of the markup, which is what your original problem
was.
Of course, if you want to display this data again, you will have to use
htmlentities() again on the data in $_GET, $_POST, or whatever.
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming
the expression. Is 4.5 an
integer? Nope, but it's numeric. His regular expression probably makes
this distinction.
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP
or something because the
quot would show up in the database... Any suggestion or advice?
As they say, timing is everything.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community
argue that something like mysql_escape_string() is better than
addslashes(), so I agree with you for the most part anyway. :-) It all
depends on what database is being used and how.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's
and specifically explains OOP in terms of
what's different:
http://www.amazon.com/exec/obidos/ASIN/0596006365/ref%3Dnosim/chrisshiflett-20
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http
--- Anguz [EMAIL PROTECTED] wrote:
Wouldn't this work?
if(isset($_GET['var']) !empty($_GET['var'])){
// do something...
}
No, he mentioned that he considers 0 to be acceptable, and this will fail
the empty() test.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP
.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http
--- Amit Arora [EMAIL PROTECTED] wrote:
I did hear about a PHP compiler a while back But I am not sure
whether that project is still around ?
This may be what you're thinking of:
http://pecl.php.net/package/bcompiler
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security
--- Amanda Hemmerich [EMAIL PROTECTED] wrote:
what do you guys think are some limitations of PHP?
It's not persistent like ColdFusion.
It doesn't have namespaces.
The object model in PHP 4 is poor.
I'm sure others can pitch in here. :-)
Chris
=
Chris Shiflett - http://shiflett.org/
PHP
that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- Mike Mapsnac [EMAIL PROTECTED] wrote:
I want to refresh page every 10 seconds, without clicking on
Refresh button.
Use the Refresh header:
header('Refresh: 10; url=http://example.org/foo.php');
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
and saw that register_globals was
on? I seriously doubt your findings (unless I overlooked a typo regarding
a variable name or something), but please add this code to be sure:
echo 'register_globals [' . ini_get('register_globals') . ']';
Hope that helps.
Chris
=
Chris Shiflett - http
--- Gerben [EMAIL PROTECTED] wrote:
does anyone know how to create a true nl2br function in stead of a
nl2br-and-nl function.
$foo = str_replace('\n', 'br /', $foo);
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook
--- Gerben [EMAIL PROTECTED] wrote:
does anyone know how to create a true nl2br function in stead of a
nl2br-and-nl function.
$foo = str_replace('\n', 'br /', $foo);
Make that \n to interpret the newline correctly. Sorry about that.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP
there, and so does Andrei.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit
--- Dragon [EMAIL PROTECTED] wrote:
If I/You try to open the Admin-Sektion ?open=admin
Nothing happens, you will only reload the main view.
Use $_GET['open']. It will work.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's
to a standstill
till, then when swap space runs out.. watch out! :)
Yeah, this is what my migs and megs of memories comment was meant to
convey, although Curt's description is more detailed and eloquent. :-)
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall
: example.org
Content-Type: shiflett
Content-Length: 384975438975438753495734957
dshgjkdfhgkldfjhgklsfjdhgkdfjhgksjdfhgjdfkghsdfjkg...
:-)
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org
the result of this:
base64_encode('myname:mypass')
Substitute with the correct username and password.
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
attack easy. I'd just
send lots of huge POST requests to any PHP script on your server. Hope you
have migs and megs of memories, as Strong Bad would say. :-)
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http
it was
also misleading (always should mean always).
I assume the original poster is using neither of the content types you
mention, since this was already working for him in one environment.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP
--- Curt Zirzow [EMAIL PROTECTED] wrote:
Check the value of always_populate_raw_post_data in php.ini on
both servers.
Thats such a funny name.
Not to mention misleading, since it doesn't always populate
$HTTP_RAW_POST_DATA when enabled. Always should mean always.
Chris
=
Chris
--- John Nichel [EMAIL PROTECTED] wrote:
Who's going (thinking about) to this?
http://www.phparch.com/phpworks/
I'm strongly considering it. Proposal deadline is May 21, which is my
birthday, so that's easy to remember. :-)
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security
--- Todd Cary [EMAIL PROTECTED] wrote:
I need to go to another page and I use the
header(location: . $the_url_to_the_page);
Is it possible to use this method with POST so that the info does
not show in the URL?
No, which is a very Good Thing.
Chris
=
Chris Shiflett - http
occasionally perform security audits for good causes or good money. :-)
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General
as easy to spoof as the form data you're expecting.
What you're wanting to do is prevent spoofed form submissions, and New
York PHP has a nice resource that I encourage you to read:
http://phundamentals.nyphp.org/PH_spoofed_submission.php
Hope that helps.
Chris
=
Chris Shiflett - http
?
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http
--- Richard Davey [EMAIL PROTECTED] wrote:
BTW - Nice piece in Int PHP Mag this month :)
Thanks. :-) I haven't seen it yet. Is this in the print or PDF edition?
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
to the second. Are you
assuming the time is not stored, because you do a select at the MySQL
prompt and don't see it? If so, that's the misunderstanding.
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook
), echo mysql_error() to see why your query failed.
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General
to:
if (true)
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General Mailing List (http://www.php.net
intervention.
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General Mailing List (http://www.php.net
tag to emulate an HTTP header. PHP has the header() function,
and it can set real headers.
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http
protect your environment; it only takes PHP out of the picture.
Security Corner is the latest issue of php|architect
(http://www.phparch.com/issue.php?mid=26) discusses the issue of shared
hosting in more detail.
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security
--- William Lovaton [EMAIL PROTECTED] wrote:
Yeah, sometimes this is an annoying problem with PHP. Somehow, ,
null, 0 and 0 is the same thing.
You can always use === if you don't want it to cast.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
']);
$color = ($_REQUEST['c']);
}
You answer your own question immediately after you ask it.
Wrong: $_REQUEST['fd','c']
Right: $_REQUEST['fd']
$_REQUEST['c']
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's
all POST data, regardless of type. The reason is the
same as why you cannot distinguish them - only name/value pairs are
returned. Don't assume your HTML can restrict the type of data that a user
can send.
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
, please
test your code. It really only takes a moment of your time.
Thanks. :-)
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP
the
pollfunctions.php file resides.
$url = '/poll/pollfunctions.php';
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP
--- Frano ILICIC [EMAIL PROTECTED] wrote:
I just wonder what is the best apache version to run PHP 4.35?
Just wondering if there is an obvious choice?
Maybe not obvious, but I think the best choice is the latest Apache 1.3.x.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security
--- Chris Thomas [EMAIL PROTECTED] wrote:
Is there anyway that i can get a url relative to my server for a
script that is being run??
$relative_url = '/';
That's a relative URL to your document root. What are you wanting,
exactly?
Chris
=
Chris Shiflett - http://shiflett.org/
PHP
= $value)
{
$pairs[] = $key = '$value';
}
$sql .= implode(',' $pairs);
--- Matt Matijevich [EMAIL PROTECTED] wrote:
http://www.php.net/rtrim
rtrim() trims whitespace, not commas.
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall
in the
trimming (so, whitespace + whatever characters you specify will be
trimmed).
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP
--- Adrian Madrid [EMAIL PROTECTED] wrote:
Has anybody had the PHP logo in phpinfo() appear with a picture of a
dog?
Happy April Fools Day.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http
--- Jason S Motes [EMAIL PROTECTED] wrote:
The picture that comes up on my machine is a guy's head with two
pencils stuck in his nose
That's Thies. You need to upgrade. :-)
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's
.
This is because you probably have register_globals enabled, so the value
of test in the user POST request is available to you as both:
$_POST['test']
and
$test
It has nothing to do with you also setting $_SESSION['test'].
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP
(encapsulation, namespacing, etc.) and
find a really good explanation of the term.
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http
guess that this is one of the reasons that PEAR
classes are classes.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General
.
Does not make sense this is not a namespace ideology at all it is
called encapsulation.
It makes perfect sense to me. Robert knows that this is called
encapsulation. Don't let fancy terms make you lose sight of what's being
discussed.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP
easier on myself.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit
something like APC.
Moral of the story: that argument is irrelevant. :-)
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General
is
wrong. I can tell you that $_SERVER['REMOTE_ADDR'] always has the
correct IP of where the HTTP request originated.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
be wasted with petty
arguments, so that he continues. :-)
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General Mailing List (http
that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit
responses, but I think this is
unnecessary.
You can open a remote URL just as if it were a local file if
allow_url_fopen is enabled:
$handle = fopen('http://example.org/', 'r');
...
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
in other.php.
I think you made a typo or you're misinterpreting something. The URL
referenced in a Location header will be requested with a GET request, so
it is impossible that any POST data exists.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP
);
echo $new;
?
// this is what is output:a href='test'Test/a
// instead of this...
// lt;a href='test'gt;Testlt;/agt;
View source.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP
. It tells you exactly what is wrong and where.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General Mailing List (http://www.php.net
is
within that threshhold.
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General Mailing List (http
manipulate it.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http
is a must.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http
you can probably save yourself some trouble by forgetting this whole
approach. You need to focus on why header() is not working for you,
because this is the way to send HTTP headers to the client.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP
is headers have already been sent. Headers
are sent as soon as output begins, so you can either set all of your
headers prior to any output or use output buffering with ob_start().
So, use header().
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
rather irrelevant to the topic at hand (which might explain the
confusion).
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General
sent until the script terminates. Whatever works best for you.
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP
--- Chris W. Parker [EMAIL PROTECTED] wrote:
ROFL! Sorry Chris...had to laugh. :)
hey i like a good laugh just like anyone else... but i don't have
any idea what you're talking about!! :(
That makes two of us. :-)
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
://www.php.net/session_regenerate_id
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General Mailing List (http://www.php.net
this is because he doesn't know that people can bounce
messages (this assumption makes no sense, otherwise he wouldn't know to
ask about it).
3. This is funny.
My sense of humor must be turned off today. :-)
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
that if you
can explain these statements, the rest might make more sense.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General
free. This
is what MySQL AB uses for their Web sites and what many other open source
sites use.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http
have a site that will have different pricing by world region /
country and also offer different currencies.
He needs the country, not the language.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook - Sams
http
determine a country from a language isn't the fault
of HTTP. I'm sure this is what you were implying, but I wanted to make
sure HTTP wasn't being blamed.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook - Sams
http
://phundamentals.nyphp.org/PH_storingretrieving.php
This is good for describing magic_quotes and mysql_escape_string().
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP
, and this is the database that produces the fewest dead
spots for us. Plus, the PHP API was written by a guy from the PHP Group,
so that made me feel even more confident. :-)
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook
design helps you to
make sure that this step can't be bypassed by the user, you're
protected against SQL injection.
Or even better: Use only prepared statements.
Can you explain that (and defend it)?
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
to articles which
discuss this would be welcome).
The point of escaping or encoding would be lost if it didn't work for all
possible data. I know of no articles for this, nor can I think of anyone
who would bother writing one. :-)
Anyway, I hope that helps.
Chris
=
Chris Shiflett - http
, a talk given by Mark Jason Dominus:
http://perl.plover.com/yak/presentation/samples/slide001.html
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http
with the pointless part.
Although I would like to hear from other presenters and attendees on
what they think with specific regards to PHP/programming
presentations.
Me, too. I'd be more interested in hearing from attendees than speakers,
in fact.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP
an erroneous
assumption. Consider this SQL statement:
select * from foo where bar = 'Don't apostrophes screw things up?'
What does bar need to be in order for the where clause to match? Where
does the SQL statement end?
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP
.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net
button on his page that gives him even more
money:
http://www.schlossnagle.org/~george/blog/archives/228_Advanced_PHP_Programming_Finally.html
Click the button right under the image of the book.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP
are good for HTML.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit
--- Mike Mapsnac [EMAIL PROTECTED] wrote:
I need to refresh page every 2 minutes. How that's can be done in PHP?
You can do this with a Refresh header:
header('Refresh: 120; url=http://www.example.org/');
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security
code be written.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net
--- Vimala S.P. [EMAIL PROTECTED] wrote:
Is there any way of passing unicode strings properly with href and get?
You can pass anything as a URL variable if you URL encode it. That's what
URL encoding is for:
http://www.php.net/url_encode
Hope that helps.
Chris
=
Chris Shiflett - http
.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net
for the discussion chris.
No problem. I hope this was more helpful.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General Mailing List
that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http
up one on shared hosting right now. It should be in this
month's issue of php|architect, although I am currently past my deadline.
:-(
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook - Sams
http
session, you can include a
different session identifier on the URL. As long as both instances of the
browser maintain their own unique session identifier through URL
proagation, you can make this happen. But, this approach seems very, very
ugly.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP
of
that possibility
Yes, you can use $_POST['step']. However, this is just as easy to spoof,
so you're not really eliminating the problem, just a symptom. Having the
client identify what step it is on seems fundamentally flawed to me.
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org
.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http
you happy and works. :-)
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe
that you can
read for free:
http://shiflett.org/articles/the-truth-about-sessions
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http
probably isn't too hard),
I think it can quickly become the dominant job board for PHP, which can
only help everyone.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
it can give you an idea about what
the raw HTTP looks like:
http://shiflett.org/hacks/php/http_post
There are also some examples in this article:
http://shiflett.org/articles/the-truth-about-sessions
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
sort of things you can do to
improve your implementation:
http://shiflett.org/articles/the-truth-about-sessions
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP
(1000% or more faster):
http://www.blueshoes.org/en/developer/php_bench/
You could simply:
foreach ($_POST as $name = $value)
{
...
}
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook - Sams
http
401 - 500 of 1537 matches
Mail list logo
