php-general Digest 8 Jul 2008 12:55:48 -0000 Issue 5557

Tue, 08 Jul 2008 05:58:13 -0700 

php-general Digest 8 Jul 2008 12:55:48 -0000 Issue 5557

Topics (messages 276421 through 276430):

Re: PHP's mail(): proper way to send a 'From' header
        276421 by: Chris

Re: Looking for a reasonable explanation as to why $_REQUEST exists
        276422 by: mike
        276424 by: Daniel Brown
        276426 by: Jochem Maas

Re: Question before I end up writing alot of extra code...
        276423 by: Chris

Re: Multiple words str_shuffle
        276425 by: Jochem Maas
        276427 by: Jochem Maas

php my admin
        276428 by: Karl James

Re: Session variables disappear (some of them only)
        276429 by: karma

Re: How to enable php-mysqli on linux
        276430 by: Kapil Kapil

Administrivia:

To subscribe to the digest, e-mail:
        [EMAIL PROTECTED]

To unsubscribe from the digest, e-mail:
        [EMAIL PROTECTED]

To post to the list, e-mail:
        [EMAIL PROTECTED]


----------------------------------------------------------------------
--- Begin Message --- 
> <?php
> 
> $to = "[EMAIL PROTECTED]";
> 
> $from = "[EMAIL PROTECTED]";
> 
> $subject = "This is a test!";
> 
> $body  = "\tThis is a test email.\n";
> $body .= "That is all.";
> 
> $headers  = "From: ".$from."\r\n";
> $headers .= "Reply-To: ".$from."\r\n";
> $headers .= "X-Mailer: ".basename(__FILE__)."-PHP/".phpversion()."\r\n";
> $headers .= "Return-Path: ".$from."\r\n";
> 
> mail($to,$subject,$body,$headers,'-f'.$from);
> ?>
> 
>     Note the fifth parameter passed to mail():
> 
>         http://php.net/mail
> 

And also note that the 5th parameter is an email address only.. Don't do
something like:

<?php

$from = "Me <[EMAIL PROTECTED]>";

and try to use that as the 5th parameter, it won't work.

-- 
Postgresql & php tutorials
http://www.designmagick.com/

--- End Message ---
--- Begin Message --- 
On 7/7/08, Eric Butera <[EMAIL PROTECTED]> wrote:

> You asked for an explanation.  I was just stating that is how I've
> seen some people write apps.  I've also stated that isn't how I write
> them either.  I use something along these lines:

This is true. I really wanted to ask the internals folks first, to see
how it came up. I mean, if there wasn't the option available, people
would figure out a way to do it (probably one of the two ways I was
showing before)

The problem is, the cat's out of the bag now and a lot of people are
just being lazy (in my mind) especially those who are used to ASP's
Request.Value() which unfortunately is a lot of our developers at
work. They don't have a real good background as to the difference
between POST vs GET and even how the web works it seems.

That's why in the library I've created for us to use, I unset() it
before it's usable. Most third party software works okay too - off the
top of my head we've got Pligg, WordPress, MediaWiki all using hooks
into my library - a couple I did have to do a $_REQUEST =
array_merge($_POST, $_GET) on, unfortunately.

--- End Message ---
--- Begin Message --- 
On Mon, Jul 7, 2008 at 8:08 PM, mike <[EMAIL PROTECTED]> wrote:
>
> The problem is, the cat's out of the bag now and a lot of people are
> just being lazy (in my mind) especially those who are used to ASP's
> Request.Value() which unfortunately is a lot of our developers at
> work. They don't have a real good background as to the difference
> between POST vs GET and even how the web works it seems.

    Then the question isn't really "why $_REQUEST exists," but rather,
"why do these folks have jobs?"  :-\

-- 
</Daniel P. Brown>
Dedicated Servers - Intel 2.4GHz w/2TB bandwidth/mo. starting at just
$59.99/mo. with no contract!
Dedicated servers, VPS, and hosting from $2.50/mo.

--- End Message ---
--- Begin Message --- 
Daniel Brown schreef:

On Mon, Jul 7, 2008 at 2:47 PM, mike <[EMAIL PROTECTED]> wrote:

I don't see why if you -know- you need $_COOKIE['username'] someone
would be lazy and use $_REQUEST['username']


    That's the point --- it's intended as a fallback where you *don't*
know the method that will be used, or if you want to be lackadaisical
with your code (which, as we all know, is HIGHLY unrecommended).

    So if you are an application service provider (ASP) who, perhaps,
runs a simple word shuffling script, with no database, email, or other
externally-processed services, you may have a script like so:

<?php

$word = $_REQUEST['word'];

echo str_shuffle($word)."<br />\n";
?>

    Because, in this case, it really doesn't matter if $word is
obtained via GET or POST, so you can allow external users to use your
service via an HTTP POST form or a plain URL.

    Conversely, it can also be used as a login mechanism or other
secure system, if you know what you're doing with regard to EGPCS


the C allow DoS attacks on clients via XXS/etc if $_REQUEST is used.

imagine setting a cookie "id=CANT_USE_THIS_SITE_ANYMORE" for a webshop
that has urls like "article.php?id=123" where article.php uses something like:

$id = (int)$_REQUEST["id"];

$_REQUEST is borked and should not contain ECS (of EGPCS) ... at least one
should be able to exclude certain superglobals without actually making not
set at all, currently you can't do that .. last I looked.

$_REQUEST = array_merge($_GET, $_POST); // the only sensible thing to do in all 
cases.


(which I mentioned to the wrong poster before! :-\) and proper secure
coding techniques.  It will go through a matter of precedence, which
can be useful in some (rare) circumstances.


but still borked in the case of REQUEST, Stefan Esser wrote about it.

--- End Message ---
--- Begin Message --- 
> Here is a VERY simplified test :)
> MAIN PAGE:
> <?PHP
> if($row['Tab'] == "done"){
>     $Tchecked1 = "CHECKED";
>     $Tchecked2 = NULL;
> }else{
>     $Tchecked1 = NULL;
>     $Tchecked2 = "CHECKED";
> }
> 
> echo"
> <fieldset>Tab<BR>
> <input type="radio" name="rdoTab" value="done" $Tchecked1>Done <BR>
> <input type="radio" name="rdoTab" value="on" $Tchecked2>Not Done<BR>
> </fieldset>";
> ?>
> PROCESSING:
> <?PHP
>                 $tab = $_POST['rdoTab'];
>                 $record = $_POST['txtRecord'];
>                 $updateQuery = "UPDATE `current` SET Tab='$tab'  WHERE
> Record='$record'";
>                
> mysqli_real_query($link, $updateQuery);   

Checkboxes and radio buttons only post back the values for the ones
selected.

If you have:

<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input type="checkbox" name="ids[]" value="1">Option 1<br/>
<input type="checkbox" name="ids[]" value="2">Option 2<br/>
<input type="checkbox" name="ids[]" value="3">Option 3<br/>
</form>

view that, and tick options 1 and 3, only they will be available in $_POST.

This has not changed in any version of php, it has always been this way
- and it will be exactly the same in perl, python, ruby and any other
language.

-- 
Postgresql & php tutorials
http://www.designmagick.com/

--- End Message ---
--- Begin Message --- 
grrr ... I rear my ugly head, briefly ...

Ron Piggott schreef:

I am trying to scramble individual words and/or phrases.


try harder.

<?php

function mixit($m) {
        return trim(chunk_split(str_shuffle(strtoupper($m[1])),1,' '));
}

echo preg_replace_callback('#(\w+)#', 'mixit', 'The rain. in Spain falls, mainly 
"on" the plain!');

?>

have integrity, read these before you copy, paste 'n' use:


        http://php.net/chunk_split
        http://php.net/preg_replace_callback


questions on a postcard to Dan Brown, he just got married, he deserves it ;-)

--- End Message ---
--- Begin Message --- 
Jochem Maas schreef:

</snip>

this is a little better:

<?php

// $argv[1] is the first script argument on the CLI
$phrase = isset($argv[1]) && is_string($argv[1]) ? $argv[1] : 'The rain. in Spain falls, 
mainly "on" the plain!';
$phrase = preg_replace_callback('#(\w+)#', 'mixit', str_replace(" ", "  ", 
$phrase));

function mixit($m)
{
    return trim(chunk_split(str_shuffle(strtoupper($m[1])),1,' '));
}

--- End Message ---
--- Begin Message --- 
Team,

 

Can anyone help me create a form, so I can just insert from a website to my
players profile database?

I am trying to learn php all over again, so bare with me please.

 

I just need into use form to submit player into players database.

Or, should I continue to use the phpmyadmin 2.10.1

 

Also, I created a position table, Should I label what position the player
has with in the player table?

 

IE QB = 1, RB = 2, etc.

 

 

 

Karl James

www.theufl.com

[EMAIL PROTECTED]

--- End Message ---
--- Begin Message ---
You're absolutely right, but the problem is not about how the SID is passed between the scripts, it is more about why some variables are written in the session file while others are not, even when these variables are created within the same script at the same time. If the SID was not correctly passed, it wouldn't find any other variables. I also wonder why this randomly happens ... 

I agree about the HTML/1.1 specs, I'm just a bit lazy ;)

K.


Shawn McKenzie a écrit :


http://us.php.net/manual/en/function.header.php
Note: Session ID is not passed with Location header even if session.use_trans_sid is enabled. It must by passed manually using SID constant. 

-Shawn

--- End Message ---
--- Begin Message --- 
Hi

How can we enable php-mysqli support on linux machine using yum etc.,
without reinstalling php again?

Also how to check it - Is php-mysqli package is present or not?

Thanks
Kapil

--- End Message ---

Reply via email to