php-general Digest 22 Mar 2004 01:22:55 -0000 Issue 2660
Topics (messages 181078 through 181108):
Re: Timing a MySQL response
181078 by: John W. Holmes
Re: Upload file field not working as a form element
181079 by: Lowell Allen
181080 by: Vernon
181081 by: Jason Wong
181082 by: Lowell Allen
SQL Injection check (mysql)
181083 by: Ali Ashrafzadeh
181099 by: Chris Shiflett
181108 by: Michael Rasmussen
Re: 9 Months Ago
181084 by: Marek Kilimajer
181086 by: Ben Ramsey
181090 by: Rasmus Lerdorf
Decoding a URL without decoding values
181085 by: Ben Ramsey
181087 by: Jason Wong
181088 by: Ben Ramsey
Re: Scheduling PHP on Windows
181089 by: trlists.clayst.com
Array problem
181091 by: noginn
PHP as module, also as suexec, in Apache?
181092 by: Wendell
creating a confirm page
181093 by: Andy B
181094 by: Bruno Santos
RE:[PHP] creating a confirm page
181095 by: Andy B
Re: ip to country
181096 by: Chris Shiflett
181097 by: Chris Shiflett
181098 by: Chris Shiflett
181100 by: Filip de Waard
181103 by: Chris Shiflett
Re: Comparing 2 files
181101 by: Kim Steinhaug
181104 by: Jochem Maas
Re: Problem uploading large files via PHP (20+ MB)
181102 by: Kim Steinhaug
Zend Optimiser -- wide spread??
181105 by: Justin French
181106 by: Geir Pedersen - Activio AS
Re: php and CSS level 2
181107 by: Michal Migurski
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Richard Davey wrote:
Just a quick question - but does anyone know how to get the ms value
back from MySQL that tells you how long it took to run your query?
That value is not returned at all. Go with the wrapper...
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
--- End Message ---
--- Begin Message ---
> All I am trying to do is insert the file name, not the file. The file is
> being uploaded to the server in a specific location. All I need is the
> filename inserted into the database. I've gotten the upload part to work and
> everything I just can't get the file name inserted for God knows what
> reason. I removed the upload code and am simply trying to insert the
> filename and userid into the database. The userid goes in but I cannot get
> the file name inserted.
>
> Here is the form:
> <form action="<?php echo $editFormAction; ?>" method="post"
> enctype="multipart/form-data" name="form1">
> <input name="filename" type="file" id="filename">
> <input name="userid" type="hidden" id="userid"
> value="<?php echo $row_rsUSER['id']; ?>">
> <input type="submit" name="Submit2" value="Upload"
> disabled>
> <input type="hidden" name="MM_insert" value="form1">
> </form>
The uploaded file name will be $HTTP_POST_FILES["filename"]["name"] -- use
that rather than $_POST["filename"].
HTH
--
Lowell Allen
--- End Message ---
--- Begin Message ---
> The uploaded file name will be $HTTP_POST_FILES["filename"]["name"] -- use
> that rather than $_POST["filename"].
I'm sorry I don't understand. What is the extra ["name"] for? When I use
this in the insert into the value that is inserted into the database is
Array, as opposed to the actual filename.
Thanks
-V
--- End Message ---
--- Begin Message ---
On Sunday 21 March 2004 22:53, Vernon wrote:
> > The uploaded file name will be $HTTP_POST_FILES["filename"]["name"] --
> > use that rather than $_POST["filename"].
>
> I'm sorry I don't understand. What is the extra ["name"] for? When I use
> this in the insert into the value that is inserted into the database is
> Array, as opposed to the actual filename.
manual > Handling file uploads
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
/*
SEMPER UBI SUB UBI!!!!
*/
--- End Message ---
--- Begin Message ---
>> The uploaded file name will be $HTTP_POST_FILES["filename"]["name"] -- use
>> that rather than $_POST["filename"].
>
> I'm sorry I don't understand. What is the extra ["name"] for? When I use
> this in the insert into the value that is inserted into the database is
> Array, as opposed to the actual filename.
The $HTTP_POST_FILES array works for me. Maybe you need to try the $_FILES
array instead. Take a look at the info in the manual:
<http://www.php.net/manual/en/features.file-upload.php#features.file-upload.
post-method>.
--
Lowell Allen
--- End Message ---
--- Begin Message ---
Hi
I'm looking for a function To check SQL Injection in Mysql RDBMS
please tell me if anyone know good function or solution
thank's
--- End Message ---
--- Begin Message ---
--- Ali Ashrafzadeh <[EMAIL PROTECTED]> wrote:
> I'm looking for a function To check SQL Injection in Mysql RDBMS
> please tell me if anyone know good function or solution
In my opinion, this is the wrong approach.
SQL injection vulnerabilities exist when you use data that the user gave
you to create your SQL statement. So, anytime that this happens, simply
make absolutely sure that the data you are using from the user fits a very
specific format that you are expecting.
To be clear: make sure the data that the user submitted only contains the
characters you think are valid (don't bother trying to guess malicious
characters - you're sure to miss one) and is a valid length. Once you've
done this, and your design helps you to make sure that this step can't be
bypassed by the user, you're protected against SQL injection.
There is also a rather handy document available from NYPHP:
http://phundamentals.nyphp.org/PH_storingretrieving.php
This is good for describing magic_quotes and mysql_escape_string().
Hope that helps.
Chris
=====
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--- End Message ---
--- Begin Message ---
On Sun, 21 Mar 2004 13:49:22 -0800, Chris Shiflett wrote:
>
> To be clear: make sure the data that the user submitted only contains the
> characters you think are valid (don't bother trying to guess malicious
> characters - you're sure to miss one) and is a valid length. Once you've
> done this, and your design helps you to make sure that this step can't be
> bypassed by the user, you're protected against SQL injection.
>
Or even better: Use only prepared statements.
--
Hilsen/Regards
Michael Rasmussen
--------------------------------------------------------------
Be cheerful while you are alive.
-- Phathotep, 24th Century B.C.
--- End Message ---
--- Begin Message ---
Jeff Oien wrote:
When I do this:
$lastmonth = mktime(0, 0, 0, date("m")-9, date("d"), date("Y"));
this will not work most of the year, if current month is August or less,
the month value will be negative.
Use strtotime('-9 months') instead.
--- End Message ---
--- Begin Message ---
Marek Kilimajer wrote:
Jeff Oien wrote:
When I do this:
$lastmonth = mktime(0, 0, 0, date("m")-9, date("d"), date("Y"));
this will not work most of the year, if current month is August or less,
the month value will be negative.
Use strtotime('-9 months') instead.
This code works just fine for me:
$nine_months_ago = mktime(0, 0, 0, date("m")-9, date("d"), date("Y"));
echo date("m/d/Y", $nine_months_ago);
If today is March 21, 2004, then this outputs "06/21/2003". That's
exactly nine months ago.
See http://www.php.net/date
--
Regards,
Ben Ramsey
http://benramsey.com
http://www.phpcommunity.org/wiki/People/BenRamsey
--- End Message ---
--- Begin Message ---
On Sun, 21 Mar 2004, Marek Kilimajer wrote:
> Jeff Oien wrote:
> > When I do this:
> > $lastmonth = mktime(0, 0, 0, date("m")-9, date("d"), date("Y"));
>
> this will not work most of the year, if current month is August or less,
> the month value will be negative.
mktime() can take negative values just fine.
-Rasmus
--- End Message ---
--- Begin Message ---
I've got a querystring that looks like this:
?url=http%3A%2F%2Ftest.alpharetta.ga.us%2Findex.php%3Fm%3Dlinks%26category%3DRecreation%2B%2526%2BParks%26go.x%3D22%26go.y%3D7
As you can gather, I'm trying to pass a URL to another script for some
processing. Before I urlencode() the URL and pass it to the query
string, it looks like this:
http://test.alpharetta.ga.us/index.php?m=links&category=Recreation+%26+Parks&go.x=22&go.y=7
As you can see, there are already encoded entities in the URL, which are
further encoded when passed through urlencode(). The problem I'm having
is that when I urldecode() the string from $_GET["url"], I get the
following string:
http://test.alpharetta.ga.us/index.php?m=links&category=Recreation &
Parks&go.x=22&go.y=7
It's similar, but the category variable is now "Recreation & Parks" when
it needs to be "Recreation+%26+Parks". When I try to use
file_get_contents() on this string, I get nothing because of the
ampersand and spaces in the URL.
Is there a way to urldecode() $_GET["url"] and still retain its original
encoded entities so that I can use it again as a valid URL?
--
Regards,
Ben Ramsey
http://benramsey.com
http://www.phpcommunity.org/wiki/People/BenRamsey
--- End Message ---
--- Begin Message ---
On Monday 22 March 2004 00:03, Ben Ramsey wrote:
[snip]
> Is there a way to urldecode() $_GET["url"] and still retain its original
> encoded entities so that I can use it again as a valid URL?
You can base64_encode() it.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
/*
He who laughs last is probably your boss.
*/
--- End Message ---
--- Begin Message ---
JW> You can base64_encode() it.
Hadn't thought of that. Works perfect! Thanks!
--
Regards,
Ben Ramsey
http://benramsey.com
http://www.phpcommunity.org/wiki/People/BenRamsey
--- End Message ---
--- Begin Message ---
On 20 Mar 2004 Ben Ramsey wrote:
> I know how to run a PHP script as a cron job on a *nix machine. So,
> does anyone know how to use the Task Scheduler on Windows to do the
> same? Or is it even possible?
The fundamental idea is simple -- work out a command line from a
regular command prompt that does what you want. Then set it up under
Control Panel / Scheduled Tasks. You will have to specifically invoke
cmd.exe if you want to redirect the output, for example here's a
command line I just tried that worked properly:
m:\winnt\system32\cmd.exe /c h:\php\cli\php.exe test4.php >> c:\x.txt
--
Tom
--- End Message ---
--- Begin Message ---
This has been confusing me a little for a few hours now.
Heres a snip of my code which is causing the problem:
$content = "<table border='0' cellspacing='0' cellpadding='5'>\n";
$content .= "<tr>\n";
$content .= "<td> </td>\n";
$tasks = new dbconnect;
$tasks->connect();
$tasks->query("SELECT tid, tname FROM tasks");
while(list($tid, $tname) = $tasks->fetch_rows()) {
$content .= "<td valign='top' align='center'><span
class='highlight'>$tname</span></td>\n";
}
$content .= "<td> </td>\n";
$content .= "</tr>\n";
$projects = new dbconnect;
$projects->connect();
$projects->query("SELECT pid, pname FROM projects");
* $columntotals = array();*
$colour = 0;
while(list($pid, $pname) = $projects->fetch_rows()) {
$tasks->data_seek(0);
$rowtotal = 0;
$count = 0;
if ($colour % 2) {
$bgcolour = "#FFFFFF";
}
else {
$bgcolour = "#F9F9F9";
}
$colour++;
$content .= "<tr>\n";
$content .= "<td valign='top' align='center'><span
class='highlight'>$pname</span></td>\n";
while(list($tid, $tname) = $tasks->fetch_rows()) {
$logs = new dbconnect;
$logs->connect();
$logs->query("SELECT SUM(hours) from logs WHERE pid = '$pid'
AND tid = '$tid' AND date >= '$sdate' AND date <= '$edate'");
list($sum) = $logs->fetch_rows();
if (!$sum) {
$sum = 0;
}
$rowtotal = $rowtotal + $sum;
*$columntotals[$count] = $columntotals[$count] + $sum;*
$count++;
$content .= "<td bgcolor='$bgcolour'
align='center'>$sum</td>\n";
}
$content .= "<td align='center'><b>$rowtotal</b></td>\n";
}
$content .= "</tr>\n";
$content .= "<tr>\n";
$content .= "<td> </td>\n";
$sumofcolumntotals = 0;
for ($i=0; $i<sizeof($columntotals); $i++)
{
$sumofcolumntotals = $sumofcolumntotals + $columntotals[$i];
$content .= "<td align='center'><b>$columntotals[$i]</b></td>\n";
}
$content .= "<td align='center'><b>$sumofcolumntotals</b></td>\n";
$content .= "</tr>\n";
$content .= "</table>\n";
I have made the lines inwhich I know are causing problems in bold.
Basicly, I am creating a report of some data and need to count up totals
of each column and then again total the totals if you get me.
Here is the errors I am getting.
*Notice*: Undefined offset: 0 in
*C:\WWW\Apache2\htdocs\php\coursework\reports_projects.php* on line *58*
*Notice*: Undefined offset: 1 in
*C:\WWW\Apache2\htdocs\php\coursework\reports_projects.php* on line *58*
*Notice*: Undefined offset: 2 in
*C:\WWW\Apache2\htdocs\php\coursework\reports_projects.php* on line *58*
*Notice*: Undefined offset: 3 in
*C:\WWW\Apache2\htdocs\php\coursework\reports_projects.php* on line *58
*Now I understand in a way why its happening, because im trying to
insert into $columntotals something which isnt valid, but I can't think
of a way to stop this at the moment.
Hope to hear soon, thanks in advance guys.
-noginn
--- End Message ---
--- Begin Message ---
I'm trying to set up a small academic web server with PHP and CGI.
Currently, I have CGI running under suexec, and PHP installed as a
module, configured to run in SAFE_MODE. However, some of the students
are running up against the limitations of SAFE_MODE (most notably, not
being able to create subdirectories and then access them - wtf?!), and
we'd like to maybe setup PHP to run under suexec as a CGI, for those
users who need it only. To keep server load / overhead down, we'd
like to leave everyone else using PHP as a module. We only have the
one IP address, so running separate instances of Apache isn't going to
fly. Is there a way to do what we're trying to do? (Ideally, .php
would work for both, with the determination of suexec vs. module being
made based on the user's virtualhost settings.)
Thanks!
Wendell
--- End Message ---
--- Begin Message ---
hi
was needing to know how to create a confirm page.
I have a form that needs to be submitted to a confirm page before it is dropped into a
mysql db. was not sure how to do this without losing the content of the form
variables...
--- End Message ---
--- Begin Message ---
Andy B wrote:
hi
was needing to know how to create a confirm page.
I have a form that needs to be submitted to a confirm page before it is dropped into a
mysql db. was not sure how to do this without losing the content of the form
variables...
Hi. Well, you have several solutions for that.
or u use sessions and u register every single variable as a session
variable ( $_SESSION['variable'] ), or using forms, from one page to another
and pass the contents, then, recover every one with
$_POST['variable_name'] or $_GET['variable_name'], depending on wich
method u've used.
cheers...
there are several other ways: in the same page, using functions and
conditional statements, etc....
remember: best way is how its above (using sessions or forms) , because
will work in most php installations that dont have register_globals on.
--
-----------------------------------------------------
.-'''''-.
.' `.
: :
: :
: _/| : Bruno Santos
: =/_/ : [EMAIL PROTECTED]
`._/ | .'
( / ,|...-' Pagina Pessoal
\_/^\/||__ http://feiticeir0.no-ip.org
_/~ `""~`"` \_
__/ -'/ `-._ `\_\__
/jgs /-'` `\ \ \-.\
"Written very small on the back poket of a girl's jeans
- 'If you can read this, you're WAY too close.'"
--- End Message ---
--- Begin Message ---
> remember: best way is how its above (using sessions or forms) , because
> will work in most php installations.....
tnx will try sessions and see what they do... (havent quite played with them
before but will figure it out)...
--- End Message ---
--- Begin Message ---
--- Enda Nagle <[EMAIL PROTECTED]> wrote:
> I had a quick look at http://www.iptocountry.com but was wondering if
> there was a way of doing this with PHP functions?
My favorite is GeoIP Country from Maxmind:
http://www.maxmind.com/
They have an open source PHP API that is easy to use, and it's free. This
is what MySQL AB uses for their Web sites and what many other open source
sites use.
Chris
=====
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--- End Message ---
--- Begin Message ---
--- Tom Reed <[EMAIL PROTECTED]> wrote:
> I would think using HTTP_ACCEPT_LANGUAGE to get the users browser
> language/country info would be quicker and easier to implement.
This is definitely the best way to get the language. You're right about
that. However, this is not the user's question:
> I have a site that will have different pricing by world region /
> country and also offer different currencies.
He needs the country, not the language.
Chris
=====
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--- End Message ---
--- Begin Message ---
--- Filip de Waard <[EMAIL PROTECTED]> wrote:
> Using HTTP headers to identify the country where a visitor comes from
> is totally inaccurate.
That's not really very fair to HTTP. There is no header that identifies
the country, so it's not inaccurate - it doesn't exist. :-)
Trying to accurately determine a country from a language isn't the fault
of HTTP. I'm sure this is what you were implying, but I wanted to make
sure HTTP wasn't being blamed.
Chris
=====
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--- End Message ---
--- Begin Message ---
On Mar 21, 2004, at 10:38 PM, Chris Shiflett wrote:
--- Filip de Waard <[EMAIL PROTECTED]> wrote:
Using HTTP headers to identify the country where a visitor comes from
is totally inaccurate.
That's not really very fair to HTTP. There is no header that identifies
the country, so it's not inaccurate - it doesn't exist. :-)
Trying to accurately determine a country from a language isn't the
fault
of HTTP. I'm sure this is what you were implying, but I wanted to make
sure HTTP wasn't being blamed.
Chris
Hey Chris,
I'm not blaming HTTP, but browsers and operating systems that implement
it. I posted the HTTP header that my own browser is using to identify
it's language as an example to prove that Accept-Language isn't the
right source to identify the visitors language or even his home
country. I know there is no such thing as a 'Country' header in HTTP,
but even Accept-Language is quite inaccurate.
I can't back this by scientific evidence, but I'm pretty sure that
using IP addresses to figure out in which country the visitor is
located in combination with a table containing the main languages for
that country is far more accurate then using the Accept-Language as a
source to identify the users language. One of the mantra's of web
development that I've encountered is: "Never trust HTTP headers as a
valid data source". Please don't read that as an attack on HTTP
itself...
Using IP addresses to identify the visitors language has three major
downsides: a. it's not 100% accurate (but nothing is), b. some
countries have multiple main languages (like Canada) and c. querying
databases for IP addresses takes a performance toll. IP addresses are
just giving a hand, but they are no heavenly cure for all our problems.
Personally I'm using IP addresses nevertheless, since I'm convinced
that it's the best way to initially identify the visitors language or
country.
I don't have any experience with GeoIP Country from Maxmind (I'm using
ip-to-country), but will try it out soon. Thank you for the tip!
Regards,
Filip de Waard
--- End Message ---
--- Begin Message ---
--- Filip de Waard <[EMAIL PROTECTED]> wrote:
> I posted the HTTP header that my own browser is using to identify
> it's language as an example to prove that Accept-Language isn't the
> right source to identify the visitors language or even his home
> country.
It's definitely not the way to determine a user's country. It's not called
Country, after all. It's simply a header that indeicates the user's
language preferences (many preferences can be specified, each qith a
different quality value).
However, it is the best way to choose a default language, although giving
the user the option to change language is always a good idea.
Why? Because, I might be working in Germany for a few months, but my
computer is set to English (because I don't speak German). I certainly
don't want you giving me a page in German (which is also available in
English) when I am telling you that I prefer English. This is what
Accept-Language is for, so I hate to hear that people knowingly ignore it.
The user knows best when it comes to what language he/she prefers. Trying
to override this preference with something you determine by IP address is
wildly inaccurate and certain to have a high failure rate.
> I don't have any experience with GeoIP Country from Maxmind (I'm using
> ip-to-country), but will try it out soon. Thank you for the tip!
No problem. I've tried several, and that one is my favorite. I currently
maintain some Web sites with a very broad audience in terms of countries
around the world, and this is the database that produces the fewest dead
spots for us. Plus, the PHP API was written by a guy from the PHP Group,
so that made me feel even more confident. :-)
Chris
=====
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--- End Message ---
--- Begin Message ---
Visit sourceforge and look for winmerge, a really excellent software that
does just what you want.
Thrust me - install this software and never look for anything else, :)
Altleast if your on a windows environment.
--
--
Kim Steinhaug
----------------------------------------------------------------------
There are 10 types of people when it comes to binary numbers:
those who understand them, and those who don't.
----------------------------------------------------------------------
www.steinhaug.com - www.easywebshop.no - www.webkitpro.com
----------------------------------------------------------------------
"Jens Schmeiser" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Dear list.
>
> I want to compare two text files and print the differences. The text files
> contain the structure of a database, so they are very big (>6000 lines).
> The file looks like that:
>
> TABLENAME#COLUMNNAME#DATATYPE#DATALENGTH#DATAPRECISION#NULLS
> ...
>
> I only check if the datatype and nulls are different. If so, then the two
> lines of the files will be printed.
>
> I tried to do that and it works excellent if there aren't many
differences,
> but if there are many diffs, it takes time and time.
>
> What I do now is to read the to files to an array and get the differences
> with array_diff
>
> $array1=file('file1.txt');
> $array2=file('file2.txt');
>
> $result1 = array_diff($array1,$array2);
> $result2 = array_diff($array2,$array1);
>
> After that I do the following:
> foreach ($result1 as $line1) {
> foreach ($result2 as $line2) {
> // compare the two lines and show the differences;
> continue;
> }
> }
>
> Is there a better way to do that (and of course faster)?
>
>
> Regards
> Jens
--- End Message ---
--- Begin Message ---
Kim Steinhaug wrote:
Visit sourceforge and look for winmerge, a really excellent software that
does just what you want.
Thrust me - install this software and never look for anything else, :)
Altleast if your on a windows environment.
having been introduced to CVS and the tortoiseCVS program (win32)
I was pointed by said program to an prog called examDiff which is also
very nice for windows environments.
(google either appName - first link will take you where you want to go.)
--- End Message ---
--- Begin Message ---
Im not completely sure, but have you gone throught the settings in the
IIS server aswell? I know altleast for the CGI IIS has its own
timeout which overrides the php.ini file. It could be something here
aswell, but you probably have done this.
Kim Steinhaug
"Schonrock III" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> All,
>
> I am attempting to upload a large file via PHP to a web server running
> Windows XP Pro IIS 5.1 and I am having some problems. I have been trying
to
> find the right combination of settings in the php.ini file and elsewhere
to
> get large files to upload properly, but I keep getting a DNS error in
> Internet Explorer 6 that shows up after about 12MB or 12.5MB of a 21.7MB
> file has been transferred.
>
> When I looked at the IIS website connection timeout it was set at 900
> seconds. I have tried many different variations in the php.ini settings
> file with little success. I have tried using the "8M" format and also the
> full out Byte count for size fields in the php.ini file. I can upload
files
> that are smaller that 10 MB (I tested with one that was 9MB earlier) with
no
> problem. Here are my most recent relevant settings in my php.ini file
(that
> I know of):
>
> max_execution_time = 3600
> max_input_time = 3600
> memory_limit = 104857600
> post_max_size = 104857600
> upload_max_filesize = 104857600
>
> Does anyone have any ideas? Am I missing something else? If you need any
> more information that I left out please let me know. My code for the php
> files is located below this message. Any help is greatly appreciated!
>
> Thanks,
> Keith
>
> -----Sending php file:
>
> <html>
> <body>
> <center>
> <b>This is a test document</b>
> <p>
> <form enctype="multipart/form-data" action="upload2.php" method="post">
> Send this file: <input name="userfile" type="file" />
> <input type="submit" value="Send File" />
> </form>
> </body>
> </html>
>
> -----Receiving php file:
>
> <html>
> <body>
> <?php
> $uploaddir = 'c:\\new\\out\\';
> $uploadfile = $uploaddir . $_FILES['userfile']['name'];
>
> print "<pre>";
> if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
> print "File is valid, and was successfully uploaded. ";
> print "Here's some more debugging info:\n";
> print_r($_FILES);
> } else {
> print "Possible file upload attack! Here's some debugging info:\n";
> print_r($_FILES);
> }
> print "</pre>";
>
> ?>
> </body>
> </html>
--- End Message ---
--- Begin Message ---
Hi all,
I'm close to releasing my first widely distributed (I hope) PHP
application, and I wish to protect the source with Zend Encoder. Seems
easy enough.
However, this is a low-cost app that was intended to work on basic
installs of PHP, running on almost any server -- it uses no external
libraries, and required no special compiles.
Is Zend Optimiser (required to run encoded PHP files) part of a base
installation, or at the very least, is it widely spread in use
(available on most hosts)?
Seems like there's no point encoding if only half of the servers out
there can run the scripts. I know optimiser is available on *my* host,
but that's not enough in this case!
---
Justin French
http://indent.com.au
--- End Message ---
--- Begin Message ---
Justin,
> Is Zend Optimiser (required to run encoded PHP files) part of
> a base installation, or at the very least, is it widely spread
> in use (available on most hosts)?
>From looking around earlier my impression is that most good commercial
web hosting providers have the Zend Optimiser installed. I think it is
far less common for people running their own servers to have it
installed, unless they are already running code depending on it. As
far as I know, it is not part of any "standard" PHP distribution.
---
Geir Pedersen
http://www.activio.com/
--- End Message ---
--- Begin Message ---
>RD> I do wonder if either of the above methods would force the RD>
>browser to never cache the CSS file locally
>
>You know, I didn't think about that, as I've never personally used this
>method. I've never had a need. Thinking about it now, I would also
>think that you may need to send a content-type header of "text/css" to
>the browser, as well, though I'm not positive on this.
Gecko/Moz based browsers will ignore a stylesheet that lacks the
appropriate Content-Type header, so definitely make sure it's there.
Regarding the caching, I think just setting up the appropriate
cache-control headers should make it indistinguishable from a regular,
static CSS file.
---------------------------------------------------------------------
michal migurski- contact info and pgp key:
sf/ca http://mike.teczno.com/contact.html
--- End Message ---
