I'd recommend Justin's route as well, if you have the time. In fact that is
how I learned to program in PHP by programming my own template and CMS
system (it still has a ways to go though).
If you don't have the time search the list archives as this question comes
up often. You'll get a lot of goo
I think always using addslashes is better because you have to write
clean cide instead of trusting in a funktion which can be disabled on
some servers.
To avoid double-escaping I use this code:
function stripslashes_array($array) {
reset($array);
while(list($key,$val)=each($array)) {
if(is_
If you are doing both addslashes() and have magic_quotes_gpc turned on,
then yes, you are double-escaping things.
>From a performance-perspective I doubt you could measure much difference,
but I suppose doing it through magic_quotes_gpc would be faster assuming
you need to escape all your GPC d
If you have magic_quotes_gpc = On in your php.ini file, which it is by
default, does one still need to have the addslashes function in their
coding?
When I'm inserting into my database, I have addslashes in place, and I
haven't change the default value of magic_quotes_qpc = On. I havn't
seen any s
If the DBMS itself is in those directories, may receive start errors in PHP when
trying to load the database extension. To prevent this problem, comment out the
following line in your php.ini (assumes MySQL):
extension=mysql.so
You may also want to set mysql.max_links = 0 as an additional
Quick yes or no question. My db's are running on a different server then my
Webserver. I've temporarily mounted the directories from the db server to the
webserver to compile db access. Once PHP/Apache are compiled can they be
safely unmounted or will it give me problems somewhere down the line?
> off. Likewise though, you might start looking for replacements for those
> scripts as it takes time to make the changes, but it has been a year since
> register_globals were turned off by default and mentioned that they were
> going away in the future.
That is a sound advice, some time ago a lo
--- "John W. Holmes" <[EMAIL PROTECTED]> wrote:
> > Either way, what if a bad guy visits this URL:
> >
> > http://www.example.org/foo.php?PHPSESSID=12345
>
> Called session fixation. Here's good paper on this and how to deal
> with it.
>
> http://www.acros.si/papers/session_fixation.pdf
Actuall
Chris Shiflett wrote:
For example, consider that a legitimate user clicks a link and goes to this
URL:
http://www.example.org/foo.php?PHPSESSID=12345
Perhaps the user has cookies disabled, so PHP appends the session identifier to
the URL, or perhaps the developer does it automatically. Either way,
--- [EMAIL PROTECTED] wrote:
> i setup my sessions to be transparent, can it still be hacked ?
Yes.
If you can be more specific, I will try to be more specific also. :-)
Chris
=
My Blog
http://shiflett.org/
HTTP Developer's Handbook
http://httphandbook.org/
RAMP Training Courses
i setup my sessions to be transparent, can it still be hacked ?
> --- Chris Wanstrath <[EMAIL PROTECTED]> wrote:
>> Lots of great information in this thread as far as solutions go, but
>> what I'm wondering is the concept behind how someone actually can
>> hijack a session if register_globals is o
--- Chris Wanstrath <[EMAIL PROTECTED]> wrote:
> Lots of great information in this thread as far as solutions go, but
> what I'm wondering is the concept behind how someone actually can
> hijack a session if register_globals is off.
I proposed a talk on this at ApacheCon (in addition to my PHP Att
"Becoming Digital" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
You cannot use ini_set() for register_globals. It must be done from
.htaccess, httpd.conf or php.ini.
http://www.php.net/manual/en/function.ini-set.php
>>
Yup, I should have double checked the manual;) Nice catch.
Lots of great information in this thread as far as solutions go, but
what I'm wondering is the concept behind how someone actually can hijack
a session if register_globals is off. Should all this encryption and
added protection be added to scripts with register_globals off and when
steps are made
--- Brad Pauly <[EMAIL PROTECTED]> wrote:
> Good question! This has been on my mind some for a current project
> and now I have thought about it even more. Hmm, I'm not sure how to
> quote a blog. To paraphrase (hope you don't mind), Chris's
> definition of something that scales well is when resour
Hey Tom,
thanks again for replying.
> That depends on what your dicky friend is doing to screw your code up.
Dicky...nice name you picked pretty close to what I picked for him, but John
Holmes picked something similar for himself so watch out or he could be mad
at ya :-D
I don't want to break the
--- Ryan A <[EMAIL PROTECTED]> wrote:
> Yep, I just created the session and nothing beyond. Am new to PHP
> and first time/project user with sessions.
Right. I think this needs to be made clearer in the manual myself, and I might
add something to drive the point home. PHP sessions are a mechanism,
You cannot use ini_set() for register_globals. It must be done from .htaccess,
httpd.conf or php.ini.
http://www.php.net/manual/en/function.ini-set.php
Edward Dudlik
"Those who say it cannot be done
should not interrupt the person doing it."
wishy washy | www.amazon.com/o/registry/EGDXEBBWTYUU
The 'above' would make all items of $_SESSION array into variables... Errm..
$_SESSION["id"] would become $id, $_SESSION["username"] would become
$username and so on...
Not completely sure this'll work, but most likely as they already exist and
you only change their values, so they should remain g
Hi,
RA> If i declare them before using them like the above example...do you think I
RA> still need to use that class?
RA> Cheers,
RA> -Ryan
That depends on what your dicky friend is doing to screw your code up.
If you are passing ids' in the url or in post data then encode them. If he is
inven
Hi Tom,
A mighty big thanks for that class, I'll read up on classes tonight and try
to understand it.
Thanks for the tips on how to use it too.
> To help prevent problems with stuff like this it is always a good idea to
declare
> variables before using them, especially with sessions:
>
> $num = 0;
On Sun, 2003-10-19 at 17:22, Chris Shiflett wrote:
> PHP has been both heralded and criticized on a number of topics. This is to be
> expected, considering the rate of growth of PHP's popularity. It has given
> people something to talk about.
>
> One topic that seems to come up a lot is scalabilit
Hi,
Monday, October 20, 2003, 10:38:23 AM, you wrote:
RA> Hi Tom,
RA> Thanks for replying.
>> encrypt the numbers and decrypt them before use, if they wont decrypt to a
RA> nuber
>> ditch the connection. If you need a class for that I can send it to you
RA> Yes please, that should help, but am n
Hey,
Thanks for replying.
**
$_REQUEST is a great superglobal, check it out...
And at the top of the hijacked script:
while(list($tmp1,$tmp2)=each($_SESSION))
$$tmp1=$tmp2;
$tmp1=tmp2=NULL;
Could work.. :p
Can you tell me what the above does please? (am quite a
On Sun, 2003-10-19 at 18:01, rich wrote:
> OK,
>
> This is my latest idea to try and do this:
>
> $xh = xslt_create();
>
> parse_str($_SERVER['QUERY_STRING']);
> $params = array("keywords" => $keywords);
>
> $results = xslt_process($xh, 'library.xml', 'simple-search.xsl', NULL, NULL,
> -->$pa
$_REQUEST is a great superglobal, check it out...
And at the top of the hijacked script:
while(list($tmp1,$tmp2)=each($_SESSION))
$$tmp1=$tmp2;
$tmp1=tmp2=NULL;
Could work.. :p
--
// DvDmanDT
MSN: [EMAIL PROTECTED]
Mail: [EMAIL PROTECTED]
"Ryan A" <[EMAIL PROTECTED]> skrev i meddelandet
news:[EM
This is really an browser interpretation of HTML issue than a straight
PHP issue. A little more information would be helpful - such as
browser, page content, etc.
Regards,
Adam
On Sunday, October 19, 2003, at 05:45 PM, KB wrote:
Hi,
Does anyone know why my PHP pages won't work in Frames? I ha
Hi,
Thanks for replying.
> First of all, I bet you are using PHP sessions, and you have done nothing
> beyond getting them to work, right? One important note about PHP sessions
is
> that they provide the mechanism only; it is your job to provide whatever
> security you deem appropriate.
Yep, I
Hey,
> Use an ini_set in your sessions script (I am assuming that you are using a
> seperate script to manage your sessions)
Not really, I use authenticate for the login, then above each script i have
a session_start() throughout the site.
Its gotten to be a habit that i start a script with sessi
Hi Tom,
Thanks for replying.
> encrypt the numbers and decrypt them before use, if they wont decrypt to a
nuber
> ditch the connection. If you need a class for that I can send it to you
Yes please, that should help, but am new to classes so one or two lines on
how to implement them would be price
"Ryan A" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> NO! Globals are on
> And asking the others they tell me that around 20% of the scripts (around
> 300 scripts) wont function with globals off :-(
>
> What to do?
Use an ini_set in your sessions script (I am assuming that yo
I am trying to parse out a file using an array. I load each line into a
separate key in the array and then do transforms on the individual
lines.
What I am looking to do is to test each for a keyword so that I can know
which entry contains the data that I need and can get the data from the
correct
Hi,
Monday, October 20, 2003, 10:09:42 AM, you wrote:
RA> Hi,
RA> We have a site that runs a kind of membership section.
RA> When a person logs in we have his username + 3 variables in session, the 3
RA> variables are used for background processing and are never disclosed to the
RA> client, all 3
--- Ryan A <[EMAIL PROTECTED]> wrote:
> Somehow 1 person has found out about them and is creating havoc with
> that damn account by changing those variables to differient numbers
> ...any idea how he is doing that?
I have many ideas.
First of all, I bet you are using PHP sessions, and you have do
NO! Globals are on
And asking the others they tell me that around 20% of the scripts (around
300 scripts) wont function with globals off :-(
What to do?
Please help.
-Ryan
P.S how can you do this even with globals on?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit
On Wednesday, October 15, 2003, at 01:12 AM,
[EMAIL PROTECTED] wrote:
I'm using $PHP_SELF, but need to automatically record what variables
are
in the URL at that time...
is that possible?
try to get in the habbit of using $_SERVER['PHP_SELF'] on PHP >= 4.1,
because $PHP_SELF is deprecated.
an
registered globals off ?
> Hi,
> We have a site that runs a kind of membership section.
> When a person logs in we have his username + 3 variables in session,
> the 3 variables are used for background processing and are never
> disclosed to the client, all 3 variables contain 1 or 2 digit numbers.
Hi,
We have a site that runs a kind of membership section.
When a person logs in we have his username + 3 variables in session, the 3
variables are used for background processing and are never disclosed to the
client, all 3 variables contain 1 or 2 digit numbers.
Somehow 1 person has found out abo
OK,
This is my latest idea to try and do this:
$xh = xslt_create();
parse_str($_SERVER['QUERY_STRING']);
$params = array("keywords" => $keywords);
$results = xslt_process($xh, 'library.xml', 'simple-search.xsl', NULL, NULL,
-->$params);
$f = fopen('results.xml','w');
fwrite($f, $results);
fcl
PHP has been both heralded and criticized on a number of topics. This is to be
expected, considering the rate of growth of PHP's popularity. It has given
people something to talk about.
One topic that seems to come up a lot is scalability. ONJava.com has an
interesting article entitled The PHP Sca
does a loadmodule not work in this case ??
> Do you mean you want to install a php module (TurckLoader.so) on your
> host company server? This won't work, you need to have root access to
> the server to install modules.
>
> [EMAIL PROTECTED] wrote:
>> Hello,
>>
>> Thank you for replying. Unfortuna
KB wrote:
The Main_User_Interface is the Frames definition and the Catagory_Choice is
a page I'm trying to load into the left page.
I mention the Dreamweaver piece as I'm a novice and can't pass comment on
the bits that dreamweaver automatically generates.
I'm also not sure that I know everything
--- KB <[EMAIL PROTECTED]> wrote:
> Does anyone know why my PHP pages won't work in Frames?
I do. Just kidding. :-)
> I have 5 frames, each of which are displaying PHP pages.and
> none of the PHP code works.
Please be more specific. I assume you mean that your code is being interpreted
but t
John,
Thanks for the response. Below is my response to Larry...if you can shed
any light on this then I would be gratefull.
Thanks for the swift response. I didn't post the code as I thought there
may be an obvious answer.sorry..
Attached are two pieces of simple code (produced originally
Do you mean you want to install a php module (TurckLoader.so) on your
host company server? This won't work, you need to have root access to
the server to install modules.
[EMAIL PROTECTED] wrote:
Hello,
Thank you for replying. Unfortunately I do not have access to the compiler on my linux box.
Does anyone know why my PHP pages won't work in Frames? I have 5
frames,
each of which are displaying PHP pages.and none of the PHP code
works.
PHP works just fine within frames because the two issues are completely
unrelated. That being said, I can't tell why you're having problems as
you
Hello,
On 10/19/2003 07:37 PM, [EMAIL PROTECTED] wrote:
Thank you for replying. Unfortunately I do not have access to the compiler on my linux box. All I have is
access to FTP. I don't want to install Linux just to compile 1 file (And I have never installed Linux before,
so you can imagine what
KB wrote:
Hi,
Does anyone know why my PHP pages won't work in Frames? I have 5 frames,
each of which are displaying PHP pages.and none of the PHP code works.
If I run the code outside of Frames it works fine!
I've can't find any decent references for PHP in Frames.
Your help would be apprec
Hi,
Does anyone know why my PHP pages won't work in Frames? I have 5 frames,
each of which are displaying PHP pages.and none of the PHP code works.
If I run the code outside of Frames it works fine!
I've can't find any decent references for PHP in Frames.
Your help would be appreciated.
T
Hello,
Thank you for replying. Unfortunately I do not have access to the compiler on my linux
box. All I have is
access to FTP. I don't want to install Linux just to compile 1 file (And I have never
installed Linux before,
so you can imagine what I have to go through)
Thank you,
- Sid
-
On Sun, Oct 19, 2003 at 02:51:33PM -0400, Adam Reiswig wrote:
:
: A couple of days ago I placed a post regarding using the $_POST[]
: variable in an insert sql query. Both
:
: $sql="insert into $table set Name = '".$_POST['elementName']."'";
: and
: $sql="insert into $table set Name = '{$_POS
> "Adam" == Adam Reiswig <[EMAIL PROTECTED]> writes:
Adam> A couple of days ago I placed a post regarding using the
Adam> $_POST[] variable in an insert sql query. Both
Adam> $sql="insert into $table set Name =
Adam> '".$_POST['elementName']."'"; and $sql="insert into $table
On Sun, Oct 19, 2003 at 11:58:56PM +1000, Wang Feng wrote:
:
: I don't understand why the decimal 18 is greater than a string like "large"
: in the ascii code? When I run the following code, the decimal 18 is stored
: in the $third, not the $first. I reckond decimal 18 should be stored into
: the
Chris Shiflett wrote:
A "parser" is called every time a page is accessed. If no page is
defined, the home page is loaded. Subsequent pages are linked with
http://dictionary.reference.com/search?q=parser
Very amusing.
Okay, "dispatcher" would probably be a better name. It preps the
environme
Hello,
On 10/19/2003 04:44 PM, [EMAIL PROTECTED] wrote:
Does anyone have the compiled version of the turck-mmcache loader file for Linux (TurckLoader.so). The
prob is that I encoded the files using my Win box and now its lime to load it onto my Linux machine (For
which I have only FTP rights). I
Adam Reiswig wrote:
My question now is
regarding the curly brackets in the 2nd example. Can anyone describe
why using the curly brackets works and/or how php processes them. I
have read quite a bit about php and never come accross thier use in this
way. Thanks again.
http://us2.php.net/manual/e
Radek Zajkowski wrote:
I notice sites using login detect expiry automatically and refrest the pages
+ session, I just don't quite know how to apprach it.
All you need to do is check that your session variables exist before you
use them, otherwise set the values to a default. The method you're
ta
On Sun, Oct 19, 2003 at 02:37:27PM -0400, zavaboy wrote:
: "Eugene Lee" <[EMAIL PROTECTED]> wrote:
: > On Sat, Oct 18, 2003 at 10:28:49PM -0400, zavaboy wrote:
: > :
: > : Ok, I have a installer that only works if the directory that's
: > : being installed to has public writing permissions. I tried
Leif K-Brooks wrote:
> Note to self: try before you ask.
I say that to myself about 100 times each day. ;)
Edward Dudlik
"Those who say it cannot be done
should not interrupt the person doing it."
wishy washy | www.amazon.com/o/registry/EGDXEBBWTYUU
- Original Message -
From: "Leif K
A couple of days ago I placed a post regarding using the $_POST[]
variable in an insert sql query. Both
$sql="insert into $table set Name = '".$_POST['elementName']."'";
and
$sql="insert into $table set Name = '{$_POST['elementName']}'";
worked perfectly. Thanks to everyone for your help. My q
A couple of days ago I placed a post regarding using the $_POST[]
variable in an insert sql query. Both
$sql="insert into $table set Name = '".$_POST['elementName']."'";
and
$sql="insert into $table set Name = '{$_POST['elementName']}'";
worked perfectly. Thanks to everyone for your help. My
Hello Everyone,
Does anyone have the compiled version of the turck-mmcache loader file for Linux
(TurckLoader.so). The
prob is that I encoded the files using my Win box and now its lime to load it onto my
Linux machine (For
which I have only FTP rights). I would really appreciate it if someone
How do I run my installer as root?
"Eugene Lee" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> On Sat, Oct 18, 2003 at 10:28:49PM -0400, zavaboy wrote:
> :
> : Ok, I have a installer that only works if the directory that's being
> : installed to has public writing permissions. I tri
Radek Zajkowski said:
> I use it with skins on a web page, users coming in can pick a theme and for
> the duration of their visit they have the theme(it's an illustrator website)
>
> the problem that I having is that session expiry will cause that site to
> fall apart after idle time.
>
> I notice
Check out this site for live demos of several
different cms projects
http://www.opensourcecms.com.
olinux
--- Joel Konkle-Parker <[EMAIL PROTECTED]> wrote:
> I'm looking for an open source PHP/MySQL CMS that I
> can use as the
> backend to my website.
>
> My site consists of multiple quasi-ind
I use it with skins on a web page, users coming in can pick a theme and for
the duration of their visit they have the theme(it's an illustrator website)
the problem that I having is that session expiry will cause that site to
fall apart after idle time.
I notice sites using login detect expiry au
sun zheng said:
>>tx for the reply.. ya, it is what i am looking for.. however, your solution
>>is not the right one.. please help me to adjust it a lot..
>>
>>let us come back to the initial string ..
>>"approved=yes&error=&authnumber=025968&transactionnumber=313869";
>
>>I definately want to get
tx for the reply.. ya, it is what i am looking for.. however, your solution
is not the right one.. please help me to adjust it a lot..
let us come back to the initial string ..
"approved=yes&error=&authnumber=025968&transactionnumber=313869";
I definately want to get something like
$value_array['a
sun zheng said:
> tx for the reply.. ya, it is what i am looking for.. however, your solution
> is not the right one.. please help me to adjust it a lot..
>
> let us come back to the initial string ..
> "approved=yes&error=&authnumber=025968&transactionnumber=313869";
> I definately want to get so
tx for the reply.. ya, it is what i am looking for.. however, your solution
is not the right one.. please help me to adjust it a lot..
let us come back to the initial string ..
"approved=yes&error=&authnumber=025968&transactionnumber=313869";
after the statement "for (@reset($value_array);
lis
php-general Digest 19 Oct 2003 13:51:20 - Issue 2364
Topics (messages 166631 through 11):
apache httpd + PHP authentication
166631 by: news.php.net
166632 by: Chris Shiflett
Changing permissions
166633 by: zavaboy
11 by: Eugene Lee
webppliance & incl
On Sat, Oct 18, 2003 at 10:28:49PM -0400, zavaboy wrote:
:
: Ok, I have a installer that only works if the directory that's being
: installed to has public writing permissions. I tried chmod() on the
: directory, but I get a error. How can I make it so my installer can
: write in a directory with
Zheng --
...and then sun zheng said...
%
% Hi, all,
Hi!
%
...
% I explode it first by "&".
% $execoutput =
% "approved=yes&error=&authnumber=025968&transactionnumber=313869";
% $execoutput_array = explode("&", $execoutput);
I don't see any problem with this.
%
% I secondly explode ever
Curt, et al --
...and then Curt Zirzow said...
%
% * Thus wrote David T-G ([EMAIL PROTECTED]):
% > Hi, all --
% >
% > It appears that the change from 4.2.3 to 4.3.4rc1 was not something that
% > got broken but instead something that got fixed. Oh, yay. But what do I
% > do now? Hmmm...
%
% I
Curt, et al --
...and then Curt Zirzow said...
%
% * Thus wrote David T-G ([EMAIL PROTECTED]):
% >
% > Should I use $_SESSION for everything or should I use session_start and
% > session_register and friends instead? Is there a clear win with either
% > one?
%
% $_SESSION is the proper way to
>> as far as i know there are no DEB packages for 4.3.1 for Woody.
>> I'm using the unstable (Debian SID) and i have PHP 4.3.3
>>
> Scuse the off topic, but is debian the way to go ? i have found great
> pain to work with redhat even with rpm's. I just seriouslly cannot
> believe all this dependanc
> as far as i know there are no DEB packages for 4.3.1 for Woody.
> I'm using the unstable (Debian SID) and i have PHP 4.3.3
>
Scuse the off topic, but is debian the way to go ? i have found great pain
to work with redhat even with rpm's. I just seriouslly cannot believe all
this dependancy bullshi
as far as i know there are no DEB packages for 4.3.1 for Woody.
I'm using the unstable (Debian SID) and i have PHP 4.3.3
Joel Konkle-Parker wrote:
Does anyone have, or know where to get, a Debian Woody package for PHP
4.3.1? I've checked apt-get.org, but nobody seems to have that version.
Thanks
"Joel Konkle-Parker" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
>
> I've looked at PHPNuke, just because that's the only thing that jumps to
> mind, but I want to make sure I'm not missing anything before I dive in
> with it.
Have a look at Xaraya -- http://www.xaraya.com
It may
Jason Godesky wrote:
I'm working on a collection of functions for handling text documents;
when a Document is added, its text is broken into paragraphs, and each
paragraph is saved to the database as a separate record. The problem is
editing the document, because I only want to update those pa
Lai, Kenny wrote:
hey, does anyone have any good links they use for their php references?
http://www.php.net/manual
http://www.zend.com/zend/tut/
i'd also like to know how most people approach coding php from an OOP
standpoint
http://pear.php.net
http://www.phpclasses.org
( wasn't there another th
Hi, all,
The question is concerning a feedback String from a web-service.
"approved=yes&error=&authnumber=025968&transactionnumber=313869"
As you c, the String contains four parameters..
I explode it first by "&".
$execoutput =
"approved=yes&error=&authnumber=025968&transactionnumber=313869"
with best wishes
Zheng Sun
_
Add photos to your messages with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net
On Sunday, October 19, 2003, at 02:16 PM, Joel Konkle-Parker wrote:
I'm looking for an open source PHP/MySQL CMS that I can use as the
backend to my website.
If you've got the time & skills, I'd actually recommend creating your
own -- building my own CMS rapidly enhanced the way I work, streaml
84 matches
Mail list logo
