[PHP] Re: mail function-new line-security
I think you're thinking of spam injection through register_globals. If so, yes it is vulnerable. You need to force the variable data to come from the $_POST variable: [code] $name = $_POST['name']; $phone = $_POST['phone']; $user_mail = $_POST['user_mail']; $my_email = $_POST['my_email']; $usermailmsg = This is the information you submitted.\n If this is not correct, please contact us at mailto:$my_email.\n\n Name: $name\n Phone: $phone\n ... Please feel free to write us with any comments or suggestions so that we may better serve you.\n mailto:$my_email\n\n;; mail($user_mail, $subject, $usermailmsg, $headers); [/code] -- Sincerely, A.J. Brown Peppy [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I have been working on making my contact forms more secure. In my research, the occurence of the new line character \n at the end of the $headers variable in the mail function seems to be a security risk and opens one up to injection of spam email. This part I understand. I have been unable to find out this same information about the message variable. If I have a variable defining the message like this, can I use the new line character or am I opening myself up to more spam injection. $usermailmsg = This is the information you submitted.\n If this is not correct, please contact us at mailto:$my_email.\n\n Name: $name\n Phone: $phone\n ... Please feel free to write us with any comments or suggestions so that we may better serve you.\n mailto:$my_email\n\n;; mail($user_mail, $subject, $usermailmsg, $headers); Thanks in advance for any help. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Array Select from database
There is a small bug in your code:
[snip]
$values = join(', ', $array);
$query = SELECT * FROM client WHERE clientaccountmanager IN ($values)
[/snip]
You'll need to surround $values with a single quote after joining:
[code]
$values = join(', ', $array);
$query = SELECT * FROM client WHERE clientaccountmanager IN ('$values')
[/code]
--
Sincerely,
A.J. Brown
Robin Vickery [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
On 9/28/05, Frank Keessen [EMAIL PROTECTED] wrote:
O.K. Again;
I have an array with one or more values, which must be selected in the
database
Array ( [count] = 1 [0] = Array ( [clientaccountmanager] = Array (
[count] = 2 [0] = 210 [1] = 149 )
Now i this is my select..
I've got the following Query=select * from client WHERE
clientaccountmanager='$value of array1' OR '$2nd value of array 1'
How can i loop through the query with all the values out of the array as
OR
value..
Are you trying to generate the query from the array?
If so, you are better off using the SQL 'IN' construct.
SELECT * FROM client WHERE clientaccountmanager IN (value1, value2,
value3,...)
Then all you need to do is generate a comma separated list of values
from the array, which you can easily do with join().
$values = join(', ', $array);
Then insert it in your query:
$query = SELECT * FROM client WHERE clientaccountmanager IN ($values)
-robin
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: error when open files
Are you positive the second file exists? If you have access to your logs, you may want to check for an error. Maybe you don't have permission to access the file? You might also try urlencoding the filename before passing it to your function. On a lighter note, If you're using PHP version 4 and you just want to read the entire contents of the file into one variable, you should consider using file_get_contents(). It's a little less code to type, and is more efficient PHP Documentation is here: http://php.net/file_get_contents. -- Sincerely, A.J. Brown ËÎçù [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi everyone I`m a phper from chinese, I`v got a problem when opening files. In the web server there are two files named A.zip and B.zip, when I open them with $fp=fopen(http://mysite.com/A.zip,r;); and $fp1=fopen(http://mysite.com/B.zip,r;);, the first file was opened correctly but the second encounter an warning: failed to open stream: HTTP request failed! HTTP/1.1 200 OK in and filed to open the file. So, give me some help please. __ ¸Ï¿ì×¢²áÑÅ»¢³¬´óÈÝÁ¿Ãâ·ÑÓÊÏä? http://cn.mail.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] passing a variable with php_self
a href=?=$PHP_SELF?action=bigger? works well too -- Sincerely, A.J. Brown Jim Moseby [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] -Original Message- From: Ross [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 27, 2005 8:58 AM To: php-general@lists.php.net Subject: [PHP] passing a variable with php_self can someone show me the right way to do the following... a href=?=$PHP_SELF?action=bigger; ? I want to pass a variable to a self submitting link. Thanks, a href=? echo $_SERVER['PHP_SELF'].'?action=bigger';? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] best way to save program prefs to a file?
Are you wanting the preferences to be real-time changeable? For example,
user preferences that can be modified then saved? If so, just store them in
an array, then serialize the array and save it to a file. Read the file at
every page load.
[code]
//save the settings
$user_settings['setting1'] = 'foo';
$user_settings['setting2'] = 'bar';
$fh = fopen('user_settings.dat');
$serialized = serialize($user_settings);
fwrite ($fh, $serialized, strlen($serialized));
fclose($fh);
//reload the settings
$user_settings = unserialize(file_get_contents('user_settings.dat'));
[/code]
Hope this helps.
--
Sincerely,
A.J. Brown
Jay Blanchard [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
[snip]
I'd like to save some program preferences to a txt file where they can be
recalled and updated at a later time. Basically this will be a variable
name
and a value. Can someone suggest a reference or method to best perform
this
task?
[/snip]
Open a new file, save stuff to it, close the file.
Include the file where you need the prefs.
http://www.php.net/fopen
http://www.php.net/explode
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] best way to save program prefs to a file?
In larger applications, I prefer to serialize the array because it allows
you to store the data in _any_ variable, not just the pre-named variable.
For example, if your page is already using a variable named $user_settings,
you would run into problems with your solution. My solution allows you to
name the data however you want, however many times you want.
Of course, this is usually not necessary for a smaller application where you
wouldn't run into such a problem.
Sincerely,
A.J. Brown
BitNotion Technologies
[EMAIL PROTECTED]
- Original Message -
From: Edward Vermillion [EMAIL PROTECTED]
To: A.J. Brown [EMAIL PROTECTED]
Cc: php-general@lists.php.net
Sent: Tuesday, September 27, 2005 10:48 AM
Subject: Re: [PHP] best way to save program prefs to a file?
A.J. Brown wrote:
Are you wanting the preferences to be real-time changeable? For example,
user preferences that can be modified then saved? If so, just store them
in an array, then serialize the array and save it to a file. Read the
file at every page load.
[code]
//save the settings
$user_settings['setting1'] = 'foo';
$user_settings['setting2'] = 'bar';
$fh = fopen('user_settings.dat');
$serialized = serialize($user_settings);
fwrite ($fh, $serialized, strlen($serialized));
fclose($fh);
//reload the settings
$user_settings = unserialize(file_get_contents('user_settings.dat'));
[/code]
Hope this helps.
I may be showing my ignorance here, but why bother to serialize the array?
Why not just write it out to a php file, then all you have to do is
include the file when you need it and it's ready to go?
psudocode alert
$setingsFile = ?php\n\n;
foreach($userSettings as $key = $val)
{
$settingsFile .= $userSettings[$key] = $val\n;
}
$settingsFile .= \n?;
$fh = fopen('/path/to/settingsFile.php', 'w');
fwrite($fh, $settingsFile); // with error handling of course...
fclose($fh);
/psudocode
Then in your script, include '/path/to/settingsFile.php'; and you're ready
to use $userSettings and any changes get written back to the file.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Pre global configuration
It seems the best way to do this would be a predefined constant. You'd just
need to update the constant whenever you move to a new Operating System.
Then, just always append the constant to your strings:
//change for linux or windows
define('CRNL',\r\n);
//define('CRNL',\n);
print foobar.CRNL;
--
Sincerely,
A.J. Brown
Jake Gardner [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
This is a stretch and I doubt you can do this very easily, but I was
wondering if there is a way to define behaviors that happen throughout
a script before execution for example if the OS is windows, all
strings are terminated with \r\n, if Linux, then \n without adding
addition ifs throughout the code.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP]PHP Syntax Notation
Lowell, The - operator was taken from the pointer operator in C. It's used to access a method or variable within an INSTANCE of an object, as opposed to the :: operator, which is used to access a static method of a class. Note the difference between a class and an object -- an object is an instance of a class. if Run() is a static method (I.E. it has no references to $this) and $site is an instance of SiteClass, the following are equivalent: $site-Run(); SiteClass::Run(); If you're still confused, I can go further into the difference between an Object and a Class. -- Sincerely, A.J. Brown BitNotion Technologies Lowell Herbert [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Sep 27, 2005, at 2:16 PM, Mikey wrote: Lowell Herbert wrote: I'm trying to expand my understanding of PHP by looking at some pre- built code modules. I don't fully understand the syntax $site-Run (); in the following code. Can someone offer a helpful explanation? ?php //define(PB_CRYPT_LINKS , 1); define(_LIBPATH,./lib/); require_once _LIBPATH . site.php; $site = new CSite(./site.xml,true); $site-Run(); ? Run() is a method of the CSite class - you will need to look in the defination of that class to find out what it does, Mikey Thanks for all the responses. I understand that $site is an instance of the class CSite, and that Run() is a function in that class. I do not understand what the operater - means, and what meaning the result of the function Run() has to $site. Clarification anyone? Thanks in advance, Lowell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
