Re: [PHP] Variable Passing
What I do to control it only by PHP without using the mod_rewrite for apache is to use URL with this format: http://sample.com/script.php/param1/param2/param3 Then, work in the script looking at the variable $_SERVER['REQUEST_URI'] wich will contain, in this sample: /script.php/param1/param2/param3 You can explode the uri in an array: $params = explode('/', substr($_SERVER['REQUEST_URI'], 1); I used the substr dunction to remove the first slash. On the resulting array you will have, by index [0] = script.php [1] = param1 [2] = param2 [3] = param3 This works with Apache. I've not tested it on IIS, but suspect that it will not work on ISS. Hope this helps you. Jordi. On Apr 8, 2005 4:11 PM, Brad Brevet [EMAIL PROTECTED] wrote: Hi, I am curious how to pass a variable without using something like id=321. I have seen sites that have something like http://www.website.com/something/321 and the variable is passed how exactly is that done? And is it called something specific so I know how to refer to it in the future? Thanks, Brad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Problems compiling PHP-5.0.4 with cPanel.
Hi, I have an VPS server wich runs cPanel. My PHP version currently installed is 5.0.3 and had no problems until now. I've been trying to upgrade my PHP version from 5.0.3 to 5.0.4 with no success. I've tried doing it with WHM and also tried to do it manually with ./configure and make. Always I've get an error when the system is going to build the library libphp5.la and the building finishes there. The error I get is: make: *** [libphp5.la] Error 1 I've been searching about this error, but found no significant information about it. The two things I've found is: 1. The package could be corrupted (But packages are chacked with md5). 2. There is not memory on the server to compile PHP. Perhaps it could be the problem, as I followed a compile and it looks like it crashes when the memory gets low. Also I've tried to recompile PHP 5.0.3 wich is now running on my server and I get the same error. Perhaps this could be related with the new builder realease that cPanel released, and wich includes some more stuff (like the mysqli extension)? I'm really stuck with this triying to recompile PHP on my box, but had no success. Any help about this issue will be really apreciated. Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP 5 Status
On Apr 1, 2005 8:30 PM, Colin Ross [EMAIL PROTECTED] wrote: Is PHP 5 ready for production environments? Is it concidered stable, or is it just a matter of going a while with no new bugs discovered to get to stable.. Yes, it is ready. I've been using on my production servers since version 5.0.1 without any problem. Now I'm running 5.0.3 and this weekend will update to 5.0.4. I'm really happy with PHP-5 and specially with all his new features. Now the majority of my scripts require PHP-5 (And don't wok with previous versions). Also I run PHP-5 in some hosting server for my customers, some of them running old scripts, and everything runs really well. I would recommend it to anybody who starts a new development do it with PHP-5 in mind. To all those people who has PHP-4 running, I would recommend to test PHP-5 and start deploying it. Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: [suspicious - maybe spam] [ PHP] [suspicious - maybe spam] RE: [ suspicious - maybe spam] [PHP] [suspici ous - maybe spam] Résultats sur plusieurs pages
Please, This is an English list. I'll thank if you can write plain english on it. Thanks. On Tue, 22 Mar 2005 21:18:06 +0100, Aurélien Cabezon [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mike Johnson wrote: | Si je lis votre question correctement, vous desire paginez votre | resultats. Vous avez besoin le nombre de records dans l'ensemble de | resultat. Si vous desire montrer dix resultat dans chaque page, | ajoutez un clause LIMIT a votre interogation: Utilise Pear::Pager. C'est très pratique. http://pear.php.net/package/Pager Amicalement, Aurélien -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCQH172e0VO2fZtNYRAm7AAJwNz56nogkEdbQ4bh2WPKPD0g6rSQCgsDDy l7pHD3rh5CaWwSfvdwspDuo= =RXZt -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Understanding intval() and types conversion
Many thanks to all for clarifiying this. Finally I could remember some things and understand why things go that way. Thanks again. Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Understanding intval() and types conversion
Hi, I'm trying to understand how the intval() function works, but I'm unable to understand how exactly it works. Take a look at this piece of code (Tested on PHP 5.0.3): ?php $a = (0.1 + 0.7) * 10; $b = intval($a); echo 'a - '. $a .' - '. gettype($a); // Prints: a - 8 - double echo 'br'; echo 'b - '. $b .' - '. gettype($b); // Prints: b - 7 - integer ? I also tested settype() and casting: settype($a, 'integer'); // New value for $a is 7 $b = (int) $a; // Value for $b is 7 I cannot understand it. If originally the value for $a is 8 (double), why when converting to integer I get 7? Any help or comment which helps me to understand that will be really welcome! Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [Fwd: DNS.050125191312.29782 (Re: Re: [PHP] Replace credit card numberswith X ???)]
On Tue, 25 Jan 2005 16:29:38 -, Chris Ramsay [EMAIL PROTECTED] wrote: snip Hey! I just got this emai lfrom RIPN mail processor at Moscow ?!?!?!?!? /snip I have received this also with both my postings today...and probably will again... I've just sent ONE message to the list today and I've got 8 times this message ... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Notice:Use of undefined constant
Wish List: PHP 6 uses E_ALL by default install. I wish E_ALL | E_STRICT Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: multiple sessions on same server/domain
On Fri, 21 Jan 2005 09:43:38 -0800 (PST), Richard Lynch [EMAIL PROTECTED] wrote: Thus my point remains: On a shared server, I don't need to resort to calling this function to hijack your Cookie/session. PHP can read the raw session files. I can write a PHP script to read the raw session files, regardless of what directory the Cookie is set to use to store/retrieve the Cookie whose purpose is to identify those files. This is not something you can fix in any real-world scenario where it matters. Of course you can fix it! You can change your sessions handler and save your session data in a database. For that you can use the session_set_save_handler(). Best regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Search engine
On Thu, 20 Jan 2005 14:04:44 +0200, Rosen [EMAIL PROTECTED] wrote: Hi, Can someone recommend me a search engine script in PHP for inside one site? http://www.phpdig.net/ Regards, Jordi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] NT domain info
On Thu, 20 Jan 2005 00:13:35 -, Mikey [EMAIL PROTECTED] wrote: Hi NG! Does anyone here know of a way of getting at the user account information from a windows domain controller from a Linux box, specifically in PHP? The Windows domain controllers run LDAP. So, you can use the PHP LDAP functions to retrieve information from it. Looking for it, I've found an example at http://asia.cnet.com/builder/architect/system/0,39009336,39105862,00.htm I think this sample could give you an overview to start playing. Best regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to set an absolute include path?
On Mon, 27 Dec 2004 08:27:25 -0800, Brian Dunning [EMAIL PROTECTED] wrote: Is there a command that will set the include path to the web server root? set_include_path($_SERVER['DOCUMENT_ROOT']; I'm trying to set up a directory structure where include files will be called from all different folder depths, so I'll need to call them absolutely like: include('/includes/file.php'); include ('includes/file.php'); Note that there is no slash at the begining. where the above will work no matter from which level it's called. Thanks... Think this two instructions will help you to solve this. I have not tested today but used similar solutions on the past. Best regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to set register_globals=off in the script?
On Tue, 21 Dec 2004 14:56:03 -0500, Jerry Swanson [EMAIL PROTECTED] wrote: I know that register_globals = on is not secure. But one program requires to use register_globals=on. So in php.ini register_globals is set to on. I have PHP 5.1, is it possible in the code set register_globals=off for specific scripts. I'm afraid the answer is no, as the vars are globally set before running the first line of your script, so this parameter cannot be changed by code. But you can use some specific configurations if using Apache as the webserver: So I want to keep PHP register_globals=on in php.ini, but in local files set to off? How I can do this? If your server is Apache, you can modify locally modify the settings for a virtual server adding a line in the virtual server section in your httpd.conf file (and have off in your php.ini) php_flag register_globals = 1 Don't forget to restart Apache after adding this line. Also, you can set this line in the .htaccess file at the root directory for any website, and it will modify the setting only for that virtual server. The httpd.conf option is best as it is parsed only when Apache start, the .htaccess file is parsed for each file processed by the server. Hope this helps, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setting or Getting Relative Path for PHP Includes
Can use a directive on your .htaccess: php_value include_path /your/include/path/here This can also be set on your httd.conf in a virtual server basis. If you have access to php.ini is better to set the include there. Regards, Jordi. On Mon, 20 Dec 2004 12:41:06 -0800, Anthony Baker [EMAIL PROTECTED] wrote: Hey Folks, Hoping someone can aid me with a newbie-ish question. I often use PHP includes in my files to pull in assets, but I hard code the relative path to the root html directory for the sites that I'm working on in each file. Example below: ?php $path = '/home/virtual/sitename.com/var/www/html/'; //relative path to the root directory $inc_path = $path . 'code/inc/'; //path and folder the code includes folder is located $copy_path = $path . 'copy/'; //path and folder the copy is located ? I'd like to be able to set the relative path as a global variable from an external file so that I can modify one line of code to change the relative path across the site. This will allow me for easier coding in staging and development environments. What's the best way to do so? Can anyone provide a code example? Either that, or is there a way to call this variable from the server itself so that it's automatically -- and correctly -- set? Thanks, Anthony -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Performance of magic_quotes_gpc ??
Hi, a couple of comments: --snip-- htmlentities(htmlspecialchars($_POST['tentry_body'])) . '; --snip-- Why are you using both htmlentities and htmlspecialchars? Think that html only converts some entities while htmlentities converts all ... so, for your purposes, apliying only one could do the job. In the archives people suggest that using mysql_escape_string should be used, I then found that you could globally enable magic_quotes_gpc. magic_quotes_gpc is a generic way to getting the user data escaped, but is not the recommended way. It's better to have magic_quotes_gpc disabled and use a database specific method for scaping. If you use mysql, I would recommend mysql_real_escape_string. (mysql_escape_string is deprecated since 4.3.0) Best regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Mining protection / security code confirmation
On Fri, 03 Dec 2004 09:43:10 +0800, Ho!Tech Guy [EMAIL PROTECTED] wrote: I have a classified ad section on my site which uses a privacy mail function so users don't have to make their email address public. Recently though, the site has been mined (I assume) and spam is being sent. I was thinking that a security code confirmation type script would be good where the user has to enter the number shown in a graphic. Am I on the right track? If so, can anyone recommend a specific script? I cannot recommend a specific script, but a good article and tutorial from the Zend website: http://www.zend.com/zend/tut/tutorial-mehmet1.php Hope this helps, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Understanding Static Methods
On Fri, 19 Nov 2004 03:16:14 +0100, Sylvain Girard [EMAIL PROTECTED] wrote: I'm taking a wild guess here, but doesn't that got anything to do with the public declaration of the method? If I declare the method without the public declaration it bahaves the same ... static function TestStatic() { } Can be called also by using the name of an instanced var: $test-TestStatic() continues working. Regads, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Understanding Static Methods
On Fri, 19 Nov 2004 12:01:16 +0100, Sebastian Mendel [EMAIL PROTECTED] wrote: Jordi Canals wrote: I'm trying to understand static methods in a test class. Reading the manual, it says: A member or method declared with static can not be accessed with a variable that is an instance of the object and cannot be re-defined in an extending class. Test code: ?php class B { private $str; public final function __construct() { $this-str = 'Hello world'; } public function showB() { echo $this-str, 'br'; echo 'Showing Bbr'; $this-TestStatic(); } public static function TestStatic() { echo 'brInside Staticbr'; } } echo error_reporting() . 'br'; $test = new B; $test-TestStatic(); $test-showB(); echo -- END --; ? Output: = 4095 Inside Static-- Called by $test-TestStatic() Hello world Showing B Inside Static-- Called from $test-showB with $this-TestStatic() -- END -- Comments: I'm running PHP 5.0.2 and error_reporting = E_ALL | E_STRICT. As reported in the output, the values for error_reporting are well set (4095 == E_ALL | E_STRICT) with zend engine 1.3 compatiblity on ? No, I have the zend engine 1 compatibility set to Off: zend.ze1_compatibility_mode = Off Regards, Jordi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Understanding Static Methods
Hi all, I'm trying to understand static methods in a test class. Reading the manual, it says: A member or method declared with static can not be accessed with a variable that is an instance of the object and cannot be re-defined in an extending class. Test code: ?php class B { private $str; public final function __construct() { $this-str = 'Hello world'; } public function showB() { echo $this-str, 'br'; echo 'Showing Bbr'; $this-TestStatic(); } public static function TestStatic() { echo 'brInside Staticbr'; } } echo error_reporting() . 'br'; $test = new B; $test-TestStatic(); $test-showB(); echo -- END --; ? Output: = 4095 Inside Static-- Called by $test-TestStatic() Hello world Showing B Inside Static-- Called from $test-showB with $this-TestStatic() -- END -- Comments: I'm running PHP 5.0.2 and error_reporting = E_ALL | E_STRICT. As reported in the output, the values for error_reporting are well set (4095 == E_ALL | E_STRICT) I cannot understand why I can access the method TestStatic() with a variable that is an instance of the class. The manual say I cannot do it. As you can see, I call the static method with $this-TestStatic() inside the showB() method; also, I can access it by using the instance of this class: test-TestStatic(). I get no errors or notices about I'm accessing an static method by using and instance var. As you can read in the manual, you cannot do that but it works without error. I'm sure I'm missing something ... Thanks in advance for comments, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Auto Class loading
On Wed, 17 Nov 2004 19:17:13 -0200, Bruno B B Magalhães [EMAIL PROTECTED] wrote: Continuing the classes questions... I have a class loader called 'load_core_class($class=''), but if $class equals to all I would like to load all classes in the core directory, include then AND start then this way: If you're on PHP-5 you could use the __autoload function, so when a class is used will be automatically locaded. You should declare this function before using any class: function __autoload($classname) { require_once('/path/to/classes/dir/' . $classname . '.inc'); } Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Supremacy...
On Wed, 17 Nov 2004 16:17:44 -0600, Pedro Irán Méndez Pérez [EMAIL PROTECTED] wrote: Hello my friends, I need your help in convince to my boss in adopt php for development of a tool for intranet in my office, he told me that php is open source and we don´t know if will disappear in a year, or if php have a support like .net. what arguments can I show for convince him to try PHP? You know that PHP will not disapear in a year, as it is Open Source and anybody can take it and do what he wants with the source code ... Also there are important companies that have PHP based bussines (Zend for example). Well, the first thing you must tell him is that Microsoft has demonstred that changes technologies at his own interests. When a new version is released you have to update if you want support. As the source code is closed, nobody else than MS can maintain the code, so you're married with them. And of course, any upgrade means lots of money. If you choose the MS platform, Microsoft will decide when you should upgrade, if you look at PHP, you have not to upgrade to PHP-5 if PHP4 covers yours needs, as PHP4 continues maintained and patched. Developing in dotNET means that you will not be able to change your platform in the future. As it only runs on Windows, you cannot change in the future. Choosing PHP gives you the freedom to change your systems when you want. You can concentrate in your development and don't worry about the platform what will host your scriuts: PHP will run in that platform. You know PHP is available for ANY platform: Windows, Linux. Solaris, FreeBSD, and all sort of Unix ... Also, if you choose PHP, you will easly find lots of ready-made scripts to help you in your work and to speed-up your developments. You know, there are tons of sites and projects that provides you with scripts for almost any purpose and with free open source license. Make a search in Google and compare results of free code available written in PHP and in dotNET. Also the learning curve for PHP is really short. You can quickly start with simple scripts and scale fast ... If you thing about hosting companies, most of them support PHP, and only some support dotNet hosting ... in that price is a factor, as the companies must pay licenses for Windows and dotNet, when they can give the same services with Linux+PHP, so, hosting PHP scripts is always cheaper than hosting dotNET pages. Now, some info taken from the web: Taken from the Oracle website. Good article that tells why Oracle chooses PHP at http://www.oracle.com/technology/pub/articles/hull_asp.html PHP 4 PHP 5 ASP.NET Software price freefreefree Platform price freefree$$ Speed strong strong weak Efficiency strong strong weak Securitystrong strong strong Platformstrong strong weak (IIS only) Platformany any win32 (IIS only) Source availableyes yes no Exceptions no yes yes OOP weakstrong strong Also, you can point to some well known companies that use PHP (From the Zend Website) : Lucent Technologies McGrawn Hill Lycos Lufthansa Hewlett Packard Nortel Networks AMD Siemens Apple UPS Bausch Lomb Also you will find interesting comparisions and articles if you search at Google: php vs asp.net why choose php over asp.net? Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question regarding constructors and child classes
Hi, Comment inline On Wed, 17 Nov 2004 20:19:01 -0600, Brent Clements [EMAIL PROTECTED] wrote: ?php class foo { function foo () { echo constructed!; } } class childFoo extends foo { function childFoo() { // here you should call the parent constructor: parent::foo() // also you could do this other way (I prefer the one above): $this-foo() echo constructed also!; } } $a = new childFoo(); ? Is there any way to run both the parent and child constructor? http://www.php.net/manual/en/language.oop.constructor.php http://www.php.net/manual/en/language.oop5.decon.php Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Automatically Escape?
On Tue, 16 Nov 2004 12:33:15 +, Richard Davey [EMAIL PROTECTED] wrote: G Is there a function that can automatically escape special characters G before putting them into mySQL? See magic_quotes to have it done for you. Although this isn't a recommend approach if you plan to distribute your application, in which case mysql_escape_string() is the one. Just a comment : Note: This function (mysql_escape_string) has been deprecated since PHP 4.3.0. Do not use this function. Use mysql_real_escape_string() instead. So, if you're coding new scripts is better to use mysql_real_escape_string(). Best regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php.ini
On Tue, 16 Nov 2004 00:17:27 -0800 (PST), [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: (on windows) can someone tell me where to define which php.ini gets used? On my dev box, I installed the zend editor. Now when i do a localhost/phpinfo() from a normal browser window (ie not from within the zend IDE) it says php is using the ../zend/php.ini settings file... within apache's httpd.conf you can set which php DLL to use, but I cannot see how php then knows which .ini file to work with? It seems to be picking up the php.ini from a completely different directory somewhere, so i am wondering if the zend installer sets some secret registry value that the php.dll is looking for? If you're using Apache 2 (does not work with Apache 1.3)... then you can put a directive in httpd.conf: PHPIniDir c:/php Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session_set_cookie_params() for one level domains
Hi all, Something that has taken me some time to debug and wanted to share: session_set_cookie_params() does not work when the domain param is just a one level domain, like it was a TLD. I have a site in an intranet and our internal domain is .local, so trying to set the cookie session to the .local domain does not work: session_set_cookie_params(0, '/', '.local'); // Does not work In all test I've done, setting the domain only works for SLDs and above: session_set_cookie_params(0 , '/', '.sld.local'); Does work I think this is nothing to do with PHP but the http protocol, witch does not permit setting cookies for TLDs for obvious security reasons. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHPINIPATH/PHPINIDIR/PHPININAME?
On Sun, 14 Nov 2004 23:42:58 +0700, David Garamond [EMAIL PROTECTED] wrote: Greg Donald wrote: print_r($_ENV); What should I see in it? RTFM http://www.php.net/manual/en/reserved.variables.php#reserved.variables.environment -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Unsetting vars when not needed?
On Fri, 12 Nov 2004 16:46:52 +, pete M [EMAIL PROTECTED] wrote: Unsetting class objects does take time and is really of no benefit unless there are memory problems as for freeing resuslts - the same applies pete Many thanks for comments. I see that if not having memory problems it's best to let PHP to automatically destroy the objects at the end of the script. Best regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Shifting banner on re-display
On Sat, 13 Nov 2004 11:00:08 -0500, Andre Dubuc [EMAIL PROTECTED] wrote: Hi, I have a very annoying problem with pages that re-display using the form action tag. On re-display the banner, which is set absolute position at 0px, shifts down by about an inch. I've isolated the cause to the form action tag. I had this problem sometimes, specially when the user uses Mozilla as the browser. Reloading the page does not render always the same way. Normally the same page renders always the same in IE. But the problem was not with the browser itself and nothing to do there. In my cases, the problem was always a misformed HTML source ... missing closing tags, bad columns width ... Specially the problem has arised in the past when some columns or rows need to have exact sizes. Checking the HTML sintax and styles helped. Specially, I use the w3c validator and also validate the CSS for bugs in my code. After that, and correcting my bugs, the page always renders the same way. And this not means that it does as exepected :P Check the page sintax at http://validator.w3.org Best regards. Jordi. For me, the problem -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Unsetting vars when not needed?
Hi all, I was working now in a new site developed with PHP 5.0.2 and a wonder came to me: Is usefull and recommended to unset a class instance when not needed? Specially when the class was instantiated inside a function and the function ends. In this case, the system should automatically destroy the instance (as it is a local var inside a function). If we manually unset the instance at the end of the function, does this affect the PHP performance? I mean, will PHP have to do an extra job unsetting the var? Also, the same question arises with database results. Is it worth to call mysql_free_result at the end of a function that uses it? Must take into consideration that there are lots of functions that use lots of MySQL results. Thanks for any comment Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Javascript and php
On Sun, 7 Nov 2004 11:44:33 +0100, Reinhart Viane [EMAIL PROTECTED] wrote: Hope some of you also work on sundays :) I have a little javascript which displays a images (with previous / next thing) Now, i populate the javascript array with an php array: SCRIPT LANGUAGE=JavaScript !-- Begin NewImg = new Array ( ?php while($row = mysql_fetch_object($result)){ echo \.$row-picture_url.\,; } ? ../pictures/7_stripper3.jpg, ../pictures/7_stripper2.jpg ); var ImgNum = 0; var ImgLength = NewImg.length - 1; ... /script As you can see i echo the url of the picture. After each picture url there needs to be a ',' But not after the last picture. At this moment all pictures have the ',' after there url, even the last one. Any way to determine if the url is the url of the last picture and thus not printing a ',' behind that last one? Yes ... some work on sunday ;), at least to read the list I took no much time to find out a solution for your problem, but a possible question could be: ?php $list = array() while($row = mysql_fetch_object($result)){ $list[] = ''. $row-picture_url .''; } echo implode(',', $list); } ? Another solution : ?php $string = '' while($row = mysql_fetch_object($result)){ $string .= \.$row-picture_url.\,; } $string = substr($string, 0, strlen($string - 1); ? I have no tested the solutions, so could be some sintax error. But to give you a couple of examples, hope that helps Jordi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Help:escape_string and stripslashes
On Sun, 7 Nov 2004 03:52:28 -0800 (PST), Stuart Felenstein [EMAIL PROTECTED] wrote: I asked a question yesterday about this but I think my question is now more fine tuned: Right now I have about 50+ session variables that will be inserted into my mysql database in a transaction. I need to do the mysql_real_escape_string and because magic_quotes_gpc is turned on stripslashes as well. I'm wondering if there is a way to use a function or class within my connection script to take care of all of this ? As oppposed to listing everyone out ? I know I can pass all the variables as an array but some of the variabls are arrays themselves, so not sure how that would work. In the manual http://es2.php.net/manual/en/function.get-magic-quotes-gpc.php you have an example just for that. Take a look to the Example 2. The way I do it, is using that function, but think the example in the manual is much better: function array_deslash($array) { foreach ($array as $key = $value) { if (is_string($value)) { $array[$key] = stripslashes($value); } elseif (is_array($value)) { array_deslash($arrau[$key]); } } } Hope this helps, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SQL-Injection, XSS and Hijacking
On Wed, 3 Nov 2004 19:02:22 -0800 (PST), Chris Shiflett [EMAIL PROTECTED] wrote: There is a lot more. I highlight some of the things I think are of principal concern for PHP developers in something I call the PHP Security Workbook: http://shiflett.org/php-security.pdf That doesn't cover everything, of course, but it covers those things I have chosen as most important when I only have three hours to talk about security concerns. :-) Chris, Many thanks for this link to your workbook. Really is a valuable read as it puts together the main security concerns. It helped me to see another point of view in some things. Just have to ask: Which method for data filtering you think is best for a modular site? the dispatch method (page 8) or the include method (page 10)? I specially like the dispatch method as I use my own private server (VPS) and have all modules outside the document root. This way, all scripts must be called by the dispatcher wich provides al security checks. As scripts are outside the document root, you cannot run them directly bypassing the dispatcher, and the security checks ... In my document root, the dispatcher is the only available script. Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] RE: [PHP-WIN] Cannot load the mysql library
Hi, On Thu, 4 Nov 2004 01:12:40 +1000, Murray @ PlanetThoughtful [EMAIL PROTECTED] wrote: When I open the page, I receive the message: PHP Startup: Unable to load dynamic library './ext/php/_mysql.dll' Can't find the specified module. I don't know if this is the exact message, because the original is in Portuguese: () No foi possvel encontrar o mdulo especificado. It's probably a little obvious, but just to make sure: did you restart IIS after copying the dll and uncommenting the line in the ini file? Looks like you have bad info in the PHP.INI file ... as the message normally will be: Unable to load dymaic library c:\php\ext\php_mysql.dll. Check for this entries in your PHP.INI, I write the correct values (Suposing you've installed php in c:\php ... extension_dir = c:\php\ext\ extension=php_mysql.dll Hope this helps, Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: **[SPAM]** Re: [PHP] email as link
On Wed, 03 Nov 2004 12:25:38 -0500, John Nichel [EMAIL PROTECTED] wrote: Jay Blanchard wrote: [snip] Sending as HTML will ensure that _almost_ everyone sees it as a link, but there are some who have their clients set to block HTML. [/snip] Text only on a list like this is just darned good etiquette. Are you trying to tell me that some people on mailing lists don't like HTML email?!?!? Comeon. Next you'll tell me that there's a war between top and bottom posting. Me, for example I do not accept any HTML message from a list. My filters send those messages directly to my spam box. (I only accept HTML messages from people on my address book). Perhaps because I hate HTML messages ... perhaps because the images are used to check live adresses for the spam lists ... Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: blank function parameters
On 3 Nov 2004 16:38:39 -, Matthew Weier O'Phinney [EMAIL PROTECTED] wrote: * Daniel Schierbeck [EMAIL PROTECTED]: function foobar ($a, $b, $c = null) { if (isset($c)) { echo 'The third argument was set'; } } That check should be for 'is_null($c)' as the default value of $c will be null, and it will be always set, even if not sent. The example above is correct ... you can check with isset($c) and always will return false, as the manual says: isset() will return FALSE if testing a variable that has been set to NULL. Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] text email new line
On Tue, 2 Nov 2004 16:25:56 +, Richard Davey [EMAIL PROTECTED] wrote: Hello Jerry, JS I'm sending text email. How I can make new line. JS \n seems to be not working. \n in a text (not HTML) email will do the trick most of the time, sometimes I see \r\n, but \n works for me nicely. Are you sure it's quoted properly? instead of ''? The RFC 2822 for Internet Message Format states clearly that MUST be \r\n using only \n is not standard and you cannot expet all servers to accept it as a valid separator. Just want to take your attention to this paragraph from RFC 2822: Messages are divided into lines of characters. A line is a series of characters that is delimited with the TWO characters carriage-return and line-feed; that is, the carriage-return (CR) character (ASCII value 13) followed inmediatly by the line-feed (LF) character (ASCII value 10). Also take in consideration that a message line cannot have more that 998 characters (plus CRLF) ... The RFC 2821 says: The apperance of CR or LF characters in text has long history of causing problems in mail implementations and applications that use the mail system as a tool. SMTP client implementattions MUST NOT transmit these characters except when they are intended as line terminators and then MUST transmit them only as CRLF sequence. I hope this will help in composing mail messages and my recommendation is to *follow the standard* and send messages always by using CRLF as a line delimiter. Only doing that way, you will ensure your messages are accepted by any server. More information: RFC 2822 - http://www.faqs.org/rfcs/rfc2822.html. RFC 2821 - http://www.faqs.org/rfcs/rfc2821.html. Best regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: [users@httpd] November 2, 2004
On Tue, 2 Nov 2004 17:57:02 +0100, Enrico Weigelt [EMAIL PROTECTED] wrote: BUT: i personally think its okay to talk about such offtopics when they're so generally important. Perhaps is so important to US citizens, but not to much people outside the US ... and I think this is not a list about US politics, this is an international technical list about PHP with people from lots of countries that have nothing to do with US elections. In my opinion this is not the place where anybody can talk about their country's elections. Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] VOTE TODAY
On Tue, 2 Nov 2004 16:07:58 -0800, Brian Dunning [EMAIL PROTECTED] wrote: I'm Canadian, please stop wasting my bandwidth. And I'm European and don't mind about US elections. Please STOP this politics offtopics here. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re[2]: [PHP] text email new line
Hi Richard, On Wed, 3 Nov 2004 00:19:59 +, Richard Davey [EMAIL PROTECTED] wrote: Hello Jordi, Tuesday, November 2, 2004, 5:34:00 PM, you wrote: JC I hope this will help in composing mail messages and my recommendation JC is to *follow the standard* and send messages always by using CRLF as JC a line delimiter. Only doing that way, you will ensure your messages JC are accepted by any server. I'm not disagreeing with what you posted, because it's all true, but I would like to ask - can you actually name a popular mail server that rejects emails that use \n as a line delimiter (even if used by mistake), because I've haven't seen it happen for years. Well, I don't know if this has changed, but less than one year ago Hotmail was one of them and dropped mail messages with LF as line separator. Some SMTP implementations on Windows also drops the messages. And, finally some clients don't wrap the message correctly when received and you have to scroll horizontally to read long lines. Take in attention the 2.3.7 section of the RFC 2821 wich says: SMTP client implementations MUST NOT transmit these characters (CR or LF) except when they are intended as line terminators and then MUST, transmit them only as a CRLF sequence. So, when we are sending a message from PHP, we are involved in an SMTP client implementation. Then, when composing the headers or the body for a message to be sent (i.e. using the mail() function) we have to follow the standards to ensure that the message will not be rejected by any server just because we sent it in a bad format. So, because we cannot ensure that all SMTP servers in the world will accept non-standard line terminators, my recommendation when sending mail, is to use the standard line terminator and compose headers and body with CRLF as a line terminator. Only that way you will be absolutelly sure that the mail will not be rejected because of line terminators. I think a good way to do it, is to define a CRLF constant: define('CRLF', \r\n); You could also ensure that the body is well formed forcing the line terminators to CRLF: $body = preg_replace(/(\r\n)|(\r)|(\n)/, \r\n, $body); Best regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Query Returning Error
On Wed, 13 Oct 2004 08:32:17 +0100, Harlequin [EMAIL PROTECTED] wrote: Morning all. this is such a basic question I'm embarrassed to ask but the query worked fine a few minutes ago and now returns an error: I get an error: Parse error: parse error, unexpected '=' in sample.php on line 2 [CODE] // Authenticate User: Query01 = SELECT * FROM Users $Query01 WHERE UserID='$_POST[TXT_UserID]' AND UserPassword='$_POST[TXT_UserPassword]'; $Result01 = mysql_query($Query01) or die(Error 01: . mysql_error()); [/CODE] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] fpassthru failure with mozilla
On Tue, 12 Oct 2004 09:17:30 -0700, ApexEleven [EMAIL PROTECTED] wrote: Why use fpassthru? I just use readfile, is there a difference? The main difference is with fpassthru you never show to the user the exacr location of the file, so must use the script to download it. In example, you can control hot-links from other sites, php access control to the file, and so on. Also, you can put the file outside the apache documents directory, so the file will never be reached in other way: if you want the file, you have to use the script wich controls the access to it. Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP_SELF SCRIPT_NAME differences
Hi all, I'd like to know the difference by using the $_SERVER['PHP_SELF'] and $_SERVER['SCRIPT_NAME'] variables. After I read the manual, I have not found the difference betwen the two when used in a Web Script. Also, in all tests I've done, I get the same result in both variables. Any comment will be welcome, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] fpassthru failure with mozilla
On Wed, 13 Oct 2004 00:22:40 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: Why use fpassthru? I just use readfile, is there a difference? I bet Apex11 meant readfile() php function. Oh, I see. Sorry for the mistake. In this case, I would like to know also the diference ;) Regards, Jordi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] sending SMS messages to mobile phones from PHP
On Sun, 10 Oct 2004 15:23:54 +0100, Andrew Cowles [EMAIL PROTECTED] wrote: We operate an SMS Gateway service (http://www.kapow.co.uk/) which would do exactly what you need. It's been reliably sending SMS since 1995 - and MANY of our clients use PHP. Unfoturnately your price list is only in pounds: No Euros, No Dollars :( It Looks like you only accept British Customers. Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SOMETIMES, my SID gets embedded in the URL ???
I had this problem in the past, and asking the PHP people, found that session.use_trans_sid is PHP_INI_DIR for PHP 4 and PHP_INI_ALL for PHP 5. That is the response I received from a bug I submited some time ago http://bugs.php.net/bug.php?id=28991 So, You're setting user_trans_sid with ini_set and that does not work in PHP 4, you should edit your PHP.INI file or add an entry to the .htaccess file. Regards, Jordi On 11 Oct 2004 06:59:32 -, PHPDiscuss - PHP Newsgroups and mailing lists [EMAIL PROTECTED] wrote: I tried ini_set('session.use_only_cookies', 1). I also tried ini_set('session.use-trans-sid', 0). Right after I made the change, the sid was gone, urls didn't contain it anymore, BUT, the next day, today, when I accessed the site from my office (another computer), the SID is there again! And this is exactly like when I first added ini_set('session.use_only_cookies', 1) : before the addition the sid was sometimes there, after the addition it wasn't. Few days later it was there again. Then I added ini_set('session.use-trans-sid', 0) and it was ok, today it's not. Don't know what to believe anymore... The strange thing is, phpinfo() says session.use_only_cookies is ON and session.use_trans_sid likewise. So if session.use_trans_sid is on, why do I lose my session after redirecting to a relative url ? The docs say that relative URIs will be changed to contain the session id automatically. Also when I access the forums on my site (IPB), the sid isn't embedded. So my question is: if session.use_only_cookies is ON, why on earth is the sid present in the url ? PS: php is version 4.3.8. Marek Kilimajer wrote: PHPDiscuss - PHP Newsgroups and mailing lists wrote: he problem is that SOMETIMES, my SID gets embedded in the URL, although at the begining of every page I have this code: ini_set(session.use_only_cookies, 1); The above sets sessionuse_only_cookies to 1. I did not miss a dot, session and use_only_cookies are interpreted as constants. You need quotes: ini_set('session.use_only_cookies', 1); session_set_cookie_params(60*60); session_start(); session_register(blabla); if (!$_SESSION[logged_in]) session_destroy(); etc, etc; So there are days/times when the SID isn't embedded in the URL (and in the links of the page), and days/times when it is, regardless of what value $_SESSION[logged_in] has. I tested the value returned by ini_set and it's always different from false. What gives ??? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] URL verification
Hi, Check the port number: 80 for http and 443 for https (standard defaults). You can check it with $_SERVER['SERVER_PORT'] i.e.: if ($_SERVER['SERVER_PORT'] != 443) { header('Location: https://some.location.here'); } Also, there is not important if the login form is displayed in SSL mode or not. You can force the form to post to an SSL page, and then all data will be transmitted with SSL. i.e.: echo 'form action=https://secure.example.com/login_process.php; method=post'; Hope this helps. Regards, Jordi. On Fri, 08 Oct 2004 15:48:52 +0100, Bruno Santos [EMAIL PROTECTED] wrote: Hello all. I have a login page where users have to authenticate themselves to access some site areas. Apache is configured to use https. the user when is typing the URL in the browser, i know that it will not put the https protocol. how can i check in the page if the user is accessing the the site via SSL ?? or i have to put a redirect in the page anyway, whether the user is alredy accessing the page via SSL? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quotes in form textarea fields
A user enters in a textarea field of FORM1.php: Bob is high Submitted to FROM2.php we get: Bob is \high\ Tha't's normal beacuse you have magic_quotes_gpc_on In a hidden field in FROM2.php we store the value: type=hidden, value=? echo stripslashes($_POST['textarea']); ? Value now Bob is high Then from FROM2.php we Submit BACK to FROM1.php and enter it back into the textarea field with: type=textarea, value=? echo $_POST['hidden']); ? we have; Bob is Well, you get that in the browser. But i'm sure that if you look to the page source, you will see something like type=textarea value=Bob is High Because of that the atribute value will end at the first closeing quotes and will show only the string to that closing quotes. You can solve this by using the htmlspecialchars() or htmlentities() functions: $APParea1 = htmspecialchars(stripslashes($_POST['textarea'])); or can be done that other way: $APParea1 = htmlentities(stripslashes($_POST['textarea'])); Choose one or other function depending of your needs. Hope this helps. Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session_save_path
For all you're talking about, It looks like your hosting provider is running PHPsuExec. So, PHP is now running as CGI and .htaccess does not work anymore to setup PHP values or flags (Will fire a 500 internal server error). Instead, you have to use a custom php.ini fle. (just write in this custom php.ini the values you need to change). I don't know where you should place the custom php.ini file, but sure your hosting provider will tell you where -or try with phpinfo()-. Also, keep in mind that PHP does not run anymore as nobody nor apache. Normally in shared hosting will use your own hosting account. Hope this helps a bit, Jordi. On Thu, 07 Oct 2004 11:25:25 -0400, Al [EMAIL PROTECTED] wrote: My virtual host eliminated the common session tmp folder which forces me to set up one in my area. I'm trying to come up with the best, considering: Custom php.ini; resisting because having to make certain it is always in sync with host's changes. Tried adding to htaccess: php_value session.save_path /www/u/username/htdoc/session Hoping it would override php.ini. Got a server error 500. Tried adding to a common functions file used by several pages: session_save_path /www/u/user/htdoc/session; and session_save_path $_SERVER['DOCUMENT_ROOT'] . /SESSION; Doesn't work, uses the path in php.ini; I'm guessing that session_save_path has to be declared on page using session stuff. That's a pain, if so. Haven't tried ini_set yet; is it a solution? Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session_save_path
You have to set the session_save_path(some_where) in all pages where you call to session_start(). And you should do it *before* calling session_start. On the manual: session_save_path() returns the path of the current directory used to save session data. If path is specified, the path to which data is saved will be changed. session_save_path() needs to be called before session_start() for that purpose. On Thu, 07 Oct 2004 14:26:39 -0400, Al Rider [EMAIL PROTECTED] wrote: Tried adding to a common functions file used by several pages: session_save_path /www/u/user/htdoc/session2; and session_save_path $_SERVER['DOCUMENT_ROOT'] . /SESSION2; Doesn't work, uses the path in php.ini. I'm guessing that session_save_path has to be declared on every page using session stuff and not just on their common function page. That's a pain, if so. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Two people working on the same app / script?
I use Subversion for that ... similar to CVS, but with new and interesting features and really easy to setup in any platform. But you can use any System to control versions and provide access to it to all developers. You can get Subversion at http://subversion.tigris.org/ Regards, Jordi. On Thu, 30 Sep 2004 09:24:24 +0100, Dave Carrera [EMAIL PROTECTED] wrote: Is there a simple solution for two or more people to work on the same php app /script without it turning into a mess of many tar / zip files with contributed additions. I want to keep it all in house, I have my own publicly available web server if that helps, so none of the online dev options are useful for us. If any of you good people have ideas or solution urls or pages for reading could you please let me know. I thank you fully in advance for any help with this Dave Carrera -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Apache 2 and php 5 compatibility
On Thu, 23 Sep 2004 10:33:54 +0200, Bostjan Skufca @ domenca.com We use php4 and php5 with apache2 on production servers without any problem (prefork MPM). I also have PHP 5 and Apache 2 running on some servers, as I need some Apache Modules that are only available for Apache 2 ... Also, I ran before PHP 4.3.5 and upper with Apache 2 and never got any problem. This is some notes found in the PHP readme file found in the Windows binaries for PHP 5.0.1: PHP and Apache 2.0.x compatibility notes: The following versions of PHP are known to work with the most recent version of Apache 2.0.x: * PHP 4.3.0 or later available at http://www.php.net/downloads.php. * the latest stable development version. Get the source code http://snaps.php.net/php4-latest.tar.gz or download binaries for Windows http://snaps.php.net/win32/php4-win32-latest.zip. * a prerelease version downloadable from http://qa.php.net/. * you have always the option to obtain PHP through anonymous CVS. These versions of PHP are compatible to Apache 2.0.40 and later. Apache 2.0 SAPI-support started with PHP 4.2.0. PHP 4.2.3 works with Apache 2.0.39, don't use any other version of Apache with PHP 4.2.3. However, the recommended setup is to use PHP 4.3.0 or later with the most recent version of Apache2. All mentioned versions of PHP will work still with Apache 1.3.x. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Extrange behavior with Header('Location')
On Mon, 20 Sep 2004 20:23:53 -0700 (PDT), Chris Shiflett [EMAIL PROTECTED] wrote: header('Location: '. html_entity_decode($url)); I would like to know if there is a better way to do it This should work fine. However, I would prefer to keep the data in its original format and only use htmlentities() when I plan to display it within HTML, leaving it unaltered otherwise. Many thanks to all. Just, the result returned by the fuinction is mainly used to creatre links in the pages, only in some very special cases will be used with the header function. Just I use the amp; entity in links because I want all my pages being validated by the W3C validator service. Thanks again, Jordi Canals -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Extrange behavior with Header('Location')
Hi all, I have seen an strange thing with the funcion Header(Location: $url) and will tell in short words. I have a method in a class wich composes an URL from the database, this method sets some extra params in the url. In this case, the function returns: /myaccount/?opt=sysamp;id=3 Note the amp; in the URL Well, with this code, the url works perfect and the amp; is going as expected redirecting to /myaccount/?opt=sysid=3 echo 'a href='. $url .'Test URL/a'; But when triying header(Location: $url); What I get is address is literally the amp; string and not the char. I supose this is because the header() function literally writes the string as new address without translating the html entities. The only solution I've found is to change the code to this: header('Location: '. html_entity_decode($url)); I would like to know if there is a better way to do it, or something else I should take into consideration. Thanks to all for reading, Jordi Canals -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] date function
On Sun, 19 Sep 2004 14:29:54 +0300, Magdy [EMAIL PROTECTED] wrote: my problem is with date( ) function which is display a GMT time which is different from my zone with 3 hours,,,how can i correct this. The date() function, gets the system current date/time if you don't pass the second parameter. So, change the system time or give the second parameter with a correct date. You can use also the mktime() function to calculate a new date/time for your zone. Not tested, but something like that could work: date('Y-m-d H:i', mktime(date(H), date(i), date(m), date(d), date(Y)); Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Variable just not Behaving Itself.
Harlequin wrote: I have the following: [SNIP] ... $Emp_Status_Rqmt=$row[Emp_Status_Rqmt]; } if( $Emp_Status_Rqmt == 'Permanent' ) { $UserStatus = 'Permanent'; } if( $Emp_Status_Rqmt == 'Contractor' ) { $UserStatus = 'Contractor'; } else { $UserStatus == 'Flexible'; $UserStatus = 'Flexible'; } [SNIP] which echoes OK until I change the value to something other than Permanent or Contractor. It simple echoes resource ID #n what's wrong with me...? the code I mean...? More easy: $Emp_Status_Rqmt=$row[Emp_Status_Rqmt]; $UserStatus = $Emp_Status_Rqmt; Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php source management
CHAN YICK WAI wrote: if a project is worked by a small team of developers, is there a tool for source and version management for php source code? e.g. check which part of source is modified! Thanks for information. Regards, Yw If you're on windows I recommend using WinCVS and CVSnt. Also, you should check for SubVersion and RapidSVN. I like them more, but have the problem taht not intergrate with as many development tools as CVS. On Linux, just check for CVS or Subversion. gCVS is also a nice interface to CVS. Regards. Jordi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Passing user entered data to DB
John Holmes wrote: $uservar = htmlspecialchars(strip_tags($uservar)); You don't need to use strip_tags _and_ htmlspecialchars()... unless you want strip_tags to get rid of such malicious and deadly content such as grin and wow. Just use htmlspecialchars(). Well, my idea was to apply both: I do not want to get any tag in the user input and prevent showing the html tags in the later output. For that I've applied strip_tags() To apply htmlspecialchars() after that Is done to convert double quotes, and ampersand to html entities. Not appliying it has two efects: Strings with quotes does not show correct in input boxes. Strings with ampersands do not pass the W3C validator. And just to convert lt and gt signs when used alones like ... 5 2. Just that are my reasons to apply both: Security and get a clean string. $securevar = (magic_quotes_gpc) ? $uservar : addslashes($uservar); $securevar = (get_magic_quotes_gpc()) ? $uservar : addslashes($uservar); $securevar = $intval($uservar); $securevar = intval($uservar); Definetly, I should not code as late as night ;) My Samples where plenty of mistakes :p Thanks for your comments, Jordi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Why do I keep getting a 501 mail error?
Brian Dunning wrote: Developing on a Windows server to be deployed on Linux. I get SMTP server response: 501 Bad address syntax. Here's my code: $mail_to = $first_name $last_name $email; On Windows Platform, You cannot use the TO address in the form Name address As it fails because the mail() function sends incorrect RCPTO headers to the SMTP server. Just send the mail with the TO, CC and BCC adresses in the form [EMAIL PROTECTED]. On Windows, your vars must be: $mailto = $email and nothing more (No name and no less or greather signs, just an email address). Take a look at PHP Bug #28038 http://bugs.php.net/bug.php?id=28038 ... and make your vote to have it solved in some future version ;) Regards. Jordi Canals -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Session Expire...
John Holmes wrote: A one hour timeout is better controlled with the session.gc_maxlifetime setting. This is the number of seconds after which an inactive session file will be deleted. No session file means no session for the user. Set this at 3600 and if the user is not active for over an hour, the next triggered garbage collection will delete the session file. Note that the time isn't 100% accurate and is dependent upon traffic. There's a 1% (by default) chance of each request that starts a session will trigger the garbage collection. If you have enough traffic, the garbage collection is triggered enough to make the one hour time limit pretty accurate. On your test server, however, where your the only one hitting the server, garbage collection will not be triggered as much and your session files will last longer. I tried that on my servers: Tested on the development server and the production server. But It does not work for me. Must say that I have to change this value by the .htaccess file, as I do not have access to the PHP.INI The manual says that session.gc_maxlifetime has a default value of 1440 (24 minutes) and can be set on PHP_INI_ALL. Well, I set session.gc_maxlifetime to 7200 (2 hours), because I need to edit some complex documents on the web. After 20/25 minutes of inactivity, my session expires. It does not follow the configured 2 hours for garbage collection. I know I'm missing something, but cannot find out what. Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Passing user entered data to DB
Hi all, I have some forms on which user must enter some data. This data is sometimes used to be inserted/updated in the database, and sometimes to query it with a SELECT. The scripts that do that, does not accept html code to be entered. I think with that we have some issues solved. My way for doing it is: Have magic_quotes_gpc = ON (Info is automatically slashed when received by the script) If magic_quotes_gpc is off at the server, I manually apply addslashes() to the entered data. Also, I pass the entered data with strip_tags() and htmlspecialchars() The code is something like that: $uservar = $_POST['uservar']; $uservar = htmlspecialchars(strip_tags($uservar)); $securevar = (magic_quotes_gpc) ? $uservar : addslashes($uservar); When the expected value is an INT, just apply intval(): $securevar = $intval($uservar); Well, I'd like to know if this can be considered secure enough to pass the $securevar to the database, or I should consider something more to be checked before. Any help or comment will be really usefull. Regards, Jordi Canals -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: php coding software
Oliver John V. Tibi wrote: in addition to brad's post, does anyone know of coding software that supports team development environments and/or a versioning server for windows? I use Zend Studio wich provides CVS integration. But I'm sure you will find some others with CVS support. If not, I will recommend you to get WinCVS wich provides a nice and easy-to-use CVS interface. (And you can get CVSnt for a Windows based CVS server). Regards. Jordi Canals -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php coding software
Brad Ciszewski wrote: Does anyone know any good software for PHP/mysql coding? I currently use DreamWeaver MX, however it doesn't have much PHP support, and no MySQL support. I just want an easy program to script in, and upload on to my webserver. Please help! :o Sorry, but you're wrong. Dreamweaver DOES have MySQL support and can connect to MySQL databases to help coding your scripts. BTW, I use Zend Studio, and If I'm not wrong, they have a personal edition for free. Regards. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Number validation
Andre wrote: Hello I need one script in PHP to validate only numbers inserted from a form. For example like a telephone number. Thanks. Well ... you can write it or if don't want to code ... perhaps searching the web could help. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Number validation again...
Andre wrote: Does exits any function in PHP to see if one string is compose for numbers. YES http://catb.org/~esr/faqs/smart-questions.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session Expiration Timeout
Hi all, I'm dealing with sessions in a project. Here people are editing some documents on-line, so it can take long, long time to complete a document. The problem is that when it takes so long to edit a page and hitting the submit button in a form, the session has expired and the user looses all the work done. I've been looking for about changing somewhere the session exiration time, but only found about the session cookie expiration. Also, all examples I've found to not get the session expired talk about creating some sort of javascript wich reloads something on a frame, iframe, etc. I've not found any information about session expiration timeout looking at the manual and searching google for many hours ... So I came here to ask about: - Wich is the default timeout for a session? And, is some way to know the expiration time for a session? - Is anyway to change the session expiration timeout? I mean a PHP parameter or function. Javascript workarounds i've found are not valid for me. BTW. Making this search I've found two interesting resources for managing data base driven sessions: An interesting tutorial: http://www.devarticles.com/c/a/MySQL/Developing-Custom-PHP-Sessions A nice class: http://codewalkers.com/seecode/463.html Best regards, Jordi Canals -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Expiration Timeout
Matt M. wrote: - Wich is the default timeout for a session? And, is some way to know the expiration time for a session? Take a look at the ini variables. http://us2.php.net/session session.gc_maxlifetime Thanks Matt. for your quick and clear answer. I've readed about it, and seen the default is 24 minutes. When readed the first time I did not associate the garbage collector with the session timeout :( Then, if I understood that correcty, the expiration time for a session is controlled by the session garbage collector. Is that correct ? Thanks again, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how to use PHP-Nuke in safe mode
Porcupine PC wrote: How can i use PHP-Nuke in this safe mode? You must try to ask this in a PHP-Nuke especific list ... But the answer is NO, cannot be used in safe mode. Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] current directory?
Justin French wrote: I've got some weirdness with files included via a symbolic link. Is there any way I can find out what directory PHP is currently trying include from? get_include_path(); Regards, Jordi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Embedded Email Directives
Curt Zirzow wrote: * Thus wrote Jordi Canals: Jordi Canals wrote: Should I filter all CR and LF Just in headers or also I should do that in the message body? (Which is sent in the SMTP DATA section). One of the things to ensure you dont do is blindly allow user entered data sending into the $headers portion of the mail() call for example: $headers = 'CC: ' . $_POST['CC'] . \r\n; The user can easily trick another 'rcpt to:' or other smtp headers into the posted CC variable. Be expecially careful if you allow any data to the 5th parameter (the one that passes arguments to sendmail). The $to and $subject lines get 'filtered' so \r \n or \t get translated to ' ', to prevent such injection. Thanks, that's just I was looking for. As I filter and check all headers, and users only can enter valid e-mail addresses (one by one), there is no possibility to enter a new RCPT TO: header. This will cause an error to the user, and the information would be discarded. Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Discussion Forum Online Chat
Vinayakam Murugan wrote: Hi We are developing a PHP / MySql based website. The requirements include a discussion forum and online chat application with open chat rooms, invited chat one-to-one chat. There are many packages which are available on sourceforge and the like. I would like the list's opinion from a programmer's point of view. The packages would need to be customized according to the client's look feel. For the chat, I use the pjirc java applet. I'ts open source and really customizable. There are some PHP samples in the FAQ area. The applet can be found at http://www.pjirc.com Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Embedded Email Directives
Jordi Canals wrote: Dennis Gearon wrote: remove carriage returns to prevent embedded email directives In an other thread, I readed that sentence. I'm interested to find more information about that. I have some mail forms and want to make them as secure and possible, but do not know about what and where should I filter. Should I filter all CR and LF Just in headers or also I should do that in the message body? (Which is sent in the SMTP DATA section). After the big threat that followed my question, just want to say a couple of things: I only wanted to know how to prevent embedded email directives sent by user, and if this directives can be found in the Headers or in the Body of message. I normally use the mail() function (In Linux) and rarely use any class to send mail. Just because all e-mail I send from a website normally is plain text with no attachments. Even sending mails in HTML had no problems if we follow the standards. The only problem I had with the function, was with a windows site and about bad header composition. I can see this is the only bug opened and assigned related to the mail function (http://bugs.php.net/bug.php?id=28038). Hope Wez will correct it some day ;) Except this case, the mail() function always worked for me. Regards, Jordi Canals -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php.net like doc pages
Ed Lazor wrote: phpNuke is also popular. And plenty of bugs and security holes ... Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Embedded Email Directives
Manuel Lemos wrote: Hello, On 07/15/2004 10:25 PM, Jordi Canals wrote: remove carriage returns to prevent embedded email directives Should I filter all CR and LF Just in headers or also I should do that in the message body? (Which is sent in the SMTP DATA section). Anyway, you may want to take a look at this SMTP class to check how it filters message lines sent by SMTP: http://www.phpclasses.org/smtpclass Thanks, Really this class will be really usefull. Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP upgrade... issues???
[EMAIL PROTECTED] wrote: This email is sent to inform you that we'll upgrade the PHP version on your server to the latest stable version 4.3.8 within the next hour. = Are there any issues that I need to panic about...? Don't worry about, I'm sure you will have any problem as it only fixes some security bugs. Mine is upgrading today alto to 4.3.8 (From 4.3.7), and before where many, many upgrade versions. My only problem is that I cannot test pages on my preview server, during this time. My only worry is my pub being opened to have a beer with friend ;) Regards, Jordi Canals -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Encrypting passwords from page to page -mcrypt question
Scott Taylor wrote: I would like to go from page to page, submitting the password through a GET query string. Of course I wouldn't want to do this unencrypted. So is mcrypt the best option? I think to submit the password on the query string is a really bad idea. What will happend if a user decides to mail the URL to someone? Any recipient of that message would have access to the password protected data. In my opinion, passwords NEVER should be sent to the client computer in any form (encrypted or not). I will recomend to find a different way to authenticate the user on every page wich does not require sending him the password. Regards, Jordi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Embedded Email Directives
Dennis Gearon wrote: remove carriage returns to prevent embedded email directives In an other thread, I readed that sentence. I'm interested to find more information about that. I have some mail forms and want to make them as secure and possible, but do not know about what and where should I filter. Should I filter all CR and LF Just in headers or also I should do that in the message body? (Which is sent in the SMTP DATA section). Thanks, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Email, Hotmail and PHP?
[EMAIL PROTECTED] wrote: Indeed... who doesn't enjoy a brief break to see what's happening in their world? I ended up using 'hail' (http://www.hailware.com/) As far as I can tell, it doesn't allow attatchments... Spending lunch hour checking personal mails... who can honestly admit that it never happens? Do it in some countries (like mine), and you probably will be fired. Put a network in a risk by using this kind of scripts and sure you will be fired... Do it in a network I manage, and sure you will be fired. So ... be really carefull, administrators block sites for some reason. And don't forget to ask for the Terms of Use about your work computer. Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] FW: NO SUCH ADDRESS
Ed Lazor wrote: Am I the only one getting these every time I post to the list? Everyone is getting it. But we cannot know wich address is giving back this message, as it is not reported. Just we know the domain it comes from. I've already added that domain to my spam list and forgot lazy people who does not unsubscribe from the list. Regards, Jordi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] stripslashes() when reading from the DB
Hi, I usually stripslashes() when I read the info from the database (MySQL). Because the information was inserted after adding slashes, or the system has magic_quotes_gpc set to ON. I'd like to know, if I can do stripslashes() directly, as it is suposed that all data was inserted into DB after slashing the vars. I mean, should I check or not before if magic_quotes_gpc are on ? As I know, magic_quotes_gpc has nothing to do with info readed from the DB, as it only affects Get/Post/Cookie values. I think to make a check like this: $result = mysql_query(SELECT ); $row = mysql_fetch_assoc($result); foreach ($row as $key = $value) { $row[$key] = stripslashes($value); } But not sure if it really necessary, as i'm getting some confusing results. Any help will be welcome Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to use multiple cookie statements
Ronald The Newbie Allen wrote: aHere is my code... ? setcookie(cookie[name],$_POST['name'], time()+86400) setcookie (cookie[email],$_POST['email'], time()+86400) setcookie (cookie[bgcolor],$_POST['bgcolor'], time()+86400) setcookie (cookie[tcolor], $_POST['tcolor'], time()+86400) ? I have to use cookies, since I am taking a class and it dictates that we use cookies, but I can't email my instructor since she never responds. So how do I use a cookie to record multiple values? Help would be appreciative.a As the standard says, 1 cookie = 1 value, no way to have more than one value in a cookie. But you can think about some workarounds, a quick example just to give you an idea: $cookie = implode(':', $array) Here you will have all values from the array in the cookie, and using : as a separator. To reverse the values: $values = explode(':', $cookie) and here you will have all values in the array $values, starting with index 0. Of course, in this way you can only set values, not the array keys. Look in the manual for implode() and explode() and see if is usefull for you. Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] stripslashes() when reading from the DB
Philip Olson wrote: I usually stripslashes() when I read the info from the database (MySQL). Because the information was inserted after adding slashes, or the system has magic_quotes_gpc set to ON. To add further comment. If you're required to run stripslashes() on data coming out of your database then you did something wrong. Your code would have essentially looked like the following before insertion: Wow, here where just my mistake :p I have magic_quotes_gpc at ON and I do not use addslashes. I use a custom .htaccess file to ensure magic_quotes_gpc are ON ... But in a class used to create the forms, there is a striplashes(), so the extrange I've seen. Removed stripslashes from the function, solved the problem. Just have to work to see how manage the form when data comes from a previos post (Which have slashes) or comes from DB (Which have NOT). Thanks to all to help me to clarify this point. Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: User Logon Procedure Fails
Curt Zirzow wrote: $userid = (int) $_POST['TXT_UserID']; $sql = ... WHERE UserID = $userid; Seing that I have a question around. Most cases I validate the $userid by using the function inval() in that way: $userid = inval($_POST['TXT_UserID']; $sql = ... WHERE UserID = $userid; I thinkl that in both cases (Curt and mine) results are the same, and $userid will get the digits from the begining of $_POST['TXT_UserID'] to the first non digit char. I made this test: ?PHP $value = intval($_GET['val']); echo value: $value br; $value = (int) $_GET['val']; echo value: $value br; ? Then I passed on the GET, different values: - ?val=me123// Displays 0 in both cases as expected. - ?val=123me// Displays 123 in both cases. - ?val=12me3// Displays 12 in both cases. - ?val=46.5 // Displays 46 in both cases. Just my questions: Are I correct assuming that the both aproaches give always the same result? Which one is more polite and/or correct to filter the user data? and faster ? Thanks in advance, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Problem with session on first page loaded
Hi all, I have an extrange problem with the session cookie: In all my pages there I have this two lines to start the session: session_name('jcwse'); session_start(); When I access my website, at any page, everytyhink works OK, and the session cookie is set with no problem except for links. In the fist page I aceess, all links are appended with the session ID. I mean that in every link, the ?jcwse=da22311212 ... is appended. This occurs just on the load of first page (not any else). If I reload the page, then links are formed correctly with no session ID (And sessions works perfect). This problem only arises on my ISP hosting (Linux+Apache 1.3) and does not show on my devel computer (Windows+Apache 2.0). I've been searching the manual, but found no explanation about that. Any help will be really welcome. Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with session on first page loaded
Jordi Canals wrote: This problem only arises on my ISP hosting (Linux+Apache 1.3) and does not show on my devel computer (Windows+Apache 2.0). I've been searching the manual, but found no explanation about that. Sorry forgot it: The two platforms run PHP 4.3.7 Thanks again, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with session on first page loaded
Angelo, thanks for your comments. session_name must go before session_start. I think register_globals has nothing to do with session cookies. I always work with register_globals = off as recommended. About the cookie params (In PHP.INI) I checked them on the two platforms with phpinfo() and are exactly the same. I'm relly lost with this issue. It is not a browser problem, because browsers are accepting (and saving) the cookies. I tested it with Firefox, MSIE and Mozilla, and always have the same issue. Why the first page loaded, and only the first one, passes the session ID on the URL? I think perhaps could be something related with the system trying to read the cookie on the same page that first created it. But don't find a way to solve it. Thanks for your time, Jordi. Angelo binc2 wrote: shouldn't session_start() come first? also remember that your devel computer might have different settings in the PHP.ini file to that of your ISP, probably register_globals is set to off. I would check it. HTH Angelo Jordi Canals [EMAIL PROTECTED] 7/2/2004 11:14:28 AM session_name('jcwse'); session_start(); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with session on first page loaded
Lars Torben Wilson wrote: About the cookie params (In PHP.INI) I checked them on the two platforms with phpinfo() and are exactly the same. Was your binary compiled with --enable-trans-sid? If so, I imagine the explanation would be something along the lines that because the session manager doesn't know whether you have cookies enabled until it gets a cookie back, it uses trans_sid. On the second page view, it gets a cookie, and starts using cookies instead. Thanks Torben, The binary is not compiled with --enable-trans-sid. But I've seen that the ISP changed a param in the PHP.INI, and they changed session.use_trans_sid setting it to 1. I tested setting it on my devel computer and really now the problem reproduces here :) So I think this could be really the problem. Now I should talk to the provider to not set this parameter to ON by default, because the security risk on it (As stated on the manuals). On the sessions manuals, says that this parameter can only be set on PHP_INI_SYSTEM and PHP_INI_PERDIR, but in the ini_set() manual says it can be set in PHP_INI_ALL. I think the first is correct and the second is not as I tried setting it with ini_set with no result. I cannot understand this change from the provider as it is a security risk as the comments in PHP.INI says: ; trans sid support is disabled by default. ; Use of trans sid may risk your users security. ; Use this option with caution. ; - User may send URL contains active session ID ; to other person via. email/irc/etc. ; - URL that contains active session ID may be stored ; in publically accessible computer. ; - User may access your site with the same session ID ; always using URL stored in browser's history or bookmarks. Thanks for your valuable help. Now *I've seen where the problem is*, and I can look for a solution. Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Header or includes for one-level up access?
Andre Dubuc wrote: I thought a simple re-direct page might do the trick. I've tried three methods: the header approach header(location: ../conn-up.php); an absolute header: header(location: /vhome/conn-up.php); and an include approach: include(../conn-up.php); Te header methods will not work. You need to access directly the filesystem in order to include a file. Cannot do it by URL. The third aproach perhaps could work, not sure. But I would test to things (I assume conn.php is on your site root) : 1. Check the user running the web server hsa permisions to read on the directory the file is located. 2. Try an absolute path to the file. Perhaps it will not permit portability, but for test purposes could help. On conn.php you could try: include(/vhome/conn-up.php); If it does not work, problably is a permissions problem. 3. For portability, and when you have been able to include the file as said in point 2. You could do in conn.php something like: $conn_dir = dirname(dirname(__FILE__)); // Gives parent dir include($conn_dir . 'conn-up.php'); 4. Could set the path to de directory including the file with set_include_path(); and then include just by name: $mypath = get_include_path() . PATH_SEPARATOR . /vhome; set_include_path($mypath); Hope this can help to investigate a bit more on your problem. Regards, Jordi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] multiple php.ini
Vincent DUPONT wrote: We need to install one windows 203 server with various versions of the same application. The versions will be held in disticnt web sites on this server. In order to point to the different application versions, I need to point the include_path to the right php scripts (in distinct folder by version) I believed it was possible to set up one php.ini file for every web site, even on the same machine. However, I can't find any informlation about this. PHP runs the default web site with php.ini in c:\windows The version1 website also runs the php.ini included in c:\windows I added a php.ini with a new include_path in the document root of version1 site, but this had no effect : the include_path remains the same... We run PHP as a ISAPI module. If you know one solution, please answer. For this purpose, you can use set_include_path() at the start of your files. I have it on a common included file, and then I include this file in all scripts, so the include_path is always set in runtime. Hope this helps, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: file knowing its own directory
Red Wingate wrote: the magic constant __FILE__ will give you the absolut filesystem location of the file it is called. Eg: /home/www/tests/foo.php - ?php echo __FILE__ ; ? will print: '/home/www/tests/foo.php'; to retrieve the path only you could do: /home/www/tests/foo.php - ?php echo str_replace( basename ( __FILE__ ) , '' , __FILE__ ); ? I think could be easier with dirname(__FILE__) Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CAUTION FRAUD: IMPORTANT MASSAGE FROM THE BANK
Some time ago, I was working for a governement departament, and I asked about this kind of messages. The answer was clear and explicit: This kind of message are a FRAUD (I don't now how they do the fraud) and are investigated and are INVESTIGATED and PERSECUTED by the Spanish Police in collaboration with INTERPOL. So, the advice of the police here is to NOT believe any line of it and redirect the message to the nearest police department in your country. Davies Harries wrote: FROM:Mr DAVIES HARRIES bills and exchange director GUARANTY TRUST BANK PLC Email:[EMAIL PROTECTED] Fax No:14134519233 [Rest of message deleted] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Problem with number_format
Martin Geisler wrote: My PHP manual (from a Debian package) has the following note on the page for round(): Caution When rounding on exact halves round() rounds down on evens and up on odds. If you want to always force it in one direction on a .5 (or .05 in your case) add or substract a tiny fuzz factor. The reason behind rounding half the values down and the other half up is to avoid the classical banking problem where if you always rounded down you would be stealing money from your customers, or if you always rounded up you would end up over time losing money. By averaging it out through evens and odds you statistically break even. I'm surprised with this note on manuals. I do not know in other places, but in the European Union there are laws and directives that obligates to always round to 5/4 in currency operations (Specially on Euro Conversions). It means that 5 and above rounds always up, anything bellow 5 rounds always down. So, 0,655 must round to 0,66 and 0,654 must round to 0,65. In this case, nothing to do: It is the law. And ... the funny note on laws (almost on spanish laws) says that computer programs wich round in a different way are not considered valid reasons to not round as stated above. Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: test
Sherri wrote: Woah! Signed up litterally 1 minute ago and I'm already getting spam. From Advance Credit Suisse Bank Just wait. There are some more waiting for you ;) You should receive the Information Desk and Ingram Computer Services mails yet. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cpanel accounting library
Burhan Khalid wrote: Jordi Canals wrote: Hi all, Cpanel is a control panel to manage accounts for ISP's (And espcially ISP's resellers). I knnow there is some librarys to directly manage the accounts from PHP-Scripts and I got some very small and undocummented samples. I'm working on some scripts to manage the accounts directly from PHP (Scripts will be GNU/GPL licensed). I haven't found good examples for this, but I have written a cpanel class that provides methods to query cpanel accounting information. Sample methods : userExists fetchUser listUsers setCredentials and the usual kill(), suspend(), etc. I had planned on polishing it and submitting it to PEAR, but I haven't found the time to do so. Let me know if you need any specific functionality, and I can just paste that snippet for you. I've got the script suplied by cPanel. Is not much to see there, but at least I have the parameters to call the functions and could understand a bit how it works. With that, I can start making some tests and make some samples to work. At this moment I'm a bit busy in other projects, so I will test it as time permits... What I need is basically to automate the account creation and cancellation, nothing more, nothing less :) Don't forget to post a notice when you submit your class to PEAR ;) Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Cpanel accounting library
Hi all, Cpanel is a control panel to manage accounts for ISP's (And espcially ISP's resellers). I knnow there is some librarys to directly manage the accounts from PHP-Scripts and I got some very small and undocummented samples. I'm working on some scripts to manage the accounts directly from PHP (Scripts will be GNU/GPL licensed). After STFW, I've not found any good documentation on it, just the short samples on http://www.cpanel.net/remoteaccess-php.html At this moment, I have access to some servers with the accounting libs installed, but I have no access to the fonts (Which could help to make it work). If anyone can post a link where to find good docs about this cpanel lib, and, if possible the source code for it, it will help me so much. Thanks in advance Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CONSTANTS and good coding practice
Al wrote: Can someone explain to me the value of using defined custom constants, in the context of good coding practice. I don't recall ever seeing define() used in the scripts I've seen and only the characteristics are described in the my php book and the php manual; but, not the use. Talking about constants. I've seen the most scripts and web pages, (like some Open Source projects) They declare the database access values as vars not constants. I mean Username, Password, DataBase Name or Host. In my point of view, this info is always constant on the script life, so it will be better to declare it as constants not as vars. I normally declare as constants anything that will not change in the scripts life. Parhaps can change from one installation to another, but no more. Specially if I'm not completly sure that the value is correct for my purposes, I prefer to declare a constant and not directly write the value everywhere. It makes me easier to read and remember, and easier to change in future if I need it. For example, I think that : if ($user_level == USR_LEVEL_WEBMASTER) { // do stuff } is a lot easier to read and to imagine what we are looking for than: if ($user_level == 255) { // do stuff } Another way I use constants is when I want to pass to a function a sum of options. In this case imagine that function (Perhaps inside a class): function draw_box($options) { // do stuff } and this constants: define('BOX_DRAW_BORDER', 1); define('BOX_FILL_BACKGROUND', 2); define('BOX_SHOW_TITLE', 4); define('BOX_MAKE_LINKS' 8); Then, I can call the function like this: $box_options = BOX_DRAW_BORDER + BOX_FILL_BACKGROUND + BOX_MAKE_LINKS; draw_box($box_options); Finally, I normally use constants to declare all literal values that must be shown in the users browser. This is a need for me, beacuse in my country (Catalunya) we are bilinguals, and I have to be able to show literals in one or other language depending on the preferences. This makes scripts translation more easy, because I have all strings in one (or two) file. I think, we should use constants always when we have a constant value (wich not will change on scrits' life). Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [PHP-ES] Proyecto GPL
Manuel González Noriega wrote: El vie, 21-05-2004 a las 19:12, Jordi Canals escribió: Queria comentar sobre un pequeño proyecto que tengo en mente: sería interesante que comentaras la motivación detrás del proyecto. ¿Ves carencias que solucionar en proyectos ya equivalentes a tu idea como PEAR o las librerias Ez? ¿Simplemente por aprender? Anque la idea la estoy madurando todavía, las motivaciones que me hacen pensar en ella son bastante simples ;) La primera es un tema de convicción ... si yo aprovecho el código que otros facilitan en la red en numerosos proyectos, me parece razonable, que los que hemos aprovechado en algun momento parte de ellos, tambien contribuyamos a la filosofia del código libre. La segunda, es la construcción de un CMS. Haberlos haylos, pero cada uno con su punto de vista, sus cosas buenas y otras no tanto. Recopilando y trabajando en ello, se podria contruir como mínimo una estructura básica para la creación de sitios dinamicos. Me refiero a algo del estilo del bien conocido PHP-Nuke (Por poner un ejemplo), pero con otra filosofía y otros enfoques. Un saludo, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cpanel accounting library
Travis Low wrote: Jordi Canals wrote: I'm working on some scripts to manage the [cpanel] accounts directly from PHP (Scripts will be GNU/GPL licensed). After STFW, I've not found any good documentation on it, just the short samples on http://www.cpanel.net/remoteaccess-php.html I haven't found anything more detailed on their site. I just ended up looking at the scripts themselves. They are just wrappers around the scripts that are part of the cpanel installation. If you find more documentation, I'd love to know about it. At this moment, I have access to some servers with the accounting libs installed, but I have no access to the fonts (Which could help to make it work). I didn't have to do anything with the fonts. What problems are you having? If anyone can post a link where to find good docs about this cpanel lib, and, if possible the source code for it, it will help me so much. Here's a snippet: # cpanel idiotically outputs html rather than # programmatically-useful error codes. Thus, we have to manipluate # the output before and after calling cpanel function. flush(); ob_start(); # You can get the $cpkey from the WHM. The rest are yours to fill in. createacct( localhost, root, $cpkey, 0, $domain, $acctuser, $acctpass, packagename ); ob_end_clean(); # Now we check after the fact to see if account was created. # This is a VERY WEAK test, needs improvement. $accounts = listaccts( localhost, root, $cpkey , 0); $keys = array_keys( $accounts ); $account_found = NULL; for( $i = 0; $i count( $keys ); $i++ ) { if( in_array( $domain, $accounts[$keys[$i]] ) ) { $account_found = TRUE; break; } } There are a few gotchas with this API. For one thing, createacct() always returns the string Account Creation Complete no matter if the account was created or not. You have to verify the creation some other way. For another thing, the createacct() function writes directly to the output stream. So all of the stuff you see when you create an account the normal way (using the Cpanel web interface) will be displayed unless you stop it. That's what the flush() and the ob_* stuff does. If you find more information, that would be great. We can trade notes. Thanks for your comments. At the moment I've just made a couple of tests, and my main problem is where fo find some info about it to be sure I will manage in the correct way. I will continue looking for any document. It's not an urgent matter because is for a long time project ;) Thanks again, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cannot Get Session Variables nor Global variables to work
You need to place session_start() at the top of test2.php. If you use session_start, you should not use using session_register(), just use $_SESSION. From Manual: If you are using $_SESSION and disable register_globals, do not use session_register(), session_is_registered() and session_unregister() Globals are limited to the scope of current script and do not carry the values betwen pages. You cannot pass values betwen scripts using globals. Use $_SESSION or cookies if you do not want to use get or post variables. Take a look at: http://www.php.net/manual/en/function.session-start.php http://www.php.net/manual/en/ref.session.php http://www.php.net/manual/en/language.variables.scope.php Regards, Jordi. Joe Carr wrote: Help. I am missing a MAJOR aspect of using either Session variables or global variables. I am trying to set one variable on one page, and read it on the other _without_ sending any information in the query string. Here is the code for the two pages : test1.php : ?php session_start(); // Different methods of setting a SESSION variable : if (!isset($_SESSION[count])) { $_SESSION[count] = 0; } else { $_SESSION[count]++; } echo $_SESSION[count]; session_register('var2'); $var2=testing; // Trying to use a global variable global $help; $help = howdy; $GLOBALS['help2']= howdy again; print_r($GLOBALS); ? a href=test2.phpstep 2/a and test2.php looks like this: ?php //$GLOBALS['help']= $_REQUEST['id']; print_r($_SESSION); print_r($GLOBALS); echo COUNT=. $_SESSION[count]; echo HR; echo HELP=. $GLOBALS[help]; echo HELP2=. $GLOBALS[help2]; ? On test2.php, each of the echo statements indicate that the variables have not been defined. I've read many posts which indicate that I should pass the PHPSESSID through the query string, but when I look at the PHPSESSID in the global array printed it is the same on both pages. I cannot seem to have access to either session nor global variables outside the context of one page. Any assistance would be fascinatingly appreciated. Thanks... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Methods for instatiating an object
Hi all, It is not a big issue, but that is something that I never had clear. I've been looking at the manual and found no answer, so I will ask with an example: When instantiating an object, I could do it in two different ways: A) $object = new MyClass; B) $object = new MyClass; I cannot understand the exect difference betwen the two methods. Because there is not yet an object, the second example does not return a reference to an existing object. I think perhaps the diference is: 1) In case A, PHP creates a new object and returns a Copy of this new object, so really I will have the object two instances for the object in memory ... 2) In case B, PHP creates a noew object and returns a reference to this newly created object. In this case there is only one instance of the object. Does it works that way? If not, What is exactly the difference? TIA, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Methods for instatiating an object
Rudy Metzger wrote: It is as you say. The problem is normally negligible, but makes a big difference if there is alot done in the constructor of the object (e.g. scanning a huge file for certain strings). Then this will slow things down. This however is solved in PHP5. Thanks to all for your answers. They have been so clear. I think it's interesting to know how that works. Knowing only that it works, some times is not enought. ;) Thanks again, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php