Thanks James that works great e.g. $site=$_GET['site']; $width=$_GET['width']; $height=$_GET['height']; $REFER=$_GET['REFER'];
>From Eric ----- Original Message ----- From: James Keeline <[EMAIL PROTECTED]> To: <[email protected]> Sent: Tuesday, September 06, 2005 3:35 AM Subject: Re: [php-list] web page hit recorder --- Eric Richards <[EMAIL PROTECTED]> wrote: > However since the web server upgraded from PHP version 4.06 to 4.22 this > feature no longer works and only records the time on record.txt. > I was going to do a SQL database or something but I never got around to it. > > From Eric > > > here is the PHP____________________________________ > <?php > $space="_"; > $hour= (Date("\nH:i:s d-n\t")); > $size=$width."*".$height; > $entry=$hour.$site.$space.$size.$space.$time.$space.$REFER; > $fp=fopen("record.txt","a"); > fwrite($fp,$entry); > fclose($fp); > ?> Your PHP script relies on a PHP configuration value register_globals being in the ON position. With this form variables such as GET and POST, cookies, and server variables are copied and made available as local variables in your PHP script. This can be risky because it allows someone to add form variables or GET variables in the URL to set values of variables you never expected them to be able to change. Older installations of PHP had register_globals "on" while newer ones have it "off." The correct way to do this is to refer to the values from the URL variables as $_GET['site'] instead of $site (or $site=$_GET['site'] above the place where you use it). However, you are probably mainly interested in getting this short program running without editing the php.ini file and without substantially rewriting your program. If you add this line to the program, local variables will be created for everything coming in from GET. extract($_GET); I guess you mean version numbers 4.0.6 and 4.2.2 of PHP rather than 4.06 and 4.22. Since you are using 4.2.0 or newer you can use an added feature to improve the security. If you want to restrict which variables can come in through GET (in this case) you can preset values for those variables: $site=""; $size=""; $time=""; $REFER=""; This will place those variables in the local symbol table and this statement will pull only variables and values from GET which are in the symbol table: extract($_GET, EXTR_IF_EXISTS); The second argument is a constant so spelling and capitalization count. These statements should go at the top of your program before you do anything which uses the values. I'm sure you've discovered that the HTTP_REFERER is not very reliable and doubly so for Javascript implementations which won't work if JS is turned off in a web browser visiting your site. If your visitors "land" on a .php page you can use the $_SERVER['HTTP_REFERER'] variable and it is not dependent on JS being on. Using JS can be helpful for this kind of application because certain values, such as the user's local time, screen size, color depth, etc. are only available through JS. James _____ James D. Keeline http://www.Keeline.com http://www.Keeline.com/articles http://Stratemeyer.org http://www.Keeline.com/TSCollection http://www.ITeachPHP.com -- Free Computer Classes: Linux, PHP, etc. Fall Semester Begins Sep 7 -- New Classes Start Every Few Weeks. ------------------------ Yahoo! Groups Sponsor --------------------~--> Get Bzzzy! (real tools to help you find a job). Welcome to the Sweet Life. http://us.click.yahoo.com/A77XvD/vlQLAA/TtwFAA/HKFolB/TM --------------------------------------------------------------------~-> Community email addresses: Post message: [email protected] Subscribe: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] List owner: [EMAIL PROTECTED] Shortcut URL to this page: http://groups.yahoo.com/group/php-list Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/php-list/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
