Craige, Marc, Nitsan,Bastien,
Thanks for your reply!
This is my understanding and comment from your replies:
(1) If the web server do have assign anonymous request ID to each HTTP
request from client browser, and assign $_POST to each request ID and works
within request ID scope, this is fine
Keith wrote:
Let's say user A and user B submitting purchase order form with
order.php at the same time, with method=post action='confirmation.php'.
(1) Will $_POST['order'] submitted by user A replaced by
$_POST['order'] submitted by user B, and the both user A B getting the
same order,
At 11:49 AM -0400 6/8/09, Daniel Brown wrote:
On Mon, Jun 8, 2009 at 11:48, teddt...@sperling.com wrote:
Hi gang:
I've heard that php can be used for more than web programming, but I
am not aware of specifically how that can be done. So, let me ask
directly -- can php be used to create
At 2:28 AM +0100 6/10/09, Michael wrote:
The standard PHP execution model is geared almost exclusively
towards web-used (though crons etc. are reasonable)... that is, to
sit in/with a server and handle requests... to operate over, at
maximum, insane lifespans of 30 seconds.
There are
On Wed, Jun 10, 2009 at 08:37, teddtedd.sperl...@gmail.com wrote:
Beside, this is how languages evolve. There is no job that any tool is
designed for. The job is our current perception of the task at hand and
that is always changing.
That's the point I was trying to get at in the email I
Daniel Brown wrote:
On Wed, Jun 10, 2009 at 08:37, teddtedd.sperl...@gmail.com wrote:
Beside, this is how languages evolve. There is no job that any tool is
designed for. The job is our current perception of the task at hand and
that is always changing.
That's the point I was trying to
On Wed, Jun 10, 2009 at 01:41, R. S. Patilkpr.rspa...@gmail.com wrote:
Hi,
We are in phase of evaluating PHP as Serverside technology for our first web
application.
We have finalized Flex for user interface and Birt as reporting engine. Now
the data services
are to be evaluated. Flex forums
On Wed, Jun 10, 2009 at 08:59, Robert Cummingsrob...@interjinn.com wrote:
Don't you have VB applications to write?
And this after I just mentioned your name in another thread
without throwing up in my mouth.
--
/Daniel P. Brown
daniel.br...@parasane.net || danbr...@php.net
Dan, I do appreciate when you share your pillow talk with the list at large.
Cheers,
Eddie
On Wed, Jun 10, 2009 at 9:06 AM, Robert Cummings rob...@interjinn.comwrote:
Daniel Brown wrote:
On Wed, Jun 10, 2009 at 01:41, R. S. Patilkpr.rspa...@gmail.com wrote:
Hi,
We are in phase of
Eddie Drapkin wrote:
Dan, I do appreciate when you share your pillow talk with the list at large.
Just so everyone knows... Dan was catcher when we were having that long
deep talk.
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--
PHP General Mailing
On Wed, Jun 10, 2009 at 09:06, Robert Cummingsrob...@interjinn.com wrote:
Dan, I'd appreciate it if you wouldn't share our pillow talk with the list
at large.
Oh, stop, it's not like I mentioned the rash for which you've been
getting that cream.
--
/Daniel P. Brown
On Wed, Jun 10, 2009 at 09:11, Daniel Browndanbr...@php.net wrote:
On Wed, Jun 10, 2009 at 09:06, Robert Cummingsrob...@interjinn.com wrote:
Dan, I'd appreciate it if you wouldn't share our pillow talk with the list
at large.
Oh, stop, it's not like I mentioned the rash for which you've
Daniel Brown wrote:
On Wed, Jun 10, 2009 at 09:06, Robert Cummingsrob...@interjinn.com wrote:
Dan, I'd appreciate it if you wouldn't share our pillow talk with the list
at large.
Oh, stop, it's not like I mentioned the rash for which you've been
getting that cream.
I just realized...
The question then becomes whether he was one of the boring catchers and just
sort of sat there or was actively discussing with you.
On Wed, Jun 10, 2009 at 9:11 AM, Robert Cummings rob...@interjinn.comwrote:
Eddie Drapkin wrote:
Dan, I do appreciate when you share your pillow talk with the
Eddie Drapkin wrote:
The question then becomes whether he was one of the boring catchers and
just sort of sat there or was actively discussing with you.
He was quite active... when I raised a really good point all he could do
was scream.
Cheers,
Rob.
--
http://www.interjinn.com
Application
At 8:53 AM -0400 6/10/09, Daniel Brown wrote:
On Wed, Jun 10, 2009 at 08:37, teddtedd.sperl...@gmail.com wrote:
Beside, this is how languages evolve. There is no job that any tool is
designed for. The job is our current perception of the task at hand and
that is always changing.
At 9:07 AM -0400 6/10/09, Robert Cummings wrote:
Daniel Brown wrote:
On Wed, Jun 10, 2009 at 08:59, Robert Cummingsrob...@interjinn.com wrote:
Don't you have VB applications to write?
And this after I just mentioned your name in another thread
without throwing up in my mouth.
You've
On Wed, Jun 10, 2009 at 09:14, Robert Cummingsrob...@interjinn.com wrote:
He was quite active... when I raised a really good point all he could do was
scream.
and it is at this point that I would like to remind you that
we are on the air, gentlemen, live and being recorded for future
On Wed, Jun 10, 2009 at 09:16, teddtedd.sperl...@gmail.com wrote:
That's Okay, I just say it better than you. :-)
Show-off.
--
/Daniel P. Brown
daniel.br...@parasane.net || danbr...@php.net
http://www.parasane.net/ || http://www.pilotpig.net/
50% Off All Shared Hosting Plans at PilotPig:
Daniel Brown wrote:
On Wed, Jun 10, 2009 at 09:14, Robert Cummingsrob...@interjinn.com wrote:
He was quite active... when I raised a really good point all he could do was
scream.
and it is at this point that I would like to remind you that
we are on the air, gentlemen, live and being
On Wed, Jun 10, 2009 at 08:37:23AM -0400, tedd wrote:
snip
Think about it -- why are all languages are looking more and more
alike? Why is it that you can jump from versions of BASIC to C, C++,
php, JAVA, javascript and others and not find yourself in a
completely foreign environment? You
2009/6/8 HELP! izod...@gmail.com
opening of the sorket is ok and writting LOGIN packet to the sorket is also
ok but reading the response to know if the login is accepted or rejected is
a not OK.
Don't use fread() to read from sockets, use stream_get_contents(). Example 3
on the fread()
2009/6/10 Dotan Cohen dotanco...@gmail.com
Just checked your site in Elinks (works like Lynx) and I'm getting the
headers come back to me. I'm assuming you changed your site code before
me sending this and after you sent the original message?
The individual headers are as they always
2009/6/10 Robin Vickery rob...@gmail.com
2009/6/10 Dotan Cohen dotanco...@gmail.com
Just checked your site in Elinks (works like Lynx) and I'm getting the
headers come back to me. I'm assuming you changed your site code before
me sending this and after you sent the original message?
Hi all,
I'm looking at adding a new search feature to my site, and one of the
elements of this is to echo back in the search results page, the
original string the user searched for. Up until now, XSS hasn't (afaik)
been an issue for my site, but I can see from a mile off this will be.
What would
What exactly is the problem or error message you get?
Also if this is your script, really, it needs a LOT of cleanup!!
Here's an example that could point out the problem:
$FileName =
str_replace(.jpg, , $FileName);
$FileName =
str_replace(/, , $ImageName);
$FileName =
On Wed, 2009-06-10 at 18:28 +0200, Nitsan Bin-Nun wrote:
mysql_real_escape_string() only sanitise the input. I would personally
only allow [a-zA-Z0-9-_] in search string but that's just me ;)
Validate the input in some way, or make extra sanitisation of it
before running the search query.
I'm working on something similar, here's the pseudo-code of what
happens to ensure the PHP script run by my server doesnt see any
difference than when it runs under apache or others...
Say the php file to execute is index.php and it was called from a
form post, the form tag also specified GET
https://www.xxx.co.uk/register.php;| grep 123
I wonder what kind of browser could make this, probably a hacker-made one!
This URL will have to be translated into its equivalent URI, if using
GET the HTTP message's start line would look like:
GET /register.php| grep 123 HTTP/1.1
First of all,
The problem with using a database escaping string for output escaping is
that something like (despite being the world's lamest XSS)
script
location.href('google.com')
/script
Would output mostly the same and with some cleverness, it wouldn't be too
hard to get that to function properly with a full
Hello,
I am sending an html message with and embedded image using the following code:
// Read message from html template
$message = fread(template.html, filesize(template.html));
// I replace the values in $message that are necessary to
// fill the tempalte
...
// Generate a boundary string
On Wed, 2009-06-10 at 12:55 -0400, Eddie Drapkin wrote:
The problem with using a database escaping string for output escaping
is that something like (despite being the world's lamest XSS)
script
location.href('google.com')
/script
Would output mostly the same and with some cleverness, it
On Wed, 2009-06-10 at 12:59 -0400, Fernando G wrote:
Hello,
I am sending an html message with and embedded image using the following code:
// Read message from html template
$message = fread(template.html, filesize(template.html));
// I replace the values in $message that are necessary
Ashley Sheridan wrote:
On Wed, 2009-06-10 at 18:28 +0200, Nitsan Bin-Nun wrote:
mysql_real_escape_string() only sanitise the input. I would personally
only allow [a-zA-Z0-9-_] in search string but that's just me ;)
Validate the input in some way, or make extra sanitisation of it
before
Hi,
...
Use something that is already proven to work. It will save you an
awful lot of time.
--
Richard Heyes
HTML5 graphing: RGraph (www.rgraph.net - updated 6th June)
PHP mail: RMail (www.phpguru.org/rmail)
PHP datagrid: RGrid (www.phpguru.org/rgrid)
PHP Template: RTemplate
I have not idea of what else to use. Your suggestions are appreciated.
Fernando.
Date: Wed, 10 Jun 2009 18:04:31 +0100
From: rich...@php.net
To: jfer...@hotmail.com
CC: php-general@lists.php.net
Subject: Re: [PHP] Mail function and hotmail
Hi,
...
Use something that is already
kranthi, you are wrong here. popen() will open a pipe to a process.
You must have meant fopen() which doesnt work with pipes, but with
files.
you first popen php (ie execute it)
you then write the code you want php to exec (php is still executing,
reading your input)
at the end you pclose php
On Wed, Jun 10, 2009 at 1:11 PM, Fernando Gjfer...@hotmail.com wrote:
I have not idea of what else to use. Your suggestions are appreciated.
Fernando.
Date: Wed, 10 Jun 2009 18:04:31 +0100
From: rich...@php.net
To: jfer...@hotmail.com
CC: php-general@lists.php.net
Subject: Re: [PHP]
Hi,
pear's mime mail
I believe I had a hand in that too. It's like a bad rash - it gets
everywhere... :-)
--
Richard Heyes
HTML5 graphing: RGraph (www.rgraph.net - updated 6th June)
PHP mail: RMail (www.phpguru.org/rmail)
PHP datagrid: RGrid (www.phpguru.org/rgrid)
PHP Template: RTemplate
Thanks. I'll check that out.
Date: Wed, 10 Jun 2009 18:24:45 +0100
Subject: Re: [PHP] Mail function and hotmail
From: rich...@php.net
To: phps...@gmail.com
CC: jfer...@hotmail.com; php-general@lists.php.net
Hi,
pear's mime mail
I believe I had a hand in that too. It's like a bad
I've been doing a bit of reading, and I can't really understand why XSS
is such an issue. Sure, if a user can insert a script tag, what
difference will that make to anyone else, as it is only on their own
browser.
1. User 1 logs on to the application. Fills up the form with malicious
JS
I reckon Dan brown is fond of pillow talks instead of PHP(pillow has
p*nux) in here very much ;)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Wed, 2009-06-10 at 23:05 +0530, Sudheer Satyanarayana wrote:
I've been doing a bit of reading, and I can't really understand why XSS
is such an issue. Sure, if a user can insert a script tag, what
difference will that make to anyone else, as it is only on their own
browser.
1.
Richard was likely suggestion his mail example as listed in his signature
Other options include
phpmailer
pear's mime mail
various other classes available www.phpclasses.org
Fernando,
I recommend you check out the various PHP frameworks out there. Instead
of randomly searching for
On Wed, 2009-06-10 at 23:17 +0530, Sudheer Satyanarayana wrote:
Ashley Sheridan wrote:
On Wed, 2009-06-10 at 23:05 +0530, Sudheer Satyanarayana wrote:
I've been doing a bit of reading, and I can't really understand why XSS
is such an issue. Sure, if a user can insert a script tag, what
On Wed, 2009-06-10 at 19:03 +0100, Ashley Sheridan wrote:
On Wed, 2009-06-10 at 23:17 +0530, Sudheer Satyanarayana wrote:
Ashley Sheridan wrote:
On Wed, 2009-06-10 at 23:05 +0530, Sudheer Satyanarayana wrote:
I've been doing a bit of reading, and I can't really understand why XSS
That would do the job.
If you are already digging into it, take a look at XSRF/CSRF which are
both can be very harmful, especially for ecommerce websites.
On Wed, Jun 10, 2009 at 8:08 PM, Ashley
Sheridana...@ashleysheridan.co.uk wrote:
On Wed, 2009-06-10 at 19:03 +0100, Ashley Sheridan wrote:
On Wed, 2009-06-10 at 19:59 +0200, Nitsan Bin-Nun wrote:
That would do the job.
If you are already digging into it, take a look at XSRF/CSRF which are
both can be very harmful, especially for ecommerce websites.
On Wed, Jun 10, 2009 at 8:08 PM, Ashley
Sheridana...@ashleysheridan.co.uk
I've been charged with writing a class that handles forms, once they've been
POSTed to. The idea of the class is to handle the most common use-cases of
POST forms, and any special functionality can be handled with a child class
at a later date, but for our uses, we're going to have mostly pretty
Ashley Sheridan wrote:
On Wed, 2009-06-10 at 23:05 +0530, Sudheer Satyanarayana wrote:
I've been doing a bit of reading, and I can't really understand why XSS
is such an issue. Sure, if a user can insert a script tag, what
difference will that make to anyone else, as it is only on their own
On Wed, Jun 10, 2009 at 2:08 PM, Ashley Sheridan
a...@ashleysheridan.co.ukwrote:
On Wed, 2009-06-10 at 19:03 +0100, Ashley Sheridan wrote:
On Wed, 2009-06-10 at 23:17 +0530, Sudheer Satyanarayana wrote:
Ashley Sheridan wrote:
On Wed, 2009-06-10 at 23:05 +0530, Sudheer Satyanarayana
On Wed, 2009-06-10 at 14:14 -0400, Eddie Drapkin wrote:
On Wed, Jun 10, 2009 at 2:08 PM, Ashley Sheridan
a...@ashleysheridan.co.ukwrote:
On Wed, 2009-06-10 at 19:03 +0100, Ashley Sheridan wrote:
On Wed, 2009-06-10 at 23:17 +0530, Sudheer Satyanarayana wrote:
Ashley Sheridan wrote:
Thank you. I'm looking at PEAR Mail_mime right now. It seems promising.
Fernando.
Date: Wed, 10 Jun 2009 23:14:11 +0530
From: sudhee...@binaryvibes.co.in
To: phps...@gmail.com
CC: jfer...@hotmail.com; rich...@php.net; php-general@lists.php.net
Subject: Re: [PHP] Mail function and hotmail
On Wed, Jun 10, 2009 at 2:26 PM, Ashley
Sheridana...@ashleysheridan.co.uk wrote:
On Wed, 2009-06-10 at 14:14 -0400, Eddie Drapkin wrote:
On Wed, Jun 10, 2009 at 2:08 PM, Ashley Sheridan
a...@ashleysheridan.co.ukwrote:
On Wed, 2009-06-10 at 19:03 +0100, Ashley Sheridan wrote:
On Wed,
On Wed, 2009-06-10 at 14:40 -0400, Andrew Ballard wrote:
On Wed, Jun 10, 2009 at 2:26 PM, Ashley
Sheridana...@ashleysheridan.co.uk wrote:
On Wed, 2009-06-10 at 14:14 -0400, Eddie Drapkin wrote:
On Wed, Jun 10, 2009 at 2:08 PM, Ashley Sheridan
a...@ashleysheridan.co.ukwrote:
On Wed,
On Wed, Jun 10, 2009 at 2:56 PM, Ashley
Sheridana...@ashleysheridan.co.uk wrote:
On Wed, 2009-06-10 at 14:40 -0400, Andrew Ballard wrote:
On Wed, Jun 10, 2009 at 2:26 PM, Ashley
Sheridana...@ashleysheridan.co.uk wrote:
On Wed, 2009-06-10 at 14:14 -0400, Eddie Drapkin wrote:
On Wed, Jun 10,
Ashley Sheridan wrote:
On Wed, 2009-06-10 at 14:40 -0400, Andrew Ballard wrote:
On Wed, Jun 10, 2009 at 2:26 PM, Ashley
Sheridana...@ashleysheridan.co.uk wrote:
On Wed, 2009-06-10 at 14:14 -0400, Eddie Drapkin wrote:
On Wed, Jun 10, 2009 at 2:08 PM, Ashley Sheridan
Usually I would support you on this one. In chemistry you always keep
your stock pure and make any observations or mixtures in clean and
other glasses in order to keep it pure.
When it comes to printing an output or hosting it in a variables and
then printing it out it is just a matter of taste.
what's a reliable way to detect that the sapi is cli, including in a
included scripts?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
if(PHP_SAPI == 'cli') { }
or
if(php_sapi_name() == 'cli') { }
On Wed, Jun 10, 2009 at 3:42 PM, Tom Worster f...@thefsb.org wrote:
what's a reliable way to detect that the sapi is cli, including in a
included scripts?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe,
On Wed, Jun 10, 2009 at 3:10 PM, Nitsan Bin-Nunnitsa...@gmail.com wrote:
Usually I would support you on this one. In chemistry you always keep
your stock pure and make any observations or mixtures in clean and
other glasses in order to keep it pure.
When it comes to printing an output or
Have a look at Zend Form
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Thanks! Peter.
I’m very clear now.
Peter Ford p...@justcroft.com wrote in message
news:bd.38.16665.07c6f...@pb1.pair.com...
Keith wrote:
Let's say user A and user B submitting purchase order form with
order.php at the same time, with method=post action='confirmation.php'.
(1) Will
63 matches
Mail list logo
