Re: [PHP] Input variable from form help request

[Richard Quadling]

On 29 September 2011 23:28, PHProg  wrote:
>
> Hello Richard,
>
> Your suggestion worked perfectly.
> ... it works beautifully.

Now that's what I like to hear!

Glad to be of help.

-- 
Richard Quadling
Twitter : EE : Zend : PHPDoc
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Input variable from form help request

[PHProg]

Hello Richard,

Your suggestion worked perfectly.
Basically, I just copied and pasted your example 
and with a few, very minor adjustments, it works beautifully.

Many thanks for your help.

All the best.


At 08:43 AM Thursday 9/29/2011, Richard Quadling wrote:

On 29 September 2011 13:30, PHProg  wrote:
>  if(!@copy('http://mydomain.com/files/
>
> ".$_POST['trakname']."','/".$_POST['dirname']."/".$_POST['trakname']."'))
> {
> Â  Â $errors= error_get_last();
> Â  Â echo "COPY ERROR: ".$errors['type'];
> Â  Â echo "\n".$errors['message'];
> } else {
> Â  Â echo "File copied from remote!";
> }
> ?>
>

Try ...

http://mydomain.com/files/{$_POST['trakname']}",
"/{$_POST['dirname']}/{$_POST['trakname']}")) {
$errors= error_get_last();
echo 'COPY ERROR: ', $errors['type'], 
'', PHP_EOL, $errors['message'];

} else {
echo 'File copied from remote!';
}
?>


You need to keep track of the opening and closing quotes (single and double).

In the copy() function, I'm using the embedded variable method (a
string using double quotes will evaluate the variables at run time).

In the echo statements, I'm not using concatenation as, theoretically,
it should be faster as the echo statement will not need to first build
the concatenated string before echoing it. It will just push the
values out the to the web server. I think. I've not done any metric
testing on that.



As for copying a file TO a http URL, you need to obey the rules of
http. CURL or FTP will be the protocols of choice here, though you do
have the option of using a stream context to wrap the
file_put_contents() into a POST form to the site (similar to CURL in
some ways).
--
Richard Quadling
Twitter : EE : Zend : PHPDoc
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Input variable from form help request

[Tim Streater]

On 29 Sep 2011 at 13:30, PHProg  wrote: 

> I'm trying to create a standard web form that will use a PHP script
> to copy a file from one server to another.

[snip]

>  if(!@copy('http://mydomain.com/files/".$_POST['trakname']."','/".$_POST['dirna
> me']."/".$_POST['trakname']."'))

This line:

  
if(!@copy('http://mydomain.com/files/".$_POST['trakname']."','/".$_POST['dirname']."/".$_POST['trakname']."'))

looks like a big mess of single and double quotes to me. Why don't you go 
through it very carefully? I'd be inclined to make a small test program 
separate from the web page stuff and do things like:

http://mydomain.com/files/".$_POST['trakname']."','/".$_POST['dirname']."/".$_POST['trakname']."';

echo $myvar;

?>

and fiddle until that works.

--
Cheers  --  Tim

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Input variable from form help request

[Richard Quadling]

On 29 September 2011 13:30, PHProg  wrote:
>  if(!@copy('http://mydomain.com/files/
>
> ".$_POST['trakname']."','/".$_POST['dirname']."/".$_POST['trakname']."'))
> {
>    $errors= error_get_last();
>    echo "COPY ERROR: ".$errors['type'];
>    echo "\n".$errors['message'];
> } else {
>    echo "File copied from remote!";
> }
> ?>
>

Try ...

http://mydomain.com/files/{$_POST['trakname']}",
"/{$_POST['dirname']}/{$_POST['trakname']}")) {
$errors= error_get_last();
echo 'COPY ERROR: ', $errors['type'], '', PHP_EOL, 
$errors['message'];
} else {
echo 'File copied from remote!';
}
?>


You need to keep track of the opening and closing quotes (single and double).

In the copy() function, I'm using the embedded variable method (a
string using double quotes will evaluate the variables at run time).

In the echo statements, I'm not using concatenation as, theoretically,
it should be faster as the echo statement will not need to first build
the concatenated string before echoing it. It will just push the
values out the to the web server. I think. I've not done any metric
testing on that.



As for copying a file TO a http URL, you need to obey the rules of
http. CURL or FTP will be the protocols of choice here, though you do
have the option of using a stream context to wrap the
file_put_contents() into a POST form to the site (similar to CURL in
some ways).
-- 
Richard Quadling
Twitter : EE : Zend : PHPDoc
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] input form save and display conflict

[PJ]

Ashley Sheridan wrote:
> On Thu, 2009-10-22 at 21:32 -0400, PJ wrote:
>> I have several input fields to update a book database. There seems to be
>> a conflict in the way tags and text are input through php/mysql and
>> phpMyAdmin. If I enter the data with phpMyAdmin the input fields in the
>> php page see quotation marks differently than what is input in phpMyAdmin.
>> example:
>> if the data is input through the update form, single quotes cause an
>> error. Double quotes update the db but when the edit(update) form
>> displays the text for modification outside the input field except for
>> the first part, precisely where the first quotation mark appears in the
>> text - as below:
>>
>> *Reviewed by mailto:recipi...@somewhere.com";>Recipient:
>> blah, blah, blah...religion." _size="50" />_
>> The text in square brackets is displayed outside the input field and
>> includes part of the code at the end.
>> bold is within the field, the rest is outside and the underlined is part
>> of code.
>>
>> If the same text is entered with phpMyAdmin using single quotes and the
>> " characters, the display in the editing field shows correctly...
>> but it will not update, that is, the update query generates errors and
>> only accepts the double quotes within the tags.
>>
>> So, the question is, are there some kind of metacharacters to be used to
>> have mysql accept the " ? I have triee backslashing, forward slashing
>> and they don't do it.
>>
>> Or is there an encoding conflict here? It looks like a display and save
>> mismatch somewhere...
>>
>> below is another example:
>> > href='http://www.amazon.com/exec/obidos/ASIN/0773468943/frankiesbibliogo' 
>> >> height=68 alt="Order This Book From Amazon.com"
>> src="../images/amazon1.gif" width=90 border=0 />
>>
>> The single quotes for the href seem to work. But the " does not work;
>> and using " or ’  also also do not display correctly; again,
>> from "Order... the image is not displayed but only the image blank with
>> "Order.. " in it.
>> I'm rather puzzled.
>>
>>
>>
>>
>>
>>
>>
>>
>> 
>
> Single quotes need to be escaped if you are using them as part of a
> query. For example:
>
> $query = "UPDATE table SET title='This is a title with \"quoted\"
> \'characters\''";
>
> Note that here, double quotes are used to encapsulate the whole query
> string (as it is generally preferred this way), the value of the title
> field is encapsulated in single quotes. Lastly, where I've wanted
> double quotes to be used in the query, I've escaped them with a
> back-slash. This escapes them from PHP, as mysql is using single
> quotes, so directly in the query they're fine. The single quotes are
> also escaped with back-slashes, but this time to escape them from
> mysql, as single quotes are used as the string delimiters there.

I've had a chance to think about the problem and I think this will fix it.
The edit page retieves the form input variable = commentIN and echos to
the browser. The problem is that the browser displays commentIN without
the the backslashes and that is what is then resubmitted if the submit
is execcuted (without the slashes).
Therefore, it seems to me, I must use preg_replace to add the \ to the
single quotes in the commentIN variable just before the update query...
My only question, then, is how do I do the preg_replace in the commentIN
. Is it something like $commentIN = (act  on $commentIN) or do I have to
do a $another_name = (preg_whatever, $commentIN and then reassign
$commentIn = $another_name ?
TIA.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] input form save and display conflict

[Ashley Sheridan]

On Thu, 2009-10-22 at 21:32 -0400, PJ wrote:

> I have several input fields to update a book database. There seems to be
> a conflict in the way tags and text are input through php/mysql and
> phpMyAdmin. If I enter the data with phpMyAdmin the input fields in the
> php page see quotation marks differently than what is input in phpMyAdmin.
> example:
> if the data is input through the update form, single quotes cause an
> error. Double quotes update the db but when the edit(update) form
> displays the text for modification outside the input field except for
> the first part, precisely where the first quotation mark appears in the
> text - as below:
> 
> *Reviewed by mailto:recipi...@somewhere.com";>Recipient:
> blah, blah, blah...religion." _size="50" />_
> The text in square brackets is displayed outside the input field and
> includes part of the code at the end.
> bold is within the field, the rest is outside and the underlined is part
> of code.
> 
> If the same text is entered with phpMyAdmin using single quotes and the
> " characters, the display in the editing field shows correctly...
> but it will not update, that is, the update query generates errors and
> only accepts the double quotes within the tags.
> 
> So, the question is, are there some kind of metacharacters to be used to
> have mysql accept the " ? I have triee backslashing, forward slashing
> and they don't do it.
> 
> Or is there an encoding conflict here? It looks like a display and save
> mismatch somewhere...
> 
> below is another example:
>  href='http://www.amazon.com/exec/obidos/ASIN/0773468943/frankiesbibliogo'> height=68 alt="Order This Book From Amazon.com"
> src="../images/amazon1.gif" width=90 border=0 />
> 
> The single quotes for the href seem to work. But the " does not work;
> and using " or ’  also also do not display correctly; again,
> from "Order... the image is not displayed but only the image blank with
> "Order.. " in it.
> I'm rather puzzled.
> 
> 
> 
> 
> 
> 
> 
> 


Single quotes need to be escaped if you are using them as part of a
query. For example:

$query = "UPDATE table SET title='This is a title with \"quoted\"
\'characters\''";

Note that here, double quotes are used to encapsulate the whole query
string (as it is generally preferred this way), the value of the title
field is encapsulated in single quotes. Lastly, where I've wanted double
quotes to be used in the query, I've escaped them with a back-slash.
This escapes them from PHP, as mysql is using single quotes, so directly
in the query they're fine. The single quotes are also escaped with
back-slashes, but this time to escape them from mysql, as single quotes
are used as the string delimiters there.

Thanks,
Ash
http://www.ashleysheridan.co.uk

Re: [PHP] Input field

[Chris]

Ronald Wiplinger wrote:

I added just into a input field"

19" enclosure

which was displayed from the database as:

19\" enclosure


That gives me some questions:
1. where the protecting slash comes from?


Probably magic_quotes_gpc


2. how can I get it away when I want to display that field?


1) Turn off magic_quotes_gpc in a htaccess file:

php_flag magic_quotes_gpc 0

2) When you insert the data, use mysql_real_escape_string
3) When you display the data, use htmlspecialchars or htmlentities


3. The slash is not to see in phpmyadmin, why not?


It probably has code to pick up magic_quotes_gpc and work around it.



1. what else do I need to take care with input fields and if they are
going to a mysql database?


Use mysql_real_escape_string


2. can I use a function for that kind of protection for each field - or
even better just flag it in php to protect?


There is no flag, you need to use escape_string for each field.


3. is HTTP_REFERER & session-id enough to make sure that no variables
can be injected?


No way. Never ever ever ever trust user data (did I mention never 
ever?). Authenticated users can do just as much damage as an 
unauthenticated user.


Read http://phpsec.org/projects/guide/ before you touch any more code.

--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Input field

[Shelley Shyan]

1.Probably that's because the function mysql_real_escape_string() is turned on.
  You can check that in your php.ini configuration.

2. If you want to display them as you wanted, you can use stripcslashes() on 
your output contents.

3. Maybe phpmyadmin automatically stripped that out.

And

1. Any user input should be escaped before they went to database.
You can use htmlentities(), addslashes(), strip_tags(), etc...

2. You can encapsule those functions in a function, and use it for each user 
input.

3. No sure. Probably they do.
Anybody any ideas?


Regards,
Shelley

-Original Message-
From: Ronald Wiplinger [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 14, 2007 9:52 AM
To: PHP General list
Subject: [PHP] Input field

I added just into a input field"

19" enclosure

which was displayed from the database as:

19\" enclosure


That gives me some questions:
1. where the protecting slash comes from?
2. how can I get it away when I want to display that field?
3. The slash is not to see in phpmyadmin, why not?

and:

1. what else do I need to take care with input fields and if they are going to 
a mysql database?
2. can I use a function for that kind of protection for each field - or even 
better just flag it in php to protect?
3. is HTTP_REFERER & session-id enough to make sure that no variables can be 
injected?

bye

Ronald

--
PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: 
http://www.php.net/unsub.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] input on sessions vs cookies

[Richard Lynch]

Save us a lot of grief and just use PHP built-in sessions until you
can prove them to not meet your needs.


On Sat, February 24, 2007 7:48 pm, benifactor wrote:
> i would like your input on session vs cookies regarding login data
> like usernames/passwords ect...


-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] input on sessions vs cookies

[Robert Cummings]

On Sat, 2007-02-24 at 20:05 -0800, benifactor wrote:
> as of right now, when the user logs in, i have a cookie storing username...
> then on all of the pages i need data i have it query the database and using
> the cookie data to retrieve user information.. is there a more secure way to
> do this?

This is horrible. It means if I know of any other user on your site and
I think they may be logged in then I can change the username in my
cookie and hijack their session. In fact, if you have any kind of system
that exposes user input (such as a forum) then I can with great accuracy
determine what users are logged in and are active thus making it trivial
to hijack sessions. Instead of storing the username, create a unique ID
(32 alphanumeric digits is common) that maps to the session data. This
is what PHP native sessions do. Why not use PHP native sessions? They've
done most of the work for you and they use cookies when it is detected
that cookies are enabled.

Cheers,
Rob.
-- 
..
| InterJinn Application Framework - http://www.interjinn.com |
::
| An application and templating framework for PHP. Boasting  |
| a powerful, scalable system for accessing system services  |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for   |
| creating re-usable components quickly and easily.  |
`'

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] input on sessions vs cookies

[benifactor]

as of right now, when the user logs in, i have a cookie storing username...
then on all of the pages i need data i have it query the database and using
the cookie data to retrieve user information.. is there a more secure way to
do this?

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] input on sessions vs cookies

[tedd]

i would like your input on session vs cookies regarding login data 
like usernames/passwords ect...



usernames/passwords ? Session yes, cookies no.

tedd
--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] input on sessions vs cookies

[Robert Cummings]

On Sat, 2007-02-24 at 17:48 -0800, benifactor wrote:
> i would like your input on session vs cookies regarding login data like 
> usernames/passwords ect...

How are you differentiating sessions vs cookies? Sessions are often
implemented USING cookies. If you mean sessions using a session ID in
the URL, versus using cookies to save actual user info then you are
already confused. Cookies should use the same mechanism as a URL session
ID. That is to say, they should store a unique identifier that can be
used to lookup the user's actual information. In this way the data that
can be manipulated by the dark forces is limited to one value... namely
the unique identifier.

Cheers,
Rob.
-- 
..
| InterJinn Application Framework - http://www.interjinn.com |
::
| An application and templating framework for PHP. Boasting  |
| a powerful, scalable system for accessing system services  |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for   |
| creating re-usable components quickly and easily.  |
`'

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] INPUT

[Chris Shiflett]

Warren Vail wrote:
> I would be interested to know what might get past the
> addslashes function that the mysql_escape_string function
> catches.

I wrote an example to demonstrate this:

http://shiflett.org/archive/184

The theory behind this type of problem is pretty easy to understand - if
your escaping function interprets characters differently than the
database, it's possible that it will fail to escape something that needs
to be escaped, just because it misinterprets the character.

The problem I demonstrate doesn't exist with UTF-8 or ISO-8859-1, but it
does with any character encoding where there is a valid multi-byte
character that ends in 0x5c. Regardless, it's best to use the right tool
for the job, even if you think you won't be punished for using the wrong
one. (You might be wrong.)

The original question is related to XSS, not SQL injection, and
character encoding consistency is even more important in that context:

http://shiflett.org/archive/178

Hope that helps.

Chris

-- 
Chris Shiflett
Principal, OmniTI
http://omniti.com/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] INPUT

[Jochem Maas]

Richard Lynch wrote:
> On Thu, August 10, 2006 1:54 pm, Jochem Maas wrote:
>> Warren Vail wrote:
>>> Many of the older PHP implementations don't have the
>>> mysql_escape_string
>>> function, if not addslashes should work
>> this is true.
>>
>>> I would be interested to know
>>> what might get past the addslashes function that the
>>> mysql_escape_string
>>> function catches.
>> not sure about that but one assumes MySQL is better equipped to know
>> how to properly/safely escape data - besides
>> mysql_real_escape_string()
>> is character set aware. on top of this you don't know what the future
>> will bring
>> mysql(_real)_escape_string() is better in terms of future proofing.
>>
>> if anyone answer Warren's question I would be interested to read about
>> it too :-)
> 
> As I understand it, the only known issues are, in fact, with
> non-Latin1 character sets not being escaped properly, and leaving a
> big fat security door unlocked because of it.
> 
> There is a theoretical possibility that something in Latin1 +
> addslashes is still hinky, but it seems unlikely at this point in
> time, after most of a decade of hacking...
> 
> This is NOT an endorsement of "sticking with" addslashes because you
> are "sure" you'll never need anything more than Latin1 !!!
> 
> You *should* switch, even if only for the theoretical risk-reduction.
> 
> And because you only THINK you won't need more than Latin1, and you're
> wrong. :-)

beautifully put as as always :-)

> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] INPUT

[Richard Lynch]

On Thu, August 10, 2006 1:54 pm, Jochem Maas wrote:
> Warren Vail wrote:
>> Many of the older PHP implementations don't have the
>> mysql_escape_string
>> function, if not addslashes should work
>
> this is true.
>
>> I would be interested to know
>> what might get past the addslashes function that the
>> mysql_escape_string
>> function catches.
>
> not sure about that but one assumes MySQL is better equipped to know
> how to properly/safely escape data - besides
> mysql_real_escape_string()
> is character set aware. on top of this you don't know what the future
> will bring
> mysql(_real)_escape_string() is better in terms of future proofing.
>
> if anyone answer Warren's question I would be interested to read about
> it too :-)

As I understand it, the only known issues are, in fact, with
non-Latin1 character sets not being escaped properly, and leaving a
big fat security door unlocked because of it.

There is a theoretical possibility that something in Latin1 +
addslashes is still hinky, but it seems unlikely at this point in
time, after most of a decade of hacking...

This is NOT an endorsement of "sticking with" addslashes because you
are "sure" you'll never need anything more than Latin1 !!!

You *should* switch, even if only for the theoretical risk-reduction.

And because you only THINK you won't need more than Latin1, and you're
wrong. :-)

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] INPUT

[Jochem Maas]

Warren Vail wrote:
> Many of the older PHP implementations don't have the mysql_escape_string
> function, if not addslashes should work 

this is true.

> I would be interested to know
> what might get past the addslashes function that the mysql_escape_string
> function catches.

not sure about that but one assumes MySQL is better equipped to know
how to properly/safely escape data - besides mysql_real_escape_string()
is character set aware. on top of this you don't know what the future will bring
mysql(_real)_escape_string() is better in terms of future proofing.

if anyone answer Warren's question I would be interested to read about it too 
:-)

> 
> Warren Vail
>  
> 
>> -Original Message-
>> From: Jochem Maas [mailto:[EMAIL PROTECTED] 
>> Sent: Thursday, August 10, 2006 11:31 AM
>> To: Warren Vail
>> Cc: 'João Cândido de Souza Neto'; php-general@lists.php.net
>> Subject: Re: [PHP] INPUT
>>
>> Warren Vail wrote:
>>> Just happened to think of one other thing you might want to 
>> be aware 
>>> of;
>>>
>>> When a query behaves like this, your site is usually 
>> vulnerable to the 
>>> "Sql Injection Hack".  Basically this is where someone sticks an 
>>> insert query into one of your data form fields (quotes are 
>> involved), 
>>> and the additional query is used for something like adding 
>> themselves 
>>> as an administrator to your site.  I believe the addslashes I 
>>> mentioned before would fix this for this field, but you may 
>> want to check other text fields on your forms.
>>
>> the way I read it he had an output problem not an input problem.
>> but if it is an input problem then is does indeed have an SQL 
>> injection vulnerability, assuming he is using MySQL (other 
>> dbs have different functions) I would recommend using 
>> mysql_escape_string()/mysql_real_escape_string() instead of
>> addslashes() because they are far more robust and clever 
>> functions dedicated to proper escaping of data to be put into a query.
>>
>>> Warren Vail
>>>  
>>>
>>>> -Original Message-
>>>> From: João Cândido de Souza Neto 
>> [mailto:[EMAIL PROTECTED]
>>>> Sent: Thursday, August 10, 2006 11:11 AM
>>>> To: php-general@lists.php.net
>>>> Subject: [PHP] INPUT
>>>>
>>>> Hi everyone,
>>>>
>>>> Excuse me by off-topic.
>>>>
>>>> I´ve been a little trouble in showing data in html form.
>>>>
>>>> e.g.: In a e-commerce my client have a "Sony 29" TV" that 
>> when i put 
>>>> it in a input value, it seems just "Sony 29" it´s caused 
>> by the quote 
>>>> in the data, someone knows how can i fix it?
>>>>
>>>> Thanks all.
>>>>
>>>>
>>>> --
>>>> João Cândido de Souza Neto
>>>> Curitiba Online
>>>> [EMAIL PROTECTED]
>>>> (41) 3324-2294 (41) 9985-6894
>>>> http://www.curitibaonline.com.br
>>>>
>>>> --
>>>> PHP General Mailing List (http://www.php.net/) To 
>> unsubscribe, visit: 
>>>> http://www.php.net/unsub.php
>>>>
>>>>
>>
> 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] INPUT

[Jochem Maas]

Warren Vail wrote:
> Just happened to think of one other thing you might want to be aware of;
> 
> When a query behaves like this, your site is usually vulnerable to the "Sql
> Injection Hack".  Basically this is where someone sticks an insert query
> into one of your data form fields (quotes are involved), and the additional
> query is used for something like adding themselves as an administrator to
> your site.  I believe the addslashes I mentioned before would fix this for
> this field, but you may want to check other text fields on your forms.

the way I read it he had an output problem not an input problem.
but if it is an input problem then is does indeed have an SQL injection 
vulnerability,
assuming he is using MySQL (other dbs have different functions) I would
recommend using mysql_escape_string()/mysql_real_escape_string() instead of
addslashes() because they are far more robust and clever functions dedicated to
proper escaping of data to be put into a query.

> 
> Warren Vail
>  
> 
>> -Original Message-
>> From: João Cândido de Souza Neto [mailto:[EMAIL PROTECTED] 
>> Sent: Thursday, August 10, 2006 11:11 AM
>> To: php-general@lists.php.net
>> Subject: [PHP] INPUT
>>
>> Hi everyone,
>>
>> Excuse me by off-topic.
>>
>> I´ve been a little trouble in showing data in html form.
>>
>> e.g.: In a e-commerce my client have a "Sony 29" TV" that 
>> when i put it in a input value, it seems just "Sony 29" it´s 
>> caused by the quote in the data, someone knows how can i fix it?
>>
>> Thanks all.
>>
>>
>> --
>> João Cândido de Souza Neto
>> Curitiba Online
>> [EMAIL PROTECTED]
>> (41) 3324-2294 (41) 9985-6894
>> http://www.curitibaonline.com.br 
>>
>> --
>> PHP General Mailing List (http://www.php.net/) To 
>> unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] INPUT

[Warren Vail]

Many of the older PHP implementations don't have the mysql_escape_string
function, if not addslashes should work I would be interested to know
what might get past the addslashes function that the mysql_escape_string
function catches.

Warren Vail
 

> -Original Message-
> From: Jochem Maas [mailto:[EMAIL PROTECTED] 
> Sent: Thursday, August 10, 2006 11:31 AM
> To: Warren Vail
> Cc: 'João Cândido de Souza Neto'; php-general@lists.php.net
> Subject: Re: [PHP] INPUT
> 
> Warren Vail wrote:
> > Just happened to think of one other thing you might want to 
> be aware 
> > of;
> > 
> > When a query behaves like this, your site is usually 
> vulnerable to the 
> > "Sql Injection Hack".  Basically this is where someone sticks an 
> > insert query into one of your data form fields (quotes are 
> involved), 
> > and the additional query is used for something like adding 
> themselves 
> > as an administrator to your site.  I believe the addslashes I 
> > mentioned before would fix this for this field, but you may 
> want to check other text fields on your forms.
> 
> the way I read it he had an output problem not an input problem.
> but if it is an input problem then is does indeed have an SQL 
> injection vulnerability, assuming he is using MySQL (other 
> dbs have different functions) I would recommend using 
> mysql_escape_string()/mysql_real_escape_string() instead of
> addslashes() because they are far more robust and clever 
> functions dedicated to proper escaping of data to be put into a query.
> 
> > 
> > Warren Vail
> >  
> > 
> >> -Original Message-
> >> From: João Cândido de Souza Neto 
> [mailto:[EMAIL PROTECTED]
> >> Sent: Thursday, August 10, 2006 11:11 AM
> >> To: php-general@lists.php.net
> >> Subject: [PHP] INPUT
> >>
> >> Hi everyone,
> >>
> >> Excuse me by off-topic.
> >>
> >> I´ve been a little trouble in showing data in html form.
> >>
> >> e.g.: In a e-commerce my client have a "Sony 29" TV" that 
> when i put 
> >> it in a input value, it seems just "Sony 29" it´s caused 
> by the quote 
> >> in the data, someone knows how can i fix it?
> >>
> >> Thanks all.
> >>
> >>
> >> --
> >> João Cândido de Souza Neto
> >> Curitiba Online
> >> [EMAIL PROTECTED]
> >> (41) 3324-2294 (41) 9985-6894
> >> http://www.curitibaonline.com.br
> >>
> >> --
> >> PHP General Mailing List (http://www.php.net/) To 
> unsubscribe, visit: 
> >> http://www.php.net/unsub.php
> >>
> >>
> > 
> 
> 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] INPUT

[Jochem Maas]

Warren Vail wrote:
> http://us3.php.net/manual/en/function.addslashes.php

adding a slash to a quote char that is part of an html tag's attribute's
value is not the correct way to encode the quote (actually it's not correct
anywhere in an html document) - although I wouldn't be surprised if it worked 
:-/

see: htmlentities() or htmlspecialchars()

> 
> Good luck,
> 
> Warren Vail
>  
> 
>> -Original Message-
>> From: João Cândido de Souza Neto [mailto:[EMAIL PROTECTED] 
>> Sent: Thursday, August 10, 2006 11:11 AM
>> To: php-general@lists.php.net
>> Subject: [PHP] INPUT
>>
>> Hi everyone,
>>
>> Excuse me by off-topic.
>>
>> I´ve been a little trouble in showing data in html form.
>>
>> e.g.: In a e-commerce my client have a "Sony 29" TV" that 
>> when i put it in a input value, it seems just "Sony 29" it´s 
>> caused by the quote in the data, someone knows how can i fix it?
>>
>> Thanks all.
>>
>>
>> --
>> João Cândido de Souza Neto
>> Curitiba Online
>> [EMAIL PROTECTED]
>> (41) 3324-2294 (41) 9985-6894
>> http://www.curitibaonline.com.br 
>>
>> --
>> PHP General Mailing List (http://www.php.net/) To 
>> unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] INPUT

[Warren Vail]

Just happened to think of one other thing you might want to be aware of;

When a query behaves like this, your site is usually vulnerable to the "Sql
Injection Hack".  Basically this is where someone sticks an insert query
into one of your data form fields (quotes are involved), and the additional
query is used for something like adding themselves as an administrator to
your site.  I believe the addslashes I mentioned before would fix this for
this field, but you may want to check other text fields on your forms.

Warren Vail
 

> -Original Message-
> From: João Cândido de Souza Neto [mailto:[EMAIL PROTECTED] 
> Sent: Thursday, August 10, 2006 11:11 AM
> To: php-general@lists.php.net
> Subject: [PHP] INPUT
> 
> Hi everyone,
> 
> Excuse me by off-topic.
> 
> I´ve been a little trouble in showing data in html form.
> 
> e.g.: In a e-commerce my client have a "Sony 29" TV" that 
> when i put it in a input value, it seems just "Sony 29" it´s 
> caused by the quote in the data, someone knows how can i fix it?
> 
> Thanks all.
> 
> 
> --
> João Cândido de Souza Neto
> Curitiba Online
> [EMAIL PROTECTED]
> (41) 3324-2294 (41) 9985-6894
> http://www.curitibaonline.com.br 
> 
> --
> PHP General Mailing List (http://www.php.net/) To 
> unsubscribe, visit: http://www.php.net/unsub.php
> 
> 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] INPUT

[Jochem Maas]

João Cândido de Souza Neto wrote:
> Hi everyone,
> 
> Excuse me by off-topic.

why; are you writing the app in ASP or something? ;-)

> 
> I´ve been a little trouble in showing data in html form.
> 
> e.g.: In a e-commerce my client have a "Sony 29" TV" that when i put it in a
> input value, it seems just "Sony 29" it´s caused by the quote in the data,
> someone knows how can i fix it?

echo htmlentities('Sony 29" TV', ENT_QUOTES);

or

echo htmlspecialchars('Sony 29" TV');

> 
> Thanks all.
> 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] INPUT

[Warren Vail]

http://us3.php.net/manual/en/function.addslashes.php

Good luck,

Warren Vail
 

> -Original Message-
> From: João Cândido de Souza Neto [mailto:[EMAIL PROTECTED] 
> Sent: Thursday, August 10, 2006 11:11 AM
> To: php-general@lists.php.net
> Subject: [PHP] INPUT
> 
> Hi everyone,
> 
> Excuse me by off-topic.
> 
> I´ve been a little trouble in showing data in html form.
> 
> e.g.: In a e-commerce my client have a "Sony 29" TV" that 
> when i put it in a input value, it seems just "Sony 29" it´s 
> caused by the quote in the data, someone knows how can i fix it?
> 
> Thanks all.
> 
> 
> --
> João Cândido de Souza Neto
> Curitiba Online
> [EMAIL PROTECTED]
> (41) 3324-2294 (41) 9985-6894
> http://www.curitibaonline.com.br 
> 
> --
> PHP General Mailing List (http://www.php.net/) To 
> unsubscribe, visit: http://www.php.net/unsub.php
> 
> 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] input validation?

[PHP Superman]

I think the attribute is called maxlength but i'm not sure, oh well add the
maxlength attribute to your input tag to have a quick, clean
non-javascript-realiant solution


On 1/12/06, John Meyer <[EMAIL PROTECTED]> wrote:
>
> Stut wrote:
> > Ok, you're clearly missing my point and while I don't want this to
> > degrade into the usual pissing contest I do feel I need to clarify
> > what I was saying.
> >
> > I completely agree that in this case Javascript should be used to
> > provide the user with feedback as to how close to the limit they are.
> > However, in your post you described the solution as either Javascript
> > *or* PHP when the best solution is both. What I was pointing out is
> > that while Javascript is a better solution from a usability point of
> > view, not doing the validation with PHP is dangerous regardless of
> > whether the length is validated using Javascript or not.
> >
> > I certainly don't believe that PHP is the "total solution for most
> > situations", but when it comes to input validation you *need* to do
> > validation on the server-side regardless of what validation you do
> > with Javascript since you have no control over whether the Javascript
> > gets executed.
> >
> This sounds almost like the old DB vs. Application logic debate I see on
> several mailing lists; whether you should store more logic in the DB
> Server through triggers or through application logic.  My point on this
> is that it boils down to how important that data is.  If it's somebody's
> comments on their blog or on a post, I'd just leave it on the
> application _or_ trim it down to the 300 characters and input it in.
> bank transactions, I'd have so many triggers going it would be unreal.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


--
Hi Everyone, I am running PHP 5 on Windosws XP SP2 with MySQL5, Bye Now!

Re: [PHP] input validation?

[John Meyer]

Stut wrote:
Ok, you're clearly missing my point and while I don't want this to 
degrade into the usual pissing contest I do feel I need to clarify 
what I was saying.


I completely agree that in this case Javascript should be used to 
provide the user with feedback as to how close to the limit they are. 
However, in your post you described the solution as either Javascript 
*or* PHP when the best solution is both. What I was pointing out is 
that while Javascript is a better solution from a usability point of 
view, not doing the validation with PHP is dangerous regardless of 
whether the length is validated using Javascript or not.


I certainly don't believe that PHP is the "total solution for most 
situations", but when it comes to input validation you *need* to do 
validation on the server-side regardless of what validation you do 
with Javascript since you have no control over whether the Javascript 
gets executed.


This sounds almost like the old DB vs. Application logic debate I see on 
several mailing lists; whether you should store more logic in the DB 
Server through triggers or through application logic.  My point on this 
is that it boils down to how important that data is.  If it's somebody's 
comments on their blog or on a post, I'd just leave it on the 
application _or_ trim it down to the 300 characters and input it in.  
bank transactions, I'd have so many triggers going it would be unreal.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] input validation?

[Stut]

[EMAIL PROTECTED] wrote:


I disagree...  PHP frequently involves interacting with or outright using 
alternative technologies to accomplish your goal.  This includes HTML, XML, 
databases, etc.  To effectively use PHP you need to understand your options and 
the pros/cons in using the other technologies.

PHP isn't a total solution for most situations.  Suggesting that all problems 
be solved with PHP just because it's a PHP mailing list is shortsighted and I 
believe *that* can do more harm for novice developers than not suggesting 
alteratives.

Ok, you're clearly missing my point and while I don't want this to 
degrade into the usual pissing contest I do feel I need to clarify what 
I was saying.


I completely agree that in this case Javascript should be used to 
provide the user with feedback as to how close to the limit they are. 
However, in your post you described the solution as either Javascript 
*or* PHP when the best solution is both. What I was pointing out is that 
while Javascript is a better solution from a usability point of view, 
not doing the validation with PHP is dangerous regardless of whether the 
length is validated using Javascript or not.


I certainly don't believe that PHP is the "total solution for most 
situations", but when it comes to input validation you *need* to do 
validation on the server-side regardless of what validation you do with 
Javascript since you have no control over whether the Javascript gets 
executed.


Off to get more coffee ;)

-Stut

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] input validation?

[Stut]

[EMAIL PROTECTED] wrote:


Hmm.. I didn't see anyone ask "before or after the user clicks SUBMIT"?
 



Probably because this is a PHP list and nothing that happens on the 
client side is a) controllable by PHP or b) guaranteed. Whatever you do 
on the client side you should always validate anything coming from the 
client on the serverside.


-Stut

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] input validation?

[tg-php]

Hmm.. I didn't see anyone ask "before or after the user clicks SUBMIT"?

If it's before, then you should use javascript to check the form element prior 
to submitting (you can check realtime with the onkeydown, onkeyup events...  
check after a user moves off of the form element with onchange or even 
onfocus/onblur... or when the user clicks 'submit' with the onsubmit event).

Whenever you check it... it's going to be something like 
forms[formnameornumber].formelementname.length   or something like that in JS.


If it's after the user submits the form, then yeah, what everyone else said..  
strlen($data) (where $data contains the information submitted).

-TG

= = = Original message = = =

Hello,

I need to check that user input text is less than 300 characters long. How?

Thanks
-Will 


___
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] input validation?

[Austin Denyer]

On Thu, 12 Jan 2006 16:56:43 +0200
"William Stokes" <[EMAIL PROTECTED]> wrote:
>
> Hello,
> 
> I need to check that user input text is less than 300 characters
> long. How?

if(strlen($UserInputText) > 300){
echo("Too long");
}

See http://www.php.net/manual/en/print/function.strlen.php

Regards,
Ozz.


pgpeKLczT0L1F.pgp
Description: PGP signature

Re: [PHP] input validation?

[Larry E. Ullman]

I need to check that user input text is less than 300 characters  
long. How?


if (strlen($_POST['input']) < 300) { ...

You may want to also apply trim() to the input text to get rid of  
extraneous white space at the beginning and end of the input.


Larry

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] input validation?

[Silvio Porcellana]

William Stokes wrote:
> Hello,
> 
> I need to check that user input text is less than 300 characters long. How?
> 
> Thanks
> -Will 
> 

Try with strlen:
http://php.net/strlen

Silvio

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] input validation?

[Jay Blanchard]

[snip]
I need to check that user input text is less than 300 characters long. How?
[/snip]

string length, it's in the manual.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] input type=file problem (Maybe 0T)

[Ryan A]

> > setting a VALUE="path/file" but that
> > does not work.



> As far as I know, you
> can't set the initial values for 'file' inputs.
> It's a security thing.


H, you're right,saw the same thing on google after digging a little
deeper, thanks mate.

Cheers,
Ryan

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] input type=file problem (Maybe 0T)

[Edward Vermillion]

Ryan A wrote:

Hey,

Heres what I am doing, I have a form where a user can enter values and in
the form I have a FILE box so the
user can upload her pic, if she screws up anywhere (eg: putting an alphabet
in her date of birth) I send her back
to the form and her date of birth gets highlighted plus the value she
entered comes in the date of birth and also
an error explanation underneithso far so good.

The problem is, if she has tried to upload a pic at the same time and
screwed up on the date of birth I am unable
to send back the value of the FILE box so that too get populated... I tried
setting a VALUE="path/file" but that
does not work.

What am I missing here?

Thanks,
Ryan

As far as I know, you can't set the initial values for 'file' inputs. 
It's a security thing.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Input to PHP from Java

[raditha dissanayake]

Rajesh Batchu wrote
_outputStream.flush();
_outputStream.close();
   // receive response
 _inputStream = new DataInputStream(new BufferedInputStream(_httpsConnection.getInputStream()));
 

OT: if you close the outputstream from URLConnection you will not be 
able to read the inputstream either.

Now the issue for me is , i need to capture the data that is posted by the java code above in my php page.  I am not getting the value in any of the standard variables.
 

If your java code is sending a standard http request it will show up 
either in the $_REQUEST variable. You might want to write to the log 
file using error_log() so that you can get debuging information that way 
in case the response is not picked up by the java app.

 


--
Raditha Dissanayake.

http://www.radinks.com/sftp/ | http://www.raditha.com/megaupload
Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader
Graphical User Inteface. Just 128 KB | with progress bar.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Input to PHP from Java

[Marek Kilimajer]

Rajesh Batchu wrote:
Hi,
 
I have a page with SSL enables as below.
 
https://email.website.com/usrfolder/one.php
 
For this page, my customer is posting some XML data using a java output stream as below. ( pseudo code)
  URL url = new URL(_url);
_httpsConnection= (HttpsURLConnection) url.openConnection();

 _httpsConnection.setDoInput(true);
 _httpsConnection.setDoOutput(true);
 _httpsConnection.setUseCaches(false);
 _httpsConnection.setRequestProperty("Connection", "Keep-Alive");
// send transaction
 _outputStream = new DataOutputStream(new 
BufferedOutputStream(_httpsConnection.getOutputStream()));
 _outputStream.write(xmlString.getBytes());
 _outputStream.flush();
 _outputStream.close();
// receive response
  _inputStream = new DataInputStream(new 
BufferedInputStream(_httpsConnection.getInputStream()));
  BufferedReader in= new BufferedReader(new InputStreamReader(_inputStream));
  String inputLine ;
  while ((inputLine = in.readLine()) != null){
rcvMsg = rcvMsg + inputLine;
  }
in.close();
 Now the issue for me is , i need to capture the data that is posted by the java code above in my php page.  I am not getting the value in any of the standard variables.
 
Can some one suggest me how i should read the data..
 
Thanks in advance,
Regards,
Rajesh B.
http://sk2.php.net/manual/en/wrappers.php.php
php://input allows you to read raw POST data. It is a less memory 
intensive alternative to $HTTP_RAW_POST_DATA and does not need any 
special php.ini directives.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Input Validation of $_SESSION values

[Chris Shiflett]

--- Pablo Gosse <[EMAIL PROTECTED]> wrote:
> It's obviously best practice to rigorously check and validate all input
> coming via $_GET or $_POST, but what about $_SESSION values?

Session data can be considered safe, but there are of course caveats. It
is not possible for the user to manipulate session data at all, whereas
GET, POST, and cookie data comes directly from the user. That is the major
difference. Of course, if you blindly store client data in a session, you
now have tainted session data. So, it all depends on your application.

Hope that helps.

Chris

=
My Blog
 http://shiflett.org/
HTTP Developer's Handbook
 http://httphandbook.org/
RAMP Training Courses
 http://www.nyphp.org/ramp

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] input field masks

[Brent Baisley]

PHP is server side, it has nothing to do with client side, aside from 
server up some information. You can, and should, validate the input 
using PHP after it is submitted.
For client side validation you would need to use javascript. You can do 
what you are trying to do in javascript, but it will get very 
complicated since you need to use the onkeypress to capture and process 
each key stroke to make sure the / remain.
I think using PHP to validate after submission would be a lot easier 
and much more flexible. If you do it right, the user could put in 
something like +3 to enter a date three days from todays date.

On Friday, September 12, 2003, at 05:20 AM, Bobpilly wrote:

Hello all

I am trying to enforce input masks for dates that are viewable in a 
single
html text box. For example i would like a single tect box that the 
user will
see ##/##/ in and when they click on the field they will only be 
able to
enter digits in the ## areas the / will remain. Is php cable of doing 
this?

Thanks for any help in advance!

Cheers

Bob

--
Brent Baisley
Systems Architect
Landover Associates, Inc.
Search & Advisory Services for Advanced Technology Environments
p: 212.759.6400/800.759.0577
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] input field masks

[Ryan A]

Javascript is your answer.
Cheers,
-Ryan


We will slaughter you all! - The Iraqi (Dis)information ministers site
http://MrSahaf.com


- Original Message - 
From: "Bobpilly" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, September 12, 2003 11:20 AM
Subject: [PHP] input field masks


> Hello all
>
> I am trying to enforce input masks for dates that are viewable in a single
> html text box. For example i would like a single tect box that the user
will
> see ##/##/ in and when they click on the field they will only be able
to
> enter digits in the ## areas the / will remain. Is php cable of doing
this?
>
> Thanks for any help in advance!
>
> Cheers
>
> Bob
>
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Input area allowing text formatting

[Dynamical.biz]

http://www.interactivetools.com/products/htmlarea/
this is not concerning php but javascript

-Mensaje original-
De: Todd Cary [mailto:[EMAIL PROTECTED]
Enviado el: domingo, 31 de agosto de 2003 21:18
Para: [EMAIL PROTECTED]
Asunto: [PHP] Input area allowing text formatting


I would like to provide the surfer with a text input area that would give a
means of using bold, underline and different text colors.  Can this be done
with PHP?

Todd

--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Input field array ends up as "Array" string

[Dan Delaney]

Well, in the process of pulling out some code into a sample page to 
send to the list I found the problem. It was yesterday when someone who 
was testing it told me about the problem, but the problem must have 
been going on for a week, because a week ago I added code to a global 
include script that checked to see if magic quotes was on and then did 
a stripslashes on all the values in $_POST if they were. So that ended 
up doing a stripslashes on the string "Array" and replacing 
$_POST['interests']. So I expanded the routine that striped the slashes 
so that it checks first to see if the element is an array.

Cheers
--Dan
 


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Input field array ends up as "Array" string

[Jason Wong]

On Tuesday 21 January 2003 23:03, Jason Wong wrote:
> Undo any configuration changes made recently, downgrade any recent upgrades
> etc. To paraphrase Newtown's First Law of Motion:

Sorry, "Newton's First Law of Motion" :)

> "Any working system tends to remain in that state unless external force is
> applied to it."
>
> So what was it that you did yesterday to cause it stop working?

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *

/*
Loud burping while walking around the airport is prohibited in Halstead, 
Kansas.
*/


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Input field array ends up as "Array" string

[Jason Wong]

On Tuesday 21 January 2003 22:33, Dan Delaney wrote:
> Hi every body. I have a form that was originally working just fine. It
> had a series of input checkboxes with the same name ("interests[]").
> These values then ended up in an array ($_POST['interests']), which I
> then imploded into a comma separated list ($interests = implode(', ',
> $_POST['interests']); ). Well, that was working just fine until
> yesterday when I started getting an error on that implode function
> ("Bad arguments to implode()"). So I did a "gettype" on
> $_POST['interests'] and it revealed that it is now ending up as a
> "string" variable. So I printed it and it contains the string "Array"!
>
> Anyone know what's going on here?

Undo any configuration changes made recently, downgrade any recent upgrades 
etc. To paraphrase Newtown's First Law of Motion:

"Any working system tends to remain in that state unless external force is 
applied to it."

So what was it that you did yesterday to cause it stop working?

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *

/*
Isn't it nice that people who prefer Los Angeles to San Francisco live there?
-- Herb Caen
*/


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Input field array ends up as "Array" string

[Leon Mergen]

"Rick Emery" <[EMAIL PROTECTED]> wrote in message
024801c2c15b$1a770e70$0500a8c0@honeybee">news:024801c2c15b$1a770e70$0500a8c0@honeybee...
> show us code

Learn how to quote. :)



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Input field array ends up as "Array" string

[Rick Emery]

show us code
- Original Message - 
From: "Dan Delaney" <[EMAIL PROTECTED]>
To: <>
Sent: Tuesday, January 21, 2003 8:33 AM
Subject: [PHP] Input field array ends up as "Array" string


Hi every body. I have a form that was originally working just fine. It 
had a series of input checkboxes with the same name ("interests[]"). 
These values then ended up in an array ($_POST['interests']), which I 
then imploded into a comma separated list ($interests = implode(', ', 
$_POST['interests']); ). Well, that was working just fine until 
yesterday when I started getting an error on that implode function 
("Bad arguments to implode()"). So I did a "gettype" on 
$_POST['interests'] and it revealed that it is now ending up as a 
"string" variable. So I printed it and it contains the string "Array"!

Anyone know what's going on here?

Thanks
--Dan


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: PHP input and variables dynamic :)

[Richard Lynch]

>
>
>onclick = "document.all['tree'].status[].value='expand'; 

No matter what you do, JavaScript will *NEVER* accept the [ or ] character
as part of a field's NAME.

Those are RESERVED keys in JavaScript.

You'll have to refer to the INPUT by NUMBER, rather htan name.

onClick = "document.all.tree.5.value='expand'";

Only 5 is probably not correct...

You'll have to count your INPUTs.

Ooh.  *OR*, I think you can give the INPUT thingies an *ID* in HTML, and
use the *ID* (not NAME) in JavaScript.

Never did that, myself, but I hear it works.

-- 
Like Music?  http://l-i-e.com/artists.htm
I'm looking for a PRO QUALITY two-input sound card supported by Linux (any
major distro).  Need to record live events (mixed already) to stereo
CD-quality.  Soundcard Recommendations?
Software to handle the recording? Don't need fancy mixer stuff.  Zero (0)
post-production time.  Just raw PCM/WAV/AIFF 16+ bit, 44.1KHz, Stereo
audio-to-disk.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] input

[Jason Wong]

On Wednesday 13 March 2002 21:07, Rick Emery wrote:
> Nope, that's not the problem.  the $_POST[] is NOT inside single-quotes.
> The problem is he used commas before and after the $_POST[].


You can use commas to separate expressions when using echo. So that's not the 
problem. AFAICS the code *is* valid.


-- 
Jason Wong -> Gremlins Associates -> www.gremlins.com.hk

/*
It is easier to resist at the beginning than at the end.
-- Leonardo da Vinci
*/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] input

[Jason Wong]

On Wednesday 13 March 2002 21:02, Edward van Bilderbeek - Bean IT wrote:
>  the single quotes you use for your echo indicate that the variable in your
> echoed string won't be parsed double quotes indicate that it will be
> parsed...
>
> e.g.
>
> $test = 1
>
> echo '$test'   // prints: $test
> echo "$test"  // prints: 1

But the way it's being used is:

 echo 'xxx', $XXX, 'xxx';

ie the variable is not inside the single-quotes.

>
> Greets,
>
> Edward
>
> > > hello,
> > > Someone was kind enough to give me this code for sending a value
>
> from
>
> > > one page to another, but it doesn't work. I wonder if anyone can see
> > > anything wrong:
> > >
> > >  > > echo '
> > > 
> > > ';
> > > ?>



-- 
Jason Wong -> Gremlins Associates -> www.gremlins.com.hk

/*
The Pig, if I am not mistaken,
Gives us ham and pork and Bacon.
Let others think his heart is big,
I think it stupid of the Pig.
-- Ogden Nash
*/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] input

[Rick Emery]

Nope, that's not the problem.  the $_POST[] is NOT inside single-quotes.
The problem is he used commas before and after the $_POST[].


-Original Message-
From: Edward van Bilderbeek - Bean IT [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 13, 2002 7:02 AM
To: PHP-General
Subject: Re: [PHP] input


 the single quotes you use for your echo indicate that the variable in your
echoed string won't be parsed double quotes indicate that it will be
parsed...

e.g.

$test = 1

echo '$test'   // prints: $test
echo "$test"  // prints: 1

Greets,

Edward

>
> > hello,
> > Someone was kind enough to give me this code for sending a value
from
> > one page to another, but it doesn't work. I wonder if anyone can see
> > anything wrong:
> >
> >  > echo '
> > 
> > ';
> > ?>
> >
> > I want to pass $inp to another pagee.
> >
> > Thanks In advance
> > John
> >
> > _
> > Chat with friends online, try MSN Messenger: http://messenger.msn.com
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] input

[Jason Wong]

On Wednesday 13 March 2002 20:54, John Gurley wrote:
> hello,
> Someone was kind enough to give me this code for sending a value from
> one page to another, but it doesn't work. I wonder if anyone can see
> anything wrong:
>
>  echo '
> 
> ';
> ?>
>
> I want to pass $inp to another pagee.

Please, we're not mind-readers, *how* doesn't it work? Errors? Nothing?

Also what version of PHP are you using?


-- 
Jason Wong -> Gremlins Associates -> www.gremlins.com.hk

/*
When in doubt, have a man come through the door with a gun in his hand.
-- Raymond Chandler
*/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] input

[Edward van Bilderbeek - Bean IT]

 the single quotes you use for your echo indicate that the variable in your
echoed string won't be parsed double quotes indicate that it will be
parsed...

e.g.

$test = 1

echo '$test'   // prints: $test
echo "$test"  // prints: 1

Greets,

Edward

>
> > hello,
> > Someone was kind enough to give me this code for sending a value
from
> > one page to another, but it doesn't work. I wonder if anyone can see
> > anything wrong:
> >
> >  > echo '
> > 
> > ';
> > ?>
> >
> > I want to pass $inp to another pagee.
> >
> > Thanks In advance
> > John
> >
> > _
> > Chat with friends online, try MSN Messenger: http://messenger.msn.com
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] input

[Rick Emery]

';
?>

-Original Message-
From: John Gurley [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 13, 2002 6:55 AM
To: [EMAIL PROTECTED]
Subject: [PHP] input


hello,
Someone was kind enough to give me this code for sending a value from 
one page to another, but it doesn't work. I wonder if anyone can see 
anything wrong:


';
?>

I want to pass $inp to another pagee.

Thanks In advance
John

_
Chat with friends online, try MSN Messenger: http://messenger.msn.com


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] INPUT tag with default value

[Silvia Mahiques]

  Dear Philip,

  Thank you very much,
  I have lost long time proving different alternatives that it's better
not to implement. I prefer a safe code.

  Thanks again!.

  Cheers

  Silvia Mahiques


"Philip Olson" <[EMAIL PROTECTED]> escribió en el mensaje
Pine.BSF.4.10.10110231629160.58932-10@localhost">news:Pine.BSF.4.10.10110231629160.58932-10@localhost...
> This is not possible. Default values cannot be set with type=file as if it
> were it would be quite a security risk.A little more information on
> the capability of this html form element:
>
>   http://www.blooberry.com/indexdot/html/tagpages/i/inputfile.htm
>
> And a related RFC :
>
>   http://www.faqs.org/rfcs/rfc1867.html
>
> regards,
> Philip Ollson
>
>
> On Tue, 23 Oct 2001, Silvia Mahiques wrote:
>
> > Hi,
> > I can't print a default value in a INPUT tag with TYPE=file. INPUT tag
has value attribute, but it not apear in window box.
> >
> > .
> >
> > How can I print a default value?
> >
> >
> >
> > Thanks,
> >
> > Silvia Mahiques
> >
>


begin 666 px.gif
K1TE&.#EA`0`!`/ ``/___P```"'Y! $```$`+ `!``$```("3 $`.P``
`
end


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] INPUT tag with default value

[Richard S. Crawford]

It is possible to utilize a VALUE attribute with a FILE type input 
field.  Even the specs at Blooberry list "value" as an attribute of the 
input type=file field.  I double-checked at w3c.org to make sure, though, 
and found the information repeated there.  I even checked my O'Reilly book 
on XHTML.  :)  O'Reilly suggests, though, that because of the vagaries of 
individual file systems on individual computers, the VALUE attribute just 
isn't recommended.

I suggested the use of the htmlspecialchars() function to strip possible 
quotes from the value of $photo in the original author's example, as in:



I struggled with exactly this problem a couple of weeks ago.  In the end I 
decided that using the VALUE attribute was just a bad idea, since one could 
never know how the user had set up their own file system.



At 09:47 AM 10/23/2001, Philip Olson wrote:
>This is not possible. Default values cannot be set with type=file as if it
>were it would be quite a security risk.A little more information on
>the capability of this html form element:
>
>   http://www.blooberry.com/indexdot/html/tagpages/i/inputfile.htm
>
>And a related RFC :
>
>   http://www.faqs.org/rfcs/rfc1867.html
>
>regards,
>Philip Ollson


Sliante,
Richard S. Crawford

http://www.mossroot.com
mailto:[EMAIL PROTECTED]
AIM: Buffalo2K   ICQ: 11646404  Y!: rscrawford
"It is only with the heart that we see rightly; what is essential is 
invisible to the eye."  --Antoine de Saint Exupéry

"Push the button, Max!"


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] INPUT tag with default value

[Philip Olson]

This is not possible. Default values cannot be set with type=file as if it
were it would be quite a security risk.A little more information on
the capability of this html form element:

  http://www.blooberry.com/indexdot/html/tagpages/i/inputfile.htm

And a related RFC :

  http://www.faqs.org/rfcs/rfc1867.html

regards,
Philip Ollson


On Tue, 23 Oct 2001, Silvia Mahiques wrote:

> Hi,
> I can't print a default value in a INPUT tag with TYPE=file. INPUT tag has value 
>attribute, but it not apear in window box.
> 
> .
> 
> How can I print a default value?
> 
> 
> 
> Thanks,
> 
> Silvia Mahiques
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] input textfield value cat!

[Richard Lynch]

You need quotes around multi-word values in HTML.




--
Visit the Zend Store at http://www.zend.com/store/
Wanna help me out?  Like Music?  Buy a CD: http://l-i-e.com/artists.htm
Volunteer a little time: http://chatmusic.com/volunteer.htm
- Original Message -
From: "kaab kaoutar" <[EMAIL PROTECTED]>
Newsgroups: php.general
Sent: Monday, March 05, 2001 9:27 AM
Subject: [PHP] input textfield value cat!


> Hi!
> i'm storing values in session variables, when i get a value wich is a
> sequence of words seperated by space, it echoes successfully but when i
try
> to initialize the value of an input textfield with it   i got only the
first
> word! i tried to encode decode but no way !
> Thanks
> _
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] input textfield value cat!

[Batonik]

On Mon, 5 Mar 2001, kaab kaoutar wrote:

> I'm using a variable!
> >

Quote the value:
\">

Greets,
Batonik


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] input textfield value cat!

[Christian Reiniger]

On Monday 05 March 2001 17:29, you wrote:
> I'm using a variable!
> >

Well, you *still* need to have quotes around it:



> >Make sure you have quotes around the value.
> >
> >

-- 
Christian Reiniger
LGDC Webmaster (http://sunsite.dk/lgdc/)

...to paraphrase Churchill, while representative  democracy may be
terrible, it's still the best system that large corporations can buy.

- David Weinberger JOHO January 25, 2000

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] input textfield value cat!

[kaab kaoutar]

I'm using a variable!
>




>From: "Brad S. Jackson" <[EMAIL PROTECTED]>
>To: "kaab kaoutar" <[EMAIL PROTECTED]>
>Subject: Re: [PHP] input textfield value cat!
>Date: Mon, 5 Mar 2001 10:08:21 -0600
>
>
>
>Make sure you have quotes around the value.
>
>
>
>
>Hi!
>i'm storing values in session variables, when i get a value wich is a
>sequence of words seperated by space, it echoes successfully but when i try
>to initialize the value of an input textfield with it   i got only the 
>first
>word! i tried to encode decode but no way !
>Thanks
>
>

_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP] input type=file

[Joe Sheble (Wizaerd)]

that would be one option...   however, if you're going to let them navigate
through different directories, it would be a bit tougher in a dropdown...
but if all you need is to display a list of files to them, then that would
work great

Joseph E. Sheble
a.k.a. Wizaerd
Wizaerd's Realm
Canvas, 3D, Graphics,
ColdFusion, PHP, and mySQL
http://www.wizaerd.com
=

> -Original Message-
> From: Jerry Lake [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 16, 2001 5:16 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [PHP] input type=file
>
>
> so then maybe, if I understand it correctly
> (which may or may not be true) I could read
> the contents or a directory and populate a
> dropdown list...?
>
> Jerry Lake- [EMAIL PROTECTED]
> Web Designer
> Europa Communications - http://www.europa.com
> Pacifier Online   - http://www.pacifier.com
>
>
> -Original Message-
> From: Joe Sheble (Wizaerd) [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 16, 2001 4:16 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [PHP] input type=file
>
>
> to put it simply, you can't...
>
> but you could put an input type of text with a link or a button next to it
> manually, and then on the onClick of either this button or link open a
> secondary window running a PHP script that reads a particular directory
> structure with full navigation support.  Then when the user clicks a
> filename, place that into the input in the first window and close the
> secondary window.
>
> However, this would require JavaScript and a full recursive directory
> browser script in PHP.  I have something similiar to this in a content
> manager script I've written, but it doesn't check other directories.  It
> picks an image from an /ImageLibrary/ directory, allowing the user to
> preview an image, upload new images, delete images, rename
> images, but most
> importantly pick a filename.  Then it populates a field in the content
> manager screen for saving to a database.
>
> Joseph E. Sheble
> a.k.a. Wizaerd
> Wizaerd's Realm
> Canvas, 3D, Graphics,
> ColdFusion, PHP, and mySQL
> http://www.wizaerd.com
> =
>
> > -Original Message-
> > From: Jerry Lake [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, February 16, 2001 4:57 PM
> > To: [EMAIL PROTECTED]
> > Subject: [PHP] input type=file
> >
> >
> > this doesn't relate directly to PHP,
> > but it will when I am done.
> >
> > How can I create a file input that
> > reads from a directory on the server
> > instead of the users machine
> >
> > Jerry Lake- [EMAIL PROTECTED]
> > Web Designer
> > Europa Communications - http://www.europa.com
> > Pacifier Online - http://www.pacifier.com
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
> >
> >
> >
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP] input type=file

[Jerry Lake]

that should be contents of,
not contents or...

Jerry Lake- [EMAIL PROTECTED]
Web Designer
Europa Communications - http://www.europa.com
Pacifier Online - http://www.pacifier.com


-Original Message-
From: Jerry Lake [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 16, 2001 4:16 PM
To: [EMAIL PROTECTED]
Subject: RE: [PHP] input type=file


so then maybe, if I understand it correctly
(which may or may not be true) I could read
the contents or a directory and populate a
dropdown list...?

Jerry Lake- [EMAIL PROTECTED]
Web Designer
Europa Communications - http://www.europa.com
Pacifier Online - http://www.pacifier.com


-Original Message-
From: Joe Sheble (Wizaerd) [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 16, 2001 4:16 PM
To: [EMAIL PROTECTED]
Subject: RE: [PHP] input type=file


to put it simply, you can't...

but you could put an input type of text with a link or a button next to it
manually, and then on the onClick of either this button or link open a
secondary window running a PHP script that reads a particular directory
structure with full navigation support.  Then when the user clicks a
filename, place that into the input in the first window and close the
secondary window.

However, this would require JavaScript and a full recursive directory
browser script in PHP.  I have something similiar to this in a content
manager script I've written, but it doesn't check other directories.  It
picks an image from an /ImageLibrary/ directory, allowing the user to
preview an image, upload new images, delete images, rename images, but most
importantly pick a filename.  Then it populates a field in the content
manager screen for saving to a database.

Joseph E. Sheble
a.k.a. Wizaerd
Wizaerd's Realm
Canvas, 3D, Graphics,
ColdFusion, PHP, and mySQL
http://www.wizaerd.com
=

> -Original Message-
> From: Jerry Lake [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 16, 2001 4:57 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] input type=file
>
>
> this doesn't relate directly to PHP,
> but it will when I am done.
>
> How can I create a file input that
> reads from a directory on the server
> instead of the users machine
>
> Jerry Lake- [EMAIL PROTECTED]
> Web Designer
> Europa Communications - http://www.europa.com
> Pacifier Online   - http://www.pacifier.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP] input type=file

[Jerry Lake]

so then maybe, if I understand it correctly
(which may or may not be true) I could read
the contents or a directory and populate a
dropdown list...?

Jerry Lake- [EMAIL PROTECTED]
Web Designer
Europa Communications - http://www.europa.com
Pacifier Online - http://www.pacifier.com


-Original Message-
From: Joe Sheble (Wizaerd) [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 16, 2001 4:16 PM
To: [EMAIL PROTECTED]
Subject: RE: [PHP] input type=file


to put it simply, you can't...

but you could put an input type of text with a link or a button next to it
manually, and then on the onClick of either this button or link open a
secondary window running a PHP script that reads a particular directory
structure with full navigation support.  Then when the user clicks a
filename, place that into the input in the first window and close the
secondary window.

However, this would require JavaScript and a full recursive directory
browser script in PHP.  I have something similiar to this in a content
manager script I've written, but it doesn't check other directories.  It
picks an image from an /ImageLibrary/ directory, allowing the user to
preview an image, upload new images, delete images, rename images, but most
importantly pick a filename.  Then it populates a field in the content
manager screen for saving to a database.

Joseph E. Sheble
a.k.a. Wizaerd
Wizaerd's Realm
Canvas, 3D, Graphics,
ColdFusion, PHP, and mySQL
http://www.wizaerd.com
=

> -Original Message-
> From: Jerry Lake [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 16, 2001 4:57 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] input type=file
>
>
> this doesn't relate directly to PHP,
> but it will when I am done.
>
> How can I create a file input that
> reads from a directory on the server
> instead of the users machine
>
> Jerry Lake- [EMAIL PROTECTED]
> Web Designer
> Europa Communications - http://www.europa.com
> Pacifier Online   - http://www.pacifier.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP] input type=file

[Joe Sheble (Wizaerd)]

to put it simply, you can't...

but you could put an input type of text with a link or a button next to it
manually, and then on the onClick of either this button or link open a
secondary window running a PHP script that reads a particular directory
structure with full navigation support.  Then when the user clicks a
filename, place that into the input in the first window and close the
secondary window.

However, this would require JavaScript and a full recursive directory
browser script in PHP.  I have something similiar to this in a content
manager script I've written, but it doesn't check other directories.  It
picks an image from an /ImageLibrary/ directory, allowing the user to
preview an image, upload new images, delete images, rename images, but most
importantly pick a filename.  Then it populates a field in the content
manager screen for saving to a database.

Joseph E. Sheble
a.k.a. Wizaerd
Wizaerd's Realm
Canvas, 3D, Graphics,
ColdFusion, PHP, and mySQL
http://www.wizaerd.com
=

> -Original Message-
> From: Jerry Lake [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 16, 2001 4:57 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] input type=file
>
>
> this doesn't relate directly to PHP,
> but it will when I am done.
>
> How can I create a file input that
> reads from a directory on the server
> instead of the users machine
>
> Jerry Lake- [EMAIL PROTECTED]
> Web Designer
> Europa Communications - http://www.europa.com
> Pacifier Online   - http://www.pacifier.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP] input type equals image

[Jason Murray]

> When a form is submitted from an image (e.g.  ) this 
> will be passed in the URL as paging.x=SOME_NUMBER. If I try and 
> access this variable as ${paging.x} in the subsequent PHP script 
> I get nothing. How can I access this variable? all I want to do 
> is test for it's existance ? Simple as it seems ... it doesn't 
> work ?

You can't use a "." in a variable name. PHP automagically converts 
it into a "_". So, look for $paging_x.

Jason

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] input processor function

[Joe Stump]

This is how I usually do it:



Then you have an array of values in $f

then just do :

while(list($key,$val) = each($f))
{
  $$key = strip_tags($val);
}

Which will then create a variable $firstname and put a strip_tags of $val into
it (leaving your original $f array intact for future use)

--Joe


On Wed, Jan 10, 2001 at 02:45:55PM -0500, Jon Rosenberg wrote:
> I want to process information submitted by a form, but I want to clean up
> the info before I use it.   I have about 40 form fields, of several field
> types.  If I only had a few form fields, I would do ths manually, but since
> I have so many my code will be much neater to do it with a function.  I want
> to loop through all the POST vars and do a strip_tags() and trim() on each
> one.
> 
> Is this how I should be doing this?  The code below works how I want it to.
> However, I would prefer, for performance/memory issues to not perform this
> on unneeded fields, such as radio buttons and select boxes where the
> information is already formatted how I want.  Is there any way to only
> perform this on text boxes and textarea fields?  THanks!
> 
> foreach ( $HTTP_POST_VARS as $key=>$value )
>  {
> $value=strip_tags($value);
> $value=trim($value);
> // for debugging use only  print all the variables from web form
>  print "$key = $value";
>  }
> 
> -
> Jonathan Rosenberg
> Be fierce, be fabulous, change the world!
> 
> 
> 
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]

---
Joe Stump
PHP Programmer
www.Care2.com


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]