[PHP] newbie having problem with SID

; ?> The session id isn't attached to the link in the end of the script, and therefore $count always is '1', even after I click the link. But the $_COOKIE["PHPSESSID"] does contain a value. I'm using PHP 4.2.2 and according to phpinfo() session.use_trans_si

Re: [PHP] newbie having problem with SID

ink that's the version when this was changed)? Best regards, Anders Thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] need help with sessions

Hi again, I'm still trying to understand sessions, and have made some progress during the afternoon, thanks to Ernest E. Vogelsinger. I'm at the moment trying to get a login-script up and running, but without 100 percent success. The script is split up in two major parts: bilder.php, which is

[PHP] script design question

sy for me to track what happens when. Is this a good way to do things? When is it a good thing to write multi-purpose scripts like my skeleton above, where one thing is shown on first run and then different things depending on what the user does, and when is it better to put not just functions

[PHP] preventing sql injections

Would this function do the trick? // validate.php - functions that validates form input function validate_string($unsafe_string) { // create array containing bad words $badwords = array(";","--","select","drop","insert","xp_","delete"); $goodwords = array(":","---","choose","leave","add",

Re: [PHP] preventing sql injections

addslashes should be enough and put qoutes arround your strings in the sql Meaning that a query like this one is safe, as long as I first have $e_namn = addslashes($e_namn);? $query = "INSERT INTO addr (last_name, first_name, email) VALUES(\"$e_namn\",\"$f_namn\",\"$email\")"; -- PHP Gene

[PHP] ereg.

What's wrong with the following regular expression? As far as I can se, only alphabetic characters including the special swedish ones, should be let through, but whatever character passed on in $_REQUEST['f_name'] passes the test? if(!ereg("(^[a-zA-ZåÅäÄöÖ]{4,20})", $_REQUEST['f_name'])) { e

[PHP] help with preg_match

Hi, I'm trying to write a function that validates the input in a textarea. I just want to allow alphanumrical characters, and if the user enters anything else, I display an error message by calling error(). But the following doesn't work. Even if I enter "hello" in the textarea, I get the er

[PHP] security in guest book and user forums

I've seen both guest books and user forums "hacked" by users who enter javascript or other code, and that way redirects vistors to other sites or do other unwelcome things. What expressions should I look for and not allow in my forms? Best regards, Anders -- PHP General Mailing List (http

[PHP] upgrading WAMP environment

I've been using Apache, MySQL and PHP under Win2k for a while to learn PHP. At the moment, I'm running PHP 4.2.2, MySQL 3.23.39 and Apache 2.0.40. During the holidays, I've read about a security hole in MySQL and therefore plans to upgrade to 3.23.54a. At the same time, I want to install PHP

[PHP] building web album - design questions

I've understood things right, there is functions within PHP that can handle picture resizing? Is that correct? Best regards, Anders Thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] help needed building query string based on which form fields that are filled.

_name)) { some_commands_to_add_$f_name_to_querystring } some_commands_to_build_querystring_based_on_if's   $result = mysql_query($query)     But what commands/functions should I use to build the query? -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, v

[PHP] processing form with unknown number of checkboxes, each with a unknown name.

w many checkboxes there are, and what their names will be. How do I do this? Is the form ok, or is a bad form design the reason I can't figure out what to form processing code should be? -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] help needed with form and mysql design.

sed along. From what I understand, information about unchecked boxes is never passed? Right now, my solution is to first set the field access in the table accessrights to N for every user and then update the table with an Y for those with checked boxes. But how can I limit the MySQL queries to

[PHP] how to write clean code.

Where can I find good guidelines on how to write PHP-code that's easy to read for a human? -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] jumping between php and html or using echo for printing html-tags.

Which is more efficient: function admin_menu() { echo " Meny "; echo "Medlemmar"; echo "Album"; echo "Huvudmeny"; echo "Logga ut"; } or function admin_menu() { ?> Meny Medlemmar Album Huvudmeny Logga ut } Any reasons ot

[PHP] when is OOP a good choice?

rom OOP? 2. When is OOP a good choice for a PHP script, and when is ordinary functions a better call? -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] why doesn't default values for this function work - resending because of bad formatting

e tried with "zero", "null" and "0" as signals to the function that a max_length isn't applied. Nothing works. But I've several functions with the same syntax, all working... -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] need help with table lock - could this be performed with mysql commands or do I to write my own PHP function

ock() is called to make sure that no other editor opens the content before it's saved and release_lock() is called, which will remove the line from table_lock again. Is this a good way to do this? Or are there any other suggestions? -- anders thoresson -- PHP General Mailing List (http://

[PHP] why doesn't default values for this function work

gth is passed, and $max_length gets the value -1, the if- loop if ($max_length > -1) is still run. 2) Calls to my own function error doesn't work. Instead of creating a popupwindow with javascript (which works in other places where error() is called) the errormessage is printed like html.

Re: [PHP] need help with table lock - could this be performed with mysql commands or do I to write my own PHP function

What happens when the user doesn't finish editing or the browser simply crashes on him? Well. Didn't think of that. So how can I avoid that two editors loads the same record for editing at the same time, while still making all records available for regular visitors to read? -- anders

[PHP] send group of files at once to website administrator

= opendir('/web/un/backup')) { echo "Files:\n"; /* This is the correct way to loop over the directory. */ while (false !== ($file = readdir($handle))) { echo "Download $file here\n"; } closedir($handle); } -- anders thoresson -- PHP Gene

Re: [PHP] Re: why doesn't default values for this function work

ether $max_length is set or not } Is there really something wrong with this logic (since it doesn't work, it obvious is, but what)? -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] why doesn't default values for this function work - resending because of bad formatting

gth is passed, and $max_length gets the value -1, the if- loop if ($max_length > -1) is still run. 2) Calls to my own function error doesn't work. Instead of creating a popupwindow with javascript (which works in other places where error() is called) the errormessage is printed like html. What

Re: [PHP] Re: why doesn't default values for this function work

e_string); $unsafe_string = htmlentities($unsafe_string); $unsafe_string = strip_tags($unsafe_string); $unsafe_string = trim($unsafe_string); Return $unsafe_string; } Are the last steps (AddSlashes through trim) overkill? I want to make it safe for mysql. -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] first time using exec() - are getting parse error.

works fine on my local Win2k, php 4.3.1, but not on my ISP:s Sun Solaris/php 4.3.2 machine I get a parse error. What am I doing wrong? Is there a better way to backup my database? -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] problem with sessions - IE working after session.use_trans_sid enabled.

eally understand how session.use_trans_sid made the difference? -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] first time using exec() - are getting parse error.

What is the error you get? Problem solved: it was a combination of permissions and wrong options. -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] shouldn't mysql_pconnect force reuse of mysql connections?

nd then no more new a added, but the "time" column reset, which I take means that that id is reuses? Thank's for helping me sort things out! -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] shouldn't mysql_pconnect force reuse of mysql connections?

t, all with command Sleep. Does MySQL clean this list when they've been to sleep for too long? -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] "back" works in opera but not in internet explorer

When I push the back buttom in Opera, I get back to the previous (database/php-generated) page in my site, but when I'm using IE and push back, I get a message saying that the page isn't valid any more. Is this an internal IE-issue, or could I make my php-script IE-friendly?

Re: [PHP] "back" works in opera but not in internet explorer

Does it work when you refresh the page? No. A reload in Internet Explorer kicks me out of my web application. Does a reload within IE reset session variables? Reloading a page in the application using Opera works. -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To

Re: [PHP] "back" works in opera but not in internet explorer

s set, here I display the login form } And since reloads brings up the login form, $_SESSION['uname'] is not set anymore, for some reason. //Anders -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] one out of four session variables lost

causing the editor menu not being shown. A check through all my source code shows that the only instance where I assign is in accesscontrol() shown above. Are there any known circumstances where session variables are lost? (I guess that the answer is no, and this is an error caused by mysel

[PHP] accessing result-set with associative array

esson.net\include\user_functions.php on line 24 I've been trying to learn PHP for three months now, but tonight was the first time I sat down with my project for two week, so I'm sorry if I'm bothering you with something obvious that I've just forgotten. :) But I need to kn

[PHP] file upload

mp_name'])) { die("Problem: Filen är inte uppladdad"); } $upfile = "__traningsmatcher.txt"; if(!copy($_FILES['userfile']['tmp_name'], $upfile)) { die("Kunde inte spara filen"); } echo("Filen är sparad!"); ?> -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] file upload

This is the first upload script I'm writing. -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] need help breaking out of loop.

$issue_number = 1; $current_date = $current_date + 86400; $i++; $issue_number++; continue; } $current_date = $current_date + 86400; $i++;

[PHP] problem with mktime

The following line of code doesn't work for me: $previous_issue_unixdate = mktime(0, 0, 0, $previous_issue_month, $previous_issue_day, $previous_issue_year, 0); $previous_issue_month is set to 06, _issue_day is 30 and _issue_year to 2003. Still $previous_issue_unixdate is emtpy. -- a

[PHP] mysql lock

her queries on the table, in between which I do some PHP work, and then release the lock several queries and lines of PHP code later? In general, when is it wise to use a lock, and when is it uneeded? -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] session handling works on local server, but not when uploaded to ISP

se also at my local server? -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] function doesn't return value

'] and $_POST['u_pwd1'] as well as $unchecked_password1 and $unchecked_password2 contains the entered values, but $u_pwd is empty. Why? As with my previous problems this evening, it works on my local server, but not on my ISP's. At home I'm running Windows 2000 and

[PHP] differences in session handling between 4.1.1 and 4.3.1

ON['u_id'] changes. And at my localhost, $_SESSION's stays put. I'm going crazy here. -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: differences in session handling between 4.1.1 and 4.3.1

e any feeling that helps me, no matter how faint, are wanted. I'm going crazy here. ;-)) -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] function doesn't return value

AFAIK in PHP, if you don't specifically return something from a function, the function will not return anything. True. I'm so frustrated over here that I miss the most obvious things. Thank's. Strange thing is that it worked at my localhost, though. -- anders thoresson -- PHP

[PHP] session problem solved.

pt work on my localhost? Next step is to try the script that work at my ISP's server at my localhost. ;-) -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] web site security: how to hide login info for mysql-connection

s.php should be placed in a directory outside the html/php-directories. Today, my web directory is /home/anders/public_html and subdirectories to public_html. Should settings.php be placed in /home/anders/include? -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubs

Re: [PHP] web site security: how to hide login info for mysql-connection

heir own set ow include_directories? -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] this code unsets $_SESSION['editor'] but doesn't touch any other session variables

SSION['editor'], but leaving others, like $_SESSION['admin'] untouched. At the first debug, I get "Admin: Y Editor: Y" printed (which is the way I suppose things to be), but at the second debug I just get "Admin: Y Editor:". I can't find the error

Re: [PHP] this code unsets $_SESSION['editor'] but doesn't touch any other session variables

You more than likely have register globals ON, so by setting $editor to some value above, you are also changing the value of $_SESSION['editor']. Yes! Settings at ISP was with globals on, but at my local server they were off. Which added quite a lot to my confusion. Thanks! -- anders

Re: [PHP] this code unsets $_SESSION['editor'] but doesn't touch any other session variables

> while ($editor = mysql_fetch_row($editorresult)) How about changing from an assignment operator "=" to a comparison operator "==". No. I want to step through each and every one of the rows in the result set, and that's done that way. -- anders thoresson

[PHP] where are the good examples of using OOP?

od way and which I can have a look at to see how things are done. Best regards, -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] configuration class - skeleton code for first OOP adventure

nts); $contents = $new_contents; } $fp = fopen($this->configurationFile, "w" ); fwrite($fp, $contents); fclose($fp); } } Best regards, -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: configuration class - skeleton code for first OOP adventure

nclude the controlling code in my constructor? -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] configuration class - skeleton code for first OOP adventure

" as new value. Not only the change value. -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] configuration class - skeleton code for first OOP adventure

Save yourself a lot of headache learn how to use PEAR and OOP all in one fell swoop by using PEAR::Config I've already had a look at it, but it's to big for me to get. Though learning by doing would be a better way. -- anders thoresson -- PHP General Mailing List (http://www.ph

[PHP] is it safe to store username and password for mysql connection in session variables?

is needed? What I don't understand, and hence the questions, is wether session variables are accessible by my website's visitors, or just to the php-scripts on the server. -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] secure query string before sending it to mysql

ell. $dbQuery will be query string like "INSERT INTO $article_table SET a_header = '$a_header'". Is there anything I can do, inside the method, to increase security? -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] is it safe to store username and password for mysql connection in session variables?

curity Handbook Coming mid-2004 Nice. From which publisher? -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] is it safe to store username and password for mysql connection in session variables?

.htaccess file in my public_html dir and then access it as $_ENV['DB_PASS']? What should the access rights to .htaccess be? -rw--- or something else? -- anders thoresson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] images doesn't seem to cache

Hi, I put all my images outside the web root, the prevent direct access, and then access them with a -tag like this: where fnc_get_image.php is: // Check if user is logged in require_once 'global_includes.php'; $user =& new User(); // Get path to image for display $path = $_GET['path']; // Prepe

Re: [PHP] images doesn't seem to cache

Your eyes are fine. You need to check for If-Modified-Since header, if the time is older than file modification time (filemtime()) send Last-Modified header and the image, else send 304 Not Modified response. This code seems to work. Have I got it right? // Get the time the cache file was last m

Re: [PHP] images doesn't seem to cache

This code seems to work. Have I got it right? No. I have not. Sometimes the images are viewed from the cache, just to get downloaded from the server again next time, just a minute later, when I try again. My local development server is running IIS, my production server is running Apache. Whe

Re: [PHP] images doesn't seem to cache

it won't be a php-parameter. Seen as the script isn't executed when the server decides it is the same as the cached version. So only if it deems not to be, then it runs the script, and when it does that, the script doesn't need to know anything about modified-since, because that checks has long