Re: [PHP] Doubt regarding session_destroy() in PHP 5

2009-07-23 Thread Lupus Michaelis 

Ashley Sheridan a écrit :

But *how* does it offer more security? You've not actually mentioned
that!


  Because you need database slice access to manage the session, and not 
only file access in /tmp/ (where sessions belongs, by default). So now 
the problem is : and what about the configuration file that lies in my 
filesystem ? :D


--
Mickaël Wolff aka Lupus Michaelis
http://lupusmic.org

Seeking for a position 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Doubt regarding session_destroy() in PHP 5

2009-07-22 Thread Shawn McKenzie 
Andrew Ballard wrote:
> On Wed, Jul 22, 2009 at 9:59 AM, Robert Cummings wrote:
>> A custom session handler that writes to files could easily encrypt session
>> data so that only the user with the correct session ID can decrypt it. I
>> think you're confusing the issue by claiming database sessions are more
>> secure when what you really mean is that custom sessions are more secure
>> than the default session system.
>>
> 
> What would you use for the encryption key? (I'm not saying you're
> wrong here; I'm just not sure I see it.) If the key is the same for
> all requests, then it is no more secure than if they were unencrypted,
> other than not being able to read the contents in a text editor. If it
> is based on the session_id, you can get that from the file name.
> That's a little more secure, but not much. A value stored in $_SESSION
> is out, for obvious reasons. I guess you could store the key in
> $_COOKIE or even a use a combination of (or hash derived from)
> session_id() and another value stored in $_COOKIE as the key.
> 
> It seems to me that anything you can do to make file-based sessions
> secure could also be layered into a database approach, making the
> database sessions even that much more secure.
> 
> Andrew

Well, if you're using a custom session handler to encrypt the files,
then you can also determine what the session file names are.  So don't
put the session id in the file name.  Maybe use a secure hash of the
session id for the filename and then use the session id as the
encryption key.


-- 
Thanks!
-Shawn
http://www.spidean.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Doubt regarding session_destroy() in PHP 5

2009-07-22 Thread Andrew Ballard 
On Wed, Jul 22, 2009 at 9:59 AM, Robert Cummings wrote:
> A custom session handler that writes to files could easily encrypt session
> data so that only the user with the correct session ID can decrypt it. I
> think you're confusing the issue by claiming database sessions are more
> secure when what you really mean is that custom sessions are more secure
> than the default session system.
>

What would you use for the encryption key? (I'm not saying you're
wrong here; I'm just not sure I see it.) If the key is the same for
all requests, then it is no more secure than if they were unencrypted,
other than not being able to read the contents in a text editor. If it
is based on the session_id, you can get that from the file name.
That's a little more secure, but not much. A value stored in $_SESSION
is out, for obvious reasons. I guess you could store the key in
$_COOKIE or even a use a combination of (or hash derived from)
session_id() and another value stored in $_COOKIE as the key.

It seems to me that anything you can do to make file-based sessions
secure could also be layered into a database approach, making the
database sessions even that much more secure.

Andrew

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Doubt regarding session_destroy() in PHP 5

2009-07-22 Thread Robert Cummings 

Floyd Resler wrote:
The nice thing about the database, though, is that you can specify  
which MySQL user has access to the sessions table.  That way you can  
really lock it down by giving access to only INSERT, SELECT, UPDATE,  
and DELETE just for that table.


Thanks!
Floyd

On Jul 22, 2009, at 9:36 AM, Andrew Ballard wrote:


On Wed, Jul 22, 2009 at 8:36 AM, Ashley
Sheridan wrote:

But *how* does it offer more security? You've not actually mentioned
that!


One way would be to encapsulate data access in stored procedures and
deny direct table access on the session data. That way, even though
the PHP account has access to the database where all sessions are
stored, it can only call a ReadSession procedure that requires the
session_id() as a parameter. That way, PHP would have to know the ID
of the session and could not simply SELECT * FROM sessions.

However, I haven't found many examples that use stored procedures.
Most just use regular INSERT/SELECT/UPDATE/DELETE statements, which
means that the PHP user has full access to the entire table. In that
case, it's no more trivial to scan the session table than it is to
scan the session save path looking for interesting stuff.


A custom session handler that writes to files could easily encrypt 
session data so that only the user with the correct session ID can 
decrypt it. I think you're confusing the issue by claiming database 
sessions are more secure when what you really mean is that custom 
sessions are more secure than the default session system.


Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Doubt regarding session_destroy() in PHP 5

2009-07-22 Thread Floyd Resler 
The nice thing about the database, though, is that you can specify  
which MySQL user has access to the sessions table.  That way you can  
really lock it down by giving access to only INSERT, SELECT, UPDATE,  
and DELETE just for that table.


Thanks!
Floyd

On Jul 22, 2009, at 9:36 AM, Andrew Ballard wrote:


On Wed, Jul 22, 2009 at 8:36 AM, Ashley
Sheridan wrote:

But *how* does it offer more security? You've not actually mentioned
that!



One way would be to encapsulate data access in stored procedures and
deny direct table access on the session data. That way, even though
the PHP account has access to the database where all sessions are
stored, it can only call a ReadSession procedure that requires the
session_id() as a parameter. That way, PHP would have to know the ID
of the session and could not simply SELECT * FROM sessions.

However, I haven't found many examples that use stored procedures.
Most just use regular INSERT/SELECT/UPDATE/DELETE statements, which
means that the PHP user has full access to the entire table. In that
case, it's no more trivial to scan the session table than it is to
scan the session save path looking for interesting stuff.

Andrew




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Doubt regarding session_destroy() in PHP 5

2009-07-22 Thread Andrew Ballard 
On Wed, Jul 22, 2009 at 8:36 AM, Ashley
Sheridan wrote:
> But *how* does it offer more security? You've not actually mentioned
> that!
>

One way would be to encapsulate data access in stored procedures and
deny direct table access on the session data. That way, even though
the PHP account has access to the database where all sessions are
stored, it can only call a ReadSession procedure that requires the
session_id() as a parameter. That way, PHP would have to know the ID
of the session and could not simply SELECT * FROM sessions.

However, I haven't found many examples that use stored procedures.
Most just use regular INSERT/SELECT/UPDATE/DELETE statements, which
means that the PHP user has full access to the entire table. In that
case, it's no more trivial to scan the session table than it is to
scan the session save path looking for interesting stuff.

Andrew

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Doubt regarding session_destroy() in PHP 5

2009-07-22 Thread Floyd Resler 
With proper permissions I'm not sure that it's any more secure but it  
certainly is a whole lot more scalable.  And it is very easy to set  
up.  A web search will yield a lot of examples of using a database.  I  
use a PHP class which I really like.


Take care,
Floyd

On Jul 22, 2009, at 8:36 AM, Ashley Sheridan wrote:


On Wed, 2009-07-22 at 08:32 -0400, Floyd Resler wrote:

You can do so much more with storing sessions in a database.  For
example, I can determine which of my users is currently on by looking
in the sessions table.  Not only does using a database for sessions
offer more security, it also offers more flexibility.

Take care,
Floyd

On Jul 22, 2009, at 5:13 AM, Ashley Sheridan wrote:


On Wed, 2009-07-22 at 16:07 +0700, Lenin wrote:

On Wed, Jul 22, 2009 at 2:46 PM, Ashley Sheridan
wrote:


On Wed, 2009-07-22 at 03:45 +0700, Lenin wrote:







As Floyd suggested keeping your sessions in the DB will give you
better
session management and security as well.


Why would putting the session data in a database offer more
security?
I'm not meaning to try and poke holes in your idea, I genuinely
don't
know the answer!

*Storing Session Data In A Database

*When you use on-disk files to store session data, those files must
be
readable and writeable by PHP. On a multi-user hosting system, it  
is

possible for other users to access your session data through the
PHP process
(but see the commentary on open_basedir in part 5 of this series.
The best
way to secure your session data is to store it in a database.

source: http://www.acunetix.com/websitesecurity/php-security-6.htm

I have also studied Zend Certification Study guide by Davey Shafik
and Ben
Ramsey who said similar things in the book.


Lenin

http://twitter.com/nine_L


And is the database not readable and writeable by PHP? Just seems  
that

this sort of thing could be properly sorted by the right permissions
level on the file, as I assume you'd be protecting the database in a
similar manner by locking down that to specific users, and  
determining

what they could and couldn't do.

Thanks
Ash
www.ashleysheridan.co.uk





But *how* does it offer more security? You've not actually mentioned
that!

Thanks
Ash
www.ashleysheridan.co.uk





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Doubt regarding session_destroy() in PHP 5

2009-07-22 Thread Ashley Sheridan 
On Wed, 2009-07-22 at 08:32 -0400, Floyd Resler wrote:
> You can do so much more with storing sessions in a database.  For  
> example, I can determine which of my users is currently on by looking  
> in the sessions table.  Not only does using a database for sessions  
> offer more security, it also offers more flexibility.
> 
> Take care,
> Floyd
> 
> On Jul 22, 2009, at 5:13 AM, Ashley Sheridan wrote:
> 
> > On Wed, 2009-07-22 at 16:07 +0700, Lenin wrote:
> >> On Wed, Jul 22, 2009 at 2:46 PM, Ashley Sheridan
> >> wrote:
> >>
> >>> On Wed, 2009-07-22 at 03:45 +0700, Lenin wrote:
> >>>
> >>
> >>
> >
>  As Floyd suggested keeping your sessions in the DB will give you  
>  better
>  session management and security as well.
> >>>
> >>> Why would putting the session data in a database offer more  
> >>> security?
> >>> I'm not meaning to try and poke holes in your idea, I genuinely  
> >>> don't
> >>> know the answer!
> >>>
> >>> *Storing Session Data In A Database
> >> *When you use on-disk files to store session data, those files must  
> >> be
> >> readable and writeable by PHP. On a multi-user hosting system, it is
> >> possible for other users to access your session data through the  
> >> PHP process
> >> (but see the commentary on open_basedir in part 5 of this series.  
> >> The best
> >> way to secure your session data is to store it in a database.
> >>
> >> source: http://www.acunetix.com/websitesecurity/php-security-6.htm
> >>
> >> I have also studied Zend Certification Study guide by Davey Shafik  
> >> and Ben
> >> Ramsey who said similar things in the book.
> >>
> >>
> >> Lenin
> >>
> >> http://twitter.com/nine_L
> >
> > And is the database not readable and writeable by PHP? Just seems that
> > this sort of thing could be properly sorted by the right permissions
> > level on the file, as I assume you'd be protecting the database in a
> > similar manner by locking down that to specific users, and determining
> > what they could and couldn't do.
> >
> > Thanks
> > Ash
> > www.ashleysheridan.co.uk
> >
> >
> 
But *how* does it offer more security? You've not actually mentioned
that!

Thanks
Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Doubt regarding session_destroy() in PHP 5

2009-07-22 Thread Floyd Resler 
You can do so much more with storing sessions in a database.  For  
example, I can determine which of my users is currently on by looking  
in the sessions table.  Not only does using a database for sessions  
offer more security, it also offers more flexibility.


Take care,
Floyd

On Jul 22, 2009, at 5:13 AM, Ashley Sheridan wrote:


On Wed, 2009-07-22 at 16:07 +0700, Lenin wrote:

On Wed, Jul 22, 2009 at 2:46 PM, Ashley Sheridan
wrote:


On Wed, 2009-07-22 at 03:45 +0700, Lenin wrote:






As Floyd suggested keeping your sessions in the DB will give you  
better

session management and security as well.


Why would putting the session data in a database offer more  
security?
I'm not meaning to try and poke holes in your idea, I genuinely  
don't

know the answer!

*Storing Session Data In A Database
*When you use on-disk files to store session data, those files must  
be

readable and writeable by PHP. On a multi-user hosting system, it is
possible for other users to access your session data through the  
PHP process
(but see the commentary on open_basedir in part 5 of this series.  
The best

way to secure your session data is to store it in a database.

source: http://www.acunetix.com/websitesecurity/php-security-6.htm

I have also studied Zend Certification Study guide by Davey Shafik  
and Ben

Ramsey who said similar things in the book.


Lenin

http://twitter.com/nine_L


And is the database not readable and writeable by PHP? Just seems that
this sort of thing could be properly sorted by the right permissions
level on the file, as I assume you'd be protecting the database in a
similar manner by locking down that to specific users, and determining
what they could and couldn't do.

Thanks
Ash
www.ashleysheridan.co.uk





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Doubt regarding session_destroy() in PHP 5

2009-07-22 Thread Ashley Sheridan 
On Wed, 2009-07-22 at 16:07 +0700, Lenin wrote:
> On Wed, Jul 22, 2009 at 2:46 PM, Ashley Sheridan
> wrote:
> 
> > On Wed, 2009-07-22 at 03:45 +0700, Lenin wrote:
> >
> 
> 
> > > >
> > > As Floyd suggested keeping your sessions in the DB will give you better
> > > session management and security as well.
> >
> > Why would putting the session data in a database offer more security?
> > I'm not meaning to try and poke holes in your idea, I genuinely don't
> > know the answer!
> >
> > *Storing Session Data In A Database
> *When you use on-disk files to store session data, those files must be
> readable and writeable by PHP. On a multi-user hosting system, it is
> possible for other users to access your session data through the PHP process
> (but see the commentary on open_basedir in part 5 of this series. The best
> way to secure your session data is to store it in a database.
> 
> source: http://www.acunetix.com/websitesecurity/php-security-6.htm
> 
> I have also studied Zend Certification Study guide by Davey Shafik and Ben
> Ramsey who said similar things in the book.
> 
> 
> Lenin
> 
> http://twitter.com/nine_L

And is the database not readable and writeable by PHP? Just seems that
this sort of thing could be properly sorted by the right permissions
level on the file, as I assume you'd be protecting the database in a
similar manner by locking down that to specific users, and determining
what they could and couldn't do.

Thanks
Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Doubt regarding session_destroy() in PHP 5

2009-07-22 Thread Lenin 
On Wed, Jul 22, 2009 at 2:46 PM, Ashley Sheridan
wrote:

> On Wed, 2009-07-22 at 03:45 +0700, Lenin wrote:
>


> > >
> > As Floyd suggested keeping your sessions in the DB will give you better
> > session management and security as well.
>
> Why would putting the session data in a database offer more security?
> I'm not meaning to try and poke holes in your idea, I genuinely don't
> know the answer!
>
> *Storing Session Data In A Database
*When you use on-disk files to store session data, those files must be
readable and writeable by PHP. On a multi-user hosting system, it is
possible for other users to access your session data through the PHP process
(but see the commentary on open_basedir in part 5 of this series. The best
way to secure your session data is to store it in a database.

source: http://www.acunetix.com/websitesecurity/php-security-6.htm

I have also studied Zend Certification Study guide by Davey Shafik and Ben
Ramsey who said similar things in the book.


Lenin

http://twitter.com/nine_L

Re: [PHP] Doubt regarding session_destroy() in PHP 5

2009-07-22 Thread Ashley Sheridan 
On Wed, 2009-07-22 at 03:45 +0700, Lenin wrote:
> On Wed, Jul 22, 2009 at 3:24 AM, L.Guruprasad  wrote:
> 
> > Hi,
> > Floyd Resler wrote:
> >
> >> Keep in mind that sessions are based on the domain.  I've run into
> >> situations where someone will be working in several different sites that we
> >> host.  Each site is accessed via http://domain/site.  Each site has it's
> >> own database, users, etc.  However, because they all hang off the same
> >> domain, they get one session.  That can really mess things up for the users
> >> as they go from site to site.  I got around this by using MySQL-based
> >> sessions.  It keeps things nice and separated.
> >>
> >> Take care,
> >> Floyd
> >>
> >
> > Will this be causing issues when http://1.a.b and http://2.a.b are the two
> > PHP sites running on the same web server using virtualhosts?
> >
> As Floyd suggested keeping your sessions in the DB will give you better
> session management and security as well.

Why would putting the session data in a database offer more security?
I'm not meaning to try and poke holes in your idea, I genuinely don't
know the answer!

Thanks
Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Doubt regarding session_destroy() in PHP 5

2009-07-21 Thread Lenin 
On Wed, Jul 22, 2009 at 3:24 AM, L.Guruprasad  wrote:

> Hi,
> Floyd Resler wrote:
>
>> Keep in mind that sessions are based on the domain.  I've run into
>> situations where someone will be working in several different sites that we
>> host.  Each site is accessed via http://domain/site.  Each site has it's
>> own database, users, etc.  However, because they all hang off the same
>> domain, they get one session.  That can really mess things up for the users
>> as they go from site to site.  I got around this by using MySQL-based
>> sessions.  It keeps things nice and separated.
>>
>> Take care,
>> Floyd
>>
>
> Will this be causing issues when http://1.a.b and http://2.a.b are the two
> PHP sites running on the same web server using virtualhosts?
>
As Floyd suggested keeping your sessions in the DB will give you better
session management and security as well.

Re: [PHP] Doubt regarding session_destroy() in PHP 5

2009-07-21 Thread Devendra Jadhav 
By default sub-domains do not share sessions but you can make them to share
the session

On Wed, Jul 22, 2009 at 1:54 AM, L.Guruprasad  wrote:

> Hi,
> Floyd Resler wrote:
>
>> Keep in mind that sessions are based on the domain.  I've run into
>> situations where someone will be working in several different sites that we
>> host.  Each site is accessed via http://domain/site.  Each site has it's
>> own database, users, etc.  However, because they all hang off the same
>> domain, they get one session.  That can really mess things up for the users
>> as they go from site to site.  I got around this by using MySQL-based
>> sessions.  It keeps things nice and separated.
>>
>> Take care,
>> Floyd
>>
>
> Will this be causing issues when http://1.a.b and http://2.a.b are the two
> PHP sites running on the same web server using virtualhosts?
>
> Regards,
> Guruprasad
>



-- 
Devendra Jadhav

Re: [PHP] Doubt regarding session_destroy() in PHP 5

2009-07-21 Thread L.Guruprasad 

Hi,
Floyd Resler wrote:
Keep in mind that sessions are based on the domain.  I've run into 
situations where someone will be working in several different sites that 
we host.  Each site is accessed via http://domain/site.  Each site has 
it's own database, users, etc.  However, because they all hang off the 
same domain, they get one session.  That can really mess things up for 
the users as they go from site to site.  I got around this by using 
MySQL-based sessions.  It keeps things nice and separated.


Take care,
Floyd


Will this be causing issues when http://1.a.b and http://2.a.b are the 
two PHP sites running on the same web server using virtualhosts?


Regards,
Guruprasad

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Doubt regarding session_destroy() in PHP 5

2009-07-21 Thread Floyd Resler 
Keep in mind that sessions are based on the domain.  I've run into  
situations where someone will be working in several different sites  
that we host.  Each site is accessed via http://domain/site.  Each  
site has it's own database, users, etc.  However, because they all  
hang off the same domain, they get one session.  That can really mess  
things up for the users as they go from site to site.  I got around  
this by using MySQL-based sessions.  It keeps things nice and separated.


Take care,
Floyd

On Jul 21, 2009, at 4:14 PM, Devendra Jadhav wrote:

Yes. You are right. Session variables are associated with the  
session id so

only that appropriate website's session variables will get destroyed.
You can try it in your local system.

On Wed, Jul 22, 2009 at 12:42 AM, Guruprasad   
wrote:



Hi all,
I have a doubt with creating and destroying sessions in PHP using
session_destroy(). Supposing there is a PHP-based website hosted on  
a web
server. Now I add another site that I developed using PHP on that  
web server
using virtualhost. I destroy a session in my website using  
session_destroy()
which will destroy all the session variables associated with my  
website.


What will happen if I have the other website in another tab with  
similar

session variable names? Will the session variables of that website be
destroyed too? Or will the session variables be associated with the  
session

id so that only the appropriate website's session variables will get
destroyed?

Thanks in advance.

Regards,
Guruprasad

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





--
Devendra Jadhav



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Doubt regarding session_destroy() in PHP 5

2009-07-21 Thread Phpster 



On Jul 21, 2009, at 3:12 PM, Guruprasad  wrote:


Hi all,
I have a doubt with creating and destroying sessions in PHP using  
session_destroy(). Supposing there is a PHP-based website hosted on  
a web server. Now I add another site that I developed using PHP on  
that web server using virtualhost. I destroy a session in my website  
using session_destroy() which will destroy all the session variables  
associated with my website.


What will happen if I have the other website in another tab with  
similar session variable names? Will the session variables of that  
website be destroyed too? Or will the session variables be  
associated with the session id so that only the appropriate  
website's session variables will get destroyed?




Each session has it's own id and therefore each session will just have  
it's own data destroyed





Thanks in advance.

Regards,
Guruprasad

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Bastien

Sent from my iPod


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Doubt regarding session_destroy() in PHP 5

2009-07-21 Thread Devendra Jadhav 
Yes. You are right. Session variables are associated with the session id so
only that appropriate website's session variables will get destroyed.
You can try it in your local system.

On Wed, Jul 22, 2009 at 12:42 AM, Guruprasad  wrote:

> Hi all,
> I have a doubt with creating and destroying sessions in PHP using
> session_destroy(). Supposing there is a PHP-based website hosted on a web
> server. Now I add another site that I developed using PHP on that web server
> using virtualhost. I destroy a session in my website using session_destroy()
> which will destroy all the session variables associated with my website.
>
> What will happen if I have the other website in another tab with similar
> session variable names? Will the session variables of that website be
> destroyed too? Or will the session variables be associated with the session
> id so that only the appropriate website's session variables will get
> destroyed?
>
> Thanks in advance.
>
> Regards,
> Guruprasad
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
Devendra Jadhav

Re: [PHP] doubt - session file size

2006-07-20 Thread tedd 
At 5:58 PM +0200 7/20/06, Jochem Maas wrote:
> >> On Thu, 2006-07-20 at 01:03, suresh kumar wrote:
> >>> Hi,
>maybe there could be a limit to the number of emails the OP is allowed
>to send without ever replying to anyone who offers a possible answer to
>his question. :-)

I think you need to understand the cast system at work here -- he presents 
questions, it's our duty to serve. Maybe in our next life, we'll deserve a 
reply.  :-)

tedd
-- 

http://sperling.com  http://ancientstones.com  http://earthstones.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] doubt - session file size

2006-07-20 Thread Jochem Maas 
Chris wrote:
> Robert Cummings wrote:
>> On Thu, 2006-07-20 at 01:03, suresh kumar wrote:
>>> Hi,
>>> I am having one doubt,i am using session variable for storing details.
>>> but i am afraid if there is around 1 users,wherether session will
>>> be able to store all the  datas of 1 users,as i know  abt session
>>> is that a temporary file will be created in /tmp directory with
>>> session id name,i dont know how much data that the session file will
>>> handle.
>>
>> See your php.ini for setting the path to where you want session files
>> stored. I don't believe there's a limit to the size of your session
>> files, that said, there IS a limit as to how much memory PHP is allowed
>> to consume, and this obviously places an implicit limit on the size of
>> the session files.
> 
> There could also be a limit on the number of files you can have per
> directory..

maybe there could be a limit to the number of emails the OP is allowed
to send without ever replying to anyone who offers a possible answer to
his question. :-)

> 
> Maybe it's better to use your own custom session handler and store
> everything in a database.
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] doubt - session file size

2006-07-19 Thread Chris 

Robert Cummings wrote:

On Thu, 2006-07-20 at 01:03, suresh kumar wrote:

Hi,
I am having one doubt,i am using session variable for storing details.
but i am afraid if there is around 1 users,wherether session will
be able to store all the  datas of 1 users,as i know  abt session
is that a temporary file will be created in /tmp directory with
session id name,i dont know how much data that the session file will
handle.


See your php.ini for setting the path to where you want session files
stored. I don't believe there's a limit to the size of your session
files, that said, there IS a limit as to how much memory PHP is allowed
to consume, and this obviously places an implicit limit on the size of
the session files.


There could also be a limit on the number of files you can have per 
directory..


Maybe it's better to use your own custom session handler and store 
everything in a database.


--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] doubt - session file size

2006-07-19 Thread Robert Cummings 
On Thu, 2006-07-20 at 01:03, suresh kumar wrote:
> Hi,
> I am having one doubt,i am using session variable for storing details.
> but i am afraid if there is around 1 users,wherether session will
> be able to store all the  datas of 1 users,as i know  abt session
> is that a temporary file will be created in /tmp directory with
> session id name,i dont know how much data that the session file will
> handle.

See your php.ini for setting the path to where you want session files
stored. I don't believe there's a limit to the size of your session
files, that said, there IS a limit as to how much memory PHP is allowed
to consume, and this obviously places an implicit limit on the size of
the session files.

Cheers,
Rob.
-- 
..
| InterJinn Application Framework - http://www.interjinn.com |
::
| An application and templating framework for PHP. Boasting  |
| a powerful, scalable system for accessing system services  |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for   |
| creating re-usable components quickly and easily.  |
`'

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] doubt in mail() in php

2006-02-14 Thread Angelo Zanetti 

check your SMTP settings in yout PHP.ini file.

Please dont post the same topic multiple times..

Jochem Maas wrote:


suresh kumar wrote:


this is my code

   if(@mail('[EMAIL PROTECTED]','subject','hai this is
the test','[EMAIL PROTECTED]')):
  print "mail sent succesfully";
   else:
print "mail can send";
endif;
  i dont know whether there is any problem
with my coding or server problem.both from and two
addresses are valid one.



IS THIS EVEN A QUESTION (ANYMORE)?

(I don't recommend leaving it upto the reader to infer the question)

AND WHY CAN'T YOU ASK A QUESTION ONCE?

(you have posted about your 'mail doubt' at least once
already today!)



   A.suresh





   
__ Yahoo! 
India Matrimony: Find your partner now. Go to http://yahoo.shaadi.com






--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] doubt in mail() in php

2006-02-13 Thread Jochem Maas 


suresh kumar wrote:

this is my code

   if(@mail('[EMAIL PROTECTED]','subject','hai this is
the test','[EMAIL PROTECTED]')):
  print "mail sent succesfully";
   else:
print "mail can send";
endif;
  i dont know whether there is any problem
with my coding or server problem.both from and two
addresses are valid one.


IS THIS EVEN A QUESTION (ANYMORE)?

(I don't recommend leaving it upto the reader to infer the question)

AND WHY CAN'T YOU ASK A QUESTION ONCE?

(you have posted about your 'mail doubt' at least once
already today!)



   A.suresh






__ 
Yahoo! India Matrimony: Find your partner now. Go to http://yahoo.shaadi.com




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] doubt in mail function

2006-02-13 Thread Jochem Maas 

suresh kumar wrote:

hello everybody,
i am having one doubt in  sending mail


the way I read it you don't have a 'doubt' but a 'problem' ...
(an example of the proper use of the word would be:

"I doubt whether you bothered to  research your
 problem at all before mailing your question to this list"


in php.in my company our mail server is in windows,but
my php code for mail function in linux,i set the code
as

if(@mail('[EMAIL PROTECTED]','hi suresh','this is

 ^
  \
   \ do you know what this does? try removing it.


test','From:[EMAIL PROTECTED]')):

both from and to address are valid  but mail
is not receiving to [EMAIL PROTECTED],

  whether i have 2 configure any settings in php.ini,i



it 'to' not '2' (or 'too') - [granted the english language
can be a pain in the butt!]


since version 5.3 php is capable of smelling which mail
server you want to use. if you are using an older version you
have to tell php which mail server to use (default is 'localhost')

oh look it's the manual page for the mail function:

http://php.net/mail

...listing the relevant ini settings right at the top of the
freaking page - the only way you could have missed those is
if you have a 640*480 screen and you don't know what scrolling is
OR you never even bothered to open the manual - at a guess I'd
say you are capable of scrolling a webpage so ...

READ THE F***ING MANUAL IN FUTURE.



am looking for reply from any one.




  A.suresh 





__ 
Yahoo! India Matrimony: Find your partner now. Go to http://yahoo.shaadi.com




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] doubt in mail function

2006-02-13 Thread Paul Scott 
On Mon, 2006-02-13 at 10:05 +, suresh kumar wrote:

> both from and to address are valid  but mail
> is not receiving to [EMAIL PROTECTED],
> 

The PHP mail() function will use sendmail/postfix/etc (your hosts MTA),
if you plan on using a mail relay i.e. an SMTP server to send mail, you
will have to use a SMTP class/script. I know that the PHPMailer script
has a SMTP section, although I have never used it. Check out that
project (I think its http://phpmailer.sourceforge.net) for some help.

--Paul

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] doubt regarding while loop

2006-01-27 Thread David Grant 
Suresh,

suresh kumar wrote:
> hi,
>for eg 
>   
> while(list(t1,t2,...)=mysql_fetch_row($result)):
> endwhile;

You could start with list($t1, $t2, ...) instead.  Personally, I'd done
it without assuming mysql_fetch_row is returning an array.

Try:

$t1 = "";
$t2 = "";
while ($row = mysql_fetch_row($result)) {
list($t1, $t2) = $row;
...
}

echo $t1;

David
-- 
David Grant
http://www.grant.org.uk/

http://pear.php.net/package/File_Ogg0.2.1
http://pear.php.net/package/File_XSPF   0.1.0

WANTED: Junior PHP Developer in Bristol, UK

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: PHP doubt

2002-05-29 Thread Girish Nath 

Hi

Make sure you have an auto_increment field in your table, do the insert
first, then use mysql_insert_id() to get the number of the last which you
can use for the customer number. See the notes at the following page:

http://www.php.net/manual/en/function.mysql-insert-id.php

Regards


Girish
--
www.girishnath.co.uk


"R" <[EMAIL PROTECTED]> wrote in message
000301c20772$9538d0b0$0a6da8c0@lgwezec83s94bn">news:000301c20772$9538d0b0$0a6da8c0@lgwezec83s94bn...
> Hey guys,
>
> I have written a program and being a newbie I dont know if this is good or
> will give me problems in the future, so will appreciate it if you could
just
> have a look at the function and give me your "esteemed opinion" ;-)
> This is just a snip from the program...its pretty easy so your guru's
should
> have no problem figuring it out.
>
>
> // connected to the database successfully and running this query:
> {
> mysql_query.etc
> $r=select max(cno)+1 from customer;
> insert into customer values($r,'$name');
> }
> print("Your customer number is: $r");
>
> what do you think? And will this return the correct values if 2 people
> submitted the form at the same time?
>
>
> Cheers,
> -Ryan.
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] doubt...

2002-05-01 Thread Jon Haworth 

Hi,

> When i'm using the declare construct i'm getting 
> an error "Cannot open the site. The connection 
> with the server was reset". Culd u please help me in this...

Show us some code!

Cheers
Jon


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] doubt regarding mysql & php

2001-07-28 Thread Werner Stuerenburg 

Line 29:

$sql2="UPDATE inventory SET inv_status="assigned" where inv_tag='$inv_tag' ";

will give a php error - it should read either

$sql2="UPDATE inventory SET inv_status='assigned' where inv_tag='$inv_tag' ";

or

$sql2="UPDATE inventory SET inv_status=\"assigned\" where inv_tag='$inv_tag' ";

to be syntactically correct in php.


Balaji Ankem schrieb am Samstag, 28. Juli 2001, 10:41:21:

> Hi dearest friend,
> can we update the same row immediately after selection.

> please see the following code at line number 29 it is giving error.

> code
> 

>// Connect to MySQL

>  $connection = mysql_connect( 'localhost', 'balaji', 'pingpong' )
>  or die ( 'Unable to connect to server.' );

>  // Select database on MySQL server

>  mysql_select_db( 'imac' )
>  or die ( 'Unable to select database.' );

>  // Formulate the query (inv_tag will come by post method

>  $sql1 = "SELECT * FROM inventory WHERE inv_tag = '$inv_tag'";

>  // Execute the query and put results in $result

>  $result1 = mysql_query( $sql1 )
>  or die ( 'Unable to select the data from inventory.' );


>  if ( $result1 )
>  {

> //change the status of the inventory item in inventory table

> $sql2="UPDATE inventory SET inv_status="assigned" where inv_tag='$inv_tag' 
>";  // This is line number 29.

> $result2 = mysql_query( $sql2 )
>or die ( 'Unable to execute query for upadation of inventory 
>table.' );

>   $sql3 = "insert into status 
>values('$inv_name','$inv_type','$inv_tag','$issued_to','$issued_by','$issue_date')";

>  $result3 = mysql_query( $sql3 )
>or die ( 'Unable to execute query for insertion in to status 
>table.' );


>   }

>  else
>  {

>  // header( 'WWW-Authenticate: Basic realm="Private"' );
>  // header( 'HTTP/1.0 401 Unauthorized' );
>   echo '$inv_tag does not exist';
>   exit;

>}


>   ?>


> please inform if any errors.

> Thanks in advance.

> Regards
> -Balaji


-- 
Herzlich
Werner Stuerenburg

_
ISIS Verlag, Teut 3, D-32683 Barntrup-Alverdissen
Tel 0(049) 5224-997 407 · Fax 0(049) 5224-997 409
http://pferdezeitung.de



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] doubt regarding mysql & php

2001-07-28 Thread Simon Robson 

At 14:11 28/07/01 +0530, Balaji Ankem wrote:
> $sql2="UPDATE inventory SET inv_status="assigned" where 
> inv_tag='$inv_tag' ";  // This is line number 29.

Try: inv_status='assigned' -- use single quotes, not double.

HTH,

Simon



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] doubt in ob_*() functions

2001-04-05 Thread Aaron Tuller 

umm, no, you assigned $string to the output and you flushed it and 
you echoed $string.  maybe you mean ob_end_clean()?

-aaron

At 12:22 AM -0300 4/6/01, Christian Dechery wrote:
>take a look at this small code:
>
>ob_start();
>echo "something";
>echo "something else";
>$string=ob_get_contents();
>ob_end_flush();
>
>echo $string."";
>
>shouldn't this be the output?
>
>something
>something else
>
>so why it outputs this?
>
>something
>something else
>something
>something else
>
>. Christian Dechery (lemming)
>. http://www.tanamesa.com.br
>. Gaita-L Owner / Web Developer
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]