Re: [PHP] Image Storage
Michal Migurski wrote: I am creating a system to allow users to upload images to the site. Would it be better to store the images in a MySQL table, or having it save the images to a directory on the server? Anyone have any suggestions on this? Pros? Cons? MySQL themselves advise you use the filesystem for images - faster. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] $x base64_decode(base64_encode($x)) for imagecreatefromstring
I'm writing a script that does image manipulation, and trying to take some of the images I use in an imagecopy() out of the filesystem as images, and put them directly in the php file as strings assigned to variables. Of course, they're binary so they garbledygook everything if they're not converted, so I want to convert them with base64_encode. To test this I have a test script that makes me think that this may be impossible, and that there may be a weird bug somewhere in this php version. Weird thing is, the string works ok if it's read with fread or imagecreatefrompng, and then directly output with imagepng. However, if this data is encoded with base64_encode as $x1, and $x1 is then decoded as $x2 with base64_decode, imagecreatefrompng($x2) hangs (php produces no output it seems, none either from code prior to imagecreatefrompng() ), even if the script determines that all these values are identical (with the === operator and strcmp() ) on scriptruns when the critical line imagecreatefrompng($whatever) is commented out. Sample: (run on 4.3.4) if (is_file($filename)) { $fd = @fopen($filename,r); $image_string = fread($fd,filesize($filename)); $image2 = base64_encode($image_string); $image3 = base64_decode($image2); // echo strcmp($image_string, $image3); commented line 0 if($image_string $image3) die('not equal'); // if($image_string === $image3) die('same type'); commented line 1 if(!$image3) die('none'); // echo 'got here'; 2 $im = imagecreatefromstring($image3); //$im = imagecreatefromstring($image_string); 3 // echo 'and here'; 4 imagePNG($im, 'thisimage.png'); // echo 'and here'; 5 header('Content-type: image/png'); imagePNG($im); imagedestroy($im); fclose($fd); } when commented line 0 is uncommented, the script outputs 0, output for strcmp in cases of equality. and 1 makes the script die('same type'). When commented line 3 is uncommented and the line before it commented out, the script works fine. When the commented echo lines are uncommented (when the script uses imagecreatefromstring($image3)), php seems to produce no output. I'd greatly appreciate any advise on getting the image source into the php file itself, and on why this is behaving so oddly. Also: is this likely to be more load-intensive than just reading in the image files with imagecreatefrompng or fopen? Thanks, James Coder -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php and email
Hi all, Im wondering if anyone can help me with this problem I have a form with the following line of code; $message .= a href=\http://127.0.0.1/devsite/activate.php?member=$realnamehash=$initPass\;Click here to activate/a\n; What I actually get is the following output; a href=ttp://127.0.0.1/devsite/activate.php?member=Steven Mac Intyrehash95aea7a8aee0fdcc90d7e9893c75bb3Click here to activate/a You will see it is missing the h out of http and the = out of hash= ... also the first charactor of the hash variable is missing. Has anyone else seen this ? Know how to fix it ? PLEASE HELP Steven -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: php and email
Make sure that your header function as it set to send html mail Steven Mac Intye [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi all, Im wondering if anyone can help me with this problem I have a form with the following line of code; $message .= a href=\http://127.0.0.1/devsite/activate.php?member=$realnamehash=$initPass \Click here to activate/a\n; What I actually get is the following output; a href=ttp://127.0.0.1/devsite/activate.php?member=Steven Mac Intyrehash95aea7a8aee0fdcc90d7e9893c75bb3Click here to activate/a You will see it is missing the h out of http and the = out of hash= ... also the first charactor of the hash variable is missing. Has anyone else seen this ? Know how to fix it ? PLEASE HELP Steven -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [GLUG-chat] Re: email form
hehe, Thanks ... I got it I replaced my content type with the following: Content-Type: text/html; charset=iso-8859-15 Now it works perfectly :)) Thanks all Steven Mac Intye wrote: Hi Ray, Nope... this is what it outputs now. activate.php?member=Steven+Mac+Intyrehash95aea7a8aee0fdcc90d7e9893c75bb3 It simply adds + to the name ... Ray Leach wrote: On Tue, 2004-03-23 at 11:12, Steven Mac Intye wrote: erm ... it is also removing the first charactor of the hash. The correct hash is: 395aea7a8aee0fdcc90d7e9893c75bb3 PLEASE HELP Steven Mac Intye wrote: Hi all, Please help me. I have the following line in my code; $message .= a href=\http://127.0.0.1/devsite/activate.php?member=$realnamehash=$initPass\;Click here to activate/a\n; Try using urlencode to encode the values for member and hash. But if I recieve the email, i get the following output; a href=ttp://127.0.0.1/devsite/activate.php?member=Steven Mac Intyrehash95aea7a8aee0fdcc90d7e9893c75bb3Click here to activate/a You will see that it is missing the h on http and the = just after hash ... Any idea's ? --- To unsubscribe: send the line unsubscribe glug-chat in the subject of a mail to [EMAIL PROTECTED]. Problems? Email [EMAIL PROTECTED]. Archives are at http://www.linux.org.za/Lists-Archives/ --- To unsubscribe: send the line unsubscribe glug-chat in the subject of a mail to [EMAIL PROTECTED]. Problems? Email [EMAIL PROTECTED]. Archives are at http://www.linux.org.za/Lists-Archives/ --- To unsubscribe: send the line unsubscribe glug-chat in the subject of a mail to [EMAIL PROTECTED]. Problems? Email [EMAIL PROTECTED]. Archives are at http://www.linux.org.za/Lists-Archives/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Ticketing system
Hi I am using deskpro. see http://www.deskpro.com It's written in PHP, but it is not cheap. From my brief experience I would have to say however that it certainly seems to be worth it. Such a sophisticated ticketing system would take a very significant amount of time to build from scratch. HTH [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi there, ok i am asking now, but be assured that I have googled already. I am looking for a good customisable ticketing system in PHP, i had a look at request tracker, but it doesnt look customisable and its in Perl. I am trying to find if there are solutions to what we want before i go and build it from scratch, let me know thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] syntax for printing multi-dimensional arrays
Hi all I am having problems printing members of an array that has two dimensions and am wondering if someone can help me with the syntax required to do this. If i have the follwing code: ?php $test=array('test1'='a','test2'='b'); print $test[test1]; ? I get 'a' echoed to the screen as expected. But if i make the array 2 dimensional like this: ?php $test[0]=array('test1'='a','test2'='b'); print $test[0][test1]; ? I would expect to get 'a' echoed to the screen again but instead i get this: Array[test1]. Has anyone seen this before and can help or point me to some goods docs on it? Thanks in advance for any help Cheers Bob -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] syntax for printing multi-dimensional arrays
Just found the answer so please disregard this. Cheers Bob -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] syntax for printing multi-dimensional arrays
Hi, Tuesday, March 23, 2004, 8:03:05 PM, you wrote: BP Hi all BP I am having problems printing members of an array that has two BP dimensions and am wondering if someone can help me with the syntax BP required to do this. BP If i have the follwing code: BP ?php BP $test=array('test1'='a','test2'='b'); BP print $test[test1]; ? BP I get 'a' echoed to the screen as expected. But if i make the array 2 BP dimensional like this: BP ?php BP $test[0]=array('test1'='a','test2'='b'); BP print $test[0][test1]; ? BP I would expect to get 'a' echoed to the screen again but instead i get this: BP Array[test1]. BP Has anyone seen this before and can help or point me to some goods docs BP on it? BP Thanks in advance for any help BP Cheers BP Bob You don't need the outside quotes just print $test[0]['test1'] ( Note test1 needs the quotes ) If you need to output other stuff then use the . operator like print 'Value = '.$test[0]['test1'].'br'; -- regards, Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Java script prompt - help
Hi all I know this is not a Javascript mailling list, and I do apologies. I someone could please help me a url or an email, this would be most appreciated. I would like to have a yes \ no prompt displayed and depending on which button is pressed take the right course of action. Kind Regards and thank you Brent Clark
[PHP] PHPSESSID in passthru
Hi, I discover a surprising thing with PHPSESSID, I try something like this : $var=htmldoc -t html --quiet '' 'https://login:[EMAIL PROTECTED]/file.php?documentIdent=157typeAffiche=3PHPSESSID=068dd351a106bb6ead80e11a27f75100'; echo 'var='.$var; passthru($var); passthru is waiting for and don't give the result. In the other hand, if I use an other word than PHPSESSID it works. It seems to be a security constraint, how can I do to forcing PHP to use it ? Thanks Nicolas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] string to float
How do I change a string to a float, when the string may be in this format : 4,999.90 , or this format: 4999,90 (european style) -- Diana Castillo Global Reservas, S.L. C/Granvia 22 dcdo 4-dcha 28013 Madrid-Spain Tel : 00-34-913604039 ext 214 Fax : 00-34-915228673 email: [EMAIL PROTECTED] Web : http://www.hotelkey.com http://www.destinia.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] receiving ndr for each email sent to list
[snip] (no theories please. unless it's correct. in which case it's ok. :) [/snip] ROFLMFAO! If it is correct then it is no longer theory! Sorry Chris, maybe I should go lay down. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Constants
[snip] ?php interface Foo { const MY_FOO = hello world; } class Bar implements Foo { public function displayFoo(){ print MY_FOO; } } $obj = new Bar; $obj-displayFoo(); ? The results should display hello world, but it prints out MY_FOO. [/snip] This is not a bug, but a misunderstanding of constants. You have not defined the constant define(MY_FOO, hello world.); http://us4.php.net/constants -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] string to float
[snip] How do I change a string to a float, when the string may be in this format : 4,999.90 , or this format: 4999,90 (european style) [/snip] http://us4.php.net/settype -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
php-general Digest 23 Mar 2004 13:33:36 -0000 Issue 2663
php-general Digest 23 Mar 2004 13:33:36 - Issue 2663 Topics (messages 181215 through 181251): Re: Passing by conditional IF statement...why? 181215 by: Ligaya Turmelle 181217 by: Daniel Guerrier 181219 by: Ryan A 181221 by: John W. Holmes 181224 by: Ryan A Re: Any Ideas? 181216 by: John W. Holmes PHP5 Release 181218 by: daniel.electroteque.org 181227 by: Yann Larrivee Re: PHP installation problem in FreeBSD OS. 181220 by: Filip de Waard Image Storage 181222 by: Matt Palermo 181223 by: Michal Migurski 181237 by: James Coder Re: SQL Injection check (mysql) 181225 by: trlists.clayst.com Re: RE:[PHP] sessions...how to use not clear? 181226 by: trlists.clayst.com an if statement 181228 by: Andy B 181229 by: John W. Holmes 181232 by: Andy B 181234 by: Evgeny Pedya Unable connect to ORACLE 181230 by: Timotius Ticketing system 181231 by: daniel.electroteque.org 181242 by: Henry Grech-Cini mysql_connect error 181233 by: T UmaShankari 181235 by: php-general.lists.php.net Constants 181236 by: Jakes 181250 by: Jay Blanchard $x base64_decode(base64_encode($x)) for imagecreatefromstring 181238 by: James Coder php and email 181239 by: Steven Mac Intye 181240 by: Jakes Re: [GLUG-chat] Re: email form 181241 by: Steven Mac Intye syntax for printing multi-dimensional arrays 181243 by: Bob Pillford 181244 by: Bob Pillford 181245 by: Tom Rogers Java script prompt - help 181246 by: Brent Clark PHPSESSID in passthru 181247 by: Guillouet Nicolas string to float 181248 by: Diana Castillo 181251 by: Jay Blanchard Re: receiving ndr for each email sent to list 181249 by: Jay Blanchard Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- ---BeginMessage--- I think it is because the query ran successfully and returns an empty set. So the pointer is still good. Respectfully, Ligaya Turmelle Ryan A [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I have this simple code in my php script: * * * * * $res = mysql_query(SELECT product_id, now()-1 FROM .$tc._prods where cno=$cno AND product_id='$product_id' LIMIT 1); if($res) { $r = mysql_fetch_row($res); $product_id2 = $r[0]; $th_pres= $r[1]; echo debug echo; }else {echo No results, sorry;} * * * * * its working great when the data actually exists but when there are no matches it still executes the if($res) part instead of displaying No results, sorry. Why is that? or am I using the syntax wrong? Thanks, -Ryan ---End Message--- ---BeginMessage--- if(mysql_num_rows($res)) returns count of rows returned. if it 0 is false so it shouldn't execute the conditional code --- Ligaya Turmelle [EMAIL PROTECTED] wrote: I think it is because the query ran successfully and returns an empty set. So the pointer is still good. Respectfully, Ligaya Turmelle Ryan A [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I have this simple code in my php script: * * * * * $res = mysql_query(SELECT product_id, now()-1 FROM .$tc._prods where cno=$cno AND product_id='$product_id' LIMIT 1); if($res) { $r = mysql_fetch_row($res); $product_id2 = $r[0]; $th_pres= $r[1]; echo debug echo; }else {echo No results, sorry;} * * * * * its working great when the data actually exists but when there are no matches it still executes the if($res) part instead of displaying No results, sorry. Why is that? or am I using the syntax wrong? Thanks, -Ryan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __ Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. http://taxes.yahoo.com/filing.html ---End Message--- ---BeginMessage--- Ryan A [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I have this simple code in my php script: * * * * * $res = mysql_query(SELECT product_id, now()-1 FROM .$tc._prods where cno=$cno AND product_id='$product_id' LIMIT 1); if($res) { $r = mysql_fetch_row($res); $product_id2 = $r[0]; $th_pres= $r[1]; echo debug echo; }else {echo No results, sorry;} * * * * * its working great when the data actually exists but when there are no matches it still executes the if($res) part instead of displaying No results, sorry. Why is that? or am I using the syntax wrong? Thanks, -Ryan Thanks guys, I'm now using: if(($r = mysql_fetch_row($res)) =1) and its working fine, if the above
RE: [PHP] Constants
Not too fast. From http://www.php.net/zend-engine-2.php PHP 5 introduces per-class constants: ?php class Foo { const constant = constant; } echo Foo::constant = . Foo::constant . \n; ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Constants
[snip] Not too fast. From http://www.php.net/zend-engine-2.php PHP 5 introduces per-class constants: ?php class Foo { const constant = constant; } echo Foo::constant = . Foo::constant . \n; ? [/snip] My bad. Still not a bug. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] login scripts not secure?? help!
hi in an attempt to create a login system for site administrators on a website i come into the following problem that bothers me because i cant find any way to fix it. problem: most login scripts/systems i look at for examples on how to make a login section from sessions (allow the administrator to go between login required pages and also be able to go to public pages) without having to login again (the only way an administrator has to login again is if they close the browser on that site)... i run into the deal where most login scripts check to see if $_SESSION[username] or a $_SESSION var has been set or is valid. i noticed this could be a very bad thing because there is nothing stopping an outside link from doing something like: a href=securepage.php?_SESSION[username]=admin_SESSION[pwd]=passwordgo to secure page/a and being valid (that is if they manage to hack the user/pwd)... any ideas how to create such a system? any ways around that?? i need a system that will not do that
[PHP] Re: Constants
this is probably because Foo is an interface instead of a class. interfaces can't contain any data as far as I know. Jakes [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] The bug server looks like its down, so I will just post the bug here, and hopefully someone will spot it PHP version: 5RC1 ?php interface Foo { const MY_FOO = hello world; } class Bar implements Foo { public function displayFoo(){ print MY_FOO; } } $obj = new Bar; $obj-displayFoo(); ? The results should display hello world, but it prints out MY_FOO. Thanks Jakes -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: php and email
try using ' instead of Steven Mac Intye [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi all, Im wondering if anyone can help me with this problem I have a form with the following line of code; $message .= a href=\http://127.0.0.1/devsite/activate.php?member=$realnamehash=$initPass \Click here to activate/a\n; What I actually get is the following output; a href=ttp://127.0.0.1/devsite/activate.php?member=Steven Mac Intyrehash95aea7a8aee0fdcc90d7e9893c75bb3Click here to activate/a You will see it is missing the h out of http and the = out of hash= ... also the first charactor of the hash variable is missing. Has anyone else seen this ? Know how to fix it ? PLEASE HELP Steven -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: login scripts not secure?? help!
try using $HTTP_SESSION_VARS[] by the way. if hacks can find out the user-pass combination they can just use the normal way of logging in ;-) Andy B [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] hi in an attempt to create a login system for site administrators on a website i come into the following problem that bothers me because i cant find any way to fix it. problem: most login scripts/systems i look at for examples on how to make a login section from sessions (allow the administrator to go between login required pages and also be able to go to public pages) without having to login again (the only way an administrator has to login again is if they close the browser on that site)... i run into the deal where most login scripts check to see if $_SESSION[username] or a $_SESSION var has been set or is valid. i noticed this could be a very bad thing because there is nothing stopping an outside link from doing something like: a href=securepage.php?_SESSION[username]=admin_SESSION[pwd]=passwordgo to secure page/a and being valid (that is if they manage to hack the user/pwd)... any ideas how to create such a system? any ways around that?? i need a system that will not do that -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] login scripts not secure?? help!
snip a href=securepage.php?_SESSION[username]=admin_SESSION[pwd]=passwordgo to secure page/a /snip Turn off register globals. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] login scripts not secure?? help!
hi, securepage.php?_SESSION[username]=admin_SESSION[pwd]=password would not register 'username' and 'pwd' to the $_SESSION array but to the $_GET and $_REQUEST-Array like: $_GET['_SESSION']['username'] = 'admin' There is no way to inject any kind of data to the super-global Arrays at all Hope this helps, red Am Dienstag, 23. März 2004 14:45 schrieb Andy B: hi in an attempt to create a login system for site administrators on a website i come into the following problem that bothers me because i cant find any way to fix it. problem: most login scripts/systems i look at for examples on how to make a login section from sessions (allow the administrator to go between login required pages and also be able to go to public pages) without having to login again (the only way an administrator has to login again is if they close the browser on that site)... i run into the deal where most login scripts check to see if $_SESSION[username] or a $_SESSION var has been set or is valid. i noticed this could be a very bad thing because there is nothing stopping an outside link from doing something like: a href=securepage.php?_SESSION[username]=admin_SESSION[pwd]=passwordgo to secure page/a and being valid (that is if they manage to hack the user/pwd)... any ideas how to create such a system? any ways around that?? i need a system that will not do that -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Constants
You can keep constant variables in an interface, because thay are static and do not change. Trust me, it is a bug. Gerben [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] this is probably because Foo is an interface instead of a class. interfaces can't contain any data as far as I know. Jakes [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] The bug server looks like its down, so I will just post the bug here, and hopefully someone will spot it PHP version: 5RC1 ?php interface Foo { const MY_FOO = hello world; } class Bar implements Foo { public function displayFoo(){ print MY_FOO; } } $obj = new Bar; $obj-displayFoo(); ? The results should display hello world, but it prints out MY_FOO. Thanks Jakes -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session.bug_compat_42
What does the code look like that is causing this error? I know I can turn the error off but how do I fix the code that is causing it? Warning: Unknown(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0 It only seems to appear when viewed using MSIE, Konqueror and Mozilla do not display this error, why? Here is some example code that I am using. ?php if (!session_is_registered('U_SI')) { #do some stuff. } session_register(last_time); $last_time = time(); echo $_SESSION['last_time']; ? Here are some settings from php.ini from the server that is giving the error. /etc/php4/php.ini register_globals = Off [Session] session.save_handler = files session.save_path = /tmp session.use_cookies = 1 session.name = PHPSESSID session.auto_start = 1 session.cookie_lifetime = 0 session.cookie_path = / session.cookie_domain = session.serialize_handler = php session.gc_probability = 1 session.gc_divisor = 100 session.gc_maxlifetime = 1440 session.bug_compat_42 = 1 session.bug_compat_warn = 1 session.referer_check = session.entropy_length = 0 session.entropy_file = session.cache_limiter = nocache session.cache_expire = 180 session.use_trans_sid = 0 url_rewriter.tags = a=href,area=href,frame=src,input=src,form=,fieldset= PHP 4.3.2 (cli) (built: Aug 12 2003 14:25:22) Copyright (c) 1997-2003 The PHP Group Zend Engine v1.3.0, Copyright (c) 1998-2003 Zend Technologies with Turck MMCache v2.3.20, Copyright (c) 2002-2003 TurckSoft, St. Petersburg, by Dmitry Stogov James Hicks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] RE:[PHP] login scripts not secure?? help!
[snip] There is no way to inject any kind of data to the super-global Arrays at all [snip] duhhh...how come i didnt think of that... well..guess its long nights without coffee.. tnx... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Constants
If you define constants with in a interface and then implement that interface it does not work on 5RC1 This should work, but it displays the constant name rather than value it references interface Settings { const UNAME = somename; const PWORD = password; const SERVER = localhost; } class Conn implements Settings { public function __construct(){ $dbConn = mysql_connect(SERVER, UNAME, PWORD); } } Jay Blanchard [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] [snip] Not too fast. From http://www.php.net/zend-engine-2.php PHP 5 introduces per-class constants: ?php class Foo { const constant = constant; } echo Foo::constant = . Foo::constant . \n; ? [/snip] My bad. Still not a bug. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Constants
IIRC it was changed to self::CONST_NAME recently interface Settings { const UNAME = somename; const PWORD = password; const SERVER = localhost; } class Conn implements Settings { public function __construct(){ $dbConn = mysql_connect(self::SERVER, self::UNAME, self::PWORD); } } -- red -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Constants
Give this a read: http://marc.theaimsgroup.com/?l=php-devm=107936530102181w=2 Am Dienstag, 23. März 2004 15:16 schrieb Red Wingate: IIRC it was changed to self::CONST_NAME recently interface Settings { const UNAME = somename; const PWORD = password; const SERVER = localhost; } class Conn implements Settings { public function __construct(){ $dbConn = mysql_connect(self::SERVER, self::UNAME, self::PWORD); } } -- red -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] fsockopen to spit out the HTTP's Location...
In plain english, can't use the header(Location: ), so have to use the fsockopen() instead. Just that header() is not allowed, don't ask me why. Just couldn't get the browser perform the HTTP LOCATION event. It does work when using fsockopen() for HTTP POST or GET as stated in the http://us2.php.net/manual/en/function.fsockopen.php with the user's comment. What could be more difficult than this? --snip-- $host = 192.168.0.2; $port = 443; $url_str = ssl://www.whatever.com?str1=truestr2=falsestr3=true; $fp = fsockopen(ssl://.$host, $port, $errno, $errstr, $timeout = 30); if(!$fp){ echo $errstr ($errno)\n; }else{ //send out to the browser. fputs($fp, Location: .$url_str.\r\n); fclose($fp); } FletchSOD -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] fsockopen to spit out the HTTP's Location...
In plain english, can't use the header(Location: ), so have to use the fsockopen() instead. Just that header() is not allowed, don't ask me why. Just couldn't get the browser perform the HTTP LOCATION event. It does work when using fsockopen() for HTTP POST or GET as stated in the http://us2.php.net/manual/en/function.fsockopen.php with the user's comment. What could be more difficult than this? --snip-- $host = 192.168.0.2; $port = 443; $url_str = ssl://www.whatever.com?str1=truestr2=falsestr3=true; $fp = fsockopen(ssl://.$host, $port, $errno, $errstr, $timeout = 30); if(!$fp){ echo $errstr ($errno)\n; }else{ //send out to the browser. fputs($fp, Location: .$url_str.\r\n); fclose($fp); } FletchSOD -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: RE:[PHP] login scripts not secure?? help!
You can use the HTTP Authentication instead for username and password. Andy B [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] [snip] There is no way to inject any kind of data to the super-global Arrays at all [snip] duhhh...how come i didnt think of that... well..guess its long nights without coffee.. tnx... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Constants
Thanks, will do. Red Wingate [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Give this a read: http://marc.theaimsgroup.com/?l=php-devm=107936530102181w=2 Am Dienstag, 23. März 2004 15:16 schrieb Red Wingate: IIRC it was changed to self::CONST_NAME recently interface Settings { const UNAME = somename; const PWORD = password; const SERVER = localhost; } class Conn implements Settings { public function __construct(){ $dbConn = mysql_connect(self::SERVER, self::UNAME, self::PWORD); } } -- red -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Bogus headers returned by firewalls
Pablo Gosse a écrit : munging up the HTTP_REFERER for a page? In HTTP, Referer is an OPTIONAL field in the HTTP/1.1 spec (see rfc 2616). I saw many strange referers (like 'Empty', 'bookmarks' 'XXX++', 'Removed by YYY', etc) sent or modified by security assistants, browsers, spiders... You can throw away many referers because of this (perhaps 20%) Some user agent (ex browsers) are broken and send bad referers (some mozilla, some browsers on Mac did this, from my memory). Relying on the referer is not the best solution - can be faked (using scripts, not std browser, well, ok) - referer is not mandatory and not reliable - pblm will only rise (privacy concerns is main reason, thousands of companies use systems 'cleaning' the referers) Hope this helps Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: RE:[PHP] login scripts not secure?? help!
[snip] You can use the HTTP Authentication instead for username and password. [/snip] no i cant this time because the people want the login form to follow their color setup and stuff and with www-authenticate: box you cant do that...so for this project its out of the question... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHPSESSID in passthru
Guillouet Nicolas wrote: Hi, I discover a surprising thing with PHPSESSID, I try something like this : $var=htmldoc -t html --quiet '' 'https://login:[EMAIL PROTECTED]/file.php?documentIdent=157typeAffiche=3PHPSESSID=068dd351a106bb6ead80e11a27f75100'; echo 'var='.$var; passthru($var); passthru is waiting for and don't give the result. In the other hand, if I use an other word than PHPSESSID it works. It seems to be a security constraint, how can I do to forcing PHP to use it ? Could be that your sessions are set up to work with cookies, this mechanism that you are using will not send the cookie to the browser and thus it causes the wait state. -- Raditha Dissanayake. - http://www.radinks.com/print/upload.php SFTP, FTP and HTTP File Upload solutions -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session_register vs. $_SESSION superglobal
Hi, Newbie warning - this may be extremely simple. I've been given a bit of code to get to work on our test machines, but at the moment I'm drawing a blank. As far as I can tell the problem lies in the dev. using a server environment with register_globals = On, while we use the default setting of register_globals = Off. The culprit in this seems to be this bit of code: session_start(); session_register(user); session_register(pass); Which probably works with register_globals = On, however I'd like to go with the default and more safe setting of register_globals = Off. As far as I understand it I need to replace the two session_register(*) lines with the superglobal $_SESSION, but I'm not sure of the syntax, at first I tried this: session_start(); $_SESSION = user; $_SESSION = pass; This doesn't work of course, but as I said I'm unsure of how the $_SESSION superglobal is used, and the info I've found about it didn't shed much light... I hope I'm just tired today 8-) Another semi-related question is, is it common to include the username and password for a site directly in the PHP code on a site... even if it is in an include file? -- /KLL -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] RE:[PHP] session_register vs. $_SESSION superglobal
[snip] session_start(); $_SESSION = user; $_SESSION = pass; This doesn't work of course, but as I said I'm unsure of how the $_SESSION superglobal is used, and the info I've found about it didn't shed much light... I hope I'm just tired today 8-) Another semi-related question is, is it common to include the username and password for a site directly in the PHP code on a site... even if it is in an include file? [/snip] first $_SESSION works like this: session_start(); $_session[user]=$_POST[user];//if using register_globals=off $_SESSION[user]=$user;//if register_globals=on..unsafe though $_SESSION superglobal is an array (usually associative) meaning that the element of the array (the part in the []) is either a variable name or some custom name instead of the element number $_POST[user] and $user are 2 different variables if register_globals=off... to answer the second question about user/password names in scripts...if at all possible avoid it at any cost to yourself...even in an include file... use some other way to store/retrieve the user/password (mysql or something like that). and for me if its a password i usually encrypt it before storing it.. hope that helps.. grin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: RE:[PHP] session_register vs. $_SESSION superglobal
$_session[user]=$_POST[user];//if using register_globals=off Actually, $_SESSION with a capital letters does work... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: RE:[PHP] login scripts not secure?? help!
Then do what I did, the script below is only an example.. --snip-- ? if ($_REQUEST['dw'] == 0) { session_start() $_SESSION['username'] = ; //Wherever you got the userid from $_SESSION['password'] = ; //Wherever you got the password from //if successful header(Location: *); } else if ($_REQUEST['dw'] == 1) { //blah blah blah } ? form method=POST action=page1.php?dw=0 a href=page1.php?dw=1page1/a --snip-- That way, no one see the hidden code in html stuff like a href='' or form *** action='' for example. Hope that will give you an idea... :-) FletchSOD Andy B [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] [snip] You can use the HTTP Authentication instead for username and password. [/snip] no i cant this time because the people want the login form to follow their color setup and stuff and with www-authenticate: box you cant do that...so for this project its out of the question... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: RE:[PHP] login scripts not secure?? help!
Here's what I do, maybe this will help to give you an idea... --snip-- ? if ($_REQUEST['dw'] == 0) { session_start(); $_SESSION['username'] = ; //Wherever you got the username from... $_SESSION['password'] = ; //Wherever you got hte password from... } else if ($_REQUEST['dw'] ==1) { //blah blah } ? form *** action=page1.php?dw=0 a href=page1.php?dw=1 --snip-- Andy B [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] [snip] You can use the HTTP Authentication instead for username and password. [/snip] no i cant this time because the people want the login form to follow their color setup and stuff and with www-authenticate: box you cant do that...so for this project its out of the question... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SQL Injection check (mysql)
snip The idea is exactly not to do any queries dynamically generated based on user input! In the rare cases where this is needed you should not allow any unparsed input. /snip A RARE case, in the world of web applications??? Hardly! I agree that in an optimal situation queries will not be based on user input, but in the world of the web this is a pipe dream. In 99.99% of the cases there will be some dynamic element to a query. The only safeguard is to validate the hell out of the data. P. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] replacing chars in input
Hi, all -- I would like to make things easier for my users and replace all of the garbage characters `';:[EMAIL PROTECTED]*()[]{}/?\|+= plus white space (\s) with underscores in the input. I am, however, having trouble getting my regexp to work. I can comfortably do $i = preg_replace(/[\s]/,_,$i) ; but trying to add other chars doesn't do a thing. I want to end up with A-Za-z0-9_- (letters, numbers, underscore and dash). If there isn't a handy character class waiting for me, what must I do to get those chars replaced? TIA HAND :-D -- David T-G * There is too much animal courage in (play) [EMAIL PROTECTED] * society and not sufficient moral courage. (work) [EMAIL PROTECTED] -- Mary Baker Eddy, Science and Health http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg! pgp0.pgp Description: PGP signature
[PHP] Re: RE:[PHP] session_register vs. $_SESSION superglobal
(This msg. may arrive twice, with two different senders, I've had a little trouble with the news server) Hi, thanks for your reply. first $_SESSION works like this: session_start(); $_session[user]=$_POST[user];//if using register_globals=off $_SESSION[user]=$user;//if register_globals=on..unsafe though $_SESSION superglobal is an array (usually associative) meaning that the element of the array (the part in the []) is either a variable name or some custom name instead of the element number $_POST[user] and $user are 2 different variables if register_globals=off... Just a couple of questions. 1. I tried adding the lines as you wrote them, but then I got a Notice: Use of undefined constant user - assumed 'user' in [FILENAME], I assume I need to add quotation marks around user on both sides of the equal sign, that at least removes that notice. 2. I also get a Notice: Undefined index: user in [FILENAME], do I need to declare the $_SESSION variable before populating it? to answer the second question about user/password names in scripts...if at all possible avoid it at any cost to yourself...even in an include file... use some other way to store/retrieve the user/password (mysql or something like that). and for me if its a password i usually encrypt it before storing it.. This was what I thought too The code we got from this person seems all messed up, I'm starting to wonder if it wouldn't be easier for me to build things from scratch rather than try to fix this *sigh*. hope that helps.. I'm pretty sure that it will, once I get my head around this 8-) /KLL -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] fsockopen to spit out the HTTP's Location...
In plain english, can't use the header(Location: ), so have to use the fsockopen() instead. Just that header() is not allowed, don't ask me why. Just couldn't get the browser perform the HTTP LOCATION event. --snip-- $host = 192.168.0.2; $port = 443; $url_str = ssl://www.whatever.com?str1=truestr2=falsestr3=true; $fp = fsockopen(ssl://.$host, $port, $errno, $errstr, $timeout = 30); --snip-- //send out to the browser. fputs($fp, Location: .$url_str.\r\n); That won't get sent to the browser, it will get sent to 192.168.0.2, which is (I guess) some machine behind your router. You can't initiate a TCP connection -- what fsockopen does -- with the client's machine. I'll ask even though you said not to - Why doesn't header() work? - michal migurski- contact info and pgp key: sf/cahttp://mike.teczno.com/contact.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] replacing chars in input
I want to end up with A-Za-z0-9_- (letters, numbers, underscore and dash). If there isn't a handy character class waiting for me, what must I do to get those chars replaced? $out = preg_replace('/\W+/', '', $in); - michal migurski- contact info and pgp key: sf/cahttp://mike.teczno.com/contact.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session.bug_compat_42
This has nothing to do with the browser. Instead of using session_register(last_time) and setting $last_time, do this: $_SESSION['last_time'] = time(); It's shorter and it will make the warning go away. -Rasmus On Tue, 23 Mar 2004, James E Hicks III wrote: What does the code look like that is causing this error? I know I can turn the error off but how do I fix the code that is causing it? Warning: Unknown(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0 It only seems to appear when viewed using MSIE, Konqueror and Mozilla do not display this error, why? Here is some example code that I am using. ?php if (!session_is_registered('U_SI')) { #do some stuff. } session_register(last_time); $last_time = time(); echo $_SESSION['last_time']; ? Here are some settings from php.ini from the server that is giving the error. /etc/php4/php.ini register_globals = Off [Session] session.save_handler = files session.save_path = /tmp session.use_cookies = 1 session.name = PHPSESSID session.auto_start = 1 session.cookie_lifetime = 0 session.cookie_path = / session.cookie_domain = session.serialize_handler = php session.gc_probability = 1 session.gc_divisor = 100 session.gc_maxlifetime = 1440 session.bug_compat_42 = 1 session.bug_compat_warn = 1 session.referer_check = session.entropy_length = 0 session.entropy_file = session.cache_limiter = nocache session.cache_expire = 180 session.use_trans_sid = 0 url_rewriter.tags = a=href,area=href,frame=src,input=src,form=,fieldset= PHP 4.3.2 (cli) (built: Aug 12 2003 14:25:22) Copyright (c) 1997-2003 The PHP Group Zend Engine v1.3.0, Copyright (c) 1998-2003 Zend Technologies with Turck MMCache v2.3.20, Copyright (c) 2002-2003 TurckSoft, St. Petersburg, by Dmitry Stogov James Hicks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] receiving ndr for each email sent to list
Jay Blanchard mailto:[EMAIL PROTECTED] on Tuesday, March 23, 2004 5:27 AM said: [snip] (no theories please. unless it's correct. in which case it's ok. :) [/snip] ROFLMFAO! If it is correct then it is no longer theory! Sorry Chris, maybe I should go lay down. exactly! that's what i'm saying! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] login scripts not secure?? help!
--- Andy B [EMAIL PROTECTED] wrote: i run into the deal where most login scripts check to see if $_SESSION[username] or a $_SESSION var has been set or is valid. i noticed this could be a very bad thing because there is nothing stopping an outside link from doing something like: a href=securepage.php?_SESSION[username]=admin_SESSION[pwd]=passwordgo to secure page/a and being valid (that is if they manage to hack the user/pwd)... Not to be rude, but it looks like you're just making stuff up. Did you try this? The $_SESSION array is safe in the sense that a user cannot directly manipulate it. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: RE:[PHP] login scripts not secure?? help!
[snip] Then do what I did, the script below is only an example.. --snip-- ? if ($_REQUEST['dw'] == 0) { session_start() $_SESSION['username'] = ; //Wherever you got the userid from $_SESSION['password'] = ; //Wherever you got the password from //if successful header(Location: *); } else if ($_REQUEST['dw'] == 1) { //blah blah blah } ? [/snip] will test it and play with it a little but will it let the admin go from a login required part of the site to a public/free access part of the site i.e. jump out of the session without losing any currently open sessions?? they need to be able to go from the login section (admin only part) to the public part and back to the admin part again without having to login again unless the browser is closed from that site... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SQL Injection check (mysql)
--- Michael Rasmussen [EMAIL PROTECTED] wrote: The idea is exactly not to do any queries dynamically generated based on user input! This argument still makes no sense to me. Originally, you stated that a better option to filtering and escaping data was to use a prepared statement. Some of us have decided that you are referring to stored procedures. You still have yet to defend your original statement in my mind. If there is no foreign data of any kind in a query, it doesn't really matter how the query is processed. For every other case (not as rare as you seem to think), data filtering is a must. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] fsockopen to spit out the HTTP's Location...
--- Scott Fletcher [EMAIL PROTECTED] wrote: In plain english, can't use the header(Location: ), so have to use the fsockopen() instead. Just that header() is not allowed, don't ask me why. I'm asking anyway. :-) You cannot (thank goodness) connect to a remote client with fsockopen(), so you can probably save yourself some trouble by forgetting this whole approach. You need to focus on why header() is not working for you, because this is the way to send HTTP headers to the client. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: RE:[PHP] login scripts not secure?? help!
Um, you would be able to jump out of the admin area (logged in area) to public/free area and back to the admin area (logged in area) only if either one of these two, not necessnary both is maintained on every webpage of that website, 1) session_start() or 2) session_id via links/form. But if the person go to a website like Google or something and back then no, it would not be possible unless there is a known way for the web browser to hold the token like cookie for example. FletchSOD Andy B [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] [snip] Then do what I did, the script below is only an example.. --snip-- ? if ($_REQUEST['dw'] == 0) { session_start() $_SESSION['username'] = ; //Wherever you got the userid from $_SESSION['password'] = ; //Wherever you got the password from //if successful header(Location: *); } else if ($_REQUEST['dw'] == 1) { //blah blah blah } ? [/snip] will test it and play with it a little but will it let the admin go from a login required part of the site to a public/free access part of the site i.e. jump out of the session without losing any currently open sessions?? they need to be able to go from the login section (admin only part) to the public part and back to the admin part again without having to login again unless the browser is closed from that site... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: session.bug_compat_42
James E Hicks III wrote: What does the code look like that is causing this error? I know I can turn the error off but how do I fix the code that is causing it? Warning: Unknown(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0 It only seems to appear when viewed using MSIE, Konqueror and Mozilla do not display this error, why? Here is some example code that I am using. ?php if (!session_is_registered('U_SI')) { #do some stuff. } session_register(last_time); $last_time = time(); echo $_SESSION['last_time']; ? Here are some settings from php.ini from the server that is giving the error. /etc/php4/php.ini register_globals = Off [Session] session.save_handler = files session.save_path = /tmp session.use_cookies = 1 session.name = PHPSESSID session.auto_start = 1 session.cookie_lifetime = 0 session.cookie_path = / session.cookie_domain = session.serialize_handler = php session.gc_probability = 1 session.gc_divisor = 100 session.gc_maxlifetime = 1440 session.bug_compat_42 = 1 session.bug_compat_warn = 1 session.referer_check = session.entropy_length = 0 session.entropy_file = session.cache_limiter = nocache session.cache_expire = 180 session.use_trans_sid = 0 url_rewriter.tags = a=href,area=href,frame=src,input=src,form=,fieldset= PHP 4.3.2 (cli) (built: Aug 12 2003 14:25:22) Copyright (c) 1997-2003 The PHP Group Zend Engine v1.3.0, Copyright (c) 1998-2003 Zend Technologies with Turck MMCache v2.3.20, Copyright (c) 2002-2003 TurckSoft, St. Petersburg, by Dmitry Stogov James Hicks It's complaining because you're registering last_time then using the global $last_time to set the value. You should be using $_SESSION['last_time'] = 'value'. In addition, you also don't need to use the session_ functions. All you need is $_SESSION. For session_is_registered() just use isset($_SESSION['key']). For session_register() use $_SESSION['key'] = 'value'. For session_unregister() use unset($_SESSION['key']). -- paperCrane Justin Patrin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session_register vs. $_SESSION superglobal
Kim L. Laage wrote: (This msg. may arrive twice, with two different senders, I've had a little trouble with the news server) Hi, thanks for your reply. first $_SESSION works like this: session_start(); $_session[user]=$_POST[user];//if using register_globals=off $_SESSION[user]=$user;//if register_globals=on..unsafe though $_SESSION superglobal is an array (usually associative) meaning that the element of the array (the part in the []) is either a variable name or some custom name instead of the element number $_POST[user] and $user are 2 different variables if register_globals=off... Just a couple of questions. 1. I tried adding the lines as you wrote them, but then I got a Notice: Use of undefined constant user - assumed 'user' in [FILENAME], I assume I need to add quotation marks around user on both sides of the equal sign, that at least removes that notice. 2. I also get a Notice: Undefined index: user in [FILENAME], do I need to declare the $_SESSION variable before populating it? This is due to using this syntax: $_SESSION[user] You want to do this instead: $_SESSION['user'] = $_POST['user']; Whenever you index into an associative array, you should use strings for the key/index (i.e. use quotation marks). That is, unless you're using define(), but that's out of scope for this thread. ;-) -- paperCrane Justin Patrin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] fsockopen to spit out the HTTP's Location...
Boy! Everyone here is itching for an answer!!! :-) Sigh! Well, I guess all web browsers suck at it by the way!! Michal Migurski from other posting had explained that fsockopen() do the TCP stuff or the Transport Layer. So, no wonder fsockopen() can't get to the Network layer, like the IP Address stuff. I'll think of a workaround to the header() instead. I don't want to use cURL because it take more time. And finally, for those of you who are dying to know the answer to why I can't use the header(). It's the 3rd party coding that contain the code, --snip-- if(headers_sent()) $this-Error(' '); --snip-- FletchSOD Chris Shiflett [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] --- Scott Fletcher [EMAIL PROTECTED] wrote: In plain english, can't use the header(Location: ), so have to use the fsockopen() instead. Just that header() is not allowed, don't ask me why. I'm asking anyway. :-) You cannot (thank goodness) connect to a remote client with fsockopen(), so you can probably save yourself some trouble by forgetting this whole approach. You need to focus on why header() is not working for you, because this is the way to send HTTP headers to the client. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: replacing chars in input
David T-G wrote: Hi, all -- I would like to make things easier for my users and replace all of the garbage characters `';:[EMAIL PROTECTED]*()[]{}/?\|+= plus white space (\s) with underscores in the input. I am, however, having trouble getting my regexp to work. I can comfortably do $i = preg_replace(/[\s]/,_,$i) ; but trying to add other chars doesn't do a thing. I want to end up with A-Za-z0-9_- (letters, numbers, underscore and dash). If there isn't a handy character class waiting for me, what must I do to get those chars replaced? TIA HAND :-D $i = preg_replace('/[^A-Za-z0-9_-]/', '_', $i); That means anything that is not in that class should be replaced with '_'. -- paperCrane Justin Patrin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] fsockopen to spit out the HTTP's Location...
See the reply to the Chris Shiflett's reply... Michal Migurski [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] In plain english, can't use the header(Location: ), so have to use the fsockopen() instead. Just that header() is not allowed, don't ask me why. Just couldn't get the browser perform the HTTP LOCATION event. --snip-- $host = 192.168.0.2; $port = 443; $url_str = ssl://www.whatever.com?str1=truestr2=falsestr3=true; $fp = fsockopen(ssl://.$host, $port, $errno, $errstr, $timeout = 30); --snip-- //send out to the browser. fputs($fp, Location: .$url_str.\r\n); That won't get sent to the browser, it will get sent to 192.168.0.2, which is (I guess) some machine behind your router. You can't initiate a TCP connection -- what fsockopen does -- with the client's machine. I'll ask even though you said not to - Why doesn't header() work? - michal migurski- contact info and pgp key: sf/cahttp://mike.teczno.com/contact.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Domain Sub-domain Handling with PHP
Hi, I've done loads and loads with PHP and MySQL and stuff like that... but never had to really deal with actually creating new domains and subdomains with PHP. Especially with subdomains, I've seen lots of sites create subdomains automatically. What is the best technique for doing all this (if there is one)? I'm sure I could hack something together (I always have) but I'd really like the best way - cleanest, fastest, whatever the technique may be. Thanks, Galen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: RE:[PHP] login scripts not secure?? help!
Scott Fletcher wrote: Um, you would be able to jump out of the admin area (logged in area) to public/free area and back to the admin area (logged in area) only if either one of these two, not necessnary both is maintained on every webpage of that website, 1) session_start() or 2) session_id via links/form. But if the person go to a website like Google or something and back then no, it would not be possible unless there is a known way for the web browser to hold the token like cookie for example. By default the session id (token) _is_ maintained in a cookie, so it wouldn't matter where you go, the cookie would still be present. That means your user can go back and forth between areas without any problem. You only need the session_start() in the admin areas to start and retrieve the existing session. The cookie will be maintained whether session_start() is encountered or not so long as the browser window stays open. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] fsockopen to spit out the HTTP's Location...
And finally, for those of you who are dying to know the answer to why I can't use the header(). It's the 3rd party coding that contain the code, --snip-- if(headers_sent()) $this-Error(' '); --snip-- Why not delete that part of the 3rd party code then? Or send your Location header before you call it? Curl won't help you here, for the same reasons that fsockopen won't work. - michal migurski- contact info and pgp key: sf/cahttp://mike.teczno.com/contact.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] fsockopen to spit out the HTTP's Location...
--- Scott Fletcher [EMAIL PROTECTED] wrote: Sigh! Well, I guess all web browsers suck at it by the way! Suck at what exactly? Michal Migurski from other posting had explained that fsockopen() do the TCP stuff or the Transport Layer. So, no wonder fsockopen() can't get to the Network layer, like the IP Address stuff. What do you consider to be the network layer? This figure might be helpful to you: http://shiflett.org/images/18fig06.jpg I don't want to use cURL because it take more time. A better reason is that it also cannot make a connection to a remote client. And finally, for those of you who are dying to know the answer to why I can't use the header(). It's the 3rd party coding that contain the code, --snip-- if(headers_sent()) $this-Error(' '); --snip-- Yeah, this is why everyone was interested - you're wrong. :-) That code will throw an error is headers have already been sent. Headers are sent as soon as output begins, so you can either set all of your headers prior to any output or use output buffering with ob_start(). So, use header(). Hope that helps. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Oracle 8i -- execution stops
When I make a complex query to a table with 500,000 rows via PHP, my web browser thinks for a minute and then stops the execution of the script with no error messages at all. I have set the max_execution_time to 400 and called error_reporting(E_ALL) with the same results. I'm using PHP 4.3.1 and Oracle 8i with Solaris 5.8. I'm using the ORA functions because my sysadmin has not enabled the OCI functions. Oh, I'm also calling ora_commiton($conn) at the start of every script. What's really strange is that I can often hit Refresh after a halt like this, and the script will then work perfectly. I don't understand why that is because I examine the $_REQUEST and $_SESSION variables each time, and nothing is changing. Any advice would be greatly appreciated. I normaly use MySQL or SQL Server, so I'm assuming my Oracle ignorance is to blame. Thanks! Matt _ Check out MSN PC Safety Security to help ensure your PC is protected and safe. http://specials.msn.com/msn/security.asp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Clearing Post Data with IE
Is there a way to get it so that i can clear _post and get it so they arent in the header?? After you've finished all of the processing, just do: header( 'location: ' . $_SERVER['PHP_SELF'] ); exit(); Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Domain Sub-domain Handling with PHP
Galen wrote: Hi, I've done loads and loads with PHP and MySQL and stuff like that... but never had to really deal with actually creating new domains and subdomains with PHP. Especially with subdomains, I've seen lots of sites create subdomains automatically. What is the best technique for doing all this (if there is one)? I'm sure I could hack something together (I always have) but I'd really like the best way - cleanest, fastest, whatever the technique may be. Thanks, Galen You're confusing a couple of concepts I think. PHP cannot create subdomains and such (unless you alter your DNS records with PHP, but I don't think that's what you're talking about.) Some other people have suggested having your DNS set up to resolve all sub-domains to your main web server, then using a custom 404 script (or index on the site) to look at the requested URL and redirect accordingly. -- paperCrane Justin Patrin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SQL Injection check (mysql)
On Tue, 23 Mar 2004 08:25:32 -0800, Pablo Gosse wrote: A RARE case, in the world of web applications??? Hardly! I agree that in an optimal situation queries will not be based on user input, but in the world of the web this is a pipe dream. In 99.99% of the cases there will be some dynamic element to a query. The only safeguard is to validate the hell out of the data. I don't know which web applications you develop, but the ones I have be developing the last 10 years all user interaction was done thrue forms where users where asked specific question, and the input to these specific questions where used as input in prepared statements. Eg. select tuple1.table1, tuple1.table2, tuple3.table1 from table1, table2 where tuple1.table1 = tuple1.table2 and tuple1.table1=? and tuple3.table3? and so forth. In any case the users input where to be used in queries defined by the design of the application! I think you have misunderstod the concepts of making queries based on user input. It is not the users who should create the query, all to should do is provide the input to narrow down the queries. -- Hilsen/Regards Michael Rasmussen -- Beauty and harmony are as necessary to you as the very breath of life. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SQL Injection check (mysql)
On Tue, 23 Mar 2004 09:27:29 -0800, Chris Shiflett wrote: This argument still makes no sense to me. Originally, you stated that a better option to filtering and escaping data was to use a prepared statement. Some of us have decided that you are referring to stored procedures. You still have yet to defend your original statement in my mind. If there is no foreign data of any kind in a query, it doesn't really matter how the query is processed. For every other case (not as rare as you seem to think), data filtering is a must. See my reply to Pablo Gosse. -- Hilsen/Regards Michael Rasmussen -- It was all so different before everything changed. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SQL Injection check (mysql)
--- Michael Rasmussen [EMAIL PROTECTED] wrote: I think you have misunderstod the concepts of making queries based on user input. It is not the users who should create the query, all to should do is provide the input to narrow down the queries. To be honest, I think Pablo understands the concepts quite well, and you seem to have the misunderstanding. I'm happy to be wrong about this, but you'll need to explain yourself more instead of making these types of vague statements. As it is, I just don't buy your argument at all. How can user input only narrow down queries? Are you telling me that you've never had to write an application that had to store data originating from a foreign source? If so, that's fine, but don't use your inexperience to try to convince others that data filtering is unnecessary. If you're only talking about SELECT statements, that's also fine, but it's also rather irrelevant to the topic at hand (which might explain the confusion). Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SQL Injection check (mysql)
snip PG A RARE case, in the world of web applications??? Hardly! PG PG I agree that in an optimal situation queries will not be based on PG user input, but in the world of the web this is a pipe dream. In PG 99.99% of the cases there will be some dynamic element to a query. PG The only safeguard is to validate the hell out of the data. I don't know which web applications you develop, but the ones I have be developing the last 10 years all user interaction was done thrue forms where users where asked specific question, and the input to these specific questions where used as input in prepared statements. Eg. select tuple1.table1, tuple1.table2, tuple3.table1 from table1, table2 where tuple1.table1 = tuple1.table2 and tuple1.table1=? and tuple3.table3? and so forth. In any case the users input where to be used in queries defined by the design of the application! I think you have misunderstod the concepts of making queries based on user input. It is not the users who should create the query, all to should do is provide the input to narrow down the queries. /snip I have not misunderstood the concepts of making queries based on user input. I think the issue here is we all need to clarify what we're referring to as user input, because ultimately we are all saying the same thing. 1) Hard coding a query into an application is good, if the situation permits it; 2) Letting a user select (or enter) a value(s) to be used in a query is good, as long as you validate the hell out of said value(s); 3) Letting a user arbitrarily enter unvalidated value(s) to be used in a query is very very stupid and very very bad, and done far too often. In a broader scope I would here consider to be user input ANY input which is not hard coded into the application, and any input which is not hard coded should be thoroughly examined before being used. I've not misunderstood the concept, we're all saying the same thing, just in different ways. Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] fsockopen to spit out the HTTP's Location...
Sigh! Well, I guess all web browsers suck at it by the way! Suck at what exactly? Not suck at receiving the HTTP commands from the webserver but suck at not receiving the HTTP commands from the PHP. :-) I understand how the browser/webserver communication work so no wonder why it doesn't work. Kind of make you jealous of the flash player that are both client and server side on the web-browser What do you consider to be the network layer? This figure might be helpful to you: http://shiflett.org/images/18fig06.jpg Application -- Web Browser/Web Server Presentation -- HTTP/HTTPS/SSL and language (HTML/JavaScript, etc). Session -- Browser-Server connection, etc. Transport -- Port 80/Port 443, packet transfer control, etc. Network -- IP Address/Internet/Router Data Link -- Network card driver/binding Physical -- Media stuffs (Network cable, wireless, etc). Yeah, this is why everyone was interested - you're wrong. :-) Me wrong? Really! :-) That code will throw an error is headers have already been sent. Headers are sent as soon as output begins, so you can either set all of your headers prior to any output or use output buffering with ob_start(). So, use header(). Yea, working on it Wish can make the 3rd party software come after the header().. FletchSOD -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] fsockopen to spit out the HTTP's Location...
Why not delete that part of the 3rd party code then? Or send your Location header before you call it? Curl won't help you here, for the same reasons that fsockopen won't work. Not sure about deleting the part of the 3rd party code though, I had thought about it alot and I had been itching for it. Can't say that I would remember this 2 months from now with the upgrading parting. Location header, it wouldn't hurt to move it around in the script. FletchSOD -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] fsockopen to spit out the HTTP's Location...
--- Scott Fletcher [EMAIL PROTECTED] wrote: Application -- Web Browser/Web Server Presentation -- HTTP/HTTPS/SSL and language (HTML/JavaScript, etc). Session -- Browser-Server connection, etc. Transport -- Port 80/Port 443, packet transfer control, etc. Network -- IP Address/Internet/Router Data Link -- Network card driver/binding Physical -- Media stuffs (Network cable, wireless, etc). In this case, fsockopen() basically handles everything from the Transport layer down, and whatever you write needs to handle everything from the Session layer up. So, use header(). Yea, working on it Wish can make the 3rd party software come after the header().. You don't have to. All you have to do is make sure no output comes before your 3rd party software. If you can't avoid this, you can put ob_start() at the very top, and PHP will buffer the output for you, so that headers aren't sent until the script terminates. Whatever works best for you. Hope that helps. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] http webmail problems.
On some webmail programs, when I send them an email from php, they appear as being blank emails. Here's the code I am using: $headers .= From: \$WEBSITE_name\ $ADMIN_email\n; $headers .= X-Sender: $ADMIN_email\n; $headers .= X-Mailer: $WEBSITE_name Mailer\n; // mailer $headers .= X-Priority: 1\n; // Urgent message! $headers .= Return-Path: $ADMIN_email\n; // Return path for errors $headers .= MIME-version: 1.0\n; $headers .= Content-type: multipart/mixed; ; $headers .= boundary=\Message-Boundary\\n; $headers .= Content-transfer-encoding: 7BIT\n; $message = --Message-Boundary\n; $message .= Content-Type: text/html; charset=iso-8859-1\n; // Mime type $message .= Content-transfer-encoding: 7BIT\n; $message .= Content-description: Mail message body\n\n; $message .= bTest message with html/b; mail($email, Test HTML message., $message, $headers); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Null Variables after session_register() ( Radio Inputs Problem )
Apologies if this has been asked before, I'm experiencing problems with Session Variables and Radio Inputs values. For some reason, after I use session_register(number) where $number has 3 possible values { 1,2,3 }, $number IS NULL. If I don't use session_register(number), $number IS NOT NULL. I did not see any difference with checkbox inputs either. Any help would be greatly appreciated. Thank you. -gohaku !--Form.html-- form action=session.php method=POST Name: input type=text name=name size=30br input type=radio name=number value=1 CHECKED1br input type=radio name=number value=22br input type=radio name=number value=33br input type=submit name=submit value=Session Test /form ? /***Session.php**/ $varcount = 0; if($name) { $varcount++;} if($number){$varcount++;} session_start(); session_register(name); session_register(number); ? html headtitle?=$number?/title/head -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: http webmail problems.
Tom Reed wrote: On some webmail programs, when I send them an email from php, they appear as being blank emails. Here's the code I am using: $headers .= From: \$WEBSITE_name\ $ADMIN_email\n; $headers .= X-Sender: $ADMIN_email\n; $headers .= X-Mailer: $WEBSITE_name Mailer\n; // mailer $headers .= X-Priority: 1\n; // Urgent message! $headers .= Return-Path: $ADMIN_email\n; // Return path for errors $headers .= MIME-version: 1.0\n; $headers .= Content-type: multipart/mixed; ; $headers .= boundary=\Message-Boundary\\n; $headers .= Content-transfer-encoding: 7BIT\n; $message = --Message-Boundary\n; $message .= Content-Type: text/html; charset=iso-8859-1\n; // Mime type $message .= Content-transfer-encoding: 7BIT\n; $message .= Content-description: Mail message body\n\n; $message .= bTest message with html/b; mail($email, Test HTML message., $message, $headers); Try using PEAR's Mail_MIME class. It will do this kind of thing for you. http://pear.php.net/package/Mail_MIME -- paperCrane Justin Patrin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Null Variables after session_register() ( Radio Inputs Problem )
Gohaku wrote: Apologies if this has been asked before, I'm experiencing problems with Session Variables and Radio Inputs values. For some reason, after I use session_register(number) where $number has 3 possible values { 1,2,3 }, $number IS NULL. If I don't use session_register(number), $number IS NOT NULL. I did not see any difference with checkbox inputs either. Any help would be greatly appreciated. Thank you. -gohaku !--Form.html-- form action=session.php method=POST Name: input type=text name=name size=30br input type=radio name=number value=1 CHECKED1br input type=radio name=number value=22br input type=radio name=number value=33br input type=submit name=submit value=Session Test /form ? /***Session.php**/ $varcount = 0; if($name){$varcount++;} if($number){$varcount++;} session_start(); session_register(name); session_register(number); ? html headtitle?=$number?/title/head You may want to look into using the superglobal $_SESSION instead of using session_register and global variables. It's far more secure and generally works without so many problems. -- paperCrane Justin Patrin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: RE:[PHP] login scripts not secure?? help!
Also remember to keep in mind, some user's browser had the cookie disabled. Once that happen then it wouldn't work. John W. Holmes [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Scott Fletcher wrote: Um, you would be able to jump out of the admin area (logged in area) to public/free area and back to the admin area (logged in area) only if either one of these two, not necessnary both is maintained on every webpage of that website, 1) session_start() or 2) session_id via links/form. But if the person go to a website like Google or something and back then no, it would not be possible unless there is a known way for the web browser to hold the token like cookie for example. By default the session id (token) _is_ maintained in a cookie, so it wouldn't matter where you go, the cookie would still be present. That means your user can go back and forth between areas without any problem. You only need the session_start() in the admin areas to start and retrieve the existing session. The cookie will be maintained whether session_start() is encountered or not so long as the browser window stays open. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] CGI Error
Hi All, I am getting this error when I trying to pass some url params; CGI Error The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are: And nothing Has anybody seen this before? I did a search and it seems that there are a few references to it, but nobody seems to have an explanation. alex hogan ** The contents of this e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom it is addressed. The views stated herein do not necessarily represent the view of the company. If you are not the intended recipient of this e-mail you may not copy, forward, disclose, or otherwise use it or any part of it in any form whatsoever. If you have received this e-mail in error please e-mail the sender. **
[PHP] Can i get all content for list box in $_POST
Hi All, I have a list box in a page (html select tag with multiple selection option). Items are added dynamically in list box, using javascript. Can i get all elements of listbox in my php code. If i do $_POST['select_tag_name']. I get a variable not an array. Thus getting only one item. Comments? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: replacing chars in input
Justin, et al -- ...and then Justin Patrin said... % % David T-G wrote: % % I would like to make things easier for my users and replace all of the % garbage characters % % `';:[EMAIL PROTECTED]*()[]{}/?\|+= % % plus white space (\s) with underscores in the input. I am, however, % having trouble getting my regexp to work. ... % % If there isn't a handy character class waiting for me, what must I do to % get those chars replaced? % % $i = preg_replace('/[^A-Za-z0-9_-]/', '_', $i); % % That means anything that is not in that class should be replaced with '_'. *duh* Of course! Brilliant in its simplicity. I can't wait to try it. % % -- % paperCrane Justin Patrin Thanks HAND :-D -- David T-G * There is too much animal courage in (play) [EMAIL PROTECTED] * society and not sufficient moral courage. (work) [EMAIL PROTECTED] -- Mary Baker Eddy, Science and Health http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg! pgp0.pgp Description: PGP signature
RE: [PHP] Can i get all content for list box in $_POST
Sheeraz fazal wrote: Hi All, I have a list box in a page (html select tag with multiple selection option). Items are added dynamically in list box, using javascript. Can i get all elements of listbox in my php code. If i do $_POST['select_tag_name']. I get a variable not an array. Thus getting only one item. Comments? http://www.php.net/manual/en/faq.html.php#faq.html.select-multiple -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Image Storage
Matt -- ...and then Matt Palermo said... % % I am creating a system to allow users to upload images to the site. Would % it be better to store the images in a MySQL table, or having it save the % images to a directory on the server? Anyone have any suggestions on this? % Pros? Cons? This has been debated to death; check the archives. Although there are passionate arguments for both approaches, I *think* that the consensus for general applications where you don't have a specific reason to put them in the DB is to go with the filesystem -- but, then, I'm also a subscriber of that camp :-) % % Thanks, % % Matt % http://sweetphp.com/ HTH HAND :-D -- David T-G * There is too much animal courage in (play) [EMAIL PROTECTED] * society and not sufficient moral courage. (work) [EMAIL PROTECTED] -- Mary Baker Eddy, Science and Health http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg! pgp0.pgp Description: PGP signature
[PHP] Storing encrypted data in a database with
Good afternoon! I am storing some encrypted data using PHP to do the encryption and a MySQL database. I have encountered a couple of times where I get back a query sytax error. INSERT INTO `test`.`tblEncTest` (`encAlg`, `encMode`, `encIV`, `reqName`, `reqSSN`, `reqEMail`) VALUES ( 'blowfish', 'cbc', '3I}', ' p_9', 'kf?Qg', '-%+AR'HXppT 7 GH' ) You have an error in your SQL syntax near 'HXppT 7 GH' ) ' at line 1 Now, if you look closely you can see and additional single quote in R'HX. I cannot use addslashes() here can I? Or should I base64_encode each item and then decode on the way back out. Any thoughts would be appreciated. TVMIA!
[PHP] $_POST not working with str_replace
Hey gang, Ok here's my problem, I'm in the midst of creating a string replace to work on a rtf file that is on the server, this fuctionallity works perfect with GET but not POST, I guess I don't understand why. The reason I don't want to use GET over POST is due to the character restrictions. I need to be able to place more characters than what are allowed in the URL. I created a test script to have a person fill in the form fields and it would write a detailed letter for them. This was just an idea I was using to test the replacement functions within a rtf document. My main project that I'm going for, is to allow our on-site techs to enter in what they have done for a client, lay it out perfect for our stationary and then hand the client their spec sheet and invoice straight from the printer without having to come back to the office. The overall end of this will more than likely be database driven and maybe I should place these items into the database then turn around and pull them out assigning them to the given replace functions. But my problem still lies in the fact that I don't understand why the GET functionallity works with this form and POST will not. After some rough testing, the template is being displayed as it fills in the static parts of the form by itself and then replaces all of my FNAME LNAME with (blank spaces). Code is below, any help would be wonderful! rtfform.html:: HTMLHEADTITLETesting RTF Input/TITLE/HEAD BODY FORM NAME=TEST ACTION=rtf.php METHOD=POST FIRST NAME: INPUT TYPE=TEXT NAME=FNAME LENGTH=30BR ... Rest of form elements ... INPUT TYPE=SUBMIT NAME=SUBMIT VALUE=TEST ME /FORM /BODY/HTML end rtfform rtf.php:: $name = $_POST['FNAME']; ... rest of post variable conversions $filename = Lettertest.rtf; header('Content-type: application/msword'); header('Content-Disposition: Rtftest.rtf'); $fp = fopen($filename, r); $output = fread($fp, filesize($filename)); $output = str_replace(FNAME,$name,$output); ... rest of output str_replace items echo $output; end rtf.php Thanks in advanced Wolf -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP 4.3.4 EAPI
Hello all.. For some odd reason, I am having a very very difficult time compiling PHP with EAPI support.. Here is my configure line: CFLAGS= -DEAPI \ ./configure \ --with-apxs \ --with-config-file-path=/etc \ --disable-short-tags \ --with-zlib \ --with-bz2 \ --with-curl \ --with-mcrypt \ --with-mhash \ --with-mysql \ --enable-xslt \ --without-pear \ --with-pgsql \ --with-gd \ --enable-gd-native-ttf \ --with-xslt-sablot \ --disable-debug \ --enable-bcmath \ --enable-calendar \ --enable-inline-optimization \ --enable-memory-limit \ --enable-rule=EAPI Any help on the matter would be greatly appreciated.. Thanks, Jordan S. Jones -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Can i get all content for list box in $_POST
Thanks. As same select element is used in PHP and JavaScript. Naming a tag ending in sqare brackets [] is JavaScript error. Till now either PHP will not produce desired results or JavaScript will give me error :( Pablo Gosse [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Sheeraz fazal wrote: Hi All, I have a list box in a page (html select tag with multiple selection option). Items are added dynamically in list box, using javascript. Can i get all elements of listbox in my php code. If i do $_POST['select_tag_name']. I get a variable not an array. Thus getting only one item. Comments? http://www.php.net/manual/en/faq.html.php#faq.html.select-multiple -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Can i get all content for list box in $_POST
My Mistake. I over looked :( Pablo Gosse [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Sheeraz fazal wrote: Hi All, I have a list box in a page (html select tag with multiple selection option). Items are added dynamically in list box, using javascript. Can i get all elements of listbox in my php code. If i do $_POST['select_tag_name']. I get a variable not an array. Thus getting only one item. Comments? http://www.php.net/manual/en/faq.html.php#faq.html.select-multiple -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing encrypted data in a database with
Jay Blanchard wrote: You have an error in your SQL syntax near 'HXppT 7 GH' ) ' at line 1 Now, if you look closely you can see and additional single quote in R'HX. I cannot use addslashes() here can I? Or should I base64_encode each item and then decode on the way back out. Any thoughts would be appreciated. Yes, you still need to use addslashes() or mysql_escape_string() on the encrypted data string. It will not mess up the encryption. Encrypted or not, it's still a string and special characters need to be escaped. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: RE:[PHP] login scripts not secure?? help!
Scott Fletcher wrote: Also remember to keep in mind, some user's browser had the cookie disabled. Once that happen then it wouldn't work. Very true. If that was the case, you'd have to maintain the session ID in every URL/form for the private area and also provide it in any URLs that go from the public area _back into_ the private area. You wouldn't need to maintain the session ID on every link that goes from public to public areas or private to public areas, though. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST not working with str_replace
PHP Email List wrote: Ok here's my problem, I'm in the midst of creating a string replace to work on a rtf file that is on the server, this fuctionallity works perfect with GET but not POST, I guess I don't understand why. [snip] $name = $_POST['FNAME']; [snip] $output = str_replace(FNAME,$name,$output); There's no reason why something would work with $_GET['FNAME'] and not with $_POST['FNAME'], so I can understand why you're confused. Are you sure there are even any values in $_POST? Right at the beginning of rtf.php, put a print_r($_POST) to see what the values are. If $_POST is empty even when you put values in the form, then it must be an issue with your web browser or server not allowing POST values (that would be very odd, though). -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing encrypted data in a database with
What version of mysql are you using? IIRC, there is support for AES in newer (4+?) versions. If I were you, I'd handle are the encryption and decryption in the database, if possible. Yep, http://www.mysql.com/doc/en/Encryption_functions.html On Tuesday 23 March 2004 02:04 pm, Jay Blanchard wrote: Good afternoon! I am storing some encrypted data using PHP to do the encryption and a MySQL database. I have encountered a couple of times where I get back a query sytax error. INSERT INTO `test`.`tblEncTest` (`encAlg`, `encMode`, `encIV`, `reqName`, `reqSSN`, `reqEMail`) VALUES ( 'blowfish', 'cbc', '3I}', ' p_9', 'kf?Qg', '-%+AR'HXppT 7 GH' ) You have an error in your SQL syntax near 'HXppT 7 GH' ) ' at line 1 Now, if you look closely you can see and additional single quote in R'HX. I cannot use addslashes() here can I? Or should I base64_encode each item and then decode on the way back out. Any thoughts would be appreciated. TVMIA! -- Evan Nemerson [EMAIL PROTECTED] http://coeusgroup.com/en -- Only the other day, historically speaking, the 'holy inquisition' burned or silenced scientists. The discovery of the microscope and telescope, for instance, was delayed for a long time because the inventor, in fear of priestly persecution, was afraid to write his scientific discoveries in plain language. He had to write them in cipher- a fact discovered only a few years ago. Those afflicted with diseases can easily realize where our science in general, and medical science in particular, might be today if not for the holy zeal of powerful enemies of science who vehemently and ruthlessly sponsored ignorance, old s.r, and so disease. -Alfred Korzybski -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] $_POST not working with str_replace
PHP Email List wrote: Ok here's my problem, I'm in the midst of creating a string replace to work on a rtf file that is on the server, this fuctionallity works perfect with GET but not POST, I guess I don't understand why. [snip] $name = $_POST['FNAME']; [snip] $output = str_replace(FNAME,$name,$output); There's no reason why something would work with $_GET['FNAME'] and not with $_POST['FNAME'], so I can understand why you're confused. Are you sure there are even any values in $_POST? Right at the beginning of rtf.php, put a print_r($_POST) to see what the values are. If $_POST is empty even when you put values in the form, then it must be an issue with your web browser or server not allowing POST values (that would be very odd, though). ::John, Ok I tried the print_r($_POST) and received... Array ( [FNAME] = test [LNAME] = t [ADDRESS] = t [CITY] = t [STATE] = t [ZIP] = t [DATE] = t [PARAGRAPH1]= t [PARAGRAPH2] = t [FROM] = t [SUBMIT] = TEST ME ) So they array isn't empty for my post. Obviously the values don't matter for this array, but the array is still not being brought into the str_replace function. Is it possible that str_replace requires GET opposed to POST for it to work? This is becoming very odd! Possible bug? I hate throwing that out there but it doesn't make sense why one would work and the other wouldn't since all any of them are doing is holding strings. Any other ideas? Thanks, Wolf -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] REGISTER_GLOBALS set to off and other issues
I have REGISTER_GLOBALS set to off. I have read and read, but cannot figure out what I need to do code wise to keep from getting the following message: Warning: Unknown(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0 We upgrade from 4.1.1 about a month ago and since then several things are now broken. I need to know how to code around this problem so I don't get this WARNING. I am also having another problem since the upgrade. This seems to be a javascript problem, but it's weird that it's happened on two different servers just after a PHP upgrade. I have static page tops and bottoms that I call with an include for each page. Currently, I have all the javascripts that I use for my entire site in the header: script language=javascript src=library/script1.js/script script language=javascript src=library/script2.js/script etc... If use script1.js on page 1 but don't use script2.js, then I get a javascript error on script1.js. The reason I know this is that if I strip out all but what is essential to page 1, then the javascript runs error free, but if not, I get errors. I don't know if this is a php problem or not, but like I said above, I do know it started with the upgrades. I can deal with this though, because I know how to fix it. I will just take a while. This is a school site and they are on spring break right now. I have until Monday 3/29/2004 to get this fixed. The school's website, which includes homework assignments, lunch menu, etc... will be dead in the water until I do. -- Thanks, Alisa Davis - Madison Academy webmaster -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] $_POST not working with str_replace
PHP Email List mailto:[EMAIL PROTECTED] on Tuesday, March 23, 2004 3:08 PM said: This is becoming very odd! Possible bug? I hate throwing that out there but it doesn't make sense why one would work and the other wouldn't since all any of them are doing is holding strings. Any other ideas? sorry, jumping in late. hopefully this hasn't already been covered. using some code from a previous email: why. [snip] $name = $_POST['FNAME']; [snip] $output = str_replace(FNAME,$name,$output); what happens if you do the following? ?php $name = $_POST['FNAME']; echo ::$name::; $output = str_replace(FNAME, $name, $output); ? ?? Do you get the expected value betwee the two ::'s? If you aren't getting what you're expecting that's where your problem is. If the contrary is true, I have no idea. ;) chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Null Variables after session_register() ( Radio Inputs Problem )
Thanks. Below is what I changed to session.php. Are there any possible problems with my changes? On Mar 23, 2004, at 4:28 PM, Justin Patrin wrote: ? /***Session.php**/ $varcount = 0; if($name){$varcount++;} if($number){$varcount++;} session_start(); session_register(name); session_register(number); ? ? /***Session.php**/ $varcount = 0; if($name){$varcount++;} if($number){$varcount++;} $_SESSION[name] = $name; $_SESSION[number] = $number; ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] string concatination
Hi, What is the correct way, using php to join to strings, vars or other wise. i.e. how do I join $string1 = hello; $string2 = world; do i do $string1 . $string2; and what about .. $string2 = $string1 . world; Is that correct?
RE: [PHP] string concatination
Matthew Oatham mailto:[EMAIL PROTECTED] on Tuesday, March 23, 2004 3:59 PM said: Hi, hi. What is the correct way, using php to join to strings, vars or other wise. [snip] i.e. how do I join $string1 = hello; $string2 = world; do i do $string1 . $string2; [snip] Is that correct? that's correct except that the result won't go anywhere (but maybe you already knew this?). $string3 = $string1.$string2; chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Clearing Post Data with IE
I tried using the Header('location: ') but it seems the posted data follows the redirection Im going from my main page to a processing page then back to my main page. i printed $_POST on the main page and it still has the values that were originally posted to the processing page. Also after the redirection the address in the address bar is that of the processing page Here is some code to help explain: --index.php print_r($_POST); ... echo form action='poll.php' method='POST'; echo input name='poll_id' type='hidden' value='$poll_id'\n; echo input name='calling' type='hidden' value=' . $_SERVER['PHP_SELF'] . '\n; foreach($poll-choices as $id = $choice) { echo input name='poll_choice' type='radio' value=$choice-id $choice-choicebr\n; } echo input type='submit' value='submit'; echo /form; --poll.php $poll_id = $_POST['poll_id']; $poll_choice = $_POST['poll_choice']; $calling = $_POST['calling']; if (isset($poll_id)) { unset($_POST); Header(Location: $calling); exit(); } When poll.php loads up index.php the Posted data is still there. Chris Chris Boget [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Is there a way to get it so that i can clear _post and get it so they arent in the header?? After you've finished all of the processing, just do: header( 'location: ' . $_SERVER['PHP_SELF'] ); exit(); Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] $_POST not working with str_replace
what happens if you do the following? ?php $name = $_POST['FNAME']; echo ::$name::; $output = str_replace(FNAME, $name, $output); ? ?? I tried that, but I know I can get the values from the $_POST array as per John's email about using print_r($_POST) to see what was showing. And yes I get the value I wanted in between the :: ::. Thanks for trying though, Anyone else have any ideas on this problem? Thanks! Wolf -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php