHP] Re: $PHP_SELF
In php.ini, there is a setting called short_open_tag which controls whether I have a question that could be Apache, could be > php, but I'm so new to this I have to ask: what is > wrong with my code for the form action? Apache > does not recognize the code and gives an error "filename is not valid" > whenever this form is submitted [note: phpinfo() > and several other php files work with no problem]? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: \|/ $PHP_SELF
Gerry Figueroa Anadon <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Does $PHP_SELF always get's the path of the document it resides in even if the document is an include? $PHP_SELF will always give the name and path of the main file, even if the variable is set in an included file. The reason is that the included file is included before the variable is evaluated. Fred -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: \|/ $PHP_SELF
Any Ideas as to how I could be able to acomplish this? or How could I get the path of the main page and pass it on to the included file for processing?. thanks! Fred wrote: > $PHP_SELF will always give the name and path of the main file, even if the > variable is set in an included file. The reason is that the included file > is included before the variable is evaluated. > > Fred -- Gerry Figueroa Dynamic Intermedia -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: \|/ $PHP_SELF
If you just need the filename of the include file you can set it in code by assigning it to a variable at design time. Something like $ThisPage = "include.php". You could also do this for the entire path, but it would need to be changed whenever you put the script in a different place. Fred Gerry Figueroa Anadon <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Any Ideas as to how I could be able to acomplish this? > or > How could I get the path of the main page and pass it on to the included file for processing?. > > thanks! > > Fred wrote: > > > $PHP_SELF will always give the name and path of the main file, even if the > > variable is set in an included file. The reason is that the included file > > is included before the variable is evaluated. > > > > Fred > > -- > Gerry Figueroa > Dynamic Intermedia -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: PHP_SELF
> the form is submitted, do the logic check and act accordingly. Is it
> possible using $PHP_SELF as the target, or do I have to use 2 files: a
> form 'front end' with the php logic in the 'backend'??
#1. Under no circumstances should you trust JavaScript to have sanitized
your data in any way, shape or form. Furthermore, since you'll probably be
storing this data in a database, you should assume some hacker is attempting
to screw you with an age like:
$age = "38; drop table foo;";
So, when you do:
$query = "update foo set age = $age where id = $id";
What you *GET* is:
"update foo set age = $age; drop table foo; where id = $id"
Guess what? Your foo table just got deleted. Have a nice day.
So, here's a sample script for you, *complete* with some sample sanitizing:
Assumption: You have a valid "id" for the record you are editing.
This page re-displays the data after updating it, which is good for
user-interface to correct any mis-typed data.
\n";
}
$good_id = (int) $id;
$id_string = (string) $good_id;
if ($id != $id_string){
$message .= "Invalid ID -- Your hack attempt and IP
($REMOTE_ADDR) have been logged. Have a nice day.";
# Emailing yourself on every hack attempt may be "too much"...
# It's up to you exactly how to deal with the rats:
mail("[EMAIL PROTECTED]", "Hack attempt", "$REMOTE_ADDR tried
ID $id on $PHP_SELF");
}
if (!$message){
$query = "update foo set age = $age where id = $id";
# Displaying mysql_error() to the public is NOT GOOD.
# It exposes your internal database structure too easily.
# Log it somewhere for yourself in a production site.
mysql_query($query) or die(mysql_error());
}
}
else{
# If this is their first time here, give a blank age:
$age = '';
}
?>
METHOD=POST>
$message\n";?>
>
--
WARNING [EMAIL PROTECTED] address is an endangered species -- Use
[EMAIL PROTECTED]
Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm
Volunteer a little time: http://chatmusic.com/volunteer.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: $PHP_SELF question
did u try $HTTP_REFERER ? that might do it... havent tested with an include though. Joel "Theodore Brinkman" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I've got an include file that provides the basic framework for every page on > my site, and at the bottom of each page, I want to spit out when the page > was last updated. I used $PHP_SELF inside the include file, and got the > include file's path. Is there a variable equivalent to $PHP_SELF that > returns the path for the file that is being executed? > > Basically, if I'm running index.php, and I include template.php is there any > way, from inside template.php, to get index.php short of passing it as a > parameter? > > - Theo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: $PHP_SELF question
Try and create a new php file with the following code and read the result: thats it, a lot of useful info there! Regards Lars -Original Message- From: Joel Colombo [mailto:[EMAIL PROTECTED]] Sent: 18 April 2002 16:03 To: [EMAIL PROTECTED] Subject: [PHP] Re: $PHP_SELF question did u try $HTTP_REFERER ? that might do it... havent tested with an include though. Joel "Theodore Brinkman" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I've got an include file that provides the basic framework for every page on > my site, and at the bottom of each page, I want to spit out when the page > was last updated. I used $PHP_SELF inside the include file, and got the > include file's path. Is there a variable equivalent to $PHP_SELF that > returns the path for the file that is being executed? > > Basically, if I'm running index.php, and I include template.php is there any > way, from inside template.php, to get index.php short of passing it as a > parameter? > > - Theo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP_SELF and mod_rewrite
Are all the mod_rewrite settings exactly the same?... That would be my first guess. -- WARNING [EMAIL PROTECTED] address is an endangered species -- Use [EMAIL PROTECTED] Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm - Original Message - From: Geoff Caplan <[EMAIL PROTECTED]> Newsgroups: php.general To: <[EMAIL PROTECTED]> Sent: Wednesday, August 08, 2001 3:55 PM Subject: PHP_SELF and mod_rewrite > Hi folks > > Strange goings on with PHP_SELF and mod_rewrite > > On my development server, PHP_SELF gives me the original request url, before > it is rewritten. > > I have moved the app onto a shared production server, and now PHP_SELF is > givimg me the path AFTER it is rewritten. > > Which is the "correct" behaviour, and what is causing the "wrong" behaviour? > > Any advice much appreciated > > Geoff Caplan > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: $PHP_SELF not working -please help
> Now for some strange reasons it tries to access my web direcorty that > does not contain any file, and i get the 404 page not found error. > check the source code of the html page. most likely you will see: . if not, it will still give you a hint about what's going wrong. are you constructing that form within a function? then you have to pull the $PHP_SELF variable into the local context. put 'global $PHP_SELF;' at the top of the form-outputting function. phil. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: $PHP_SELF not working -please help
USE PHPSELF in windows not $PHP_SELF -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: $PHP_SELF not working -please help
sorry $PHPSELF not $PHP_SELF in windows I forget $ :) - Original Message - From: "Alawi" <[EMAIL PROTECTED]> To: "PHP genral" <[EMAIL PROTECTED]> Sent: Thursday, December 20, 2001 6:34 PM Subject: [PHP] Re: $PHP_SELF not working -please help > > > USE PHPSELF in windows not $PHP_SELF > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: $PHP_SELF not working -please help
Alawi wrote: > use $PHPSELF not $PHP_SELF in windows BAD IDEA. what happens if one day you (or even worse: someone else) wants to run your scripts on a different server? one of the nicest things about PHP that you can run it on many different any OS's. phil. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] RE: $PHP_SELF in Netscape PART 2
I converted everythign over to use '.' instead of ',' but I still get the same exact results. That is, $PHP_SELF is resolved to NULL, and every other variable to the correct data. Here is the new string: echo '' .$subcategories[$index]. ''; I think i'm just going to give up on this and rewrite it, because it DOES work if I do the old double quotes bit. Just means I need to re-arrange it and do it in multiple ECHO statements, because I can't do the urlencode() in double quotes. But I would really like to understand WHY this doesn't work. Again, all other varaibles are properly resolved, and in IE $PHP_SELF is properly resolved. - John Vanderbeck - Admin, GameDesign -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] RE: $PHP_SELF in Netscape PART 2
Ok, I feel like the big idiot now. I fixed the problem. It was because of the whole global bit. The ones that were not working were inside a function, the ones that were working were outside the function. I guess I ASSUMED (yeah we know what happens when you do that) that things like $PHP_SELF were always global. Sorry to have bothered everyone :( - John Vanderbeck - Admin, GameDesign - Original Message - From: "John Vanderbeck" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, February 14, 2001 10:59 AM Subject: [PHP] RE: $PHP_SELF in Netscape PART 2 > I converted everythign over to use '.' instead of ',' but I still get the > same exact results. That is, $PHP_SELF is resolved to NULL, and every other > variable to the correct data. Here is the new string: > > echo '' > .$subcategories[$index]. ''; > > > I think i'm just going to give up on this and rewrite it, because it DOES > work if I do the old double quotes bit. Just means I need to re-arrange it > and do it in multiple ECHO statements, because I can't do the urlencode() in > double quotes. But I would really like to understand WHY this doesn't work. > Again, all other varaibles are properly resolved, and in IE $PHP_SELF is > properly resolved. > > - John Vanderbeck > - Admin, GameDesign > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
