I am taking a quick look through the access logs on our dev box, and
came across this little nasty that was trying to execute itself as a XSS
attack(?)
?
$ker = @php_uname();
$osx = @PHP_OS;
echo f7f32504cabcb48c21030c024c6e5c1abr;
echo h2SysOSx:$ker/h2/br;
echo h2SysOSx:$osx/h2/br;
if ($osx ==
On Friday 05 October 2007, Paul Scott wrote:
On Thu, 2007-10-04 at 22:38 -0700, tbt wrote:
I'm a newbie to php and i would like to know a way of viewing runtime
errors on the browser. Currently when an error occurs nothing is
displayed on the browser. Is there any way of viewing all error
I added the following lines to the top of my script but still no error
messages show up on the browser.
When a php error occurs the entire page is still shown blank.
Larry Garfield wrote:
On Friday 05 October 2007, Paul Scott wrote:
On Thu, 2007-10-04 at 22:38 -0700, tbt wrote:
I'm a
On Fri, 2007-10-05 at 00:32 -0700, tbt wrote:
I added the following lines to the top of my script but still no error
messages show up on the browser.
When a php error occurs the entire page is still shown blank.
Is your script *supposed* to output something?
--Paul
All Email originating
Yannick Warnier wrote:
but you can't generate a PDF using XML and XSLT, although XSLT is, to
my understanding, made to enable export in various formats from the
same XML file.
XSLT is a style language, and you could quite possibly make it produce a
PDF.
It seems that in this case
i was just wondering if there is an irc channel for php?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
I think the $lock_result is just a resource #id you haven't fetched any data
yet. True?
Aleksander
Dan Shirah wrote:
Ah, what a lovely case of the Friday morning brain farts!
I have a query that selects some data from a table based on the current ID
selected.
If the query does not return
Ah, what a lovely case of the Friday morning brain farts!
I have a query that selects some data from a table based on the current ID
selected.
If the query does not return any results, I want it to continue to another
query that will insert a record into the table.
Below is what I have...but it
Okay, gotcha!
I changed it to this and it works:
?php
$request_id = $_GET['id'];
$current_user = substr($_SERVER['AUTH_USER'], 13);
$lock_query = SELECT id, locked_by_user FROM locked_payments WHERE id =
'$request_id';
$lock_result = mssql_query($lock_query) or die(mssql_get_last_message());
On Mon, 2007-10-01 at 11:58 -0400, Bill Moran wrote:
I posted this to internals@ on Friday and haven't heard anything.
Hi Bill!
This patch is *great*. In fact, I'll take two! It's a steal! I was
running into the same problem and your patch is a life saver!
Free beer for Bill in the
-Original Message-
From: Paul Scott [mailto:[EMAIL PROTECTED]
Sent: 05 October 2007 06:44
On Thu, 2007-10-04 at 22:38 -0700, tbt wrote:
I'm a newbie to php and i would like to know a way of
viewing runtime errors
on the browser. Currently when an error occurs nothing is
This is indeed the complete code, I did not cut anything out for
brevity, which is why this appears to be so impossible.
eAccelerator is activated, could something be corrupt? Could a
corrupt index cause this?
In table1, `referer` is int(12).
In table2, `data` is text
In table2,
yes it is
pscott wrote:
On Fri, 2007-10-05 at 00:32 -0700, tbt wrote:
I added the following lines to the top of my script but still no error
messages show up on the browser.
When a php error occurs the entire page is still shown blank.
Is your script *supposed* to output
try putting this on the top of your PHP page
?php
error_reporting(E_ALL);
?
tbt wrote:
yes it is
pscott wrote:
On Fri, 2007-10-05 at 00:32 -0700, tbt wrote:
I added the following lines to the top of my script but still no error
messages show up on the browser.
When a php
Maybe display errors is set on off?
?
ini_set('display_errors','1');
?
Aleksander
tbt wrote:
yes it is
pscott wrote:
On Fri, 2007-10-05 at 00:32 -0700, tbt wrote:
I added the following lines to the top of my script but still no error
messages show up on the browser.
When a php
Hi Slith,
#php on irc.freenode.net is a nice PHP channel
Slith wrote:
i was just wondering if there is an irc channel for php?
--
With Warm Regards,
Sudheer. S
http://www.binaryvibes.co.in
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
Hi Brian,
Friday, October 5, 2007, 1:28:35 PM, you wrote:
This is indeed the complete code, I did not cut anything out for
brevity, which is why this appears to be so impossible.
eAccelerator is activated, could something be corrupt? Could a
corrupt index cause this?
In table1,
I'll just put my comments inline for you...
Dan Shirah wrote:
Okay, gotcha!
I changed it to this and it works:
?php
$request_id = $_GET['id'];
$current_user = substr($_SERVER['AUTH_USER'], 13);
You can't trust this info.
$lock_query = SELECT id, locked_by_user FROM locked_payments WHERE
I definitely misunderstood what you guys are saying about the length.
That's clearly a problem for a lot of my values.
I can switch them both to bigint. One table has 34,000,000 records
and it's OK if this is hung up for a few minutes but not much longer
than that - any chance this change
Paul Scott wrote:
I am taking a quick look through the access logs on our dev box, and
came across this little nasty that was trying to execute itself as a XSS
attack(?)
Interestingly enough, MimeDefang/ClamAV quarantined your message
because of that script:
Quarantine Messages:
On Fri, 2007-10-05 at 07:38 -0600, Ashley M. Kirchner wrote:
Quarantine Messages:
Message quarantined because of virus: PHP.Shell.
Someone saw it somewhere and reported it...
Don't you love Free Software? ;)
--Paul
All Email originating from UWC is covered by
Brian Dunning wrote:
I definitely misunderstood what you guys are saying about the length.
That's clearly a problem for a lot of my values.
I can switch them both to bigint. One table has 34,000,000 records and
it's OK if this is hung up for a few minutes but not much longer than
that - any
Hi Brian,
Friday, October 5, 2007, 2:10:32 PM, you wrote:
I definitely misunderstood what you guys are saying about the length.
That's clearly a problem for a lot of my values.
I can switch them both to bigint. One table has 34,000,000 records
and it's OK if this is hung up for a few
On Friday 05 October 2007, Per Jessen wrote:
Yannick Warnier wrote:
but you can't generate a PDF using XML and XSLT, although XSLT is, to
my understanding, made to enable export in various formats from the
same XML file.
XSLT is a style language, and you could quite possibly make it
On 10/5/07, Paul Scott [EMAIL PROTECTED] wrote:
On Fri, 2007-10-05 at 07:38 -0600, Ashley M. Kirchner wrote:
Quarantine Messages:
Message quarantined because of virus: PHP.Shell.
Someone saw it somewhere and reported it...
Don't you love Free Software? ;)
--Paul
$request_id = $_GET['id']; --- I suppose this would be an int. True? If
so then add:
?php
$request_id = intval($_GET['id']);
?
Aleksandar
marek wrote:
Even better:
?php
$request_id = $_GET['id'];
$current_user = substr($_SERVER['AUTH_USER'], 13);
$lock_query = SELECT id, locked_by_user
tbt wrote:
Hi
I'm a newbie to php and i would like to know a way of viewing runtime errors
on the browser. Currently when an error occurs nothing is displayed on the
browser. Is there any way of viewing all error messages on the browser
itself.
Thanks
From what I read in your other posts, it
On 10/5/07, Ashley M. Kirchner [EMAIL PROTECTED] wrote:
Daniel Brown wrote:
The biggest issue does still remain: if this is on your local
system, you need to figure out exactly how it got there in the first
place
I thought the OP said he noticed it in his logs... I understood
Even better:
?php
$request_id = $_GET['id'];
$current_user = substr($_SERVER['AUTH_USER'], 13);
$lock_query = SELECT id, locked_by_user FROM locked_payments WHERE id =
'$request_id';
$lock_result = mssql_query($lock_query) or die(mssql_get_last_message());
$lock_row =
I would advise against using intval if the sql data type is anything
greater and/or equal to int unsigned.
PHP on 32 bit systems: intval can only handle values up to 2147483647.
sql unsigned int can go up to |4294967295 and bigints even higher
This could cause serious problems ...
Marek
Daniel Brown wrote:
Yeah, honestly I wasn't sure if it was an injection attack or if
those URLs were referrers in the logs.
If you hit the first URL ( http://www.vesprokat.ru/n ) with, say
lynx, you get that script coming up. So it could've been referral
hits. Which could mean the
On Fri, 2007-10-05 at 11:29 -0400, Daniel Brown wrote:
Yeah, honestly I wasn't sure if it was an injection attack or if
those URLs were referrers in the logs.
OK sorry if I wasn't 100% clear here, but the logs showed up something
like:
On 10/5/07, Paul Scott [EMAIL PROTECTED] wrote:
On Fri, 2007-10-05 at 11:29 -0400, Daniel Brown wrote:
Yeah, honestly I wasn't sure if it was an injection attack or if
those URLs were referrers in the logs.
OK sorry if I wasn't 100% clear here, but the logs showed up something
like:
Daniel Brown wrote:
The biggest issue does still remain: if this is on your local
system, you need to figure out exactly how it got there in the first
place
I thought the OP said he noticed it in his logs... I understood
that as someone cleverly trying to inject it somehow and it ended
Dan Shirah wrote:
Ah, what a lovely case of the Friday morning brain farts!
I have a query that selects some data from a table based on the current ID
selected.
If the query does not return any results, I want it to continue to another
query that will insert a record into the table.
Below is
Hello,
I need to handle very large file uploads and push the data into a socket.
Having php to write everything to a temporary file, then reading it
again inside the script and pushing it into the socket is very inefficient
and imposes size limitations to the uploaded files (which may reach GB
Larry Garfield wrote:
On Friday 05 October 2007, Per Jessen wrote:
Yannick Warnier wrote:
but you can't generate a PDF using XML and XSLT, although XSLT is, to
my understanding, made to enable export in various formats from the
same XML file.
XSLT is a style language, and you could quite
At 11:18 PM -0400 10/4/07, Nathan Nobbe wrote:
On 10/4/07, tedd mailto:[EMAIL PROTECTED][EMAIL PROTECTED] wrote:
Hi gang:
I asked this question on the javascript list, but for some reason
it's taking forever to post there. So, I figured that I would ask
here as well.
I'm currently sending
Stefanos Stamatis wrote:
Hello,
I need to handle very large file uploads and push the data into a socket.
Having php to write everything to a temporary file, then reading it
again inside the script and pushing it into the socket is very inefficient
and imposes size limitations to the uploaded
At 10:38 PM -0700 10/4/07, tbt wrote:
Hi
I'm a newbie to php and i would like to know a way of viewing runtime errors
on the browser. Currently when an error occurs nothing is displayed on the
browser. Is there any way of viewing all error messages on the browser
itself.
Thanks
tbt:
Welcome
On 10/5/07, tedd [EMAIL PROTECTED] wrote:
At 11:18 PM -0400 10/4/07, Nathan Nobbe wrote:
On 10/4/07, tedd mailto:[EMAIL PROTECTED][EMAIL PROTECTED] wrote:
Hi gang:
I asked this question on the javascript list, but for some reason
it's taking forever to post there. So, I figured that I
This might be a way to do it:
*Example 1*
script
function appendMeBaby(aVar){
self.location.href = 'img.php?s=' + aVar +
'someOtherVar=itIsMeTheValue';
}
/script
a href=javascript:appendMeBaby(?php echo($value);?);Click here/a
*Example 2*
script
function appendMeBaby(aVar, bVar){
strange; i missed that when i put it together; my bad, it was late.
here is a revision that works.
html
head
script type=text/javascript
window.onload = function() {
var someLink = document.getElementById('someLink');
someLink.href +=
Daevid Vincent wrote:
TR class=?php echo ($r = !$r) ? dataRow1 : dataRow2; ?
I love the simplicity, and very cool.
But why does the ($r=!$r) ternary condition work?. (I understand
that it DOES but not WHY.)
TIA,
Jeff
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
On Fri, 2007-10-05 at 19:19 +0200, Aleksandar Vojnovic wrote:
This might be a way to do it:
*Example 1*
script
function appendMeBaby(aVar){
self.location.href = 'img.php?s=' + aVar +
'someOtherVar=itIsMeTheValue';
}
/script
a href=javascript:appendMeBaby(?php echo($value);?);Click
On Fri, 2007-10-05 at 14:00 -0500, Jeff Cohan wrote:
Daevid Vincent wrote:
TR class=?php echo ($r = !$r) ? dataRow1 : dataRow2; ?
I love the simplicity, and very cool.
But why does the ($r=!$r) ternary condition work?. (I understand
that it DOES but not WHY.)
Because he's rotating
[snip]
But why does the ($r=!$r) ternary condition work?. (I understand
that it DOES but not WHY.)
Because he's rotating between boolean values.
$r = true;
$r = !$r;// Now $r is false;
$r = !$r;// Now $r is true;
$r = !$r;// Now $r is false;
$r = !$r;//
Jay Blanchard wrote:
We just did that proof in the office as well. With a little echoing you
will see that when $r is TRUE it is set to 1, when it is false it is set
to NULL.
But it still should not work logically because you are performing an
assignment in the IF (it doesn't have to be ternary
[snip]
But why does the ($r=!$r) ternary condition work?. (I understand
that it DOES but not WHY.)
[/snip]
Check this out -
http://us3.php.net/manual/en/language.operators.assignment.php
It says the value of the assignment is the value assigned, so maybe
assignments to anything other than 0
On Fri, 2007-10-05 at 13:46 -0500, Jay Blanchard wrote:
[snip]
But why does the ($r=!$r) ternary condition work?. (I understand
that it DOES but not WHY.)
[/snip]
Check this out -
http://us3.php.net/manual/en/language.operators.assignment.php
It says the value of the assignment is
[snip]
The value of the expression is the value assigned. Since the ! operator
will always return a boolean then the assigned value is going to be a
boolean. So $r will always contain a boolean for the purposes of the
ternary operation.
[/snip]
And it also work if the statement is not ternary
--
On Fri, 2007-10-05 at 14:49 -0400, Nathan Nobbe wrote:
On 10/5/07, Jay Blanchard [EMAIL PROTECTED] wrote:
It looks like PHP has an unintentional feature. Doing this;
if($r =
!$r) should always return TRUE because it is an assignment. I
don't know
[snip]
The value of the expression is the value assigned. Since the ! operator
will always return a boolean then the assigned value is going to be a
boolean. So $r will always contain a boolean for the purposes of the
ternary operation.
And it also work if the statement is not ternary
[/snip]
On 10/5/07, Stefanos Stamatis [EMAIL PROTECTED] wrote:
Hello,
I need to handle very large file uploads and push the data into a socket.
Having php to write everything to a temporary file, then reading it
again inside the script and pushing it into the socket is very inefficient
and imposes
On Fri, 2007-10-05 at 14:04 -0500, Jay Blanchard wrote:
[snip]
The value of the expression is the value assigned. Since the ! operator
will always return a boolean then the assigned value is going to be a
boolean. So $r will always contain a boolean for the purposes of the
ternary operation.
[snip]
if($r = !$r)
[/snip]
And I hit send before I finished my thought process oh my goodness isn't
it five o'clock yet and why do all of these people keep coming by my
office distracting me from getting something useful done like replying
the PHP list and why doesn't someone bring me a beer?
[snip]
if($r = !$r)
it is a conditional test.
? foo : bar;
...is the ternary operation. Just wanted to clean up the usage there.
Did I miss something? The code I saw was the following:
TR class=?php echo ($r = !$r) ? dataRow1 : dataRow2; ?
And that is definitely using the
Any time I compile PHP 4.4.7 with --with-ssl my apache 1.3.39 server core
dumps on my FreeBSD 6.1 box. Anyone have a work around for this or
suggestions where to look? I was having a similar problem with Curl, but
once I told curl where the OpenSSL home dir was that solved that problem.
The
First, I am flattered for all the elegant comments.
Honestly, this is PHP 102 level stuff, so I don't see all the fuss.
Yes it is the ternary operator -- I'm a big fan of that one.
(http://us.php.net/manual/en/language.expressions.php)
In the below example, (while sloppy on my part), by NOT
Nathan Nobbe wrote:
personally, i wont argue w/ the compact nature of the
statement; its nice.
I agree. Very elegant. Thanks for the clarifications, folks.
its mysterious statements like this that make code fragile,
imho. i prefer the modulus approach.
I would have agreed before reading
On Fri, 2007-10-05 at 14:17 -0500, Jay Blanchard wrote:
[snip]
if($r = !$r)
[/snip]
And I hit send before I finished my thought process oh my goodness isn't
it five o'clock yet and why do all of these people keep coming by my
office distracting me from getting something useful done like
On 10/5/07, Jay Blanchard [EMAIL PROTECTED] wrote:
It looks like PHP has an unintentional feature. Doing this; if($r =
!$r) should always return TRUE because it is an assignment. I don't know
if I would rely on this.
its not an unintentional operation; its the order of operations.
logical
2007. 10. 5, péntek keltezéssel 12.57-kor tedd ezt írta:
At 10:38 PM -0700 10/4/07, tbt wrote:
Hi
I'm a newbie to php and i would like to know a way of viewing runtime errors
on the browser. Currently when an error occurs nothing is displayed on the
browser. Is there any way of viewing all
its mysterious statements like this that make code fragile,
imho. i prefer the modulus approach.
I would have agreed before reading the clarification. Not so sure
now...
At the risk of semantic nitpicking, and only because I find this
discussion stimulating (pity us poor geeks), I
Hi all,
is it somehow possible to store the connection reference obtained from
mysql_connect() (note the absence of the i) in a $_SESSION element?
--
Stefano Esposito
--
Email.it, the professional e-mail, gratis per te: http://www.email.it/f
Sponsor:
Problemi di Liquidità? Con Logos
Stefano Esposito wrote:
is it somehow possible to store the connection reference obtained from mysql_connect()
(note the absence of the i) in a $_SESSION element?
No. Why would you want to? You'd end up holding on to a database
connection even when nothing is using it. If you want to
Stut
What's good for multiple webservers? thanks
-Original Message-
From: Stut [mailto:[EMAIL PROTECTED]
Sent: Friday, October 05, 2007 4:31 PM
To: Stefano Esposito
Cc: php-general@lists.php.net
Subject: Re: [PHP] MySQL and SESSIONs
Stefano Esposito wrote:
is it somehow possible to
Vo, Lance wrote:
What's good for multiple webservers? thanks
* DO NOT USE PERSISTANT CONNECTIONS
* Minimise the amount of time you keep a database connection open during
a request. Good logic/presentation separation helps a lot here.
* Cache the crap out of everything - don't hit the DB
At 7:43 AM -0400 10/5/07, Dan Shirah wrote:
Ah, what a lovely case of the Friday morning brain farts!
I have a query that selects some data from a table based on the current ID
selected.
If the query does not return any results, I want it to continue to another
query that will insert a record
At 7:43 AM -0400 10/5/07, Dan Shirah wrote:
Ah, what a lovely case of the Friday morning brain farts!
I have a query that selects some data from a table based on the current ID
selected.
If the query does not return any results, I want it to continue to another
query that will insert a
It's already in an array format. I don't remember off the top of my head but
there's some function like resultsarray which turns the resutls into an array.
I'm already storing the array in the session.
John A DAVIS [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]
stick in in an
Apache and PHP 4.3.9 are on a *nix server and we don't have root access,
HOWEVER we can have the tech support perform pretty much any action except
re-compile PHP (for which they charge), but I'm hoping i could dynamically
load extensions during run-time. I just need to know which extensions.
On 10/5/07, Jason Paschal [EMAIL PROTECTED] wrote:
Apache and PHP 4.3.9 are on a *nix server and we don't have root access,
HOWEVER we can have the tech support perform pretty much any action except
re-compile PHP (for which they charge), but I'm hoping i could dynamically
load extensions
Jason Paschal wrote:
Apache and PHP 4.3.9 are on a *nix server and we don't have root access,
HOWEVER we can have the tech support perform pretty much any action except
re-compile PHP (for which they charge), but I'm hoping i could dynamically
load extensions during run-time. I just need to
74 matches
Mail list logo