2006/5/30, Philip Thompson [EMAIL PROTECTED]:
?
if ($subPage = $_GET['page'])
include ($subPage);
?
Are you checking what the user is sending inside $_GET['page']? If not, your
system is vulnerable to a remote file injection.
Yes, I do tests to make sure that the file actually exists and what
not. I have just simplified my code for this example
~PT
On May 30, 2006, at 11:27 AM, Martin Alterisio wrote:
2006/5/30, Philip Thompson [EMAIL PROTECTED]:
?
if ($subPage = $_GET['page'])
include ($subPage);
?
Are
Philip Thompson wrote:
As you can see, by the time that index.php includes the subpage, it
has already outputted HTML. According to using the header() function,
you are not allowed to output any HTML *before* using header().
However, I am doing this and it is redirecting fine.
I have
Ok, I have modified my code a little bit. Stut, yes, output buffering
was on by default (4096). I *think* this will work. It appears to be
the same as before - still redirecting appropriately:
!-- index.php --
? ob_start(); ?
html
head.../head
body
?
include ($subPage);
ob_end_flush();
?
As you can see, by the time that index.php includes the subpage, it
has already outputted HTML. According to using the header() function,
you are not allowed to output any HTML *before* using header().
However, I am doing this and it is redirecting fine.
You can also always use the old
Philip Thompson wrote:
Ok, I have modified my code a little bit. Stut, yes, output buffering
was on by default (4096). I *think* this will work. It appears to be
the same as before - still redirecting appropriately:
!-- index.php --
? ob_start(); ?
html
head.../head
body
?
include ($subPage);
On May 30, 2006, at 12:52 PM, Stut wrote:
Philip Thompson wrote:
Ok, I have modified my code a little bit. Stut, yes, output
buffering was on by default (4096). I *think* this will work. It
appears to be the same as before - still redirecting appropriately:
!-- index.php --
? ob_start();
Philip Thompson wrote:
On May 30, 2006, at 12:52 PM, Stut wrote:
Philip Thompson wrote:
Ok, I have modified my code a little bit. Stut, yes, output buffering
was on by default (4096). I *think* this will work. It appears to be
the same as before - still redirecting appropriately:
!--
Philip Thompson wrote:
I was under the impression that if ob_end_flush() was not called, then
there would be a memory leak. Is this not the case?
No, it's not. All output buffers are flushed in the reverse order of
opening when the script ends.
From http://us3.php.net/ob_start :
Output
Your theory is wrong.
The correct answer is that somebody turned output_buffering ON in
php.ini (or .htaccess) so the output is not really sent until the
script finishes (up to 4096 chars).
On Tue, May 30, 2006 11:08 am, Philip Thompson wrote:
Hi all.
I have a site where I include pages
On Tue, May 30, 2006 1:21 pm, Philip Thompson wrote:
On May 30, 2006, at 12:52 PM, Stut wrote:
Philip Thompson wrote:
Ok, I have modified my code a little bit. Stut, yes, output
buffering was on by default (4096). I *think* this will work. It
appears to be the same as before - still
On Sat, April 22, 2006 10:15 am, Todd Cary wrote:
if ($send)
header(location: mypage.php?message= . $message);
the data ($message) is passed in the URL. Is there a way to pass
the data as though it was a POST method i.e. not in the URL?
Without copying and pasting a lot of bits and
On Tue, April 25, 2006 2:12 am, Richard Lynch wrote:
I left out some steps...
1. Writes a bunch of data to hard drive in $_SESSION
Or to your db, which ends up on your hard drive anyway, most likely.
Okay, this bit could get real complicated and picuyane, but let's just
agree that it uses up
Richard Lynch wrote:
If you are doing your sanitization/filtering/validation correctly, you
shouldn't even be READING $_POST after the first 3 lines of your PHP
code anyway. (Okay, maybe first 10 lines.)
The same goes for $_GET data also.
The longer you use header(Location: ...) the more
On Tue, 2006-04-25 at 13:47, Stut wrote:
Richard Lynch wrote:
If you are doing your sanitization/filtering/validation correctly, you
shouldn't even be READING $_POST after the first 3 lines of your PHP
code anyway. (Okay, maybe first 10 lines.)
The same goes for $_GET data also.
The
On Tue, April 25, 2006 12:47 pm, Stut wrote:
As long as we're throwing foreign money into the ring, I'd just like
to
say that I make a point of redirecting to another page after a post
request, otherwise you get unsightly errors in the browser when the
user
tries to use the back/forward
Richard Lynch wrote:
On Tue, April 25, 2006 12:47 pm, Stut wrote:
As long as we're throwing foreign money into the ring, I'd just like
to
say that I make a point of redirecting to another page after a post
request, otherwise you get unsightly errors in the browser when the
user
tries to use the
On Tue, April 25, 2006 4:47 pm, Stut wrote:
3b) User clicks on a normal link, goes to another page then hits
back...
user sees an evil-looking and unexpected question asking whether to
resubmit the form values. Most users I know will hit OK because they
don't understand it. This is bad, form
Todd Cary wrote:
If I use
if ($send)
header(location: mypage.php?message= . $message);
the data ($message) is passed in the URL. Is there a way to pass the
data as though it was a POST method i.e. not in the URL?
Todd
you should look into using sessions to store the data maybe?
As
Todd Cary wrote:
If I use
if ($send)
header(location: mypage.php?message= . $message);
the data ($message) is passed in the URL. Is there a way to pass the
data as though it was a POST method i.e. not in the URL?
probably, but I don't know how off the top of my head.
look into using
Where's Chris when we need him? I would be interested in also hearing his
thoughts here too.
Jochem Maas [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Todd Cary wrote:
If I use
if ($send)
header(location: mypage.php?message= . $message);
the data ($message) is passed in
Jochem Maas wrote:
Todd Cary wrote:
If I use
if ($send)
header(location: mypage.php?message= . $message);
the data ($message) is passed in the URL. Is there a way to pass the
data as though it was a POST method i.e. not in the URL?
probably, but I don't know how off the top of my
M. Sokolewicz wrote:
Jochem Maas wrote:
Todd Cary wrote:
If I use
if ($send)
header(location: mypage.php?message= . $message);
the data ($message) is passed in the URL. Is there a way to pass the
data as though it was a POST method i.e. not in the URL?
probably, but I don't know
Ross wrote:
Is it possible to send variables using header() ?
I have tried variations on the theme
header ('Location: email_confirm.php?email=$email);
but nothing seems to work.
I don't know what you tried, but the above results in parse error. Try:
header (Location:
try this
header(Location: email_confirm.php?email=.$email);
exit();
Angelo Zanetti
Z Logic
www.zlogic.co.za
[c] +27 72 441 3355
[t] +27 21 469 1052
Ross wrote:
Is it possible to send variables using header() ?
I have tried variations on the theme
header ('Location:
Just have it echo, example:
echo meta http-equiv=\refresh\
content=\0;url=http://192.92.0.248/company_search/admin/admin2.php\;;
On Fri, 2003-06-27 at 09:03, Gary Ogilvie wrote:
If I attempt to direct the user to a url with in a if statement using a
header I get the following error message:
I didn't realise you could use echo to run a URL. Thanks for your help
:)
-Original Message-
From: Adam Voigt [mailto:[EMAIL PROTECTED]
Sent: 27 June 2003 14:08
To: Gary Ogilvie
Cc: 'PHP General'
Subject: Re: [PHP] Using header in if statement
Just have it echo, example:
echo meta http
[mailto:[EMAIL PROTECTED]
Sent: 27 June 2003 14:08
To: Gary Ogilvie
Cc: 'PHP General'
Subject: Re: [PHP] Using header in if statement
Just have it echo, example:
echo meta http-equiv=\refresh\
content=\0;url=http://192.92.0.248/company_search/admin/admin2.php\;;
On Fri, 2003-06-27 at 09
I don't know if this is the best way or not, but I just use the
following function to send Excel headers, then just create your page as
a normal HTML table. Excel will take the HTML table and create a
spreadsheet with it.
##
#
# Creates headers to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
* and then baldey_uk declared
Can someone tell me how to use the header function? Can i use it with
relative URLs for example:
header (Location:index2.php);
Have you tested it?
Come on, took me all of a minute and a half to try it out :-)
: [PHP] using header ();
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
* and then baldey_uk declared
Can someone tell me how to use the header function? Can i use it with
relative URLs for example:
header (Location:index2.php);
Have you tested it?
Come on, took me all of a minute
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
* and then baldey_uk declared
Yes i have tested it thats why i am asking, as it is not working either way
for me, it just stays on the same screen but blanks the previous output to
the page.
Weird, works fine for me. Let's see the code.
-
]]
Sent: 11 May 2002 12:07
To: Php-General
Subject: Re: [PHP] using header ();
* and then baldey_uk declared
Can someone tell me how to use the header function? Can i use it with
relative URLs for example:
header (Location:index2.php);
Have you tested it?
Come on, took me all
PROTECTED]]
Sent: 11 May 2002 12:15
To: PHP-General
Subject: Re: [PHP] using header ();
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
* and then baldey_uk declared
Yes i have tested it thats why i am asking, as it is not working either
way
for me, it just stays on the same screen but blanks
On Saturday 11 May 2002 19:20, baldey_uk wrote:
Here ya go:
Basically im trying to update details in a database, after the new details
are put into a form they are printed to the screen with a 'are the details
correct' scenario. From there if they click 'no' i want them to be put back
to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
* and then baldey_uk declared
#if not we need to keep the customer_id and quantity and start again
case no :
echo 'INPUT type=hidden name=txtJars value='.$quantity.'INPUT
type=hidden
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
* and then Jason Wong declared
... if you use a header() you cannot output anything beforehand. See manual.
Oh, yeah, missed that one :-)
- --
Nick Wilson // www.explodingnet.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6
On Sat, 11 May 2002, baldey_uk wrote:
Basically im trying to update details in a database, after the new details
are put into a form they are printed to the screen with a 'are the details
correct' scenario. From there if they click 'no' i want them to be put back
to the updateaddress.php page
More than likely not. Putting an exit statement after a header redirect
is just good practice and ensures that nothing gets executed after
redirecting.
Mike
Don wrote:
Hi,
I have a PHP script that uses the following code to redirect to a page of the user's
choice:
header(Location:
39 matches
Mail list logo