--- Peter Torraca <[EMAIL PROTECTED]> wrote:
> print date ("m/d/y h:m:s A", mktime(16, 30, 0, 10, 10, 2003));
>
> gives the output: 10/10/03 04:10:00 AM
>
> Where did the 4:10 come from? It should be 4:*30*.
10 is the month, which is what the m means. Use i for minute:
http://www.php.net/date
--- Jake McHenry <[EMAIL PROTECTED]> wrote:
> $result = mysql_query("SELECT * FROM `users` WHERE `uname` =
> '".$_POST['username']."'");
Don't put uname in single quotes. Aside from that, don't forget that you can
interpolate variables with curly braces. Depending on your personal preference,
yo
--- Jake McHenry <[EMAIL PROTECTED]> wrote:
> I took the single quotes off of the field name, uname, but still
> getting the same error at the same line in the file...
>
> Any other suggestions?
Sure.
Let's look at your original code:
$result = mysql_query("SELECT * FROM `users` WHERE `uname` =
--- Jake McHenry <[EMAIL PROTECTED]> wrote:
> Is there any advantage to the curly brackets over the '".."'?
There's not enough difference between the two to choose one over the other
based on performance, if that's what you mean. Personally, I find that
concatenation looks clearer in some cases, a
Perhaps Marco can try an "Ask Jeeves" type of Web app. Is that the sort of
thing you are suggesting?
So, as another feature of this mailing list archive, there could be a place
where people can ask a question, and Ask Marco will try to come up with some
suggested posts to read. This would give peo
--- [EMAIL PROTECTED] wrote:
> However, the only issue with that is that many users do not search the
> archives, faqs, or internet for the answers before posting to the list.
> This always seems the case. Many users are unaware of the ethics around
> mailing lists.
I think many users are also una
--- Marek Kilimajer <[EMAIL PROTECTED]> wrote:
> My suggestion would be to use iframe for the message. It would load
> much faster then.
How would that make it load much faster? Surely not because it requires an
additional HTTP transaction, increasing the load. I'm curious to know what you
mean.
--- John Taylor-Johnston <[EMAIL PROTECTED]> wrote:
> Can someone recommend a good URL on cookies and security issues
> please? I can program them, but am told I'm putting others at risk,
> forcing people to use cookies on my site.
I have a free chapter about cookies from HTTP Developer's Handbook
--- Marco Tabini <[EMAIL PROTECTED]> wrote:
> However, we do not share the contents of our cookies with any third
> party, under any circumstances.
I'm no lawyer, but that seems like a risky statement. There are many
circumstances that can cause the contents of the cookies you set to be
disclosed
--- Robert Cummings <[EMAIL PROTECTED]> wrote:
> > What is a transparent session?
>
> I don't know if it's the same for the original poster (whoever that
> is, since they were cropped :) For me it's when I bind a session
> variable to an object such that the session variable is referenced
> using
--- Marco Tabini <[EMAIL PROTECTED]> wrote:
> IMHO, by storing the user's name and password in a cookie, you may be
> exposing that information to unnecessary risks by letting it go back
> and forth continuously on the Net (assuming, of course, that you're
> not under SSL and/or are using some en
--- Marek Kilimajer <[EMAIL PROTECTED]> wrote:
> John W. Holmes wrote:
> >
> > You're not even allowed to use persistant cookies in public
> > government sites unless you get permission from the Secretary of
> > the Defense.
>
> Hi, this is interesting. Can you post the guidelines?
I've never he
--- "John W. Holmes" <[EMAIL PROTECTED]> wrote:
> > > So let's say the first user comes along and is given the userid 1.
> > > We then create their random id by adding 241757219 to their userid.
> > > We get a random id of 241757220. Then within the login page I can
> > > subtract 241757219 from th
--- "Chris W. Parker" <[EMAIL PROTECTED]> wrote:
> > Not a good method. If I get on your site and see my cookie has the
> > value 241757219 in it, I just need to subtract one from the number
> > and revisit your site. Now I'm the user who registered before me.
> > Using the rand() or uniqid() metho
--- Steve Wardell <[EMAIL PROTECTED]> wrote:
> I have a page on my PHP site that needs to access itself. I open a
> socket connection and pass in the HTTP request header including a
> cookie string such as:
>
> Cookie: PHPSESSID=766bc531e9185be6b54206c944f258d9
>
> With the session name and id o
--- "John W. Holmes" <[EMAIL PROTECTED]> wrote:
> Use a template engine to separate your presentation from your logic. :)
Isn't PHP a templating engine? :-)
Chris
=
My Blog
http://shiflett.org/
HTTP Developer's Handbook
http://httphandbook.org/
RAMP Training Courses
http://www
--- Ryan A <[EMAIL PROTECTED]> wrote:
> Just one last question, you guys can reply to this off list or on:
> does using a templating engine slow down pages a lot (as i have
> heard) or increase speed (as i have heard again) ? :-D
Things like Smarty are slow in terms of performance alone, yes. The
--- AMC <[EMAIL PROTECTED]> wrote:
> I'm trying to post from an asp page to a php and I get this error:
>
> The page you are looking for cannot be displayed because the page
> address is incorrect.
>
> then later on in the same page I get the error:
>
> http 405 resource not allowed
> internet i
--- Ryan A <[EMAIL PROTECTED]> wrote:
> My main pages are basically querying the databases for hosting plans
> depending on what the client chooses
> what do you suggest? and any urls for reading up on caching?
Caching is a generic term, so it's tough to search for documentation about a
specif
--- Amanda Clark <[EMAIL PROTECTED]> wrote:
> Thanks for the info. You are correct that I am using iis. I am
> posting from one asp page to other asp pages so doesn't that mean
> that the post method is allowed?
You're saying that you can send a POST request for an ASP page, but IIS won't
let you
--- Curt Zirzow <[EMAIL PROTECTED]> wrote:
> > My only guess is:
> >
> > 1. You are using IIS
> > 2. IIS doesn't know that 405 is the status code for Method Not Allowed
> > 3. IIS is configured to not allow the POST request method
>
> hmm.. I thought 'only' implied singular :)
It was a composite
--- Robb Kerr <[EMAIL PROTECTED]> wrote:
> Here's the problem. Some of the fields are empty (for instance
> 'Address') and the way my code is configured a blank line appears in
> the returned data when the field is empty. How do I change this code
> to add a conditional that only echos the field co
--- Daniel Guerrier <[EMAIL PROTECTED]> wrote:
> Use
> $_SESSION['var']
>
> instead of
>
> $_SESSION["var"]
That won't make any difference.
As for the original question, I don't notice any immediate problems with the
code:
> > in page1.php:
> > > $_SESSION["var"] = "Please help"; ?>
> >
--- "Golawala, Moiz M (IndSys, GE Interlogix)" <[EMAIL PROTECTED]> wrote:
> I am sorry to call it a cookie.. I see the data in a session file
> (not a cookie)
OK, so you just look in this file manually?
> I don't have a html file. I simply call the .php file by typing the
> url as http://localhos
--- Scott Fletcher <[EMAIL PROTECTED]> wrote:
> What does the word, 'parse' meant when you do a XML parse?
http://dictionary.reference.com/search?q=parse
http://en.wikipedia.org/wiki/Parse
Hope that helps.
Chris
=
My Blog
http://shiflett.org/
HTTP Developer's Handbook
http://http
--- Shaun van den Berg <[EMAIL PROTECTED]> wrote:
> I have tried the net , googling ect. but i cannot get a good
> description of what the header function is al about ? Can anyone
> please define the header function.
It allows you to specify an HTTP header to be included in the response to the
Web
--- Hanuska Ivo <[EMAIL PROTECTED]> wrote:
> I need to know, if there is a possibility to read full contents of
> HTTP request. I know, the response can be sent by header() function.
> But can I get the request of the client for server?
In a way, yes, although most of this information is nicely pa
--- Timo Boettcher <[EMAIL PROTECTED]> wrote:
> I am trying to get my pages through the w3c-validator for html.
> It doesn't like my
>
> Changing & to & got my page through the validator, but broke
> my app, which seems not to be getting any parameters over URL
> anymore.
I find that *very* hard
--- Nathan Taylor <[EMAIL PROTECTED]> wrote:
> This problem should be handled by modifying the php.ini. In my
> experience W3C is a whiney bitch that always gets it's way. Just
> throw this code on all your pages (or better yet, in a header) and
> the problem will go away.
>
> // The communists at
--- Matt Babineau <[EMAIL PROTECTED]> wrote:
> All this aside what about using the ASCII value of the & symbol.
> (I think its ASCII).
>
> You know how sometimes links with spaces in them are %20 instead
> of the actual space? I'm not sure what it is but I am pretty sure
> there is a %something fo
--- Marek Kilimajer <[EMAIL PROTECTED]> wrote:
> >
>
> Get variables in action URL don't work with get method, at least in
> Mozilla.
Marek's right, and this is the case for every browser I know of.
In this case, you can specify para1 and para2 as hidden form variables, and it
will work.
Hope
--- Timo Boettcher <[EMAIL PROTECTED]> wrote:
> > I find that *very* hard to believe. I'm not aware of any browser
> > that mishandles HTML entities. Basically, when you say this:
> >
> > action="/mypage.php?para1=val1¶2=val2"
> >
> > Your browser's HTTP request line will appear as:
> >
> > /my
--- Timo Boettcher <[EMAIL PROTECTED]> wrote:
> It will not work. One of the requirements of my app is that I can
> place a bookmark on any page and return to it. That wouldn't work
> with hidden fields, would it?
It would if you use the GET method as someone had suggested. Basically, this is
how
--- Timo Boettcher <[EMAIL PROTECTED]> wrote:
> > http://shiflett.org/dev/php-general/ampersand.php
>
> can you put the source of that online, too?
You can view the source in your browser to see the HTML, which is the relevant
part. If you see the HTML entity for an ampersand in your browser's loc
--- Joao Andrade <[EMAIL PROTECTED]> wrote:
>
Windowsitis? Mind your slashes.
Also, you should quote HTML attributes (though this isn't your problem). So,
try this:
>
[snip]
>
Same thing here. Quote your attributes.
Hope that helps.
Chris
=
My Blog
http://shiflett.org/
HTTP D
--- Joao Andrade <[EMAIL PROTECTED]> wrote:
> if ( $_POST['nova'] =! "")
Equal not? Perhaps you mean not equal? :-)
Chris
=
My Blog
http://shiflett.org/
HTTP Developer's Handbook
http://httphandbook.org/
RAMP Training Courses
http://www.nyphp.org/ramp
--
PHP General Mai
--- [EMAIL PROTECTED] wrote:
> In the php.ini I have set the registr_globals=3D Off
I'm assuming that 3D was put in there by some faulty mail client? Also, make
sure you spell it register_globals.
> php_flag register_globals on for only this site.
>
> With the function phpinfo I have see that th
--- Luis Lebron <[EMAIL PROTECTED]> wrote:
> $query="Select * from users where userid='$_POST['userid']'";
Use curly braces:
$query = "select * from users where userid = '{$_POST['userid']}'";
Hope that helps.
Chris
=
My Blog
http://shiflett.org/
HTTP Developer's Handbook
http://
--- [EMAIL PROTECTED] wrote:
>
> The problem concern:
>
> The correct site is: www.gardafun.com with apache.1.3.27 and
> php-4.0.6 with register_globals = On
>
> The new webserver is 213.21.138.119 with suse8.2 apache1.3.27 and
> php-4.3.3 with register_globals=off in the php.ini and in the
> .h
Please include the list in all of your replies. I skim message subjects and
don't read all messages. If you reply only to me, there's a good chance it will
not be read, and no one else will have a chance to answer your question.
--- [EMAIL PROTECTED] wrote:
> As i know, if register_globals is turn
--- Frank Tudor <[EMAIL PROTECTED]> wrote:
> function $payment{
You probably mean payment, not $payment.
> header ("location:test_page.html");
The Location header has an uppercase L, a space after the colon, and an
absolute URL after the space. Your example violates all three.
Hope that helps.
--- Frank Tudor <[EMAIL PROTECTED]> wrote:
> I am getting a elseif parse error.
Let me clean up your code a bit, and hopefully the error will stand out.
function payment()
{
global $payment;
if ($payment == '0');
header ('Location: http://example.org/test_page.html');
}
global $p
--- Frank Tudor <[EMAIL PROTECTED]> wrote:
> function payment()
> {
> global $payment;
> if ($payment == '0');
> header ('Location: http://ftudor/test/test_page.html');
> }
>
> elseif ($payment == '1')
> {
> header ('Location: http://ftudor/test/test_page2.html');
> }
Your co
--- Frank Tudor <[EMAIL PROTECTED]> wrote:
> I am putting in the $payment="1"; so it will automatically go to
> test_page2.html but it just sits there.
[snip]
> header ('Location: http://ftudor/test/test_page2.html');
What happens when you type it into your browser manually?
http://ftudor/test/te
--- DvDmanDT <[EMAIL PROTECTED]> wrote:
> > Can you see the problem(s) now? Never underestimate the benefits of
> > writing clean code. :-)
>
> Hehe, you should see my code..
Yes, very messy and disorganized. Is this an admission of guilt, a cry for
help, or what?
Chris
=
My Blog
http:
--- Justin French <[EMAIL PROTECTED]> wrote:
> a) echo " ";
The curly braces are superfluous here, since you are using double quotes. I'm
not sure if you like having them there, but I think that less syntax yields a
simpler and cleaner appearance.
However, I hate single quotes around HTML attribu
--- "Chris W. Parker" <[EMAIL PROTECTED]> wrote:
> Exactly what is the problem with:
>
> echo " ";
>
> I don't see the problem.
I agree with you, actually. The only things I don't like are:
1. The use of the bgcolor attribute
2. The name of the variable :-)
3. The fact that your td is not tabbe
--- DvDmanDT <[EMAIL PROTECTED]> wrote:
> It's said that you shouldn't use tables for layout, but does people
> accutually listen to that? And what instead?
You can use stylesheets.
These work well with PHP. Well, that's my attempt at getting this thread back
on topic. :-)
Chris
=
My Blog
--- "Chris W. Parker" <[EMAIL PROTECTED]> wrote:
> p.s. And yes Curt you touched on why I put my 's all on
> one line. Some browsers (I know IE does) like to add whitespace if
> the and are not all on the same line.
Which is why I didn't complain about that. :-)
You had your closing tr on the s
--- "S.P.Vimala" <[EMAIL PROTECTED]> wrote:
> How to create a unique session for every new browser instance?
I'm not sure if this fits your definition of "new browser instance", but there
is no way for a remote Web server to distinguish between two instances of the
same browser running on the clie
I didn't look into your problem, but I want to mention one thing that stands
out to me.
--- Frank Tudor <[EMAIL PROTECTED]> wrote:
> $query="SELECT payment FROM payment WHERE
> dln='".$_POST["dln"]."' = payment.dln='".$_POST["dln"]."' and
> users.password='".$_POST["password"]."'";
Never, ever bu
--- "Jed R. Brubaker" <[EMAIL PROTECTED]> wrote:
> Is there a way to preserve URL variables and have a link simply add
> a new variable to the end?
Sure, just use $_SERVER['QUERY_STRING'], which is the current query string, and
append whatever new URL variables you want.
Chris
=
My Blog
--- Rob Adams <[EMAIL PROTECTED]> wrote:
> > I'm not sure if this fits your definition of "new browser
> > instance", but there is no way for a remote Web server to
> > distinguish between two instances of the same browser running
> > on the client machine.
>
> That can't be true.
It can, and it
--- Jake McHenry <[EMAIL PROTECTED]> wrote:
> I know this is a bit off topic, but does anyone know of a way I can
> take the server time in php and get it into javascript?
Well, that part isn't off-topic, in my opinion.
JavaScript and HTML are the exact same thing from the perspective of PHP;
the
--- Rob Adams <[EMAIL PROTECTED]> wrote:
> Test it yourself.
With all due respect, it seems you should be doing the testing.
> Login to a PHP app using a standard browser and session cookies
> and see for yourself. I understand the philosophy of the web
> server only seeing what the client sends
--- "CPT John W. Holmes" <[EMAIL PROTECTED]> wrote:
> If you are not relying on a cookie based session, then this will
> work. Each login could be assigned a different session ID, so the
> requests for each browser will be different because of the different
> session IDs.
What John is explaining h
--- Rob Adams <[EMAIL PROTECTED]> wrote:
> That doesn't seem to be what he's saying.
>
> "because of the different session IDs."
>
> It seems to me a better example of what he is saying would be:
> http://example.org/foo.php?PHPSESSID=12345
> vs.
> http://example.org/foo.php?PHPSESSID=67890
Perh
--- John Nichel <[EMAIL PROTECTED]> wrote:
> Is this on Windoze or *nix? Sounds like some sort of buffering
> issue...
Yes, it does.
> what is 'output_buffering' set too in your ini?
This shouldn't matter either. I can't think of a reason why he would see the
behavior he describes. In fact, thi
--- Luis Lebron <[EMAIL PROTECTED]> wrote:
> I am rebuilding a php application to handle a higher load. The
> previous programmer had created a series of dynamically generated
> select boxes using a mysql table. Would it be faster or less
> resource intensive to create a series of arrays to generat
--- Pablo Zorzoli <[EMAIL PROTECTED]> wrote:
> I'm having trouble while i try to include a php file.
[snip]
> include ('http://blabla.com/script.php?var1=a');
[snip]
> script.php should echo some text, but i don't get any output.
When you visit http://blabla.com/script.php?var1=a and view source,
--- alain dhaene <[EMAIL PROTECTED]> wrote:
> Is there in php something as a redirect to another page like in asp?
Yes, and as with ASP, there are several methods.
Make an example script that has only this:
http://www.google.com/'); ?>
As for your error about headers already being sent, this is
--- alain dhaene <[EMAIL PROTECTED]> wrote:
> I have check my code.
> I haven't use a echo in my code.
> It's very strange. I will search more on the manule.
I don't think the manual will help you here. You *do* have output in your
script prior to the call to header(). Trust me. :-)
One way to fi
--- Pablo Zorzoli <[EMAIL PROTECTED]> wrote:
> i see one line containing the expected html code.The scrip is a
> counter that outputs the img tags to fecth the images:
>
>
>
> that's all i get, and all i would like to get with the remote
> include.
That seems right, unless I'm missing something
--- Pablo Zorzoli <[EMAIL PROTECTED]> wrote:
> > > include('http://www.google.com/');
> > ?>
> >
> > That should basically take Google's HTML and make it your own.
> > The image will obviously not work, but it should otherwise look
> > like Google's home page.
>
> yes i get Google's HTML.
OK, s
--- Robb Kerr <[EMAIL PROTECTED]> wrote:
> What's your favorite online Php language guide?
http://www.php.net/manual/
Chris
=
My Blog
http://shiflett.org/
HTTP Developer's Handbook
http://httphandbook.org/
RAMP Training Courses
http://www.nyphp.org/ramp
--
PHP General Mailin
--- Kim Kohen <[EMAIL PROTECTED]> wrote:
> I'm glad to report this is not a PHP issue. It turns out to be a
> Safari problem with Mac OSX (Safari was updated with OSX 10.3).
>
> All my PHP stuff is working correctly in IE so it looks like
> development will proceed there until Apple gets a fix.
I
--- Patrick Fowler <[EMAIL PROTECTED]> wrote:
> When I try access the index.php via the web the file it tries to
> download.
Try adding this to your httpd.conf:
AddType application/x-httpd-php .php
Hope that helps.
Chris
=
My Blog
http://shiflett.org/
HTTP Developer's Handbook
ht
--- Pablo Zorzoli <[EMAIL PROTECTED]> wrote:
> I've tried with the simlpest example:
>
> ---
> output.php
> echo "Hello World!";
> ?>
> --
> test.php
> tesing!
>
>
> include ('http://***.com/output.php');
> ?>
>
> --
Actually, I think the simplest example was what you tries earlier:
htt
--- Pablo Zorzoli <[EMAIL PROTECTED]> wrote:
> That's it i cannot wget it from the webserver i get
> failed: Connection timed out.
>
> i tried to wgetit from another machine and i get the desired
> output.
So the server where you're running the PHP script can't connect to
the server you specify
--- Leonel Nunez <[EMAIL PROTECTED]> wrote:
> When php 5 is released will there be support for php 4.3.x?
Support from whom? What type of support?
Do you consider there to be support for 4.3.x now?
Chris
=
My Blog
http://shiflett.org/
HTTP Developer's Handbook
http://httphandbook
--- Justin French <[EMAIL PROTECTED]> wrote:
> '
> method='get'>
Unless I'm mistaken (which is possible), this won't work. When the
form method is GET, the query string is constructed using the form
fields. Therefore, the manufacturer will be lost.
Hope that helps.
Chris
=
My Blog
http
--- Justin French <[EMAIL PROTECTED]> wrote:
> Can someone show me a simple, clean way to apply one function (eg
> stripslashes()) to every element in an array (eg $_POST)?
[snip]
> I've also seen http://www.php.net/array_walk, but couldn't
> determine how/if it suited my needs.
Maybe you can ex
--- Guillaume Dupuis <[EMAIL PROTECTED]> wrote:
> We currently have 3 php servers. Can we use the same SessionID to
> connect across the 3 systems?
Yes, assuming I understand you correctly.
There are many ways to address this challenge, but one method is to use a
database for your session store.
--- "Chris W. Parker" <[EMAIL PROTECTED]> wrote:
> Store the username+password as an MD5 hash in a cookie, also store the
> user id. Then on the other servers you can read the user id and use that
> to pull out the username and password hash (you do hash your passwords
> within the database right?)
--- MIKE YRABEDRA <[EMAIL PROTECTED]> wrote:
> What would cause a php page to instantly prompt a timeout error when
> loading?
I bet this would cause that to happen pretty quickly:
set_time_limit(1);
Chris
=
My Blog
http://shiflett.org/
HTTP Developer's Handbook
http://httphandboo
--- Daniel Clark <[EMAIL PROTECTED]> wrote:
> > $xyz = "Hello World";
> > echo "";
> >
> > The text box shows up with "Hello" NOT "Hello World". How do I get
> > the entire variable?
>
> I would try single quotes here.
>
> $xyz = 'Hello World';
That's good advice in general, but this error is th
--- Terence <[EMAIL PROTECTED]> wrote:
> I am trying to get the results of a function, which queries MySQL, back
> into an array for me to order. I only want to print out certain fields
> (I call the same query, but use different fields in different places).
>
> This works is I print out the field
--- Donald Tyler <[EMAIL PROTECTED]> wrote:
> I have a site that has a members section. In the news area, when a user
> clicks the link for an article, it pops open a new window a requests the
> article via a PHP script.
>
> What's happening is that when the new window pops up, the script isn't
>
--- "Chris W. Parker" <[EMAIL PROTECTED]> wrote:
> But seriously, why is it such a bad idea? I'd like to finally figure
> this out so I don't keep coming up with them (not that I've ever used
> any). ;)
I have a free chapter that explains cookies at the protocol level here:
http://shiflett.org/bo
--- Shaun <[EMAIL PROTECTED]> wrote:
> However, due to the nature of the site I need to make sure it is 110%
> secure against hacks etc. Now I know this isn't actually possible
That's a very good thing to realize. Security is a measurement, sort of
like temperature, so saying something is 100% sec
--- Luis Lebron <[EMAIL PROTECTED]> wrote:
> I am currently working on an application for a customer that may have
> a very large amount of users (10,000 or more according to the customer).
I currently design, develop, and maintain a suite of Web applications and
utilities that receive ten million
--- Pablo Gosse <[EMAIL PROTECTED]> wrote:
> If, as Chris wrote, this is indeed a feature/bug of IE, then it must be
> configurable somewhere, though I'm lost as to where that might be.
I have no first-hand experience with this, since I don't use Windows (and
I use Safari when I use Macs). But, th
--- Pablo Gosse <[EMAIL PROTECTED]> wrote:
> It's obviously best practice to rigorously check and validate all input
> coming via $_GET or $_POST, but what about $_SESSION values?
Session data can be considered safe, but there are of course caveats. It
is not possible for the user to manipulate se
--- Wouter van Vliet <[EMAIL PROTECTED]> wrote:
> One time I had this script somebody else wrote. About 1000 lines, a
> complete CMS in one file. It if'ed on simple $_GET vars about 10 times,
> by opening a new if statement each and every time. After I changed this
> to if ($_GET['p'] == 'one') { .
--- Pablo Gosse <[EMAIL PROTECTED]> wrote:
> In all honesty I don't know enough about how one would go about
> attempting to hack the values of a session other than through hacking
> into the session files, so if anyone has any input on this please pass
> it along.
Well, you basically hit the nail
--- "John W. Holmes" <[EMAIL PROTECTED]> wrote:
> Pablo Gosse wrote:
>
> > As to your last point, can something else change the session vars
> > other than my php scripts, answers to that question are exactly what
> > I'm looking for.
>
> Other PHP scripts on the same server (doesn't have to be s
--- Boyan Nedkov <[EMAIL PROTECTED]> wrote:
> > ... Short of any severe bugs in PHP's core, there is no way for a
> > user of your Web application to modify session data ...
>
> It seems that statement is not completely correct considering the topic
> discussed in the paper 'Session Fixation Vu
--- Luis Lebron <[EMAIL PROTECTED]> wrote:
> Any good tools for benchmarking sql queries?
This may not directly answer your question, but I find the mytop utility
very helpful for seeing what is happening with a MySQL server. It's
available here:
http://jeremy.zawodny.com/mysql/mytop/
Another th
--- Shaun <[EMAIL PROTECTED]> wrote:
> How could a cookie be changed maliciously?
Cookies are sent by the client, so hopefully that alone illustrates the
danger.
A cookie's value is not guaranteed to be whatever you asked the client to
set. The legitimate users of your site will likely be using a
> 1. Is it possible to download the entire PHP site so that i can learn
> from the source code at my liesure. I know that source code of PHP can
> be accessible through CVS but is there any anonymous FTP or a zip file
> download?
Not to my knowledge. If you don't like using CVS, you can always bro
--- Luis Lebron <[EMAIL PROTECTED]> wrote:
> I guess there is a configuration option in my.cnf for logging slow
> queries?
There, or you can pass it in as a command line argument when you start the
server. Here is a good URL for more information:
http://www.mysql.com/doc/en/Slow_query_log.html
Y
--- Jake McHenry <[EMAIL PROTECTED]> wrote:
> value="{$_SESSION['10_Accounting_Unit']}"
> onKeyUp="movefocus(10_Accounting_Unit,11_Accounting_Unit,1);">
This looks like you're trying to go in and out of PHP mode without using
, , etc.
Try something like this:
Hope that helps.
Chris
=
My
--- Josephin <[EMAIL PROTECTED]> wrote:
> am a newbie as of yesterday.
Welcome!
> Can't figure out how to get the $HTTP_Referer (own domain) of the page
> entering my form (html), convert it into a variable which is later
> passed on to my formmailer.php for the $subject variable.
>
> xy.html --
--- Jonathan Villa <[EMAIL PROTECTED]> wrote:
> I would like submit a form to a page, do some processing on that page,
> then if need be, return to the referrer but also send the submitted data
> along with it... and data is coming from a POST form, not a GET. I
> tried
>
> header('location:'.$r
--- Pablo Gosse <[EMAIL PROTECTED]> wrote:
> Hi Donald. I just tried this in XP Professional on IE 6.0 and it worked
> fine, both via a javascript function and a standard link with the target
> set to _blank.
>
> Anyone else have any idea why this would be happening?
No, but it would really be n
--- Shaun <[EMAIL PROTECTED]> wrote:
> Is there a way to filter metacharacters from all $_POST values sent from
> pages on my site in an effort to eliminate the majority of XSS attacks?
Yes, but it's probably more important that you understand what XSS is and
what methods people use to protect aga
--- Shaun <[EMAIL PROTECTED]> wrote:
> does anyone know of a function i can include in my scrpits to ensure all
> $_POST values sent from a page don't include any SQL?
It's only important that the data sent from the client will not be
executed by your database. Depending on which database you use,
--- Ryan A <[EMAIL PROTECTED]> wrote:
> I thought i knew the useage of the "global" keyword in a function but
> after reading a pals program i am really confused, i tried
> http://php.net/global but that does not give me any results...searched
> the list and found some reference to global and the "
--- rogue <[EMAIL PROTECTED]> wrote:
> Suppose I am running a script from an URL like:
>
> http://127.0.0.1/~myname/foo/bar.php
>
> on this page I want to redirect to another page and send a full http
> string like:
>
> $redirect = "http://"; . $_SERVER['HTTP_HOST'] . "/foo/hello.php";
>
> In
--- Steve Buehler <[EMAIL PROTECTED]> wrote:
> I am using PHP/MySQL and am having a problem. We have some names and
> addresses in the database that have single quotes in them. For
> instance. There is a town around here called "Lee's Summit". Also
> names like "O'connel". When I pull from the da
701 - 800 of 1546 matches
Mail list logo
