Re: [PHP] WHAT IS NEW to PHP 4.2.1

2002-06-11 Thread Chris Shiflett
This may be entirely incorrect, but something that might be worth checking is to find the SQL statements being executed for item 2) in your list and make sure that all values in the SQL statement have had addslashes() performed on them. For example, if your statement is something like:

Re: [PHP] netscape wont show form result

2002-06-11 Thread Chris Shiflett
You are experiencing two different problems. 1) The blank page you are seeing is possibly due to incorrect HTML markup, where you are using tables incorrectly (most common problem for people). Check to make sure you have the same number of data cells in each row, that all your tag are

Re: [PHP] netscape wont show form result

2002-06-11 Thread Chris Shiflett
of the script (as it should) while ie blissfully ignored it(??). Anyway it all works now. Thanks again. Chris Shiflett wrote: You are experiencing two different problems. 1) The blank page you are seeing is possibly due to incorrect HTML markup, where you are using tables incorrectly (most common

Re: [PHP] F5 problem...

2002-06-12 Thread Chris Shiflett
The best way to do this is with an HTTP header called Location. It is used like this. If page1.php contains a form that submits to page2.php, you will want to handle the form data with page2.php, and when you're finished, have a line that looks like this: header(Location:

Re: [PHP] session problems....

2002-06-14 Thread Chris Shiflett
I'm not sure what sysadmins you are talking about, but /tmp is typically a world-writable directory. Also, there is no such strict Unix naming convention. The directory /tmp is always /tmp, so matter how lenient you want to be. There is simply a difference between relative paths and absolute

Re: [PHP] Checking referrer?

2002-06-14 Thread Chris Shiflett
This depends on what you mean by right, of course, but remember that the referer (sic) is just a string. You can use any string manupulation functions to help you test your string, such as searching for substrings, matching patterns with regular expressions, etc. If you need more specific

Re: [PHP] String within a string

2002-06-16 Thread Chris Shiflett
Each item within double quotes is a literal string. The example you inquire about dynamically builds an SQL statement. For example, if $searchtype is author_name and $searchterm is Rasmus, then you would build a statement like: select * from books where author_name like '%Rasmus%'; The SQL

Re: [PHP] String within a string

2002-06-16 Thread Chris Shiflett
I might be misinterpreting the question, because it sounds like the same question as before. Let me try to be more thorough. SQL statements traditionally use single quotes around literal values. There is no reason of escaping that makes this characteristic exist. Now, in PHP, most people

Re: [PHP] variables not being passed from form ??

2002-06-18 Thread Chris Shiflett
Anthony, Can you create a very simple test case that demonstrates this problem and post it? It might reveal something, because otherwise, I don't see a cause for trouble with what you've described. Chris P.S. Please copy me in any replies if you want to make sure I see it. Anthony 'Crash'

Re: [PHP] Session problems based on browser?

2002-06-18 Thread Chris Shiflett
I'm not sure if this might be related to the problem you're having, but Internet Explorer has a long history of poor cookie implementation, from the browser allowing anyone to read cookies from any site (versions 4.0 - 6.0) to the browser not sending the cookie information in subsequent

Re: [PHP] Session problems based on browser?

2002-06-18 Thread Chris Shiflett
Netcom - Original Message - From: Chris Shiflett [EMAIL PROTECTED] To: Bob Irwin [EMAIL PROTECTED] Cc: php-general [EMAIL PROTECTED] Sent: Wednesday, June 19, 2002 11:36 AM Subject: Re: [PHP] Session problems based on browser? I'm not sure if this might be related to the problem you're

Re: [PHP] Session problems based on browser?

2002-06-18 Thread Chris Shiflett
I mentioned a couple in a previous email: header(Expires: . gmdate(D, d M Y H:i:s, time()) . GMT); header(Cache-Control: Private); Most HTTP headers with regards to caching are more intended to dictate proxy behavior. For example, the header above specifying that cache-control be private

Re: [PHP] recommend any good learning books

2002-06-21 Thread Chris Shiflett
I think Ramus's recent book, _Programming_PHP_ (O'Reilly), is quite a good introduction to the language and teaches some good fundamentals about the way PHP works as well. Chris [EMAIL PROTECTED] wrote: I am coming over from Perl life. Does anyone recommend any good beginners books on

Re: [PHP] header(Location with in URL

2002-06-21 Thread Chris Shiflett
Tom, Include the $returl variable within the quotes, like this: header(Location: $returl); If that doesn't work, add these two lines just before the header() function: echo h1[$returl]/h1; exit; Maybe that will uncover something. Chris Tom Beidler wrote: I'm trying to use header(Location

Re: [PHP] addslashes

2002-06-21 Thread Chris Shiflett
PHP is probably escaping the single quotes for you: it's - it\'s When addslashes() is applied to this, both the backslash character and the single quote are escaped: \ - \\ ' - \' The result is what you see: it\'s - it\\\'s If you strip slashes twice, you'll be back to normal. Chris

Re: [PHP] header() and explorer

2002-06-22 Thread Chris Shiflett
The only problem I know of with IE and using the header() function is when you use the header function like this: header(Location: http://www.php.net/;); IE will correctly realize that it needs to make a second request (GET, no matter what type of request the original was), but it fails to

Re: [PHP] When are Form Variables Null?

2002-06-22 Thread Chris Shiflett
Al, This depends entirely on your browser actually, as it is the one sending form variables back to the server in a POST request. Luckily, browsers are very consistent with how they handle this. :) Off the top of my head (I might be forgetting some form field types): text fields - always set

Re: [PHP] Anyone have slides for an Intro to PHP Class?

2002-06-22 Thread Chris Shiflett
Those presentations are great. Also, the source code to power them is available if your browse through the PHP CVS tree; I believe it's just called pres or something like that. That way you can tailor your slide shows to your audience as well as present it without having to have a network

Re: [PHP] Anyone have slides for an Intro to PHP Class?

2002-06-22 Thread Chris Shiflett
Take those presentations and modify them to fit your needs. I believe there is even a presentation on how to implement the presentation system. Chris 1LT John W. Holmes wrote: Sorry, I should've mentioned I had looked over those. I may take bits and pieces from those. Was just wondering if

Re: [PHP] UPDATE mysql

2002-06-22 Thread Chris Shiflett
Actually, it looks to me like you're missing a semicolon terminating your SQL statement. Try this: $query=update $table set field1='$var1' where id='$id';; 1LT John W. Holmes wrote: It's correct for PHP, but there's no telling what MySQL is actually recieving. - Original Message -

Re: [PHP] PLEASE HELP-Unable to get off this list

2002-06-22 Thread Chris Shiflett
Go here and do it yourself: http://www.php.net/mailing-lists.php [EMAIL PROTECTED] wrote: If any of you have an idea on who the admin is kindly tell him to remove me, he/she can send me a confirmation email if needed to prove that [EMAIL PROTECTED] is my address too, but please ask him/her

Re: [PHP] cookies

2002-06-22 Thread Chris Shiflett
This is sometimes a confusing issue for people, but remember that cookies work like this: 1) client requests a resource from a Web server 2) Web server returns a response to the client including a request to set cookies (Set-Cookie header) 3) client requests another page from the Web server

Re: [PHP] Error(Newbie)

2002-06-23 Thread Chris Shiflett
The only data returned by a browser in a Cookie header is the name/value pairs. So, your example would not pose a threat of any sort. The Referer and User-Agent are separate headers, but like all data from the client, they should also not be trusted. If you have magic quotes enabled, you're

Re: [PHP] netscape 4.x problem

2002-06-23 Thread Chris Shiflett
When you see document contains no data like that, the most likely cause is an endless loop. So, for whatever, reason, it seems that your conditional statement is returning true every time. Remove the Location header for now, and replace that line with: echo h1Redirecting to

Re: [PHP] Whos online at the moment in PHP

2002-06-23 Thread Chris Shiflett
Most questions like this depend more on your ability to think creatively than your experience with PHP, so don't let inexperience discourage you from exploring on your own. First, decide what you consider to be online exactly. If I, for example, requested a page 30 seconds ago, you would

Re: [PHP] Formatting phone numbers

2002-06-23 Thread Chris Shiflett
Corinne Shea wrote: Hi, I'd like to write a function that will take a string of characters and output it in a phone number format (xxx)xxx- and one for credit cards ---. This is actually very easy to do if all you want to do is format, meaning you have already validated

Re: [PHP] Limiting text inputs by character count?

2002-06-24 Thread Chris Shiflett
George Whiffen wrote: The best way to do this is server side with strlen(). You can use javascript or maxlength, but if a user wants to get around it, they can. ---John Holmes... John, The best way to do this is with both. maxlength/Javascript as a courtesy, strlen for security. As

Re: [PHP] what is wrong with this simple query?

2002-06-24 Thread Chris Shiflett
Try this: $query=select max(id) as id from bc_topic; Leave the rest the same. I'm not so sure that the max(id) selection will populate a column named id necessarily (in fact, I think it doesn't). That may be your problem. Chris Phil Schwarzmann wrote: Here is my code... $query = SELECT

Re: [PHP] fsockopen and HTTP/1.1???

2002-06-27 Thread Chris Shiflett
Alex Elderson wrote: The problem is the Connection: Close\n\n header. The webserver close the connection after the first request, if i remove the Connection: Close\n\n header the first fgets($web_conn, 128) command will never ends. This is because persistent TCP connections are the default

Re: [PHP] Populate Popup Menu from Database

2002-06-29 Thread Chris Shiflett
Mike Tuller wrote: I only ask questions if I have tried to do something myself already. I am not looking for someone to do something for me. When I do ask a question though, I feel I deserve at least a little respect. If you want to be an ass, do it somewhere else. It seems *you* are the one

Re: [PHP] Javascript to PHP?

2002-06-29 Thread Chris Shiflett
Jed Verity wrote: I can't find any information on passing JavaScript variables to PHP on the same page (i.e. not through the POST information of a submitted form). Is this because it's not possible? Basically, this is not possible. A common area of confusion to those new to Web programming is

Re: [PHP] Newbie Q: Fetching vs. Looping

2002-06-29 Thread Chris Shiflett
Jed Verity wrote: In general, is it faster and more efficient to query a MySQL database once with a large SQL select statement and then loop through the huge resulting table? Or does it make better sense to perform a number of smaller queries with smaller resulting tables? This is a hard

Re: [PHP] Newbie Q: Fetching vs. Looping

2002-06-29 Thread Chris Shiflett
Duncan Hill wrote: Is a free required for every query? Or can I go connect, query, query, query, free, close? You never have to free your results if you don't want to. As I understand it, doing so simply frees up the memory that is being taken up by the result set ($result in most

Re: [PHP] Two cases going to same case?

2002-06-30 Thread Chris Shiflett
Leif K-Brooks wrote: I have a switch in a script I'm working on. I need to have case 1 and 2 both to to case 3, but without case 1 going through case 2. Is this possible? Does case 3 have to be in the switch? If not, just leave it to execute just after the end of the switch.

Re: [PHP] securing an 'includes' dir

2002-06-30 Thread Chris Shiflett
Steve Yates wrote: Justin French [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... 1. Name all included files .inc If you name them *.php then put anything in them inside a function, then when the user browses to that file he/she won't see anything at all.

Re: [PHP] Re: fsockopen and HTTP/1.1???

2002-07-01 Thread Chris Shiflett
Richard Lynch wrote: Secondly, I think it's probably just a Bad Idea (tm) to try to force HTTP to do 2 files in one connection anyway -- It just complicates your life, and is giving you headaches already... How much worse will it get in a year? Actually, it's a very good idea and very well

Re: [PHP] Redirecting with the POST method.

2002-07-02 Thread Chris Shiflett
Richard Lynch wrote: The problem is this redirection is being done with the GET method, so all query string will be shown. How can I make this redirection use the POST method? You can't. This redirection is just a way of informing the browser that it needs to to to the location

Re: [PHP] does a form submit from a http page to a https ensure securedata?

2002-07-02 Thread Chris Shiflett
B.C. Lance wrote: http://domainname.com/register.php display a user registration form having [form action=https://domainname.com/register.php; method=post] will the data from that page be encrypted when it is sent via https specified in the [form] action? The answer is yes. The SSL

Re: [PHP] Setting a cookie and redirecting

2002-07-02 Thread Chris Shiflett
Cord Schneider wrote: Here is an outline of the problem: 1) client browser hits myPage.php 2) myPage.php does a few checks recognises that this is a first visit 3) myPage.php sets a cookie using setCookie() 4) myPage.php redirects to checkBrow.php which uses JavaScript to do some basic browser

Re: [PHP] does a form submit from a http page to a https ensure securedata?

2002-07-02 Thread Chris Shiflett
Michael Sweeney wrote: Your form action parameter has an absolute url specifying an https protocol. When the browser submits the form, it uses the url you specify which is https. So the request is going to be encrypted. You might consider serving the form page from https as well to kind of

Re: [PHP] Re: blank (OT)

2002-07-02 Thread Chris Shiflett
Scott Fletcher wrote: This is a PHP newsgroup, it is for PHP discussion. This is not a PHP discussion, so it is a spam mail. Please refrain from using it. Actually, I think it is pretty obvious that this guy is just trying to subscribe. Your email (and consequently mine) are more easily

Re: [PHP] Re: does a form submit from a http page to a https ensuresecure data?

2002-07-02 Thread Chris Shiflett
Richard Lynch wrote: http://domainname.com/register.php display a user registration form having [form action=https://domainname.com/register.php; method=post] will the data from that page be encrypted when it is sent via https specified in the [form] action? note: the registration form is

Re: [PHP] does a form submit from a http page to a https ensure secure data?

2002-07-02 Thread Chris Shiflett
Richard Lynch wrote: Your form action parameter has an absolute url specifying an https protocol. When the browser submits the form, it uses the url you specify which is https. So the request is going to be encrypted. You might consider serving the form page from https as well to kind of tighten

Re: [PHP] Setting a cookie and redirecting

2002-07-02 Thread Chris Shiflett
Justin French wrote: on 03/07/02 11:54 AM, Richard Lynch ([EMAIL PROTECTED]) wrote: Rule of Thumb: If you have to do header(Location: ...) you have a design/engineering/organizational problem in your code/pages/site. I'm sure a zillion people will disagree with this rule I agree,

Re: [PHP] Security: PHP: how to harden PHP scripts?

2002-07-03 Thread Chris Shiflett
Jean-Christian Imbeault wrote: I'm writing my first commercial site and of course I am thinking about security. I'm worried about someone using a flaw in my PHP script logic to access information they shouldn't. I've read the PHP books I have and Googled around but can't quite find

Re: [PHP] Authentication

2002-07-03 Thread Chris Shiflett
Lazor, Ed wrote: Use sessions. Create a user_id and pass that as a session variable rather than the user's actual login and password. -Original Message- On my site, when a user logs in, their password is encrypted using md5() and the username and encrypted password is then passed from

Re: [PHP] Authentication

2002-07-03 Thread Chris Shiflett
Alberto Serra wrote: Chris Shiflett wrote: How do sessions help against this? Well, they don't solve the problem entirely, of course, but the unique ID you pass around won't be the same unique ID *every* time that user visits the site. So, you at least have a good chance of making

Re: [PHP] Authentication

2002-07-03 Thread Chris Shiflett
Alberto Serra wrote: So you mean I have a 32 byte MD5 session id to identify the current visit, plus another such thing to identify the step within it, right? But why decrypting it? A presentation attack would give it back to server in the encrypted form anyway. What do we lose by just

Re: [PHP] HTTPS vs. HTTP ?

2002-07-05 Thread Chris Shiflett
Lazor, Ed wrote: I saw that Microsoft has a Certificate Authority server package that allows you to create your own key. Is there a way to do this in linux? In this particular instance, it's me accessing my own web site. I'd like to encrypt the session and I'm don't need someone to confirm

Re: [PHP] HTTPS vs. HTTP ?

2002-07-06 Thread Chris Shiflett
Richard Lynch wrote: You can create your own SSL key pair very, very, very easily... But unless you paid the $200 to get it from a CA, surfers will see a nasty (and totally inaccurate/misleading) warning about how insecure it is. They should. To do otherwise would be inaccurate and

Re: [PHP] HTTPS vs. HTTP ?

2002-07-06 Thread Chris Shiflett
Richard Lynch wrote: In the HTTPS exchange, however, extra key-pairs are generated on the fly, and the private half of the new pair are exchanged, encrypted with the public halfs of the old pairs, so that the server and the browser are using a UNIQUE public/private pair so that nobody can snoop

Re: [PHP] HTTPS vs. HTTP ?

2002-07-06 Thread Chris Shiflett
Richard, Honestly, I think you need to just buy on book on this. I think I explained things pretty clearly, and your confusion now seems to be based more on a lack of trusting my explanation more than anything. I can't imagine how you could still be this confused. I will try to explain once

Re: [PHP] HTTPS vs. HTTP ?

2002-07-06 Thread Chris Shiflett
I just explained this all in great detail, so please read that. I don't just think you are confused; I am positive you are. However, I did notice that you are the same person who gives many good answers to other peoples' questions. This giving of your time to be helpful is commendable, and I

Re: [PHP] HTTPS vs. HTTP ?

2002-07-07 Thread Chris Shiflett
I think I'm going to forget trying to explain the technical details, because somehow this conversation is completely missing the point now. :) SSL allows you to be sure that your credit card number is getting safely and securely to the Web site identified by a certain domain name. That's all

Re: [PHP] PHP/mysql connection problem

2002-07-07 Thread Chris Shiflett
Jo wrote: The problem: When connecting to the mysql server on the local machine its fine, but when you connect to a remote machine eg $db = mysql_connect(x.x.x.x, user, password); and request something from the database, it connects, BUT it takes about 5 minutes... I have an idea, yes. Make

Re: [PHP] HTTPS vs. HTTP ?

2002-07-07 Thread Chris Shiflett
. For example, you can be guaranteed that a public key belongs to me (Chris Shiflett) and thus, only Chris Shiflett will be able to decrypt the communication. If someone is trying to pose as me, you may send them encrypted communication, but they won't be able to decrypt it. Yes, because

Re: [PHP] HTTPS vs. HTTP ?

2002-07-07 Thread Chris Shiflett
Miguel Cruz wrote: Nobody thinks they're checking whether or not goodguys.com are good guys. It is your job as a consumer to research them. Once you have researched them and decided to do business with them, the certificate authority gives you a pretty solid basis for believing that you

Re: [PHP] ini_set() broken?

2002-07-07 Thread Chris Shiflett
Greg Donald wrote: If you can't be helpful then feel free to shutup.. Please don't attack people who freely give their time to try and help you. Mr. Cruz did not ridicule you in any way but merely asked that you be more specific than, it doesn't work, which is very good advice and a sincere

Re: [PHP] ini_set() broken?

2002-07-07 Thread Chris Shiflett
Greg Donald wrote: On Sun, 7 Jul 2002, Chris Shiflett wrote: I refer you to this URL: http://www.tuxedo.org/~esr/faqs/smart-questions.html I refer you to this URL: http://php.net/ini_set and ask why does this function not work as per the manual? Again, here is my code: ? if(ini_set

Re: [PHP] Cross-Site Sesison ID Propagation

2002-07-08 Thread Chris Shiflett
Stefen, There is no built-in way to do what you are speaking about here (that I know of), but there is a pretty easy technique. However, even this requires a lot of work to integrate into your existing code, but it will ease all future additions and maintenance. Keep a variable called

Re: [PHP] Cross-Site Sesison ID Propagation

2002-07-08 Thread Chris Shiflett
/?? echo $next_query_string; ?Site 3/a The same conditional logic can be used. This allows for URLs that already have a query string to be addressed as follows: a href=http://www.site3.com/index.php?task=incoming;? echo $next_query_string; ?Site 3/a Happy hacking. Chris Chris Shiflett wrote

Re: [PHP] Stripslashes help

2002-07-08 Thread Chris Shiflett
Chris (nice name), Chris Kay wrote: A worm of many subjects \\\The Klez\\\ worm arrives in an e-mail Anytime you see three backslashes in a row, the likely case is the addslashes() has been performed twice. For example, the following two iterations: 1. The Klez - \The Klez\ 2. \The Klez\ -

Re: [PHP] Stripslashes help

2002-07-08 Thread Chris Shiflett
Martin Towell wrote: Chris S - I think you're confusing stripslashes w/ addslashes, but everything else I'm an agreement w/. You're absolutely right. *blush* Chris K - Ignore my last paragraph, and everything else should make at least partial sense. :-) Ignore this: Well, here's where

Re: [PHP] Cross-Site Sesison ID Propagation

2002-07-08 Thread Chris Shiflett
Stefen Lars wrote: I think that the solution you offer is a great idea. However, in my case, I may not be able to implement it as I, as the webmaster, do not always get the chance to add '$next_query_string' to the a href. Some of the cross-site links are added to discussion forums by the

[PHP] Re: Please Help me

2002-07-09 Thread Chris Shiflett
Djurovski Dejan wrote: What's wron in my script? I receive message: *Warning*: Supplied argument is not a valid MySQL result resource in *c:\inetpub\wwwroot\login.php* on line *12* I input validate username password! ?php include(config.php); if(!empty($username)) {

Re: [PHP] Re: Cross-Site Sesison ID Propagation

2002-07-09 Thread Chris Shiflett
Richard Lynch wrote: Would setCookie('user_id', $PHPSESSID, 0, '/othersite.com'); let you get away with setting the cookies for the other site? Luckily no. :-) There are vulnerabilities in IE 4.0 - 6.0 that will let you read/write cookies not in your domain, but this is a result of a bug

Re: [PHP] Moderator where are you, delete me...

2002-07-09 Thread Chris Shiflett
Someone should sign this guy up for a hotmail account and check every box for spam there is. PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Oh look, there's how I unsubscribe. PHP General Mailing List (http://www.php.net/) To unsubscribe,

Re: [PHP] dumb

2002-07-09 Thread Chris Shiflett
Brendan P. Caulfield wrote: this is dumb. can we just ignore this and move. we are all smart enough to block his posts. let's just do it and quit wasting all of our time and get back to doing what we do here. Actually, some of us don't check mail from this list until the evenings. By the

[PHP] (OT) Our Spam Friend

2002-07-09 Thread Chris Shiflett
I just thought this was worth sharing. :-) - The following addresses had permanent fatal errors - [EMAIL PROTECTED] - Transcript of session follows - RECIPIENTS MAILBOX IS FULL 554 [EMAIL PROTECTED]... Service unavailable -- PHP General Mailing List (http://www.php.net/) To

Re: [PHP] PHP code optimization

2002-07-09 Thread Chris Shiflett
Peter Thoenen wrote: Question on optimizing code for quicker runtimes. Which is quicker (this is on a webpage also..NOT commandline)? ?php if ($a){ echo 'abc'; } ? OR ?php if ($a) { ? abc ?php } ? Because the difference is going to be undetectable, this would probably be a question that

Re: [PHP] shtml php in the same file?

2002-07-09 Thread Chris Shiflett
Joshua Alexander wrote: So I was trying to get the server to treat shtml files as both server-parsed and as php scripts. Not working too well. ;) Anyone have any ideas? We'd need to know more about your setup, but if you're using Apache, you should be able to edit your httpd.conf file

Re: [PHP] eregi_replace driving me nuts

2002-07-09 Thread Chris Shiflett
Patrick Teague wrote: For some reason the following line is not behaving $os = eregi_replace( Win[^dows], Windows , $os ); I'm pretty sure (I'm not a regular expression expert) this matches a string that begins with Win followed by a character that is not d, o, w, or s. Thus, in the case

Re: [PHP] eregi_replace driving me nuts

2002-07-09 Thread Chris Shiflett
In a weak attempt at improving my knowledge of regular expressions, I came up with a less elegant solution than Dan's. :-) $os=eregi_replace(Win([^0-9NT]*), Windows \1 $os); This adds some additional handy replacements, such as: Winblows98 - Windows 98 Windoze98 - Windows 98 It's a decent

Re: [PHP] setcookie then redirect

2002-07-10 Thread Chris Shiflett
David Busby wrote: List, I'm trying to set a cookie like this: ?php function redirect() { if ($_SERVER['HTTP_HOST'] == $_SERVER['SERVER_NAME']) { $to = func_get_arg(0); header(HTTP/1.1 301\n); header(Location:http://.$_SERVER['SERVER_NAME'].$to.\n);

Re: [PHP] how to defend this atack?

2002-07-13 Thread Chris Shiflett
This looks like a variant of the code red worm and will only bother you if you are running IIS, which I would hope you are not. :-) 218.5.149.77 is apparently running an infected IIS Web server. You might want to let them know. Happy hacking. Chris andy wrote: Hi there, I am getting from

Re: [PHP] Sessions / logins / cookies / security

2002-07-16 Thread Chris Shiflett
Chad Day wrote: What I'm looking to do is when a user logs in, I start up the session.. I then have the registered session var to verify they are authenticated as they move throughout the site. Now, when they close the browser and come back, I want them to still be authenticated. Obviously, I

Re: [PHP] Passing variables to page via POST - How?

2002-07-18 Thread Chris Shiflett
Monty wrote: This is probably more of an HTML question... Is there a way to pass variables to another page via POST instead of via the URL? Yes. form action=another_page.php method=post ... (form fields here) ... input name=button_name type=submit value=Button Text /form -- PHP General

Re: [PHP] Logging out with authentication

2002-07-28 Thread Chris Shiflett
Ray Todd Stevens wrote: I am working on a web site that is using php controled www- authenticate authentication. User ids are specific to users and different pages and different levels of information for a given page will be displayed based on the user id used. The problem is how do you log

Re: [PHP] Re: sessions and https

2002-07-29 Thread Chris Shiflett
Richard Lynch wrote: But Cookies sent to the HTTPS are not on the HTTP and vice versa. That ain't PHP, that's just how cookies work. Are you sure about this? That's definitely not how the specification reads (assuming I'm interpreting what you're trying to say correctly), and that is not

Re: [PHP] Re: Protect PHP coding

2002-08-03 Thread Chris Shiflett
1. You complain about Zend charging for a product when someone else has created an equivalent open source product. 2. You support ColdFusion and ASP when someone else has created an equivalent open source product. The point is that you need better logic in your arguments before you will

Re: [PHP] Strange session id problem - code is issuing a new onerandomly

2002-08-14 Thread Chris Shiflett
Dan Harrington wrote: I'm having the same problem from time to time as well. Just straight up out of the blue it gives you a new SESSION id. As a general rule, the reason that you will find yourself with a new session ID is that the old session ID was not properly communicated back to the

Re: [PHP] stupid question

2002-08-14 Thread Chris Shiflett
There are other ways of doing this, but I think you might be looking for the logical AND operator (). if ($idx != 1 $idx != 4 $idx != 9) Happy hacking. Chris Liam MacKenzie wrote: Ok, I'm having a blonde day... If $idx == 1, 4 or 9 I don't want it to echo $results. I have this, what's

Re: [PHP] stupid question

2002-08-14 Thread Chris Shiflett
C├ęsar Aracena wrote: Just usa an OR concatenator like: If ($idx != '1' OR $idx != '4' OR $idx != '9'){ echo $results; } Actually, this statement will always evaluate to true. I think you mean to use . Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:

Re: [PHP] md5() ...

2002-08-14 Thread Chris Shiflett
Show us the output of: select login, password from user where login='sysdata'; My guess is that the password is not 1b1c2457d12dd976d4cfa556ac6661f6 - the md5 of sysdata. Chris Reymond wrote: I have login = sysdata and password = sysdata on md5 function How to select md5 function

Re: [PHP] md5() ...

2002-08-14 Thread Chris Shiflett
Yeah, that's a little short for md5, plus you want to allow alphabetic characters, too. Try varchar(32). Happy hacking. Chris Reymond wrote: This is output... select login, password from User where login = 'sysdata'; +-+--+ | login | password |

Re: [PHP] Include/require and the HTML Code

2002-08-14 Thread Chris Shiflett
I'm not sure about others, but I am glad this behavior is like this. It is very nice for modules to stand on their own so to speak, so that you don't have to worry about what context they are used in. If the file you are including is plain HTML, would you want it to be parsed as if it were

Re: [PHP] Automatically send email on special day

2002-08-14 Thread Chris Shiflett
if last_email_date != today { send email last_email_date = today } Happy hacking. Chris NoWhErEMan wrote: I can ensure ar least one visitor per day, that;s me!! Since my server in on my local windows mechine, i can load the page at start up. But i have a question, how can i ensure

Re: [PHP] Count number of rows in table.

2002-08-25 Thread Chris Shiflett
I think you were on the right track with your first response. Selecting a count(*) gives you the number of rows returned without the overhead of actually returning all of the rows to PHP. Most people will rename the count as something more easy to reference (and/or more descriptive) in the

Re: [PHP] upload file

2002-08-25 Thread Chris Shiflett
Daniel Guerrier wrote: echo($_POST['userfile]); Do you mean $_POST[userfile] here? It looks like you're missing a quote. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Doing system things with PHP

2002-08-25 Thread Chris Shiflett
Yes, you can make Apache reload a config file without restarting. You must send it a SIGHUP: kill -HUP `cat /var/run/httpd.pid` If you execute this as nobody, I believe it will work, but I haven't tested it. Also, I believe Apache will restart when given a kill -1. If the above suggestions

Re: [PHP] newbie... - undefined var

2002-08-26 Thread Chris Shiflett
Matt Zur wrote: BUT on the index.php I want to write this if statement: if ($vw == ) { write this code } If you really mean to see if the variable has been set, try this instead: if (!isset($vw)) { echo variable is not set; } Happy hacking. Chris -- PHP General Mailing List

Re: [PHP] Forcing browsers to use cached pages

2002-08-26 Thread Chris Shiflett
There is no way to force the behavior, but you can exclude the HTTP headers that tell the Web browser to not cache the pages. Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Expires: date from the past etc. I believe PHP may include some or all of these when you use session

Re: [PHP] request what a user clicked

2002-08-30 Thread Chris Shiflett
I'm not sure if you've gotten any responses to this, but you might try asking a question that doesn't require knowledge of ASP. Though a lot of people do know both PHP and ASP, just about everyone reading this list at least knows PHP. Some of us are lucky enough to have never had to learn

Re: [PHP] few things...

2002-08-30 Thread Chris Shiflett
Check our cURL for Web client functions. I'm not aware of a function like hidden() the way you describe it, but you could easily write it yourself. Look into user-defined functions in the manual. Happy hacking. Chris Matt Zur wrote: A Call Function to emulate a browser and contact a

Re: [PHP] Proposal for securing PHP sessions

2002-09-08 Thread Chris Shiflett
I think you are definitely on the right track here, though I unfortunately haven't had time to look at your code (thus, I'm just going by your description). Due to frequent vulnerabilities found in Internet Explorer's cookie handling (versions 4.0 - 6.0 allow anyone to view cookies from any

Re: [PHP] form variables

2002-09-09 Thread Chris Shiflett
I am guessing you mean the input is a textarea. At any rate, I believe what you want is nl2br() Happy hacking. Chris Hans Prins wrote: Hello, I have a form field of the type scrolling text box it lets users input a multiline string. I then pass this string as a variable to a php document

Re: [PHP] BUG?: header(location: ) causes GET vars to be encodedin wrong charset in IE5.5

2002-09-09 Thread Chris Shiflett
You should always use a proper full URL in the Location header. Try that first. header(Location: http://192.168.254.14/show_products_html.php?maker_name=$maker_namePHPSESSID=$PHPSESSID;); I doubt this will solve your problem, but it is good practice anyway. One thing that would help debug a

Re: [PHP] BUG?: header(location: ) causes GET vars to be encodedin wrong charset in IE5.5

2002-09-09 Thread Chris Shiflett
I also just noticed that your first variable in the query string (which begins after the ? character) begins with an , which is a separator character. I'm not sure what's going on there, but it should be something more like this: header(Location:

Re: [PHP] Populating Other People's Forms

2002-09-10 Thread Chris Shiflett
It sounds like you need to look into using cURL. It helps with automated posting. Now, you need to first determine whether the forms in question use a method of get or post before deciding how to proceed. If they use get, you can simply use a series of fopen() calls with the appropriate

Re: [PHP] Questions regarding inserting and updating data into aMySQL db

2002-09-10 Thread Chris Shiflett
You should search for some SQL tutorials on the Web. What it sounds like you are looking for is the update SQL statement which modifies an existing row (for your second form, for example). Thus, you insert the row to create it (which assigns the key using the auto increment), then update that

  1   2   3   4   5   6   7   8   9   10   >