[PHP] web site security: how to hide login info for mysql-connection
Hi, At the moment I store username, password and database for my MySQL connections in a file called settings.php to avoid putting them in my php files direct. On a Linux server, what extra steps can I take to prevent others from accessing settings.php? Somewhere, I've read that settings.php should be placed in a directory outside the html/php-directories. Today, my web directory is /home/anders/public_html and subdirectories to public_html. Should settings.php be placed in /home/anders/include? -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP Java
Hi I hope there is anybody out there familiar with PHP and Java. I've got the following Code: ?php $instan = new Java(DBUser); echo $instan ; $system = new Java(java.util.Vector); echo$system ; ? If I only use one of the two objects, which one doesn't matter, it works. IF I try to initiate them both PHP.exe is closing down on me. In Apache error log I get the folowing error: [Sun Jun 29 10:58:32 2003] [error] [client 127.0.0.1] Premature end of script headers: c:/apache/php4/php.exe Other than that I've seem to have a good configured System, as there are no more errors. I run a win2000 with apache 1.3.2 with php 4.3.1 thx Jan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] error_log function
At 2003-06-29 03:55 +0200, Ole Brumm wrote: I have just implemented the error_log function on my web site, as I find this feature very useful. I have chosen to write to a file on the server. my question is: How can I make error_log write each error message on a NEW line in the file I have chosen. Now, every message is written on a long line, which is not very user friendly. I have tried to put \n on the end of the message, but it didn`t have any effect. When you want to be able to look at the log file using some crummy Windows tool, make sure to use \r\n. Borland tools and Wordpad for example can handle \n-only files, but IE and Notepad not. Also make sure you use double quotes and not single quotes. I'm using this under Unix and it works fine: error_log(serialize($A).\n,3,$log); $log = the name of the file to log to $A = is an array with data that I want to log Greetings, Jaap -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] $_POST problem SUPERGLOBALS
Let's explain this thing with the superglobals now once again .. so that everybody knows it ... In newer versions of PHP some superglobal arrays are available... $_GET[] - For any variable passed through the query string (in the URL, or address bar in a http://www.domain.com/page.php?foo=barfoo2=bar2 syntax) but also fields submitted through a form with a tag like FORM method=GET $_POST[]- For any field submitted from a form with tag like FORM method=POST $_COOKIE[] - For any cookie set and available for the script you're running. --- $_REQUEST[] - Merges the above three together. I think I mentioned them in the default order of importance. Post overriding cookie, get overriding post. $_FILES[] - Also for information send by a form, but now only the INPUT type=FILE name=fieldname entries are listed. Remember to use this kind of form tag: form enctype=multipart/form-data action=_URL_ method=post .. espeically method=post and enctype=multipart/form-data are essential. Prior to PHP4.3 the $_FILES superglobal was also included in $_REQUEST, but don't rely on that to happen since it will make your scripts fail in a newer version and have you look for a bug which is almost impossible to find. $_SESSION[] - Session vars set. When using $_SESSION, you should not use session_start() of functions like that. A session usually exists untill a user closes his/her browser window. Or 30 minutes has expired, whatever comes first. (The 30 minutes is a setting in php.ini and can be overriden, if i'm right about that) $_ENV[] - info about the user's default shell, homedir and stuff like that. The user as which your PHP script is running on the server, that is. NOT the user visiting your page. $_SERVER[] - info about the server and the script which is running.. For example $_SERVER['php_self'] gives you the filename of the script, $_SERVER['PHP_AUTH_USER'] for the apache basic authentication username.. - So, now I hope this has been cleared out for everybody.. And that I'll still be in time to see my fav bands play at ParkPop, one of the biggest free open air pop festivals I think in Europe.. just around the corner of my house here in The Hague. Salutes, Wouter -Oorspronkelijk bericht- Van: Jason Wong [mailto:[EMAIL PROTECTED] Verzonden: vrijdag 27 juni 2003 22:46 Aan: [EMAIL PROTECTED] Onderwerp: Re: [PHP] $_POST problem On Saturday 28 June 2003 04:32, Sparky Kopetzky wrote: I've got my script kinda running but am unable to retrieve any values with $_POST. I turned on register_globals in the php.ini and am using this url: If you're going to be using $_POST (which you should) then you should *disable* register_globals. http://www.fttta.com/auction.php?action=reg. (Sorry, it's local for now...) I'm using this kind of line to check for values: elseif ('reg' == $_POST['action']) { do something; } Does print_r($_POST) show your variables? If not are you using the POST method in your form? If so what version of PHP are you using? -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* Even the best of friends cannot attend each other's funeral. -- Kehlog Albran, The Profit */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] File Uploads!
Hi, This is the error I get in the log file: [error] PHP Warning: POST Content-Length of 11184886 bytes exceeds the limit of 8388608 bytes in Unknown on line 0 This is absolutely correct. The problem is this error does not reach my PHP script and I have no idea how can I tell my user he posted a file which exceds the size. The $_FILES is empty, same for $HTTP_... Any idea is appreciated. Cheers, Catalin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] File Uploads!
Hi, Sunday, June 29, 2003, 9:49:43 PM, you wrote: CT Hi, CT This is the error I get in the log file: CT [error] PHP Warning: POST Content-Length of 11184886 bytes exceeds the CT limit of 8388608 bytes in Unknown on line 0 CT This is absolutely correct. The problem is CT this error does not reach my PHP script and I CT have no idea how can I tell my user he posted CT a file which exceds the size. CT The $_FILES is empty, same for $HTTP_... CT Any idea is appreciated. CT Cheers, CT Catalin check out $_FILES['userfile']['error'] it should give some clues UPLOAD_ERR_OK Value: 0; There is no error, the file uploaded with success. UPLOAD_ERR_INI_SIZE Value: 1; The uploaded file exceeds the upload_max_filesize directive in php.ini. UPLOAD_ERR_FORM_SIZE Value: 2; The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the html form. UPLOAD_ERR_PARTIAL Value: 3; The uploaded file was only partially uploaded. UPLOAD_ERR_NO_FILE Value: 4; No file was uploaded -- regards, Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] web site security: how to hide login info formysql-connection
Anders: Somewhere, I've read that settings.php should be placed in a directory outside the html/php-directories. Today, my web directory is /home/anders/public_html and subdirectories to public_html. Should settings.php be placed in /home/anders/include? That is correct - you are always best to keep password and such outside the web root where possible. As many people have pointed out on this list - it is a best practices thing that should be done. Be aware that wherever you store the settings folder, your php.ini should have that path in it's include_directories setting, and the webserver must have read permissions for that file. -- Cheers Mike Morton * * Tel: 905-465-1263 * Email: [EMAIL PROTECTED] * Indeed, it would not be an exaggeration to describe the history of the computer industry for the past decade as a massive effort to keep up with Apple. - Byte Magazine Given infinite time, 100 monkeys could type out the complete works of Shakespeare. Win 98 source code? Eight monkeys, five minutes. -- NullGrey -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re[2]: [PHP] File Uploads!
Hi, Sunday, June 29, 2003, 10:17:43 PM, you wrote: TR Hi, TR Sunday, June 29, 2003, 9:49:43 PM, you wrote: CT Hi, CT This is the error I get in the log file: CT [error] PHP Warning: POST Content-Length of 11184886 bytes exceeds the CT limit of 8388608 bytes in Unknown on line 0 CT This is absolutely correct. The problem is CT this error does not reach my PHP script and I CT have no idea how can I tell my user he posted CT a file which exceds the size. CT The $_FILES is empty, same for $HTTP_... CT Any idea is appreciated. CT Cheers, CT Catalin Maybe you have to wind up the post_max_size in php.ini and then control with MAX_FILE_SIZE in the form for the error to show up in the $_FILES array -- regards, Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] File Uploads!
Hi, I already tried $_FILES['userfile']['error'], but as I already said the $_FILES is empty, completely empty Cheers, Catalin Tom Rogers [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, Sunday, June 29, 2003, 9:49:43 PM, you wrote: CT Hi, CT This is the error I get in the log file: CT [error] PHP Warning: POST Content-Length of 11184886 bytes exceeds the CT limit of 8388608 bytes in Unknown on line 0 CT This is absolutely correct. The problem is CT this error does not reach my PHP script and I CT have no idea how can I tell my user he posted CT a file which exceds the size. CT The $_FILES is empty, same for $HTTP_... CT Any idea is appreciated. CT Cheers, CT Catalin check out $_FILES['userfile']['error'] it should give some clues UPLOAD_ERR_OK Value: 0; There is no error, the file uploaded with success. UPLOAD_ERR_INI_SIZE Value: 1; The uploaded file exceeds the upload_max_filesize directive in php.ini. UPLOAD_ERR_FORM_SIZE Value: 2; The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the html form. UPLOAD_ERR_PARTIAL Value: 3; The uploaded file was only partially uploaded. UPLOAD_ERR_NO_FILE Value: 4; No file was uploaded -- regards, Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHPSESSID Length?
Hey List- I'm trying to figure out how to make the PHPSESSID cookie be longer then 32 characters? One can set the entropy file and entropy length, but if my understanding of entropy is correct then that just helps randomize the 32 chars and not not actually make a string that much longer or shorter. Can't seem to find anything in the archives or Google. Then again, is a 32-length string sufficient for protecting a browser session length of session? Thanks. Henrik -- Henrik Hudson [EMAIL PROTECTED] `If there's anything more important than my ego around, I want it caught and shot now.' --Hitchhikers Guide to the Galaxy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
php-general Digest 29 Jun 2003 14:26:10 -0000 Issue 2146
php-general Digest 29 Jun 2003 14:26:10 - Issue 2146 Topics (messages 153304 through 153318): Re: Cookies and Macs 153304 by: Justin French error_log function 153305 by: Ole Brumm 153311 by: Jaap van Ganswijk Re: Another newbie 153306 by: Ray Hunter Re: New PCRE features 153307 by: Ray Hunter Re: PHP and Macromedia Flash 153308 by: Daniel J. Rychlik web site security: how to hide login info for mysql-connection 153309 by: anders thoresson 153315 by: Mike Morton PHP Java 153310 by: Jan Bro Re: $_POST problem SUPERGLOBALS 153312 by: esctoday.com | Wouter van Vliet File Uploads! 153313 by: Catalin Trifu 153314 by: Tom Rogers 153316 by: Tom Rogers 153317 by: Catalin Trifu PHPSESSID Length? 153318 by: Henrik Hudson Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- ---BeginMessage--- There should be no differences in PC/Mac/Linux implementations of cookies, for common browsers. I've never had a problem. - which browsers were you testing with? - did those browsers have cookies switched on, with a security level low enough to accept yours? - can you show us a small test script that proves your problem, and upload it somewhere for us to test? Justin on 28/06/03 10:42 AM, Joshua Chapman ([EMAIL PROTECTED]) wrote: I wrote a script that used cookies to track users (the cookie contains the user's ID#). However, there was a problem when it came to the Mac users, the cookie that was assigned to them never stuck so every time they hit a page the script generated a new ID for them, made it very difficult to track them. Do Macs just handle cookies differently than PCs? What can I do to get a cookie to stick on a Mac so I can pull the data from it later? Thanks in advance! - Joshua Chapman webmaster of faxonautolit.com ---End Message--- ---BeginMessage--- I have just implemented the error_log function on my web site, as I find this feature very useful. I have chosen to write to a file on the server. my question is: How can I make error_log write each error message on a NEW line in the file I have chosen. Now, every message is written on a long line, which is not very user friendly. I have tried to put \n on the end of the message, but it didn`t have any effect. Any comments appreciated :-) - Peter - Få din egen @start.no-adresse gratis på http://www.start.no/ ---End Message--- ---BeginMessage--- At 2003-06-29 03:55 +0200, Ole Brumm wrote: I have just implemented the error_log function on my web site, as I find this feature very useful. I have chosen to write to a file on the server. my question is: How can I make error_log write each error message on a NEW line in the file I have chosen. Now, every message is written on a long line, which is not very user friendly. I have tried to put \n on the end of the message, but it didn`t have any effect. When you want to be able to look at the log file using some crummy Windows tool, make sure to use \r\n. Borland tools and Wordpad for example can handle \n-only files, but IE and Notepad not. Also make sure you use double quotes and not single quotes. I'm using this under Unix and it works fine: error_log(serialize($A).\n,3,$log); $log = the name of the file to log to $A = is an array with data that I want to log Greetings, Jaap ---End Message--- ---BeginMessage--- Jay, I would start out by reading up on the oop stuff and then maybe look at some software development sites...there are many and most have sufficient info to get you started. There are tons of design patterns out there which will more than help you code out too...(http://www.phppatterns.com) is a great site. Plus there are many great software design mags for php and other languages...that might be an option. I saved the best for last... There are so many great projects out there that you can help out with any of them...that will allow you to work and learn from others...also if you dont have the time then i strongly suggest review code from some projects...like horde that have a solid framework...by review the code u can see style and design stratiges... Hope that helps out... -- BigDog On Sat, 2003-06-28 at 14:10, Jay Fitzgerald wrote: I have been writing PHP for almost a year now and someone on phpfreaks told me the other day that my code was very sloppy. Since I want to more more into programming than design, can anyone recommend where to learn how to make sure your code is clean, optimized and as error-free as it can get? Even if it is the style of how to write the code, please let me knowI know noone can be the perfect
RE: [PHP] $_POST problem SUPERGLOBALS
It would be best to read the manual pages on superglobals and retrieving external variables as the manual explains these topics in detail: http://www.php.net/reserved.variables http://www.php.net/variables.external Regards, Philip On Sun, 29 Jun 2003, esctoday.com | Wouter van Vliet wrote: Let's explain this thing with the superglobals now once again .. so that everybody knows it ... In newer versions of PHP some superglobal arrays are available... $_GET[] - For any variable passed through the query string (in the URL, or address bar in a http://www.domain.com/page.php?foo=barfoo2=bar2 syntax) but also fields submitted through a form with a tag like FORM method=GET $_POST[]- For any field submitted from a form with tag like FORM method=POST $_COOKIE[] - For any cookie set and available for the script you're running. --- $_REQUEST[] - Merges the above three together. I think I mentioned them in the default order of importance. Post overriding cookie, get overriding post. $_FILES[] - Also for information send by a form, but now only the INPUT type=FILE name=fieldname entries are listed. Remember to use this kind of form tag: form enctype=multipart/form-data action=_URL_ method=post .. espeically method=post and enctype=multipart/form-data are essential. Prior to PHP4.3 the $_FILES superglobal was also included in $_REQUEST, but don't rely on that to happen since it will make your scripts fail in a newer version and have you look for a bug which is almost impossible to find. $_SESSION[] - Session vars set. When using $_SESSION, you should not use session_start() of functions like that. A session usually exists untill a user closes his/her browser window. Or 30 minutes has expired, whatever comes first. (The 30 minutes is a setting in php.ini and can be overriden, if i'm right about that) $_ENV[] - info about the user's default shell, homedir and stuff like that. The user as which your PHP script is running on the server, that is. NOT the user visiting your page. $_SERVER[] - info about the server and the script which is running.. For example $_SERVER['php_self'] gives you the filename of the script, $_SERVER['PHP_AUTH_USER'] for the apache basic authentication username.. - So, now I hope this has been cleared out for everybody.. And that I'll still be in time to see my fav bands play at ParkPop, one of the biggest free open air pop festivals I think in Europe.. just around the corner of my house here in The Hague. Salutes, Wouter -Oorspronkelijk bericht- Van: Jason Wong [mailto:[EMAIL PROTECTED] Verzonden: vrijdag 27 juni 2003 22:46 Aan: [EMAIL PROTECTED] Onderwerp: Re: [PHP] $_POST problem On Saturday 28 June 2003 04:32, Sparky Kopetzky wrote: I've got my script kinda running but am unable to retrieve any values with $_POST. I turned on register_globals in the php.ini and am using this url: If you're going to be using $_POST (which you should) then you should *disable* register_globals. http://www.fttta.com/auction.php?action=reg. (Sorry, it's local for now...) I'm using this kind of line to check for values: elseif ('reg' == $_POST['action']) { do something; } Does print_r($_POST) show your variables? If not are you using the POST method in your form? If so what version of PHP are you using? -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* Even the best of friends cannot attend each other's funeral. -- Kehlog Albran, The Profit */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] web site security: how to hide login info for mysql-connection
Be aware that wherever you store the settings folder, your php.ini should have that path in it's include_directories setting, and the webserver must have read permissions for that file. I don't have access to php.ini on my ISP's web server. Is there a way for a user to make their own set ow include_directories? -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] web site security: how to hide login info for mysql-connection
basically you need to append to your include_path and you can probably create a local .htaccess file and set an include path in there (look up php_value syntax for .htaccess) otherwise start your script with a customised version of the following: ini_set(include_path,ini_get(include_path).:. /your/path/here/); then include/require as normal -- frank - Original Message - From: anders thoresson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, June 29, 2003 4:33 PM Subject: Re: [PHP] web site security: how to hide login info for mysql-connection Be aware that wherever you store the settings folder, your php.ini should have that path in it's include_directories setting, and the webserver must have read permissions for that file. I don't have access to php.ini on my ISP's web server. Is there a way for a user to make their own set ow include_directories? -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] web site security: how to hide login info for mysql-connection
At 2003-06-29 17:21 +0100, Avvio - Frank wrote: basically you need to append to your include_path and you can probably create a local .htaccess file and set an include path in there (look up php_value syntax for .htaccess) otherwise start your script with a customised version of the following: ini_set(include_path,ini_get(include_path).:. /your/path/here/); then include/require as normal I think you can also use an include statement like this: include ../../php/include/file.inc; The same mechanism can also be used for data files that also shouldn't be in the WWW accessible directory tree, I think. (But I'm not an expert.) I always try to write my programs very portable and I have found that using ../application_data/file.txt isn't a problem, but using ../../xxx/application_data/file.txt is usually a problem, because you don't want to hardcode the name of the directory above the current directory (in this case 'xxx'). Sometimes however you have to go two levels up to go out of the WWW-acessable directory three. By the way, I think it's unwise to keep the MySQL login data uncoded on the Unix system, because other users or the system managers could read it. Generally these files have to be readable by Apache and therefore other users on the system can often also read them. Greetings, Jaap - Original Message - From: anders thoresson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, June 29, 2003 4:33 PM Subject: Re: [PHP] web site security: how to hide login info for mysql-connection Be aware that wherever you store the settings folder, your php.ini should have that path in it's include_directories setting, and the webserver must have read permissions for that file. I don't have access to php.ini on my ISP's web server. Is there a way for a user to make their own set ow include_directories? -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re[2]: [PHP] File Uploads!
On Sunday 29 June 2003 20:40, Tom Rogers wrote: Maybe you have to wind up the post_max_size in php.ini and then control with MAX_FILE_SIZE in the form for the error to show up in the $_FILES array MAX_FILE_SIZE in the form is client-side, for the benefit of the browser. *IF* the browser supports it then IT would stop the upload of files larger than MAX_FILE_SIZE. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* The early bird gets the coffee left over from the night before. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP5 with MySQL on windows
I can't seem to figure out how to get PHP5 working with MySQL support. I just downloaded the latest PHP5 from snaps (which seems to be yesterday's build) and it's installed fine, but I can't seem to get MySQL support. The php.ini file still says ;Note that MySQL and ODBC support is now built in, so no dll is needed for it. However, MySQL support is no longer there. There doesn't seem to by any dll for mysql in the extensions subdirectory. There's a libmySQL.dll in dlls, but copying that into my system directory and adding an extension line for it in the php.ini file doesn't work. I get an error that says invalid library. Besides, it obviously has a different name that the other extension dlls. I am using Windows 2000. I am running MySQL 3.23.54. I can find nothing about this on the PHP web site. Everything I find still says that MySQL support is built-in. Can someone tell me what I need to do to use MySQL. Janet -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP5 with MySQL on windows
Hello Janet- Currently you have two choices: a) Compile PHP 5 on Windows yourself, with MySQL support b) Wait for a DLL to exist There isn't a DLL right now, nor do I know when one will exist. But, you can be pretty sure that one will eventually exist, especially before PHP 5 is officially released. PHP 5 beta 1 was released today, there isn't a MySQL DLL in there either. In PHP 4, MySQL is of course built in. That all changed in PHP 5 where it's no longer built in to the Windows binaries, nor is it bundled or enabled by default in *nix. Regards, Philip On Sun, 29 Jun 2003 [EMAIL PROTECTED] wrote: I can't seem to figure out how to get PHP5 working with MySQL support. I just downloaded the latest PHP5 from snaps (which seems to be yesterday's build) and it's installed fine, but I can't seem to get MySQL support. The php.ini file still says ;Note that MySQL and ODBC support is now built in, so no dll is needed for it. However, MySQL support is no longer there. There doesn't seem to by any dll for mysql in the extensions subdirectory. There's a libmySQL.dll in dlls, but copying that into my system directory and adding an extension line for it in the php.ini file doesn't work. I get an error that says invalid library. Besides, it obviously has a different name that the other extension dlls. I am using Windows 2000. I am running MySQL 3.23.54. I can find nothing about this on the PHP web site. Everything I find still says that MySQL support is built-in. Can someone tell me what I need to do to use MySQL. Janet -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] time calcs
Hello, I am trying to get a time calculation using: $tot_time = ($data['end_time'] - $data['start_time']); The end_time start_time are stored in a db as column type of time. I want to output the difference as a difference expressed in time format: 10:05:23 - 09:45:32 = 00:39:51 Do I need to break the stored time values apart and do calcs on each segment? I am not storing the calculated time. Larry R. Sieting -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] time calcs
On Monday 30 June 2003 03:19, Larry R. Sieting wrote: I am trying to get a time calculation using: $tot_time = ($data['end_time'] - $data['start_time']); The end_time start_time are stored in a db as column type of time. I want to output the difference as a difference expressed in time format: 10:05:23 - 09:45:32 = 00:39:51 Do I need to break the stored time values apart and do calcs on each segment? I am not storing the calculated time. Your DBMS may very well have time date/time functions built-in that can do this for you. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* Include me out. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] ARGHHH!!! POST variable problem
I can click links and they work but when I enter data in a form and try to send it to the next php script to process the data, nothing happens. Is there a simple way I can see what is returning from the browser to see if what I expect is actually getting there?? I think $_SERVER['QUERY_STRING'] should do it but I get nothing with that one... Any help is GREATLY appreciated. Robin E. Kopetzky Black Mesa Computers/Internet Services www.blackmesa-isp.net
Re: [PHP] ARGHHH!!! POST variable problem
On Monday 30 June 2003 04:38, Sparky Kopetzky wrote: I can click links and they work but when I enter data in a form and try to send it to the next php script to process the data, nothing happens. Is there a simple way I can see what is returning from the browser to see if what I expect is actually getting there?? I think $_SERVER['QUERY_STRING'] should do it but I get nothing with that one... Stick in phpinfo() at the top of your script. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* A real person has two reasons for doing anything ... a good reason and the real reason. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ARGHHH!!! POST variable problem
OK, I see that I have to use $_POST['user_name'] or can I just use the variable passed back $user_name which would be a heck of a lot simpler?? Sparky - Original Message - From: Jason Wong [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, June 29, 2003 14:56 Subject: Re: [PHP] ARGHHH!!! POST variable problem On Monday 30 June 2003 04:38, Sparky Kopetzky wrote: I can click links and they work but when I enter data in a form and try to send it to the next php script to process the data, nothing happens. Is there a simple way I can see what is returning from the browser to see if what I expect is actually getting there?? I think $_SERVER['QUERY_STRING'] should do it but I get nothing with that one... Stick in phpinfo() at the top of your script. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* A real person has two reasons for doing anything ... a good reason and the real reason. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ARGHHH!!! POST variable problem
On Sunday 29 June 2003 05:07 pm, Sparky Kopetzky wrote: OK, I see that I have to use $_POST['user_name'] or can I just use the variable passed back $user_name which would be a heck of a lot simpler?? If you have register_globals set to on in php.ini, then yes, you can use $user_name. Otherwise, no. Default is register_globals= Off for PHP = 4.2.0 http://us2.php.net/register_globals RDB Sparky - Original Message - From: Jason Wong [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, June 29, 2003 14:56 Subject: Re: [PHP] ARGHHH!!! POST variable problem On Monday 30 June 2003 04:38, Sparky Kopetzky wrote: I can click links and they work but when I enter data in a form and try to send it to the next php script to process the data, nothing happens. Is there a simple way I can see what is returning from the browser to see if what I expect is actually getting there?? I think $_SERVER['QUERY_STRING'] should do it but I get nothing with that one... Stick in phpinfo() at the top of your script. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* A real person has two reasons for doing anything ... a good reason and the real reason. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- - /\ ASCII Ribbon Campaign against HTML \ / email and proprietary format X attachments. / \ - Have you been used by Microsoft today? Choose your life. Choose freedom. Choose LINUX. - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ARGHHH!!! POST variable problem
At 22:38 29-6-2003, you wrote: I can click links and they work but when I enter data in a form and try to send it to the next php script to process the data, nothing happens. Is there a simple way I can see what is returning from the browser to see if what I expect is actually getting there?? I think $_SERVER['QUERY_STRING'] should do it but I get nothing with that one... Any help is GREATLY appreciated. Robin E. Kopetzky Black Mesa Computers/Internet Services please check the PHP4.1.0 release notes, paragraph 'new input mechanism'. http://www.php.net/release_4_1_0.php most existing scripts and manuals expect 'register_globals' in php.ini to be 'on'. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Close Connection to Browser
Hi, is it possible to close the connection to the client/browser without calling exit? I have an input-script for a chat-system, wich gives a Status 204 No Content to the client after submit, wich works great. The problem is, that sometimes the script needs some time to finish after sending the 204 and keeps the connection over this time, wich couses Internet Explorer and sometimes even Mozilla to crash if too much connections to the script are active. Thanks, Thomas 'Neo' Weber --- [EMAIL PROTECTED] [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ARGHHH!!! POST variable problem
Jason: THANK YOU!!! phpinfo is helping out big time. I never thought of using it for debugging but I finally got it working. Have a cold brewski on me for the save!! Robin E. Kopetzky Black Mesa Computers/Internet Services www.blackmesa-isp.net - Original Message - From: Jason Wong [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, June 29, 2003 14:56 Subject: Re: [PHP] ARGHHH!!! POST variable problem On Monday 30 June 2003 04:38, Sparky Kopetzky wrote: I can click links and they work but when I enter data in a form and try to send it to the next php script to process the data, nothing happens. Is there a simple way I can see what is returning from the browser to see if what I expect is actually getting there?? I think $_SERVER['QUERY_STRING'] should do it but I get nothing with that one... Stick in phpinfo() at the top of your script. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* A real person has two reasons for doing anything ... a good reason and the real reason. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re[2]: [PHP] File Uploads!
Hi, I used MAX_FILE_SIZE too in the form which uploads the file (the input field is before the file field) and I am using IE6 for testing and still the file pass through to the server. Cheers, Catalin Jason Wong [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Sunday 29 June 2003 20:40, Tom Rogers wrote: Maybe you have to wind up the post_max_size in php.ini and then control with MAX_FILE_SIZE in the form for the error to show up in the $_FILES array MAX_FILE_SIZE in the form is client-side, for the benefit of the browser. *IF* the browser supports it then IT would stop the upload of files larger than MAX_FILE_SIZE. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* The early bird gets the coffee left over from the night before. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Close Connection to Browser
On Sun, 29 Jun 2003 23:41:09 +0200, you wrote: is it possible to close the connection to the client/browser without calling exit? I have an input-script for a chat-system, wich gives a Status 204 No Content to the client after submit, wich works great. The problem is, that sometimes the script needs some time to finish after sending the 204 and keeps the connection over this time, wich couses Internet Explorer and sometimes even Mozilla to crash if too much connections to the script are active. You want to finish up the connection but keep the script around. Hmm... how about putting your logic into a seperate function, and registering it to be run on exit with register_shutdown_function()? (registered shutdown functions are called after the request has been completed (including sending any output buffers)) Or you could move your code into an external script and call it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Performance question
on 25/06/03 12:19 PM, Ow Mun Heng ([EMAIL PROTECTED]) wrote: Can someone help explain how I can perform a benchmark on the queries or whatever? Write some code, run it many many times, time it with something like Example 1 on http://au.php.net/microtime, then write alternate code, run it many times, and compare the results. One will be faster than the other, and you can now make an informed decision about which is the smarter way to go. If the difference is tiny, then you could ask yourself which method is easier for you to code and maintain... My bet is sessions will win both problems (performance and coding simplicity), but learning how to benchmark your scripts is a vital learning step... Justin French -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Another newbie
On Sat, 2003-06-28 at 13:10, Jay Fitzgerald wrote: I have been writing PHP for almost a year now and someone on phpfreaks told me the other day that my code was very sloppy. Since I want to more more into programming than design, can anyone recommend where to learn how to make sure your code is clean, optimized and as error-free as it can get? Even if it is the style of how to write the code, please let me knowI know noone can be the perfect programmer, but I would at least like to be a decent programmer :) Jay I would suggest reading some coding standards from, say, the Linux kernel source, PEAR, and whatever else you can find. They'll disagree with one another, but you'll get an idea of what kinds of things people find important. One book that is simply excellent is 'Code Complete: A Practical Handbook of Software Construction', by Steve McConnell (Microsoft Press). It's pretty big but it's well written, easy to read, and usually presents a few different methods along with discussions and comparisons. Some simple tricks with PHP include using a template engine to keep your code and your output separated (i.e. don't put your PHP code directly into the HTML or vice versa--even though that's perfectly fine for small jobs, small jobs always seem to turn into bigger ones); turn on error_reporting(E_ALL) and ini_set('display_errors', true) when you're testing (you can turn them off for production) so you can make sure your script runs with no errors, notices, or warnings; writing your functions and class methods to rely on globals as little as possible so they are more easily transferable to new situations; and so on. However, the topic is pretty huge, everyone has an opinion, and I'm sure that for every suggestion I or anyone else makes there are good arguments against. Good luck, Torben -- Torben Wilson [EMAIL PROTECTED]+1.604.709.0506 http://www.thebuttlesschaps.com http://www.inflatableeye.com http://www.hybrid17.com http://www.themainonmain.com - Boycott Starbucks! http://www.haidabuckscafe.com - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] passwd protected page
on 26/06/03 5:23 PM, Bibhas Kumar Samanta ([EMAIL PROTECTED]) wrote: my problem is that when I use sessions in the restricted pages the session_start() seem to reset the form ( when other filled in data is lost) when go back to the form using Back in the browser. So I wanted to avoid session_start This seems like more of a limitation of WHERE you're starting the session, or a limitation of how your browser deals with forms. I'm unsure of your exact problem (since you haven't posted a URL for us to see what's wrong, and you haven't shown us any code), but I can guarantee that all the large PHP sites use sessions -- your problem is not a problem with PHP's sessions exactly -- more like a quirk/problem with HOW you've implemented it I *think*. Justin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Securing PHP code
On 25 Jun 2003 at 16:42, Dan Joseph wrote: Store that file outside the docroot. That way there is no chance they can get it from the web site. I myself use an ini file that is no where near the docroot, and use parse_ini_file() to load the DB information in, and then I connect to it. This method passed our security audit with flying colors. A sample of what my ini file resembles is: [mysql_info] host = 192.168.1.1 uid = username pwd = password dbn = database They end up in a $INI array, and the fields are $INI['host'], $INI['uid'], etc.. You can read more about that function @ www.php.net. I am just beginning to use php and mysql together (I'm new to both). I am having trouble getting this to work in what I think is a very simple test. I have created mysql.ini, and put it outside the docroot: /myhome/mysql.ini. This file, in its entirety, is: [mysql_info} host=spore.org uid=myuserid passwd=mypassword Then I created a webpage with nothing more than the following: ?php parse_ini_file(/home/revref/mysql.ini); echo $INI; ? When I point my browser to that page, I am getting the following error message: Warning: Error parsing /home/revref/mysql.ini on line 4 in Unknown on line 0 Help is greatly needed. Doug -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] IsSet() and $_SESSION
I'm having a problem with the value that isset returns on $_SESSION variables. For some reason, even if $_SESSION['uid'] is set, isset returns FALSE. Here is the code: -- file1.php --- include file2.php; if (!isset($_SESSION[uid])) { // This first time $_SESSION[uid] is check, we should // end up in here. However, ValidAdminLogin (next test) // will set $_SESSION[uid] so next time we will not // get here. if ( !ValidAdminLogin($_POST[adminid],$_POST[adminpass])) forceadminlogin(); } elseif ( !ValidAdminSession() ) forceadminlogin(); // this is done to show that $_SESSION[uid] is being set // but isset still returns false echo $_SESSION[uid]; -- file2.php --- function ValidAdminLogin($user, $pass){ global $_SESSION; if (The_MYSQL_Stuff_Is_NOT_OK) return false; else { session_start(); $_SESSION[logged] = true; $_SESSION[username] = $user; $_SESSION[adminlogin] = true; $_SESSION[fname] = $fname; $_SESSION[lname] = $lname; $_SESSION[email] = $email; $_SESSION[uid] = session_id(); return true; } mysql_close(); } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Securing PHP code
Hello, Doug Essinger-Hileman [EMAIL PROTECTED] wrote: On 25 Jun 2003 at 16:42, Dan Joseph wrote: Store that file outside the docroot. That way there is no chance they can get it from the web site. I myself use an ini file that is no where near the docroot, and use parse_ini_file() to load the DB information in, and then I connect to it. This method passed our security audit with flying colors. A sample of what my ini file resembles is: [mysql_info] host = 192.168.1.1 uid = username pwd = password dbn = database They end up in a $INI array, and the fields are $INI['host'], $INI['uid'], etc.. You can read more about that function @ www.php.net. I am just beginning to use php and mysql together (I'm new to both). I am having trouble getting this to work in what I think is a very simple test. I have created mysql.ini, and put it outside the docroot: /myhome/mysql.ini. This file, in its entirety, is: [mysql_info} I think you meant [mysql_info]? (Check the closing bracket.) host=spore.org uid=myuserid passwd=mypassword Then I created a webpage with nothing more than the following: ?php parse_ini_file(/home/revref/mysql.ini); echo $INI; ? There's a good example in the manual: http://www.php.net/manual/en/function.parse-ini-file.php Notice that you need to do something like this: (based on your example) ?php $INI = parse_ini_file(/home/revref/mysql.ini); print_r($INI); ? - E - PS Please check the difference between print_r() and echo() as well... ...[snip]... __ Do You Yahoo!? Yahoo! BB is Broadband by Yahoo! http://bb.yahoo.co.jp/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php.net's custom 404 scripts
Hi all, I used to have a bookmark for how php.net's custom 404/redirect/search script worked, but I can't find it now, and can't see it on php.net... has anyone got a link? Not sure if it was on zend.com or php.net. TIA Justin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Securing PHP code
For some people, putting information outside the docroot isn't possible, especially when your site is hosted. On thing you can also try (which is nowhere near the security of outside the docroot) is to put ocnfig data (user, pass, etc...) inside it's own php file that is included in outfiles. For example (assuming that php parser doesn't fail): -- configstuff.php -- ?php $user = myname; $pass = mypass; $db = mydb; ? -- end -- - Edwin - wrote: Hello, Doug Essinger-Hileman [EMAIL PROTECTED] wrote: On 25 Jun 2003 at 16:42, Dan Joseph wrote: Store that file outside the docroot. That way there is no chance they can get it from the web site. I myself use an ini file that is no where near the docroot, and use parse_ini_file() to load the DB information in, and then I connect to it. This method passed our security audit with flying colors. A sample of what my ini file resembles is: [mysql_info] host = 192.168.1.1 uid = username pwd = password dbn = database They end up in a $INI array, and the fields are $INI['host'], $INI['uid'], etc.. You can read more about that function @ www.php.net. I am just beginning to use php and mysql together (I'm new to both). I am having trouble getting this to work in what I think is a very simple test. I have created mysql.ini, and put it outside the docroot: /myhome/mysql.ini. This file, in its entirety, is: [mysql_info} I think you meant [mysql_info]? (Check the closing bracket.) host=spore.org uid=myuserid passwd=mypassword Then I created a webpage with nothing more than the following: ?php parse_ini_file(/home/revref/mysql.ini); echo $INI; ? There's a good example in the manual: http://www.php.net/manual/en/function.parse-ini-file.php Notice that you need to do something like this: (based on your example) ?php $INI = parse_ini_file(/home/revref/mysql.ini); print_r($INI); ? - E - PS Please check the difference between print_r() and echo() as well... ...[snip]... __ Do You Yahoo!? Yahoo! BB is Broadband by Yahoo! http://bb.yahoo.co.jp/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Securing PHP code
On 30 Jun 2003 at 10:25, - Edwin - wrote: [mysql_info} I think you meant [mysql_info]? (Check the closing bracket.) It is correct on the server. My fingers didn't type what my brain told them to for this email. Notice that you need to do something like this: (based on your example) ?php $INI = parse_ini_file(/home/revref/mysql.ini); print_r($INI); ? This leads to the following output: Warning: Error parsing /mydirectory/mysql.ini on line 4 in Unknown on line 0 Array ( [host] = spore.org [uid] = myuserid [passwd] = mypassword) The error message still remains, though now the test confirms that mysql.ini is being parsed. PS Please check the difference between print_r() and echo() as well... Thanks for the tip. I have read the manual for both of these. Doug -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Securing PHP code
The INI file should be: [mysql_info] host=spore.org uid=myuserid passwd=mypassword Also, you'll probably want to do: $INI = parse_ini_file(/home/revref/mysql.ini); Doug Essinger-Hileman wrote: I am just beginning to use php and mysql together (I'm new to both). I am having trouble getting this to work in what I think is a very simple test. I have created mysql.ini, and put it outside the docroot: /myhome/mysql.ini. This file, in its entirety, is: [mysql_info} host=spore.org uid=myuserid passwd=mypassword Then I created a webpage with nothing more than the following: ?php parse_ini_file(/home/revref/mysql.ini); echo $INI; ? When I point my browser to that page, I am getting the following error message: Warning: Error parsing /home/revref/mysql.ini on line 4 in Unknown on line 0 Help is greatly needed. Doug -- The above message is encrypted with double rot13 encoding. Any unauthorized attempt to decrypt it will be prosecuted to the full extent of the law. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Securing PHP code
Doug Essinger-Hileman [EMAIL PROTECTED] wrote: [snip] This leads to the following output: Warning: Error parsing /mydirectory/mysql.ini on line 4 in Unknown on line 0 Array ( [host] = spore.org [uid] = myuserid [passwd] = mypassword) The error message still remains, though now the test confirms that mysql.ini is being parsed. [/snip] Hmm... it could be that the (real) passwords you're using contains non-alphanumeric characters. Try using double-quotes like: passwd=mypassword - E - __ Do You Yahoo!? Yahoo! BB is Broadband by Yahoo! http://bb.yahoo.co.jp/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] A simpler question involving http_user_agent
Would anyone happen to know what http_user_agent would be if the user is visitng from an internet enabled cell phone (e.g. sprint pcs phone or similar)? Thank you -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Securing PHP code
On 30 Jun 2003 at 11:20, - Edwin - wrote: Warning: Error parsing /mydirectory/mysql.ini on line 4 in Unknown on line 0 Array ( [host] = spore.org [uid] = myuserid [passwd] = mypassword) The error message still remains, though now the test confirms that mysql.ini is being parsed. [/snip] Hmm... it could be that the (real) passwords you're using contains non-alphanumeric characters. Try using double-quotes like: passwd=mypassword Bingo. Thanks. Doug -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
php-general Digest 30 Jun 2003 02:32:02 -0000 Issue 2147
php-general Digest 30 Jun 2003 02:32:02 - Issue 2147 Topics (messages 153319 through 153355): Re: $_POST problem SUPERGLOBALS 153319 by: Philip Olson Re: web site security: how to hide login info for mysql-connection 153320 by: anders thoresson 153321 by: Avvio - Frank 153322 by: Jaap van Ganswijk Re: File Uploads! 153323 by: Jason Wong 153340 by: Catalin Trifu PHP5 with MySQL on windows 153324 by: janet.valade.com 153330 by: Philip Olson PHP 5.0.0 Beta 1 153325 by: Sterling Hughes 153326 by: Robert Cummings Re: [PHP-QA] Re: [PHP] PHP 5.0.0 Beta 1 153327 by: Derick Rethans 153328 by: Robert Cummings Re: [PHP-DEV] Re: [PHP-QA] Re: [PHP] PHP 5.0.0 Beta 1 153329 by: Sascha Schumann 153352 by: Manuel Lemos time calcs 153331 by: Larry R. Sieting 153332 by: Jason Wong ARGHHH!!! POST variable problem 15 by: Sparky Kopetzky 153334 by: Jason Wong 153335 by: Sparky Kopetzky 153336 by: Reuben D. Budiardja 153337 by: Chris Hayes 153339 by: Sparky Kopetzky Close Connection to Browser 153338 by: Thomas Weber 153341 by: David Otton Re: Performance question 153342 by: Justin French Re: Another newbie 153343 by: Lars Torben Wilson Re: passwd protected page 153344 by: Justin French Re: Securing PHP code 153345 by: Doug Essinger-Hileman 153347 by: - Edwin - 153349 by: John Manko 153350 by: Doug Essinger-Hileman 153351 by: Leif K-Brooks 153353 by: - Edwin - 153355 by: Doug Essinger-Hileman IsSet() and $_SESSION 153346 by: John Manko php.net's custom 404 scripts 153348 by: Justin French A simpler question involving http_user_agent 153354 by: Brian J. Celenza Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- ---BeginMessage--- It would be best to read the manual pages on superglobals and retrieving external variables as the manual explains these topics in detail: http://www.php.net/reserved.variables http://www.php.net/variables.external Regards, Philip On Sun, 29 Jun 2003, esctoday.com | Wouter van Vliet wrote: Let's explain this thing with the superglobals now once again .. so that everybody knows it ... In newer versions of PHP some superglobal arrays are available... $_GET[] - For any variable passed through the query string (in the URL, or address bar in a http://www.domain.com/page.php?foo=barfoo2=bar2 syntax) but also fields submitted through a form with a tag like FORM method=GET $_POST[]- For any field submitted from a form with tag like FORM method=POST $_COOKIE[] - For any cookie set and available for the script you're running. --- $_REQUEST[] - Merges the above three together. I think I mentioned them in the default order of importance. Post overriding cookie, get overriding post. $_FILES[] - Also for information send by a form, but now only the INPUT type=FILE name=fieldname entries are listed. Remember to use this kind of form tag: form enctype=multipart/form-data action=_URL_ method=post .. espeically method=post and enctype=multipart/form-data are essential. Prior to PHP4.3 the $_FILES superglobal was also included in $_REQUEST, but don't rely on that to happen since it will make your scripts fail in a newer version and have you look for a bug which is almost impossible to find. $_SESSION[] - Session vars set. When using $_SESSION, you should not use session_start() of functions like that. A session usually exists untill a user closes his/her browser window. Or 30 minutes has expired, whatever comes first. (The 30 minutes is a setting in php.ini and can be overriden, if i'm right about that) $_ENV[] - info about the user's default shell, homedir and stuff like that. The user as which your PHP script is running on the server, that is. NOT the user visiting your page. $_SERVER[] - info about the server and the script which is running.. For example $_SERVER['php_self'] gives you the filename of the script, $_SERVER['PHP_AUTH_USER'] for the apache basic authentication username.. - So, now I hope this has been cleared out for everybody.. And that I'll still be in time to see my fav bands play at ParkPop, one of the biggest free open air pop festivals I think in Europe.. just around the corner of my house here in The Hague. Salutes, Wouter -Oorspronkelijk bericht- Van: Jason Wong [mailto:[EMAIL PROTECTED] Verzonden: vrijdag 27 juni 2003 22:46 Aan: [EMAIL PROTECTED] Onderwerp: Re: [PHP] $_POST problem On Saturday 28 June 2003 04:32, Sparky Kopetzky wrote:
Re: [PHP] A simpler question involving http_user_agent
Would anyone happen to know what http_user_agent would be if the user is visitng from an internet enabled cell phone (e.g. sprint pcs phone or similar)? It may or may not be one of these: http://www.thewirelessfaq.com/useragents.asp - michal migurski- contact info and pgp key: sf/cahttp://mike.teczno.com/contact.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A simpler question involving http_user_agent
Brian J. Celenza [EMAIL PROTECTED] wrote: Would anyone happen to know what http_user_agent would be if the user is visitng from an internet enabled cell phone (e.g. sprint pcs phone or similar)? Try Google or the archives. Maybe this will help: http://marc.theaimsgroup.com/?l=php-generalm=104394135908378w=2 Or, better yet, try the cellphone's (company's) site--they should have some info on what http_user_agent strings their cellphones are using (mine does)... - E - __ Do You Yahoo!? Yahoo! BB is Broadband by Yahoo! http://bb.yahoo.co.jp/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re[4]: [PHP] File Uploads!
Hi, Monday, June 30, 2003, 4:14:02 AM, you wrote: JW On Sunday 29 June 2003 20:40, Tom Rogers wrote: Maybe you have to wind up the post_max_size in php.ini and then control with MAX_FILE_SIZE in the form for the error to show up in the $_FILES array JW MAX_FILE_SIZE in the form is client-side, for the benefit of the browser. JW *IF* the browser supports it then IT would stop the upload of files larger JW than MAX_FILE_SIZE. JW -- Jason Wong - Gremlins Associates - www.gremlins.biz JW Open Source Software Systems Integrators JW * Web Design Hosting * Internet Intranet Applications Development * JW -- JW Search the list archives before you post JW http://marc.theaimsgroup.com/?l=php-general JW -- JW /* JW The early bird gets the coffee left over from the night before. JW */ php also checks for MAX_FILE_SIZE as you can see in rfc1867.c while (!cancel_upload (blen = multipart_buffer_read(mbuff, buff, sizeof(buff) TSRMLS_CC))) { if (total_bytes PG(upload_max_filesize)) { sapi_module.sapi_error(E_WARNING, upload_max_filesize of %ld bytes exceeded - file [%s=%s] not saved, PG(upload_max_filesize), param, filename); cancel_upload = UPLOAD_ERROR_A; } else if (max_file_size (total_bytes max_file_size)) { sapi_module.sapi_error(E_WARNING, MAX_FILE_SIZE of %ld bytes exceeded - file [%s=%s] not saved, max_file_size, param, filename); cancel_upload = UPLOAD_ERROR_B; } else if (blen 0) { wlen = fwrite(buff, 1, blen, fp); if (wlen blen) { sapi_module.sapi_error(E_WARNING, Only %d bytes were written, expected to write %ld, wlen, blen); cancel_upload = UPLOAD_ERROR_C; } else { total_bytes += wlen; } } } So I set max post to something huge then control it on a form by form basis,, which seems to work fine and fills in the error bit for me if it is too big -- regards, Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php.net's custom 404 scripts
Hello, Justin French [EMAIL PROTECTED] wrote: Hi all, I used to have a bookmark for how php.net's custom 404/redirect/search script worked, but I can't find it now, and can't see it on php.net... has anyone got a link? Not sure if it was on zend.com or php.net. Not sure what exactly you're looking for but... You can try triggering a 404 then click on the show source at the bottom-right-hand-side of the page... - E - __ Do You Yahoo!? Yahoo! BB is Broadband by Yahoo! http://bb.yahoo.co.jp/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Japanese text not displaying correctly.
On Fri, 27 Jun 2003 18:12:29 -0700 Dennis Browne [EMAIL PROTECTED] wrote: E-, Thanks for the reply ... echoing just the Japanese characters displays just fine with both Netscape 4.7+ and IE 5+. With the include (both saved as utf8) is where the problem occurs. I have seen posts about the BOM of the include file getting in the way. I do not know a work around though. Any ideas? Try changing the internal encoding to utf-8. (in php.ini, that is. Not sure how it'll work though...) I'm using euc-jp and I just use mb_convert_encoding() when necessary... - E - ...[snip]... __ Do You Yahoo!? Yahoo! BB is Broadband by Yahoo! http://bb.yahoo.co.jp/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php.net's custom 404 scripts
On Mon, 30 Jun 2003 11:26:50 +1000, you wrote: I used to have a bookmark for how php.net's custom 404/redirect/search script worked, but I can't find it now, and can't see it on php.net... has anyone got a link? I guess you're looking for Apache's ErrorDocument directive. It's in the manual. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Full Text Search of M$ Office Documents
Hi, Feroze Md. Arif [EMAIL PROTECTED] wrote: Hi, I am looking for a solution that will allow full text search of M$Office files (Word, Powerpoint, EXCEL), PDF, HTML and Text files. I am working on a project that involves uploading of the above files to a server. After uploading, the Users should be able to search for key words or phrases in the file. The search should throw up a list like the ones we get on Google. Should I use Open Source Search Engines such as HTDig, Swish or Namazu? Can these be integrated into a PHP application? I would appreciate it very much if someone could provide me with some information on this. Not sure about the others but I believe Namazu has all the extensions you need. Besides, there's a Namazu module that you can use in php. Infos I know are all in Japanese though... - E - __ Do You Yahoo!? Yahoo! BB is Broadband by Yahoo! http://bb.yahoo.co.jp/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Passing form value into another form value?
Im a beginner and was hoping if you could help me on passing a value into a form and into another form? Im not sure what do you call that sequence but I hope you could get me into a howto section to do that or give me something nice. Thanks -- Louie -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Passing form value into another form value?
Hi, Monday, June 30, 2003, 2:41:59 PM, you wrote: MJLM Im a beginner and was hoping if you could help me on passing a value into a MJLM form and into another form? Im not sure what do you call that sequence but I MJLM hope you could get me into a howto section to do that or give me something MJLM nice. MJLM Thanks MJLM -- MJLM Louie Take the value from the first form and pass it in the second using a hidden field.. //from first form $value = $_post['value'] //second form form action.. input type=hidden name=value value=?php echo $value? . . . /form -- regards, Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHPSESSID Length?
Hi Henrik, Take a look at session_id, you can use it to get or set the session id. Using some of my random generation functions I juse 72 to 96 character session ids for my more secure PHP applications. Remember if you want it to remain secure you need to pass it through SSL, longer keys do no good if someone is packet sniffing. Jason Henrik Hudson wrote: Hey List- I'm trying to figure out how to make the PHPSESSID cookie be longer then 32 characters? One can set the entropy file and entropy length, but if my understanding of entropy is correct then that just helps randomize the 32 chars and not not actually make a string that much longer or shorter. Can't seem to find anything in the archives or Google. Then again, is a 32-length string sufficient for protecting a browser session length of session? Thanks. Henrik -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Close Connection to Browser
Take a look at register_shutdown_function, it sounds like it might do what you want just be aware that you obviously can't display output once the connection is closed because no one is listening . void register_shutdown_function ( callback function) Registers the function named by function to be executed when script processing is complete. If the function function does not exist (undefined), an error of level E_WARNING is generated. Thomas Weber wrote: Hi, is it possible to close the connection to the client/browser without calling exit? I have an input-script for a chat-system, wich gives a Status 204 No Content to the client after submit, wich works great. The problem is, that sometimes the script needs some time to finish after sending the 204 and keeps the connection over this time, wich couses Internet Explorer and sometimes even Mozilla to crash if too much connections to the script are active. Thanks, Thomas 'Neo' Weber --- [EMAIL PROTECTED] [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Passing form value into another form value?
This is what I have made, im not sure if its correct. --- form action method=GET name= enter name: input type=text name=namebr enter email: input type=text name=email ?php $value_name = $_post['name'] $value_email = $_post['email'] ? brbr input type=submit value=Collect Data /form --- -- Louie -Original Message- From: Tom Rogers [mailto:[EMAIL PROTECTED] Sent: Monday, June 30, 2003 12:43 PM To: Miranda, Joel Louie M Cc: '[EMAIL PROTECTED]' Subject: Re: [PHP] Passing form value into another form value? Hi, Monday, June 30, 2003, 2:41:59 PM, you wrote: MJLM Im a beginner and was hoping if you could help me on passing a MJLM value into a form and into another form? Im not sure what do you MJLM call that sequence but I hope you could get me into a howto MJLM section to do that or give me something nice. MJLM Thanks MJLM -- MJLM Louie Take the value from the first form and pass it in the second using a hidden field.. //from first form $value = $_post['value'] //second form form action.. input type=hidden name=value value=?php echo $value? . . . /form -- regards, Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Passing form value into another form value?
Miranda, Joel Louie M wrote: This is what I have made, im not sure if its correct. --- form action method=GET name= enter name: input type=text name=namebr enter email: input type=text name=email ?php $value_name = $_post['name'] $value_email = $_post['email'] ? brbr input type=submit value=Collect Data /form --- Believe it or not, creating a variable called $value_* isn't going to magically set an input box's value. Did you even read the example?! -- The above message is encrypted with double rot13 encoding. Any unauthorized attempt to decrypt it will be prosecuted to the full extent of the law. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Passing form value into another form value?
Dude, As far as my first email is concerned im a newbie, so please bear w/ me if you want to. -- Louie -Original Message- From: Leif K-Brooks [mailto:[EMAIL PROTECTED] Sent: Monday, June 30, 2003 1:32 PM To: Miranda, Joel Louie M Cc: 'Tom Rogers'; '[EMAIL PROTECTED]' Subject: Re: [PHP] Passing form value into another form value? Miranda, Joel Louie M wrote: This is what I have made, im not sure if its correct. --- form action method=GET name= enter name: input type=text name=namebr enter email: input type=text name=email ?php $value_name = $_post['name'] $value_email = $_post['email'] ? brbr input type=submit value=Collect Data /form --- Believe it or not, creating a variable called $value_* isn't going to magically set an input box's value. Did you even read the example?! -- The above message is encrypted with double rot13 encoding. Any unauthorized attempt to decrypt it will be prosecuted to the full extent of the law. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP5 with MySQL on windows
On Sun, 2003-06-29 at 14:19, [EMAIL PROTECTED] wrote: However, MySQL support is no longer there. There doesn't seem to by any dll for mysql in the extensions subdirectory. http://bugs.php.net/bug.php?id=24389 This issue has been addressed and is now available in the snap build of PHP5.0 available at http://snaps.php.net/ John -- -~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~- John Coggeshall john at coggeshall dot org http://www.coggeshall.org/ -~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP 5.0.0 Beta 1
The PHP development community is proud to announce the release of PHP 5 Beta 1. Both source packages and a Win32 build are available, you can find these packages at http://www.php.net/downloads.php. For a complete list of changes, please refer to http://www.php.net/ChangeLog-5.php. Some of the more major changes include: - PHP5 features the Zend Engine 2. For a list of Zend Engine 2 changes, please visit http://www.php.net/zend-engine-2.php. - XML support has been completely redone in PHP5, all extensions are now focused around the excellent libxml2 library (http://www.xmlsoft.org/). - SQLite has been bundled with PHP. For more information on SQLite, please visit their website, http://www.hwaci.com/sw/sqlite/. - Streams have been greatly improved, including the ability to access low-level socket operations on streams. - Due to issues surrounding the MySQL 4.0 license, the MySQL libraries are no longer bundled with PHP. For more information on these licensing changes please see the MySQL licensing policy [1] Note: This is a beta version. It should not be used in production or even semi-production web sites. There are known bugs in it, and in addition, some of the features may change (based on feedback). We encourage you to download and play with it (and report bugs[2] if you find any!), but please do not replace your production installations of PHP 4 at this time. [1] http://www.mysql.com/products/licensing.html [2] http://bugs.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP 5.0.0 Beta 1
On Sun, 2003-06-29 at 14:19, Sterling Hughes wrote: - Due to issues surrounding the MySQL 4.0 license, the MySQL libraries are no longer bundled with PHP. For more information on these licensing changes please see the MySQL licensing policy [1] [1] http://www.mysql.com/products/licensing.html I read the licensing information in the above link, but I'm curious what exactly in it necessitated the need to unbundle MySQL? Anyone have a quick answer? Cheers, Rob. -- .-. | Worlds of Carnage - http://www.wocmud.org | :-: | Come visit a world of myth and legend where | | fantastical creatures come to life and the | | stuff of nightmares grasp for your soul.| `-' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [PHP-QA] Re: [PHP] PHP 5.0.0 Beta 1
On Sun, 29 Jun 2003, Robert Cummings wrote: On Sun, 2003-06-29 at 14:19, Sterling Hughes wrote: - Due to issues surrounding the MySQL 4.0 license, the MySQL libraries are no longer bundled with PHP. For more information on these licensing changes please see the MySQL licensing policy [1] [1] http://www.mysql.com/products/licensing.html I read the licensing information in the above link, but I'm curious what exactly in it necessitated the need to unbundle MySQL? Anyone have a quick answer? It's GPL. Derick -- Interpreting what the GPL actually means is a job best left to those that read the future by examining animal entrails. - Derick Rethans http://derickrethans.nl/ International PHP Magazine http://php-mag.net/ - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: [PHP-QA] Re: [PHP] PHP 5.0.0 Beta 1
Ahhh crap. I read the PHP license a long time ago. I guess time faded my memory and I began to think of it as GPL. Thanks, Rob. On Sun, 2003-06-29 at 15:02, Derick Rethans wrote: On Sun, 29 Jun 2003, Robert Cummings wrote: On Sun, 2003-06-29 at 14:19, Sterling Hughes wrote: - Due to issues surrounding the MySQL 4.0 license, the MySQL libraries are no longer bundled with PHP. For more information on these licensing changes please see the MySQL licensing policy [1] [1] http://www.mysql.com/products/licensing.html I read the licensing information in the above link, but I'm curious what exactly in it necessitated the need to unbundle MySQL? Anyone have a quick answer? It's GPL. Derick -- Interpreting what the GPL actually means is a job best left to those that read the future by examining animal entrails. - Derick Rethans http://derickrethans.nl/ International PHP Magazine http://php-mag.net/ - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- .-. | Worlds of Carnage - http://www.wocmud.org | :-: | Come visit a world of myth and legend where | | fantastical creatures come to life and the | | stuff of nightmares grasp for your soul.| `-' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [PHP-DEV] Re: [PHP-QA] Re: [PHP] PHP 5.0.0 Beta 1
On Sun, 29 Jun 2003, Robert Cummings wrote: On Sun, 2003-06-29 at 14:19, Sterling Hughes wrote: - Due to issues surrounding the MySQL 4.0 license, the MySQL libraries are no longer bundled with PHP. For more information on these licensing changes please see the MySQL licensing policy [1] [1] http://www.mysql.com/products/licensing.html I read the licensing information in the above link, but I'm curious what exactly in it necessitated the need to unbundle MySQL? Anyone have a quick answer? Note that the bundled library code was removed due to being unmaintained. The old bundled library code was in the public domain and thus not subject to the GPL. Only the MySQL 4 library is GPLed; the MySQL 3 library is not. It is unfortunate that some people try to confuse the public about this topic. - Sascha -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [PHP-DEV] Re: [PHP-QA] Re: [PHP] PHP 5.0.0 Beta 1
Hello, On 06/29/2003 04:16 PM, Sascha Schumann wrote: - Due to issues surrounding the MySQL 4.0 license, the MySQL libraries are no longer bundled with PHP. For more information on these licensing changes please see the MySQL licensing policy [1] [1] http://www.mysql.com/products/licensing.html I read the licensing information in the above link, but I'm curious what exactly in it necessitated the need to unbundle MySQL? Anyone have a quick answer? Note that the bundled library code was removed due to being unmaintained. The old bundled library code was in the public domain and thus not subject to the GPL. Only the MySQL 4 library is GPLed; the MySQL 3 library is not. It is unfortunate that some people try to confuse the public about this topic. Many people think that all Open Source software has a GPL license. I guess it is that old Lenine say, if you repeat the same lie many times, it becomes the truth, that today is known as propaganda. Credits for this Open Source lie should go to RMS. Anyway, MySQL 3 library seems to work perfectly to connect to MySQL 4 servers. What are MySQL 4 client library advantages? Anyone thought of keep the bundle of MySQL 3 library? Was there a problem, or is this unbundling initiative a sort of protest to make MySQL AB reconsider MySQL 4 client library licensing? -- Regards, Manuel Lemos Free ready to use OOP components written in PHP http://www.phpclasses.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php