RE: [PHP] Securing your Sites
-Original Message- From: Wolf [mailto:[EMAIL PROTECTED] Sent: 17 December 2007 16:00 To: [EMAIL PROTECTED] Cc: php-general@lists.php.net Subject: Re: [PHP] Securing your Sites Funny, they should all be PHPS, source only and my last check only did them on the source viewing. None of them are executable in that folder. You got it from elsewhere. I thought that too as I checked the site this morning and they all were .phps However, wandering back over there sees that they are all now .tar.gz files and, upon scanning, do carry a malicious payload Dan [EMAIL PROTECTED] wrote: I want to personally thank you for 6 hours of work to remove the PHP-Back-door Trojan, that download from your site to my PC while viewing that POS you call a help line. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.17.4/1187 - Release Date: 16/12/2007 11:36 No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.17.4/1187 - Release Date: 16/12/2007 11:36 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Securing your Sites
-Original Message- From: Wolf [mailto:[EMAIL PROTECTED] Sent: 17 December 2007 16:00 To: [EMAIL PROTECTED] Cc: php-general@lists.php.net Subject: Re: [PHP] Securing your Sites Funny, they should all be PHPS, source only and my last check only did them on the source viewing. None of them are executable in that folder. You got it from elsewhere. Sorry, update Scanning with AVG reveals that c99-2, 3 and 4 report backdoor Trojan infections but it occurs to me that maybe AVG is just finding the malicious payload you are demonstrating? I'd like to thank you for supplying the source for these exploits... If I've made a mistake and compounded an incorrect situation I do apologise Dan [EMAIL PROTECTED] wrote: I want to personally thank you for 6 hours of work to remove the PHP-Back-door Trojan, that download from your site to my PC while viewing that POS you call a help line. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.17.4/1187 - Release Date: 16/12/2007 11:36 No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.17.4/1187 - Release Date: 16/12/2007 11:36 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] counting with leading zeros
Can I please interject and say that I vastly respect Tedd(ddd) and Rob(bb?) and their opinions Dsn -- Dan Parry Senior Developer Virtua Webtech Ltd Company Number: 5078356 Vat Number: 827044536 [EMAIL PROTECTED] www.virtuawebtech.co.uk 01745 354924 -Original Message- From: tedd [mailto:[EMAIL PROTECTED] Sent: 28 September 2007 17:20 To: brian; php-general@lists.php.net Subject: Re: [PHP] counting with leading zeros At 8:30 PM -0400 9/27/07, brian wrote: I wasn't bitching! And i *thought* that my numerous attempts at explaining such would have been enough. Obviously not, but wtf can you do with people who seem to want only to stir up shit? It sure sounded like you were bitching. And, your off-list fuck you, too, asswipe to me certainly seems to support that -- don't you think? Look, there's nothing you can say to me that hasn't been said before (some of it deserving), so my advice is for you to refrain from such conduct and at least try to look professional. That way you'll hide your ignorance a little longer -- it's always worked for me. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.488 / Virus Database: 269.13.33/1034 - Release Date: 27/09/2007 17:00 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Access name of variable in $_POST array
-Original Message- From: Daniel Brown [mailto:[EMAIL PROTECTED] Sent: 21 September 2007 23:27 To: Stut Cc: Eric Lommatsch; php-general@lists.php.net Subject: Re: [PHP] Access name of variable in $_POST array On 9/21/07, Stut [EMAIL PROTECTED] wrote: Please include the list when replying. Eric Lommatsch wrote: -Original Message- From: Stut [mailto:[EMAIL PROTECTED] Sent: Friday, September 21, 2007 3:09 PM To: Eric Lommatsch Cc: php-general@lists.php.net Subject: Re: [PHP] Access name of variable in $_POST array Eric Lommatsch wrote: I am writing a PHP script that is going to accept variables that are passed from a PDF form and should write both the name of the variable and its value to a text file. I can get the value that I want to retrieve with out problem. However, even though I have searched through the PHP.net site and googled this as well I have not yet been able to find the syntax that I need to get the names of the variables in the $_Post array. Can someone point me to the place in the PHP manual where I can find the syntax to get the name of a variable in the $_POST array? http://php.net/array_keys As in... $varnames = array_keys($_POST); -Stut -- http://stut.net/ Hello Stut, That is not exactly what I am looking for. If I try using that in My PHP script what I get as a result of that is repeatedly the Phrase Post Array when I check the values there. The PDF form that is posting to the PHP script is passing variable names like Employer_name or Employee_Name. I am hoping to get those variable names. Put this line at the top of the script that the form posts to... print 'pre'.print_r($_POST, true).'/pre'; exit; That will display the contents of the $_POST array and you should be able to figure out where everything is. By the sounds of it the posted values are actually in $_POST['Post Array'] but use the above line to be sure. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Maybe this will get you started and give you some ideas. ? foreach($_POST as $p = $v) { $$p = $v; echo $p. = .$v.\n; } ? I might be missing something but I fail to see the point of the variable variable assignation (which is best to be avoided :) ) Dan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] MAX_FILE_SIZE not working with file uploads
-Original Message- From: Jeff Cohan [mailto:[EMAIL PROTECTED] Sent: 23 September 2007 00:02 To: php-general@lists.php.net Subject: Re: [PHP] MAX_FILE_SIZE not working with file uploads Chris wrote: [error] = 2 And also gives you an error code. Yes, I know and knew that. That's why the upload ultimately fails (which is okay). My point is that when a file's size exceeds the MAX_FILE_SIZE value, I want the browser to (a) detect that it's too large BEFORE attempting to upload I might be wrong but this would be classed as 'exploitable'... Webservers should not be allowed to read from or write to clients... Of course there is ActiveX... Dan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] MAX_FILE_SIZE not working with file uploads
-Original Message- From: Jeff Cohan [mailto:[EMAIL PROTECTED] Sent: 23 September 2007 02:45 To: php-general@lists.php.net Subject: Re: [PHP] MAX_FILE_SIZE not working with file uploads Dan Parry wrote: I might be wrong but this would be classed as 'exploitable'... Webservers should not be allowed to read from or write to clients... Of course there is ActiveX... I think we're off the point. My script is simply interrogating the value of the $_FILES[userfile][size] array element. It's coming up as ZERO if it exceeds the MAX_FILE_SIZE. That seems odd to me. But maybe that's the way it's SUPPOSED to work. That's why I started this thread out with What am I missing?. Said another way: It seems that the server had to know the size of the file in order to know it exceeded MAX_FILE_SIZE. So how can my script find out the size? I'm not sure it can... The server has to accept the file before it can process any details on it The MAX_FILE_SIZE input field is notoriously unreliable... I think if it returns zero (0) then the PHP limit is reached Dan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] MAX_FILE_SIZE not working with file uploads
-Original Message- From: Ray [mailto:[EMAIL PROTECTED] Sent: 23 September 2007 02:25 To: php-general@lists.php.net Subject: Re: [PHP] MAX_FILE_SIZE not working with file uploads On Saturday 22 September 2007 7:44:55 pm Jeff Cohan wrote: Dan Parry wrote: I might be wrong but this would be classed as 'exploitable'... Webservers should not be allowed to read from or write to clients... Of course there is ActiveX... I think we're off the point. My script is simply interrogating the value of the $_FILES[userfile][size] array element. It's coming up as ZERO if it exceeds the MAX_FILE_SIZE. Exactly, no valid file was uploaded. The size of the valid file is therefore zero. That seems odd to me. But maybe that's the way it's SUPPOSED to work. That's why I started this thread out with What am I missing?. Said another way: It seems that the server had to know the size of the file in order to know it exceeded MAX_FILE_SIZE. So how can my script find out the size? Can you use Javascript to check file size client side, send data via AJAX then issue warnings This would be the exploitable 'feature' I mentioned... Client-side files should never be readable Dan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] A way to stop spam on this list
snip just wait till we have spambots with AI and emotion subroutines ;-) /snip It'll be worse if we get spammers with actual intelligence... -- Dan Parry Senior Developer Virtua Webtech Ltd http://www.virtuawebtech.co.uk -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.9.0/368 - Release Date: 16/06/2006 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] regex problem
[snip] Hi there, I do work on following regex: ^(.*)_a[0-9](.*).htm$ This should be valid for test_a9393.htm, but not for 9393.htm as ther is no leading _a infront of the number. Unfortunatelly this also works for the 9393.htm file. Can somebody give me a hint why the regex also is true for text that does not start with _a infront of the number? Thank you for any help, Merlin [/snip] How about this: (\w)+(_a){1}(\w)+\.htm$ Worked for me :) HTH Dan -- Dan Parry Senior Developer Virtua Webtech Ltd http://www.virtuawebtech.co.uk -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.8.0/352 - Release Date: 30/05/2006 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Why does this preg_replace function not work?
[snip] [ . $tags . ] [/snip] This in the regex would need to be \[ . $tags . \] as the square brackets ([]) represent a character class in regular expressions, so must be escaped to be matched literally Also /'s should be escaped (\/) There may be more mistakes but I thought I'd point this one out :) HTH Dan -- Dan Parry Senior Developer Virtua Webtech Ltd http://www.virtuawebtech.co.uk -Original Message- From: Dave M G [mailto:[EMAIL PROTECTED] Sent: 26 May 2006 10:26 To: php-general@lists.php.net Subject: [PHP] Why does this preg_replace function not work? PHP List, In the code below, I want to take the text within $content, and change every instance of [h3] into h3, and every instance of [/h3] into /h3. And then do the same for [em], [/em], [strong], and so on. However, this code does absolutely nothing to the text stored in content: $tags = array (h3, em, strong, hr); $content = preg_replace([ . $tags . ], . $tags . , $content); $content = preg_replace([/ . $tags . ], / . $tags . , $content); Clearly I've either misunderstood the use of preg_replace(), or regular expressions, or arrays, despite having looked them up in the PHP online manual. I also tried str_replace(), but predictably that did not help. As far as I understand it, it does not accept arrays. What am I doing wrong in the above code? And can the two preg_replace() commands be achieved in one line? Thank you for any advice. -- Dave M G -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.392 / Virus Database: 268.7.0/346 - Release Date: 23/05/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.392 / Virus Database: 268.7.0/346 - Release Date: 23/05/2006 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] redirect using php
If it helps here's the code I use to redirect ?php function chrome_redirect($url) { // redirect the page if (headers_sent()) { // perform JS redirect echo 'script type=text/javascript language=javascript!-- document.location.href=\'' . $url . '\'; // --/script'; } else { // no headers sent... much nicer header redirect header('location: ' . $url); die(); } } ? HTH Dan - Dan Parry Senior Developer Virtua Webtech Ltd http://www.virtuawebtech.co.uk -Original Message- From: Mark Kelly [mailto:[EMAIL PROTECTED] Sent: 05 April 2006 14:19 To: php-general@lists.php.net Subject: Re: [PHP] redirect using php On Wednesday 05 April 2006 13:55, Chris Shiflett wrote: Mark Kelly wrote: You can also use something like: echo meta http-equiv=\Refresh\ content=\0;url=$from_page\; There's no need to use a meta tag to mimic HTTP headers. PHP provides the header() function. I have been using that method when I got part-way through some processing that produces output, and hit something that requires a redirect. As I understand it headers are no use to me here. I'm very much a beginner, so if this is the wrong way to do this, I'd appreciate pointers. Thanks for the reply, either way. Mark -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __ NOD32 1.1454 (20060321) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php, sessions and ie
I have had some issues with sessions and IE in the past and used the following code to start the session ?php if (isset($SessID)){ session_id($SessID); } session_start(); header(Cache-control: private); // IE 6 Fix. setcookie(SessID, session_id(), time() + 60 * 15); ? Now, though, I always use a DB to store sessions... Much nicer HTH Dan - Dan Parry Senior Developer Virtua Webtech Ltd http://www.virtuawebtech.co.uk -Original Message- From: Dallas Cahker [mailto:[EMAIL PROTECTED] Sent: 04 April 2006 16:19 To: php-general@lists.php.net Subject: [PHP] php, sessions and ie I've been hearing some of my friends saying there is an issue with Session in PHP and IE having problems with them. Is that true? If it is how do people get around this? Session information saved to db? Session id in cookie? __ NOD32 1.1454 (20060321) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] private $foo
I can see a pattern emerging here... Chaos? You had chaos? All we had was this sodding great explosion... :-) Dan - Dan Parry Senior Developer Virtua Webtech Ltd http://www.virtuawebtech.co.uk -Original Message- From: Duncan Hill [mailto:[EMAIL PROTECTED] Sent: 29 March 2006 15:46 To: php-general@lists.php.net Subject: Re: [PHP] private $foo On Wednesday 29 March 2006 15:43, Philip Thompson wrote: Of course, I remember programming with rocks and that was before we had zero's. We only had one's and that was a programming nightmare. You new guys at least have 1's and 0's to work with. tedd I laughed my head off about your 'rocks' statement! Thanks for that. For those of you who didn't pick up on my sarcasm previously, do so now. =D I'm not *that* young. Hehe Rocks! You had rocks!? When I was a programmer, we had nothing but primeval chaos to program with. Worse than herding cats, and prone to returning random values whether your cat was dead or alive. We would have killed to have rocks (let alone one's)! :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __ NOD32 1.1454 (20060321) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Reading data from SELECT in PHP
Maybe use Jacascript to create and populate hidden inputs? They will show up in the $_POST array then HTH Dan - Dan Parry Senior Developer Virtua Webtech Ltd http://www.virtuawebtech.co.uk -Original Message- From: Lorca [mailto:[EMAIL PROTECTED] Sent: 22 March 2006 12:01 To: php-general@lists.php.net Subject: [PHP] Reading data from SELECT in PHP Hello friends, I've create a form containing a SELECT under JavaScript, where the user decide all list's elements. My problem is how can I get all list's elements on PHP. Using $-POST[] I only get the selected option. With my most sincere thanks. Lorca -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Inserting data at runtime (php,mysql)
[snip] $conn=mysql_connect( );/*with the required parameters*/ if(!conn) { [/snip] You are testing conn in your if condition... should that not be $conn? Dan - Dan Parry Senior Developer Virtua Webtech Ltd http://www.virtuawebtech.co.uk -Original Message- From: sathyashrayan [mailto:[EMAIL PROTECTED] Sent: 21 March 2006 12:20 To: php-general@lists.php.net Subject: [PHP] Inserting data at runtime (php,mysql) I have given a task to create a site which is a clone of www.onelook.com. As a first stage I have downloaded a list of English words (only words not meaning) in a text format. I have created a data structure in the mysql database. And wrote the following code to insert data into the table at the run time. The code: ?php $counter = 0; $conn=mysql_connect( );/*with the required parameters*/ if(!conn) { die('could not connect:'.mysql_error()); } echo connection sucess\n; $file_op = fopen(my_dic.txt,r); while(!feof($file_op) $file_op != NULL) { $funct_var = fgets($file_op); while($funct_var) { $qure = INSERT INTO dict VALUES ($counter,'$funct_var'); $str = mysql_query($qure); $counter++; return; } fclose($file_op); } ? The connection is successful but the data are not getting inserted into the table. I need to insert all the words into the table. When I change the insert statement with one insert at a time, I can insert values to the database. For exampel: $qure = INSERT INTO dict VALUES (1,'apple'); Do I need to check the formatted data in the file? Can any one help me in this regard? I have been working in VC++ for some time. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Inserting data at runtime (php,mysql)
conn denotes a constant where the value you are assigning is to the variable $conn [snip] $conn=mysql_connect( );/*with the required parameters*/ if(!conn) [/snip] Depending on your error level this may evaluate to TRUE creating a false positive Or am I wrong? Dan - Dan Parry Senior Developer Virtua Webtech Ltd http://www.virtuawebtech.co.uk -Original Message- From: sathyashrayan [mailto:[EMAIL PROTECTED] Sent: 21 March 2006 12:45 To: Dan Parry; php-general@lists.php.net Subject: Re: [PHP] Inserting data at runtime (php,mysql) - Original Message - From: Dan Parry [EMAIL PROTECTED] To: 'sathyashrayan' [EMAIL PROTECTED]; php-general@lists.php.net Sent: Tuesday, March 21, 2006 6:12 PM Subject: RE: [PHP] Inserting data at runtime (php,mysql) [snip] $conn=mysql_connect( );/*with the required parameters*/ if(!conn) { [/snip] You are testing conn in your if condition... should that not be $conn? Dan No if conn evaluates to false then error. - Dan Parry Senior Developer Virtua Webtech Ltd http://www.virtuawebtech.co.uk -Original Message- From: sathyashrayan [mailto:[EMAIL PROTECTED] Sent: 21 March 2006 12:20 To: php-general@lists.php.net Subject: [PHP] Inserting data at runtime (php,mysql) I have given a task to create a site which is a clone of www.onelook.com. As a first stage I have downloaded a list of English words (only words not meaning) in a text format. I have created a data structure in the mysql database. And wrote the following code to insert data into the table at the run time. The code: ?php $counter = 0; $conn=mysql_connect( );/*with the required parameters*/ if(!conn) { die('could not connect:'.mysql_error()); } echo connection sucess\n; $file_op = fopen(my_dic.txt,r); while(!feof($file_op) $file_op != NULL) { $funct_var = fgets($file_op); while($funct_var) { $qure = INSERT INTO dict VALUES ($counter,'$funct_var'); $str = mysql_query($qure); $counter++; return; } fclose($file_op); } ? The connection is successful but the data are not getting inserted into the table. I need to insert all the words into the table. When I change the insert statement with one insert at a time, I can insert values to the database. For exampel: $qure = INSERT INTO dict VALUES (1,'apple'); Do I need to check the formatted data in the file? Can any one help me in this regard? I have been working in VC++ for some time. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: setcookie security concerns [medium]
The value doesn't show up in the URL as you are redirecting the user back to the referring URL... so only the referrer will be shown (unless the redirecting script breaks :) ) Dan - Dan Parry Senior Developer Virtua Webtech Ltd http://www.virtuawebtech.co.uk -Original Message- From: tedd [mailto:[EMAIL PROTECTED] Sent: 17 March 2006 14:30 To: php-general@lists.php.net; Rafael Subject: Re: [PHP] Re: setcookie security concerns [medium] Rafael: ?php $thestyle= htmlentities($_POST['thestyle']); setcookie ('thestyle', $set, time()+31536000, '/', '', 0); header(Location: $HTTP_REFERER); ? Actually, you receive $set via GET, so you should use $_GET instead of $_POST. Yes, you are correct. In my example -- http://www.sperling.com/examples/styleswitch/ -- the value doesn't look like it is being added to the url and thus I mistakenly thought it was a POST. I wonder why the value isn't apparently attached to the url in this case? tedd -- http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] $_POST to function?
Why are you passing the POST array? As it's superglobal why not just work directly on it within the function? Dan - Dan Parry Senior Developer Virtua Webtech Ltd http://www.virtuawebtech.co.uk -Original Message- From: Jason Gerfen [mailto:[EMAIL PROTECTED] Sent: 24 February 2006 15:27 To: PHP General (E-mail) Subject: [PHP] $_POST to function? I am not sure why this is not working. Aren't $_POST vars superglobals? I am trying to pass the $_POST array as an argument to a function and nothing is being returned. Any help is appreciated. return global_template( 3, $_POST, count( $_POST ), $message ); function global_template( $cmd, $args, $num, $message ) { echo pre; print_r( $args ); echo /pre; } -- Jason Gerfen When asked what love is: Love is the Jager talking. ~Craig Baldo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session problems [SOLVED]
Hi all I didn't get that many replies (thanks to those who did reply :) ) for this, so now I've figured out the problem I thought I'd share the solution just in case anyone else has the same issue: solution The problem stemmed from the way the return from UPDATE is handled and the scripts reliance on the mysql_affected_rows() command If the UPDATE command is executed on a record and no values are altered the command exits with a value of 0 meaning that the result of mysql_affected_rows() is false This occurs on redirects and fast refreshes because the time value hasn't changed so no values are altered in the row, mysql_affected_rows() is false and the function continues as no condition is met to return a value... the following INSERT then causes the problem The solution was do execute a simple SELECT to get the number of rows for the session ID and if mysql_affected_rows() evaluated to false but the number of records is 1 return true /solution And there we have it... nearly drove me nuts but I got there in the end Cheers Dan - Dan Parry Senior Developer Virtua Webtech Ltd http://www.virtuawebtech.co.uk -Original Message- From: Dan Parry [mailto:[EMAIL PROTECTED] Sent: 16 February 2006 09:51 To: php-general@lists.php.net Subject: [PHP] Session problems Hi all I've been getting an error while using a custom session handler utilising a MySQL database The error I receive is: Duplicate entry 'PHPSESSID_REMOVED' for key 1 Warning: Unknown(): A session is active. You cannot change the session module's ini settings at this time. in Unknown on line 0 I've contacted my hosting company regarding this but currently they don't seem to know the cause I've Googled but I can't find anything I can use Thanks in advance :-) Dan - Dan Parry Senior Developer Virtua Webtech Ltd http://www.virtuawebtech.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: need a php multiple/mysql choice quiz
what kind of mushrooms? rainbow colored ones =) Think they're illegal in the UK... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session problems
Hi all I've been getting an error while using a custom session handler utilising a MySQL database The error I receive is: Duplicate entry 'PHPSESSID_REMOVED' for key 1 Warning: Unknown(): A session is active. You cannot change the session module's ini settings at this time. in Unknown on line 0 I've contacted my hosting company regarding this but currently they don't seem to know the cause I've Googled but I can't find anything I can use Thanks in advance :-) Dan - Dan Parry Senior Developer Virtua Webtech Ltd http://www.virtuawebtech.co.uk
RE: [PHP] Session problems
); $session_sql = DELETE FROM . $this-ses_table . WHERE ses_time $ses_life; $session_res = @mysql_query ($session_sql, $this-dblink); if (!$session_res) $this-localError('c1(ses)', mysql_error() . ' - SQL: ' . $session_sql . 'br/a href=' . WS_SITE_ROOT . '?action=buildClick here to build session tables (for database)/a', __file__, __line__, ERROR_STATUS_FATAL); if (!$session_res) { return FALSE; } else { return TRUE; } } } ? -Original Message- From: Peter Lauri [mailto:[EMAIL PROTECTED] Sent: 16 February 2006 12:25 To: [EMAIL PROTECTED]; php-general@lists.php.net Subject: RE: [PHP] Session problems What is the code that generates this? -Original Message- From: Dan Parry[EMAIL PROTECTED] Sent: 16/02/06 4:50:51 PM To: php-general@lists.php.netphp-general@lists.php.net Subject: [PHP] Session problems Hi all I've been getting an error while using a custom session handler utilising a MySQL database The error I receive is: Duplicate entry 'PHPSESSID_REMOVED' for key 1 Warning: Unknown(): A session is active. You cannot change the session module's ini settings at this time. in Unknown on line 0 I've contacted my hosting company regarding this but currently they don't seem to know the cause I've Googled but I can't find anything I can use Thanks in advance :-) Dan - Dan Parry Senior Developer Virtua Webtech Ltd http://www.virtuawebtech.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Clear POST variables
Submit the data to a page that just inserts it into the DB (validating it first, natch) then do a header(location) to the thank you (or whatever) page This also fixes 'page expired' warnings HTH Dan -Original Message- From: Mike Tuller [mailto:[EMAIL PROTECTED] Sent: 16 February 2006 15:07 To: php list Subject: [PHP] Clear POST variables I have a page that submits form information into a database, and all is good, but someone testing the page pointed out something to me that I didn't notice. I have a form that sends you to another page that submits the data into a database. If you refresh the page, the information is submitted again. Here is what I have. $name = $_POST['name']; $address = $_POST['address']; $city = $_POST['city']; $state = $_POST['state']; $zipcode = $_POST['zipcode']; $phone = $_POST['phone']; $notes = $_POST['notes']; $query = insert into Locations (name, address, city, loc_state, main_phone, zipcode, notes) values ('$name', '$address', '$city', '$state', '$phone', '$zipcode', '$notes'); mysql_query($query, $link) or die (mysql_error()); How do I clear out the POST variables, or the variables that I have set from the POST variables, so that when the page is refreshed it will not resubmit. I have tried unset() and have tried to set it to and empty value, but it doesn't seem to work. Thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Converting piped data to values from html to phpcgi
This works for me: ? $temp = 'sender_name=zedleon[EMAIL PROTECTED] sender_msg=This+is+a+testSubmit=Submit'; $arr = array(); foreach (explode('', $temp) as $v) { $split = explode('=', $v); // urldecode content for readability $arr[$split[0]] = urldecode($split[1]); // create assoc. array ${$split[0]} = urldecode($split[1]); // form the variables } echo $sender_name . 'br/' . $arr['sender_name']; ? That routine should create variables with the names of the arguments as well as an associative array of the string HTH Dan -Original Message- From: zedleon [mailto:[EMAIL PROTECTED] Sent: 13 February 2006 14:38 To: php-general@lists.php.net Subject: [PHP] Converting piped data to values from html to phpcgi I am using php as a cgi. The data from my html is piped through stdin using this code: ? $fp=popen(cat,r); $str=fgets($fp); print $str; ? The result I am getting looks like this: (which is correct) sender_name=zedleon[EMAIL PROTECTED]sender_msg=This+is+a +testSubmit=Submit What I need to do now is to convert the piped string into the individual values $sender_name, $sender_email, $sender_msg. Does anybody know a way to do this...any help is appreciated. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Newbie Question Can't insert values into MySQL DB via PHP
Also when specifying the field list (and table name) it may be a better idea to wrap the values in backticks (`) rather than quotes (') Always works for me Dan -Original Message- From: Barry [mailto:[EMAIL PROTECTED] Sent: 10 February 2006 10:31 To: php-general@lists.php.net Subject: [PHP] Re: Newbie Question Can't insert values into MySQL DB via PHP Duggles Temple wrote: Hi, I'd like to say in advance that I am sorry about the silly and very newbie question I'm asking. I am having a problem with a shop system. I can't add values into the MySQL DB via a PHP statement. The values are being transferred from one page to another (know that from the echo statement), but the SQL statement isn't working. What error do you get? The statement is as follows: $conn = mysql_connect($DBhost,$DBuser,$DBpass) or die('Unable to connect to database'); $t = $_GET['newdvdtitle']; $y = $_GET['newdvdyear']; $c = $_GET['newdvdcost']; $p = $_GET['newdvdpurchased']; @mysql_select_db($DBName) or die(Unable to select database $DBName); $sqladd = INSERT INTO 'dvd' ('id', 'title', 'year','cost','purchased') VALUES ( NULL , '$t', '$y', '$c' , '$p' ); echo $sqladd; $result = mysql_query($sqladd); Insert Into dvd (title, year,cost,purchased) When the id is auto_increment you dont have to add it to the query. Barry -- Smileys rule (cX.x)C --o(^_^o) Dance for me! ^(^_^)o (o^_^)o o(^_^)^ o(^_^o) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] suggest a cart...
Zen Cart http://www.zen-cart.co.uk/ Open source and very well supported... lots of user contributions too Dan -Original Message- From: Ross [mailto:[EMAIL PROTECTED] Sent: 08 February 2006 13:08 To: php-general@lists.php.net Subject: [PHP] suggest a cart... Hi, I am looking for a cart that allows me to do the following -Add new items with image -deleted items -indicate when an item is sold put - is integratable with paypal R. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] suggest a cart...
(I hope this message works... mail server has been playing up) Zen Cart http://www.zen-cart.com Open source, great support and user contribs HTH Dan -Original Message- From: Ross [mailto:[EMAIL PROTECTED] Sent: 08 February 2006 13:08 To: php-general@lists.php.net Subject: [PHP] suggest a cart... Hi, I am looking for a cart that allows me to do the following -Add new items with image -deleted items -indicate when an item is sold put - is integratable with paypal R. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Adventures in Cookies
I would have thought this was standard behaviour... Different browsers [can] store their cookies in different locations on the drive don't they? It's my experience that cookies are always handled autonomously and asynchronously by browsers (ie set a cookie in one browser and another won't see it) Either way I don't believe this to be a PHP specific issue :) Just my tuppence worth Dan -Original Message- From: tedd [mailto:[EMAIL PROTECTED] Sent: 23 January 2006 16:31 To: php-general@lists.php.net Subject: [PHP] Adventures in Cookies Hi all: While I'm sure this is obvious for most, but I just discovered this. Using one browser (browser A) I can access one of my pages and create a cookie with a user input value. Then using a different browser (browser B), I can access the same page and create another cookie with another user value. Now, it would seem to me that I shouldn't have two cookies with the same name both having different contents, but that's exactly what I've found -- for browser A will produce one value and browser B will produce another value. Now, does anyone know where it says in any php documentation that COOKIE values are dependent upon browser type? tedd -- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __ NOD32 1.1372 (20060119) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] help me pllzzzzzz
Or my sense of sailing to deadlines :) -Original Message- From: John Nichel [mailto:[EMAIL PROTECTED] Sent: 18 January 2006 16:11 To: php-general@lists.php.net Subject: Re: [PHP] help me pllzz Jay Blanchard wrote: [snip] i am having 2 combo box one for city another one for country,when i select particular country say india their corresponding cities will be displayed in city combobox as delhi,bangalore.,when i select Australia thier cities like perth,brisbanewill be displayed.plz help me itz very urgent. [/snip] H, is everything you do urgent? I think he and I must have the same boss. -- John C. Nichel IV Programmer/System Admin (ÜberGeek) Dot Com Holdings of Buffalo 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __ NOD32 1.1370 (20060118) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Image size?
I would say this is what you need http://uk2.php.net/manual/en/function.getimagesize.php Dan -Original Message- From: William Stokes [mailto:[EMAIL PROTECTED] Sent: 11 January 2006 12:22 To: php-general@lists.php.net Subject: [PHP] Image size? Hello, Can I get pixel sizes from a uploaded web applicable image with PHP? I mean width and height as pixels. If so How? Thanks -Will -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __ NOD32 1.1356 (20060108) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] include() problem
Check this out http://uk2.php.net/reserved.variables DOCUMENT_ROOT will give you the root of your site -Original Message- From: Nuno Trancoso [mailto:[EMAIL PROTECTED] Sent: 09 January 2006 14:56 To: php-general@lists.php.net Subject: [PHP] include() problem This may sound dumb, but i have been up all night going through php/apache docs, and still have not found an answer.. Throughout a site i need to include files that are scattered in subdirs, sometimes up in the dir tree, sometimes down. Bad design i know but i have to live w/ it... Problem is in the way Apache/PHP see stuff. If i include /somefile.htm in html, it means somefile.htm wich is at site root dir. In PHP it looks like it means somefile.htm at SERVER root dir. I can use getcwd() and go around truncating/adding to the string until i get a path to use with set_include_path() to add the site root dir to the include path, but it just seems wrong to waste cycles doing it... So, question is, is there a more direct/elegant way to add the site root (or any other dir for that matter) to the include path? TIA Nuno Trancoso -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __ NOD32 1.1356 (20060108) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Sessions...
Hi I'm having some trouble with sessions and was wondering if anyone could give me some insight Background: We have experienced some difficulties previously with sessions which were fixed(ish) by using ini_set(session.save_handler, files); and manually dropping a cookie with the propagated session ID in it Without the implicit cookie (and subsequent ID checking) the session wouldn't fix and changing page would make it overwrite its own data with NULL (as if the session had been restarted) Current: I've decided to rock the boat and start using a custom handler (we need to check who's online etc; the standard stuff) utilising our MySQL (v3.28) DB Seeing that I'm not great with sessions (my bad, I haven't studied enough), I used some code (pretty much verbatim) from the Zend site that sets up a sessions class. http://www.zend.com/zend/spotlight/code-gallery-wade8.php?article=code-galle ry-wade8 that's where the tutorial lives Using the custom handler the sessions are failing to fixate again, even if I drop a cookie with the propagated session ID and subsequently reuse it I used my login script to attempt to track the problem and discovered that the script that performs the login successfully writes to the database but when it returns to the main page the session is present in the database but the session value field is, once again, empty Er, help. Please. I'm running out of hair to tear out :-) TIA and apologies if this has already been answered or this is a halfwitted question Dan
RE: [PHP] can someone explain this query to me
WHERE id IN (1,2,3) Is the same as saying WHERE id = 1 OR id = 2 OR id = 3 Few more details in this link http://www.w3schools.com/sql/sql_in.asp HTH Dan -Original Message- From: Ross [mailto:[EMAIL PROTECTED] Sent: 20 December 2005 12:07 To: php-general@lists.php.net Subject: [PHP] can someone explain this query to me $query = delete from meetings where id IN (.implode(,, $ids).); Just the end bit, ids is an array of values (1,2,3,4,5) what does the IN do?? Ross -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __ NOD32 1.1328 (20051219) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] 1 ip address go here all others go here
[snip] In short, it cannot really be trusted. notice the last 7 words [/snip] Any external data introduced into a script can't be trusted... including $_GET and $_POST That doesn't mean they shouldn't be used... just used carefully Also if you want to use the IP address maybe REMOTE_ADDRESS would be favourite -Original Message- From: Dave Carrera [mailto:[EMAIL PROTECTED] Sent: 13 December 2005 16:23 To: Jay Blanchard Cc: php-general@lists.php.net Subject: Re: [PHP] 1 ip address go here all others go here Jay Blanchard wrote: [snip] Is there a way of sending users with a local ip address say 127.0.0.1 and 192.168.xxx.xxx to goto one page and all other visitors to goto another? [/snip] Yes, there is. $_SERVER['REFERER'] will give you the referer mosy of the time. More info from TFM can be found here; http://us3.php.net/reserved.variables Header can then be used to redirect header(Location: http://www.example.com/;); /* Redirect browser */. More info from TFM can be found here; http://us3.php.net/header snip from TFM 'HTTP_REFERER' The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted. notice the last 7 words -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __ NOD32 1.1320 (20051212) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP/MySql noob falls at first hurdle
Hi [snip] ? while($ouput_row = mysql_fetch_array($result)) { ? [/snip] Try: while($ouput_row = mysql_fetch_array($result, MYSQL_ASSOC)) [snip] ?=$output_row[projTitle]?br / [/snip] You have missed the ; (semicolon) after [projTitle] also Dan -Original Message- From: Paul Jinks [mailto:[EMAIL PROTECTED] Sent: 09 December 2005 11:51 To: php-general@lists.php.net Subject: [PHP] PHP/MySql noob falls at first hurdle Hi all I've been asked to put simple database interactivity on an academic site. They want users to enter a few details of their projects so other researchers can search and compare funding etc. How difficult can that be, I thought I've built the database in MySQL and entered some dummy data, and I'm now trying in the first place to get the data to display with a simple select query to display the variable projTitle from the table project thus: head snip ? $SQLquery = SELECT projTitle FROM project; $result = mysql_query($SQLquery) or die (couldn't execute query); mysql_close($connect) ? body pResult of b?=$SQLquery ?/b/p p ? while($ouput_row = mysql_fetch_array($result)) { ? ?=$output_row[projTitle]?br / ? } ? /p /body When I view the page I get this: pResult of bSELECT projTitle FROM project/b/p p br / br / br / br / /p There are indeed 4 entries in the database, but I can't figure out why it's not displaying the data. It worked fine on my PHP/Mysql-in-a-box course. No, we didn't study the syntax :( Any help gratefully received. Thanks Paul -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __ NOD32 1.1316 (20051208) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: PHP/MySql noob falls at first hurdle
[snip] Hi Paul, Why you are closing your connection before finishing your work on the database? Zareef Ahmed [/snip] I think Zareef has spotted the most important problem here Try removing the mysql_close() and trying it Dan -Original Message- From: Paul Jinks [mailto:[EMAIL PROTECTED] Sent: 09 December 2005 15:05 To: php-general@lists.php.net Subject: Re: [PHP] Re: PHP/MySql noob falls at first hurdle Brice wrote: Try to check the key of your result row with a print_r or a var_dump command. Brice Favre http://pelmel.org/ Like this? ?php while($ouput_row = mysql_fetch_array($result)) print_r($output_row); ? Apologies if this is pathetically wrong. Like I said, I'm a total noob. The above returned no data or errors, by the way. Thanks Paul -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __ NOD32 1.1316 (20051208) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Browser Control Help
Rather than trying to prevent theft of your images why not create a little app that steganographs some copyright information... With some thought it's possible to hide textual content within an image At least then you can prove it was yours... Just a thought Dan -Original Message- From: Chirantan Ghosh [mailto:[EMAIL PROTECTED] Sent: 05 December 2005 16:37 To: Jason Petersen Cc: php-general@lists.php.net Subject: Re: [PHP] Browser Control Help Thanks Jason, I am always ready to be enlightened by ones who know better than me. As you suggested, I really would love to get a watermark which is invisible with initial viewing but activated once a copying/printing command ( Can be Ctrl+C or Alt+Printscreen) is used. If you can help it would be delighting. Thanks, C - Original Message - From: Jason Petersen [EMAIL PROTECTED] To: Chirantan Ghosh [EMAIL PROTECTED] Cc: php-general@lists.php.net Sent: Monday, December 05, 2005 11:27 AM Subject: Re: [PHP] Browser Control Help I wish I had a dollar every time I've seen a question like yours, it seems like a lot of new developers think they need to fundamentally alter the way the browser works to protect their content. The fact is, if you're putting content on the public web, it can--and will--be downloaded by all of your visitors. (they have to download it to display it after all) You're going the wrong way about protecting your images. No matter what Javascript tricks you try to use, all I have to do is disable Javascript. And you're going to seriously annoy your visitors who are not technically savvy, whether they have the intention to steal your content or not. Personally I would not come back to a site that assumes I'm a thief. You might want to look into other methods to protect your content, such as login authentication and watermarking. PHP can help with these. But if you come on this list and demand ridiculous things, don't expect to be taken seriously. A better way to ask your original question would have been: How can PHP help protect web content? Best, Jason On 12/5/05, Chirantan Ghosh [EMAIL PROTECTED] wrote: Hi Jason, You sound offended...Happy Christmas to you too! If you really wanted to know what I was addressing please read what Dan (Parry) wrote. Keep smiling after all its Dec, C - Original Message - *From:* Jason Petersen [EMAIL PROTECTED] *To:* Chirantan Ghosh [EMAIL PROTECTED] *Sent:* Monday, December 05, 2005 10:57 AM *Subject:* Re: [PHP] Browser Control Help 1. PHP is server side, not client side. 2. You don't have a working version, my browser is fully functional on your site. 2. No one is interested in ripping off your Dreamweaver-generated site anyway. Best, Jason On 12/5/05, Chirantan Ghosh [EMAIL PROTECTED] wrote: Hi All, I was wondering how do in trick in PHP page head part? I want to disable Ctrl, Atl, Print Screen and also remove the File, Edit, View menus from the browser. I already have a working version with disabled Ctrl, Atl, Print Screen ( http://www.art-nyc.us/ )but I need some help with coding with the later. If someone can please help me remove the File, Edit, View menus from the browser in PHP it would help a LOT. Thanks, C -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __ NOD32 1.1311 (20051202) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php