Re: [PHP] hey

On Thu, 2011-05-19 at 15:48 -0500, bole.c...@gmail.com wrote: > Hey , i felt so overwhelmed before this > http://citizenstelecom.com/redirect.php?to=aHR0cDovL3d3dy5uYmMxMGZpbmFuY2UuY29tLz9waWQ9NjYwNTA0 > I guess it was just too close to Friday for him to wait? -- Thanks, Ash http://www.ashle

Re: [PHP] A Review Request

On Wed, May 18, 2011 at 03:22:35PM -0400, tedd wrote: > Hi gang: > > I am considering providing PHP code to the general public via my website > > This is my first attempt: > > http://sperling.com/php/authorization/ > > What do you people think? I've always been a fan of your site(s). It's bee

Re: [PHP] A Review Request

My general rule of thumb regarding variables from post and/or get, is such: if you use it once, dont throw it into a variable, if you use it more than once, then put it in a variable. If you name things consistently and well, regardless of how long from now you are reading the code, $_POST['passwor

Re: [PHP] A Review Request

On Thu, May 19, 2011 at 8:51 PM, Alex Nikitin wrote: > Hey Adam :) > > I devoted entire 3 minutes to glimpsing over the code and showing simple > ways to fix them, you make excellent points, i simply didnt even look into > them. You are absolutely correct in saying that sha1 a weak way to do this

Re: [PHP] A Review Request

At 8:51 PM -0400 5/19/11, Alex Nikitin wrote: Tedd, yes you do have to worry about xss, yes with unescaped PHP_SELF you can inject code into the form here Ahhh! Most excellent. I'll change that. Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/

Re: [PHP] A Review Request

At 2:29 PM -0400 5/19/11, Alex Nikitin wrote: Also don't declare a bunch of needless variables for their one-time use, don't compare unsanitized strings with a binary unsafe operator, server variables contain link to current script, here are examples of what i mean: I object. First of all 'nee

Re: [PHP] A Review Request

Hey Adam :) I devoted entire 3 minutes to glimpsing over the code and showing simple ways to fix them, you make excellent points, i simply didnt even look into them. You are absolutely correct in saying that sha1 a weak way to do this (though it is wy better then md5), ofcourse the propper way

Re: [PHP] A Review Request

At 2:29 PM -0400 5/19/11, Alex Nikitin wrote: I will try to respond to the original question. Note: this is constructive criticism, so i wont do much in terms of praising the good parts It works, its very primitive, in some ways its pretty insecure, for example it provides no session hijacking

Re: [PHP] A Review Request

Hi Alex, Some nice conversation points, indeed. I do have a few follow-ups below: On Thu, May 19, 2011 at 3:16 PM, Alex Nikitin wrote: > PHP_SELF requires no processing (i.e. there is no need to do basename()) > Actually, the way Tedd is using the info, PHP_SELF would potentially be unsafe (un

Re: [PHP] Warning: Cannot modify header information - headers already sent by - classic

On Thu, May 19, 2011 at 15:45, Marc Guay wrote: > Hi folks, > > I'm running some code locally which should produce this fun error we > all know and love:  Warning: Cannot modify header information - > headers already sent by... but does not.  Switching from 5.3 to 5.2 > reveals the error and runni

Re: [PHP] PHP intreprets trailing slashes incorrectly?

On Thu, May 19, 2011 at 15:04, Scott Baker wrote: > I have a script: > > http://www.perturb.org/index.php > > I accidentally put a trailing / on the url and it STILL loaded: > > http://www.perturb.org/index.php/ > > Is that a bug in URL interpretation? I've tried it on three servers and > all seem

Re: [PHP] Warning: Cannot modify header information - headers already sent by - classic

>    See if output_buffering and output_handler are set the same in > your php.ini and/or phpinfo() output between working and non-working > versions. Thanks Daniel. With output_buffering On the error was not displayed and the re-location fired, while Off caused it to display the error and continu

Re: [PHP] Sending messages from php to C++ application via UDP socket

On Thu, May 19, 2011 at 3:14 PM, Richard Quadling wrote: > On 18 May 2011 18:03, shiplu wrote: > > Try to think a string is an array of bytes. > > Parse that array of bytes at C++ end. > > There should host to network and network to host data conversion > function. > > Use them. > > > > -- > > Sh

Re: [PHP] Warning: Cannot modify header information - headers already sent by - classic

Sorry, I forgot the alternative.. You can use simply meta refresh which is working anyway. Usually I insert more than one redirector function to my script... Eg.: ... $back = $_SERVER['PHP_SELF'] . '?action=login'; //header('Location: '.$back.''); echo ''; ... Valentine 2011/5/19 Bálint Horváth

Re: [PHP] Warning: Cannot modify header information - headers already sent by - classic

Thank you Balint but if you read my message I have a good understanding of what causes this error. My confusion is why it is not being thrown in this partciular instance. Marc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Warning: Cannot modify header information - headers already sent by - classic

Hi Header just be modified if its at the start of your script... right code: and not.. Valentine On Thu, May 19, 2011 at 9:45 PM, Marc Guay wrote: > Hi folks, > > I'm running some code locally which should produce this fun error we > all know and love: Warning: Cannot modify header inform

[PHP] Warning: Cannot modify header information - headers already sent by - classic

Hi folks, I'm running some code locally which should produce this fun error we all know and love: Warning: Cannot modify header information - headers already sent by... but does not. Switching from 5.3 to 5.2 reveals the error and running it on another server with 5.2 also shows the error. I do

Re: [PHP] A Review Request

=== or preg_match for me, lol, unless its all just math :) -- The trouble with programmers is that you can never tell what a programmer is doing until it’s too late. ~Seymour Cray On Thu, May 19, 2011 at 3:26 PM, Joshua Kehn wrote: > On May 19, 2011, at 3:16 PM, Alex Nikitin wrote: > > > PHP_

Re: [PHP] A Review Request

On May 19, 2011, at 3:16 PM, Alex Nikitin wrote: > PHP_SELF requires no processing (i.e. there is no need to do basename()) > > strcmp is binary-safe, i prefer and recommend using string-safe comparison > functions for strings... here is an example of why: > > $value = 0; > if($value=="not zero

Re: [PHP] A Review Request

PHP_SELF requires no processing (i.e. there is no need to do basename()) strcmp is binary-safe, i prefer and recommend using string-safe comparison functions for strings... here is an example of why: $value = 0; if($value=="not zero") { echo "oopsie, how did this happen, lets see how this wo

Re: [PHP] PHP intreprets trailing slashes incorrectly?

2011/5/19 Scott Baker : > I have a script: > > http://www.perturb.org/index.php > > I accidentally put a trailing / on the url and it STILL loaded: > > http://www.perturb.org/index.php/ > > Is that a bug in URL interpretation? I've tried it on three servers and > all seem to have the same behavior.

[PHP] PHP intreprets trailing slashes incorrectly?

I have a script: http://www.perturb.org/index.php I accidentally put a trailing / on the url and it STILL loaded: http://www.perturb.org/index.php/ Is that a bug in URL interpretation? I've tried it on three servers and all seem to have the same behavior. All three were Apache on Linux, but dif

Re: [PHP] A Review Request

On May 19, 2011, at 2:44 PM, Andre Polykanine wrote: > Hello Alex, > > Two (stupid?) questions: > 1. Why PHP_SELF is better than SCRIPT_NAME? > 2. Why strcmp() is better than just comparing? > > -- > With best regards from Ukraine, > Andre > Skype: Francophile > My blog: http://oire.org/meneli

Re: [PHP] A Review Request

Hello Alex, Two (stupid?) questions: 1. Why PHP_SELF is better than SCRIPT_NAME? 2. Why strcmp() is better than just comparing? -- With best regards from Ukraine, Andre Skype: Francophile My blog: http://oire.org/menelion (mostly in Russian) Twitter: http://twitter.com/m_elensule Facebook: http:

Re: [PHP] Filtering data not with mysql...

For input sanitizing, and this will be helpful to anyone who writes code, listen to dan kaminsky's keynote at "The Next Hope". He did a very good job at explaining the landscape of web programming and the essence of SQL injection and XSS, as well as proposed pretty neat ways to fix these. If you a

Re: [PHP] A Review Request

I will try to respond to the original question. Note: this is constructive criticism, so i wont do much in terms of praising the good parts It works, its very primitive, in some ways its pretty insecure, for example it provides no session hijacking protection, it's not written with the better of

Re: [PHP] Filtering data not with mysql...

At 2:38 PM +0300 5/19/11, Andre Polykanine wrote: Oh my... I hate those pdf's :-(( Could someone tell me in some words what do I need to do beside mysql_real_escape_string() and Html input sanitizing? Thanks and sorry for the inconvenience) Hi: Here is part of what I wrote for my PHP cl

RE: [PHP] Filtering data not with mysql...

Andre, I remember this exact question and I thought jonathan gave the best answer. He suggested the addcslashes function in combination with the mysql_real_escape_string. http://php.net/manual/en/function.addcslashes.php This is a good read and the function was updated as recent as 5.2.

[PHP] Re: A Review Request

At 10:32 AM -0500 5/19/11, Shawn McKenzie wrote: On 05/18/2011 02:22 PM, tedd wrote: > http://sperling.com/php/authorization/ > What do you people think? I have to agree about the braces, but at our ages that's not going to change :-) My suggestion would be to use syntax highlighting.

[PHP] Re: A Review Request

On 05/18/2011 02:22 PM, tedd wrote: > Hi gang: > > I am considering providing PHP code to the general public via my website > > This is my first attempt: > > http://sperling.com/php/authorization/ > > What do you people think? > > Cheers, > > tedd > I have to agree about the braces, but at

Re: [PHP] Warning: session_start()

On 19 May 2011 16:05, Nazish wrote: > Thanks for all your suggestions such as removing whitespace before the tag and commenting issues. I made those changes. > > I didn't realize that connecting to the MySQL database involved sending a > header: eg. mysql_connect($host, $user, $mysql_pass); > > D

Re: [PHP] Warning: session_start()

On 19 May 2011 16:05, Nazish wrote: > I didn't realize that connecting to the MySQL database involved sending a > header: eg. mysql_connect($host, $user, $mysql_pass); > It doesn't. -- Richard Quadling Twitter : EE : Zend : PHPDoc @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/i

RE: [PHP] Warning: session_start()

> -Original Message- > From: Pete Ford [mailto:p...@justcroft.com] > Sent: 19 May 2011 11:36 > To: php-general@lists.php.net > Subject: Re: [PHP] Warning: session_start() > > >> On 18 May 2011 19:15, Nazish wrote: > > > >>> Hi everyone, > > > >>> - > >>> WHEN USER CLI

Re: [PHP] Filtering data not with mysql...

Hi Richard, Oh my... I hate those pdf's :-(( Could someone tell me in some words what do I need to do beside mysql_real_escape_string() and Html input sanitizing? Thanks and sorry for the inconvenience) -- With best regards from Ukraine, Andre Skype: Francophile My blog: http://oire.org/m

Re: [PHP] Warning: session_start()

On 19/05/11 10:37, Tim Streater wrote: On 19 May 2011 at 10:20, Richard Quadling wrote: On 18 May 2011 19:15, Nazish wrote: Hi everyone, code, code, code. ?> The session cookie must be sent prior to any output. Including, but not limited to, comments, whitespace, HTML code, etc.

Re: Re: [PHP] Warning: session_start()

On 19 May 2011 at 10:20, Richard Quadling wrote: > On 18 May 2011 19:15, Nazish wrote: >> Hi everyone, >> >            WHEN USER CLICKS 'ENTER' TO LOGIN >> >> > ?> > > The session cookie must be sent prior to any output. Including, but > not limited to, comments, whitespace, HTML code, etc.

Re: [PHP] Warning: session_start()

On 18 May 2011 19:15, Nazish wrote: > Hi everyone, > > I recently uploaded my website files to a server. When I tried to log into > my website, I received these error messages: > > *Warning*: session_start() > [function.session-start]: > Cannot se

Re: [PHP] Sending messages from php to C++ application via UDP socket

On 18 May 2011 18:03, shiplu wrote: > Try to think a string is an array of bytes. > Parse that array of bytes at C++ end. > There should host to network and network to host data conversion function. > Use them. > > -- > Shiplu Mokadd.im > Just to confirm Sniplu's comment really. For example (see