NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > PHP Discussion Digest> 2001-08

From: php-general-digest-helplists.php.net
Date: Sun Aug 26 2001 - 02:54:07 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

php-general Digest 26 Aug 2001 07:54:07 -0000 Issue 838

Topics (messages 64449 through 64478):

Re: Stripping line break characters
        64449 by: Rory O'Connor
        64450 by: jimw.apache.org
        64458 by: Chris Hayes

relative filename /home/www... in stead of /www/.....
64451 by: Chris Hayes

multi-dimensional array won't echo
        64452 by: bill
        64455 by: Rasmus Lerdorf
        64460 by: bill

Re: source of global variable
64453 by: Dell Coleman
64457 by: Dell Coleman

Echo/Print
        64454 by: Andy Ladouceur
        64456 by: Jeff Oien
        64468 by: Andy Ladouceur

Program to check for cookies
64459 by: Sunil Jagarlamudi
64461 by: idesign.tampabay.rr.com

Re: escaping special charecters upon submit
        64462 by: idesign.tampabay.rr.com
        64465 by: Andy Ladouceur
        64467 by: idesign.tampabay.rr.com
        64469 by: Don Read
        64470 by: idesign.tampabay.rr.com

Re: The future of PHP
64463 by: Martin Wright
64471 by: Manuel Lemos

Re: konquerer and php
64464 by: Scott

last bit of help ....
64466 by: Dan McCullough

Re: The secrecy of PHP code
64472 by: Artyom Plouzhnikoff

Safe mode + /usr/share/php
64473 by: Artyom Plouzhnikoff
64474 by: Rasmus Lerdorf

thanks Dell coleman!
64475 by: nafiseh saberi

disable_functions....
64476 by: Andy Ladouceur
64477 by: Rasmus Lerdorf

Re: escaping special characters upon submit
64478 by: Navid Yar

Administrivia:

To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net

To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net

To post to the list, e-mail:
php-generallists.php.net

----------------------------------------------------------------------

attached mail follows:

I have been trying similar arrangements, but to no avail. I think it
has something to do with the actual string I am checking - it's an SQL
statement. I am trying to create a log of SQL statements in a textfile,
and the newline/return characters that people put in the TEXTAREA is
screwing it up. But I can't for the life of me figure out why test code
such as this does not strip out the \n's...

-----
$sql = "UPDATE contact set firstname = 'rory', lastname = 'jones',
interest = 'rory', optin = 'yes', comments = 'hello\n\n,rory' WHERE id =
5055";

$sql2=$sql;
$sql2=str_replace("","\n",$sql2);
$sql2=str_replace("","\r",$sql2);
-----

it is still outputting the following to my log:

-----
UPDATE contact set firstname = 'rory', lastname = 'jones' interest =
'rory' optin = 'yes' comments = 'hello

,rory' WHERE id = 5055;
-----

Any help is appreciated!

Thanks

On Sat, 25 Aug 2001 11:17:43 -0700, Rory O'Connor <midgetelaris.com>
wrote:
>I had the same problem, I was writing the textarea to a text file,and
>reading it using fgets, therefor, any unspecified newlines would really
mess
>my script up. This probably isn't the best solution, but it'swhat I
used,and
>works fine.
>
>$data=$textarea;
>$data=str_replace("","\n",$data);
>$data=str_replace("","\r",$data);
>
>That's all there was to it, it replaced all newlines and returns with
>blanks. You can change it to replace with breaks if you are outputting
to an
>HTML file, hope I was able to help,
>-Andy
>----- Original Message -----
>From: Rory O'Connor <midgetelaris.com>
>Newsgroups: php.general
>To: PHP list <php-generallists.php.net>
>Sent: Saturday, August 25, 2001 9:27 AM
>Subject: Stripping line break characters
>
>
>> I need to strip line break characters (or whatever the character is
that
>> results from users hitting their "enter" key inside a TEXTAREA form
>> input) from a string. These characters will appear anywhere in the
>> string, not just at the end. In perl, the regex would look
something
>> like this...
>>
>> $a="a\nb\nc\nd\n\n\n";
>> $b=$/;
>> $a =~ s/$b//g; # produces "abcd"
>>
>> but i'm a newbie and i don't know how I can translate this to PHP
syntax
>> to do the same thing. Any help is appreciated!
>>
>> Thanks!
>>
>>
>>
>> providing the finest in midget technology
>
>
>

providing the finest in midget technology

attached mail follows:

Rory O'Connor <midgetelaris.com> wrote:
> $sql2=str_replace("","\n",$sql2);
> $sql2=str_replace("","\r",$sql2);

you've got the first two arguments backwards.

$sql2=str_replace("\n","",$sql2);
$sql2=str_replace("\r","",$sql2);

or with php4.0.5 (or later):

$sql2=str_replace(array("\n","\r"),"",$sql2);

for more details:

http://www.php.net/manual/en/function.str-replace.php

jim

attached mail follows:

Hi!

> $sql2=str_replace("","\n",$sql2);

> $sql2=str_replace("","\r",$sql2);

well that was easy:

manual:

string str_replace (string needle, string str, string haystack)

and you did:

str_replace (string str, string needle, string haystack)

So better try

$sql2=str_replace("\n","",$sql2);

$sql2=str_replace("\r","",$sql2);

Time to get some sleep ? ;-)

cheers,

Chris H.

--------------------------------------------------------------------
-- C.Hayes Droevendaal 35 6708 PB Wageningen the Netherlands --
--------------------------------------------------------------------

attached mail follows:

dear group,

I use the $DOCUMENT_ROOT to make a complete file name.

$fpname=$DOCUMENT_ROOT.'/includes/blocks/dynmenu.php';

It does not work on one site: the document root misses the /home/ start. I could
just hardcode this but i'ld rather have a function that would work everywhere.

What can i do?

Warning: fopen("/www/ecodorp/admin/modules/dynmenu.src","r")
- No such file or directory in /home/www/ecodorp/php/post/admin/modules/dynmenu.php on line 378
I cannot open /www/ecodorp/admin/modules/dynmenu.src
Chris

attached mail follows:

The first echo statement doesn't work, the second does. Anybody know
why?

$string1=15;
$string2=27;
$myarray[$string1][$string2]="syncopated";
echo "$myarray[$string1][$string2]<br />\n"; //displays Array[27]
echo $myarray[$string1][$string2] . "<br />\n"; //displays syncopated

attached mail follows:

> The first echo statement doesn't work, the second does. Anybody know
> why?
>
> $string1=15;
> $string2=27;
> $myarray[$string1][$string2]="syncopated";
> echo "$myarray[$string1][$string2]<br />\n"; //displays Array[27]
> echo $myarray[$string1][$string2] . "<br />\n"; //displays syncopated

Complex variables inside quoted strings need to be dereferenced using {}'s

eg.

echo "{$myarray[$string1][$string2]}<br />\n";

Or better yet:

echo $myarray[$string1][$string2] . "<br />\n";

-Rasmus

attached mail follows:

Not only a good answer, but the best explanation.

thanks,

bill hollett

Rasmus Lerdorf wrote:

> > The first echo statement doesn't work, the second does. Anybody know
> > why?
> >
> > $string1=15;
> > $string2=27;
> > $myarray[$string1][$string2]="syncopated";
> > echo "$myarray[$string1][$string2]<br />\n"; //displays Array[27]
> > echo $myarray[$string1][$string2] . "<br />\n"; //displays syncopated
>
> Complex variables inside quoted strings need to be dereferenced using {}'s
>
> eg.
>
> echo "{$myarray[$string1][$string2]}<br />\n";
>
> Or better yet:
>
> echo $myarray[$string1][$string2] . "<br />\n";
>
> -Rasmus

attached mail follows:

I'm not sure of the problem but something like

<?
if ($condition) { echo $time}
else { //do something else}
?>
You can also print or echo html from php if that helps your program flow

like
<?
echo "<Table>
         <TR><TH>title</TH></TR>
          <TR><TD>$data</TD></TR>
          </Table>";
?>
Often you will want to generate the table rows in an if() or while()
statement
You can do the same thing with any html tags , javascript, etc.

Web pages are not static so pass parameters you need through url
A php trick is that <a href="$PHP_SELF?params"> calls itself with the
parameters
you give it. This works on form action= statements too

HTH

Nafiseh Saberi wrote:

> hi.
> I write program with php,then for build table I must to close it,
> write html tag and then open php and continue,...
>
> I ask time in one line and in another line I want to show it.
> but I want the first line doesnot run in all condition.
>
> I think my problem will solve with static variables.???
> thanks.

-- Dell Coleman, Principal PICO Technology Corp. Victoria, BC Email decoleman

home.com Web http://members.home.com/pico/

attached mail follows:

I think I did misunderstand -- php is not like C where you declare things global both in the main program and in subroutines. If you are not in a function everything is automatically "global"; in php functions you need to declare variables to be global. --so you don't need it

the problem looks like the call to strtotime('now') see http://www.php.net/manual/en/function.strtotime.php for the proper usage

attached mail follows:

I am fairly new to PHP Scripting, and I am learning from a book. Throughout the book, print is used as the basic command to output text/variables.. yet I see almost everyone in here uses echo. Might I ask what the differences of the two are, and if there are any benefits of using one over the other? Thanks, Andy

attached mail follows:

You can read the notes lower on the page here to get a good idea: http://www.php.net/manual/en/function.print.php Jeff Oien

> I am fairly new to PHP Scripting, and I am learning from a book. > Throughout the book, print is used as the basic command to output > text/variables.. yet I see almost everyone in here uses echo. Might I ask > what the differences of the two are, and if there are any benefits of using > one over the other? > Thanks, > Andy > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: php-general-unsubscribelists.php.net > For additional commands, e-mail: php-general-helplists.php.net > To contact the list administrators, e-mail: php-list-adminlists.php.net >

attached mail follows:

Thanks! Helped a lot. -Andy Jeff Oien <jeffwebdesigns1.com> wrote in message news:PGEBKOPJJHHICHGDKCCICEJNDBAA.jeffwebdesigns1.com... > You can read the notes lower on the page here to get a good idea: > http://www.php.net/manual/en/function.print.php > Jeff Oien > > > I am fairly new to PHP Scripting, and I am learning from a book. > > Throughout the book, print is used as the basic command to output > > text/variables.. yet I see almost everyone in here uses echo. Might I ask > > what the differences of the two are, and if there are any benefits of using > > one over the other? > > Thanks, > > Andy > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, e-mail: php-general-unsubscribelists.php.net > > For additional commands, e-mail: php-general-helplists.php.net > > To contact the list administrators, e-mail: php-list-adminlists.php.net > >

attached mail follows:

Is there a program which will check for cookies before it allows access into the web site ?

I want the user to enter the userid/password on a secure web server and pass the cookie information to the regular server. I don't want them to access regular web server without that cookie being enabled through the secure server.

Thank You

Sunil

__________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/

attached mail follows:

I have a form that submits data to a database, works great until someome puts in an apostrophe in the comments area...how do i escape this charecter upon insert?

attached mail follows:

> I have a form that submits data to a database, works great until someome > puts in an apostrophe in the comments area...how do i escape this > charecter upon > insert?

attached mail follows:

http://www.php.net/manual/en/function.addslashes.php That should work fine. -Andy <idesigntampabay.rr.com> wrote in message news:200108252349.f7PNnP225046smtp-server1.tampabay.rr.com... > > I have a form that submits data to a database, works great until > someome > > puts in an apostrophe in the comments area...how do i escape this > > charecter upon > > insert? > > > >

attached mail follows:

Tried addslashes also urlencode, neither worked...

the input is from a comment area in a form...that adds data to a mysql database...the comments contain commas and apostrphes, that when you try to subit, screw up the execution of the insert....

Any help would be very very very very appreciated....driving me nuts.

> http://www.php.net/manual/en/function.addslashes.php > That should work fine. > -Andy > <idesigntampabay.rr.com> wrote in message > news:200108252349.f7PNnP225046smtp-server1.tampabay.rr.com... > > > I have a form that submits data to a database, works great until > > someome > > > puts in an apostrophe in the comments area...how do i escape this > > > charecter upon > > > insert? > > > > > > > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: php-general-unsubscribelists.php.net > For additional commands, e-mail: php-general-helplists.php.net > To contact the list administrators, e-mail: php-list-adminlists.php.net >

attached mail follows:

On 26-Aug-2001 idesigntampabay.rr.com wrote: > Tried addslashes also urlencode, neither worked... > > the input is from a comment area in a form...that adds data to a mysql > database...the comments contain commas and apostrphes, that when > you try to subit, screw up the execution of the insert.... > > Any help would be very very very very appreciated....driving me nuts. > >

The Ouji board: 'check line 47' (but then it always sez that). How about posting some code ?

Regards,

-- Don Read dread

texas.net -- It's always darkest before the dawn. So if you are going to steal the neighbor's newspaper, that's the time to do it.

attached mail follows:

> mine always says ask don" lol...actually got it figured out right after muy last post.... "rawurlencode" worked great....

Thanks though!

> On 26-Aug-2001 idesigntampabay.rr.com wrote: > > Tried addslashes also urlencode, neither worked... > > > > the input is from a comment area in a form...that adds data to a mysql > > database...the comments contain commas and apostrphes, that when > > you try to subit, screw up the execution of the insert.... > > > > Any help would be very very very very appreciated....driving me nuts. > > > > > > The Ouji board: 'check line 47' (but then it always sez that). > How about posting some code ? > > Regards, > -- > Don Read dreadtexas.net > -- It's always darkest before the dawn. So if you are going to > steal the neighbor's newspaper, that's the time to do it. > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: php-general-unsubscribelists.php.net > For additional commands, e-mail: php-general-helplists.php.net > To contact the list administrators, e-mail: php-list-adminlists.php.net >

attached mail follows:

Hmmm. Manuel what's that you're smoking? Where can I get some?

-----Original Message----- From: Manuel Lemos [mailto:mlemosacm.org] Sent: 24 August 2001 20:30 To: php-generallists.php.net Subject: Re: [PHP] The future of PHP

Hello,

Egan wrote: > > On Fri, 24 Aug 2001 15:34:04 -0300, Manuel Lemos <mlemosacm.org> > wrote: > > >> Many small businesses would like to do e-commerce, but can't afford

> >> expensive consultants, expensive hardware, and expensive software > >> tools developed by huge corporations. > > > >e-commerce? You mean B2C? Can small business live from that? I'm > >afraid not! Maybe I am wrong. :-) > > 100 years ago you could easily do business without a telephone. But > what percentage of businesses today operate without a telephone? > > A web presence with web commerce will become a utility like the > telephone. Having it will be more important than measuring artificial

> distinctions between B2C vs. B2B.

Huh? That's a nice marketoid speech for you to talk Internet-ignorant people to get into e-commerce, but what does that have to do with my question?

Can small business live from e-commerce today?

> >> Look at all the large corporations bleeding money and cutting > >> staff. Mega-corporations are in decline, and their era is ending. > >> Long live the small business! > > > >What? Large business are being affected because the whole networking > >business is in recession. > > Large corporations don't know you or care about you as an individual > customer. You're just an account number to them. The only thing they

> care about is the "big" sale to other "big" corporations. But even > then, do they really care? Not in my experience. > > The networking recession is just one symptom of their disease.

Do you really believe that? As far as I can recall, this recession started when a "mean judge" convicted Microsoft for anti-trust practices. That caused NASDAQ crash that scared people away from investing in tech company stocks. Many Internet companies dried and without cash from the investors many went bankrupt. That affected all the small or big corporations that have grown and were dependent on the networking market. I don't think this affected much non-technological companies, big or small. So I don't think your anti-big corporations speech has much to do with this.

Regards, Manuel Lemos

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: php-general-unsubscribe

lists.php.net For additional commands, e-mail: php-general-help

lists.php.net To contact the list administrators, e-mail: php-list-admin

lists.php.net

attached mail follows:

Hello Rasmus,

Rasmus Lerdorf wrote: > > > So, it is very hard to convince the anybody to bet all the farm in PHP. > > You may have the technical arguments, but is not enough, I'm afraid. > > > > You in particular, may not need to convince others to bet on PHP, but it > > is nothing like that for most people that want to live from software > > development. They have to put up with work/business opportunities that > > the market offers to live from it. So, today, I'm afraid that you > > already still have an hard time to convince people to dedicate only to > > PHP, even those that know and believe PHP is that great. > > PHP is represented at every important technical conference right alongside > Perl and Python. When you hear someone talk about scripting languages, > they will usually say Perl, Python and PHP. I don't see any problem with > the current state of PHP "marketing" in the technical community.

I think that is not the largest part of the PHP community. Let me explain: I believe the largest part of the community is made of those that develop Web sites and applications for some one else and do it for a living. Many of those don't always manage to make the technological decisions, their bosses do.

There you have two problems: convince those bosses that PHP is still a superior technical solution to solve their development needs as they evolve, and then convince them that other languages/technologies that have been also evolving are not yet as good as PHP, despite they have been flooded of news from everywhere that they are much more advanced and better for the developer needs.

The first problem is technical. You just keep developing PHP to satisfy the user needs as soon as you perceive them and that's it.

The second problem is marketing. It doesn't matter for people that have to make the decisions how much better PHP in fact is if people don't hear about it. Even if they hear about it, it may not be enough if they hear much more from the rest (Java, ASP.Net, C#, , whatever).

Here PHP looses bigtime. You may not want to believe me, but I am afraid that unless PHP is better marketted, soon or later its market acceptance will be weakened.

> PHP is not marketed the way Java and .NET is. There are no multi-billion > dollar corporations behind PHP and asking us, and apparently me

That's not my point. Some marketing is better than no marketing at all which is what you do today. There are plenty of ways to do some marketing on PHP that don't even cost money to you.

> personally, to make that happen is unrealistic. Like Linux 5 years ago, > PHP is adopted by the techies and somewhat shunned by the suits because > they haven't read about it in their latest advertisement-sponsored > magazine.

oh, man Linux was a different story. Expecting a similar future for PHP I'm afraid it may be wishful thinking. PHP is mostly focused on Web development. Web market is fading out.

Even if you can do non Web programming with PHP, most people are not aware of that. You need to do some marketing to put in evidence that PHP is as much capable for non-Web programming.

There you have another big problem that is there is no affordable way to compile and generate executables from PHP programs. I know that historically you never liked this ability into PHP programs, but that is a vital need for people that will want to distribute their programs like VB or Delphi programs.

> We can't possibly hope to compete with Sun and Microsoft when it comes to > suit-oriented marketing drivel. What we can do is concentrate on what we > do best. Writing a solid and very focused tool. Building the grassroot > community and being visible at all relevant technical conferences. If we > continue to do this, I see no reason for any dropoff in PHP popularity > which leads directly to more and more corporate acceptance.

You believe in whatever you want, off course, but I think it is time to adjust course. Assumming that the future of PHP is just a technical matter, I'm affraid you are neglecting an important part of the equation: the people. The needs and beliefs change through time.

I am try to show my current view of what people feel and need today that I don't see addressed. You can see that and work on the changes if you agree. I have more ideias if you care to work on that direction.

Regards, Manuel Lemos

attached mail follows:

I should probably just forget I ever sent this post, but in case anyone is curious, the problem was that I was using the address cached in the address bar in Konqueror to open the home page of the application. For some reason this address was "file: /var/ww/html/homepage.html" instead of http://localhost/blahblahblah.html and I never noticed. So the html pages looked normal, but without the server, the php pages left something to be desired. Thanks, SW

On Friday 24 August 2001 09:15, you wrote: > <Original message> > From: Scott <gildedpageearthlink.net> > Date: Thu, Aug 23, 2001 at 08:29:07PM -0400 > Message-ID: <01082320290701.01876localhost.localdomain> > Subject: [PHP] konquerer and php > > > I have a database browser that I made with php and mysql. When I use it > > in Netscape it behaves normally. However when I view it using Konquerer, > > all kinds of php code shows up on the screen when I execute a php page. > > I thought that Konquerer might not be recognizing the <? and ?> start and > > end tags so I tried <script language="php"> and </script>. However if I > > use these nothing at all shows up on the screen. Can someone tell me > > what the problem is? > > Thanks, > > SW > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, e-mail: php-general-unsubscribelists.php.net > > For additional commands, e-mail: php-general-helplists.php.net > > To contact the list administrators, e-mail: php-list-adminlists.php.net > > </Original message> > > <Reply> > > For the script execution it doesn't matter at all which browser you > use. PHP is processed server-side, so the browser just gets 'plain' > HTML. I guess something else is wrong than using a different > browser. > > </Reply>

attached mail follows:

I need to output an array to a text file, now I have created the text file now I just need to write to it, well I need to get the output of the browser to this text file. HOw can i do this, oh and return each line ...

heres the code

that gets the output array1.php

<? // Mail text file extractor. // Written to extract out certain parts of the file and output in a csv friendly format. // Dan McCullough

include("functions.php");

if ($submit) { $extract = eXtractor1($file_name,$tmp_file_name,$new_file_name);

if ($extract) {

//here goes, get the parsed file from the output of the grep command. //read the file and output $fcontents = file("/tmp/$tmp_file_name", "r");

// run this funtion to format and display the file in a certain output. function GetField($offset) { global $fcontents; global $new_file_name; return trim(substr($fcontents[$offset], strpos($fcontents[$offset], " "))); }

for($i = 0, $count = sizeof($fcontents); $i < $count; $i += 6) { // Make the numbers 1-6 constants if desired echo GetField($i + 1) . "," . GetField($i + 2) . "," . GetField($i + 3) . "," . GetField($i) . "," . GetField($i + 5) . "," . GetField($i + 4) . ",yes<br>\n"; } exit;} } ?>

<html> <head> <title>Extractor</title> </head> <body> <form method="post" action="<? echo $PHP_SELF; ?>"> Please input the name of the text file.<br><br> File to extract: <input type="text" name="file_name"><br> Temp file name: <input type="text" name="tmp_file_name"><br> CSV File Name: <input type="text" name="new_file_name"><br> <input type="submit" name="submit" value="submit"> </form> </body> </html>

function.php function eXtractor1($file_name,$tmp_file_name,$new_file_name) { global $file_name; global $tmp_file_name; global $new_file_name;

$filename = "/tmp/$tmp_file_name"; $newfilename = "/tmp/$new_file_name";

if (!file_exists($filename)) { touch($filename); // Create blank file touch($newfilename); chmod($filename,0777); chmod($newfilename,0777);

$command = "cat /home/sites/projects/web/extractor/$file_name | egrep 'State:|Name:|Address:|City:|e-mail:|Zip:'>$filename"; system($command); ## nothing worked for me until I added this next line. system("exit(0)"); } return $tmp_file_name; return $new_file_name; }

anythoughts would be appreaciated

dan

===== Dan McCullough ------------------------------------------------------------------- "Theres no such thing as a problem unless the servers are on fire!" h: 603.444.9808 w: McCullough Family w: At Work

__________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/

attached mail follows:

> If your php-code is on a web-server which gives access to other than you > they can read your code. An example could be other people being hosted > on the same server.. Not necessarily. You can enable safe_mode and/or set an open_basedir in order to prevent those people from doing that. You should also ensure that your *nix permissions won't allow them to do that without interacting with the Web server.

attached mail follows:

Is it possible to use safe mode yet allow all scripts to include any files from /usr/share/php? Normal users ain't gonna have *write* access to that directory, so it shouldn't be much of a security concern, I just don't know how to do this. I know that I can disable safe_mode and enable open_basedir, but that will create yet another security hole because normal users will be able to alter LD_LIBRARY_PATH, which is not a very good idea. AFAIK, they can make PHP load a custom glibc and thus gain root access to the box if I allow them to do that.

attached mail follows:

A recent feature addition (4.0.7) is a safe_mode_include_dir php.ini directive where you can do exactly this.

-Rasmus

On Sun, 26 Aug 2001, Artyom Plouzhnikoff wrote:

> Is it possible to use safe mode yet allow all scripts to include any files > from /usr/share/php? Normal users ain't gonna have *write* access to that > directory, so it shouldn't be much of a security concern, I just don't know > how to do this. I know that I can disable safe_mode and enable open_basedir, > but that will create yet another security hole because normal users will be > able to alter LD_LIBRARY_PATH, which is not a very good idea. AFAIK, they can > make PHP load a custom glibc and thus gain root access to the box if I allow > them to do that. > >

attached mail follows:

hi. thanks . can you describe more about <a href="$PHP_SELF?params"> ??? nafiseh.

attached mail follows:

Does anyone know if its possible to use disable_functions on only specified directories, and not all? Hopefully its possible..

attached mail follows:

Any php.ini directive can be used in your httpd.conf on a per-dir basis. See the manual..

-Rasmus

On Sat, 25 Aug 2001, Andy Ladouceur wrote:

> Does anyone know if its possible to use disable_functions on only specified > directories, and not all? > Hopefully its possible.. > > > >

attached mail follows:

Try this:

$text = nl2br(htmlspecialchars(stripslashes($text)));

With $text being the data outputted. It will replace apostrophes, quotes, etc. with their proper html formatting.

Example: input: "PHP is Cool!" html output: "PHP is Cool!"

Then if you don't want the $quot;, or whatever is outputted depending on the input, you can write a script to strip them out if you like. There are lots of things you can do from this point. Anyway, hope that helps you out...

Navid

-----Original Message----- From: idesigntampabay.rr.com [mailto:idesigntampabay.rr.com] Sent: Saturday, August 25, 2001 2:49 PM To: Sunil Jagarlamudi; php-generallists.php.net Subject: [PHP] Re: escaping special charecters upon submit

> I have a form that submits data to a database, works great until someome > puts in an apostrophe in the comments area...how do i escape this > charecter upon > insert?

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: php-general-unsubscribelists.php.net
For additional commands, e-mail: php-general-helplists.php.net
To contact the list administrators, e-mail: php-list-adminlists.php.net

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]