php-general Digest 8 Aug 2006 09:21:53 -0000 Issue 4281
Topics (messages 240282 through 240301):
Re: Newbie Form Question
240282 by: Richard Lynch
240285 by: Andrew Kreps
Re: client<->server upload communication?
240283 by: Richard Lynch
Re: Using preg_match to find Japanese text
240284 by: Richard Lynch
Re: Sending data to persistent process stdin
240286 by: Richard Lynch
Re: stupid question...compiling php
240287 by: Andrew Kreps
Re: Is this really a pdf?
240288 by: Richard Lynch
240289 by: Richard Lynch
Re: Declaring variables from the url
240290 by: Richard Lynch
Mixing sprintf and mysql_real_escape_string
240291 by: Peter Lauri
240296 by: Richard Lynch
240297 by: Peter Lauri
240298 by: Martin Alterisio
240299 by: Peter Lauri
240300 by: Larry Garfield
Re: saving and retrieving an array from a database
240292 by: Richard Lynch
Re: PDO and PGSQL: ERROR: syntax error at or near "SET"
240293 by: Richard Lynch
Re: php/ajax..
240294 by: Manuel Lemos
Re: yahoo thinks html mail is spam, what's wrong with header?
240295 by: Richard Lynch
Regular expression to find from start of string to first space
240301 by: Dave M G
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
php-general@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
On Mon, August 7, 2006 2:37 am, David Dorward wrote:
> Richard Lynch wrote:
>
>> <?php
switch($_REQUEST['email']){
case '[EMAIL PROTECTED]':
case '[EMAIL PROTECTED]':
//Do nothing.
break;
default:
die("Hack attempt.");
break;
}
>> if (isset($_REQUEST['email'])){
>> $success = mail($_REQUEST['action'], 'un/subscribe',
>> 'un/subscribe', "From: $_REQUEST[email]\r\nReply-to:
>> $_REQUEST[email]");
>> if ($success) echo "Status Change Sent";
>> else echo "Unable to send Status Change";
>> }
>> ?>
>
> What if someone submitted:
>
> action = [EMAIL PROTECTED]
>
> email = [EMAIL PROTECTED] long winded evil spam message here
>
> ?
--
Like Music?
http://l-i-e.com/artists.htm
--- End Message ---
--- Begin Message ---
Better yet, don't allow the user to enter a From address. Simply give
them subscribe and unsubscribe radio buttons, and make sure the
un/subscribe-ee gets a confirmation email. And certainly check your
input fields for newlines. :)
On 8/7/06, Richard Lynch <[EMAIL PROTECTED]> wrote:
On Mon, August 7, 2006 2:37 am, David Dorward wrote:
> Richard Lynch wrote:
>
>> <?php
switch($_REQUEST['email']){
case '[EMAIL PROTECTED]':
case '[EMAIL PROTECTED]':
//Do nothing.
break;
default:
die("Hack attempt.");
break;
}
>> if (isset($_REQUEST['email'])){
>> $success = mail($_REQUEST['action'], 'un/subscribe',
>> 'un/subscribe', "From: $_REQUEST[email]\r\nReply-to:
>> $_REQUEST[email]");
>> if ($success) echo "Status Change Sent";
>> else echo "Unable to send Status Change";
>> }
>> ?>
>
> What if someone submitted:
>
> action = [EMAIL PROTECTED]
>
> email = [EMAIL PROTECTED] long winded evil spam message here
>
> ?
--- End Message ---
--- Begin Message ---
On Sun, August 6, 2006 9:56 am, tedd wrote:
> I posted this question on a js list, but didn't received an answer.
> Maybe someone here might be able to provide some insight or direction.
>
> In my ajax "experiment" monitoring states, namely:
>
> http://xn--ovg.com/ajax_readystate
>
> I can see the readyState replies/conditions.
>
> Is there something similar when uploading a file or image?
Not yet, in PHP, unless you patch it, or do some kind of icky hack
with Javascript and a ton of overhead HTTP traffic.
> There has to be some sort of communication between the sender and the
> receiver, right?
Yes.
> If so, is there a way to tap into that communication?
Not yet, in PHP, but there is a patch in the works for it, from what
I've seen on 'internals' list, and you can Google for "PHP File Upload
Progress Meter Patch" and find several variants on the same theme.
Apparently every Designer in the world wants their own upload progress
meter because none of them like the browser's upload meter. :-;
Of course, you still need to get that info *BACK* to the browser if
PHP is the one monitoring the upload progress -- It seems to me like
the BROWSER ought to be providing a hook to this client-side, since
that's where you want the progress meter.
--
Like Music?
http://l-i-e.com/artists.htm
--- End Message ---
--- Begin Message ---
On Sat, August 5, 2006 9:06 pm, Dave M G wrote:
> While I'm only just learning about regular expressions in another
> thread, I still seem to be finding exceptional situations which have
> me
> questioning the extent to which preg expressions can be implemented.
>
> (The following contains UTF-8 encoded Japanese text. Apologies if it
> comes out as ASCII gibberish.)
>
> What I have are sentences that look like this:
> æ°æ¸© ããããã (n) atmospheric temperature; (P); EP
> ã«ã¤ã㦠(exp) concerning; along; under; per; KD
Can you be sure that '(' will not appear in the Japanese part?
preg_match('/^(.*)(\\(.*$)/', $text, $parts);
echo "Japanese: $parts[1]<br />\n";
echo "Definition: $parts[2]<br />\n";
Then you could break apart the Japanese part based on whether there
are or aren't the delimiters for the "reading" -- they looked kinda
like parentheses before my ascii-centric email munged them.
You might even be able to combine it all into one big preg_match if
you worked at it.
--
Like Music?
http://l-i-e.com/artists.htm
--- End Message ---
--- Begin Message ---
On Sat, August 5, 2006 8:08 am, Ville Mattila wrote:
> I have been thinking of making a simple web-based interface to control
> my media center box (running debian linux). Being a bit enthustiatic,
> I
> thought I could use some generic tools for playing media files and
> write
> the whole UI by my own.
There are more than a few PHP Jukebox applications out there...
Maybe see how they did it.
> I found mpg123 program that can be run in "remote mode" (mpg123 -R) so
> that playback can be controlled via stdin. Writing "LOAD <mp3 file>"
> to
> the stdin will begin output, "PAUSE" will stop it and so on.
>
> How could I use PHP and its process functions to send something to
> stdin
> of a persistent process? I would like to run mpg123 only once,
> whichafter a few PHP scripts would send data and proper commands to
> its
> stdin. Maybe a kind of daemon process would be needed? Anyway, sending
> data to a daemon can be problematic... Maybe a kind of socket wrapper?
> Well - I have no experience about socket functions of PHP...
http://php.net/socket
should get you started on this road.
> Tips and tricks are welcome, or should I just go to the local hi-tech
> market and by a CD player LOL :D
--
Like Music?
http://l-i-e.com/artists.htm
--- End Message ---
--- Begin Message ---
I'll bet your hosting environment has not installed the php sources.
If the server is shared with other clients, you'll probably need to
download the source and compile php in your user space and run it as a
CGI (if your host allows this configuration). Hopefully they have
some allowances for this, you may want to check with them.
On 8/7/06, Jochem Maas <[EMAIL PROTECTED]> wrote:
blackwater dev wrote:
I can do phpinfo but that
> tells
> me the config line and where the ini files are, not necessarily where the
> configure stuff is to recompile...correct?
--- End Message ---
--- Begin Message ---
On Mon, August 7, 2006 9:08 am, Sjef wrote:
> Is it possible to recognize if a file for upload really is a pdf (like
> the
> function getimagesize retuns the file type of the image)?
It should be noted that getimagesize is also not fool-proof for the
same reasons as the PDF first-4 bytes == '%PDF' is not "secure"
getimagesize only looks at the first N bytes to figure out
width/height/etc.
It's a bit more complex than the PDF version, as it has to choose the
right bytes for the given image type, but it's not an exhaustive check
that the file *IS* a valid image file.
That said, this can be one more simple/easy barrier in place in a
series of security checks, both for Images and PDFs.
The only way to be 99.99999% certain an image is a valid image is to
have a human eyeball look at it -- leaving the remainder of a
percentage for "art" images too weird to be distinguished from noise.
It's also theoretically possible that some single specific image "out
there" could "look" fine, but by sheer coincidence that specific
sequency of bytes could ALSO be a malicious program.
That's kind of pointless in the general sense, except as an indicator
that you will never get 100% certainty, so it's probably best to do
several fast easy checks that rely on un-related data so that you have
a series of barriers rather than a single point of failure in your
security.
--
Like Music?
http://l-i-e.com/artists.htm
--- End Message ---
--- Begin Message ---
On Mon, August 7, 2006 10:04 am, Ed Curtis wrote:
>
> On Mon, 7 Aug 2006, Sjef wrote:
>
>> Is it possible to recognize if a file for upload really is a pdf
>> (like the
>> function getimagesize retuns the file type of the image)?
>> Thanxs,
>> Sjef
>
> Yes it is.
>
> $_FILES['{form_field_name}']['type'] is your friend here. Just match
> it
> against a mime type your looking for.
$_FILE[*]['type'] is pretty useless all around...
It's useless as a Security method because a Bad Guy can send anything
they want for that.
It's useless in the general sense because IE and Mozilla-esque
browsers send *different* MIME types for the same file.
There is no standard they are following for what is the MIME type of a
JPEG, PNG, etc. So you'd have to predict every possible MIME type
that a browser *might* send for any given file type, and there's no
predicting IE, for starters.
It would be nice if the browsers provided standardized info, as this
would be one more hurdle to put in the way of errors, but as it stands
now, I'd avoid bothering with it. Too much hassle for too little
payoff.
--
Like Music?
http://l-i-e.com/artists.htm
--- End Message ---
--- Begin Message ---
On Mon, August 7, 2006 8:13 am, Dave M G wrote:
> I have many times set the value of a variable by declaring it in the
> URL, like so:
>
> http://www.domain.com/index.php?var=1
>
> And then, to use the variable, all I have to do is use it in the
> script,
> like so:
>
> echo "This is the value of the variable: " . $var;
>
> But, for some reason, in a script I'm writing now, this simple process
> isn't working.
>
> The only thing I can think of that is different between before and now
> is that the new script is being executed in PHP5, whereas before was
> with PHP4.
>
> In my new script, I check the value of $_SERVER['QUERY_STRING'], the
> value is contained in there, so it is being assigned and contained
> somehow.
>
> What could I possibly be missing in what should be a super simple
> process?
http://php.net/register_globals
--
Like Music?
http://l-i-e.com/artists.htm
--- End Message ---
--- Begin Message ---
Hi,
I get strange output if I combine sprintf and mysql_real_escape_string. If I
do this the resulting into the database is \' not ' as I want.
mysql_query(sprintf("INSERT INTO table (value1, value2) VALUES (1, '%s')",
mysql_real_escape_string(" ' ")));
Should this be like this? Do the sprintf already add slashes or something?
/Peter
--- End Message ---
--- Begin Message ---
On Mon, August 7, 2006 12:35 pm, Peter Lauri wrote:
> I get strange output if I combine sprintf and
> mysql_real_escape_string. If I
> do this the resulting into the database is \' not ' as I want.
>
> mysql_query(sprintf("INSERT INTO table (value1, value2) VALUES (1,
> '%s')",
> mysql_real_escape_string(" ' ")));
>
> Should this be like this? Do the sprintf already add slashes or
> something?
mysql_real_escape_string(" ' ") will yield: \'
This is because the ' is a "special" character to the MySQL parser --
It indicates the beginning and end of character-based data.
So if you want ' to *BE* part of your data, it needs to be escaped
with \ in front of ' and that tells MySQL, "Yo, this apostrophe is
data, not a delimiter".
sprintf should simply output:
INSERT INTO table (value1, value2) VALUES(1, ' \' ')
because is just slams the output into the %s part.
mysql_query() sends that whole thing off to MySQL.
When MySQL "reads" the SQL statement, and tries to figure out what to
do, it "sees" that line.
Because of the \' in there, it knows that the middle ' is not the end
of the string, but is part of the data.
So what MySQL actually stores for value2 is just:
'
MySQL does *NOT* store \' for that data -- The \ part of \' gets
"eaten" by MySQL parser as it works through the SQL statement, and it
just turns into plain old ' to get stored on the hard drive.
If you think it did store that, then either you didn't tell us the
correct thing for what you did, or your test for what MySQL stored is
flawed.
The usual suspect, in PHP, for this problem, is that the data is
coming from GET/POST (or COOKIES) and you have Magic Quotes turned
"ON" and the data is already getting escaped by
http://php.net/addslashes, and then you escape it *AGAIN* with
mysql_real_escape_string.
mysql_real_escape_string is better than addslashes (and/or Magic
Quotes) so turn off Magic Quotes and keep the mysql_real_escape_string
bit.
--
Like Music?
http://l-i-e.com/artists.htm
--- End Message ---
--- Begin Message ---
I should maybe add that the data actually comes from a form:
mysql_query(sprintf("INSERT INTO table (value1, value2) VALUES (1,
'%s')", mysql_real_escape_string($_POST['formvalue'])));
And when I have ' in the field, it will insert \' into the database in pure
form. If I do this it will add just ' (with the $_POST['formvalue']="'";
mysql_query(sprintf("INSERT INTO table (value1, value2) VALUES (1,
'%s')", $_POST['formvalue']));
Something that we are missing out here?
-----Original Message-----
From: Richard Lynch [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 08, 2006 5:54 AM
To: Peter Lauri
Cc: php-general@lists.php.net
Subject: Re: [PHP] Mixing sprintf and mysql_real_escape_string
On Mon, August 7, 2006 12:35 pm, Peter Lauri wrote:
> I get strange output if I combine sprintf and
> mysql_real_escape_string. If I
> do this the resulting into the database is \' not ' as I want.
>
> mysql_query(sprintf("INSERT INTO table (value1, value2) VALUES (1,
> '%s')",
> mysql_real_escape_string(" ' ")));
>
> Should this be like this? Do the sprintf already add slashes or
> something?
mysql_real_escape_string(" ' ") will yield: \'
This is because the ' is a "special" character to the MySQL parser --
It indicates the beginning and end of character-based data.
So if you want ' to *BE* part of your data, it needs to be escaped
with \ in front of ' and that tells MySQL, "Yo, this apostrophe is
data, not a delimiter".
sprintf should simply output:
INSERT INTO table (value1, value2) VALUES(1, ' \' ')
because is just slams the output into the %s part.
mysql_query() sends that whole thing off to MySQL.
When MySQL "reads" the SQL statement, and tries to figure out what to
do, it "sees" that line.
Because of the \' in there, it knows that the middle ' is not the end
of the string, but is part of the data.
So what MySQL actually stores for value2 is just:
'
MySQL does *NOT* store \' for that data -- The \ part of \' gets
"eaten" by MySQL parser as it works through the SQL statement, and it
just turns into plain old ' to get stored on the hard drive.
If you think it did store that, then either you didn't tell us the
correct thing for what you did, or your test for what MySQL stored is
flawed.
The usual suspect, in PHP, for this problem, is that the data is
coming from GET/POST (or COOKIES) and you have Magic Quotes turned
"ON" and the data is already getting escaped by
http://php.net/addslashes, and then you escape it *AGAIN* with
mysql_real_escape_string.
mysql_real_escape_string is better than addslashes (and/or Magic
Quotes) so turn off Magic Quotes and keep the mysql_real_escape_string
bit.
--
Like Music?
http://l-i-e.com/artists.htm
--- End Message ---
--- Begin Message ---
2006/8/7, Peter Lauri <[EMAIL PROTECTED]>:
I should maybe add that the data actually comes from a form:
mysql_query(sprintf("INSERT INTO table (value1, value2) VALUES (1,
'%s')", mysql_real_escape_string($_POST['formvalue'])));
And when I have ' in the field, it will insert \' into the database in
pure
form. If I do this it will add just ' (with the $_POST['formvalue']="'";
mysql_query(sprintf("INSERT INTO table (value1, value2) VALUES (1,
'%s')", $_POST['formvalue']));
Something that we are missing out here?
My guess: magic_quotes_gpc is enabled where you're running the script.
Therefore slashes are already present in the data from the form post.
-----Original Message-----
From: Richard Lynch [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 08, 2006 5:54 AM
To: Peter Lauri
Cc: php-general@lists.php.net
Subject: Re: [PHP] Mixing sprintf and mysql_real_escape_string
On Mon, August 7, 2006 12:35 pm, Peter Lauri wrote:
> I get strange output if I combine sprintf and
> mysql_real_escape_string. If I
> do this the resulting into the database is \' not ' as I want.
>
> mysql_query(sprintf("INSERT INTO table (value1, value2) VALUES (1,
> '%s')",
> mysql_real_escape_string(" ' ")));
>
> Should this be like this? Do the sprintf already add slashes or
> something?
mysql_real_escape_string(" ' ") will yield: \'
This is because the ' is a "special" character to the MySQL parser --
It indicates the beginning and end of character-based data.
So if you want ' to *BE* part of your data, it needs to be escaped
with \ in front of ' and that tells MySQL, "Yo, this apostrophe is
data, not a delimiter".
sprintf should simply output:
INSERT INTO table (value1, value2) VALUES(1, ' \' ')
because is just slams the output into the %s part.
mysql_query() sends that whole thing off to MySQL.
When MySQL "reads" the SQL statement, and tries to figure out what to
do, it "sees" that line.
Because of the \' in there, it knows that the middle ' is not the end
of the string, but is part of the data.
So what MySQL actually stores for value2 is just:
'
MySQL does *NOT* store \' for that data -- The \ part of \' gets
"eaten" by MySQL parser as it works through the SQL statement, and it
just turns into plain old ' to get stored on the hard drive.
If you think it did store that, then either you didn't tell us the
correct thing for what you did, or your test for what MySQL stored is
flawed.
The usual suspect, in PHP, for this problem, is that the data is
coming from GET/POST (or COOKIES) and you have Magic Quotes turned
"ON" and the data is already getting escaped by
http://php.net/addslashes, and then you escape it *AGAIN* with
mysql_real_escape_string.
mysql_real_escape_string is better than addslashes (and/or Magic
Quotes) so turn off Magic Quotes and keep the mysql_real_escape_string
bit.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
[snip]My guess: magic_quotes_gpc is enabled where you're running the script.
Therefore slashes are already present in the data from the form post.[/snip]
Should I turn it off? Adding slashes and mysql_real_escape_string is not
exactly the same thing, correct?
/Peter
--- End Message ---
--- Begin Message ---
On Monday 07 August 2006 19:39, Peter Lauri wrote:
> [snip]My guess: magic_quotes_gpc is enabled where you're running the
> script. Therefore slashes are already present in the data from the form
> post.[/snip]
>
> Should I turn it off? Adding slashes and mysql_real_escape_string is not
> exactly the same thing, correct?
>
> /Peter
As standard procedure, you should disable magic quotes and register globals on
any PHP install, just on principle. Both are very old ideas intended to make
life easier and more secure for people who didn't know what they were doing
but ended up causing more trouble than they were worth. Both are now to be
avoided.
And no, addslashes() and mysql_real_escape_string() are not the same thing.
addslashes() just dumbly escapes quotes with backslashes.
mysql_real_escape_string() does real string escaping according to MySQL's
locale settings and various other rules, including escaping quotes as
appropriate.
--
Larry Garfield AIM: LOLG42
[EMAIL PROTECTED] ICQ: 6817012
"If nature has made any one thing less susceptible than all others of
exclusive property, it is the action of the thinking power called an idea,
which an individual may exclusively possess as long as he keeps it to
himself; but the moment it is divulged, it forces itself into the possession
of every one, and the receiver cannot dispossess himself of it." -- Thomas
Jefferson
--- End Message ---
--- Begin Message ---
On Mon, August 7, 2006 7:52 am, [EMAIL PROTECTED] wrote:
> ok this seem to work but how do I bring it back? This is what I have
> so far.
>
> <?
> $first[] = array('appple', 'pear', 'banana');
> $second = serialize($first);
Store $second in the DB here.
It's just a big long-ass string at this point.
You can use echo $second; to see what it looks like.
[cue clock fast-forward visual sequence]
Pull $second (or whatever you want to call it) out of the database.
It's just a big long string.
> $third[]= unserialize($second);
This de-constructs that big string into an array, and you are back in
business.
> echo $second; //outputs serialized data
> echo $third[1];
>
> ?>
NOTE:
90% of the time, you should be putting each array item into the
database separately, so you can use SQL to retrieve only the bits you
need instead of schlepping the whole thing back and forth all the
time...
If you are new to programming, think long and hard about what you will
be doing with these array elements, and if you plan on using PHP to
search/sort/filter them at some point, don't do that. Put them in as
individual data in the DB.
If you always use the whole array, and never search it, sort it, or
filter it down to fewer elements, and are just shuffling it
back-and-forth, then serializing it and storing it en masse is fine.
--
Like Music?
http://l-i-e.com/artists.htm
--- End Message ---
--- Begin Message ---
On Mon, August 7, 2006 6:48 am, Erik Gyepes wrote:
> I'm trying to learn using PDO and PostgreSQL together a little bit and
> I
> have some problems with (I thinks, auto incrementing fields)
> I have the following sample DB:
>
> CREATE TABLE users (
> uid SERIAL UNIQUE NOT NULL,
My PostgreSQL knowledge is very out-dated, but I always used to have
to do:
create sequence users_id;
create table users (
uid int4 unique not null primary key default 'nextval(users_id)',
as I recall.
It's quite likely that PostgreSQL added the SERIAL type and I'm just
an old dog...
> $query = "INSERT INTO users SET uid = :uid, login = :login,
> password
> = :password";
As far as I know, only MySQL actually lets you mangle SQL in that
particular fashion...
insert into users (uid, login, password) values(:uid, :login, :password)
is probably what you want, assuming the :variable is how PDO does things.
You're on your own for the PDO stuff...
--
Like Music?
http://l-i-e.com/artists.htm
--- End Message ---
--- Begin Message ---
Hello,
on 08/07/2006 04:11 PM bruce said the following:
> will php allow a user to enter field on a form, and compute aresult based on
> the field, without having to reload the entire form, or will i need ajax...
>
> any good examples on how to accomplish this..
You may want to take a look at this forms generation class that comes
with plug-in to submit and process forms using AJAX. It lets you execute
arbitrary actions on the server side with PHP and you can tell it to
update as many parts of your page as you want. With this plug-in you can
do it all in PHP without writing a single line of Javascript.
Take a look in particular at the example test_ajax_form.php . It shows
how to submit a form with a simple text field and a file upload field,
and then process it on the server side and some progress report feedback.
http://www.phpclasses.org/formsgeneration
Also take a look at the test_linked_select.php and
test_auto_complete.php examples that take advantage of the class AJAX
plug-in features.
--
Regards,
Manuel Lemos
Metastorage - Data object relational mapping layer generator
http://www.metastorage.net/
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
--- End Message ---
--- Begin Message ---
On Mon, August 7, 2006 7:21 am, blackwater dev wrote:
> When I try to send email from my server as html, my yahoo account and
> several of my user's email accounts mark it as spam. I can send a
> normal
> email via mail() just fine but when I try to to html, it's bad.
Yes.
Because most HTML "enhanced" (cough, cough) email *IS* spam.
> I've
> played
> with a few things but can't seem to figure it out.
You'll have to compare email that makes it through that *IS* HTML
enhanced with your email, and compare all the headers and body and see
what telltales triggered the spam filter.
Spam filters these days are complex operations calculating the "odds"
that any given piece of email is or isn't junk.
If you can find out exactly what software / rules Yahoo uses to
determine what is/isn't spam, then you could compose your email to not
get caught -- But I doubt that Yahoo publishes this info. And it's
subject to change without notice anyway.
Your best bet is to get the recipients to whitelist your sending
address so they always get your email.
If you can't get them to do that, then they must not want your email
all that badly, and you might as well give up on them.
--
Like Music?
http://l-i-e.com/artists.htm
--- End Message ---
--- Begin Message ---
PHP,
Shouldn't this regular expression select everything from the start of
the string to the first space character:
$firstWord = preg_match('#^*(.*) #iU', $word);
It doesn't, so clearly I'm wrong, but here's why I thought it would:
The enclosing has marks, "#", I *think* just encloses the expression. I
was told to use them before, but I can't find them here:
http://jp2.php.net/manual/en/reference.pcre.pattern.syntax.php
The caret, "^", says to start at the beginning of the line.
The first asterix, "*" after the caret says to use any starting character.
The space just before the second "#" is the closing character of my search.
The "(.*)" in the middle says to take anything in between the beginning
of the line and the space.
"iU" says, "be case insensitive, and don't be greedy".
So, it should start at the beginning of the line and get everything up
to the first space. But it doesn't work.
Where did I go wrong?
--
Dave M G
--- End Message ---
