Re: [PHP] session timeout
From: [EMAIL PROTECTED] How do I set the session timeout - eg someone leaves a broweser for say half an hour then have to log in again.. As I'm on an intranet I want to increase ro 3 hours Pete, Change the default configuration of the option session.cookie_lifetime in the php.ini This won't help when the garbage collection deletes the session file after 24 minutes (default), though. Yeah, you'll have a valid session ID in a cookie for 3 hours, but no matching session file. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] msession - giving me a hard time
From: Guillaume Dupuis [EMAIL PROTECTED] Now, I am testing the interaction of 2+ servers working together. From SERVERA I create and echo the my SID using echo session_start(); echo session_id();echo $SID;, and then I follow a link (within the same browser session) to SERVERB and then do the exact same 3 calls. They give me different $SID ??? When you go from SERVERA to SERVERB, you do not carry over the same session ID, though. SERVERB, not seeing a session id passed to it, starts it's own session. You need to pass SID in the URL when linking to the different servers. No way around this. The session id can be carried in the cookies once you're operating on the same server, but when going from one server to another, you must manually pass it. a href=http://SERVERB??=SID?SERVERB/a ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Why would this eregi() function not work?
Dave G wrote: PHP Gurus, I have an eregi() function that I'm using to validate emails that users enter into a form. I pretty much took it directly from the book PHP and MySQL Web Development. It looks like this: (!eregi('[EMAIL PROTECTED]', $email) 1. Special characters within brackets do not need to be escaped. [.] will match a period. 2. If you're going to include a hyphen within brackets, it needs to be the last character, otherwise you're signifying a range. [a-z] is a through z. [a-] is a or a hyphen. 3. I don't think a hyphen is even legal in an email address... ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] testing a variable
From: Adam Williams [EMAIL PROTECTED] I need to test a variable to see if it contains a value or not, and if not, do something. [snip] if ( !isset($var ) { echo do something;} That's the correct way. What I am doing is checking a field in an sql table, and if the field is null, empty, etc... then do something. so what is the best way to check the field if its null, empty, etc...? The variable might be set, yet empty, though. So you may want to add if(!isset($var) || empty($var)) { echo do something; } ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] overriding string concatenation '.'
From: tirumal b [EMAIL PROTECTED] I have an ip addr in a variable. I use 'ssh'.$ipaddr.'command' in a php file The dots in ipaddr variable are considered to be string concatenations. No they are not. Show some examples. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] overriding string concatenation '.'
From: Chris W. Parker [EMAIL PROTECTED] CPT John W. Holmes mailto:[EMAIL PROTECTED] The dots in ipaddr variable are considered to be string concatenations. No they are not. Show some examples. What am I missing here? How is the dot operator not considered concatenation? $concatenatedString = 'a'.'concatenated'.'string'; We know periods are for concatination, but periods _within_ strings are not. $ipaddr = 122.122.122.122; $str = 'a'.$ipaddr.'string'; From the way I read that, the periods _within_ $ipaddr were being seen as concatination characters (according to OP), which doesn't make sense. So I wanted an example. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Why is this code not working?
From: Dave G [EMAIL PROTECTED] PHP Gurus, If you say so... I'm trying to put the results of a query into an array. My code looks like this: ?php $query = SELECT datecolumn FROM table WHERE MONTH(datecolumn) = . $currentMonth; $result = mysql_query($query); $numRows = mysql_num_rows($result); for($i = 0; $i$numRows; $i++) { $workshops[$i] = mysql_fetch_row($result); echo $workshops[$i] . br /; } echo The results of the array are - . $workshops[0] . and . $workshops[1]; ? When I run this, the output to the screen says: --- Array Array The results of the array are - Array and Array --- Exactly what it should be. mysql_fetch_row returns an array, which you're assiging to $workshops[0] and $workshops[1]. Try: echo The results of the array are - . $workshops[0][0] . and . $workshops[1][0]; Or, even better... $query = SELECT datecolumn FROM table WHERE MONTH(datecolumn) = . $currentMonth; $result = mysql_query($query); while($r = mysql_fetch_row($result)) { $workshop[] = $r[0]; } echo The results of the array are - . $workshops[0] . and . $workshops[1]; ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Getting an uploaded picture
From: Mike R [EMAIL PROTECTED] I thought about that, but figured I'd ask first - particularly since I wasn't sure which code to send: the code for uploading the pictures or the code that displays the pictures/links to them? Show the code that displays the links to them and some of the resulting HTML. Are you using a PHP page to serve the images, or linking directly to a .gif/.jpg file? ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Need a nicer way to escape single/double quotes....
Scott Fletcher [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... I haven't found a more efficient way to better escape the quote characters for the javascript right from PHP because I only get The kid in the javascript alert message, so I'm wondering if anyone of you know of something better than that... --snip-- form name=Test_Form ? $test1 = The kid's name is \Bob!\; $test1 = htmlentities($test1,ENT_QUOTES); instead of addslashes. echo input type='hidden' name='htmlTest1' value='.$test1.'; ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] validate names with regex
From: Chris W. Parker [EMAIL PROTECTED] Can someone post a function or regex that can validate names (first and last)? The most important bit is that names like O'Malley and Hope-Jones are not barred. I use this: //allow a possible ', -, or space in name. ' will //be replaced with \' by magic_quotes upon //form submission (so we search for \\\') $match = ^[a-z]+([- ]{1}|(\\\'))?[a-z]+$; along with eregi(), but it can (should) be easily adapted to a syntax compatible with preg_match(). I remember a large discussion about this a while back. Archives may be useful. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Changing case
From: Robert Sossomon [EMAIL PROTECTED] I have a form that allows for an item to be entered, the other pieces have been fixed so far that were bogging me down, but now I am looking for a way to convert any entry in the form to be UPPER case so that when the quote is listed, they are alphabetical. http://us2.php.net/strtoupper ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] keyword searching
From: Adam Williams [EMAIL PROTECTED] I'm using Informix SQL. Could have saved some bandwidth by mentioning that in the first place and only posting to either php-general or php-db (which is more appropriate), not both. :) Ignore what my other posts said, as I don't know how Informix works. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] validate names with regex
Chris W. Parker wrote: CPT John W. Holmes mailto:[EMAIL PROTECTED] on Wednesday, November 12, 2003 2:09 PM said: $match = ^[a-z]+([- ]{1}|(\\\'))?[a-z]+$; along with eregi(), but it can (should) be easily adapted to a syntax compatible with preg_match(). I'm wondering two things: 1. Is there a performance difference between ereg() and eregi()? I'm thinking it might be better to change [a-z] to [\w]. Would probably be better to use \w, but best overall to just use preg_match(). The preg_* functions are faster than the ereg* functions... I remember a large discussion about this a while back. Archives may be useful. I couldn't find anything, but I was pretty sure it had been discussed before as well. Happen to know the subject of the thread? I looked through 40 pages of archives and couldn't find it either. :) It had to deal with validating an entire name and capitalizing it with the whole McNab vs MacNab vs O'Reilly vs Marco de Blabla or whatever. If I find it, I'll forward it your way. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] help create community newbie guide to security
Lawrence Kennon wrote: For a BBS I would like to let users post links to various resources. They 'post' a message to the BBS via a form and that is stored in a MySQL db, then the content of their 'post' is available to other users on the BBS. Currently I strip out all PHP/HTML with the strip_tags() function. What I would really like to do is allow a limited set of HTML tags (like the anchor a tag) but at the same time implement reasonable protection. Get yourself a bbcode parser from phpclasses.org so you can use things like [b] [/b], and [url=] [/url], etc. This is safer than trying to deal with actual HTML, imo. Then use htmlentities() on the data instead of strip_tags(), so the users can actually write something like grin and not have it stripped. In regards specifically to the HTML anchor tag a, are their guidelines for what should, and should not be allowed? In other words if I simply allow all of these tags (implementing the algorithim you mentioned above) are their potential problems with that? Or are there specific things I should be looking for with tags? The problem is with deciding what attributes to allow in tags. If you use strip_tags() and decide to use the second parameter to allow b tags, I can write a b onmouseover=... tag that'll execute some javascript for me. It's easy enough to stop that on a b tag, but what about an img or a tag where you have to allow certain attributes and you never know what order they'll be in? That's why a bbcode solution is the best, imo, and use htmlentities() on everything else. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Unique ID
Marek Kilimajer wrote: Dimitri Marshall wrote: I'm making a message board and I've decided the best way to go about the structure is to have 3 tables, two of them will be Posts and Replys. Now, in order for this ti work, each post has to have a UniqueID - same with the replys. Looking at another program, I can see that one way to do this is to do it by rows (ie. count how many rows, add 1, then that is the ID). It would be unique because no two rows would be 1 for example. The problem I can see is that the database would become incredibly huge (size wise I mean). I want to delete the posts after 30 days, and if I delete the row, then that would mess up the row system. Any suggestions? Have you heard about auto_increment? Read on: http://www.mysql.com/doc/en/example-AUTO_INCREMENT.html Keep reading about database design, too. You'll only need one table and a parent-child relationship. The initial post will have a parent of zero and child posts under it will have a parent column relating back to the original post. I may not have explained that the best way, but there are plenty of articles out there about it. Have fun. :) -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Time problem
Erin wrote: Hi All, Sorry if this has been asked a 1000 times and if its easy to find in the php manual but i cant seam to solve this. How do i convert a timestamp in to a normal readable time date ie 2003155023 into 11th November 2003 @ 15:50:23 IFF the timestamp is coming from MySQL (which has that format), then you should use DATE_FORMAT() in your query to do the formatting. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Solutions for 1970 epoch date restriction
YC Nyon wrote: I have a table that includes 3 columns for day, month and year. Example: Day, Month, Year 11,Jan, 1974 4,Sep, 1921 ... ... I need to construct a query where users can specify a starting date. Currently, I stuck in mktime function became of the 1970 epoch problem. It gives an error for dates before 1970. Anyone has a solution? Why are you using three separate columns? What database are you using? -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How can i run DOS command from browser
imran wrote: Any one know that how can me run a script from command line after receving the input from FORM thru browser Assuming your talking about running a program on the server, take a look at exec(). If you're wanting to run something on the user's computer, ummm, no. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cross Site Scripting (and SQL Injection)
Shaun wrote: Is there a way to filter metacharacters from all $_POST values sent from pages on my site in an effort to eliminate the majority of XSS attacks? There's no magic function that's going to protect you from Cross Site Scripting or SQL Injection. Do you honestly even know what they are or how they work? You need to understand that first. Then, once you understand what's going on, htmlentities(), addslashes(), etc, will help. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: High bandwidth application tips
From: Richard Baskett [EMAIL PROTECTED] * use recent mysql 4.x The new versions have ability to cache results of often used queries, and return the results very fast without even touching the disk. Note that this is much better for web apps than usual query cacheing that many databases offer. How do you get mysql to do it's own caching like you mentioned? This is a PHP list, so I'd suggest you start reading here: http://www.mysql.com/doc/en/Query_Cache.html ;) ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Adding a log file
Erik Osterman wrote: Consider using this // // STDERR logging function // function warn( $msg, $die = 0 ) { $fp = fopen(php://stderr, 'w') or die(Failed to open STDERR); fwrite($fp, [.strftime(%Y-%m-%d %T).] $msg\n) or die(Failed to write to stderr); fclose($fp); if($die) die($msg); } There is also the error_log() and syslog() functions. http://us2.php.net/error_log http://us2.php.net/syslog -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Input Validation of $_SESSION values
From: Boyan Nedkov [EMAIL PROTECTED] [snip] ... Short of any severe bugs in PHP's core, there is no way for a user of your Web application to modify session data ... [/snip] It seems that statement is not completely correct considering the topic discussed in the paper 'Session Fixation Vulnerability in Web-based Applications' (http://secinf.net/uplarticle/11/session_fixation.pdf). I am also interested in the session security issue so any comments on that publication are welcome. No, the statement is still correct. The paper discusses how malicious users could possibly set the SESSION_ID to a predetermined value and then hijack the session because they know it's value. They still cannot directly change session variables that your script is creating. In order to combat session fixation, use the session_regenerate_id() function: http://us2.php.net/manual/en/function.session-regenerate-id.php ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] File creation date.
From: Carles Xavier Munyoz Baldó [EMAIL PROTECTED] I want to write a PHP function for delete the files in a directory older than 1800 seconds. Is there any function for it ? Start here: http://us2.php.net/manual/en/ref.filesystem.php ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] File creation date.
From: Carles Xavier Munyoz Baldó [EMAIL PROTECTED] I want to write a PHP function for delete the files in a directory older than 1800 seconds. Is there any function for it ? Read this thread, too: http://www.phparch.com/mailinglists/msg.php?a=701737s=Mike+Migurski+findsp=1 If you can get your hands on a September issue of php|architect, I had a paragraph about this in my Tips 'n Tricks column. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySQL Password Function
From: Raditha Dissanayake [EMAIL PROTECTED] From: Shaun I am trying to make my site more secure, can anyone suggest a tutorial on using the mySQL password function with PHP. I can't find anything through google... it's very simple intead of using insert into users set userPassword='123'; you say insert into users set userPassword=password('123'); And the column type should be CHAR(16) or VARCHAR(16), as the result of PASSWORD() is always 16 characters. Oh, and this will do almost NOTHING to make your site more secure. Why do you think it will? ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] High bandwidth application tips
From: Luis Lebron [EMAIL PROTECTED] Excellent tips. I think I'm really going to have to polish my sql skills for this task. Any good tools for benchmarking sql queries? If you've been following the Load Stress Tool thead, this program: http://jakarta.apache.org/jmeter/index.html was mentioned. The web site mentions that it can be used to also benchmark SQL queries through JDBC. Seems very useful indeed... :) ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySQL Password Function
From: Raditha Dissanayake [EMAIL PROTECTED] Oh, and this will do almost NOTHING to make your site more secure. Why do you think it will? You are partly right about this we had a nice flame war about this very issue couple of weeks ago on the jabber lists. Anyone interested in the nitty gritty can google on the jabber archives. I still use the password() function whenever i can cause i only have to type in about 10 keystrokes anyhow, the reason is that it will keep other users of the database from accidentaly seeing passwords that they shouldn't. Since this is one way hashes it cannot be decoded. Almost any argument that applies for/against /etc/password would apply to mysql password() as well. True, true. I actually use MD5() for the same reason, but, really, if someone has access to the database to read the hashes, odds are they have access to the rest of the database and your code. So what are you protecting really? In my eyes, it's just another tool to keep honest people honest... ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] preg_replace ^M
From: Torsten Rosenberger [EMAIL PROTECTED] i try to replace a string in a file but if i have linefeeds in the string the output file after the replacement has ^M carachters in in Some text editors will display \r as ^M. So, if you're file uses \r\n as the newline, you'll see these ^M at the end of each line. Using a different text editor or adjusting the properties of the one you've got should fix this. Either way, they shouldn't be visible on the actual PHP/HTML page when viewed over the web. this is an editor issue, not a PHP one, really. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] preg_replace ^M
From: Torsten Rosenberger [EMAIL PROTECTED] Those are \r characters from dos newline (\r\n). Generally they are not harmful and many editors can work with them without problems (vim). You can use some utility commands to convert to or from dos or unix newlines. But i'm working under Linux. Doesn't matter... I made a test with HTML Template IT and addBlockfile and thats the same. So that program is writing \r\n as the newline instead of just \n. It's still just your editor that's displaying the ^M. Maybe you should get a new editor. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Send data Header Response
From: Jonathan Villa [EMAIL PROTECTED] I would like submit a form to a page, do some processing on that page, then if need be, return to the referrer but also send the submitted data along with it... and data is coming from a POST form, not a GET. I tried header('location:'.$referrer.'?data'.$_POST); Can you send the data back to the referrer as GET data (in the URL)? If you must POST it back to the referrer, then you'll need cURL or search the archives for a function called posttohost() (not a core php function, btw). ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] restricting text fill on a text area
From: Ian Truelsen [EMAIL PROTECTED] I want to set up a sized div on my page and be able to fill it with text from a text file. Easy enough, but I want to be able to 'sense' when the text area fills, no matter what size text the browser has set. Client side issue, not PHP. Ask on a Javascript list. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] To format a number
From: [EMAIL PROTECTED] I have a number for example 5 and I would it transform in 5,00. I tried with round() but it doesn't add the numbers after comma with an interger number. Does some funtion that make this exist? You mean some function that'll format a number? Hmmm... number_format() ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Replacing text on page, but not in img tags
Taylor York wrote: Lets say im trying to replace every occurance of 'hello' with 'bhi/b'. Here's something that's probably close to what you want. Something else you need to worry about besides img tags is what if the word hello appears in a a tag? within Javascript? This will match anything outside of tags, at least, and then add in the strong tags around hello. function callback($match) { return str_replace('hello','stronghello/strong',$match[0]); } $new_str = preg_replace_callback('/([^]+)/','callback',$str); -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Printing from PHP
Peter Goggin wrote: Is it possible to have a php a script that will run on my server but let me print to my client network printer? No. PHP is server side, printing is client side. If php will not support access to a client printer is there any way of embedding a Form Feed in the display so that if the screen report is printed than the data will be correctly paginated? Again, client side issue. Use CSS. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Issues with Mysql 4.0 and PHP in a production environment
From: Luis Lebron [EMAIL PROTECTED] Are there any issues with running PHP 4.3.X and Mysql 4.0 in a production environment? Of course there is. If you write crappy code, your program will suffer. If you don't write crappy code, well, then you're fine. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [Stats] PHP Net List: October 2003
John Nichel wrote: Hey, I beat John Holmes You mean you're bigger than 14 inc... err, nevermind, you're talking about something else... -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Changing the php.ini file
Mike At Spy wrote: I changed a value for max uploads in my php.ini file (linux box); I restarted apache, then the whole server, to get the new value to come up and, generally, take affect. Neither of those things did it. Does anyone know what I need to do to get the ini file re-read by the OS, or system, so that the new value goes into effect? Take a look at the first block of the output from phpinfo() and make sure you were editing the correct php.ini file. Actually, make sure the phpinfo() still shows the old value for your setting and you're really sure you're changes haven't taken effect. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [Stats] PHP Net List: October 2003
Jay Blanchard wrote: Aren't you dead? And have a movie? Yes and Yes. Val Kilmer asked if he could play me and I gave him the go ahead... and, umm, PHP rocks. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions within new windows
Donald Tyler wrote: What's happening is that when the new window pops up, the script isn't getting the session info properly. I changed it so that the page opens up in the main window instead of a new one and it works fine. I presume this is because the browser is not sending the session ID to the script when opening the new window. Does anyone know of a way for me to fix this without embedding the session ID in the URL? I thought the only criteria that the browser used when deciding if to send a Session ID or not was if the page is located at the same domain name. P.S. Its Internet Explorer 6 I am using. Do you have another browser you can try it in? Sounds like an IE feature to me. :) There was some discussion regarding this on the list last month. Each browser is different in whether it'll send the same cookies based upon how the new window or browser instance is started... -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Changing the php.ini file
Marek Kilimajer wrote: post_max_size is another setting that has effect on uploads. It should be higher than upload_max_filesize. Make sure it isn't Apache doing the limiting, also. Some searching will tell you the setting, but Apache has a limit itself on the size of files it'll accept. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] replace special chars
Victor Spng Arthursson wrote: Are there any good function to replace special characters, for example double qoutes, with something that are more html-safe? If only the PHP gods would bless us with a function such as htmlspecialchars() or maybe even htmlentities()... what a great world it would be... ;) Take a look at the manual pages and they convert different character sets and handle quotes differently based upon the second parameter. http://us2.php.net/htmlentities http://us2.php.net/htmlspecialchars -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Shared SessionIDs?
From: Chris W. Parker [EMAIL PROTECTED] But seriously, why is it such a bad idea? I'd like to finally figure this out so I don't keep coming up with them (not that I've ever used any). ;) I've got to remember back to what the original thread was about... :) The suggestion, iirc, was to pass an MD5() hash of the username and password in a cookie to identify the user. The problem with this is that cookies are sent plain text and can be intercepted. So, anyone intercepting the cookie and finding out the MD5() hash needs only to create a cookie on their own machine with this same hash to now become the other user. They don't need to know the actual username or password and you're script wouldn't know the difference. Now, there are some scripts that do this (forums, for example) as a sort of remember me feature, but they do it at a trade off for security. Using a method like this is saying that if one user impersonates another, it's not really going to mess up anything on the site, there's not much harm they can do, etc. An impersonated user on a forum may cause a little havoc, but it'd be real TROUBLE if done on a banking site. One way to alleviate some of the security issues is to have the hash unrelated to the username and password and have it change often. That way, even if another user gets it, it's only good for so long. Hope that helps. Contact me offline anytime for more explanation if you want. :) ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] anyway to return more than one value?
Chris W. Parker wrote: Ok I know it's not possible to return more than one value. But I'm going to explain what I'd like to do so maybe there's an easy way to do it. I've got some functions that query a database and turn the result into an array and return that array. What I'd like to do is not only return the array of results but ALSO return a row count and field count of that result. Here is some pseudo code: function get_results() { // query database $result = query($sql); // turn result set into a useable array $theResultArray = get_results($result); $rows = mysql_num_rows($result); $fields = mysql_num_fields($result); return $theResultArray; return $rows; return $fields; } Ok I know that won't work but that's just basically what I want to do. The only way around this I've come up with is to stick all the values into ANOTHER array and return then and then dissect that array in the calling function, but that just seems messy. Are you talking about something like this: $retval['result'] = get_results($result); $retval['rows'] = mysql_num_rows($result); $retval['fields'] = mysql_num_fields($result); return $retval; -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] FTP_DELETE!
Dimitri Marshall wrote: Just wondering what to put for the resource ftp_stream in the following: ftp_delete ( resource ftp_stream, string path) the result of ftp_connect(). -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] the function of the @ symbol?
Wouter van Vliet wrote: What would it suppress, the notice: undefined variable $first on line 44 notification? Exactly. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Input Validation of $_SESSION values
Pablo Gosse wrote: As to your last point, can something else change the session vars other than my php scripts, answers to that question are exactly what I'm looking for. Other PHP scripts on the same server (doesn't have to be same domain) and most anything that can access the filesystem could modify the session files. If you're on a shared server, (default) sessions can be modified by other users. If you've got a dedicated server, sessions are safe. I'd recommend saving sessions in the database on a shared server. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] FTP_DELETE!
Dimitri Marshall wrote: Don't know what that is because I don't connect to FTP. The files upload fine, but I just want to know how to delete them. Is the result of ftp_connect() the $host in mysql_connect? If you're talking about deleting files on the same filesystem as your PHP scripts, then use unlink(). ftp_delete() is for something else that can't be used unless you use ftp_connect(). -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php|cruise - do unto others...
From: Becoming Digital [EMAIL PROTECTED] php|cruise is coming this March. Final word on this, I promise! :) I'll be on the cruise, so I'm looking forward to meeting anyone else that'll be there. Contact me offline if you want. I wanted to say think you to all of those that contributed to the cause. I ended up getting $71.03US that helped towards the price. (more donations are still welcome, of course, to offset my empty bank account, now). Thanks to Edward for bringing this up in the first place! ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] help with EVAL direct
From: [EMAIL PROTECTED] OS RedHat 9 and RedHat 7.2 Apache 1.3.27 and Apache 2 I have problem with direct eval, in version PHP4.2.2 is all OK in version PHP 4.3.3 - direct eval bad here cut code $s = '$ret = ibase_execute($this-query, $arg_list[0], $arg_list[1], $arg_list[2], $arg_list[3], $arg_list[4], $arg_list[5], $arg_list[6]);'; eval($s); end cut code in PHP 4.3.3 - log message [Tue Nov 4 08:37:07 2003] [error] PHP Warning: ibase_execute(): attempted update during read-only transaction in /www/test.php(204) : eval()'d code on line 1 not write to DB Wild guess here, but it looks like you're trying to do an UPDATE query where you're only allowed to do a SELECT query (read-only). The error is not because of eval(), it's because of an incorrect usage of ibase_execute(). ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Stripping Decimals
From: Ed Curtis [EMAIL PROTECTED] I currently use number_format() and str_replace() to remove a , or $ if entered and reformat it as a price for an item. I've asked the user not to use decimals but some still do. How do I remove a decimal and anything after from a number in a varable? $new_number = preg_replace('/\.[0-9]+/','',$old_number); I would do that first, then a $new_number = preg_replace('/[^0-9]/','',$new_number); afterwards to remove anything that's not a number from the string. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] split ...
From: Dan Joseph [EMAIL PROTECTED] I'm getting the following error: [Tue Nov 4 10:01:53 2003] [error] PHP Warning: split() [a href='http://www.php.net/function.split'function.split/a]: REG_EMPTY in /usr/local/apache/htdocs-chm/import_data.php on line 26 Here is the code in question: $line = fgets( $file ); echo $line . br; list ( $ACTION_DESCR, $LOAN_NUMBER, $BORROWER, $CO_BORROWER, $ADDRESS, $CITY, $STATE, $ZIP, $ABANUM, $BANKACCTTYPE, $BANKACCTNUM, $ADD_PRINCIPAL, $DAYS_TRANSFER, $FILE_NAME, $DATE_CREATED ) = split( |, $line ); The | character is a special character in regular expressions, which split() expects. So, you can use split(\|,$line) which escapes the | character. Although, since you're not really using a regular expression, you'd be better off (more efficient) to just use explode('|',$line) and have the same effect. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sweet PHP backup / dump function for MySQL database
From: René Fournier [EMAIL PROTECTED] Right now, I'm using phpMyAdmin to periodically backup/dump a client MySQL database to a textfile (from which one can simply restore the database if it ever got corrupted). I'm also working on a super-simple CMS for the client to use themselves. I would like the client to also be able to easily backup his web site's MySQL database to a textfile and have that textfile emailed to whatever address he specifies. Sort of a two step approach: Enter email _ Backup and send database (click) I imagine someone somewhere has written a very nice function for doing this, which might take a few parameters, such as database, destination email address, etc. The main thing is that the function include complete inserts, extended inserts, backquotes, etc. Anyone have a sweet function like this they wanna share, and in so doing make the world a better place? :-) Easiest way to do this is an exec() call to mysqldump, then read the file and include/attach it in the email. Writing something to simulate mysqldump from within PHP would be a waste, imo. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Shared SessionIDs?
Chris W. Parker wrote: Guillaume Dupuis mailto:[EMAIL PROTECTED] We currently have 3 php servers. Can we use the same SessionID to connect across the 3 systems? If not, what would you suggest to minimize the number of login prompts, while keeping secure? Here's an idea (whether or not it's a good idea is another story): Store the username+password as an MD5 hash in a cookie, also store the user id. Then on the other servers you can read the user id and use that to pull out the username and password hash (you do hash your passwords within the database right?) from a database and then hash those two and compare the result with the cookies info. I think you missed the part where he said while keeping secure... :) Storing something like this in a cookie is in no way secure. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How do i replace table names?
Bas wrote: I want to replace something like this: $sql = CREATE TABLE bas_table ( ); With this: CREATE TABLE hugo_table ( ); And do the same for INSERT INTO... How do i do this? If you know that bas_ will not appear within your data, then a simple str_replace() will do. $new_data = str_replace('bas_','dummy_',$old_data); If you're not sure, then a regular expression or more inclusive str_replace() would be necessary. $new_data = str_replace('CREATE TABLE bas','CREATE TABLE dummy',$old_data); or $new_data = preg_replace('^CREATE TABLE bas','CREATE TABLE dummy',$old_data); -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Dates then 1970
Mark McCulligh wrote: What function(s) would you use if you want to take someone's birth day and format it on display. I have always used strtotime, then strftime but it doesn't work if someone was born in 1939. strtotime returns -1. What function would you use to take the input string 1939/11/23 and get the timestamp so I can use functions like strftime or date. You'll have to tear it apart and do the math youself. Current year minus the first four digits. If current month/day is less than month/day from string, then subtract one (hasn't reached birthday yet). If you're storing these dates in a database, you can use your query to calculate the age (unless it used unix timestamps, also). -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql_field_type() ...
Jay Blanchard wrote: [snip] ...will say if a field is of type ENUM, but not its possible values (including default). Does anyone know how I can fetch possible values of a field type of ENUM? [/snip] You would have to use DESCRIBE. So if Even better is DESC table_name column_name; so you only have to parse one row (if you're only after one row). :) -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] passing an array via GET and a hidden form element
Robb Kerr wrote: I'm trying to pass a variable from a search page to the results page via GET. The $MANUFACTURERS variable contains an array and is obtained from the URL. I've tried the following to no avail... input name=manufacturer[] type=hidden multiple id=manufacturer[] value=?php $manufacturer ? [snip] input name=manufacturer type=hidden multiple id=manufacturer value=?php echo htmlentities(serialize($manufacturer)); ? Then to get the array back on the receiving page: $manufacturer = unserialize($_GET['manufacturer); Or just stick the array in the session... $_SESSION['manu'] = $manufacturer; and on receiving page: $manufacturer = $_SESSION['manu']; -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] scalar value as array problem
Steve Turner wrote: I have a frustrating problem. I have a shopping cart class that creates session variable arrays to store the product_id and quantity. My development machine is running windows 2000 with PHP 4.3.3 and my script is working perfectly on my machine. When I upload to the remote host running FreeBSD and PHP 4.3.2 I am getting errors. I believe I am having problems with assigning the array values, and this is causing other problems. I am using this statment to assign $_SESSION['cart']['product_id'] with the quantity using a class with the add_item property. $cart-add_item($_GET['product_id'], $_GET['quantity']); I am getting this error. Warning: Cannot use a scalar value as an array in /home/designor/public_html/class.php on line 14 Warning: Cannot use a scalar value as an array in /home/designor/public_html/class.php on line 16 I have no idea what a scalar value even is. I did verify that my form was passing the values by using echo $_GET['product_id'] . $_GET['quantity']; A string or integer would be a scalar value. What you have is something like this: $a = 4; $a[] = 5; Where you initially make $a an integer, then you try to make it into an array and add an element to it. PHP is giving you a warning (not an error) about this. You may be using any of the array functions on something that's not an array to begin with. You can either fix the problem, or just adjust your error_reporting() level to not see warnings. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] stat(), file_exists(), is_file() on Windows2000
From: Chris Hubbard [EMAIL PROTECTED] The problem: all the code I've tried to test whether a temp (from a form post) is there before doing a filesize() on it is failing. I'm doing a filesize check so absurdly large files aren't copied from the temp folder to a permanent folder. (and no I can't change the ini file, already asked, I did mention unfriendly right?) What I want is a value for the filesize of the temporary file. $_FILES['userfile']['size'] ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session_regenerate_id()
From: Alexander Mueller [EMAIL PROTECTED] I am not entirely sure what the following paragraph at http://at2.php.net/manual/en/function.session-regenerate-id.php shall mean As of PHP 4.3.3, if session cookies are enabled, use of session_regenerate_id() will also submit a new session cookie with the new session id. What did it in 4.3.2? Somehow it seems its not working prior to 4.3.3 and even now its not fully compatible with Opera. PHP 4.3.2 created a new session ID, but it didn't resend the cookie. So the next request would include the old session ID again from the cookie. What are you trying to do? ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Performance of dynamically generated select boxes
From: Luis Lebron [EMAIL PROTECTED] I am rebuilding a php application to handle a higher load. The previous programmer had created a series of dynamically generated select boxes using a mysql table. Would it be faster or less resource intensive to create a series of arrays to generate the select boxes and avoid the database queries. I've done some informal testing using Pear Benchmark and it seems the array based script usually takes less time. Yeah, that would be quicker, provided the contents don't change to often. You should build a cache system where the arrays are recreated every so often so they stay current (or on demand). Take a look at var_export(). It will return valid PHP code that you can write to a file and then include() to recreate your arrays. If the file doesn't exist, trigger the function to create the array file, etc... ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session_regenerate_id()
From: Alexander Mueller [EMAIL PROTECTED] Cpt John W. Holmes wrote: PHP 4.3.2 created a new session ID, but it didn't resend the cookie. So the next request would include the old session ID again from the cookie. I wonder what it is then good for. Changing the id internally without notifying the client does not make much sense IMHO. If you're using sessions in the URL, then it works just fine. What are you trying to do? Changing the session id upon a login to prevent referal attacks. So, if PHP is less than 4.3.3, you need to use setcookie() to reset the value of the session id yourself. If you're using 4.3.3, then you don't have to worry about it. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problems with remote include
From: Pablo Zorzoli [EMAIL PROTECTED] ?php include ('http://blabla.com/script.php?var1=a'); ? [snip] script.php should echo some text, but i don't get any output. You know you're going to get the OUTPUT of script.php, right? You'll get the same exact result as if you typed the address into your browser. Is that what you're trying to do? ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] function question
From: Brian V Bonini [EMAIL PROTECTED] function splitPageResults($query, $max_rows, $count_key = '*', $page_holder = 'page') { Am I wrong in assuming that $count_key is being explicitly set to '*' in this instance? Only if no value is passed when the function is called. splitPageResults('some query',32) will result in $count_key and $page_holder getting the defaults listed. splitPageResults('some query',32,'foo','bar') will now results in $count_key = foo and $page_holder = bar More examples in the manual, I'm sure... ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Undefined Index - is this how you declare get post?
Terence wrote: Since I started using error_reporting(E_ALL), I havent found (in my opinion) a good way to declare GET and POST variables when getting them from a form or querystring. I have searched google and the docs for several hours now without much luck. ?php error_reporting(E_ALL); // This line stops the error reporting, else I get - Notice: Undefined index: i in. $HTTP_GET_VARS[i]=; if ($HTTP_GET_VARS[i] == ) { include(myfile.php); } ? Is there a better way? I have tried var $i (only for classes I've discovered) settype($i, integer) Thanks in advance. isset() is your friend. if(isset($HTTP_GET_VARS['i']) $HTTP_GET_VARS['i'] == '') { include('myfile.php'); } This will not trigger any warning, even under E_ALL. In response to some of the other posts, developing at E_ALL is a good idea as it'll help you spot potential problem areas. Also, even though you have a form element defined, it may not always appear in $HTTP_GET_VARS/$_GET (post, etc). One example are checkboxes. If no boxes are checked, the variable is never created and this is the way to check. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Menu populated based on previous menu
From: Robb Kerr [EMAIL PROTECTED] Searched all the sites I could find for this problem to no avail. I have two dropdown menus in a form. The first menu contains a list of MANUFACTURERS obtained from a database. The second contains a list of MODELS also obtained from the database. I want the second menu to be populated based upon the selection in the first. In other words, once a visitor has selected a MANUFACTURER they'll be presented with a list of MODELS that are available from the selected MANUFACTURER. I know how to do the queries, but don't know how to initiate the query and rebuild the second menu when the first selection is made without adding a SUBMIT button and loading a second page. Anyone know how to accomplish this? Thanx in advance. This is a pretty common question. You need to employ some Javascript to get this to work the way you want it to, though. To do this purely in PHP, then the SUBMIT button required, as PHP cannot change the client side form elements, only the source code sent to the browser. That said, you can use your queries in PHP to build the Javascript variables / arrays. As you loop through the query results, you create the arrays with all of the possible MODEL values. Then when your user selects a MANUFACTURER, the javascript reads the arrays that PHP wrote into the source code and loads the appropriate one into the MODEL select box. Keep searching, examples are out there. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php sessions
From: Chris Shiflett [EMAIL PROTECTED] --- Rob Adams [EMAIL PROTECTED] wrote: Test it yourself. With all due respect, it seems you should be doing the testing. Login to a PHP app using a standard browser and session cookies and see for yourself. I understand the philosophy of the web server only seeing what the client sends it, but it looks like my client (IE6, right here) does send different requests per instance. Then show us these requests and point out how they are different. Otherwise, I have to assume you have no idea what you're talking about. If you are not relying on a cookie based session, then this will work. Each login could be assigned a different session ID, so the requests for each browser will be different because of the different session IDs. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Variables not passing to mail script
From: Bob Rea [EMAIL PROTECTED] At 03:59 PM 10/27/2003 -0800, Jeff - Harbornet wrote: Disregard last email. I figured it out. Thanks. Care to tell the rest of us? I'm a newby and would like to know. Hmmm, that's obvious, since you can't even spell newbie. ;) ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php sessions
From: Chris Shiflett [EMAIL PROTECTED] But I was talking about cookies anyway. Which is where different browsers have different behaviors. In IE, by default, it will not pass a cookie from a new browser window. This is very interesting. I might try to research this a bit more and see what the motivation was for doing this. From a user perspective, it seems very counterintuitive. Thanks for the info. It may depend upon how you open the second window, too. Control-N may use the same cookies whereas starting a whole new instance may not. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Shortening a String
Jason Williard wrote: I would like to display part of the output of a query. In many cases, the string returned by this query exceeds 200 characters. Is there a way to cut it off after 200 characters? Even better, is there a way to cut it off at the next space after 200 characters? Read this thread for a lot of suggestions... http://forums.devshed.com/showthread.php?threadid=23711 -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php temp table question (for mysql)
From: Larry Brown [EMAIL PROTECTED] Does anyone know whether the use of persistent connections with php will allow a temp table created by a script to linger around No, the table will still be removed at the end of the script whether you use persistant connections or not. and cause a problem with the next execution of the script when it tries to create the temp table Temporary tables are unique for that specific question. So you can have the same script creating the same temporary table and 100 people hit it without issues. Each script creates it's own temporary table with a unique name that only that connection has access to. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php temp table question (for mysql)
From: CPT John W. Holmes [EMAIL PROTECTED] Temporary tables are unique for that specific question. I mean connection, not question... I'm working on a survey system, so I have questions on my mind. :) ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem with intval and !=
Greg Beaver wrote: http://www.php.net/is_numeric is the function you are looking for. No need for fancy regexps. The OP is looking for an integer, but is_numeric() will return true for float values and also for numbers in scientific notation. So 12.3 and 12E3 will be TRUE. The original $number != intval($number) should work for detecting bad input. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] is_uploaded_file() security
From: Alexander Mueller [EMAIL PROTECTED] AFAIK the browser only sends the content of the chosen file and cannot specify in any way a local filename which should be worked on. Furthermore PHP creates a temporary file containing the uploaded file content and passes this filename as 'tmp_name' variable. How can then a malicious user try to trick the script? The user can pass the name of a file on the server. If you're not doing any checks and moving or displaying the file the user sent you, you may end up moving, deleting, or displaying any file on your server. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Random Quotes...
From: Payne [EMAIL PROTECTED] I am working on a project and I need to see sample quote for doing random quotes. These quotes will be put from a database. Can some please share me some sample code. Thanks. If you're using MySQL, you can use SELECT quote FROM Quote ORDER BY RAND() LIMIT 1 to pull a single random quote from the database. I'm sure other databases have similar queries. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] is_uploaded_file() security
From: Alexander Mueller [EMAIL PROTECTED] Cpt John W. Holmes wrote: The user can pass the name of a file on the server. If you're not doing any checks and moving or displaying the file the user sent you, you may end up moving, deleting, or displaying any file on your server. ---John Holmes... Thanks John, but only in the case global variables are active (as Marek mentioned), right? I don't think so. Test this, but I think you can just type /etc/passwd into the file name box (instead of using the browse button) and have that value submitted in the form. May be dependent upon the browser on how it's handled, though. Either way, I can still construct a POST to your site using cURL or something to simulate sending you a file with a name of a file on your server. So, validate that the file is actually an uploaded file and not a path to something else. That's why the functions exist. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session output question
From: Susan Ator [EMAIL PROTECTED] 1) Is there any way to print out active sessions names? I have $_SESSION['SID'], $_SESSION['uid'], $_SESSION['msg'] can I output the literal strings: $_SESSION['SID'] $_SESSION['uid'] $_SESSION['msg'] $keys = array_keys($_SESSION); 2) Is there any way to use a variable in a session name? can I do: $msg=20031022 $_SESSION[$msg.name] becomes $_SESSION['20031022name'] Just like that or $_SESSION[$msg.'name']. Same rules as making a string anywhere else; that's all you're doing. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Email Body
micro brew wrote: I am sending an email using mail() and it works fine. But the formatting of the body of the email is wrong. I want to format part of it in columns sort of like this: Name Quantity Price Can this be done neatly without using an html email? \t is a tab. You can use that to line things up. Like the other guy said, make sure your strings are within double quotes, otherwise things like \t and \n do not get evaluated. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] there has to be a better way...
jsWalter wrote: I need to read (write comes later) from a config file that we used to handle manually. I'm getting lazy, so I'm writing a web interface for this. Don't know if someone said this or not, but why not just use parse_ini_file() ? -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Age from birthdate?
DvDmanDT wrote: How would I get the age of someone if I store the birthdate in a date field? I just realized FLOOR((UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(birthdate))/60/60/24/365.25) wont work for persons born before 1970... :p I must get the current age in years, and I must be able to select by age... :p Any ideas? YEAR(CURRENT_DATE) - YEAR(dob) - (IF(DAYOFYEAR(dob)DAYOFYEAR(CURRENT_DATE),1,0)) AS age will work for MySQL, where dob is your DATE date of birth column. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Launch Print Dialog Box with PHP?
From: [-^-!-%- [EMAIL PROTECTED] If you must answer, to satisfy you own urges, then a simple NO would suffice. The answer is No, then. Try not to take things so personally; I'm not here to get you ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] seems like magic_quotes_gpc is turning itsself on!
From: William Bailey [EMAIL PROTECTED] I have a strange problem with one of the sites i work on and provide support for. I the following block of code that checks to see if magic_quotes_gpc is enabled and if it is it dies with an error message: if((integer)ini_get('magic_quotes_gpc')!=0){ ~debug('Magic Quotes GPC is currently active. Please disable.'); } The debug functoin just displays a sorry message on the browser and emails the description and the serialized $GLOBALS variable back to me. in the php.ini i have the following: ; Magic quotes for incoming GET/POST/Cookie data. magic_quotes_gpc = Off Now every so often say at most 1 in 100 hits a user will see the sorry screen and i get a call back email and every time its the same issue 'Magic Quotes GPC is currently active. Please disable.' Is it only for certain pages or random ones? Examing $GLOBALS doesn't give any clues, I presume? Nothing strange in the query string, etc? ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] The page cannot be displayed error
From: Sudheer Palaparambil [EMAIL PROTECTED] I am calling insert_user.php like this form method=post name=form action=insert_user.php onsubmit=return verifyIt(this); This file and the index.php are kept in the same directory. But the browser returns The page cannot be displayed error Where should I keep the insert_user.php The files are in the right place. You may not be able to use POST, try GET for your form method and see if that works. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] data type conversion in mysql using php
From: Uma Shankari T. [EMAIL PROTECTED] Is it possible to update the float value of mysql to varchar field by using php ?? mysql_query('ALTER TABLE MyTable CHANGE COLUMN old_column_name new_column_name VARCHAR(25)'); ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Destroying session if not being used from past 10 mins.
From: Binay [EMAIL PROTECTED] How can I configure the session to get destroyed, if not being used from past 10 mins. If you're using the default session handler, the session files are cleaned up after not being used for 1440 seconds (by default), and the session is basically destroyed. You can adjust the session.gc_maxlifetime setting in php.ini to adjust the time. This time isn't exact, though. The cleanup process is based upon a probability that is 1% by default. That means the process has a 1% chance of being started when there is a request to your site. So the files may be older than 1440 seconds and just waiting for the garbage collection process to be initiated. If you need it to be exactly 10 minutes of inactivity, the best method is to just store the time of the last request as a session variable and do the checking yourself upon each request. If the last request was more than 10 minutes ago, then handle it accordingly. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Destroying session if not being used from past 10 mins.
From: Binay [EMAIL PROTECTED] Is it possible to increase the probability which is by default 1% to 99 % and make sure that session are destroyed after 10 mins by setting session.gc_maxlifetime to 600. I wouldn't recommend that, but you could. The setting to 600 is fine, but I wouldn't adjust the probability. Like I said, if you need a hard and fast 10 minute rule, then keep track of the time yourself within your session. $_SESSION['last_access'] = time(); If the session variable doesn't exist or it's been over 10 minutes (600 seconds) since the last access, then make them log in again or whatever. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] (ANNOUNCE) New PHP mailing list *searchable* archives
From: Marco Tabini [EMAIL PROTECTED] This is a fully searchable archive of the PHP mailing lists with an attempt to build proper threading, keyword highlight, automatic quoted text indentation and a few other features. Everyone go check it out. The thread view and highlighting really make the search results useful. You can never have to many archives; now if we can just get people (new people) using them. ;) Ma Siva Kumar, Any chance you can add this to the [Newbie Guide] you regularly send out? Thanks, ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using cookies
Marco Tabini wrote: Joseph Bannon wrote: I think it's the responsibility of whomever is holding the key (ie, the username and password). When a user logs into my site, I put their username and password in a cookie. I then check those cookies to allow them access to membership only parts of the site. It is thus their responsibility to keep people from accessing the cookies on their machine. If I don't put the username and password on their machine and just use a session id, now the responsibility is in my hands. What the hell kind of logic is that? So now it depends on what kind of data you put in the cookie for it to be your responsibility? You are definetly not a lawyer. :) Neither am I mind you, but I think you should be held responsible for any data that's stored in a cookie. There should not be any sensitive data in cookies. Now, what's sensitive can be debated, but I'm sure it includes the username and password. IMHO, by storing the user's name and password in a cookie, you may be exposing that information to unnecessary risks by letting it go back and forth continuously on the Net (assuming, of course, that you're not under SSL and/or are using some encryption mechanism) and possibly someone could argue that you did not take the necessary steps to protect the user's data in an efficient way. Second that. The method you're using now is horrible; there's no reason to ever store usernames and passwords in cookies. You're exposing this information for every request. At least if you're using a session id instead of the actually data, only that session can be hijacked, instead of the entire account. You're not even allowed to use persistant cookies in public government sites unless you get permission from the Secretary of the Defense. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using cookies
Marek Kilimajer wrote: John W. Holmes wrote: You're not even allowed to use persistant cookies in public government sites unless you get permission from the Secretary of the Defense. Hi, this is interesting. Can you post the guidelines? Quote: This policy will be clarified to make clear that persistent cookies (i.e., those that can be used to track users over time and across different web sites) are authorized only when there is a compelling need to gather the data on the site; appropriate technical procedures have been established to safeguard the data; and the Secretary of Defense has personally approved use of the cookie. Link: http://www.defenselink.mil/nii/org/cio/doc/cookies.html -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using cookies
John Nichel wrote: Chris W. Parker wrote: John Nichel mailto:[EMAIL PROTECTED] on Tuesday, October 21, 2003 3:50 PM said: 1. Create a random ID and store it with the users record in the db. 2. If the user chooses to be remembered, stick the random ID into a cookie. 3. When a user hits a login page, look for the cookie and retrieve it if it exists. 4. Query the db to find out which user that number belongs to. 5. Fill in the form with that users login name. How do you protect against duplicates OR how do you create your random ID? I just use php's rand() function to generate a 10 digit random number Using uniqid() in conjunction with rand() gives you an even better random number, although it's larger, at 32 characters. It's basically a similar method to how the session ID is created and you shouldn't get any duplicates (especially if you're cleaning up old info). Here's a thought: How about adding an abitrary number (let's say 241757219) to every users userid and then storing that number as the random id? So let's say the first user comes along and is given the userid 1. We then create their random id by adding 241757219 to their userid. We get a random id of 241757220. Then within the login page I can subtract 241757219 from their random id and get their userid. Since the userid will always be unique (auto-incrementing) it stands to reason that the random id (using the method above) will also always be unique while at the same time not making any sense to a potential attacker. (It could even be made more complicated but use the same method.) How does that sound? Sure. Since a potential 'hacker' doesn't know your base number, it would be pretty secure. Not a good method. If I get on your site and see my cookie has the value 241757219 in it, I just need to subtract one from the number and revisit your site. Now I'm the user who registered before me. Using the rand() or uniqid() method above means I have to guess an entire random number / character sequence, which is going to be harder (or nearly impossible). -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session within a session lock?
Steve Wardell wrote: I have a page on my PHP site that needs to access itself. I open a socket connection and pass in the HTTP request header including a cookie string such as: Cookie: PHPSESSID=766bc531e9185be6b54206c944f258d9 With the session name and id of the user's current session (as I want the request to the web server to utilize the same PHP session). However, if I use the same session ID things seem to lock and the fread's from the socket just don't return any data. Why would there be a lock in doing a request within a request to the same PHP session? The original request probably still has the session file open, waiting until the end of the script to write the new session files and then close it. Try using session_write_close() before making this other request. That means you won't be able to change the session values after the request though (unless you can issue session_start() again??) This whole method you've got going on here seems really suspect, but I guess that wasn't your question... :) -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using cookies
Chris W. Parker wrote: John W. Holmes mailto:[EMAIL PROTECTED] on Tuesday, October 21, 2003 5:30 PM said: Not a good method. If I get on your site and see my cookie has the value 241757219 in it, I just need to subtract one from the number and revisit your site. Now I'm the user who registered before me. Using the rand() or uniqid() method above means I have to guess an entire random number / character sequence, which is going to be harder (or nearly impossible). But that would require that you register immediately after the person before you. Then you could compare the two numbers and figure out what the base number is, but that seems REALLY unlikely. Can you explain it a little different maybe? I only have to register once to see what kind of data you're storing in the cookie. If you're just relying on that number, all I have to do is change it to become another user. I don't need to know about your base number or anything, just send another number and see what happens. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Whats more efficient? ( echo ; or ?php echo ? )
Ryan A wrote: I have an option box on a webpage and have around 10 options on it and have run into a doubt, which is more efficient to do: 1. option value=1?php if($th_order==1){echo SELECTED; } ?Something1/option option value=2?php if($th_order==2){echo SELECTED; } ?Something2/option (or) 2. instead of having the ?php and ? mixed in the HTML is it better to echo/print the whole lines? Use a template engine to separate your presentation from your logic. :) -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Whats more efficient? ( echo ; or ?php echo ? )
Chris Shiflett wrote: --- John W. Holmes [EMAIL PROTECTED] wrote: Use a template engine to separate your presentation from your logic. :) Isn't PHP a templating engine? :-) Of course it is, but what's that got to do with separating presentation from logic (business logic)? Each one can be PHP code... :) Bad answer, I know, because his code could be a PHP template. I'm sure it's not, though. I just wanted to give a different answer from the many it doesn't matter answers. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Whats more efficient? (Conclusion)
Ryan A wrote: Just one last question, you guys can reply to this off list or on: does using a templating engine slow down pages a lot (as i have heard) or increase speed (as i have heard again) ? :-D Depends upon your application and the templating engine. Many options either way. In my cases, the benefit is easier code to maintain with no noticable slowdown. Good trade off for me. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Data modelling software
From: Hardik Doshi [EMAIL PROTECTED] Can anyone tell me which data modelling software is good for the mysql database? I'm sure you're using PHP to access MySQL, but this question has nothing to do with PHP and should be asked on a MySQL website/list or you should research what Google has to say. If I had any recommendations, I'd offer them, but I don't. :) ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: $PHP_SELF
From: Boris Sagadin [EMAIL PROTECTED] I believe the issue is where exactly is $PHP_SELF being used. $PHP_SELF isn't available inside a function, without global'ing it but $_SESSION is available all the time. Yes, but the problem in my case is that it works most of, but not all the time, so it can't be a coding problem in the script, as script never changes. Then start giving some specific examples and code, otherwise we'll just blame it on voodoo magic or something. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Print mysql errors
Joseph Bannon wrote: How do you print the error message sent back from MySQL? $resultCC = mysql_query($queryCC) or die(???); ??? = mysql_error() -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php|cruise - do unto others...
Becoming Digital wrote: php|cruise is coming this March. I'd like to really thank Edward for the kind words. I'm humbled by the comments everyone makes and very grateful for any donation, large or small, that's made. I just consider myself a regular joe here who really likes answering questions and helping people. I hope I've helped everyone at some point. I've got to agree with Larry, though, and try to keep the traffic off the list. :) I'd like to say that the Army would send me on this cruise, but PHP is no where in my job description (although I've written a lot of code for the Army). Any contribution will help me attend this and finally meet some people that know what I'm talking about. If for some reason I don't get enough or am unable to attend, I'll send the money back or donate it to a charity. I'm an honest guy; I'm not here to scam anyone. Thank you again for the kind words and charity. Now let's get back to business! :) -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Launch Print Dialog Box with PHP?
[-^-!-%- wrote: Is is possible to launch the windows print dialog box, with PHP? Perhaps with a specific HEADER() code? I know it's possible to force download with HEADER(), but can you do the same for printing? I'm looking for something that does the same as the windows.print() function in Javascript. Please advise. Here, take hold of my hand, and repeat after me. PHP is server side, PHP is server side, PHP is server side. Printing is client-side, FYI. So, no. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php