php-windows Digest 2 Feb 2003 12:16:24 -0000 Issue 1568
Topics (messages 18292 through 18297):
sessions and global register
18292 by: Pat Johnston
Re: Register globals on and off
18293 by: Pat Johnston
Selected Value!
18294 by: Anthony Judd
18295 by: Anthony Judd
Re: [PHP] Re: Register globals on and off
18296 by: Philip Olson
Retrieving field name of Database
18297 by: Davy Obdam
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Hi
I've been learning to get through sessions as it appears to be the hardest
part of PHP I've come across.
I found that includes must be stated underneath that of a session_start()
for example otherwise a warning will appear that it can't start a session
because a header has already been sent (or something to that effect).
But a new warning has arose where it is suggesting something, but please
note that the code actually executed okay. So, I want to clarify it's
meaning and is it safe to just turn of the warning(session.bug_compat_warn )
and do nothing else? (I'm using v 4.3)
Warning: Unknown(): Your script possibly relies on a session side-effect
which existed until PHP 4.2.3. Please be advised that the session extension
does not consider global variables as a source of data, unless
register_globals is enabled. You can disable this functionality and this
warning by setting session.bug_compat_42 or session.bug_compat_warn to off,
respectively. in Unknown on line 0
Regards, Pat
--- End Message ---
--- Begin Message ---
I've read that an include file in each of your pages with the lines below
should do the trick for you with register_globals OFF..
Not sure if this is a valid way to go though...
<?php
extract($_SERVER);
extract($_ENV);
extract($_GET);
extract($_POST);
extract($_REQUEST);
?>
Regards, Pat
"Davy Obdam" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello people,
>
> On my development machine (win XP/Apache 2.0.44/PHP 4.3.0/MySQL 3.23.55)
> i have several websites that i made some time ago that require register
> globals to be On in the php.ini. Ofcourse i know thats not a good idea
> at all for security, but rewriting all this code is not an option.
> However in my php.ini i have set register globals to Off because that
> better. Is it possible to configure my webserver/php so that only those
> sites that require register globals to be On have that setting, for
> instance in a .htacces file?? Any help is appreciated:-)
>
> Best regards,
>
> Davy Obdam
> mailto:[EMAIL PROTECTED]
>
>
--- End Message ---
--- Begin Message ---
I am trying to display the current database value as SELECTED in a combo
box. Any ideas why this isn't working. (ID is being sent)
Any help is appreciated..!
function retrieve_category()
{
$cat = mysql_query("SELECT category_id FROM category");
while ($current_row = mysql_fetch_row($cat))
{
if ($current_row[0] == $id)
{
printf("<option selected>%s</option>\n",$current_row[0]);
}
else
{
printf("<option>%s</option>\n",$current_row[0]);
}
}
}
--- End Message ---
--- Begin Message ---
i have also tried:
function retrieve_category()
{
$cat = mysql_query("SELECT category_id FROM category");
while ($current_row = mysql_fetch_row($cat))
{
$row = $current_row[0]; //changed here
if ($row == $id)
{
printf("<option selected>%s</option>\n",$current_row[0]);
}
else
{
printf("<option>%s</option>\n",$current_row[0]);
}
}
}
--- End Message ---
--- Begin Message ---
On Sun, 2 Feb 2003, Pat Johnston wrote:
> I've read that an include file in each of your pages with the lines below
> should do the trick for you with register_globals OFF..
>
> Not sure if this is a valid way to go though...
>
> <?php
> extract($_SERVER);
> extract($_ENV);
> extract($_GET);
> extract($_POST);
> extract($_REQUEST);
> ?>
Whoever told you this should be shot as this is an enormous
security hole! The above is a security hole much larger
than register_globals could ever hope to be. That and it's
silly to attempt to mimic register_globals at runtime.
The above is insecure in that it will overwrite web server
variables ($_SERVER) with request variables such as those
from $_GET. This is TERRIBLE!!! Just imagine this as
just an example:
http://www.example.com/a.php?PHP_SELF=http://www.foo.com
In the above scenerio, this would create $PHP_SELF
first from $_SERVER then it'd be overwritten by the
$_GET and than by the $_REQUEST that had the GET in
it. So this makes it inefficient and insecure :) A
better example exists but anyway this should show a
nice point (like maybe PHP_AUTH_PW or REMOTE_USER).
Anyway, sorry for the rant but it's just that whoever
told you that should not tell anyone anything related
to this topic.
The best options are:
a) rewrite the code or
b) set register_globals with .htaccess or php.ini
or in virtualhost in httpd.conf
http://www.php.net/manual/en/configuration.changes.php
Now if you must set it at runtime (please do not do this)
then you could try this:
// THIS IS NOT RECOMMENDED
if (!ini_get('register_globals')) {
$types_to_register = array('GET','POST','COOKIE',
'SESSION','SERVER');
foreach ($types_to_register as $type) {
if (@count(${'HTTP_' . $type . '_VARS'}) > 0) {
extract(${'HTTP_' . $type . '_VARS'}, EXTR_OVERWRITE);
}
}
}
// THIS IS NOT RECOMMENDED
Although it doesn't depend on the variables_order directive
like register_globals does, it is flexible. Keep in mind
that variables are written from first to last so you
certainly don't want GET coming after SERVER.
Regards,
Philip
> "Davy Obdam" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hello people,
> >
> > On my development machine (win XP/Apache 2.0.44/PHP 4.3.0/MySQL 3.23.55)
> > i have several websites that i made some time ago that require register
> > globals to be On in the php.ini. Ofcourse i know thats not a good idea
> > at all for security, but rewriting all this code is not an option.
> > However in my php.ini i have set register globals to Off because that
> > better. Is it possible to configure my webserver/php so that only those
> > sites that require register globals to be On have that setting, for
> > instance in a .htacces file?? Any help is appreciated:-)
> >
> > Best regards,
> >
> > Davy Obdam
> > mailto:[EMAIL PROTECTED]
> >
> >
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
Helloo people,
I have to build a database abstraction class with support for XML
output. My XML output has to look like this:
<?xml version="1.0" ?>
<result query="SELECT * FROM books">
<row number="1">
<field name="name">value</field>
<field name="name">value</field>
...
</row>
<row number="2">
<field name="name">value</field>
<field name="name">value</field>
...
</row>
....
....
</result>
Well i almost got it, but how do i get all the field names of my MySQL
tables? This is my code, a part of my database class. :
/**
* getXMLDocument
*
* Get the result of your query back in XML document
* @author Davy Obdam
*/
function getXMLDocument() {
//Create XML document
if(!$this->xmlDoc = domxml_new_doc("1.0")) {
die("[ERROR] Cant create XML document");
}
// Create root element
$this->root_element = $this->xmlDoc->create_element("result");
$this->root_element->set_attribute("query", $this->sqlQuery);
//Get database fields and values
$count = 0;
while($this->fetchRow()) {
$row_element = $this->xmlDoc->create_element("row");
$n_row = $this->root_element->append_child($row_element);
$row_number = $row_element->set_attribute("number" ,$count);
$count++;
// Get fieldnames and values
for($i=0; $i<sizeof($this->sqlQuery); $i++) {
$field_element = $this->xmlDoc->create_element("field");
$n_field = $row_element->append_child($field_element);
$field_name = $field_element->set_attribute("name", "name");
$field_content = $field_element->append_child($this->xmlDoc->create_text_node(utf8_encode("text")));
}
$this->moveNext();
}
// Put everything together and show it
$append_root = $this->xmlDoc->append_child($this->root_element);
header("content-type:text/xml");
echo $this->xmlDoc->dump_mem();
}
Now all i get is one field <field name="name">whatever</field> in my XML
output, but i should get 10 with this particular query.. Any help is
appreciated, thanks for you time.
Best regards,
Davy Obdam
mailto:[EMAIL PROTECTED]
--- End Message ---
