BBC wrote:
Hi all.
I'm having a problem regarding image handling. Sometimes an image can be
showed in browser normally (in my computer) but when I
upload it into my site that image is not valid, so there is an issue in my
getimagesizes() function.
Is there any function to recover
At 12:49 AM -0700 9/10/06, BBC wrote:
Hi all.
I'm having a problem regarding image handling. Sometimes an image
can be showed in browser normally (in my computer) but when I
upload it into my site that image is not valid, so there is an issue
in my getimagesizes() function.
Is there any
After some comments on my code I went on a 'fieldtrip' to learn about sql
injection...
Now after testing some examples with single and double quotes and mysql
comment (--) I haven't find any way to insert edit or delete any data in the
database.
The loginscript is rather simple:
$query=SELECT
I don't think so. What if magic_quotes_gpc gets turned off or you move to
another environment. Best practice is to turn if off (if you can) and so
gain fine control over your data. You can either compromise and use a
function that checks whether the setting is enabled and either add your own
So, if I understand correct mysql_real_escape_string is the way to prevent
sql injection.
Is there still need (as in both good coding and security) for variable
validation at that point? Like a hidden field id that must only be an int?
Van: Dave Goodchild
Yes. Always treat incoming data as if it were tainted. How rigorous you are
is up to you, but check for required fields, then validate them (type, size
etc) and finally escape before database entry.
http://www.projectkarma.co.uk
--
http://www.web-buddha.co.uk
http://www.projectkarma.co.uk
Thx a lot
-Oorspronkelijk bericht-
Van: Dave Goodchild [mailto:[EMAIL PROTECTED]
Verzonden: maandag 11 september 2006 14:10
Aan: Reinhart Viane
CC: php-general@lists.php.net
Onderwerp: Re: [PHP] does magic_quotes_gpc prevents sql injection through
forms?
Yes. Always treat incoming data
With magic_quotes_gpc or addslashes it's harder to do injection attacks
but it's still possible. http://shiflett.org/archive/184 demonstrates
an attack using php and mysql with multi-byte characters.
I think the more likely attack is actually due to how annoying
magic_quotes is. You have to
Micky Hulse wrote:
?=$_SERVER['PHP_SELF']?
Can I replace the above with some sort of XMLHTTP request?
Googling now... thought I would ask here first.
Any good links to tuts that might cover that sort of thing?
Kinda thinking about plugging some Ajax into a random image php script.
TIA. :)
CAN ANYONE TELL ME WHAT TOPICS ARE REQUIRED TO MASTER
IN ORDER TO BECOME A GENIOUS WEB PROGRAMMER ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Learning strtolower() for a start.
On 11/09/06, Faisal Sahar [EMAIL PROTECTED] wrote:
CAN ANYONE TELL ME WHAT TOPICS ARE REQUIRED TO MASTER
IN ORDER TO BECOME A GENIOUS WEB PROGRAMMER ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Micky Hulse wrote:
?=$_SERVER['PHP_SELF']?
Can I replace the above with some sort of XMLHTTP request?
As noted, that's a javascript question. However your PHP code is
vulnerable to XSS attacks; you should at least encode the output with
htmlspecialchars() so that URLs like
Hi there,
I am trying to strip URL's out of a text. There is a function for this
in php, but I can't find it anywhere. Can sombody help?
Regards,
Merlin
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
I think the more likely attack is actually due to how annoying
magic_quotes is. You have to remove it to do any work, then you have to
remember to put it back on because you aren't escaping your sql.
David
What exactly do you mean by ' You have to remove it to do any work '?
Seems that the
What do you exactly want to do?
-Original Message-
From: Micky Hulse [mailto:[EMAIL PROTECTED]
Sent: Domingo, 10 de Septiembre de 2006 10:46 p.m.
To: php php
Subject: Ajax and PHP: XMLHTTP
?=$_SERVER['PHP_SELF']?
Can I replace the above with some sort of XMLHTTP request?
Googling
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Reinhart Viane wrote:
Seems that the only and best way to prevent mysql injection is the
combination of mysql_real_escape_string combined with value validation.
Yes, this should be what you use. When you think about application
design, not only
You may try using regular expressions for that. Something like
preg_replace(http:\/\/.*\s,,$your_var). That's a simple example, but
you can change to suit your needs, check the online help for more info
about.
HTH,
Mariano.
Merlin wrote:
Hi there,
I am trying to strip URL's out of a text.
Hi All,
Is anyway to change starting week number of year on Sunday, instead
Monday as default?
Thanks in advance,
bn
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Satyam wrote:
for ($x=0;$x1000;$x++) {
echo ' trtdX is ' , $x , '/td/tr';
}
This seems to be a hair faster. I extended the test to 1 requests
(still concurrency 10) to make the test a little more reproducible:
echo str,var,str did 604.65 requests a second where trtd?= $x
?/td/tr did
At 11:40 PM -0700 9/10/06, BBC wrote:
At 12:49 AM -0700 9/10/06, BBC wrote:
Hi all.
I'm having a problem regarding image handling. Sometimes an image
can be showed in browser normally (in my computer) but when I
upload it into my site that image is not valid, so there is an issue
in my
That 100% depends on how the cash register works. Is it an NT cash
register, or an propitiatory one? Is it rs232 or on a network?
Basically, find out how the cash register can be controlled, then make a
php script that can fire that control.
Thanks.
It's a RS232 serial register. PHP,
At 9:19 PM +0100 9/10/06, Dave Goodchild wrote:
Has anyone out there had to deal with a similar problem, and if so do you
have any advice. This is going to take time so I will be patient and
continue, and welcome any suggestions. Many thanks and I can post code to
specific requests.
Dave:
You
It's been a little while, but a new beta version of Sparse is out. This
adds a warning log, a button to save either the current page or the
whole dataset as a CSV file, a tag that turns into a form that allows
the user to view specific rows, and a bunch of bugfixes. Take a look!
--Daniel
--
[snip]
It's a RS232 serial register. PHP, running at the server side, could
talk to the hardware at the client side? Or is it ActiveX?
[/snip]
You're correct, server-side cannot perform a client-side task.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
How bored am I?
This bored: http://dev.stut.net/phpspeed/
Server is running PHP 5.1.2 (really should upgrade that) with no caches
of any sort.
-Stut
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Just realized I forgot to CC: the original list on my reply below.
I also have since realized that using the solution in my reply below,
the SERVER *COULD* cause the register to open. On the server side, a
script that connects to HTTP://ip-of-register-to-open:secret-portnum
would cause the
I'm trying to read a MySpace FriendID out of a web page. If you view
the source, you see this is multiple places:
.friendID=12345
What's the simplest way to extract the FriendID and stick it in a
variable? Is there a regex that would do this?
--
PHP General Mailing List
I am embarrassed to ask this. If I set a cookie for 30 days, and the
visitor comes back 25 days later but I do nothing to re-set the
cookie, will his cookie expire in 5 days, or does his browser
automatically reset it to another 30 days?
--
PHP General Mailing List (http://www.php.net/)
To
Hi to all,
i am having one doubt regarding php mail function.i am using php
mail() function to send mail to the users.but when i send mail throught php its
going to the users bulk folder but not to the user inbox.i dont know the
reason.
Is there any setting that is
At 4:56 PM +0100 9/11/06, Stut wrote:
How bored am I?
This bored: http://dev.stut.net/phpspeed/
Server is running PHP 5.1.2 (really should upgrade that) with no
caches of any sort.
-Stut
Which begs the question, does it make much of a difference? (not you
being bored, but the rather
Am Montag 11 September 2006 15:36 schrieb Merlin:
I am trying to strip URL's out of a text. There is a function for
this in php, but I can't find it anywhere. Can sombody help?
hi, it's strip_tags and only removes the tags (a href ...) but keeps
the plain text that would be displayed in a text
I admit I'm totally surprised about the buffered results. Nevertheless, may
I sugest you add the following to the series of tests?:
h3Using line-by-line single-quoted echobr/with comma separated
arguments/h3
?php
$start = mt();
print 'table style=display:none; id=table2a';
Satyam wrote:
I admit I'm totally surprised about the buffered results.
Nevertheless, may I sugest you add the following to the series of tests?:
h3Using line-by-line single-quoted echobr/with comma
separated arguments/h3
snip
There seems to be one thing rarely anybody remembers,
tedd wrote:
At 4:56 PM +0100 9/11/06, Stut wrote:
How bored am I?
This bored: http://dev.stut.net/phpspeed/
Server is running PHP 5.1.2 (really should upgrade that) with no
caches of any sort.
-Stut
Which begs the question, does it make much of a difference? (not you
being bored, but
Jon Anderson wrote:
Stut wrote:
How bored am I?
This bored: http://dev.stut.net/phpspeed/
Server is running PHP 5.1.2 (really should upgrade that) with no
caches of any sort.
Just looking through the source, could you try changing the first
example to put the output all on one line? It's
RalfGesellensetter schrieb:
Am Montag 11 September 2006 15:36 schrieb Merlin:
I am trying to strip URL's out of a text. There is a function for
this in php, but I can't find it anywhere. Can sombody help?
hi, it's strip_tags and only removes the tags (a href ...) but keeps
the plain text
Brian Dunning wrote:
I'm trying to read a MySpace FriendID out of a web page. If you view the
source, you see this is multiple places:
.friendID=12345
What's the simplest way to extract the FriendID and stick it in a
variable? Is there a regex that would do this?
Is it always in
That did it, thanks! :)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Brian Dunning wrote:
That did it, thanks! :)
Keep in mind that if the ID is less than 5 digits, it won't match (I
don't know where MySpace ID's start). You can change it to something
like \d{1,} if you want it to match 1 or more digits.
--
John C. Nichel IV
Programmer/System Admin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Merlin wrote:
RalfGesellensetter schrieb:
Am Montag 11 September 2006 15:36 schrieb Merlin:
I am trying to strip URL's out of a text. There is a function for
this in php, but I can't find it anywhere. Can sombody help?
hi, it's strip_tags and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
suresh kumar wrote:
Hi to all,
i am having one doubt regarding php mail function.i am using
php mail() function to send mail to the users.but when i send mail throught
php its going to the users bulk folder but not to the user
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Brian Dunning wrote:
I am embarrassed to ask this. If I set a cookie for 30 days, and the
visitor comes back 25 days later but I do nothing to re-set the cookie,
will his cookie expire in 5 days, or does his browser automatically
reset it to
I guess that embedding an ActiveX object to open the drawer into the web
page would be the easiest option for the application programmers to handle.
It would give the added flexibility to use JavaScript on the client side to
call the object method to open the drawer, besides sending the page
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
BBC wrote:
BBC wrote:
Hi all.
I'm having a problem regarding image handling. Sometimes an image can be
showed in browser normally (in my computer) but when I
upload it into my site that image is not valid, so there is an issue in my
Thank you! That workes excellent!
Merlin
Christopher Weldon schrieb:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Merlin wrote:
RalfGesellensetter schrieb:
Am Montag 11 September 2006 15:36 schrieb Merlin:
I am trying to strip URL's out of a text. There is a function for
this in php, but
Brian Dunning wrote:
I am embarrassed to ask this. If I set a cookie for 30 days, and the
visitor comes back 25 days later but I do nothing to re-set the
cookie, will his cookie expire in 5 days, or does his browser
automatically reset it to another 30 days?
That depends on if you reset the
What types of images are these? JPG, PNG, GIF?
Its jpg. Look... I don't know exactly what your point, I'm just asking you
about the function to resolve the size of image like the
codes below:
if (file_exists($img_path)){
list($width,$height) = getimagesizes($img_path);
}else{
$width = $ height =
- Original Message -
From: Stut [EMAIL PROTECTED]
To: Satyam [EMAIL PROTECTED]
Cc: php-general@lists.php.net
Sent: Monday, September 11, 2006 6:32 PM
Subject: Re: [PHP] Re: Newbie question about ?= ?
Satyam wrote:
I admit I'm totally surprised about the buffered results.
Hi all, thanks for responses, I appreciate it. :)
Miguel Guirao wrote:
What do you exactly want to do?
Oh, I wanted to call a php function on my page that changes some CSS. I
was hoping I could change my CSS on the fly without having to reload
page... but after doing more research, I think
At 5:36 PM +0100 9/11/06, Stut wrote:
tedd wrote:
Opinions?
I would have to agree. Having watched the server CPU load while
playing with this test script it would appear that the performance
can be skewed a lot more by that than by the method you use for
squidging out the output.
As a
On 9/10/06, Micky Hulse [EMAIL PROTECTED] wrote:
Christopher Weldon wrote:
What's the error, and how do you have the class and functions defined?
Hi Christopher, thanks for asking. :)
Actually, it was one of those silly, right in front of my face, logic
errors...
class RandomSplash {
var
Hello,
I would appreciate your help. I am trying to get php and apache work
together and have a strange error while starting apache:
Can't locate API module structure `php4_module' in file
/usr/local/libexec/apache2/libphp5.so: Undefined symbol php4_module
I am using PHP 5.1.6 (cli) and
On 9/11/06, Zbigniew Szalbot [EMAIL PROTECTED] wrote:
Hello,
I would appreciate your help. I am trying to get php and apache work
together and have a strange error while starting apache:
Can't locate API module structure `php4_module' in file
/usr/local/libexec/apache2/libphp5.so: Undefined
On 9/8/06, Robert Cummings [EMAIL PROTECTED] wrote:
On Fri, 2006-09-08 at 15:30 -0600, Jeremy Privett wrote:
Well, it could be this, too:
switch( $_REQUEST['id'] ) {
case white:
echo Right color.;
break;
case black:
echo Right color.;
On Mon, 11 Sep 2006, Curt Zirzow wrote:
Hello,
I would appreciate your help. I am trying to get php and apache work
together and have a strange error while starting apache:
Can't locate API module structure `php4_module' in file
/usr/local/libexec/apache2/libphp5.so: Undefined symbol
Hello all,
I don't really get it to work with that functions from
http://www.php.net/manual/en/ref.dom.php
I try to get the content of td fields on an external html page, where I just
know some ids of the rows.
Example:
...
tr id = 'tr01'
td1/tdtd2/tdtd3/tdtd4/td
/tr
tr id = 'tr02'
Hi Curt, thanks for the feedback/input and your time. :)
Curt Zirzow wrote:
It would have been more relevant to supply the problem along with the
solution.
Definitely. Sorry about that. Sometimes I post questions to forums/lists
without thinking things through more thoroughly... Hehe, I half
To start with, an ID should never be repeated. A name can be repeated, an
ID shouldn't. That is why there is a function to get an array of elements
with a certain name but there is none to get a list of elements with the
same ID simply because there shouldn't be any. Something helpful in
On 9/11/06, Zbigniew Szalbot [EMAIL PROTECTED] wrote:
On Mon, 11 Sep 2006, Curt Zirzow wrote:
Hello,
I would appreciate your help. I am trying to get php and apache work
together and have a strange error while starting apache:
Can't locate API module structure `php4_module' in file
On Mon, 11 Sep 2006, Curt Zirzow wrote:
Hi there again,
Thanks for such a fast response. I used portinstall. I did have apache
1.3.37 at the beginning but it later turned out that for some reason I
will have to upgrade for apache 2.x so I ran pkg_delete and the went for
apache2.
This
On 9/11/06, Micky Hulse [EMAIL PROTECTED] wrote:
Hi Curt, thanks for the feedback/input and your time. :)
Curt Zirzow wrote:
It would have been more relevant to supply the problem along with the
solution.
Definitely. Sorry about that. Sometimes I post questions to forums/lists
without
Hello Satyam,
Thanks for your answering...
I don't really get it to work with that functions from
http://www.php.net/manual/en/ref.dom.php
I try to get the content of td fields on an external html page, where
I just know some ids of the rows.
Example:
...
tr id = 'tr01'
Hi,
Please, please forgive! How dumb a person (me!) can sometimes be!
I looked at httpd.conf again and saw that instead of replacing php4.so
library object I added a new line with php5 entry...
Sorry to have bothered!
Thanks!
Zbyszek
On Mon, 11 Sep 2006, Zbigniew Szalbot wrote:
On Mon,
The techs at Rackspace just enabled SOAP for me. I have a command:
$soap = new SoapClient('http://geocoder.us/dist/eg/clients/
GeoCoderPHP.wsdl');
which works fine on my PHP 5.1.6 development server, but it won't run
on my 4.3.9 server at Rackspace. The only place 'soap' appears in
Brian Dunning wrote:
The techs at Rackspace just enabled SOAP for me. I have a command:
$soap = new
SoapClient('http://geocoder.us/dist/eg/clients/GeoCoderPHP.wsdl');
which works fine on my PHP 5.1.6 development server, but it won't run
on my 4.3.9 server at Rackspace. The only place
Hi guys,
I am trying to use Apache, PHP 4.3, and PHP's Openssl functions to encrypt a
variable.
Currently, I can successfully use the following command to encrypt an
existing file and create a new one:
openssl aes-256-cbc -e -in plain_file.xml -out encrypt_file.xml -k
1234123412341234
Is it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
BBC wrote:
What types of images are these? JPG, PNG, GIF?
Its jpg. Look... I don't know exactly what your point, I'm just asking you
about the function to resolve the size of image like the
codes below:
if (file_exists($img_path)){
Sorry to say, but there is no native soap extension in php4, it was
introduced with php5.
Yeah, in PHP4 you may want to go with one of two routes:
1. NuSOAP
2. PEAR::SOAP
AFAIK Pear Soap was used as a basis for the native C extension, so would
probably provide the easiest space for you
68 matches
Mail list logo