php-general Digest 4 Apr 2004 08:26:36 -0000 Issue 2685
Topics (messages 182255 through 182271):
Re: passing variables
182255 by: Larry E. Ullman
Message ("Your message dated Sat, 3 Apr 2004 19:18:13 +0200...")
182256 by: L-Soft list server at America Online, Inc. (1.8e)
email viruses
182257 by: Andy B
Re: Flash MX
182258 by: Michal Migurski
Keep HTML tags, but strip attributes
182259 by: Matt Palermo
182260 by: Jochem Maas
182263 by: Jochem Maas
182264 by: Matt Palermo
182265 by: Red Wingate
182266 by: Matt Palermo
checking for existance of $_SESSION variables
182261 by: Andy B
182262 by: Red Wingate
Array_keys problem
182267 by: Robin 'Sparky' Kopetzky
182271 by: Burhan Khalid
looping through an array
182268 by: Andy B
Re: Suddenly some errors are coming
182269 by: Kim Steinhaug
182270 by: Manisha Sathe
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
When using a link like xxx.proceed.php?language=gbr
the 'proceed.php' script does not receive any $language variable.
Does someone know how to get it run?
This is a register_globals issue. Refer to $_GET['language'] instead of
just language. Or, at the top of your script, add
$language = $_GET['language'];
and you shouldn't have to change anything else.
See the manual for $_GET and $_POST for more information.
Larry
--- End Message ---
--- Begin Message ---
Your message dated Sat, 3 Apr 2004 19:18:13 +0200 with subject "Re: Mail
Authentification" has been submitted to the moderator of the WOC list:
[EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
hi...
i know this is a little ot but in an attempt to keep viruses off the list (i think)
somebody/something is forging an email in my name to the php mailing list as well as
mysql mailing list along with a few others. i get a message something like this:
"your message titled: submit your authentication here... has been sent to (whatever
mailing list it sent to)"
does anybody know about this sort of thing? and if so how to get rid of it?
tnx and sorry for the ot thing
--- End Message ---
--- Begin Message ---
>> I have to send data to flash. Should i use the "urlencode()" or the
>> "rawurlencode()" function to encode the data?
>
>If you are going to be doing this a lot, you should take a look at
>AMFPHP, Flash Remoting for PHP, at
>http://sourceforge.net/projects/amfphp/
>
>This seems to be a fast, reliable way to send data back and forth between
>your server and your Flash client.
I have heard rumors that remoting is supposed to be "deprecated" in the
next revision of flash, but I'm not sure how reliable those reports are.
Remoting with AMFPHP is speedy and easy, but you may be a little better
off using XML - it's definitely chatty, but the API is stable on both
sides, and there's no reverse-engineering voodoo associated with it.
---------------------------------------------------------------------
michal migurski- contact info and pgp key:
sf/ca http://mike.teczno.com/contact.html
--- End Message ---
--- Begin Message ---
I am building a system which allows users to post data. I want to allow
them to use ONLY certain tags such as <p>, </p>, <b>, </b>, <i>, </i>,
etc... I want to allow them to use only these, and then strip out ALL
attributes inside the tags. So if they input something like <p junk=junk>,
it would switch it to just <p>. Anyone know of a way this can be done?
Thanks,
Matt Palermo
http://sweetphp.com
--- End Message ---
--- Begin Message ---
Matt Palermo wrote:
I am building a system which allows users to post data. I want to allow
them to use ONLY certain tags such as <p>, </p>, <b>, </b>, <i>, </i>,
etc... I want to allow them to use only these, and then strip out ALL
attributes inside the tags. So if they input something like <p junk=junk>,
it would switch it to just <p>. Anyone know of a way this can be done?
regular expressions, heres an example:
<?php
$input = 'this <div>is some</div> <u><b class="haxor">bad</b></u> HTML';
echo "{$input}\n";
$input = preg_replace('/<\/?[^pbiu\/][^>]*>/', '', $input);
echo "{$input}\n";
$input = preg_replace('/<([pbiu])[^>]*>/', '<\1>', $input);
echo "{$input}\n";
$input = str_replace('bad', 'good', $input);
echo "{$input}\n";
?>
you might also think about stripping <script> tags etc.
try taking a look at some forum code (e.g. phpbb.com) to see how they do
it.
no doubt that some real regexp wizard could perform the above
replacements in a single regexp but hopefully it gives you an idea... if
your not yet familiar with regexps then I strongly recommend you read
the relevant part of the manual - they are very handy things indeed.
Thanks,
Matt Palermo
http://sweetphp.com
--- End Message ---
--- Begin Message ---
Jochem Maas wrote:
...
regular expressions, heres an example:
a slightly better example, which will display nicely if you
try the test in a browser (I think most people start out that way, I
know I did.)
<?
if (isset($_SERVER['HTTP_HOST'])) { ob_start(); }
$input = 'this <div>is some</div> <u><b class="haxor">bad</b></u> HTML';
echo "{$input}\n";
$input = preg_replace('/<\/?[^pbiu\/][^>]*>/', '', $input);
echo "{$input}\n";
$input = preg_replace('/<([pbiu])[^>]*>/', '<\1>', $input);
echo "{$input}\n";
$input = str_replace('bad', 'good', $input);
echo "{$input}\n";
if (isset($_SERVER['HTTP_HOST'])) { echo
'<pre>'.htmlentities(ob_get_clean()).'</pre>'; }
?>
...
--- End Message ---
--- Begin Message ---
Okay, I have it all set to remove ALL tags and their attributes that I don't
want. Now I just have to strip the attributes from any remaining tags.
Anyone know of something that will strip all attributes from any tag, but
leave the tag in tact? So <p junk=junk> would be <p> and </p more junk>
would be </p>. I just need this to work for any tag, no just <p>. Any
suggestions for this?
Thanks,
Matt
"Jochem Maas" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Matt Palermo wrote:
>
> > I am building a system which allows users to post data. I want to allow
> > them to use ONLY certain tags such as <p>, </p>, <b>, </b>, <i>, </i>,
> > etc... I want to allow them to use only these, and then strip out ALL
> > attributes inside the tags. So if they input something like <p
junk=junk>,
> > it would switch it to just <p>. Anyone know of a way this can be done?
>
> regular expressions, heres an example:
>
> <?php
>
> $input = 'this <div>is some</div> <u><b class="haxor">bad</b></u> HTML';
> echo "{$input}\n";
> $input = preg_replace('/<\/?[^pbiu\/][^>]*>/', '', $input);
> echo "{$input}\n";
> $input = preg_replace('/<([pbiu])[^>]*>/', '<\1>', $input);
> echo "{$input}\n";
> $input = str_replace('bad', 'good', $input);
> echo "{$input}\n";
>
> ?>
>
> you might also think about stripping <script> tags etc.
> try taking a look at some forum code (e.g. phpbb.com) to see how they do
> it.
>
> no doubt that some real regexp wizard could perform the above
> replacements in a single regexp but hopefully it gives you an idea... if
> your not yet familiar with regexps then I strongly recommend you read
> the relevant part of the manual - they are very handy things indeed.
>
> >
> > Thanks,
> >
> > Matt Palermo
> > http://sweetphp.com
> >
--- End Message ---
--- Begin Message ---
something like this might work (written on the fly):
$var = preg_replace( "/<\s*([a-z]+)([^>]*)>/i" , "<//1>" , $var );
special action on the closing tags is not necc. as they don't contain
any attributes.
-- red
Matt Palermo wrote:
Okay, I have it all set to remove ALL tags and their attributes that I don't
want. Now I just have to strip the attributes from any remaining tags.
Anyone know of something that will strip all attributes from any tag, but
leave the tag in tact? So <p junk=junk> would be <p> and </p more junk>
would be </p>. I just need this to work for any tag, no just <p>. Any
suggestions for this?
Thanks,
Matt
"Jochem Maas" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
Matt Palermo wrote:
I am building a system which allows users to post data. I want to allow
them to use ONLY certain tags such as <p>, </p>, <b>, </b>, <i>, </i>,
etc... I want to allow them to use only these, and then strip out ALL
attributes inside the tags. So if they input something like <p
junk=junk>,
it would switch it to just <p>. Anyone know of a way this can be done?
regular expressions, heres an example:
<?php
$input = 'this <div>is some</div> <u><b class="haxor">bad</b></u> HTML';
echo "{$input}\n";
$input = preg_replace('/<\/?[^pbiu\/][^>]*>/', '', $input);
echo "{$input}\n";
$input = preg_replace('/<([pbiu])[^>]*>/', '<\1>', $input);
echo "{$input}\n";
$input = str_replace('bad', 'good', $input);
echo "{$input}\n";
?>
you might also think about stripping <script> tags etc.
try taking a look at some forum code (e.g. phpbb.com) to see how they do
it.
no doubt that some real regexp wizard could perform the above
replacements in a single regexp but hopefully it gives you an idea... if
your not yet familiar with regexps then I strongly recommend you read
the relevant part of the manual - they are very handy things indeed.
Thanks,
Matt Palermo
http://sweetphp.com
--- End Message ---
--- Begin Message ---
This is what i have so far:
$allowed = '<br><p><b><i><u><li><ol><ul><strong>';
$info = strip_tags($info, $allowed);
$info = preg_replace('/<([^>])[^>]*>/', '<\1>', $info);
This works for everything except the closing tags. It turns </p> into </>.
Anyone know why?
Thanks,
Matt
"Jochem Maas" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Matt Palermo wrote:
>
> > I am building a system which allows users to post data. I want to allow
> > them to use ONLY certain tags such as <p>, </p>, <b>, </b>, <i>, </i>,
> > etc... I want to allow them to use only these, and then strip out ALL
> > attributes inside the tags. So if they input something like <p
junk=junk>,
> > it would switch it to just <p>. Anyone know of a way this can be done?
>
> regular expressions, heres an example:
>
> <?php
>
> $input = 'this <div>is some</div> <u><b class="haxor">bad</b></u> HTML';
> echo "{$input}\n";
> $input = preg_replace('/<\/?[^pbiu\/][^>]*>/', '', $input);
> echo "{$input}\n";
> $input = preg_replace('/<([pbiu])[^>]*>/', '<\1>', $input);
> echo "{$input}\n";
> $input = str_replace('bad', 'good', $input);
> echo "{$input}\n";
>
> ?>
>
> you might also think about stripping <script> tags etc.
> try taking a look at some forum code (e.g. phpbb.com) to see how they do
> it.
>
> no doubt that some real regexp wizard could perform the above
> replacements in a single regexp but hopefully it gives you an idea... if
> your not yet familiar with regexps then I strongly recommend you read
> the relevant part of the manual - they are very handy things indeed.
>
> >
> > Thanks,
> >
> > Matt Palermo
> > http://sweetphp.com
> >
--- End Message ---
--- Begin Message ---
hi...
i have the following code and i need to check to see if $_SESSION['guestbook'] has
been assigned to the session yet. if it has then use its values to create the combo
box...if it hasnt then run the sql query and assign it to the session as well as fill
the combo box with it... any ideas how?
here is the current code:
<?
//combo_g.php combo box for guestbook
//moduler: 100% reusable
$guestbook=mysql_query("select * from rnjresort.guestbook order by Number ASC");?>
<select name="edit">
<?if(!$guestbook){?>
<option value="">(none)</option><?}
else {?>
<option value="ERROR">Select GuestBook listing</option>
<?while($_SESSION['guestbook']=mysql_fetch_array($guestbook)){?>
<option value=<?$_SESSION['guestbook']['Number']?>><?echo
"(".$_SESSION['guestbook']['Number'].") ".$_SESSION['guestbook']['Name'];?></option>
<?}}?>
</select>
sorry for the long listing of code...
tnx
--- End Message ---
--- Begin Message ---
Hi Andy,
Session Variable $guestbook exists?
echo isset ( $_SESSION['guestbook'] ) ? 'yes' : 'no' ;
Session Variable $guestbook exists and is not empty?
echo ( isset ( $_SESSION['guestbook'] ) AND
empty ( $_SESSION['guestbook'] ) === FALSE ) ? 'yes' : 'no';
-- red
Andy B wrote:
hi...
i have the following code and i need to check to see if $_SESSION['guestbook'] has been assigned to the session yet. if it has then use its values to create the combo box...if it hasnt then run the sql query and assign it to the session as well as fill the combo box with it... any ideas how?
here is the current code:
<?
//combo_g.php combo box for guestbook
//moduler: 100% reusable
$guestbook=mysql_query("select * from rnjresort.guestbook order by Number ASC");?>
<select name="edit">
<?if(!$guestbook){?>
<option value="">(none)</option><?}
else {?>
<option value="ERROR">Select GuestBook listing</option>
<?while($_SESSION['guestbook']=mysql_fetch_array($guestbook)){?>
<option value=<?$_SESSION['guestbook']['Number']?>><?echo "(".$_SESSION['guestbook']['Number'].")
".$_SESSION['guestbook']['Name'];?></option>
<?}}?>
</select>
sorry for the long listing of code...
tnx
--- End Message ---
--- Begin Message ---
Good afternoon.
I'm building a class and am having a bunch of trouble with the PHP
array_keys function. I keep getting these errors:
Warning: First argument to array_keys() should be an array in D:\Htf.php on
line 33
Warning: Wrong datatype for second argument in call to in_array in
D:\Htf.php on line 35
$this->ma_arguments IS an array, so why is the error popping up? I did check
syntax but am buffaloe'd by this one.
Just so no one gets confused, I use a form of Hungarian (p=parameter,
m=module, a=array, s=string)
/**
* @var assoc array of passed arguments
*/
var $ma_arguments;
/**
* Constructor
*/
function bmc_html_tag_functions()
{
$this->init();
}
function init()
{
$this->ma_arguments = array();
}
/**
* Checks if the given key or index exists in the array (PHP < 4.1.0)
*
* @param $ps_key Key to check against
* @param $pa_search Array of elements
* @return true if key is in array
* @access private
*/
function key_exists($ps_key)
{
if ( in_array($ps_key, array_keys($this->ma_arguments)) ) {
return true;
} else {
return false;
}
}
Robin 'Sparky' Kopetzky
Black Mesa Computers/Internet Service
Grants, NM
--- End Message ---
--- Begin Message ---
Robin 'Sparky' Kopetzky wrote:
Good afternoon.
I'm building a class and am having a bunch of trouble with the PHP
array_keys function. I keep getting these errors:
Warning: First argument to array_keys() should be an array in D:\Htf.php on
line 33
Warning: Wrong datatype for second argument in call to in_array in
D:\Htf.php on line 35
$this->ma_arguments IS an array, so why is the error popping up? I did check
syntax but am buffaloe'd by this one.
Just so no one gets confused, I use a form of Hungarian (p=parameter,
m=module, a=array, s=string)
Since PHP doesn't have strict typing, you can't be sure what it is.
I've edited your code a bit.
/**
* @var assoc array of passed arguments
*/
//var $ma_arguments;
var $ma_arguments = array();
/**
* Constructor
*/
function bmc_html_tag_functions()
{
//$this->init();
}
function init()
{
$this->ma_arguments = array();
}
/**
* Checks if the given key or index exists in the array (PHP < 4.1.0)
*
* @param $ps_key Key to check against
* @param $pa_search Array of elements
* @return true if key is in array
* @access private
*/
function key_exists($ps_key)
{
if (!is_array($this->ma_arguments))
{
echo '$this->ma_arguments is not an array';
echo '<pre>'; var_dump($this->ma_arguments); echo '</pre>';
if ( in_array($ps_key, array_keys($this->ma_arguments)) ) {
return true;
} else {
return false;
}
}
Try that.
--- End Message ---
--- Begin Message ---
hi...
i have a combo box that is filled with a query from an sql table...
this is its logic:
if $_SESSION['guestbook'] doesnt exist
then query database, fill $_SESSION['guestbook'] with its values from the db, turn the
"value" part of the <option> into the values from $_SESSION['guestbook']['Number'] and
when done close the box...
if $_SESSION['guestbook'] already exists and is filled then use those existing values
to do the above (fill the combobox)
the part i have the problem with is how to get $_SESSION['guestbook'] to do the above
if it already exists...
i tried using while($_SESSION['guestbook']) but it proves in php's mind to be blank or
that whole statement gets ignored...
help...
--- End Message ---
--- Begin Message ---
1) Have your ISP upgraded PHP lately?
2) Are you including files from another server?
Meaning, your on www.domain1.com including files from
www.domain2.com?
Ive encountered this problem earlier when 1) and 2) was the case.
--
--
Kim Steinhaug
----------------------------------------------------------------------
There are 10 types of people when it comes to binary numbers:
those who understand them, and those who don't.
----------------------------------------------------------------------
www.steinhaug.com - www.easywebshop.no - www.webkitpro.com
----------------------------------------------------------------------
"Manisha Sathe" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> I am having a login page which goes to login process file. I have a
include
> file which connects to database. Till now all was ok suddenly it started
> showing following
>
> ---------------------------
> Warning: main(): stream does not support seeking in
> /home2/www/members/login-px.php on line 6
> ------------------------
>
> This line is nothing but where i included my file for database connection.
> My client got very upset, i am also not understanding why suddenly this
> popped out when for last 6 months nothing was wrong.
>
> I did not change anything neither my client. I tested db connection
> separately - it is ok. Then what can be the problem? The environment is
> Apache / MySQL / Linux / PHP.
>
> Thanks in advance,
>
> regards
> manisha
--- End Message ---
--- Begin Message ---
1)ok, will check out with ISP.
2)Yes but not for the page i am geting error - for few others. But
previously all was ok, why suddenly this problem came out ?
what u did in yr case ? pls guide me so that i will try it out the same.
manisha
"Kim Steinhaug" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> 1) Have your ISP upgraded PHP lately?
> 2) Are you including files from another server?
> Meaning, your on www.domain1.com including files from
> www.domain2.com?
>
> Ive encountered this problem earlier when 1) and 2) was the case.
>
> --
> --
> Kim Steinhaug
> ----------------------------------------------------------------------
> There are 10 types of people when it comes to binary numbers:
> those who understand them, and those who don't.
> ----------------------------------------------------------------------
> www.steinhaug.com - www.easywebshop.no - www.webkitpro.com
> ----------------------------------------------------------------------
>
>
>
> "Manisha Sathe" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> > I am having a login page which goes to login process file. I have a
> include
> > file which connects to database. Till now all was ok suddenly it started
> > showing following
> >
> > ---------------------------
> > Warning: main(): stream does not support seeking in
> > /home2/www/members/login-px.php on line 6
> > ------------------------
> >
> > This line is nothing but where i included my file for database
connection.
> > My client got very upset, i am also not understanding why suddenly this
> > popped out when for last 6 months nothing was wrong.
> >
> > I did not change anything neither my client. I tested db connection
> > separately - it is ok. Then what can be the problem? The environment is
> > Apache / MySQL / Linux / PHP.
> >
> > Thanks in advance,
> >
> > regards
> > manisha
--- End Message ---
