[PHP] Error when using HTTP Location header
Hi,
I'm building a login page that redirects the user to the login form when an
incorrect password is entered. An error message is passed as an URL
parameter. Something like:
if(!$pwd == $correctPwd){
header('Location: ' . urlencode('loginForm.php?error=Incorrect
password'));
exit;
}
When I use this page and enter a wrong password, I get a 'Acces Denied'
error from my local Apache (1.3) web server. It seems that the server is
looking for a file called 'loginForm.php?error=Incorrect password', can't
find it, and since directory browsing is disabled, it gives a 'Acces Denied'
error.
Is there a way I can prevent this with PHP? Or do I have to change something
in my Apache config? (Does anybody know what?)
Thanks in advance,
Arnout
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Error when using HTTP Location header
Ok, thnx, problem solved.
But about the XSS attacks: what is a XSS attack, and is there a way I can
let users still use some HTML tags (like B and BR)?
TIA,
Arnout
Marek Kilimajer [EMAIL PROTECTED] schreef in bericht
news:[EMAIL PROTECTED]
Arnout Boks wrote:
Hi,
I'm building a login page that redirects the user to the login form when
an
incorrect password is entered. An error message is passed as an URL
parameter. Something like:
if(!$pwd == $correctPwd){
header('Location: ' . urlencode('loginForm.php?error=Incorrect
password'));
exit;
}
Don't urlencode the whole url, only the string:
header('Location: loginForm.php?error=' . urlencode('Incorrect
password'));
You should also use full url:
header('Location: http://server.net/loginForm.php?error=' .
urlencode('Incorrect password'));
When you output the string on the login page, use htmlspecialchars to be
safe of XSS attacks.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Populating a Dropdown Menu From a Query
The exact implementation differs with your database system, but as an
example for MySQL:
select name=select size=1
?php
$result = mysql_query($query);
while($row = mysql_fetch_assoc){
echo(option
value=\{$row['name_of_value_field']}\{$row['name_of_description_field']}
/option);
}
?
/select
greetz,
Arnout
Harlequin [EMAIL PROTECTED] schreef in bericht
news:[EMAIL PROTECTED]
Another day another conundrum.
I have a form where one option is a dropdown menu. I'd like that menu to
only have items in it that are actually available. Selecting the items
with
a query is easy enough but I wondered if anyone could tell me where to
start
wit the code.
Am I using a for each again . . . ?
Any help greatly appreciated.
--
-
Michael Mason
Arras People
www.arraspeople.co.uk
-
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: How to make HTTP call to another address?
Maybe it helps to open the address with the fopen( )- or file( )-function to read it's contents. I use this method to get data from (dynamic) html pages on another website. I don't have that much knowledge about Java servlets, so I don't know if this works for that also. Arnout Matt Busche [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I've recently set up some Tomcat/Java/Servlet stuff that provides some high-level functions I wish to make available from PHP. In other words, from PHP, I want to make an HTTP call to an address like: http://mycompany.com/myservlet?request=doSomethingarg1=meatarg2=potatoes and then use the returned stream of data to service the original PHP request. Clear? I quickly found the PHP HTTP library ( http://www.php.net/manual/en/ref.http.php ), but my quick perusal makes me think this is only useful for controlling the HTTP response sent back to the browser making the original PHP request. Can someone help me? FYI: I'm a newbie. Please forgive me if this is an old-hat question. Matt -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP and HTML Conventions
There is no need to use PHP to include HTML in HTML. You could also use the HTML server-side #include-command. Greetz, Arnout Torsten Roehr [EMAIL PROTECTED] schreef in bericht news:[EMAIL PROTECTED] Harlequin [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] is there a HTML equivalent of the PHP include statement then...? No, but you can include pure HTML with include()/include_once(). Just give the file a php extension: include_once 'pureHTML.php'; Maybe it works with any extension, haven't tested it. Regards, Torsten Roehr -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: File Upload Question
As far as I know, this is not possible. You can however generate more file-upload boxes dynamicly. In this way, users can click an 'Upload another file'-button to display an extra upload form-element. Check the 'variable variables'-part in the PHP reference (user notes) for an example of this construction. Hope this is good solution for your application. greetz, Arnout Boks Warren Vail [EMAIL PROTECTED] schreef in bericht news:[EMAIL PROTECTED] Perhaps this is more about HTML than PHP, but the PHP $_FILES var seems to be set up to allow a list of files to be uploaded. How does one get the pop-up window to allow a user to select (ctrl-click or whatever) multiple files in the same pop-up window? Everything I have tried has left the user restricted to selecting one file only. thanks in advance. Warren Vail -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: using the mssql functions on a linux server
== Quote from http://php.us.themoes.org/manual/en/ref.mssql.php: == To use the MSSQL extension on Unix/Linux, you first need to build and install the FreeTDS library. Source code and installation instructions are available at the FreeTDS home page: http://www.freetds.org/ Hope this helps you, Arnout Edward Peloke [EMAIL PROTECTED] schreef in bericht news:[EMAIL PROTECTED] This may be a dumb question but how do I enable the mssql extension on a Linux server...if possible? I have a site which needs to connect to a mssql db. On my windows server, I just enable the mssql.dll extension...how do I do it on the Linux server? Thanks, Eddie WARNING: The information contained in this message and any attachments is intended only for the use of the individual or entity to which it is addressed. This message may contain information that is privileged, confidential and exempt from disclosure under applicable law. It may also contain trade secrets and other proprietary information for which you and your employer may be held liable for disclosing. You are hereby notified that any unauthorized dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify [EMAIL PROTECTED] by E-Mail and then destroy this communication in a manner appropriate for privileged information. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
