php-general Digest 18 Jun 2001 19:14:40 -0000 Issue 706
Topics (messages 54239 through 54256):
Compiler advice please!
54239 by: Gerry
ereg function
54240 by: Jay Paulson
54252 by: CC Zona
Re: [PHP-DEV] Fork() in php? (äâà óäàðà - 8 äûðîê?)
54241 by: ~~~i LeoNid ~~
fdf and pfd functions in PHP
54242 by: David A Castillo
54243 by: mheumann.sei.cl
Re: NEED BOOK: DB Abstaction
54244 by: Jon Haworth
a little ot, mysql binary fields
54245 by: Christian Dechery
Form security
54246 by: phpman
54247 by: James Stevens
54248 by: Peter Dudley
54251 by: mheumann.sei.cl
54253 by: phpman
.htaccess and secure image directory
54249 by: bill
pg_fetch_object() and composite field names
54250 by: Arcady Genkin
Re: out file
54254 by: Hasan Niyaz
Re: advice on 'Nusphere Mysql Package' appreciated
54255 by: scott [gts]
Lists are back up
54256 by: Rasmus Lerdorf
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
Hi this is probably of the scope of the list since it is a c++ question. (sorry)
I'm trying to learn a few things about c++ and I'm using "gcc" on my
Linux box. The problem I encountered is with the floating point
manipulation classes or functions like "fixed" and "showpoint", I get a
compile error saying they are not declared. I triyed the gcc.gnu site
but I could not find a support maillist like this one. After endless
fruitless searches on the web I decided to give you a shot since you
have answered many of my PHP questions and I know some of you do a lot
more than just PHP related development.
Could someone point me in the right direction please, maybe a site or
mailgroup where I could ask about this?
Thanks in advance and sorry for the inconvenience!
Gerry
hello-
I have a pretty easy question for some of you. I'm using the ereg function and it's
not returning a true or false after it runs. Below is the code snippet I'm using.
echo ereg("^[a-zA-Z]$", $fname);
as you can see I'm just looking to make sure the variable $fname just has characters
a-zA-Z and nothing else. Anyway, I'm running PHP 4.0.5 and I'm using the ereg
function else where and it seems to work fine.
Thanks,
Jay Paulson
In article <002e01c0e46c$ec2459a0$6e00a8c0@webdesign>,
[EMAIL PROTECTED] ("Jay Paulson") wrote:
> echo ereg("^[a-zA-Z]$", $fname);
>
> as you can see I'm just looking to make sure the variable $fname just has
> characters a-zA-Z and nothing else.
Actually, you're checking whethere the variable is a single-character
string a-zA-Z. For what you want:
ereg("^[a-zA-Z]+$", $fname); //add plus sign
Note also that although the docs imply that ereg() returns an integer
value, it says further down "Returns true if a match for pattern was found
in string, or false if no matches were found or an error occurred." In my
experience, boolean values don't echo well. Try this instead:
if(ereg("^[a-zA-Z]+$", $fname))
{
echo "<p>Passed!</p>\n";
}
else
{
echo "<p>Failed. Enter a different value.</p>\n";
}
--
CC
On 21 May 2001 10:06:41 -0700 impersonator of [EMAIL PROTECTED] (Zeev Suraski)
planted &I saw in php.general:
>At 08:24 21/5/2001, Rasmus Lerdorf wrote:
>>You are assuming they even read this mailing list.
>
>*ping* (in Tokyo, so it took me a while to catch up on my Email)
>
>Zeev
>
Sorry for _an_ intrusion her. I just unsuccsefully "ping"ed "zend" (on an
address supplied on the page) of wich the author is co-founder
co-developer, as i undustand:) So i publish my quest her. Hopefully it
will be seen by some, besides maintainers:) Is there hope to get answer
too? I hope.
>
I was checking on PHP en-coder (unfortunately, it only goes from 4.03:(so
i didn't go *further*, but wanted to test Zend Optimizer too. But
stoped at license item 8.2, and asked for an explanation, on witch i
received *demon* response (below) - sorry it got compacted, as i forgot to
close my copy/paste buffer compacter (and i am to lazy to copy it again:)
Hope, you decipher:)
Sincerely, LeonId
AM i `disclosing´ by this?:)
------------------------d(a)emon--------advice-----------------
Hi. This is the qmail-send program at mail.zend.com. I'm afraid I wasn't
able to deliver your message to the following addresses. This is a
permanent error; I've given up. Sorry it didn't work out. <[EMAIL PROTECTED]>:
--- Below this line is a copy of the message. Return-Path:
<[EMAIL PROTECTED]> Received: (qmail 6544 invoked by alias); 24 May 2001
14:37:03 -0000 Delivered-To: [EMAIL PROTECTED] Received: (qmail
6541 invoked from network); 24 May 2001 14:37:02 -0000 Received: from
unknown (HELO mckexch02.mckusa01) (38.201.8.162) by mail.zend.com with
SMTP; 24 May 2001 14:37:02 -0000 Received: from cheerleo
(ip162-6.urbis.net.il [192.118.6.162]) by mckexch02.mckusa01 with SMTP
(Microsoft Exchange Internet Mail Service Version 5.5.2448.0) id JHSZ36Z9;
Thu, 24 May 2001 09:57:17 -0400 Message-ID:
<000101c0e456$21997780$a20676c0@cheerleo> From: "LeoNid" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]> Subject: ÌÉÃÅÎÓ point 8.2 (on zend optimizer) Date:
Thu, 24 May 2001 17:33:30 +0400 X-Priority: 3 X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.3612.1700 X-MimeOLE: Produced By
Microsoft MimeOLE V4.72.3612.1700 ShaLom, What is the meaning of an item
8.2 of your license for ZendOptimizer. What kind of "confidential" infor.,
you supply for suppose to be freely downloadable software? Ain't - points
- mentioning _no_ reverse engineering suffice? Inspite that I am
considering download for myself only, I won't even think of it with such
(funny unclear and absurd, unless proved otherwise:) restriction. Thank
you for an explanation. ShaLom i Leonid. ---that's what _i_ saw in a
license (if my MSG is delivered without alteration either:)--------- 8.2.
Non-Disclosure. Licensee shall not permit anyone other than its own most
trusted employees with a need to know to access or use the Licensor
Proprietary Information. Licensee shall not disclose the Licensor
Proprietary Information to any third party or use the Licensor Proprietary
Information other than as authorized hereunder. Furthermore, Licensee: (a)
recognizes that the unauthorized use or disclosure of Licensor Proprietary
Information will give rise to irreparable injury to Licensor or its
licensors for which monetary damages may be an inadequate remedy; and (b)
agrees that Licensor or its licensors may seek and obtain injunctive
relief against the breach or threatened breach of Licensee's obligations
under this Agreement, in addition to any other legal and equitable
remedies which may be available to Licensor.
Okay, I'm trying to teach myself how to utilize fdf and insert into pdf and
I have a question for y'all. When using pfd forms to submit to an fdf file,
the php script uses the variable $HTTP_RAW_POST_DATA as the source to write
to the fdf file. If I use an HTML form to do the same thing, what variable
would I use? I tried $HTTP_POST_DATA and it returned an empty variable set
resulting in an empty fdf file. The code I'm using is as follows:
<?php
$fdffp = fopen("test.fdf","w");
fwrite($fdffp, $HTTP_POST_DATA, strlen($HTTP_POST_DATA));
fclose($fdffp);
?>
Sorry for the basic question but I guess we all have to start somewhere!
Cheers,
Dave
Hi,
I think this is more complicated. You'll need to create the FDF file manually
pertaining to the format
specifications. You will have to use the data posted from the HTML form, but just
writing them out to the
file won't do the trick. I haven't done this with PHP yet, maybe the fdf functions
provided can help you
somewhat with the format.
Greetings,
Michael.
> Okay, I'm trying to teach myself how to utilize fdf and insert into pdf and
> I have a question for y'all. When using pfd forms to submit to an fdf file,
> the php script uses the variable $HTTP_RAW_POST_DATA as the source to write
> to the fdf file. If I use an HTML form to do the same thing, what variable
> would I use? I tried $HTTP_POST_DATA and it returned an empty variable set
> resulting in an empty fdf file. The code I'm using is as follows:
>
> <?php
> $fdffp = fopen("test.fdf","w");
> fwrite($fdffp, $HTTP_POST_DATA, strlen($HTTP_POST_DATA));
> fclose($fdffp);
> ?>
>
> Sorry for the basic question but I guess we all have to start somewhere!
>
> Cheers,
>
> Dave
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
PHP 4 Bible (Converse/Park, IDG Books) has a chapter on OO programming that
contains sample code for an entire DB layer...
Failing that you can knock your own up really easily, using include() to
stick it in whatever script you fancy.
HTH
Jon
-----Original Message-----
From: Erich Reimberg N. [mailto:[EMAIL PROTECTED]]
Sent: 24 May 2001 16:48
To: [EMAIL PROTECTED]
Subject: [PHP] NEED BOOK: DB Abstaction
Hello,
Can anyone here, please, recommend me a good book that covers the
DB abstracion that has PHP4? Most of the books only deal with MySQL,
and that's not always my choice for a DB administrator. So I need
to program scripts that can connect to any DB.
I use this in ASP: I write a tiny script that only connects to
a DB, and then I include it in any script that needs DB connectivity.
Then, If I change the DB, I only change the tiny script, and the
rest works just like before.
(By the way, is it possible to do this in PHP at all? I believe it
is)
Please, if you have any books you can recommend Cc to my email
address: [EMAIL PROTECTED]
Thanks,
Erich Reimberg N
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
**********************************************************************
'The information included in this Email is of a confidential nature and is
intended only for the addressee. If you are not the intended addressee,
any disclosure, copying or distribution by you is prohibited and may be
unlawful. Disclosure to any party other than the addressee, whether
inadvertent or otherwise is not intended to waive privilege or
confidentiality'
**********************************************************************
How do I backup a blob field in mysql? Every time I dump it (to a text file
via phpMyAdmin)... it creates insert lines but the binary data is all
screwed up and when I load it it gives me error messages...
Since nobody answered my last question (or any of them for that matter). Let
me rephrase it a little
different.
Other then checking the referer (to make sure the posted data came from the
right page)
and user agent (to see if it exists), is there any other way to secure a
form from having other
forms submitting to it?
-dave
Another way to do this is to have a form element with an odd name and value
that you can check for before processing the post. This is not too secure if
someone knows the name and value though. In that case you can use the
referer _and_ a unique element name and value that is related to the
referer. Checking for these items before processing the form should be
pretty good.
James
-----Original Message-----
From: phpman [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 24, 2001 10:04 AM
To: [EMAIL PROTECTED]
Subject: [PHP] Form security
Since nobody answered my last question (or any of them for that matter). Let
me rephrase it a little
different.
Other then checking the referer (to make sure the posted data came from the
right page)
and user agent (to see if it exists), is there any other way to secure a
form from having other
forms submitting to it?
-dave
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Are you using sessions? You can register a tracking variable on the form
page and then check that variable on the processing page. If the posted
data comes from any page other than the one that you want it to, the
variable will not be set. Not 100% sure, but I think this covers what
you've asked.
Pete.
""phpman"" <[EMAIL PROTECTED]> wrote in message
9ejeqp$gm7$[EMAIL PROTECTED]">news:9ejeqp$gm7$[EMAIL PROTECTED]...
> Other then checking the referer (to make sure the posted data came from
the
> right page) and user agent (to see if it exists), is there any other way
to secure a
> form from having other forms submitting to it?
>
> -dave
Hi,
you could use an additional parameter containing a checksum of the entire URL, that
you check at the
beginning. Of course, somebody with the right motivation could find out your checksum
scheme (I would
use a subset of the md5 function), but at least it won't be simple anymore.
You could also use a Session ID that you generate somewhere on your site (usually the
start page). You
pass that along to the form and check it for validity. PHP 4 supports sessions.
Hope this helps.
Greetings,
Michael.
> Since nobody answered my last question (or any of them for that matter). Let
> me rephrase it a little
> different.
>
> Other then checking the referer (to make sure the posted data came from the
> right page)
> and user agent (to see if it exists), is there any other way to secure a
> form from having other
> forms submitting to it?
>
> -dave
I'm not trying to keep my script secure, I'm trying to get into another
script, using cURL.
I sent all of the POST fields, set my REFERER to be their referer page, even
set my AGENT to
be ie 5 on a Win2K box. Damn script is still not returning the right screen.
When I copy the HTML
code to my machine and run it locally (adjusting the FORM ACTION= to the
remote script url) it works.
I can even change the same form around and point it one of my scripts that
prints every POST var out, I
got them all. I checked for cookies - none.
I'm not doing this to do anything illegal. I'm trying to link with this
script...
http://wwwapps.ups.com/servlet/QCCServlet
to get shipping info (their XML integration is impossible with PHP - PHP
cannot do it). This makes
no sense to me, I can't think of anything I'm missing. I've gone through my
code for typos and
case sensitivities - even the order the POST vars are sent in is the same!
Aaaaaauuugggggghhhh!!!!!
-dave
""phpman"" <[EMAIL PROTECTED]> wrote in message
9ejeqp$gm7$[EMAIL PROTECTED]">news:9ejeqp$gm7$[EMAIL PROTECTED]...
> Since nobody answered my last question (or any of them for that matter).
Let
> me rephrase it a little
> different.
>
> Other then checking the referer (to make sure the posted data came from
the
> right page)
> and user agent (to see if it exists), is there any other way to secure a
> form from having other
> forms submitting to it?
>
> -dave
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
If I upload images to a web directory using PHP, how can I prevent a web
browser from getting a file list of the directory while still allowing
it to be polled for specific images?
kind regards,
bill hollett
Suppose I have a query like this:
$query = "select A.id, B.id from foo A, bar B where A.bleh=B.blob;";
$result = pg_exec( $db, $query);
$obj = pg_fetch_object( $result, 0 );
My question is: How do I access the field names in the $obj now?
I know that I can transform the query to avoid this problem, or use a
function other than pg_fetch_object. But I'm interested whether
pg_fetch_object _can_ be used here.
Many thanks,
--
Arcady Genkin
Hi,
This is not very php related but if anyone can let me this simple question.
I'm using a dos window to communicate with my MySQL server. What if i want to save the
results in file. What is the command i should
use.
Thanks,
Hasan
mandrake is easy to install, yes. :)
mandrake is a full distribution... it's everything
that most people need ....kernel, Xwindows, servers,
apps, games, dev. libraries, languages, etc. etc...
you can customize which programs get installed
from the install program.
it's a great system.... really easy to use and
install.
download the mandrake 8.0 ISO from their website
if you've got a CD-R. it's free :)
> -----Original Message-----
> From: Johnny Smith [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 24, 2001 8:45 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [PHP] advice on 'Nusphere Mysql Package' appreciated
>
>
> Thanks for replying Scott...
>
> Are you trying to say that Mandrake has PHP, Mysql, Apache
> and that the combination is easy to install correctly on
> Mandrake?
>
>
>
>
> >From: "scott [gts]" <[EMAIL PROTECTED]>
> >To: "php" <[EMAIL PROTECTED]>
> >Subject: RE: [PHP] advice on 'Nusphere Mysql Package' appreciated
> >Date: Wed, 23 May 2001 14:43:38 -0400
> >
> >Linux Mandrake (8.0) is extremely easy to install,
> >(it's a complete linux distrib, based off of RedHat,
> >so you can install it onto a clean machine)
> >
> >the install is *very* interactive and it comes fully
> >loaded with almost everything you could want,
> >and is free....
> >
> >get the ISO's at :
> >
> >http://linux-mandrake.com/
> >
> >
> >
> >--
> >PHP General Mailing List (http://www.php.net/)
> >To unsubscribe, e-mail: [EMAIL PROTECTED]
> >For additional commands, e-mail: [EMAIL PROTECTED]
> >To contact the list administrators, e-mail: [EMAIL PROTECTED]
> >
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
>
We have re-enabled the PHP mailing lists. They are now running from a
temporary machine sitting on the floor of my spare bedroom. A more
permanent home is in the works.
-Rasmus
