RE: [PHP] ??????????????????????????????????????????????????????````````````````````ØØØØØØØØØØ
I've just joined this mailing list this afternoon. Does this kind of thing happen often? If so, I'm going to leave the list. Ben -Original Message- From: Andrew Brampton [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 09, 2002 3:40 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] ??`` ``ØØ If you read the 3 emails he sent previous to his spam you will see that he tried to get the moderators to remove him but after 6 hours he is still on the list, so I guess he thinks that if he starts to spam he will be kicked Andrew - Original Message - From: Rodolfo Gonzalez [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 09, 2002 8:32 PM Subject: Re: [PHP] ??ØØ To the kind moderator of the list: please kick off this guy (Erik Hegreberg [EMAIL PROTECTED] ), he's really annoying. Or at least bounce his e-mails back to him ;) ). Thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Ben
I'll stick around. He apparently can't read directions very well and assumes that he can harass and take over a list. How very adult of him! Soon enough, he'll tire of the spam it appears he'll be receiving (judging from other comments). -Ben -Original Message- From: Kevin Stone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 09, 2002 4:20 PM To: Ben Ramsey; [EMAIL PROTECTED] Subject: Re: [PHP] Ben First time Ben don't worry about it. This list is actually very adult much more so than others I've belonged to. But you just can't prevent things like this on an unmoderated list. It'll be over soon. Hope you stick around. :) -Kevin - Original Message - From: Ben Ramsey [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 09, 2002 1:57 PM Subject: RE: [PHP] ??ØØ I've just joined this mailing list this afternoon. Does this kind of thing happen often? If so, I'm going to leave the list. Ben -Original Message- From: Andrew Brampton [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 09, 2002 3:40 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] ??`` ``ØØ If you read the 3 emails he sent previous to his spam you will see that he tried to get the moderators to remove him but after 6 hours he is still on the list, so I guess he thinks that if he starts to spam he will be kicked Andrew - Original Message - From: Rodolfo Gonzalez [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 09, 2002 8:32 PM Subject: Re: [PHP] ??ØØ To the kind moderator of the list: please kick off this guy (Erik Hegreberg [EMAIL PROTECTED] ), he's really annoying. Or at least bounce his e-mails back to him ;) ). Thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Setting group sticky bit on directory with chmod()
I'm trying to set a sticky bit on a directory with chmod(). The same
octal value works from the command prompt, but it doesn't appear to work
correctly with the PHP function. Anyone have an idea as to why?
PROMPT (works):
$ chmod 2775 /path/to/dir
PHP (doesn't work):
chmod('/path/to/dir', 02775);
We've tested the PHP code on files, and it works, but it doesn't work on
directories.
Our current umask is 0002. We're using PHP 5.2.2 on Linux
2.6.9-42.0.10.ELsmp #1 SMP Fri Feb 16 17:17:21 EST 2007 i686 i686 i386
GNU/Linux.
--
Ben Ramsey
http://benramsey.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setting group sticky bit on directory with chmod()
On 8/2/07 10:57 AM, Daniel Brown wrote:
On 8/2/07, Ben Ramsey [EMAIL PROTECTED] wrote:
PHP (doesn't work):
chmod('/path/to/dir', 02775);
We've tested the PHP code on files, and it works, but it doesn't work on
directories.
Drop the preceding 0 from the chmod() function parameters. The
four-digit octal value is preferred, and the 0 is the first bit to
show that there's no user- or group-specific execution (su-exec'ing,
basically) or stickiness to the file/directory. However,
three-digit values will work. In either case, five digits will not
work.
Right:
chmod 0755 file.php
chmod 1777 file.php
chmod('file.php',0755);
chmod('file.php',1777);
What about on directories? That's our problem.
The following works on files (even though you say it shouldn't). I'll
clarify: 02775 sets permissions based on how we expect 2775 to work
using chmod from the command prompt. The problem is that 2775 with PHP's
chmod() doesn't set the permissions in the same way that it does from
the command prompt.
This works on files:
chmod('/path/to/file.php', 02775);
But it doesn't work on directories.
Here's what we're doing:
?php
chmod('./test1', 2775);
?
Here's what we get:
$ ls -l
d-ws-w-rwt 2 user user 4096 Aug 2 15:33 test1
Here's what we expect:
$ chmod 2775 test1
drwxrwsr-x 2 user user 4096 Aug 2 15:34 test1
So, what are we doing wrong with chmod() that is causing us to get the
wrong results? Keep in mind that we are running the PHP script as the
same user who owns the directory.
--
Ben Ramsey
http://benramsey.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setting group sticky bit on directory with chmod()
On 8/2/07 10:57 AM, Daniel Brown wrote:
On 8/2/07, Ben Ramsey [EMAIL PROTECTED] wrote:
PHP (doesn't work):
chmod('/path/to/dir', 02775);
We've tested the PHP code on files, and it works, but it doesn't work on
directories.
Drop the preceding 0 from the chmod() function parameters. The
four-digit octal value is preferred, and the 0 is the first bit to
show that there's no user- or group-specific execution (su-exec'ing,
basically) or stickiness to the file/directory. However,
three-digit values will work. In either case, five digits will not
work.
Right:
chmod 0755 file.php
chmod 1777 file.php
chmod('file.php',0755);
chmod('file.php',1777);
What about on directories? That's our problem.
The following works on files (even though you say it shouldn't). I'll
clarify: 02775 sets permissions based on how we expect 2775 to work
using chmod from the command prompt. The problem is that 2775 with PHP's
chmod() doesn't set the permissions in the same way that it does from
the command prompt.
This works on files:
chmod('/path/to/file.php', 02775);
But it doesn't work on directories.
Here's what we're doing:
?php
chmod('./test1', 2775);
?
Here's what we get:
$ ls -l
d-ws-w-rwt 2 user user 4096 Aug 2 15:33 test1
Here's what we expect:
$ chmod 2775 test1
drwxrwsr-x 2 user user 4096 Aug 2 15:34 test1
So, what are we doing wrong with chmod() that is causing us to get the
wrong results? Keep in mind that we are running the PHP script as the
same user who owns the directory.
--
Ben Ramsey
http://benramsey.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setting group sticky bit on directory with chmod()
On 8/2/07 11:45 AM, Tijnema wrote: On 8/2/07, Ben Ramsey [EMAIL PROTECTED] wrote: So, what are we doing wrong with chmod() that is causing us to get the wrong results? Keep in mind that we are running the PHP script as the same user who owns the directory. Who is the owner of the directory containing this test1 directory? That one should also be the same as PHP script is running on AFAIK. Read my last paragraph. ;-) -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setting group sticky bit on directory with chmod()
On 8/2/07 10:57 AM, Daniel Brown wrote:
On 8/2/07, Ben Ramsey [EMAIL PROTECTED] wrote:
PHP (doesn't work):
chmod('/path/to/dir', 02775);
We've tested the PHP code on files, and it works, but it doesn't work on
directories.
Drop the preceding 0 from the chmod() function parameters. The
four-digit octal value is preferred, and the 0 is the first bit to
show that there's no user- or group-specific execution (su-exec'ing,
basically) or stickiness to the file/directory. However,
three-digit values will work. In either case, five digits will not
work.
Right:
chmod 0755 file.php
chmod 1777 file.php
chmod('file.php',0755);
chmod('file.php',1777);
What about on directories? That's our problem.
The following works on files (even though you say it shouldn't). I'll
clarify: 02775 sets permissions based on how we expect 2775 to work
using chmod from the command prompt. The problem is that 2775 with PHP's
chmod() doesn't set the permissions in the same way that it does from
the command prompt.
This works on files:
chmod('/path/to/file.php', 02775);
But it doesn't work on directories.
Here's what we're doing:
?php
chmod('./test1', 2775);
?
Here's what we get:
$ ls -l
d-ws-w-rwt 2 user user 4096 Aug 2 15:33 test1
Here's what we expect:
$ chmod 2775 test1
drwxrwsr-x 2 user user 4096 Aug 2 15:34 test1
So, what are we doing wrong with chmod() that is causing us to get the
wrong results? Keep in mind that we are running the PHP script as the
same user who owns the directory.
--
Ben Ramsey
http://benramsey.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Good php-news newsletter?
On 8/24/07 9:21 AM, Edward Kay wrote: http://www.planet-php.org/rss/ http://www.php-mag.net/magphpde/psecom,id,26,noeid,26,.html http://www.phpdeveloper.org/phpdev.rss And also try http://devzone.zend.com/. They have regular PHP community news, articles, and weekly summaries of activity within the PHP developer community. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Breaking lines
On 10/3/06 8:05 AM, Deckard wrote: $stringData = '$hostname = ' . $hostname . '\n' . '$mysql_username = ' . $mysql_username . '\n' . '$mysql_user_password = ' . $mysql_user_password . '\n'; but instead of breaking a line, it appears in the file the string \n How can i make the line break ? Use double quotation marks instead of single quotation marks: \n See here for why: http://us3.php.net/manual/en/language.types.string.php#language.types.string.syntax.double -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Really strange
On 10/4/06 8:32 PM, Deckard wrote:
Hi,
I have this line of code:
include_once('../config.inc.php');
I'm 100% sure that the file config.inc.php is a directory up.
config.inc.php is in /var/www/html
and the file that calls it is in
/var/www/html/classes
nevertheless, i'm getting the error:
Warning: main(../config.inc): failed to open stream: No such file or
directory in /var/www/html/classes/dBInsert.php on line 10
Warning: main(): Failed opening '../config.inc' for inclusion
(include_path='.:/usr/share/pear') in /var/www/html/classes/dBInsert.php
on line 10
The first thing that jumps out at me is that your error says it failed
to open ../config.inc, but you say the file is named config.inc.php.
Check your code to ensure that you have:
include_once('../config.inc.php');
and not:
include_once('../config.inc');
If config.inc.php is the correct file you want to include and you're
trying to include config.inc, then it obviously can't find it because it
doesn't exist. :-)
--
Ben Ramsey
http://benramsey.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Really strange / TYPO
On 10/4/06 9:14 PM, Deckard wrote:
It's a typo.
The file is really config.inc.php everywhere
Check the file permissions. Does the Webserver have permission to read
from the /var/www/html (it probably does, but it wouldn't hurt to
check)? Does the Web server have permission to read
/var/www/html/config.inc.php? Do you happen to have PHP running in
safe_mode? If so, is the owner of /var/www/html/classes/dBInsert.php the
same owner of /var/www/html/config.inc.php?
These are just the things I can think of off the top of my head that
would block your script from being able to include a file one directory
above it.
Ben Ramsey wrote:
On 10/4/06 8:32 PM, Deckard wrote:
Hi,
I have this line of code:
include_once('../config.inc.php');
I'm 100% sure that the file config.inc.php is a directory up.
config.inc.php is in /var/www/html
and the file that calls it is in
/var/www/html/classes
nevertheless, i'm getting the error:
Warning: main(../config.inc): failed to open stream: No such file or
directory in /var/www/html/classes/dBInsert.php on line 10
Warning: main(): Failed opening '../config.inc' for inclusion
(include_path='.:/usr/share/pear') in /var/www/html/classes/dBInsert.php
on line 10
The first thing that jumps out at me is that your error says it failed
to open ../config.inc, but you say the file is named config.inc.php.
Check your code to ensure that you have:
include_once('../config.inc.php');
and not:
include_once('../config.inc');
If config.inc.php is the correct file you want to include and you're
trying to include config.inc, then it obviously can't find it because it
doesn't exist. :-)
--
Ben Ramsey
http://benramsey.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] reading PDF's
Is it possible to read text from a PDF file with PHP? How? There may be a free one, or even an OpenSource one, but I've never heard of it, possibly because they'd have to pay a license to Adobe (Macromedia this week?) to be legal... Free (as in beer): http://sourceforge.net/projects/pdfcreator/ It's built on top of Ghostscript... which AFAIK does most of the heavy lifting. Several licensing options too. This doesn't appear to read text from a PDF but, rather, create the PDF from text. Another, easy way to create PDFs with PHP is to use PDML: http://pdml.sourceforge.net/ As for reading the text from a PDF, maybe there's some sort of OCR library for PHP out there, but I don't know about it. It'd be a great thing to see, though. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: date field
In PHP, you could do something like:
$updated = strtotime($db_result['updated']);
$one_year_ago = strtotime('-1 year');
if ($updated $one_year_ago) {
// updated date is older than a year ago
}
John Taylor-Johnston wrote:
I have a field 'updated' How can I tell if the date is older than 1 year
ago (or should I think of 365 days)?
`updated` date NOT NULL default '1999-12-12'
I've looked at: http://ca3.php.net/manual/en/function.getdate.php
Thanks,
John
--
Ben Ramsey
http://benramsey.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Catching all errors and redirecting
Thomas Hochstetter wrote: Is it possible to catch all parser errors (notices), and as that happens redirecting to a 'sorry-page-not-available-at-this-moment' page, whilst storing the error (or notice) message somewhere else (e.g. emailing it to the developer). See set_error_handler() http://www.php.net/set_error_handler -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP MySQL insert
Dan Baker wrote: You are looking for the addslashes function. It prepares data for database querys: Better yet, don't use addslashes(). Use the escaping function that is specific to the database you're using. In this case, it's mysql_real_escape_string(). This is much better than using addslashes() because it takes into account the current character set of the database connection. http://www.php.net/mysql_real_escape_string Also, you will need to use the removeslashes function when you get data from a query. If you properly store data to a database, you should never have to use the stripslashes() function. Using stripslashes() will remove slashes that were intended to be in the output. Hint: turn off magic_quotes_gpc. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: php cli script with if-then's very slow
Frans Fierens wrote: I've noticed that php cli scripts using for-loops with some if...then's are very slow using the php cli (command line interface). The following php script takes somewhat 100 seconds (php v5.0.3 on a redhat linux, 3 Ghz PC). The same program in c (see below) less than 1 second ... I know that php is a scripting language, but isn't the difference between de c compiled prog and de php script not very extreme ? The difference in the code isn't extreme, but the difference in the way it's processed is. C is compiled down to machine code and then executed at a later time. When you execute it, you are executing the compiled code that the machine natively understands. PHP, on the otherhand, is not compiled and has to be interpreted by the PHP engine each time it is run. This is, naturally, going to make it slower than C. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Custom session handling - bad or good idea?
GamblerZG wrote: I'm not speaking about session_set_save_handler, I'm considering writing session handler from scratch. Is it a bad idea? If so, why? I'm not going to say yes or no because I think it depends on your reasons, as someone else has already said, but I will point you to George Schlossnagle's _Advanced PHP Programming_ book. Take a look at pages 564 through 568. He talks about writing a custom session handler in C. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PHP MySQL insert
Alain Reguera Delgado wrote: you could try: 1. get all form variables into an array fine 2. validate values Good, but do this step as you put the values into a separate array, don't put all the values into the array first and then validate them later... make sure the input received is input expected and then save only the input to the array that passes the validation/filtering tests 3. convert all values into entities using htmlentities() Why do you want to do this before saving to the database? This step has absolutely no bearing on preparing the statement for insertion into a database. It won't protect against SQL injection. Also, you will never be able to do anything with this data other than use it for HTML output (unless you try to reverse the entities, which seems like an awful lot of work to me). It's best to save the raw data as entered and escape it (with htmlentities() or something else) ONLY on output. As I mentioned in my last post to this thread, the best way to escape a string for insertion into a database (and protect against SQL injection) is to use the escape function for the particular database -- mysql_real_escape_string() in this case. You should never use htmlentities() to escape data before saving it to a database. Do that only after you've pulled data from the database and are outputting it somewhere (like on a Web page). 4. build sql query (do some tests 'til get it right) 5. execute the built query (with proper db function) by now, commas aren't a problem, they are limited between sql query's quotes. If some quotes are inserted as value they are previously converted to its entities and do not break the sql query. This is why you use mysql_real_escape_string(), etc. -- not htmlentities(). as previously said in this thread, the problem is on quoting and maybe on converting the values to entities, to prevent some quote break the sql structure. You don't need to convert the values to HTML entities when saving to a database. That's not going to prevent this problem. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PHP MySQL insert
Please always reply to the list so that others can benefit from the exchange. As it happens, I'm not exactly very knowledgeable about character sets, so someone on the list may be able to offer more help with regard to the problem you're experiencing. -Ben areguera wrote: On 8/19/05, Ben Ramsey [EMAIL PROTECTED] wrote: Alain Reguera Delgado wrote: you could try: 1. get all form variables into an array fine 2. validate values Good, but do this step as you put the values into a separate array, don't put all the values into the array first and then validate them later... make sure the input received is input expected and then save only the input to the array that passes the validation/filtering tests yes .. that's much better .. :) 3. convert all values into entities using htmlentities() Why do you want to do this before saving to the database? Ben, I got some troubles when moving database from one server to another, all Latin characters disappear, and the info turns a mess. Thought for a moment a server's language configuration setting. I was wondering by days to take this way, I thought if someone else wants the application and occurs the same because his configuration is not like mine. Then that solution came to me. Felt no matter what version or configuration of mysql or other db is used or what latin char is inserted, the data always be there for the web, in the language it speaks. This step has absolutely no bearing on preparing the statement for insertion into a database. It won't protect against SQL injection. Also, you will never be able to do anything with this data other than use it for HTML output (unless you try to reverse the entities, which seems like an awful lot of work to me). yes, I don't like either...its not flexible. It's best to save the raw data as entered and escape it (with htmlentities() or something else) ONLY on output. that was the first way I used to go... but after that problem, I am not sure As I mentioned in my last post to this thread, the best way to escape a string for insertion into a database (and protect against SQL injection) is to use the escape function for the particular database -- mysql_real_escape_string() in this case. You should never use htmlentities() to escape data before saving it to a database. Do that only after you've pulled data from the database and are outputting it somewhere (like on a Web page). 4. build sql query (do some tests 'til get it right) 5. execute the built query (with proper db function) by now, commas aren't a problem, they are limited between sql query's quotes. If some quotes are inserted as value they are previously converted to its entities and do not break the sql query. This is why you use mysql_real_escape_string(), etc. -- not htmlentities(). as previously said in this thread, the problem is on quoting and maybe on converting the values to entities, to prevent some quote break the sql structure. You don't need to convert the values to HTML entities when saving to a database. That's not going to prevent this problem. could you suggest something about Latin characters and portability?. Thanks for your time Ben. I am new in the list and in php too. Thanks for your answers. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Deadlock with session handling code?
The following message is from a co-worker. I'm passing it along as a favor. Any help would be greatly appreciated since we're both somewhat stuck with no clue how to proceed with this. Thanks, Ben Ramsey I'm having a major problem with my PHP scripts getting stuck on one of our production servers. The system runs normally for a while, but after some time, certain httpd processed get wedged. This causes the server to spawn more httpd processes, but those eventually get stuck too, and the whole mess shuts down once we reach MaxServers. Without knowing too much about PHP, this appears to be related to some sort of deadlock in the session handling code. The problem seems to occur regardless of which script is being used, but I admittedly cannot figure out how to reproduce it. It only seems to occur when the system gets under heavy load, though. (The Red Cross linked to our site this morning to help collect volunteers for the hurricane relief effort, and that caused the server to die in short order. :-( ) We're using Apache 2.0.46-RH (prefork MPM) and PHP 4.3.2 (RedHat pl23). Unfortunately, we are running in a managed hosting environment, so we cannot easily change Apache or PHP versions. I was able to attach a GDB process to one of the running Apaches, and I found the following stack trace. Unfortunately, it couldn't figure out how to find the symbols (see above comment about the managed hosting environment), but there were a few useful tidbits: (gdb) bt #0 0x0042b291 in flock () from /lib/tls/libc.so.6 #1 0x010c23de in zm_info_session () from /etc/httpd/modules/libphp4.so #2 0x0002 in ?? () #3 0x0180 in ?? () #4 0x094919cc in ?? () #5 0x09273220 in ?? () #6 0xbfffa5a4 in ?? () #7 0xbfffa594 in ?? () #8 0xbfffa110 in ?? () #9 0x094107f4 in ?? () #10 0x093f32cf in ?? () #11 0x0001 in ?? () #12 0xbfffa120 in ?? () #13 0x706d742f in ?? () #14 0x7365732f in ?? () #15 0x32645f73 in ?? () #16 0x63393966 in ?? () #17 0x62393063 in ?? () #18 0x37663530 in ?? () #19 0x38643466 in ?? () #20 0x34353166 in ?? () #21 0x32366630 in ?? () #22 0x33663961 in ?? () #23 0x3965 in ?? () #24 0x011f9003 in ?? () from /etc/httpd/modules/libphp4.so #25 0xb5650760 in ?? () #26 0xb5650758 in ?? () #27 0xbfffa198 in ?? () #28 0xbfffa594 in ?? () #29 0x in ?? () I poked around in the PHP code until I found the zm_info_session function in the session handler. I didn't see how that function could be related, but I noticed an associated flock() call in the files module. On that hunch, I then decided to see what I could find with lsof: /usr/sbin/lsof | sort -k 9 | grep sess httpd 15498 apache 81uW REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 httpd 15594 apache 81u REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 httpd 15728 apache 81u REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 httpd 15934 apache 81u REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 httpd 15955 apache 81u REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 httpd 15957 apache 81u REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 httpd 15959 apache 81u REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 httpd 15982 apache 81u REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 httpd 16071 apache 81u REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 httpd 16072 apache 81u REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 [... many, many httpd processes later ...] httpd 16368 apache 81u REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 httpd 16372 apache 81u REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 httpd 16373 apache 81u REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 httpd 16375 apache 81u REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 httpd 16376 apache 81u REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 Aha! The 81uW appears to tell us that PID 15498 has an exclusive write lock on the entire file, and that the other httpd processes have read or write locks of some length. All of these processes *stayed* in this state for a very long time. As an experiment, I tried killing PID 15498, but it just moved the W lock to some other process within the group, per lsof. Nonetheless, it seemed like all of the processes were waiting for something. In one other case, later in the day, I found a situation where the processes also seemed to be in the same state. It hadn't gotten to the point where it killed the machine, but I saw a bunch of httpd's running and trying to access the same
[PHP] Re: Parsing MS-WORD docs
zzapper wrote: On Wed, September 7, 2005 7:39 am, Shafiq Rehman wrote: Hello, I want to parse the .doc files with PHP. Anybody have some idea regarding this problem. Your help regarding this matter is really appreciated Also consider antiword And also: wvWare: http://wvware.sourceforge.net/ Word2x: http://word2x.sourceforge.net/ -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Pear DB and memcached
On 6/6/06 9:55 AM, Ruben Rubio Rey wrote: Im having a trouble using memcached with pear db. When im using memcache to store and retrieve an string, all works fine. When Im using memcache to store a pear db resulset, it does not work!! This retrieves data but pear::db does not understand it. I really dont know This is because $db-query returns a resource, which is a reference to the data and not the data itself. For example, let's say you're using the MySQL driver for PEAR::DB, then when you call $db-query(), it uses mysql_query(). This function will return a resource. When you store the resource to the memcache server and then later retrieve it, it no longer maintains its reference to the data. If you want to store the data to the cache, I suggest you use getAll() to retrieve an array of data and then store that to the memcache server: $db-setFetchMode(DB_FETCHMODE_ASSOC); $data = $db-getAll($sSQL); memcache_set($MEMCACHE_STR, MD5($sSQL), $data, 0, 10); Now, your result set is stored properly on the memcache server. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: running php method in the background
On 6/8/06 10:10 AM, Nic Appleby wrote: I have a php web script which communicates with a server using sockets. There is a method in which the client listens for messages from the server, and this blocks the client. I need a way to 'fork' a process or to get this method to run in the background so that i can process user input while not interrupting the protocol. Have you looked at pcntl_fork()? http://www.php.net/pcntl-fork -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] GET, POST, REQUEST
On 6/17/06 9:30 AM, David Tulloh wrote:
Martin Marques wrote:
Yesterday when reading some doc on PHP I noticed the $_REQUEST
predefined array, which looked like a solution to having to check in GET
and POST data (I'm not sure if it will really have an impact on my
program yet).
Yes, request is simply a merge of these arrays. It can be very useful
and tends to be rather under used in PHP examples.
Using $_REQUEST is similar to using register_globals. You simply cannot
trust the origin of the data. It's possible that a variable by the name
of foo exists as a cookie, POST value, and GET value. If you use
$_REQUEST, you cannot be assured that the value you are getting is from
the scope you intend to retrieve it.
Consider the following script:
?php
setcookie('foo', 'cookie');
?
form method=POST action=?php echo $_SERVER['SCRIPT_NAME']; ??foo=get
input type=text name=foo value=post /
input type=submit /
/form
pre
?php
var_dump($_REQUEST);
var_dump($_GET);
var_dump($_POST);
var_dump($_COOKIE);
?
/pre
Save this to a PHP file, access it through a Web browser, and click on
the Submit button. You'll see four different arrays that output the
$_REQUEST, $_GET, $_POST, and $_COOKIE values. The problem is that the
$_REQUEST array contains only one value for foo, but we know it exists
in all scopes with different values.
A user that knows this can make use of this knowledge to add a GET
variable to the query string, add a cookie header to the request, or
spoof the form with other values in POST than you intend.
So, there are two things you must do here: 1) always check the origin of
your data (don't use $_REQUEST, even if it seems convenient), and 2)
always check that the input received is input expected (filter the input).
--
Ben Ramsey
http://benramsey.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] GET, POST, REQUEST
On 6/17/06 3:07 PM, Anthony Ettinger wrote: it's more like painting the color of your front door, but still leaving it unlocked. It doesn't change the fact that people can still open the door. every input field needs to be validated regardless of get vs. post. the web developer toolbar for firefox can easily convert all form fields to one or the other, so it's trivial to send a get request as post, and vice-versa. Which is why, if you read the last paragraph of my post, it said that there are two things you must do: 1) always check the origin of the input and 2) always filter (validate) the input. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] GET, POST, REQUEST
On 6/17/06 5:25 PM, Martin Marques wrote: I know user input shouldn't be trusted. What I want to know is IF and WHY $_REQUEST should be more untrusted then $_POST or $_GET. It's untrusted because you know the data comes from a request. It's more untrusted than GET, POST, or COOKIE because you can't tell the scope of the data. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] GET, POST, REQUEST
On 6/17/06 5:34 PM, Satyam wrote: Your application might require that flexibility or accepting data via POST or GET, in which case, it is just fine. Contrary to another post I've read, there is nothing good of register_globals, that is why it is now defaulted to off and kept for compatibility, though highly discouraged. There is nothing intrinsically wrong with $_REQUEST, it is slightly more vulnerable than differentiating POSTs from GETs, but it is not the worst you can do I never said there was anything good about register_globals. In fact, I was implying that it was bad. With register_globals, you can't tell whether the variable $foo is local, global, from POST, from GET, from COOKIE, etc. I compared $_REQUEST to register_globals because it behaves similarly: you still don't know whether $_REQUEST['foo'] comes from POST, GET, or COOKIE. The good thing is that you at least know it comes from an HTTP request, so you know not to trust anything from it. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Session's across Domains...
On 11/8/05 7:50 PM, Tony Di Croce wrote: I have a server with a few virtual hosts. All of my scripts use session_start(), and $_SESSION[] to share data between invocations of different scripts. The problem I'm having is that if a form on site A submits to a script on site B the values stashed in $_SESSION[] appear to be lost... Should this work? If not, then what alternatives exist? I suppose I could pass the session id as a POST argument to the site B script (and theirs probably a method in PHP that given a session_id() makes available all of that sessions $_SESSION[] variables) but is that the best way? This won't work due to obvious security reasons. A session cannot be shared across two domains, nor can cookies (though cookies can be shared across subdomains of the same domain). I think the approach here will need to err on the site of caution. You don't want to pass the session identifier through the URL (or POST) too much because it risks exposure and the possibility for session hijacking, though it should be possible to do this and grab the session information for the session id from the directory where sessions are stored (often times this is in /tmp). I would advise against this for reasons I've already mentioned. Instead, as I said, err on the side of caution here by annoying your users just a little bit. Here's what I mean: the multiple virtual hosts can share the same authentication/user profile database. Thus, users can log into each individual host and access the same profile. So, you'll need to authenticate the user when they visit a new host. This may be a decrease in usability, but it's an increase in security. For more information about sessions, read the manual: http://www.php.net/session -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Session's across Domains...
On 11/8/05 9:32 PM, Richard Lynch wrote: Call me crazy, but the session_id is already going in/out through Cookie headers. So, really, it's not THAT much less secure for it to go in POST, and only nominally less secure to go in GET, is it?... Okay, you're crazy. ;-) j/k [Hey, Richard!] Yeah, it's going out through the Cookie headers, so a POST (in this case would be no less secure than sending it through the Cookie). A sniffer is a sniffer is a sniffer, as they say--or something like that. I was thinking more of a GET request to the other domain, which would require passing the session id through the querystring. Like you said, it's probably nominally less secure, but there's more chance for exposure. With Cookie and POST, the attacker would basically need to sniff for the person's session id in order to hijack it, but when you pass the session id through the querystring, users are prone to bookmark the page, send the link to friends, post the link to a Web site, etc., all the while exposing their session, and, in essence, forcing every user to use their session. This actually performs two kinds of attacks: session fixation and session hijacking. It's fixation because the user is forcing everyone to use the same session ID (even though they don't know they're doing this) and it can lead to session hijacking by people who know what's going on. There are ways to prevent this, such as always requiring authentication (by logging in) before performing a sensitive action and always generating a new session ID when a user logs in, but I think it's just as important to mitigate these types of attacks by reducing the exposure of the session ID as much as possible. Now, even on the other domain (domain B), it becomes difficult to know for sure that the user using the session is the proper user (from domain A). Sure, you can check the IP and an assortment of the headers the browser sends to get an idea about whether the user is the same one from the session on domain A, but I think it just makes sense to force the user to authenticate themselves again (assuming that we're talking about authenticated users). This ensures that the user using that session is the proper user, but, at this point, we can just create another session for domain B and not even worry about sharing the session. I guess some kind of cross-site scripting hack might read HTML but not Cookies, though, really, you'd think most XSS hacks would focus on cookies at least as much as HTML source... There is some argument in favor of not sending/getting the session_id back and forth AS MUCH just to give it a more fleeting existence on the wire for snoopers, but the difference between COOKIE/POST/GET data integrity/security from snooping seems negligible to this naive user. Maybe this is just a knee-jerk reaction to all the mis-information about POST being more secure than GET that floats all over the 'net. :-) Indeed, neither are secure, but GET increases the risk of exposure. [Hi Ben!] -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Register Globals
On 11/8/05 10:20 PM, Richard Lynch wrote:
I change this line to:
mail($to, stripslashes($_POST[subject]), wordwrap($_POST[message],
60), From: $_POST[from]\r\n);
From: $_POST[from]\r\n
No quotes.
No apostrophes.
Nothin but index.
You can also use curly braces:
From: {$_POST[from]}\r\n
--
Ben Ramsey
http://benramsey.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Session's across Domains...
On 11/8/05 10:27 PM, Tony Di Croce wrote: The sites are both physically located on the same machine. What if I encrypt the session_id, and put it in a hidden text input box in a form, that is delivered via POST to the other site. This way, the session id is passed, but it is encrypted? To me, it's not a question of whether the sites are physically located on the same machine, and it's not a question of encrypting the session id. Anyone who even knows the encrypted session id could then POST it to the form in a replay attack, authenticating themselves as the intended user. Also, hidden form fields aren't really hidden. For me, it's a question of practice. I would not attempt to share a session across to different domains. Even large sites (such as Yahoo) don't seem to do this. Yahoo appears to maintain sessions across its subdomains, and, for this reason, all Yahoo images are served from a completely separate domain (yimg.com). None of the images served from yimg.com contain the cookie headers associated with yahoo.com (and, thus, they are not associated with any user sessions). There are two reasons (I know of) for doing this: 1) bandwidth (less data passing across the HTTP headers), and 2) it prevents CSRF attacks on Yahoo user accounts that could occur by attackers serving images from a yahoo.com domain on other sites. I do know that Yahoo owns Flickr now, and I know that you are able to log into Flickr with your Yahoo account, but you cannot log into Yahoo! Mail and then go to Flickr and expect to be logged in. You must also authenticate yourself with Flickr. Now, you may notice and be tempted to point out that, when you authenticate yourself on Flickr with your Yahoo id, you are doing so from login.yahoo.com. This may be so, but Yahoo then passes some long obfuscated hash back to Flickr, where, I believe, Flickr is actually setting the session rather than sharing a session from Yahoo (someone else may correct me on this). This hash, however, is none other than a base64 encoded string that can be decoded like so: echo urldecode(base64_decode($var)); This does not, however, include your password information, or, if it does, it's even more securely encrypted in the values that you see when you decode it (as shown above). Neverthess, I could potentially (if I were stupid) paste the full Flickr URL to which Yahoo redirects me here and everyone of you would have immediate access to my Flickr account. Thankfully, it all happens in the background, so the normal user would never see this URL in their browser--it's all part of the HTTP Location headers redirecting them around. (Still not wholly secure, as I was able to see it and grab it, but it's more secure than exposing the URL to the user in the browser.) Still, I don't think Flickr is sharing the Yahoo session; it is, however, sharing the database information, I imagine. So, I say all that to say this: I just don't think it's a good practice to share sessions across two different domains. If you must share profile information, then (in my opinion) require authentication and a separate session on the second domain. Otherwise, use a subdomain to share sessions. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Type of form element
On 11/8/05 11:38 PM, Richard Lynch wrote: If you want to stuff NULL into something, and then use is_null() that makes sense. If you want to stuff NULL in there, and then use isset(), I'm not quite sure why you'd put NULL in there in the first place, but I don't rightly know what I'd expect isset() to return. Same for $a or $myarray['a'] I know this is off-topic for this thread, but just as I see isset() misused (as in this case), I often see empty() misused. For example, when using empty(), the following all return TRUE: $a = 0; $b = NULL; $c = FALSE; $d = 0; var_dump(empty($a)); var_dump(empty($b)); var_dump(empty($c)); var_dump(empty($d)); But, hey, is the value of the variable really empty (especially for $a and $d)? Likewise, if you're encountering a NULL value in a variable and you're checking it with isset(), then you need to consider why you're even getting a NULL value? You should filter your variables before you use them--even variables coming from $_SERVER. Remember, $_SERVER variables can be overwritten: $_SERVER['SERVER_NAME'] = 'Howdy Doody'; echo $_SERVER['SERVER_NAME']; So, make sure they're what you expect them to be. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Type of form element
On 11/8/05 11:52 PM, Ben Ramsey wrote: I know this is off-topic for this thread, but just as I see isset() misused (as in this case), I often see empty() misused. For example, when using empty(), the following all return TRUE: On second thought, misused is the wrong word. I mean misunderstood. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Session's across Domains...
On 11/8/05 11:52 PM, Chris Shiflett wrote: When I've provided this feature in the past, I've always taken advantage of launch and landing pages - e.g., users could only get to the other domain and still be logged in if they clicked a link from my application, and those links all go through a launch page. This page takes care of generating whatever data I plan to send to the remote domain (including the URL that the user wants to visit) and redirecting the user to the landing page at that domain. With servers synchronized with ntpd, this lets you close the window of opportunity down to just a few seconds, strengthening the technique. I spoke to Chris a little further about this last night (so I'm crediting him with this), and I've noticed he hasn't responded, so I'm doing so. He said that, since the domains are on the same machine, it's relatively easy for them to share the same session id (something I wasn't disputing), and he offered a solution to mitigate exposure of the session id: a temporary token. Instead of passing the session id, create a randomly generated session token that is only valid for, say, 2 to 5 minutes. On the server, you can specify to which session the token corresponds, but you never reveal this to the client. You only reveal the token. Since it's only valid for a very small window of time, then, even if it is sniffed or appended to a URL (like in the linking examples I was giving), it won't allow others to use it to log in because it will have already expired. This alleviates the exposure issues I was discussing. Hope this helps. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using the echo tag...
On 11/9/05 9:45 AM, Paul Williams wrote:
?php
print EOF
HTML
$_SERVER['PHP_SELF']
/HTML
EOF;
?
Try it with curly braces:
?php
print EOF
HTML
{$_SERVER['PHP_SELF']}
/HTML
EOF;
?
--
Ben Ramsey
http://benramsey.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using the echo tag...
On 11/9/05 9:51 AM, Paul Williams wrote: Alright cool that one worked. Do I have to include the curly braces in all calls to variables or just the superglobals? It's not a superglobal issue; it's an array issue -- or, rather, it's an issue with using quotation marks. You could have also done it this way: ?php print EOF HTML $_SERVER[PHP_SELF] /HTML EOF; ? Personally, I put curly braces around all interpolated variables because it makes it easier for me to read and see the variables, but this is really up to user preference. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using the echo tag...
On 11/9/05 10:03 AM, Paul Williams wrote: So would it be acceptable if I used curly braces on all variables (whether superglobals or not) in a here document? Yes. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Session's across Domains...
I'm posting this back to the list to keep the conversation there. I hope you don't mind. My comments are at the bottom . . . On 11/9/05 10:10 AM, Tony Di Croce wrote: The reason I even wanted to do this had more to do with sharing some data between two sites, and less with really maintaining a login. It occured to me that I need not share sessions at all. Instead, all of the data B needs could simply be encrypted by A and sent in a post field. Now, this does bring up the problem that someone could sniff this packet, capture this encrypted packet, and use it to authenticate themselves on B. They never had to decrypt it, just capture from A, and send to B at their leisure... Let me give some background here on exactly what I'm doing, as it may clear things up a bit. B is a secure page, with a CC info form that when submitted will process their card, charging the amount of money passed in the encrypted packet, and if the charge succeeds, redirecting back to A. A would probably need to send an order number to B, and B could pass that back to A upon success or failure. All of this is to get around the Apache limitation of allowing only one virtual host to use SSL. Anyhow, B could keep track of all of the order numbers it was sent by A, and if it was re-sent a duplicate could simply deny the whole transaction. Thus, if someone sniffed my encrypted data burrito, and attempted to re-use it to gain access to B, they would fail, since B will only allow that burrito ONCE. Perhaps these order numbers could be GUID's. How does this sound? I think someone else here could probably offer some better advice, but here's what I would do. I would definitely use SSL when dealing with CC data, but I don't think there's an Apache limitation that restricts the use of SSL to one host. There is a limitation that restricts the use of an SSL certificate to one host, so, if you had two certificates, both hosts could use SSL sockets, but I don't think that's what you need here. (You could still use the same certificate across multiple hosts, but then the user is going to be prompted in the browser whether or no to allow the certificate to be used, and this is generally not a good idea.) What you need to do is ensure that your FORM action on domain A (the unsecured domain) is POSTing to https://domain-b.org. Note the usage of HTTPS. This will ensure that the data is sent along the secure channel and not in clear text. You don't need to perform any encryption, since SSL takes care of that for you. Then, B could simply redirect back to A after processing the order and pass the order number through the query string (since it's probably not very sensitive). Does this answer your question? And, yeah, denying used order numbers would be a good idea. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Session's across Domains...
On 11/9/05 11:05 AM, Tony Di Croce wrote: If the shopping cart on site A submits to the secure CC processing page on site B, then the contextual data that describes the order (price, order number) was actually communicated from A to B via a hop at the users browser (likely via a hidden form field on site A). Thus it would need to be encrypted and urlencoded (otherwise anyone could hit View Source and see it all in plain text). Is the price and order number sensitive enough to encrypt? Like we've already discussed, the order number will be considered invalid once it's been processed, so any subsequent attempts to use the order number will result in a failed transaction. If the order number includes sensitive information, however (such as the full credit card number or something), then you should rethink how you create your order numbers. You also don't need to urlencode anything in a form field. When you submit the form, the browser handles the urlencoding for you. (If you were POSTing from a script, then, yes, you might need to urlencode it.) As for the other question about POSTing on a redirect, it is possible through several different means, and if this is a route you want to take, I would suggest looking at PEAR::HTTP_Request, since it provides an easy to use API for this. I, however, don't think you'll need to do this (at least it doesn't sound like something that's necessary given what I know about your form). -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] java .vs php
On 11/9/05 11:58 AM, Rosty Kerei wrote: Yahoo gets 3.4 billion page views per day. That serious enough for you? I can't believe that Yahoo! works on PHP. Any proofs? As I know they use their own-written engine, if I'm correct it's called yScript. Am I right? Try here for your proof: http://public.yahoo.com/~radwin/talks/php-at-yahoo-zend2005.pdf -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Unable to send variables to MySQL table
On 11/9/05 2:15 PM, Stewart Priest wrote:
?php
// this opens the connection to the db
include 'library/opendb.php';
// this adds detals to the invoice table
$item1_desc = $_REQUEST['item1_desc'];
$item2_desc = $_REQUEST['item2_desc'];
$item3_desc = $_REQUEST['item3_desc'];
$item4_desc = $_REQUEST['item4_desc'];
$item1_cost = $_REQUEST['item1_cost'];
$item2_cost = $_REQUEST['item2_cost'];
$item3_cost = $_REQUEST['item3_cost'];
$item4_cost = $_REQUEST['item4_cost'];
$delivery_cost = $_REQUEST['delivery_cost'];
$add_to_db = insert into invoices (item1_desc, item1_cost, item2_desc, item2_cost,
item3_desc, item3_cost, item4_desc, item4_cost, delivery_cost) values ('$item1_desc',
'$item1_cost', '$item2_desc', '$item2_cost', '$item3_desc', '$item3_cost', '$item4_desc',
'$item4_cost', '$delivery_cost');
mysql_query($add_to_db);
?
Comment out the mysql_query() line and just echo $add_to_db. Then take
the echoed line and try to run it against the database. Does it still
work, then?
--
Ben Ramsey
http://benramsey.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Select and $_POST
On 11/9/05 6:21 PM, Ross wrote:
What is the correct syntax for
$query = SELECT * FROM login where username='$_POST['username']' AND pass
='$_POST['pass']';
Thought this would work.
R.
The correct syntax in this case is actually:
$query = SELECT * FROM login where username='{$_POST['username']}' AND
pass='{$_POST['pass']}';
Note the curly braces.
BUT! Never do this!
For example, consider if someone typed in their username like this:
foo' AND 1=1 --
The -- in most database engines starts a comment, so the query would
end up being:
SELECT * FROM login where username='foo' AND 1=1 --' AND pass=''
Everything after the -- is ignored. There doesn't have to be a user
named foo because 1 will always equal 1, so the user is instantly
logged in.
Instead, filter your input (data received) and escape your output (in
this case, data going to the database), and try something like this:
?php
$clean = array();
$sql = array();
if (ctype_alnum($_POST['username']))
{
$clean['username'] = $_POST['username'];
}
if (ctype_alnum($_POST['pass']))
{
$clean['pass'] = $_POST['pass'];
}
if (isset($clean['username']))
{
$sql['username'] = mysql_real_escape_string($clean['username']);
}
if (isset($clean['pass']))
{
$sql['pass'] = mysql_real_escape_string($clean['pass']);
}
$query = SELECT * FROM login where username='{$sql['username']}' AND
pass='{$sql['pass']}';
?
Everything in $_POST should be treated as tainted data. Everything in
$clean can be treated as valid and untainted. This ensures that the
username and password received only contain values that you expect. You
can modify the filtering to suit your needs. Then, it ensures that data
sent to the database in the SQL statement is always escaped so that it
doesn't try to do something it shouldn't.
This, of course, assumes you're using MySQL, but there are other
escaping functions for other databases. Just look in the PHP manual.
--
Ben Ramsey
http://benramsey.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Richard Lynch's Email Address ...
On 11/9/05 7:20 PM, GamblerZG wrote: James Benson wrote: Would it not be better something like valid_email() email_validate()? Anyway, I agree that PHP needs such function. Check out http://pecl.php.net/package/filter ?php $clean['email'] = input_get(INPUT_POST, 'email', FL_EMAIL); ? I've been playing around with this for a while, and it should be noted that it's still in beta and should not be used in a production environment, but it's a promising step. The e-mail regex that's used isn't perfect, and it won't support RFC-compliant addresses, but I hope to put a little bit of work into it to help out with this. In the meantime, check out PEAR::Mail, which includes Mail_RFC822 that can be used to validate e-mail addresses. Also, if your PHP is compiled --with-imap, then you can use imap_rfc822_parse_adrlist() to validate e-mail addresses. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Select and $_POST
On 11/10/05 4:48 PM, Richard Lynch wrote: Here's an idea... Quite possibly half-baked. Suppose PHP had a superglobal $_CLEAN which was an empty array. Further suppose it was documented in the manual as *the* place to put your scrubbed data. This rather small and hopefully inexpensive change (in terms of PHP Dev/Docs team work) would quite possibly improve scripts by newbies, simply by nudging them in the proper direction, because it would be a documented feature, and it would have all the nifty cross-links in the manual and all that. It would also help to keep code cleaner to have $_CLEAN be a superglobal rather than just something I made up and have to declare as global all the time. Comments? Suggestions? Derogatory remarks? There is an Input Filter PECL extension that's still in beta, and I think it's a good step, though I'm not so sure about some of the sanitizing it performs. It doesn't offer the superglobal you're suggesting, but it probably wouldn't be too difficult to put it in there. The only issue I see with building in a superglobal to the language (or this extension) is that it doesn't force the user to instantiate the empty array at the top of the script. This could make for a lazy developer, and, if s/he's not careful, anyone running the application on a machine in which register_globals is turned on would run the risk of having a potentially tainted $_CLEAN array, which defeats the purpose of the clean array altogether. The point is that the developer should be able to trust the data in $clean. If PHP had a taint mode and didn't have register_globals, then we'd be making some progress. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Filtering and Escaping (Was: Select and $_POST)
On 11/14/05 3:38 PM, Richard Lynch wrote: Perhaps one should use: $_ICLEAN $_OCLEAN for Input and Output. $kosher = '/[^A-Za-z0-9\\',\\.-]/'; $_ICLEAN['first_name'] = preg_replace($kosher, '', $_GET['first_name']; /* more code */ $_OCLEAN['first_name'] = htmlentities($_ICLEAN['first_name']); echo p$_OCLEAN[first_name] is way smarter than me./p\n; If you had anything other than $_OCLEAN in an echo and friends, then you would know you were screwing up. I don't like $_OCLEAN primarily because I like Chris's suggestion of using an output array that is named according to where the data is going, so $url, $sql, $html, etc. But, with that in mind, it wouldn't be too hard to use $_OCLEAN['url'], $_OCLEAN['sql'], and $_OCLEAN['html'] as arrays within the $_OCLEAN array. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: pcntl_fork doesn't work
John Davin wrote: The manual says pcntl is present in php = 4.1.0. I have 4.3.10, just the standard installation included on fedora core 3. Why wouldn't pcntl be working? Is there any other way for me to fork a process or thread? Take a look at http://www.php.net/pcntl. If you're using the standard installation of PHP on FC3, then it won't have pcntl enabled with --enable-pcntl because it's not enabled by default. You will have to recompiled PHP with this feature. -- Ben Ramsey Zend Certified Engineer http://benramsey.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: pcntl_fork doesn't work
John Davin wrote: Isn't there any other way to fork a process? PHP doesn't have thread support? Why isn't pcntl enabled by default? Surely the Windows compatibility isn't an issue, because pcntl could default to enabled in linux but disabled in windows. I'll tell you what I'm trying to do, in case there's another way to do it: I have a logging script which does a gethostbyaddr to obtain the hostname of the visitor to my site. But gethostbyaddr can take long or time out on some IP's, so I want to fork it so that the original script can terminate and not prevent the webpage from loading. I could run a background job which periodically does the gethostbyaddr on the IP's stored on disk, but that's sort of a hack, and is more complicated than if I could fork. Sounds like passthru() might do what you want http://us3.php.net/passthru. Take a look at that manual page and read the first note about leaving the program running in the background. -- Ben Ramsey Zend Certified Engineer http://benramsey.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: mail problem at interland
David Edwards wrote: Hi, I have a fairly simple script written that uses the mail() function on a client site hosted at Interland. I have used a similar script quite a few times before with no problem. However although the script generates no errors, no emails appear at their intended destination. Interland support has not been that helpful and they did suggest I try the '-f' option in the header. That did not work either. Has anyone seen this before, I am running out of ideas. The mail portion of the script is below: $headers .= MIME-Version: 1.0\n; $headers .= Content-type: text/plain; charset=iso-8859-1\n; $headers .= X-Priority: 1\n; $headers .= X-MSMail-Priority: High\n; $headers .= X-Mailer: php\n; $headers .= From: $emailfrom\n; $mailsent = mail($emailto, $subject, $msg, $headers,-f . $emailfrom); Any help would be MUCH appreciated. If you haven't solved this yet, try sending it via SMTP instead of using mail(). This will require that you send it by first logging into a valid e-mail account and sending it through a socket. PEAR::Mail http://pear.php.net/package/Mail can do all this for you. Take a look at the documentation here: http://pear.php.net/manual/en/package.mail.mail.intro.php. -- Ben Ramsey Zend Certified Engineer http://benramsey.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: php rich text editors
DuSTiN KRySaK wrote: Can anyone refer me to anything that will work with PHP? Just need it for a blog type application. FCKEditor works well, has a PHP version, and is cross-browser: http://www.fckeditor.net/ -- Ben Ramsey Zend Certified Engineer http://benramsey.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: shared library in php
Angelo Ayres Camargo wrote: Hello, I have a shared library and i would like very much to use it in php. Do i have to do anything or i can just dl it and use? Angelo Without knowing what the shared library is that you're trying to use, there's not much I can say. It may be that PECL already has the extension you're looking for. If it's a library you created and you want to use it as a PHP extension, take a look at the PHP manual, particularly the section on creating extensions: http://www.php.net/manual/en/zend.creating.php -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Can't Delete File Using Unlink
Ahmed Abdel-Aliem wrote: i have a problem with deleting files, i use windows XP and installed on it apache server PHP 5.1 i use unlink($file) to delete files but it doesn't work while it works fine on my webhosting which is on linux machine is there another function to use to delete files under windows instead of link ?? The webserver needs to have permission to modify the file that you are trying to delete. Check the file and directory permissions by right-clicking the directory and going to properties. You will probably need to give the user that controls apache either full or modify permissions to the Web directory. In general, permission settings under Windows suck. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Can't Delete File Using Unlink
Ahmed Abdel-Aliem wrote: On Apr 11, 2005 8:28 PM, Ben Ramsey [EMAIL PROTECTED] wrote: Ahmed Abdel-Aliem wrote: i have a problem with deleting files, i use windows XP and installed on it apache server PHP 5.1 i use unlink($file) to delete files but it doesn't work while it works fine on my webhosting which is on linux machine is there another function to use to delete files under windows instead of link ?? The webserver needs to have permission to modify the file that you are trying to delete. Check the file and directory permissions by right-clicking the directory and going to properties. You will probably need to give the user that controls apache either full or modify permissions to the Web directory. In general, permission settings under Windows suck. i tried that, when a file is being uploaded it becomes read-only, so it can't be deleted, how can i make it not read-only by default ? Can you post the code you're using to upload and save the file to the Web server? -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Can't Delete File Using Unlink
Ahmed Abdel-Aliem wrote: chmod(files/.$this-File_Name, 777); I'm not really sure how chmod() works on Windows. Someone else here may be able to answer that. However, I do know that chmod() expects an octal as the second argument, so you must prefix that 777 with a 0. It should be: chmod(files/.$this-File_Name, 0777); See here for more info: http://us2.php.net/chmod Like I said, I'm not sure whether this is the cause of the problem, but give it a shot and see what happens. :-) -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Can't Delete File Using Unlink
John Nichel wrote: b) Paths in the MS world are with the backslash (\) and not the forward slash (/) Windows NT onward (XP, 2003, etc.) should understand both the forward slash and the backslash in a file path. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Is the syntax correct?
Labunski wrote:
Is the syntax correct? (in connection with $order) :
Nope. You need some semicolons (;). So, these would become:
$order = DESC;
$order = ASC;
switch ($page) {
case news:
$order = DESC
break;
case articles:
$order = ASC
break;
}
mysql_query( SELECT * FROM data ORDER BY id $order );
The rest of it looks fine to me.
--
Ben Ramsey
http://benramsey.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] shared library in php
Josip Dzolonga wrote: If you have NONE of those, you probably are trying to violate some kind of license. Don't do that. :-v Do not pay, to some reverse engineering :-) s/to/do , damn keyboard :) Which is obviously illegal if the shared library has a license that states he cannot do that. We don't want to promote illegal activities on this mailing list. :-) -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Script Needed
The script should be easy enough to create on your own. Just check the documentation on the mail() function at php.net. -Ben Eric Belardo wrote: Good evening all, I am designing a website were different users will be posting their portfolios and I am seeking a PHP Contact form script that will email JUST the person on the profile and the profiled person's email will remain anonymous. Does anyone know if this script exists?? Eric Belardo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Installing PHP on IIS6 Windows 2003
I'm suffering from installing PHP on IIS 6.0, Windows 2003 Web Edition Server. Any how-to ? or anyone how can write the instructions how to do it exactly ? I found a helpful guide to installing PHP on IIS 6.0 (Win2003). Browse to http://www.php.net/manual/en/installation.php . Look in the User Contributed Notes portion at the bottom of the page, and find the note that begins with Installing PHP 4.2.2 on Microsoft Windows .NET Server The installation tips provided will work for every version of PHP that I know of. I used the tips to install PHP 5.0b3 on a Win2003 server and it worked just fine. You'll need to download the zip package on the downloads page to follow these steps -- http://www.php.net/downloads.php -Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: create_function() and anonymous methods
Is it possible to use create_function() to define anonymous methods (like in Java) ? I'm not exactly sure what an anonymous method is, but I do know that PHP 5.0 Beta 3 offers a new object model that includes abstract classes and methods, which may be something you will want to take a look at. You may read up on this at http://www.php.net/zend-engine-2.php -Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Junk Mail from this List?
I'm using Mozilla Thunderbird 0.7 to view and post to this news group, so I don't know if that has anything to do with this, but, after just posting a few messages to the list, I've received a bunch of what I consider spam to my e-mail address. The spam doesn't consist of advertisements but of acknowledgements of receiving my inquiries or support requests. The addresses responding to me (or to undisclosed recipients) include: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] I have not sent any other messages from this e-mail address or used it to sign up for anything else (I just created the address, actually). So, I assume that these messages are some sort of bouncebacks from my posts. Has anyone else experienced a similar problem, and is there a way to stop this other than marking these as spam in Thunderbird? -Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Variables
AH How do you insert a php variable into a javascript function?
AH function redirect(?php $MyVar ?) { location = ?php $MyVar ?; }
function redirect (?=$MyVar?) { location = ?=$MyVar?; }
or use:
function redirect (?php echo $MyVar; ?) { location = ?php echo MyVar;
?; }
The short syntax only works with short_open_tag enabled in php.ini or
with ini_set().
-Ben
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Variables
AH How do you insert a php variable into a javascript function?
AH function redirect(?php $MyVar ?) { location = ?php $MyVar ?; }
function redirect (?=$MyVar?) { location = ?=$MyVar?; }
or use:
function redirect (?php echo $MyVar; ?) { location = ?php echo MyVar;
?; }
The short syntax only works with short_open_tag enabled in php.ini or
with ini_set().
-Ben
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Variables
AH How do you insert a php variable into a javascript function?
AH function redirect(?php $MyVar ?) { location = ?php $MyVar ?; }
function redirect (?=$MyVar?) { location = ?=$MyVar?; }
or use:
function redirect (?php echo $MyVar; ?) { location = ?php echo MyVar;
?; }
The short syntax only works with short_open_tag enabled in php.ini or
with ini_set().
-Ben
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: server hanging on php site
I don't see any errors or an increased cpu/memory load. First of all, make sure that display_errors in your php.ini file is set to On. I believe that the distribution file that comes with PHP has it set to Off by default. Once it's set to On, see if you can get it to generate an error and post it. You may also use ini_set() to set display_errors to 1 to turn them on for a particular page only. -Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: filtering filename.ext on file-upload.
How can you filter the extension for files being uploaded on a system via form. Use pathinfo() ... check it out at http://www.php.net/manual/en/function.pathinfo.php -Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Please help me with these questions..
An excellent resource for all these questions is the documentation found at http://www.php.net/docs.php. Below, I've provided some links to the specfic docs for each question. 1- MD5 with PHP values. http://www.php.net/md5 2- Random values in PHP. http://www.php.net/manual/en/function.rand.php 3- Inserting values to mySQL DB by PHP and importing from them also to send echo. (For example : after MD 5some strings in PHP I want to insert them into the database also then to echo these MD5 strings). http://www.php.net/manual/en/ref.mysql.php 4- How to echo something. http://www.php.net/manual/en/function.echo.php 5- How to make some GET values like : http://www.mysitename.com/test.php?username=abc then insert them to the database. http://www.php.net/manual/en/language.variables.predefined.php http://www.php.net/manual/en/reserved.variables.php#reserved.variables.get http://www.php.net/manual/en/language.variables.external.php Hope that helps! -Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: How to compare between two values?
How to compare between two values
You may also use strcmp() to compare string values:
if (strcmp($string1, $string2) == 0) {
//do stuff
}
I know that in ASP (*gasp*... he uses a MS technology!) the StrComp
function has an increased performance difference over comparing the
strings with an equals sign. I do not know whether this is also the
case in PHP. But, nonetheless, it's just another way of doing things.
Again, check the documentation. This one can be found at:
http://www.php.net/manual/en/function.strcmp.php
-Ben
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Schedule an Event with PHP
Besides using CRON to hit that particular event table, is there any other method I am not thinking of that can be used with PHP? I want to check that event table every 5 minutes. If this is on a Web site, can you not just check the database everytime a user hits a page in the site rather than scheduling it to run every 5 minutes to do the checking. In effect, if no one's hitting the site, then it doesn't matter whether it's being displayed, but when someone hits a page in your site, then that's a perfect time to check the date and then display whatever you want to display based on the date. -Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: dynamic array creation from form elements
Try using $_POST[listItem$i] instead of $_POST[listItem . $i] or do something like this: $post_var_name = 'listItem' . $i; this do $_POST[$post_var_name]; I don't think you can do any evaluation within the brackets. Thus, you couldn't use the concatenating dot. -Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: dynamic array creation from form elements
I don't think you can do any evaluation within the brackets. Thus, you couldn't use the concatenating dot. Nevermind... I am wrong on this. But, I also completely missed that the code you have posted doesn't set $iListItems as Richard suggested. So, go with his suggestion. :) -Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: sorting multi-dimensional arrays
//now, I want that array sorted by the clinic_name, and then doc_name. Can someone who has more currently active brain cells than me figure out what the array_multisort function call should look like? In the documentation, I've found plenty of examples to do a multi-dimensional sort on one column, but not on two at the same time. My advice would be to do this sorting in your SQL statement. ORDER BY clinic_name, doc_name ASC would accomplish the same thing. Then, when you're in your while loop, it'll be added to the array in the proper order and you won't have to sort the array. -Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: server hanging on php site
BK PHP page causes the whole httpd to stop responding momentarily; BK no sites will load, those that are loading stop in the middle. BK But after say 30-45 seconds it continues just fine BR First of all, make sure that display_errors in your php.ini BR file is set to On. I believe that the distribution file that BR comes with PHP has it set to Off by default. Once it's set BR to On, see if you can get it to generate an error and post it. BK I've just tried setting that. I get absolutely no errors BK whatsoever. Could this be more of an Apache error? I included part of your original message in here because it must've been a part that I skimmed over. I didn't realize that you meant the entire httpd was stalling. During that 30-45 seconds, no site pages will load at all? What about after the 30-45 seconds? Does the page that caused the stall continue processing, or does it time out? It sounds to me like Apache is rebooting itself. There're several factors here that need to be addressed: 1) is it a code problem (if so, what code is causing the problem and what's the error--perhaps check Apache's error log); 2) is it only happening on one page, several specific pages running similar code, or random pages; 3) does the code connect to a database (if so, what kind of database)? I think you need to try to address these issues before you can continue debugging. As it stands, it could be a problem with your code, with Apache, with a database, etc. There're really no leads (that I can see) to give us a clue as to where the problem is. Your best bet is to check the Apache error logs and see if an error is being generated and saved there. Perhaps someone else could offer some better suggestions than I? -Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Please help me retrieving data from a PHP file!!???
How to retrieve data from a PHP file? (The value that will be retrieved of course it is echoed in the PHP file, and it will be shown in a TextBox in my VB program.. so I want to retrieve it to my EXE VB program that will put it inside a TextBox or something like that..) From within a PHP file, you may use exec() or passthru() to execute an external program and return the results to the PHP script. Seems to me like VB should have something similar to execute a PHP script (perhaps through HTTP or something). At any rate, I think you would probably need to ask this question on a VB mailing list, since they may be able to help you better. If your PHP script just echos something, then you'll need to find out what VB function there is to execute the PHP script and grab the value that is echoed. -Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Variables not working!
Try using $_POST['fname'] instead of $fname. This just means that register_globals is probably set to off in php.ini, which is the recommended setting. Take a look at the section on predefined variables in the PHP manual for more on this: http://www.php.net/manual/en/language.variables.predefined.php -Ben Kaushan wrote: Hi, I am new to PHP scripting and struggling with the following problem. I have two files, an HTML file and a PHP file. HTML file contains a form with one text field and a submit button. When a user pressed the submit button, it calls the php file (form action=test.php ...). What the php file does is just echo back the text received from html file to the user again. Name of the text field is 'fname'. When I used this variable in the php file (as $fname) it does not contain the value of the text field. Query-string appended to the url during the submission is also correct. I checked for all syntax errors, but the codings are perfect. Do I have to change php.ini file to fix this problem. Could anyone can help me to solve this problem. Kaushan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] [Fwd: Delivery Report (failure) for php-general@lists.php.net]
What the heck does this mean? I've been receiving a ton of these even though I haven't sent many messages to the list. -Ben ---BeginMessage--- This report relates to your message: Subject: [PHP] Re: dynamic array creation from form elements, Message-ID: [EMAIL PROTECTED], To: [EMAIL PROTECTED], Jon Bennett [EMAIL PROTECTED] of Mon, 19 Jan 2004 15:42:40 + Your message was not delivered to: [EMAIL PROTECTED] for the following reason: Diagnostic was Unable to transfer, Message timed out Information Message timed out The Original Message follows: Reporting-MTA: x400; mta dswu232-hme1 in /ADMD= /C=WW/ Arrival-Date: Fri, 16 Jan 2004 15:41:01 + DSN-Gateway: dns; dswu232.btconnect.com X400-Conversion-Date: Mon, 19 Jan 2004 15:42:58 + X400-Content-Correlator: Subject: [PHP] Re: dynamic array creation from form elements, Message-ID: [EMAIL PROTECTED], To: [EMAIL PROTECTED], Jon Bennett [EMAIL PROTECTED] Original-Envelope-Id: [/ADMD= /C=WW/;[EMAIL PROTECTED]] X400-Content-Identifier: (091)PHP(093)... X400-Encoded-Info: ia5-text Original-Recipient: rfc822; [EMAIL PROTECTED] Final-Recipient: x400; /RFC-822=php-general(a)lists.php.net/ADMD= /C=WW/ Action: failed Status: 4.4.7 Diagnostic-Code: Reason 1 (Unable-To-Transfer); Diagnostic 5 (Maximum-Time-Expired) X400-Supplementary-Info: Message timed out X400-Originally-Specified-Recipient-Number: 1 X400-Last-Trace: Fri, 16 Jan 2004 15:41:01 + Received: from gateway.btopenworld.com (actually host 185.136.40.217.in-addr.arpa) by dswu232 with SMTP-CUST (XT-PP) with ESMTP; Fri, 16 Jan 2004 15:41:00 + Received: from gateway (127.0.0.1) by gateway.btopenworld.com (Worldmail 1.3.167); 16 Jan 2004 15:50:34 + Delivery-Date: Fri, 16 Jan 2004 15:42:17 + Received: from pb1.pair.com (actually host 4.131.92.216.in-addr.arpa) by dswu83 with SMTP (XT-PP); Fri, 16 Jan 2004 15:42:15 + Received: (qmail 72706 invoked by uid 1010); 16 Jan 2004 15:38:54 - Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Precedence: bulk list-help: mailto:[EMAIL PROTECTED] list-unsubscribe: mailto:[EMAIL PROTECTED] list-post: mailto:[EMAIL PROTECTED] Delivered-To: mailing list [EMAIL PROTECTED] Received: (qmail 72692 invoked by uid 1010); 16 Jan 2004 15:38:54 - Delivered-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED], Jon Bennett [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Date: Fri, 16 Jan 2004 10:38:49 -0500 From: Ben Ramsey [EMAIL PROTECTED] User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 References: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Posted-By: 24.53.104.43 Subject: [PHP] Re: dynamic array creation from form elements ---End Message--- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: libphp_common430 is in conflit with php-4.3.1-11mdk
What's the error? Luiz Gustavo Sarubi Macchi wrote: Please, I´m trying to compile PHP so it´s reporting an error: -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is this code right?
Radwan Aladdin wrote:
Oh sorry.. I didn't notice that.. anyway.. I want to know.. what to add to
this code to make it also check the serial between the database (That users'
row) and the GET variable before it echos anything.. so the UserName,
Password and Serial must be the same for that user..
It already looks like you're doing that with the code:
if($UserSerial == $Serial){
Is that not working?
-Ben
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Server Map Path
Is there an equivalent to Server.MapPath(MyDir\MyLocation) in php? I've
looked in the docs and don't seem to find it. I did find a reference to;
I believe what you're looking for is:
realpath('./')
That should do the same trick as Server.MapPath().
-Ben
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is this code right?
Radwan Aladdin wrote: Do you mean this is the right code : The code overall looks right, but you set $Serial twice... first you do: $Serial = $_GET['Serial']; Then you do: $Serial = htmlspecialchars($row[0]); Then you set $UserSerial to $row[1] (the same as the Password column). So, when you compare $Serial to $UserSerial, you are really comparing it like this: if (htmlspecialchars($row[0]) == $row[1]) If that's what you're trying to do, then you're good. But, if you're trying to compare $UserSerial with the serial variable in $_GET, then you need to only do the following: $Serial = $_GET['Serial']; $UserSerial = $row[0]; if ($Serial == $UserSerial) Then, that should at least compare the serial field from the database with the serial variable in $_GET. -Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Generating an Excel file?
I'm pretty sure I know how to use header() create a CSV file for a client to download data from a database, but I think it would really impress this client if I could generate a Microsoft Excel file instead of a CSV file. Anyone know how to do this? -Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Generating an Excel file?
Alright. You've all given some great suggestions, and I'm going to track them down. But, for now, I'm settling for creating a CSV file. My next question: How do I get the file to download without the .php extension on the end? It's downloading it as filename.csv.php. The code to right my headers is: header(Content-Type: text/comma-separated-values); header(Content-Disposition: attachment; filename=$name.csv); Do I need to add another header? -Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Generating an Excel file?
Adding any of those headers still does not remove the .php from the
end of the file when I am prompted for the download. I have a client
that will be downloading this file, and I do not wish to instruct them
to first remove the .php extension before they can view it.
-Ben
[EMAIL PROTECTED] wrote:
Alright. You've all given some great suggestions, and I'm going to
track them down. But, for now, I'm settling for creating a CSV file.
My next question: How do I get the file to download without the .php
extension on the end? It's downloading it as filename.csv.php.
The code to right my headers is:
header(Content-Type: text/comma-separated-values);
header(Content-Disposition: attachment; filename=$name.csv);
Do I need to add another header?
Here is an edited function i did from the pear spreadsheet writer class
function send($filename,$action=DOWNLOAD)
{
header(Content-type: application/vnd.ms-excel);
switch ($action) {
case 'DOWNLOAD':
header(Content-Disposition: attachment;
filename=$filename);
break;
case 'OUTPUT':
header(Content-Disposition: inline;
filename=$filename);
header(Content-Description: PHP Generated
Data);
break;
}
header(Expires: 0);
header(Cache-Control: must-revalidate, post-check=0,pre-
check=0);
header(Pragma: public);
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: FW: [PHP] Re: Generating an Excel file?
John W. Holmes wrote: From what I've seen on here, the only workaround is to pass an extra variable in the URL that ends in .csv, even though you don't need to use that variable. file.php?var=whateverdummy=f.csv Olwen - Sal Williams wrote: Name it for example something.csv The in your .htaccess file put Files something.csv ForceType application/x-httpd-php /Files Vincent Jansen wrote: I use header(Expires: Mon, 26 Jul 1997 05:00:00 GMT); header(Cache-Control: no-store, no-cache, must-revalidate); header(Cache-Control: post-check=0, pre-check=0, false); header(Pragma: no-cache); header( Content-type: application/x-excel ); header( Content-Disposition: attachment; filename=MyFile.xls ); header( Content-Description: PHP Generated Data ); For me this works in both IE6 and Mozilla 1.5 None of these ideas seem to work. In fact, I don't think .htaccess files even work on a Windows server running IIS. But I could probably achieve the save results by playing with the extensions in IIS. At any rate, I tried it in IE6, and it prompts me to download it correctly and without the .php extension on the end. I had been trying it in Mozilla Firebird 0.7 prior to that. Since the client uses IE rather than Mozilla, then I won't worry about it for now. However, it still would be a good idea to find a way to resolve it. Any other ideas? Thanks, Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: FW: [PHP] Re: Generating an Excel file?
[EMAIL PROTECTED] wrote: or download the file without the php-script and analyse the http-headers with a network-sniffer There is no way to download the file without the PHP script. It is being generated by the PHP script from data in a database. The file does not actually exist. -Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_SESSION
Alex Hogan wrote: I got back an error that read; Warning: session_start(): Cannot send session cookie - headers already sent by Warning: session_start(): Cannot send session cache limiter - headers already sent. You need to use session_start() before any headers are written. -Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: connecting PHP to MS Access
Sounds to me like you have everything pretty much figured out now, but no one has yet mentioned the ODBC functions built into PHP, so I thought I'd throw that out as a way to actually connect to and retrieve data from a MS Access database. Just set up a DSN and connect to it. The ODBC function reference is at: http://us3.php.net/manual/en/ref.odbc.php -Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Flash-PHP Socket Connection
Flash has the ability to read in text files, so you could use PHP to output data in the correct format and use Flash to read the PHP script like it reads a text file. We did this in ASP once upon a time. Here's a tutorial about reading text files into Flash: http://www.virtual-fx.net/tutorials/html/loadtextfile.htm Also, from what I understand, Flash now has a great XML parser, so you could use PHP to generate XML and Flash could read in the XML as variables. You might want to look into that, but I think it's only available in the newest version. -Ben Eric Bolikowski wrote: Hi everybody I'm working on a site that will be based on Flash, PHP and MySQL. PHP will work as a middleware for Flash and MySQL. My problem is communication between Flash and PHP. I'm really out looking for using the socket functions in PHP and Flash to make fast connection. I have googled for almost an hour now, and I can't seem to find any interesting. The only info I find, is about sending data between Flash and PHP with HTTP GET or HTTP POST. So if anybody has some general information on this or a link to a tutorial on the subject, I would like to get those resources. Thanks a lot Eric -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Flash-PHP Socket Connection
What I mean is: you shouldn't need to use sockets to read in a file from Flash unless you're trying to do something more complicated, but from the way it sounds, you just want to pull data from MySQL with a PHP script and output it to Flash. The PHP script could just echo plain text and Flash can read that in just fine without needing to connect via a socket. -Ben Ben Ramsey wrote: Flash has the ability to read in text files, so you could use PHP to output data in the correct format and use Flash to read the PHP script like it reads a text file. We did this in ASP once upon a time. Here's a tutorial about reading text files into Flash: http://www.virtual-fx.net/tutorials/html/loadtextfile.htm Also, from what I understand, Flash now has a great XML parser, so you could use PHP to generate XML and Flash could read in the XML as variables. You might want to look into that, but I think it's only available in the newest version. -Ben Eric Bolikowski wrote: Hi everybody I'm working on a site that will be based on Flash, PHP and MySQL. PHP will work as a middleware for Flash and MySQL. My problem is communication between Flash and PHP. I'm really out looking for using the socket functions in PHP and Flash to make fast connection. I have googled for almost an hour now, and I can't seem to find any interesting. The only info I find, is about sending data between Flash and PHP with HTTP GET or HTTP POST. So if anybody has some general information on this or a link to a tutorial on the subject, I would like to get those resources. Thanks a lot Eric -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Flash-PHP Socket Connection
I guess that's good enough reason for me. As far as connecting with sockets, though: you should connect from Flash to the PHP file, not from PHP to the Flash file, I think. And, in order to do that, you would need to ask some people who specialize in Flash and ActionScript, so the boards at Macromedia.com may be the best place to ask. Then again, I could be absolutely wrong. ;-) -Ben Eric Bolikowski wrote: Hey Ben I know it may sound nuts, but I really want to make a socket connection between a Flash and a PHP file. Normally I would simply read in a text file/read XML/send data with GET or POST, but I'm looking for a socket connections of following reasons: 1) I want a fast connection 2) I'm looking at this as a challenge, because it doesn't seem like anyone else has done this before Eric Ben Ramsey [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] What I mean is: you shouldn't need to use sockets to read in a file from Flash unless you're trying to do something more complicated, but from the way it sounds, you just want to pull data from MySQL with a PHP script and output it to Flash. The PHP script could just echo plain text and Flash can read that in just fine without needing to connect via a socket. -Ben Ben Ramsey wrote: Flash has the ability to read in text files, so you could use PHP to output data in the correct format and use Flash to read the PHP script like it reads a text file. We did this in ASP once upon a time. Here's a tutorial about reading text files into Flash: http://www.virtual-fx.net/tutorials/html/loadtextfile.htm Also, from what I understand, Flash now has a great XML parser, so you could use PHP to generate XML and Flash could read in the XML as variables. You might want to look into that, but I think it's only available in the newest version. -Ben Eric Bolikowski wrote: Hi everybody I'm working on a site that will be based on Flash, PHP and MySQL. PHP will work as a middleware for Flash and MySQL. My problem is communication between Flash and PHP. I'm really out looking for using the socket functions in PHP and Flash to make fast connection. I have googled for almost an hour now, and I can't seem to find any interesting. The only info I find, is about sending data between Flash and PHP with HTTP GET or HTTP POST. So if anybody has some general information on this or a link to a tutorial on the subject, I would like to get those resources. Thanks a lot Eric -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP FuseBox
As far as I can tell, there isn't a common coding practice among PHP developers. What I mean is: there is no standard as in ANSI Standard C++. However, I believe that there beginning to be a move toward a more standardized way of coding, and I would greatly support and like to be involved in helping create this standard. Nonetheless, some good coding practices for PHP are in the PEAR manual (as this is the standard way that PEAR developers request that you code PEAR packages). These standards may be found at: http://pear.php.net/manual/en/standards.php -Ben Alex Pilson wrote: I am migrating my development from Lasso 6 to PHP, and I have used the FuseBox methodology pretty extensively on some sites. It works very well. I was wondering, how prevalent is the FuesBox methodology in the PHP developer community? If not, is there a common coding practice (structure) that most use? Any insight would be greatly appreciated. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP 5 Book
Speaking of MySQL, I heard tale that 5.0 would include VIEWS, but I can't find that in any of the new features logs. Anyone know about this? It'd be a great feature to have. Unless, of course, anyone knows how to do this without a CREATE VIEW statement. -Ben [EMAIL PROTECTED] wrote: (cant wait for the release of both PHP5 and Mysql 4.1) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP FuseBox
If you checked out the PHP Community site announcement on the php.net site, you'd notice that the site may involve some coding standards creation. I find this very interesting and perhaps exciting. http://shiflett.org/archive/19 [EMAIL PROTECTED] wrote: I've developed my own methodology and coding practices over the past 3-5 years, but summarising them into a few lines and code snippets is impossible :) I think we all have, maybe there should be a posting place to submit our methodology and frameworks, and then maybe just maybe come up with a global standard ? I personally am always keen to change my practices to keep up with the times, and am always curious how other people do it, and maybe adopt some new ideas. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP 5 Book
VIEWs are those nice things that PostgreSQL includes that MySQL doesn't yet. ;P Jay Blanchard wrote: [snip] Speaking of MySQL, I heard tale that 5.0 would include VIEWS, but I can't find that in any of the new features logs. Anyone know about this? It'd be a great feature to have. Unless, of course, anyone knows how to do this without a CREATE VIEW statement. [/snip] It is called a SELECT query. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MSSQL connection
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 If your Web server is running on a machine that is separate from your database server, then you'll also need to copy the file ntwdblib.dll from the database server to your C:\WINDOWS\system32 folder. PHP needs that DLL for the mssql functions to work correctly. Raditha Dissanayake wrote: | I assume you are working on a win32 platform, if so uncomment that | relevent line in the php.ini file and copy the dll to the win folders. | (all this is explained in great detail in teh installation guide) | | If you are working on linux this approach will not work with mssql. | | | Alex Hogan wrote: | | Hi All, | | | | I have a question about connecting to a MSSQL back end. I keep | getting the | error that the php_mssql.dll wont load because it isn't present. | | | | From what I can see so far is that php needs to be compiled with that | extension uncommented in order to get the dll. Is that correct? | | | | | | | | alex hogan | | | | | | ** The | contents of this e-mail and any files transmitted with it are | confidential and intended solely for the use of the individual or | entity to whom it is addressed. The views stated herein do not | necessarily represent the view of the company. If you are not the | intended recipient of this e-mail you may not copy, forward, disclose, | or otherwise use it or any part of it in any form whatsoever. If you | have received this e-mail in error please e-mail the sender. | ** | | | | | | -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAEAvYIcIs3CP5DxwRAu1RAKCqeaSzCbHHO8Aibw9L9UwbErnK5QCcDqcN zWleSmyn3J+gwxvzT59VSWw= =GCyj -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Access Violation at 77FCC61F?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Anyone know what this error means:
PHP has encountered an Access Violation at 77FCC61F
I'm running PHP 5.0 beta 3 on IIS 5.0 on a Win2K machine. I received
the above error message multiple times after changing addslashes($value)
to str_replace(', '', $value) in my code. Scripts would not run;
all I would get is that message. This occured on all pages.
Then, I restarted IIS, and it works just fine.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFAEWaUIcIs3CP5DxwRAn/AAJ41XgmkZ5dVkA9viFiLIVnYI81UogCfVVki
shIGH2JTovkjshK59nqqtQ0=
=gHoh
-END PGP SIGNATURE-
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Why we love Microsoft (0t)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Copyright and trademark are two wholly separate things. The Kimberly-Clark Corporation has a registered trademark on the name and logo for Kleenex. Thus, no one else has a right to use the word Kleenex to describe their product. That, however, doesn't stop the consumer from calling all facial tissues Kleenex. It does stop other companies from referring to their facial tissues as Kleenex. Take a look at a box of tissue paper that isn't a Kleenex brand. You'll notice that it does not call itself Kleenex but, most likely, facial tissues. Consumers are the ones taking companies' trademarks and using them to describe other brands of products. This does not mean that the company is not protecting its trademarks, and Kimberly-Clark has not lost the right to use Kleenex exclusively. This just means that the company has excellent brand recognition. Other brands that have this same level of recognition include Coke, Tylenol, Tupperware, etc. - -Ben Tim Thorburn wrote: | Well there's also the small fact that under US copyright law if a | company doesn't enforce its rights over said copyright, they lose the | right to use it exclusively. Take a look at Kleenex - they failed to | take steps to protect their name and now all tissue paper is known as | Kleenex. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAEZiAIcIs3CP5DxwRAuJIAJwMnyTrKYIHDSDRtsmRezkTeXZDAgCgo/kv gsAKDNnUf7vkggJOiMizVZY= =bLBa -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Why we love Microsoft (0t) - JELLO
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 As a humorous sidenote, I meant to say: let's hope that Windows (a registered trademark brand of Microsoft) doesn't get to the level of name recognition where the consumer refers to all graphical desktops as Windows. ;-) Roger Spears wrote: | Another big one is Jello | | It's a brand if I'm not mistakenthe product is gelatin | | Jello brand gelatin | | but all forms of pudding and gelatin are sometimes referred to as Jello... -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAEZn1IcIs3CP5DxwRAmPmAKC2S9i6wVyADenOoyjgu60DMr6CAACfWlan M9QFo74/dGo+hXejNtJzmZY= =KppL -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP integration with ASP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Since the action of your form is the ASP script, it will always take
your user to the ASP script and not return results to the PHP
application, which I think it what you want to do, if I am not mistaken.
I found a link in the manual (http://us4.php.net/http) to someone's
function for peforming posts to an external site and retrieving the
returned data. In this way, you could set the action of your form to
another PHP script on the same server that would then use this http_post
function to post to the external ASP script. The ASP script's results
would be sent back to your PHP script and returned by the http_post
function for you to use. I hope this is what you're looking for.
The function is located at: http://nf.wh3rd.net/projects/http.inc/
[EMAIL PROTECTED] wrote:
| I am working on an integration between my PHP site and an ASP site
with XML.
| The basic flow is this: I generate a request by placing XML into the
value
| portion of an input tag called ³REQUEST² the action is the url of the
remote
| ASP server which receives the request. It then returns a form with
the same
| ³REQUEST² input tag with the XML as the value. My problem is getting the
| XML that is posted to the form. The confusing thing is that once I
receive
| the XML data I am no longer in my site. The header information changes to
| the URL that sent the data.
|
| I am not sure how to capture the data that is returned by the server.
I have
| a procedure that puts XML data into my db from file. But I'm not sure how
| to get this result into a file.
|
| The ASP example that I am changing to PHP is Request.Form(Results)
| basically it gets the form's Results variable... How can you do that
in PHP
| when nothing has been sent to the server?? Any insight would be very
| helpful...
|
| My code is below:
|
| Code that generates the request:
|
| $doc = domxml_new_doc('1.0');
| $top_element = $doc-add_child($doc-create_element('ExchangeRequest'));
|
| $login_data_node =
| $top_element-add_child($doc-create_element('LoginData'));
| $login_data_node-set_attribute(UserName, uname);
| $login_data_node-set_attribute(Password, pass);
|
| $request_node = $top_element-add_child($doc-create_element('Request'));
| $request_node-set_attribute(Type, RetrieveNewSearches);
|
| //echo preComment: ; print(htmlentities($doc-html_dump_mem(true)));
| echo /pre; die;
|
| $xml = $doc-html_dump_mem();
| $ns = strtr($xml, \, ');
|
| //echo preComment: ; print($ns); echo /pre; die;
|
| $html = html
| body
| form name=\Exchange\ method=\POST\
| action=\https://remoteaspserver/action.asp\;
| input type=\text\ size=150 name=\Request\
| value=\$ns\/input
| brbr
| input type=\submit\ value=\Submit\/input
| /form
| /body
| /html;
|
| print($html);
|
|
| Code received by server:
|
| html
| body
| input type=text name=Results value=?xml version='1.0'?
| Results RequestSuccessful='True'
| Searches NumberIncluded='1'
| Search Type='data'
| ID1/ID
| Comments/
| /Search
| /Searches
| /Results
| /input
| /body
| /html
|
|
| Thanks for your help!
| /Tim Best
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFAFF4/IcIs3CP5DxwRAsQDAJ9qYdQ5l4B/e0lurUVb49GD0m42lwCeOUjO
qBoYMiC62Hf2VgwgLTWH2vg=
=t6ej
-END PGP SIGNATURE-
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: question PHP - HTML
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 If you View Source in IE, you'll see it printed in the expected way. The browser, though, will not show it as you expect it. This is because the browser needs a br tag for a newline and will not read a \n as a br. So, use br instead of \n. Viviane Hu wrote: | Hi, | | Je try to use PHP. | Je wrote to this code | ?php | echo hello \n; | echo viviane \n; | ? | I expect a print out like : |hello |viviane | | but the print out (IE) is hello viviane | | Could you help please | | thinks. | Viviane | -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAFSFOIcIs3CP5DxwRAqaTAJ4wHGXKgKiC8oTmZZXydFDQJMz5DQCfU4E8 7Ymsr37Df0hlIqR0UgPq0pI= =Z6+n -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: send a POST to a URL from within PHP code
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I answered a question similar to this yesterday. There is a user-submitted function listed in the PHP manual under HTTP functions that will POST to another page from within a PHP script and return the value of the POST back to the PHP script without ever ending the script execution or leaving the script. Is this what you are talking about? The function is located at: http://nf.wh3rd.net/projects/http.inc/ Vincent Dupont wrote: | Hi all, | | I would like to simulate sending a form in POST to a specified URL through PHP. I knwo how to do this from a HTML form : | form method=post action=http://url.com/query; | blablabla | /form | | I would just like to simulate this because I have some processes that will change the values of the form before sending it to the 'action' URL | | | With a GET, the fields would be included into the query strinbg, so this is quite easy. What happens in a POST? | | Any idea is welcome | | Vincent | mailto: [EMAIL PROTECTED] | -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAFSI1IcIs3CP5DxwRAta1AJ9lOXv7qWppwWBOI/0T3Rm1HlTf1ACeK17j 2bkdR4+WOM6ENsZrgdC9oIY= =GZNI -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
