I need to rebuild PHP on a Linux box (RHEL). It has been built there
before but I cannot locate the proper command line for configure --
config.status is no longer accurate as configure was run with no
arguments. Is the old configure command line saved in a log somewhere?
If not is there a
On 8 Nov 2005 Minuk Choi wrote:
can you get the output from phpinfo()?
Thanks. I've used phpinfo() many times but never looked at that bit of
the output. It's exactly what I needed.
--
Tom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
On 8 Nov 2005 Richard Lynch wrote:
You should run it from the browser, and from the CLI separately, as
they could be different builds.
I had wondered about that but they are the same build. I was planning
to double-check anyway.
There is also config.nice if it was installed from source.
Building PHP 4.3.4 with Apache 1.3, SAPI and CLI versions (no CGI) ...
Now that I found the config command used for the last build, I rebuilt
PHP (config, make, make install) with one change -- at the end of the
config line I added --enable-dbase.
If I look at the phpinfo() output now, in both
On 8 May 2005 Evert | Rooftop Solutions wrote:
What I really need is a fast lookup mechanism, to 'translate'
statements.
For example:
setOutputType('xhtml');
echo(translate('authorstart'));
the function translate opens xhtml.data, which contains:
authorstart : span class=author
[Note that I changed the thread title to reflect that this isn't really
about templating.]
Yes I thought of this, but in my case a flat file would be better. The
same problem applies though:
[quote]
This is all no problem, except that these lists can be pretty big. And I
wouldn't like to
On 21 Apr 2005 M Saleh EG wrote:
It's simple.
If your system supports it performance wise.
Grab the id and compare it against the md5 version of the id saved in the
cookie.
Actually I think the discussion was about reversing the MD5 to get back
the original message -- not about
On 21 Apr 2005 Greg Donald wrote:
Same thing with MD5, it
is just one way, it can't be reversed.
MD5 collisions were found last year:
http://cryptography.hyperlink.cz/md5/MD5_collisions.pdf
Just a matter of time/cpu power.
I don't think that's right. Collisions allow certain kinds of
It's more like a theoretical hole that may some day prove to be the
first step in a long long long process of understanding something that
might maybe some day yield a way to de-crypt MD5.
That's exactly my point.
It's similar to how a local root exploit sometimes evolves into a
On 21 Apr 2005 Jason Barnett wrote:
Any information that you wouldn't want in the script in plain text, you
probably don't want in the database in clear text. Moreover MD5 is a
one way hash and although it is broken, you probably don't want to spend
the processing time needed to reverse it.
On 17 Apr 2005 W Luke wrote:
I have about 200 records in a table, and I need to update 2 of the
fields. The first is easy, but the second contains a list of keywords
all separated by spaces; I need to replace the spaces with commas. Is
this something I can do with some clever SQL, or shall
On 18 Apr 2005 Proudly Pinoy wrote:
I've read from php.net/setcookie and codecomments.com that using
localhost won't work with cookies and neither are IP addresses. So
how do I test cookies on local system?
Hmmm, this works just fine for me -- I do it all the time. I tend to
do it with a
On 16 Apr 2005 Khorosh Irani wrote:
How I can find it in phpinfo() ?
Another (simpler) approach is:
echo php_sapi_name();
which will return 'cli', 'cgi', etc.
--
Tom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On 16 Apr 2005 Chris Knipe wrote:
I'm not sure if round() is what I am after. I want to round whole numbers
to the closest 10 - thus, not decimals, etc.
Just use a precision of -1. For example round(125, -1) will return
130.
--
Tom
--
PHP General Mailing List (http://www.php.net/)
To
On 16 Apr 2005 Ryan A wrote:
eg: if they pick white I need the heading to be black and vice
versa...any way to do this?
Well it depends what you mean by opposite, but as a starting approach
I would try simply complementing the bits in the RGB value:
$opposite_color = $original_color
Here is a little code that shows the web-safe colors and their
opposites using the algorithm I described in the previous message:
html
head
title Web-safe color 'opposites'
/head
body
?php
# Display color opposites for web colors
$weblist = array('00', '33', '66', '99', 'CC',
On 15 Apr 2005 Tom Rogers wrote:
BD a. Must contain an 1 uppercase letter. [A-Z]
BD b. Must contain 1 digit. [0-9]
BD c. Must be a minimum of 7 characters in length. {7}
BD I'm not sure of how to build the correct syntax for using all 3
BD requirements together.
easier done seperately I
On 13 Apr 2005 Richard Lynch wrote:
I have what I consider a MINIMUM standard level of security for any site
that asks for a password.
That would include:
Not storing the password *ANYWHERE* in clear-text.
Not in database.
Not in $_SESSION
Not in COOKIES
Agreed. I see less risk
On 14 Apr 2005 Chris Shiflett wrote:
When a user enters a credit card number, there may likely be a
verification step before the actual purchase is made. It's better to
keep this number on the server (in the session data store) than to
unnecessarily expose it over the Internet again (SSL
On 11 Apr 2005 Richard Lynch wrote:
Well, just because I'm not sure it is worth the effort. What is the
point of storing a hash code as a proxy (in the colloquial sense of the
word) for an encrypted password if knowing the hash code gets you the
same access as knowing the password?
On 12 Apr 2005 blackwater dev wrote:
$good = joh_';
// Let's check the good e-mail
if (preg_match(/[a-z0-9]/, $good)) {
echo Good;
} else {
echo Bad;
}
This returns Good, why?
That regex matches any string which contains at least one (lowercase)
letter or one number
On 11 Apr 2005 Chris Shiflett wrote:
DO NOT STORE PASSWORDS ON USERS COMPUTER
A couple of people have stated this but I think it is incorrect.
Please refrain from such speculation, because it does nothing to improve
the state of security within our community. This idea of storing
On 9 Apr 2005 Andy Pieters wrote:
It doesn't matter how you encrypt it.
DO NOT STORE PASSWORDS ON USERS COMPUTER
I hope that's clear enough.
A couple of people have stated this but I think it is incorrect. For
one thing the users themselves are very likely to store the password
there,
On 9 Apr 2005 John Nichel wrote:
While it is not absolute that you can't store passwords in a cookie, it
is an absolute that you _shouldn't_
Sorry, I don't agree. There are very few absolute rules in software
development.
For sites accessing sensitive information or that allow spending
On 9 Apr 2005 Jason Wong wrote:
I might, depending on
the needs, store a hash code as others have suggested
Why not in *all* cases?
Well, just because I'm not sure it is worth the effort. What is the
point of storing a hash code as a proxy (in the colloquial sense of the
word) for an
On 9 Apr 2005 Ryan A wrote:
This certainly has turned out to be an interesting discussion.I
usually send the info via sessions...how bad is that?
Well if you are using sessions it is worth thinking about session
security, for example:
On 8 Apr 2005 Chris Bruce wrote:
I need to be able to break out the tax, amount and type that were
entered on each line of a form and then apply calculations and do
database inserts on each. As you can see what I need is in sets of
three denoted by the integer at the end (tax0, amount0,
On 25 Mar 2005 Joshua Beall wrote:
P1: Does token.status = 'locked' WHERE key=$key ?
P2: Does token.status = 'locked' WHERE key=$key ?
P1: {Receives negative response}
P2: {Receives negative response}
P1: Updates token.status. = 'locked' WHERE key=$key
P2: Updates token.status. = 'locked'
On 24 Mar 2005 Joshua Beall wrote:
I realized that this sort of problem would always exist unless I had some
sort of semaphore mechanism. Once a user has *started* a transaction, they
need to be prevented from initiating a second transaction until the first
transaction has been completed.
For the basic logout, it's very easy.
Store a session variable which is the last active time. Initialize
it to the current time when the user logs in.
Each time a page loads, start the session and check current time
against the last active time. If the difference is over the limit,
display
On 14 Mar 2005 Ross Hulford wrote:
Does anyone know how to change the style of password boxes so when
the characters are entered an asterisk appears rather that a smal
circle?
It is determined by the browser and OS. I presume you are talking
about Windows XP, which is where I see that
On 14 Mar 2005 Dotan Cohen wrote:
change
input type='text' name='name'/
To:
input type='password' name='name'
This does not address the question. The OP saw small dots in the
password display, he wanted asterisks. That is not because he was
using type='text' but because he was already
On 7 Mar 2005 Jay Blanchard wrote:
/t and /n do not work for HTML output. If you view the source of your
HTML output you will see that the tabs and newlines are used properly.
You will have to substitute an HTML equivalent.
The HTML equivalent would likely be tables -- but if he uses pre then
On 2 Mar 2005 Erbacher Karl wrote:
I'm not sure if this is even a PHP question, but I'm hoping someone can help
me. I need to encipher data to be stored in a database and then I need to be
able to decipher it to use it. I was thinking of using DES and I obtained a
pair of keys, but I'm
On 4 Mar 2005 J. L. Marcelo Chaparro Bustos wrote:
Hola, bueno acabo de incribirme el la lista y queria saber si alguno
de ustedes tiene un manual PHP basico que me pueda enviar o decir
donde poder bajarlo, para orientarme un poco. gracias
Translation: Hi, I just joined this list and I
On 16 Feb 2005 Richard Lynch wrote:
Use the exact same session stuff you have now and just dump the
serialized data into SQL using the 5 functions for session handling.
Oh, OK, that's what you meant about the 5 functions. I am not sure of
the advantage to that, actually something I've
On 15 Feb 2005 Richard Lynch wrote:
Throw an ab (Apache Benchmark) test at it and find out.
Don't just guess or sit there wondering.
You could run test in about the time it took to compose this email --
Perhaps if you are already familiar with ab, which I'm not ... and if
the server
On 15 Feb 2005 Greg Donald wrote:
If you have to choose between a meaningful variable name and performance
considerations, buy more hardware! :-)
The cost you'll save in the long run for code maintenance will make it
worth it.
Comments in the code make using short session variable
I have a multi-page form which I build up and store in session
variables. The data saved includes all an internal list of items on
the form (derived from a database table), all the form field specs
(derived from the internal item list), the data for the fields (from
another table), default
On 11 Feb 2005 Richard Lynch wrote:
BAD: http://example.com/dynamic_pdf.php?record_id=1
GOOD: http://example.com/dynamic_pdf.php/record_id=1/fool_ie.pdf
Just curious, how does IE screw up the first one?
--
Tom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
On 10 Feb 2005 Richard Lynch wrote:
Perhaps you need to use http://php.net/reset
You see, when you do foreach or each or any of those, there is an
internal setting in the array that is altered to keep track of where you
are. Kind of like a big You are here arrow inside the guts of the
I have a form which is too long to be useful displayed on one page. I
have it broken up into 7 sections. All 7 are generated by the same PHP
source file, from data in a database.
When the user updates a section they can submit it and go to the next
section, or submit it and finish (return to
On 8 Feb 2005 Jochem Maas wrote:
This was aimed at me. I personally wouldn't touch a CCN with a barge pole,
I did say it was 'best' not to accept them at all, although accepting them and
immediately passing them on via an SSL link (e.g. with cURL) is probably
'good enough' - at least,
On 8 Feb 2005 Jochem Maas wrote:
don't agree - I'd rather be cautious on a hunch, especially given that I
have no means to personally verify the risk other than in terms of total
financial ruin if a real problem occurs even once. besides its a moot point
there is no need to handle creditcard
On 8 Feb 2005 Greg Donald wrote:
It's pretty simple to scrub the data away.
$cc = '1234123412341234';
// do processing
$cc = md5( time() );
This only works if PHP uses the same storage for both strings. If it
reallocates the storage, for example because the md5 result is longer,
On 7 Feb 2005 Jochem Maas wrote:
IE, is their a way to get PHP to overwrite the memory
used by variables at the termination of a script?
don't know about that but best not to accept the CCNs in the
first place. let the user enter it at authorize.net.
I think this is an extraordinary
On 3 Feb 2005 Richard Lynch wrote:
If it was only two pages, and there was only one header() re-direct, fine.
But what ends up happening is you get in the habit of doing this all over
the place, and you have a mess of spaghetti logic spread over a hundred
files.
That is a problem with
On 29 Jan 2005 tom soyer wrote:
I tried mysql_connect() function, and it won't reture FALSE if
connection failed. Instead, the script times out after 30 seconds and
displays an Fatal error message Maximum execution time of 30 seconds
exceeded.
I think the issue here is if the server does
On 28 Jan 2005 [EMAIL PROTECTED] wrote:
I need a validation regex that will pass a string. The string can be no
longer than some maximum length, and it can contain any characters except
two consecutive ampersands () anywhere in the string.
This is an example of something that is easier to
On 28 Jan 2005 [EMAIL PROTECTED] wrote:
Thanks, Tom. I agree, but not an option at this time - other parts of the
design require this to be a regex.
It is pretty easy to do with two regexps, one to check the length and
another to see if there is a double . Would that work? I don't know
On 26 Jan 2005 Jason Barnett wrote:
if (isset($_POST['checkboxfieldname'])) {
/** do stuff */
}
Sorry, I should have mentioned that I knew about using isset -- it
works OK for the checkbox example, though I'm not clear if this
behavior is specified and therefore will not change -- i.e.
On 26 Jan 2005 Jennifer Goodie wrote:
if (isset($fields['flags']['someflag']) $fields['flags']['someflag'])
if (isset($_POST['checkboxfieldname']) $_POST['checkboxfieldname'])
The short-circuits, so the second part of the conditional only
gets evaluated if the first part is true.
I
On 24 Jan 2005 Richard Lynch wrote:
Assuming you are authenticating them correctly so that a Bad Guy can't
change the HTML out from under them, it seems reasonable to me -- Not much
point to cross-site vandalism on one's own site, eh?
Exactly, that was my thought as well ...
--
Tom
--
PHP
On 24 Jan 2005 James Kaufman wrote:
I just tried it with php 4.3.8 and it did not throw a NOTICE with @list.
I suppose you could try @explode as well as @list.
Thanks. I was sure I had tried it with that but I will go back and
check.
--
Tom
--
PHP General Mailing List
This construct:
list($v1, $v2, $v3) = explode($sep, $string, 3);
will generate NOTICE level errors if there are not enough parts of the
string to fill all the variables in the list. What I really want is
for list() to set the variables that have a corresponding array
element, and
I am a consultant developing a PHP-based site (fully operational now,
we're adding some new features).
One thing I need to do is allow resellers of my client's services to
edit HTML which will then be used on the web pages their customers see.
In other words they get to customize the
On 10 Apr 2004 Brian Dunning wrote:
Check this out: I'm returning a list of the last 30 days, looping
through i, subtracting it from $end_date where $end_date is 2004-04-10
00:00:00. I'm just trying to derive a timestamp $check_date for each
iteration, like 1081321200. Here's the code
Hi Folks ...
A small problem here ...
I just rebuilt Apache 1.3.29 with mod_ssl.
When doing apachectl startssl I get:
[Mon Apr 5 12:19:53 2004] [warn] Loaded DSO libexec/libphp4.so
uses plain Apache 1.3 API, this module might crash under EAPI!
(please recompile it with -DEAPI)
I
On 5 Apr 2004 [EMAIL PROTECTED] wrote:
When doing apachectl startssl I get:
[Mon Apr 5 12:19:53 2004] [warn] Loaded DSO libexec/libphp4.so
uses plain Apache 1.3 API, this module might crash under EAPI!
(please recompile it with -DEAPI)
Sorry, I just realized there is a
On 4 Apr 2004 Randall Perry wrote:
Solved my main problem. I was assuming that variables registered with
$_SESSION were passed by reference. Apparently they're passed by value.
*Passing* by value or by reference has to do with function parameters,
not array values. However you can assign one
On 4 Apr 2004 Andy B wrote:
how would you empty all the contents of $HTTP_SESSION_VARS when you
dont need them anymore but still keep the current session running?
See http://www.php.net/manual/en/function.session-unset.php. That is
exactly what it does. That page also explains why unset()
On 4 Apr 2004 Andy B wrote:
the next time i hit the add guestbook listing from the main screen,
fill out the form with different values and submit it all the
$HTTP_SESSION_VARS have the same values as the last add sequence...
There are two problems there. First, your session data is not
On 2 Apr 2004 Aidan Lister wrote:
Wait until you have installed PHP5, then use the simplexml library.
I will shortly have the same questions about ways to parse XML, and I
can't use PHP 5 -- it's a production environment and the PTB are not
going to move to something that is that recently
On 21 Mar 2004 Chris Shiflett wrote:
I would never argue that something is an absolute defense, but I would
characterize my recommendation as a best practice.
Fair enough.
I agree with you that checking for valid characters is safer than
checking for malicious characters, but even the
On 23 Mar 2004 Michael Rasmussen wrote:
The idea is exactly not to do any queries dynamically generated based on
user input! In the rare cases where this is needed you should not
allow any unparsed input.
There are some applications for which queries based on typed user input
are rare. But
On 22 Mar 2004 Andy B wrote:
so the theory is: if i require that the session be named after the persons
login name there is probably 1 out of 2 million chances that it will mess up
the names and get confused (specially if there are only a few users
allowed)...
If the login name is unique and
On 20 Mar 2004 Ben Ramsey wrote:
I know how to run a PHP script as a cron job on a *nix machine. So,
does anyone know how to use the Task Scheduler on Windows to do the
same? Or is it even possible?
The fundamental idea is simple -- work out a command line from a
regular command prompt
On 21 Mar 2004 Chris Shiflett wrote:
SQL injection vulnerabilities exist when you use data that the user gave
you to create your SQL statement. So, anytime that this happens, simply
make absolutely sure that the data you are using from the user fits a very
specific format that you are
On 20 Mar 2004 Jeff Oien wrote:
How do I convert this
9/8/2001
(which is Month/Day/Year)
to this
20010908
(YearMonthDay - with leading zeros)
How about:
?php
$date = '9/8/2001';
list($mm, $dd, $yy) = explode('/', $date);
print(sprintf('%4d%02d%02d', $yy, $mm,
On 18 Mar 2004 Cameron B. Prince wrote:
I'm saying I can't connect to another machine running 3.x or 4.x from PHP,
but I can connect to either via the v4.x mysql command line client that's
installed on the webserver with PHP.
OK, I get it. It certainly sounds like it could be a problem with
On 18 Mar 2004 Richard Davey wrote:
Nope, because in the only reference book I had to hand it said the ^
matched the start of a string so it didn't occur to me to try it.
Thanks to John I now know when used in a block it's no longer limited
to the start of the string. The code you posted
On 18 Mar 2004 Cameron B. Prince wrote:
I'm sure this is good to know because it proves at least part of PHP can
reach the other machine... Which hopefully rules out a TCP/IP problem. I'm
going to enable debugging on the MySQL server and see if that tells me
anything.
Ah, that's good. Then
On 18 Mar 2004 Richard Davey wrote:
Good question, but the answer is no - I don't believe you can. You
could try passing the form name as a hidden form value? Or name your
submit button accordingly?
I have done this with the Submit button but I find that the results
vary. If you click
On 18 Mar 2004 Cameron B. Prince wrote:
I just finished doing that on a third machine that didn't have a previous
MySQL installation. I installed the same version that the webserver has. I
had the same results.
I'm losing track here -- are you saying you can't connect to another
machine
You might try an fsockopen() to port 3306 on the dbserver and see if it
works. If not, you get a reasonably descriptive error.
I just tried a couple of known servers and bogus addresses with this
code:
?php
$ipaddr = localhost; # substitute the IP address here
$fp = fsockopen($ipaddr, 3306,
On 17 Mar 2004 Brent Westmoreland wrote:
I too have questions on how to handle this situation, any help would be
greatly appreciated.
[Situation was how to use a single database connection inside a class
nested within another class etc.]
If you have a single DB connection open for the
On 18 Mar 2004 Louie Miranda wrote:
On my website i massively use session. And often times the webserver is
lacking resources to process more queries, and thats where all my
applications are failing.
I issue a destroy session at the end of my transaction, but some users dont
end their
On 16 Mar 2004 [EMAIL PROTECTED] wrote:
Sessions have to do with requests being sent by browsers to the web server. Each
time
you close all the windows of your browser on your computer and start the browser
again, a new session is started. I suspect that since all your users are
On 17 Mar 2004 Mike Mapsnac wrote:
I need to refresh page every 2 minutes. How that's can be done in
PHP?
You can do it with a header. I think something this simple will work:
header(Refresh: 120);
or in the head area:
print meta http-equiv=\Refresh\ content=\120\\n;
If
On 16 Mar 2004 Freddy Rodriguez wrote:
Hay una lista en espaƱol para php?
(Is there a list in Spanish for PHP?)
Si hay. Mira http://www.php.net/mailing-lists.php y
http://news.php.net/group.php?group=php.general.es.
(Yes there is. See the two URLs above.)
--
Tom
--
PHP General Mailing
On 17 Mar 2004 Tom Rogers wrote:
The default lifetime for session cookies is until the browser is
closed.
Of course. slapping head
You can run multiple sessions as long as they are to different
domains I think. I am pretty sure PHP can only handle 1 session per
client but you could
On 16 Mar 2004 Jeff Oien wrote:
You have to basically go back and forth between two pages.
The site you mentioned does, but it is easy to refresh to the same page
-- just use your own URL. An empty URL also works -- I tried it in IE
6 and Mozilla 1.5; don't know if it works with other
On 15 Mar 2004 Eric Gorr wrote:
which will have a value like:98797-234234--2c-something-2c
How do I take out the part which will always start with --2c and will
always end with -2c
I'd be interested in the answer to this question as well.
Seems like it should be easy.
It is easy.
So the current situation is that Apache2-prefork+PHP is a decent solution
but it hasn't been tested a whole lot.
I am currently moving my app to an Apache 2 server. I did not build
the server (not my area of expertise) and don't know how how it was
built, but I can talk to the folks who
On 13 Mar 2004 Rasmus Lerdorf wrote:
I think that is pretty clear. It says that it works but we do not
consider it production quality.
OK, thanks. That is what I thought it meant but I wanted to be sure.
As for whether your particular install will work? I have no idea. Maybe,
maybe not.
On 12 Mar 2004 Mike Mapsnac wrote:
I try to use quotes in the query and this doesn't work.
$query = SELECT * FROM user WHERE user_id = '$_POST['user_id']}';
But you use brackets and it works.. Why do you use brackets ?
$query = SELECT * FROM user WHERE user_id = ${_POST['user_id']};
See
I am running on one Linux server which has PHP built statically; the
CLI and Apache modules are both over 5.5MB. On another where it is
built dynamically they are closer to 1.2MB.
Is there any data on the performance tradeoffs of static vs. dynamic
builds? I understand the factors (static
On 12 Mar 2004 Richard Davey wrote:
Indeed.. roll-on input filters in PHP5 :)
Hmmm, can't find the docs on those online.
--
Tom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Is the general wisdom that using strip_tags on input is sufficient to
protect against XSS vulnerabilities from that input? I have been doing
some reading on it but haven't found anything that suggests a
vulnerability that removing the tags in this way would not cure.
Are there multi-level
On 12 Mar 2004 Richard Davey wrote:
P 1044: Access denied for user: '@localhost' to database 'mydatabase'
You said that you use apache as the username for MySQL - is this
something you've configured yourself?
It appears he is actually using a blank username as there is noting
before the
On 12 Mar 2004 Richard Davey wrote:
It is, but if he hasn't modified it otherwise, that's what it'll be.
Also for local development purposes, there is no harm in it.
Agreed, as long as he's not connected so someone can try to connect to
the MySQL port.
--
Tom
--
PHP General Mailing List
Is it possible that either $connect_id is not defined at the point
where you use it in the mysql_select_db call (e.g. it's global, the
call is in a function, and you forgot to use a global declaration),
and/or the previosuly opened connection has been closed?
What do you get if you do a
On 12 Mar 2004 Elliot J. Balanza wrote:
.
$row_prefs = mysql_fetch_assoc($prefs);
.
while ($row_prefs = mysql_fetch_assoc($prefs)) {
.
and it works fine EXCEPT it wont show the first record of the query... any
ideas why?
Yes ... see the two lines quoted above. Each time you
On 11 Mar 2004 Raditha Dissanayake wrote:
print Matches: . preg_match('/((?i)rah)\s+\1/', RAH RAH) . \n;
print Matches: . preg_match('/((?i)rah)\s+\1/', rah rah) .
is what you should use.
Oh. Of course -- I knew it was obvious! This also works:
print Matches:
On 11 Mar 2004 Mike Mapsnac wrote:
I'm looking for nice way to get variables from POST?
Well you can do it easily with extract:
extract($_POST);
This has the same security risks as turning register_globals on, it
allows hackers to set any variable they wish.
A better method might
On 11 Mar 2004 Teren wrote:
If you have register_globals on in your php.ini file, you don't need to do
that. You just automatically have access to all of those variables like
$username and $password etc. Whatever the name is on the field is what the
string will be called and the action script
On 11 Mar 2004 Rob Adams wrote:
Along the same lines, I've found this helpful when inserting into mysql.
foreach($_POST as $key = $val)
$$key = mysql_escape_string($val);
I just wrote a cleanup routine which applies a number of
transformations -- it's called at the start of every page
On 11 Mar 2004 Chris Shiflett wrote:
The risk is no greater than what the original poster wants to do anyway:
$foo = $_POST['foo'];
Whether $foo is created by register_globals being enabled or by the
previous code, there is no difference in risk. The data should still be
considered
On 10 Mar 2004 dmesg wrote:
How can i tell fsockopen() to skip to echo this warnings?
Here's a repeat of something I just posted the other day on this ...
Here's an approach I have used to avoid any error messages at all --
presumably you could also set a flag in the error handler to indicate
On 10 Mar 2004 Robert Cummings wrote:
Overhead is minimal since PHP doesn't actually copy the contents of the
container until an attempt to modify it is made. At which time the
contents are only actually copied if the internal reference count is
greater than 0. Generally this means it won't
1 - 100 of 118 matches
Mail list logo
