This is the proper behavior for php. its supposed to only send the html down to
the client
bastien
From: [EMAIL PROTECTED]
To: php-general@lists.php.net
Date: Tue, 7 Aug 2007 20:09:51 +0700
Subject: [PHP] Problems in php
Dear Sirs,
I have installed a
I know how you can use cross site scripting if you can steal cookies and do
bad stuff with JS. My question now though is if I have a form, and I post
to myself and just echo the value of that post, is that bad? Nobody else
would see the result of my post so no malicous JS could ever do
Manually aprove forum signups. If people are serious about being a
productive part of your forum they'll wait a few hours or a day to be
confirmed. Otherwise they probably just have a question they're blasting at
every forum they can find, or are spammers. I've never had a problem with
this
Just becasue you create a persistent connection it can still go down,
can't it?
Of course. The connection type doesn't affect the server.
--
Postgresql php tutorials
http://www.designmagick.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
Well, there's Chris Shifflett's book on PHP Security, which is
probably linked somewhere from that site, as he's the lead developer
on that site as well...
I'm not sure I'd go so far as to call it a Bible for PHP Security,
though, as there are simply too many disparate related technologies
with
Are you the only user?
Is it authenticating you to keep all other users out?
If some random 'net user can send POST data, and you just blindly spit
it out, with no filtering and no escaping, then, yes, that is
insecure.
There are all manner of nasty things that can be done to this setup by
On Tue, August 7, 2007 4:39 pm, Stut wrote:
Which brings me back to my earlier question of why would you want to
do
this? I can't think of any reason, but then again it is getting late.
+1
What you are trying to do has been tried many times before, to
disastrous results.
Step back and show
Sancar Saran wrote:
Hello List,
I'm going to add some kind of articles system into my cms.
General aim of this articles system have unlimited branches (or sub
categories), each branch may own editors or writers.
I'm looking for current imlementations of this kind of systems.
Does anyone
On Tue, August 7, 2007 4:46 pm, Jim Lucas wrote:
Are all domains that use ccTLD's created/formatted like other not
ccTLD's just with the .uk or
whatever tagged on the end?
No.
Every ccTLD country is free to sub-divide as the government of that
country sees fit, so long as the sub-divisions
On Tue, August 7, 2007 6:21 pm, Stut wrote:
Kevin Waterson wrote:
I would like to prevent registration of emails from certain domains
that
abuse a forum. eg: foo.uy7f564d8d6d.com
These domains are registered by the thousands by spammers and
because they
use dyndns it is impossible to use an
On Tue, August 7, 2007 3:58 am, [EMAIL PROTECTED] wrote:
Just becasue you create a persistent connection it can still go down,
can't it? So therefore using mysql_ping inside of scripts with plenty
of idle time is useful?
It can still go down, for sure.
Using mysql_ping to see if it's still up
On Tue, August 7, 2007 12:37 am, Alain Roger wrote:
I would like to know the best and fastest way how to import some
colums
contents from Excel file to PostgreSQL database.
how can i do that ?
I mean some columns of Excel should be imported into a particular
table and
some others into
$tempobject *SHOULD* have been an object.
Did you spell it right?
Was $myobject an object in the first place?
Start using var_dump() on all your data and see what's happening.
On Tue, August 7, 2007 4:09 am, Sándor Tamás (GMail) wrote:
I forgot to tell you that I have to use PHP4.2 because of
On Mon, August 6, 2007 4:13 pm, Børge Holen wrote:
I'm building an web interface for my music collection.
What I would like is some opinions on what to choose pro/cons:
The first choice I took was to stream music directly to a player, i.e.
I
construct and export an m3u with php and open
On Tue, August 7, 2007 3:20 am, Colin Guthrie wrote:
Børge Holen wrote:
On Monday 06 August 2007 23:39, Colin Guthrie wrote:
Børge Holen wrote:
I'm building an web interface for my music collection.
I'd have a quick look at mp3act. It does pretty much what you want
I think.
yes, but
On Mon, August 6, 2007 4:22 pm, Hamza Saglam wrote:
I think I have a rough understanding of the whole process so I should
start
coding :)
Many thanks to everyone for your suggestions.
You may also want to look at how Drupal is doing it, as they seem to
be bragging about their plugin
On Mon, August 6, 2007 2:22 pm, Dan wrote:
Has anyone had to save the insance of a class which had a properties
which
were pointers? I have a really simple class. Just a few functions
and a
couple properties variables. But now I need to be able to save the
class
to a file. Of course
On Mon, August 6, 2007 6:52 am, OOzy Pal wrote:
How can I check an inputed date if it is a valid date and if it is in
the form of a timestamp or regular date such as (22-07-2007 or
22/07/2007)
Use the cool new filter extension to PHP or use PCRE.
http://php.net/filter
http://php.net/pcre
On Mon, August 6, 2007 4:41 am, debussy007 wrote:
I am new to PHP and need some help for error handling.
I read in the docs that i can handle the errors this way in my PhP:
set_error_handler('errorHandler');
function errorHandler($errnum,$errmsg,$file,$lineno){
[...]
}
But does that
On Mon, August 6, 2007 4:14 am, Payne wrote:
Does anyone know way to passthru man pages so they don't show the
ascii
formating?
The man command itself has a man page which describes how to format
the output to your liking, with or without all kinds of formatting.
man man
--
Some people have
On Sun, August 5, 2007 6:16 am, tedd wrote:
I have a client who wants to include html tags in his CMS.
I know that I can limit what tags he can use, but how can I check if
the text is well formed with the tags permitted before storing it in
his CMS?
http://php.net/tidy
--
Some people have
On Sun, August 5, 2007 1:37 am, Mike wrote:
Hey. My server is running PHP 4(Not actually my server so I don't know
the exact version) and I'm having trouble with getting an image from a
PHP file.
Use ?php phpinfo();? to find out exactly what you've got.
The problem is that originally this
On Sat, August 4, 2007 11:48 pm, php mail wrote:
How do I prior check file's size in server side before the upload
process
begin ?
You don't.
I don't think you can even do that with JavaScript, but if it can be
done at all, it's gonna be with JS.
--
Some people have a gift link here.
Know
On Fri, August 3, 2007 10:47 am, WyleySam wrote:
Exactly where does one go to download PHP 521, not 523, not 522 but
521???
Every link I clicked on at http://www.php.net/ took me to 523, which I
don't
want.
Did you try the links on this page:
http://www.php.net/releases/
--
Some people
On Fri, August 3, 2007 8:39 am, Jay Blanchard wrote:
One of my developers saw the following article;
http://arstechnica.com/news.ars/post/20070802-security-experts-warn-deve
lopers-about-the-risks-of-premature-ajax-ulation.html
How are you securing Ajax? I know that for the most part we send
On 8/7/07, Richard Lynch [EMAIL PROTECTED] wrote:
On Mon, August 6, 2007 4:22 pm, Hamza Saglam wrote:
I think I have a rough understanding of the whole process so I should
start
coding :)
Many thanks to everyone for your suggestions.
You may also want to look at how Drupal is doing
On Fri, August 3, 2007 6:34 am, Richard Heyes wrote:
I reword my last post.
I want to take the result and generate the field info to the screen
e.g
Well, if you're using MySQL you could use either DESC table; or
SHOW CREATE But you can't really generate the schema from a
result set.
just an fyi for the list. filtering input and escaping output are topics on
the
zend certification exam.
-nathan
On 8/7/07, Richard Lynch [EMAIL PROTECTED] wrote:
Are you the only user?
Is it authenticating you to keep all other users out?
If some random 'net user can send POST data, and
On Fri, August 3, 2007 1:38 am, Ralph Kutschera wrote:
I'm working on a project, where we distinguish between functions
and
actions in design, although in PHP both are implemented as
functions.
Is there a chance that PHP can use the word action as function?
E.g.:
public function
On Thu, August 2, 2007 8:12 pm, Kelvin Park wrote:
I just couldn't find it anywhere, google or yahoo. I know how to make
first, previous, last, and next links for php/mysql pagination. How do
you list page numbers in the middle, between previous and next? (ex.
first previous | 1 2 3 4 5 |
Add another page asking the user to CONFIRM the amount that you think
you got.
On Thu, August 2, 2007 3:07 pm, Dan Shirah wrote:
Greetins all,
In my form I have an area where the user enters in the payment amount:
input type=Text value= size=20 maxlength=16
name=payment_amount
This is all
On Thu, August 2, 2007 1:49 pm, Ken Tozier wrote:
I have a script that needs to get ad information from two different
sources, a primary and fallback. The primary source is a high traffic
(and poorly designed/unpartitioned MSSQL database) with millions of
records that gets locked up when
On 8/7/07, Richard Lynch [EMAIL PROTECTED] wrote:
On Tue, August 7, 2007 5:08 pm, Daniel Brown wrote:
It's actually not so much for echo'ing as it is for processing the
data in another manner that makes it dangerous not to do some
sanitizing and checking such as database
On Thu, August 2, 2007 9:43 am, Don Don wrote:
hi all, am trying to cut some texts from a serries of string values
e.g.
this is how we do (50 cents feat. the game)
give it to me (nelly feat timerland)
let me hold you (bow wow feat omarion)
i want to cut off the text between the comas and
D'oh!
The solution is so simple and clean that it almost hurts. I didn't see it in
the first approach!
There is a way to go all this, without using file() or file_get_contents()!
Cuz this would require to use a URL wrapper to retrieve compiled code, which
would cost overhead on the local
On Wed, August 1, 2007 10:05 pm, Jack Bates wrote:
I'm trying to pull all the components out of strings structured like:
word followed by any number of ( dot word or square bracketed string )
This is an example: foo.bar[ab.cd].baz
From the above example, I want: array('foo', 'bar', 'ab.cd',
On Thu, August 2, 2007 10:48 am, Ben Ramsey wrote:
On 8/2/07 11:45 AM, Tijnema wrote:
On 8/2/07, Ben Ramsey [EMAIL PROTECTED] wrote:
So, what are we doing wrong with chmod() that is causing us to get
the
wrong results? Keep in mind that we are running the PHP script as
the
same user who
On Wed, August 1, 2007 5:00 pm, Michael Preslar wrote:
I know it has to do with date='`date +%Y%m%d`', because if I remove
it
works.
Are you trying to use perl's back tic operator in php here?
Close.
He's trying to use the shell's back tick operator in MySQL.
I think.
It would actually
On Wed, August 1, 2007 3:27 pm, Jay Blanchard wrote:
[snip]
$first = '.addslashes($_POST['firstname']).';
$last = '.addslashes($_POST['lastname']).';
$email = '.addslashes($_POST['email']).';
$address = '.addslashes($_POST['address']).';
$city =
You added or lost a parenthesis somewhere in there...
if (getmxrr($domaintld,$mxrecords))
That part right there finishes off the if (test) part.
Then you've got starting off the statement where you are sort of
supposed to be doing something more like $valid = true; or have { }
On Wed, August
You could also consider:
http://www.php.net/manual/en/function.imap-rfc822-parse-adrlist.php
Assuming that the PHP/IMAP Developers who wrote that function actually
know what they are doing and did the regex right... :-)
This saves trying to send out a billion confirmation emails to totally
bogus
On Wed, August 1, 2007 11:52 am, Mark Summers wrote:
This sort of thing really isn't helpful...
?php
$a = 75.82 * 100;
echo intval($a);
?
What did you get?
What did you expect?
Do you have ANY idea how floats are actually represented internally in
every computer language? [*]
If you
On Wed, August 1, 2007 7:49 am, Jason Pruim wrote:
I have a php script that I am attempting to run from the CLI to
connect to a MySQL database and update a field. but when I run it
with this command: php cronjob.php it prints out the script on screen
but doesn't process it...
Running:
On Wed, August 1, 2007 1:23 am, Patrik Hasibuan wrote:
This sql string produces proper output in my MySQL-Query:
select image_src from products where product_id='10';
the output is:
gambarproduk/0/10/1.jpg
But my php code does not produce anything.
Please tell me what is my mistake.
===
Whatever made you think mysql_error() wasn't working, that was wrong.
Because mysql_error() works just fine.
On Wed, August 1, 2007 1:09 am, Patrik Hasibuan wrote:
Dear my friends
What is the substitute of mysql_error() ?
This line of my code does not work anymore:
On Wed, August 1, 2007 6:18 am, Christian Hänsel wrote:
this might be a noob- question, but I simply do not care anymore.
After a
few hours of fiddling with this @/**%$ (screaming AAa), I
would
like to ask you.
So what I have is this: I have a search engine for a car market, which
Are there any funky characters or unusual attributes/values in the
31st option -- the one right after the last one that works?
I'm reasonably certain there is no limitation anywhere near 30 in
any RFC for the number of options in a SELECT list.
Though 330 is a lot for a normal user who has NO
Daniel Brown wrote:
On 8/7/07, Richard Lynch [EMAIL PROTECTED] wrote:
On Tue, August 7, 2007 5:08 pm, Daniel Brown wrote:
It's actually not so much for echo'ing as it is for processing the
data in another manner that makes it dangerous not to do some
sanitizing and checking such as
On Tue, August 7, 2007 9:55 pm, Daniel Brown wrote:
On 8/7/07, Richard Lynch [EMAIL PROTECTED] wrote:
On Tue, August 7, 2007 5:08 pm, Daniel Brown wrote:
It's actually not so much for echo'ing as it is for processing
the
data in another manner that makes it dangerous not to do some
On Tue, July 31, 2007 4:54 pm, \Crash\ Dummy wrote:
To answer everyone's curiosity as to why I want to access the
registry, I am
working on my home computer with a dynamic IP, and I need to know what
it is so
I can modify my httpd.conf (or hosts) file, if necessary.
LOL
Take a look at whats
Richard's right. You get the same result if you do the equivalent in
ASP.
Regards,
Bruce
Richard Lynch [EMAIL PROTECTED] 8/08/2007 3:29:16 p.m.
On Wed, August 1, 2007 11:52 am, Mark Summers wrote:
This sort of thing really isn't helpful...
?php
$a = 75.82 * 100;
echo intval($a);
?
On Tue, July 31, 2007 12:32 pm, blackwater dev wrote:
I have an excel file that I am generating. If I copy over the
generated
file and then open it in excel, it works fine, if I try to let the
user
download it using the headers below, when I then open it excel
complains
that it is an
On Tue, July 31, 2007 11:06 am, Instruct ICC wrote:
What is $value and what is this supposed to do:
case'integer':
$value
+= 0;
This is a silly hack in
On Tue, July 31, 2007 9:28 am, KVIGOR wrote:
If magic quotes is on and I dont have access to the php.ini.
Is there any way I can strip quotes from the form field with out using
AJAX?
Best: Use .htaccess to turn magic_quotes off.
Okay: Use something like if (ini_get('magic_quotes_gpc')) $data
While I'm sure we all [*] appreciate job postings from enterprising
individuals.
Could those of you who are posting these things please be considerate
and have the subject contain:
[Job]
and, if it's not tele-commute, a LOCATION such as:
[Job] Senior PHP Role (London, England)
Thousands of
On Tue, 2007-08-07 at 23:28 -0500, Richard Lynch wrote:
On Tue, July 31, 2007 11:06 am, Instruct ICC wrote:
What is $value and what is this supposed to do:
case'integer':
On Tue, July 31, 2007 8:40 am, Eric Butera wrote:
On 7/31/07, Nathan Nobbe [EMAIL PROTECTED] wrote:
i
feel sorry for Richard; if youd ever seen a successful
implementation of
design patterns in the wild
well you would probly feel like i do... gotta have em :)
This post is a result of
On Tue, July 31, 2007 8:27 am, Carlton Whitehead wrote:
I have an array like this:
$chance = array(lowercase = 27, uppercase = 62, integer =
46);
The values for each of the keys are randomly generated. I want to find
the key name of the one which has the highest value. Currently, I'm
doing
On Tue, 2007-08-07 at 23:44 -0500, Richard Lynch wrote:
I'm not trying to be a jerk or pick a fight here, but am suggesting
list members think about this before they post. Especially that whole
PHP-Editors thread, which always consists of one person from each camp
posting their favorite
On Tue, July 31, 2007 6:10 am, Hulf wrote:
for ($value = 0; $value = 2000; $value += 100) {
echo option value=\$value\ if ($min_rent==$value) {echo
selected=selected } $value/option;
You could slap a ?: tertiary operator in there:
echo option value=\$value\, ($min_rent==$value ?
On Tue, July 31, 2007 3:27 am, Christian Hänsel wrote:
this is not generally a PHP question, but either way I'm gonna ask :oP
Does any of you know a decent Blooging Portal software? Of course, it
should
be OpenSource ;o) What I wanna do is: I want to give people the
ability to
create their
On Tuesday 07 August 2007, Dan wrote:
I know how you can use cross site scripting if you can steal cookies and do
bad stuff with JS. My question now though is if I have a form, and I post
to myself and just echo the value of that post, is that bad? Nobody else
would see the result of my post
101 - 162 of 162 matches
Mail list logo
