NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > PHP Discussion Digest> 2002-07

From: php-general-digest-helplists.php.net
Date: Tue Jul 02 2002 - 10:34:34 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

php-general Digest 2 Jul 2002 15:34:34 -0000 Issue 1440

Topics (messages 104826 through 104939):

Re: [PHP-DB] blob versus file
        104826 by: Andy
        104827 by: Mark
        104828 by: Andy
        104880 by: Richard Lynch
        104881 by: Richard Lynch
        104887 by: Pierre-Alain Joye

Updating (appending) a file
104829 by: Chris Earle
104830 by: Martin Towell

Re: Updated (appending) a file
        104831 by: Chris Earle
        104832 by: Martin Towell
        104835 by: Chris Earle
        104836 by: Chris Earle
        104837 by: Martin Towell
        104838 by: Chris Earle
        104839 by: Martin Towell
        104841 by: Chris Earle
        104882 by: Richard Lynch

Re: php & SMS (or phone contact)
104833 by: olinux

Re: Keeping "Secrets" in PHP Files
        104834 by: Aaron
        104849 by: Richard Lynch
        104850 by: Richard Lynch
        104851 by: Richard Lynch
        104874 by: Richard Lynch

Unable to restart httpd after upgrading PHP
        104840 by: Robert Tan
        104842 by: Jason Wong
        104910 by: Erik Price

Using the AS key word in SQL Queries
        104843 by: Sachin Keshavan
        104844 by: Analysis & Solutions
        104883 by: Richard Lynch

Passing more than one variable with alink
        104845 by: Peter Goggin
        104846 by: Sachin Keshavan
        104847 by: Martin Towell
        104858 by: herosteal

Programmer's Browser
104848 by: Richard Lynch
104857 by: Martin Towell

Re: Canadian PHP Freelancer Rates
104852 by: Richard Lynch
104865 by: Richard Lynch

Re: session vars and frames
104853 by: Richard Lynch

Re: PHP affecting PDF plug-in....?
104854 by: Richard Lynch

Re: pop-up windows
104855 by: Richard Lynch

Re: Beginner Sessions Question
104856 by: Richard Lynch
104912 by: Erik Price

A question
104859 by: Emiliano Marmonti
104862 by: John Holmes

Why is this code hanging?
        104860 by: Leif K-Brooks
        104861 by: John Holmes
        104863 by: Leif K-Brooks
        104884 by: Chris Hewitt
        104891 by: Jason Wong

Re: Detecting Browser Type/OS from HTTP_USER_AGENT - Answer!?!
104864 by: Patrick Teague

Re: securing an 'includes' dir
        104866 by: Richard Lynch
        104885 by: Justin French
        104893 by: Jason Wong

Re: Redirecting with the POST method.
104867 by: Richard Lynch

Re: URL issue -- http://server/page.php?machine.network=one not working
104868 by: Richard Lynch

Re: mcrypt or libmcrypt with PHP 4.2.1
104869 by: Richard Lynch

Re: encryption code in php
104870 by: Richard Lynch

Re: supersession
104871 by: Richard Lynch

Re: PHP encryption
104872 by: Richard Lynch

Re: Drop connection, keep running?
104873 by: Richard Lynch

Re: Searching for string in text file help?
104875 by: Richard Lynch

Re: Writing a GIF/JPG Image
104876 by: Richard Lynch
104898 by: joakim.andersson.cybercom.se

Re: Constants
        104877 by: Richard Lynch
        104915 by: Erik Price
        104930 by: Analysis & Solutions
        104934 by: Erik Price

Re: session duration
104878 by: Richard Lynch
104886 by: Ivan Voras

Re: session dropping data
104879 by: Richard Lynch

Re: Handling of constants in strings
104888 by: Uwe Birkenhain

Going Nuts with Ereg/Eregi
104889 by: Patrick Teague
104918 by: Analysis & Solutions

Re: Problem with menu
104890 by: JJ Harrison

does a form submit from a http page to a https ensure secure data?
104892 by: B.C. Lance

.htpasswd
104894 by: Simon Troup
104909 by: Matt Schroebel

pdf_show_boxed
104895 by: Hugo Wetterberg

storing content data outside the application
104896 by: Andy
104921 by: Analysis & Solutions

User Enviroment Vars
104897 by: James Brisland

NNTP tutorial
104899 by: Latex Master

mac ie and force download
104900 by: Henry
104903 by: Justin French

Undefined Offset Error
104901 by: Crane, Christopher
104914 by: Jason Wong

$name = "My $row['name']" not longer possible?
        104902 by: Uwe Birkenhain
        104906 by: Matt Schroebel
        104907 by: Matt Williams

Multi-Word Searches
104904 by: Dave Rosenberg
104925 by: Analysis & Solutions

odbc_fetch_into ??
        104905 by: Scott Fletcher
        104911 by: Scott Fletcher
        104926 by: Analysis & Solutions
        104932 by: Scott Fletcher
        104935 by: Analysis & Solutions

php and apache path...
104908 by: Nightshade
104939 by: Analysis & Solutions

DOCUMENT_ROOT disappeared on me!
        104913 by: David E. Weekly
        104917 by: Kevin Waterson
        104919 by: Scott Fletcher
        104927 by: David E. Weekly
        104928 by: Erik Price
        104929 by: David E. Weekly
        104938 by: Jason Wong

svg graphics and php : is it possible
104916 by: Herve le Martret
104924 by: Bogdan Stancescu

Installation de PHP 4.2.1 avec Apache et extension frontpage 2002
104920 by: Claudio Valgoi

Re: cURL in an exec()
104922 by: Jay Blanchard

Re: uploading a file
104923 by: Beverly Steiner
104931 by: Jason Wong

Writing text line with no breaks.
104933 by: Jay Blanchard
104936 by: Jason Wong

Feedback please
104937 by: Bret L Conard

Administrivia:

To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net

To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net

To post to the list, e-mail:
php-generallists.php.net

----------------------------------------------------------------------

attached mail follows:

is the increase of the network traffic noticable? The query is pretty small
just text. Do u really think this might increase the traffic?

I also noticed that the image is not cached anymore. Is this true for all
blobs, or do I just access them in a wron way?
(I am requesting a php file in the <img tag with the statement inside and
output them before sending a jpeg header with an echo)

Thanx for your help,

Andy

"Pierre-Alain Joye" <pajpearfr.org> schrieb im Newsbeitrag
news:20020701142030.2a181417.pajpearfr.org...
> On Mon, 1 Jul 2002 14:17:53 +0200
> "andy" <news.lettersgmx.de> wrote:
>
> > Hi there,
> >
> > I am wondering if anybody has experiance in saving images to blob in
mysql.
> >
> > I do save images with 1 K and 4 KB to blob fields while I used to save
them
> > to file. It seams to me that this is much slower accessing the files.
The
> > images take a bit (really short but absolutly noticable) to show up on
the
> > site. Is there a way to improve the performance, and why is this
happening?
> > I thought the performance might even boost after storing them to blobs.
>
> Not really, the OS filesystem contains features that makes it always
faster than a sql query, that will increase your network traffic too.
>
> Inserting images or whatever binary data in a database does not have much
sense, you could not do a query with this field, cannot be indexed (dunno if
exists a DB that implement a image indexer ;) ). Storing relative pathes
gave me always more portabilities between DBM.
>
> In some case, you have to insert images (or every others binary data) in
DB (due to global permissions system only avaible for the DB and not for the
filesystem, for example), but as far is possible, I avoid to do it so.
>
> IMHO :)
>
> pa

attached mail follows:

On Mon, 1 Jul 2002 14:20:30 +0200, Pierre-Alain Joye wrote:
>On Mon, 1 Jul 2002 14:17:53 +0200
>"andy" <news.lettersgmx.de> wrote:
>
>>Hi there,
>>
>>I am wondering if anybody has experiance in saving images to blob
>>in mysql.
>>
>>I do save images with 1 K and 4 KB to blob fields while I used to
>>save them
>>to file. It seams to me that this is much slower accessing the
>>files. The
>>images take a bit (really short but absolutly noticable) to show up
>>on the
>>site. Is there a way to improve the performance, and why is this
>>happening?
>>I thought the performance might even boost after storing them to
>>blobs.
>
>Not really, the OS filesystem contains features that makes it always
>faster than a sql query

not necessarily for small files like he's talking about. it depends
on the fs but I would guess they'd be pretty close.

>that will increase your network traffic too.

only if the db is accessed across a network (he didn't say it was)

>Inserting images or whatever binary data in a database does not
have>much sense, you could not do a query with this field, cannot
be>indexed (dunno if exists a DB that implement a image indexer ;) ).

the blob field can't be indexed but others (id, filename, keywords,
caption etc..) can, there's lots of cases where it makes sense to put
images in a database.

if I had to guess the problem I'd say its either
1) the db is across a network like you said
or (more likely)
2) you need to create an index on the table. try running the query
manually and see how long it takes to get a result set. when you get
it down to .01 seconds you;re in good shape
hth,

attached mail follows:

i also noticed that the images are not cached at all. The other images
comming from the FS are cached just fine. Do u think thats because of the
blob?

Andy

"Mark" <maggeletmminternet.com> schrieb im Newsbeitrag
news:20020702034909.033F5559CAmail.mminternet.com...
On Mon, 1 Jul 2002 14:20:30 +0200, Pierre-Alain Joye wrote:
>On Mon, 1 Jul 2002 14:17:53 +0200
>"andy" <news.lettersgmx.de> wrote:
>
>>Hi there,
>>
>>I am wondering if anybody has experiance in saving images to blob
>>in mysql.
>>
>>I do save images with 1 K and 4 KB to blob fields while I used to
>>save them
>>to file. It seams to me that this is much slower accessing the
>>files. The
>>images take a bit (really short but absolutly noticable) to show up
>>on the
>>site. Is there a way to improve the performance, and why is this
>>happening?
>>I thought the performance might even boost after storing them to
>>blobs.
>
>Not really, the OS filesystem contains features that makes it always
>faster than a sql query

not necessarily for small files like he's talking about. it depends
on the fs but I would guess they'd be pretty close.

>that will increase your network traffic too.

only if the db is accessed across a network (he didn't say it was)

the blob field can't be indexed but others (id, filename, keywords,
caption etc..) can, there's lots of cases where it makes sense to put
images in a database.

attached mail follows:

>I also noticed that the image is not cached anymore. Is this true for all
>blobs, or do I just access them in a wron way?

Your browser is only going to cache URLs without a ? in them, probably
maybe...

Or, less likely, your PHP code with the MySQL code may be sending out
different headers() about cache-ing, if you snagged it from somebody and
didn't pay close attention...

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

>the blob field can't be indexed but others (id, filename, keywords, >caption etc..) can, there's lots of cases where it makes sense to put >images in a database.

This makes no sense to me.

You would still index the filename, the keywords, the caption, make them all searchable, but you do *NOT* shove the image data into a BLOB to do that.

The image raster pixel data and the meta-info about the image are completely orthogonal.

When you start using SQL to dig into the actual image data, parsing the GIF LZW compression within it (or JPEG, or whatever) and comparing the actual contents of the images in SQL, it makes sense to shove the images into a BLOB for index/search reasons.

Now, network traffic and off-loading some work from your web-server to your db-server *MIGHT* *MIGHT* *MIGHT* make sense, but I sure doubt it for *most* users/applications.

If you've got an actual two-tier solution with real-world performance testing where it makes sense, post the numbers and any other rules of thumb for when you really, really do want GIF BLOBs, by all means.

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

On Tue, 2 Jul 2002 05:45:40 +0200 "Andy" <news.lettersgmx.de> wrote:

> is the increase of the network traffic noticable? The query is pretty small > just text. Do u really think this might increase the traffic? Try to heavely charge a DB with images inside it. Do the same without DB, that depends if the dbms is in another server or not, note localhost server can use the network interface and not the socket.

then compare the two methods, and use the best :).

Tests are always the best way to get the best methods :).

> I also noticed that the image is not cached anymore. Is this true for all > blobs, or do I just access them in a wron way? Cached ? Client side ?

hth

attached mail follows:

I cannot figure out how to access the file and update it (which is just /files/*.txt from where I'll be accesing it -- in other words I'm accessing it from mydomain.com/index.php, but the file is mydomain.com/files/Names.txt). By update I mean append. I tried to access it with the complete local address (C:\\... it's a IIS5 server on Win2k; I did use the \\).

So, what file path do I use to update (append) a file on the same Windows 2k server as my web server (/files/*.txt is the location of the file relative to the PHP code being executed).

I want to be able to update the file on my server (which can be accessed through FTP the way $Location works out, if I do it manually in the browser). My question is how do I go about accessing it? Do I have to use the ftp_connect(); functions somehow or can I just go about with something like this: --------------------------------------------------- // This doesn't work though:

$Location = "ftp://". $Find->USER .":". $Find->PASS ."mysite.com/files/". $Find->BRANCH .".txt";

if (!$fp = fopen($Location, "a")) { // This is always what shows Error("Error: 0001. File (". $Location .") could not be found."); } else { if (!fwrite($fp, $Find->Line)) // line is an HTML tag/link (Something like "<A HREF="http://somesite.com" ALT="blah">") { Error("Error: 0002. Information was not written."); }

if (!fclose($fp)) { Error("Error: 0003. File close error."); } } ---------------------------------------------

attached mail follows:

if the php file is: mydomain.com/index.php and the data file is: mydomain.com/files/Names.txt

then the relative path is not "\\files\\Names.txt" , it's "files\\Names.txt"

HTH Martin

-----Original Message----- From: Chris Earle [mailto:chrisearleweb.com] Sent: Tuesday, July 02, 2002 3:29 PM To: php-generallists.php.net Subject: [PHP] Updating (appending) a file

So, what file path do I use to update (append) a file on the same Windows 2k server as my web server (/files/*.txt is the location of the file relative to the PHP code being executed).

$Location = "ftp://". $Find->USER .":". $Find->PASS ."mysite.com/files/". $Find->BRANCH .".txt";

if (!fclose($fp)) { Error("Error: 0003. File close error."); } } ---------------------------------------------

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

I didn't want to make a new post, but my "Reply -> Send" button makes Outlook crash (this isn't the web server! :)).

More to the point: if that relative path doesn't work, and the path is right and the file does exist, what does that mean?

-- if the php file is: mydomain.com/index.php -- and the data file is: mydomain.com/files/Names.txt

-- -- then the relative path is not "\\files\\Names.txt" , it's -- "files\\Names.txt" -- -- HTH -- Martin

attached mail follows:

maybe a permissions thing?

do you get any errors back? if so, what error is it?

try appending to a file in the same directory as index.php and see how that goes.

-----Original Message----- From: Chris Earle [mailto:chrisearleweb.com] Sent: Tuesday, July 02, 2002 3:54 PM To: php-generallists.php.net Subject: RE: RE: [PHP] Updated (appending) a file

More to the point: if that relative path doesn't work, and the path is right and the file does exist, what does that mean?

-- if the php file is: mydomain.com/index.php -- and the data file is: mydomain.com/files/Names.txt

-- -- then the relative path is not "\\files\\Names.txt" , it's -- "files\\Names.txt" -- -- HTH -- Martin

attached mail follows:

The server has error reporting turned off (can I change this even though I'm not there?)...

I cannot do it with the file in my base folder either.

"Martin Towell" <martin.towellworld.net> wrote in message news:6416776FCC55D511BC4E0090274EFEF508A58AEXCHANGE... > maybe a permissions thing? > > do you get any errors back? if so, what error is it? > > try appending to a file in the same directory as index.php and see how that > goes. > > -----Original Message----- > From: Chris Earle [mailto:chrisearleweb.com] > Sent: Tuesday, July 02, 2002 3:54 PM > To: php-generallists.php.net > Subject: RE: RE: [PHP] Updated (appending) a file > > More to the point: if that relative path doesn't work, and the path is right > and the file does exist, what does that mean? > > -- if the php file is: mydomain.com/index.php > -- and the data file is: mydomain.com/files/Names.txt > -- > -- then the relative path is not "\\files\\Names.txt" , it's > -- "files\\Names.txt" > -- > -- HTH > -- Martin

attached mail follows:

display_errors = On; according to phpinfo(); All other error reporting is off though. But nothing is being displayed.

"Chris Earle" <chrisearleweb.com> wrote in message news:20020702050353.2998.qmailpb1.pair.com... > The server has error reporting turned off (can I change this even though I'm > not there?)... > > I cannot do it with the file in my base folder either. > > "Martin Towell" <martin.towellworld.net> wrote in message > news:6416776FCC55D511BC4E0090274EFEF508A58AEXCHANGE... > > maybe a permissions thing? > > > > do you get any errors back? if so, what error is it? > > > > try appending to a file in the same directory as index.php and see how > that > > goes. > > > > -----Original Message----- > > From: Chris Earle [mailto:chrisearleweb.com] > > Sent: Tuesday, July 02, 2002 3:54 PM > > To: php-generallists.php.net > > Subject: RE: RE: [PHP] Updated (appending) a file > > > > More to the point: if that relative path doesn't work, and the path is > right > > and the file does exist, what does that mean? > > > > -- if the php file is: mydomain.com/index.php > > -- and the data file is: mydomain.com/files/Names.txt > > -- > > -- then the relative path is not "\\files\\Names.txt" , it's > > -- "files\\Names.txt" > > -- > > -- HTH > > -- Martin > >

attached mail follows:

This should work

error_reporting(E_ALL);

but be prepared for all dem warnings ! :)

BTW: I get an undeliverable mail to your email address when I "reply to all" :(

-----Original Message----- From: Chris Earle [mailto:chrisearleweb.com] Sent: Tuesday, July 02, 2002 4:04 PM To: php-generallists.php.net Subject: Re: RE: [PHP] Updated (appending) a file

The server has error reporting turned off (can I change this even though I'm not there?)...

I cannot do it with the file in my base folder either.

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

Permission denied

Yep. Crap. If I let PHP create the file (delete the files as they exist now), that will give it permission (because it will have made them), right?

Thanks a lot for all the help.

"Martin Towell" <martin.towellworld.net> wrote in message news:6416776FCC55D511BC4E0090274EFEF508A58BEXCHANGE... > This should work > > error_reporting(E_ALL); > > but be prepared for all dem warnings ! :) > > > > BTW: I get an undeliverable mail to your email address when I "reply to all" > :( > > -----Original Message----- > From: Chris Earle [mailto:chrisearleweb.com] > Sent: Tuesday, July 02, 2002 4:04 PM > To: php-generallists.php.net > Subject: Re: RE: [PHP] Updated (appending) a file > > > The server has error reporting turned off (can I change this even though I'm > not there?)... > > I cannot do it with the file in my base folder either. > > "Martin Towell" <martin.towellworld.net> wrote in message > news:6416776FCC55D511BC4E0090274EFEF508A58AEXCHANGE... > > maybe a permissions thing? > > > > do you get any errors back? if so, what error is it? > > > > try appending to a file in the same directory as index.php and see how > that > > goes. > > > > -----Original Message----- > > From: Chris Earle [mailto:chrisearleweb.com] > > Sent: Tuesday, July 02, 2002 3:54 PM > > To: php-generallists.php.net > > Subject: RE: RE: [PHP] Updated (appending) a file > > > > More to the point: if that relative path doesn't work, and the path is > right > > and the file does exist, what does that mean? > > > > -- if the php file is: mydomain.com/index.php > > -- and the data file is: mydomain.com/files/Names.txt > > -- > > -- then the relative path is not "\\files\\Names.txt" , it's > > -- "files\\Names.txt" > > -- > > -- HTH > > -- Martin > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

Um - yeah - sorta depends if the script has write access to the directory too :) but try and see, I guess is the best option ...

-----Original Message----- From: Chris Earle [mailto:chrisearleweb.com] Sent: Tuesday, July 02, 2002 4:14 PM To: php-generallists.php.net Subject: Re: RE: [PHP] Updated (appending) a file

Permission denied

Yep. Crap. If I let PHP create the file (delete the files as they exist now), that will give it permission (because it will have made them), right?

Thanks a lot for all the help.

attached mail follows:

Thanks again man, you've been a ton of help.

I gotta get some sleep now! Thanks again.

"Martin Towell" <martin.towellworld.net> wrote in message news:6416776FCC55D511BC4E0090274EFEF508A58CEXCHANGE... > Um - yeah - sorta > depends if the script has write access to the directory too :) > but try and see, I guess is the best option ... > > -----Original Message----- > From: Chris Earle [mailto:chrisearleweb.com] > Sent: Tuesday, July 02, 2002 4:14 PM > To: php-generallists.php.net > Subject: Re: RE: [PHP] Updated (appending) a file > > > Permission denied > > Yep. Crap. If I let PHP create the file (delete the files as they exist > now), that will give it permission (because it will have made them), right? > > Thanks a lot for all the help. > > > "Martin Towell" <martin.towellworld.net> wrote in message > news:6416776FCC55D511BC4E0090274EFEF508A58BEXCHANGE... > > This should work > > > > error_reporting(E_ALL); > > > > but be prepared for all dem warnings ! :) > > > > > > > > BTW: I get an undeliverable mail to your email address when I "reply to > all" > > :( > > > > -----Original Message----- > > From: Chris Earle [mailto:chrisearleweb.com] > > Sent: Tuesday, July 02, 2002 4:04 PM > > To: php-generallists.php.net > > Subject: Re: RE: [PHP] Updated (appending) a file > > > > > > The server has error reporting turned off (can I change this even though > I'm > > not there?)... > > > > I cannot do it with the file in my base folder either. > > > > "Martin Towell" <martin.towellworld.net> wrote in message > > news:6416776FCC55D511BC4E0090274EFEF508A58AEXCHANGE... > > > maybe a permissions thing? > > > > > > do you get any errors back? if so, what error is it? > > > > > > try appending to a file in the same directory as index.php and see how > > that > > > goes. > > > > > > -----Original Message----- > > > From: Chris Earle [mailto:chrisearleweb.com] > > > Sent: Tuesday, July 02, 2002 3:54 PM > > > To: php-generallists.php.net > > > Subject: RE: RE: [PHP] Updated (appending) a file > > > > > > More to the point: if that relative path doesn't work, and the path is > > right > > > and the file does exist, what does that mean? > > > > > > -- if the php file is: mydomain.com/index.php > > > -- and the data file is: mydomain.com/files/Names.txt > > > -- > > > -- then the relative path is not "\\files\\Names.txt" , it's > > > -- "files\\Names.txt" > > > -- > > > -- HTH > > > -- Martin

attached mail follows:

>Permission denied > >Yep. Crap. If I let PHP create the file (delete the files as they exist >now), that will give it permission (because it will have made them), right?

You're getting closer, though. :-)

Now your problem simply boils down to one of security and file permissions.

Alas, with Windows, that's a bit of a mess...

Depending on the version of the OS you may or may not have a way to set the permissions of a file/directory for PHP to be able to do what you want...

First, you gotta figure out what user PHP runs as.

<?php phpinfo();?>

Then, you gotta figure out if your Windows OS version even has the concept of "user" at all, and what user[s] it thinks should be able to muck with your files, and if there's some way to convince Windows it's okay to do that...

I can only say that if you click on all the stuff with the right-click mouse thingie, and it still won't let you alter who can change which file, you're probably in trouble...

Your probably should eventually move the files PHP can alter *OUTSIDE* the web tree, as a security issue. Though, with Windows, I'm not sure it makes a lot of difference, given the 'security' already there... :-)

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

Most cellular and paging companies provide your phone/pager with an email address. usually 10digitnumberprovidername.com

check out this list of providers and their addressing: http://www.weblinkwireless.com/customerservice/how2send/index.html

so just use mail() and it looks pretty sweet when your website sends msg to your phone

olinux

--- Duncan <php-generalring-wraith.com> wrote: > Hi again, > > thx for the replies. > Well, nagios ... quite a story ... anyway, i spent > more than 3-4 hours and still didn't get it to work. > Maybe i should look into it again, if it supports > that kind of stuff, which really would be just what > i need :) > > Thanks a lot, > > Duncan >

__________________________________________________ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com

attached mail follows:

try this for now.

http://pobs.mywalhalla.net/

depending on how fancy your code is it may not work. Or you'll only have to change a few little things.

basically what it does is :

for($bob=1; $bob<10; $bob++){ echo $bob; $sam=$bob; }

Converts above to something like

for($edghr354dfga=1; $edghr354dfga<10; $edghr354dfga++){ echo $edghr354dfga; $hsfgfsyrtae34dfgdfas=$edghr354dfga; }

basically.

Lazor, Ed wrote:

>Dang. $2880 is kind of expensive! I wish they'd base licensing more on how >many copies your encoded program you sell. > >-----Original Message----- >http://www.zend.com/store/products/zend-encoder.php > >**************************************************************************** >This message is intended for the sole use of the individual and entity to >whom it is addressed, and may contain information that is privileged, >confidential and exempt from disclosure under applicable law. If you are >not the intended addressee, nor authorized to receive for the intended >addressee, you are hereby notified that you may not use, copy, disclose or >distribute to anyone the message or any information contained in the >message. If you have received this message in error, please immediately >advise the sender by reply email and delete the message. Thank you very >much. > > >

attached mail follows:

>I've been thinking some more about the issue of keeping PHP >source files secure in a shared hosting environment. I've now >convinced myself that there is simply no way to protect these >files, even if safe_mode is turned on, as long as other users can >have telnet (or ssh) access to the box. > >Here's my thinking ... > >First off, I am assuming that > - we are discussing a Unix-variant > environment (I don't know enough about > Windows to comment) > - the web server does NOT run as root

To be thorough, you should also rule out:

1. PHP *could* be run as a CGI via suExec as your own user, and thus only if your own shell account was compromised would the file be readable. (If your own shell account is compromised you probably have bigger problems than just the PHP-readable files...) My host actually provides me with both "nobody" Module and "realuser" CGI PHP installation, for example. (http://hostbaby.com -- I highly recommend them -- Apparently they had a hard drive crash last week, but I didn't even notice anything until a cron job ran this week that needed to read/write a file whose permissions didn't quite get restored.)

So, if I *really* wanted a particular "secret" secure, I could run it as CGI and keep all my files 400 (or 600 for data) So far, I've used the CGI more for the second stage of file upload (copy into web-tree *ONLY* after security vetting has occurred) but I *COULD* run all the database pages through CGI... And with the minimal traffic I get, I probably should... Oh well.

[ASIDE] Too bad I can't run the CGI one first, get a db connection, and then "switch" to the Module one for the rest... Oh, never mind, once you've fired up the CGI, it ain't slower to run. [/ASIDE]

2. I *think* Apache 2.0 *can* be made to run PHP as a Module in different directories as different users... At least, last I heard, that was on the boards for "To Do" in Apache 2.0... So, in theory, as I understand it, there *could* be an ISP who was running Apache 2.0 Beta that was running each users' PHP Module as that user, and your "secrets" files would not be world-readable.

3. I'm reasonable certain fhttpd has the same feature as described in 2.

That said, some more caveats about file browsing:

I *THINK* you can bury your PHP file inside directories that are not readily browsable by other shell accounts. So long as the "foo.inc" file *is* readable, the intervening directories don't have to be. I *THINK*. I got bit by this once on one web-site, but I was mixing and matching a Module and CGI usage (see 1.) and maybe was just confusing myself about which user was actually 'acting' at a particular time.

>So unless I'm missing something, safe_mode provides no protection >in a Unix environment where > - the web server does not run as root > - other users have telnet access to the box > >I hope wrong. Can anyone find the hole in my reasoning?

Safe mode stops some of the most obvious routes of reading the files in question -- It doesn't stop a determined reader from digging them out and reading them.

As noted earlier -- If a real hacker *really* wants to break in, they will.

Usually, your task (and the ISP's) is to raise the bar high enough that the frequency of successful attack is low enough, that you/they don't spend your/their entire life restoring from un-hacked backups.

There are some high-end special cases where your task is far more complicated than that, of course...

To that end, less-obvious file names and safe mode "weed out" some percentage of the "wannabe hackers"

If truly secure "secrets" are needed, a shared environment is the wrong answer...

The same shoe doesn't fit everybody. I generally prefer systems where I don't feel hamstrung every time I need to do something interesting with my web-sites, and I'm willing to risk the (mostly public) data in my databases being compromised by fellow clients of my ISP for that.

I'm also mostly on servers with starving musicians who have a hard enough time getting their web-sites to work and getting gigs, much less time to waste pawing through my files :-)

In one extreme case, the bulk of the data is editable by anybody on the planet through a web-interface, so "securing" the username/password would be almost pointless. I still do it, through habit and to avoid mass destruction by the unwashed masses, but...

Security is not an on/off switch. It's a gradient in N dimensions, where you have to balance usability, development time, risk, upper management stupidity, and a host of minor variables to decide where your software/hardware/solution "fits" into the spectrum.

You can't learn that in one day, or even in a week's seminar. It's a place where experience counts.

I'm not saying a one-week security seminar wouldn't be invaluable -- only that the seminar has to be followed by a lot of real-world experience to be really useful.

I've picked up (mostly against my will) enough knowledge about security to know how truly ignorant I am :-)

But even I know enough to be worth listening to maybe, eh?

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

>The hosting provider could probably implement a solution... Alter the FTP >configuration to automatically set the group permission to that of the web >server when you transfer files. You wouldn't need to be in the group. >You're the owner and can modify your own files. World Read access would be >unnecessary. > >Thoughts?

So I write a PHP application to read your file, or just symlink a .phps file to it.

Game over.

The "Group" is no more magical than the "User" as an access route.

If PHP can read it to use, PHP can read it for me to steal.

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

>try this for now. > >http://pobs.mywalhalla.net/ > >depending on how fancy your code is it may not work. Or you'll only have >to change a few little things. > >basically what it does is : > >for($bob=1; $bob<10; $bob++){ > echo $bob; > $sam=$bob; >} > >Converts above to something like > >for($edghr354dfga=1; $edghr354dfga<10; $edghr354dfga++){ echo >$edghr354dfga; $hsfgfsyrtae34dfgdfas=$edghr354dfga; } > >basically.

Sure hope they are not charging money for *THAT*...

And I don't see how it helps the "secrets" issue at all...

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

>here's an idea, perhaps something like this >can be used... > >You set a decryptionkey value in your vhost >(I don't know if you can do this with php_value >or perhaps an apache directive) > ><VirtualHost 123.123.123.123> >ServerName www.example.com >DocumentRoot /home/example/htdocs >php_value decryptionkey "123456789" ></VirtualHost> > >encode your secret data using the decryptionkey >before hand, and then decode it on the fly using >the environment variable present in only in your >vhost. > >I'm hoping that no one outside of your vhost can >see the value of that variable. (does anyone know >if you can pull environment variables from other >vhosts or if PHP can read httpd.conf?)

Depends on your setup...

You might have made httpd.conf world-readable for some reason. Or not.

Alas, if you have access to be altering httpd.conf for the "key" you suggest in the first place, I could just put my database secrets there and be done with it. Make sure only root (Apache) can read httpd.conf, and the problem is solved...

So no need for the funky key thingie going on...

I *suppose* as an administration issue, having an ISP that sets one value one time for you in httpd.conf is easier than making them edit httpd.conf all the time for you, but...

I don't foresee a lot of ISP's embracing this "key" solution, personally.

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

Hi There,

I am running a Sun Cobalt RAQ4 server. The PHP version on it is 4.0.6. I received an error message when I restart httpd after upgrading PHP scripting engine on my cobalt server through the patch that cobalt provided to fixes some security issues that were found on prior releases of PHP for Sun Cobalt server appliance.

The error message is "Setting up Web Service: Syntax error on line 58 of /etc/httpd/conf/httpd.conf: Cannot load /etc/httpd/modules/libphp4.so into server: libgd.so.1: cannot open shared object file: No such file or directory /usr/sbin/httpd"

Appreciate your help.

Thank you.

Regards, Robert

*****************E-MAIL DISCLAIMER****************** This document should only be read by those persons to whom it is addressed and is not intended to be relied upon by any person without subsequent written confirmation of its contents. Accordingly, iASPire.Net Pte Ltd disclaim all responsibility and accept no <\28>liability including in negligence<\29> for the consequences of any person acting, or refraining from acting, on such information prior to the receipt by those persons of subsequent written confirmation. If you have received this e-mail message in error, please notify us immediately by telephone <\28>65-5801900<\29>. Please also destroy and delete the message from your computer. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication of this e-mail message is strictly prohibited. ****************************************************

attached mail follows:

On Tuesday 02 July 2002 12:22, Robert Tan wrote: > Hi There, > > I am running a Sun Cobalt RAQ4 server. The PHP version on it is 4.0.6. > I received an error message when I restart httpd after upgrading PHP > scripting engine on my cobalt server through the patch that cobalt > provided to fixes some security issues that were found on prior > releases of PHP for Sun Cobalt server appliance.

Sounds like you want the Cobalt mailing list!

> The error message is "Setting up Web Service: Syntax error on line 58 > of /etc/httpd/conf/httpd.conf: > Cannot load /etc/httpd/modules/libphp4.so into server: libgd.so.1: > cannot open shared object file: No such file or directory > /usr/sbin/httpd"

libgd.so.1 is part of the GD library. Try upgrading _all_ the packages on your Cobalt.

-- Jason Wong -> Gremlins Associates -> www.gremlins.com.hk Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development *

/* It was a JOKE!! Get it?? I was receiving messages from DAVID LETTERMAN!! YOW!! */

attached mail follows:

On Tuesday, July 2, 2002, at 12:22 AM, Robert Tan wrote:

> I am running a Sun Cobalt RAQ4 server. The PHP version on it is 4.0.6. > I received an error message when I restart httpd after upgrading PHP > scripting engine on my cobalt server through the patch that cobalt > provided to fixes some security issues that were found on prior > releases of PHP for Sun Cobalt server appliance.

Forgive my lack of knowledge of the RAQ4 server, but what's stopping you from just rolling your own? The source code install isn't that difficult, and I have a documented log of an upgrade you can use as a guide if you want.

Erik

----

Erik Price Web Developer Temp Media Lab, H.H. Brown priceehhbrown.com

attached mail follows:

Hello all,

I am trying to execute the Query SELECT MAX(RECORDNO) AS MAXREC FROM BOOKS;

I am trying to access the value like this while($row = mysql_fetch_array($sql_result)) { $bookID = $row['MAXREC']; }

This query fails. Am I doing any thing wrong here.

Thanks, Sachin.

attached mail follows:

On Tue, Jul 02, 2002 at 11:08:13AM +0530, Sachin Keshavan wrote: > > I am trying to execute the Query > SELECT MAX(RECORDNO) AS MAXREC FROM BOOKS; > > while($row = mysql_fetch_array($sql_result)) > { > $bookID = $row['MAXREC']; > } > > This query fails. Am I doing any thing wrong here.

Don't ask us. Ask MySQL. After running the query (I assume you ARE running the query, via mysql_query(), right?) throw in an echo call to mysql_error(). That'll tell you what went wrong:

http://www.php.net/manual/en/function.mysql-error.php

--Dan

-- PHP classes that make web design easier SQL Solution | Layout Solution | Form Solution sqlsolution.info | layoutsolution.info | formsolution.info T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y 4015 7 Av #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409

attached mail follows:

>On Tue, Jul 02, 2002 at 11:08:13AM +0530, Sachin Keshavan wrote: >> >> I am trying to execute the Query >> SELECT MAX(RECORDNO) AS MAXREC FROM BOOKS; >> >> while($row = mysql_fetch_array($sql_result)) >> { >> $bookID = $row['MAXREC']; >> } >> >> This query fails. Am I doing any thing wrong here.

Warning: In addition to any SQL error you may have, you almost-for-sure are making a newbie logical flaw in your programming.

Let me ask you this question:

What if *TWO* (2) people add new books at *EXACTLY* the same time?

Do you *STILL* want the MAX(RECORDNO) ?

Or am I gonna get the other guy's book, since his went in a micro-second after mine did?

:-)

You may want to look into this function:

http://www.php.net/manual/en/function.mysql-insert-id.php

I could, of course, be wrong, and you're not making the same mistake a million others have made before... :-)

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

I need to pass more than one variable with a link.

I cannot see the syntax listed anywhere.

I am using : printf ("<a href=\"catalogueitemslist.php?catitempage=%s;?catrange=%s\"><IMG SRC=\"/jpg/buttons/nextset.jpg\" HEIGHT=25 BORDER=0></a><LEFT>",$catitempage,$catrange);

Obviously the separators between the two variablesare incorrect. i.e. I have: ?catitempage=%s;?catrange=%s

Can anyone tell me what it should be or where I can find a reference to these sort of syntax problems.

Regards

Peter Goggin

attached mail follows:

For the link to work correctly, only the first parameter should be seperated by a ?, the remaining ones should be seperated by &.

For eg: http://localhost.com/sample.php?firstparam=1&secondparam=XYZ

Hope this helps, Sachin

-----Original Message----- From: Peter Goggin [mailto:pgogginsmartchat.net.au] Sent: Tuesday, July 02, 2002 12:01 PM To: php-generallists.php.net Subject: [PHP] Passing more than one variable with alink

I need to pass more than one variable with a link.

I cannot see the syntax listed anywhere.

I am using : printf ("<a href=\"catalogueitemslist.php?catitempage=%s;?catrange=%s\"><IMG SRC=\"/jpg/buttons/nextset.jpg\" HEIGHT=25 BORDER=0></a><LEFT>",$catitempage,$catrange);

Obviously the separators between the two variablesare incorrect. i.e. I have: ?catitempage=%s;?catrange=%s

Can anyone tell me what it should be or where I can find a reference to these sort of syntax problems.

Regards

Peter Goggin

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

the syntax is name1=val1&name2=val2&name3=val3 the separator is "&"

-----Original Message----- From: Peter Goggin [mailto:pgogginsmartchat.net.au] Sent: Tuesday, July 02, 2002 4:31 PM To: php-generallists.php.net Subject: [PHP] Passing more than one variable with alink

I need to pass more than one variable with a link.

I cannot see the syntax listed anywhere.

I am using : printf ("<a href=\"catalogueitemslist.php?catitempage=%s;?catrange=%s\"><IMG SRC=\"/jpg/buttons/nextset.jpg\" HEIGHT=25 BORDER=0></a><LEFT>",$catitempage,$catrange);

Obviously the separators between the two variablesare incorrect. i.e. I have: ?catitempage=%s;?catrange=%s

Can anyone tell me what it should be or where I can find a reference to these sort of syntax problems.

Regards

Peter Goggin

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

delimiter in a query string is & (amphen) ie : page.php?varx=xxx&vary=yyy

"Peter Goggin" <pgogginsmartchat.net.au> a écrit dans le message de news: 043b01c22192$1369fc50$0300000apetergnt1... > I need to pass more than one variable with a link. > > I cannot see the syntax listed anywhere. > > I am using : > printf ("<a href=\"catalogueitemslist.php?catitempage=%s;?catrange=%s\"><IMG > SRC=\"/jpg/buttons/nextset.jpg\" HEIGHT=25 > BORDER=0></a><LEFT>",$catitempage,$catrange); > > > Obviously the separators between the two variablesare incorrect. i.e. I > have: ?catitempage=%s;?catrange=%s > > Can anyone tell me what it should be or where I can find a reference to > these sort of syntax problems. > > > Regards > > Peter Goggin >

attached mail follows:

Any recommendations for a GPL (read: free) "Programmer's Browser" which will allow me to surf "normally" but cache pages and their headers and let me view the damn things?

"View Source" is fine as far as it goes, but it's only half the story... I want my headers.

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

curl

-----Original Message----- From: Richard Lynch [mailto:ceol-i-e.com] Sent: Tuesday, July 02, 2002 4:08 PM To: php-generallists.php.net Subject: [PHP] Programmer's Browser

Any recommendations for a GPL (read: free) "Programmer's Browser" which will allow me to surf "normally" but cache pages and their headers and let me view the damn things?

"View Source" is fine as far as it goes, but it's only half the story... I want my headers.

-- Like Music? http://l-i-e.com/artists.htm

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

>Hi, > >I was hoping that folks from the Canadian PHP community could offer me some >direction with deterring going rates for freelance PHP developers. All of >the material that I have found during my research points to US rates which >average at around $92 US an hour (see the American Institute of Graphic Arts >white paper "Aquent Survey of Design Salaries 2002" at >http://www.aquent.com/whitepapers/).

Is that before dot-bomb and 9/11 or after? :-^

It's sure more than I ever made free-lancing...

But then I've stopped taking any boring jobs. No, I won't do another shopping cart.

And the starving musicians I usually work for think $92 is a lot of money. Not $92 per hour, just plain old $92. :-)

Oh well. I like what I do, at least.

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

>> > > average at around $92 US an hour (see the American Institute of

Maybe that's a transposition and the average is $29 ???

I've registered to get a copy of the original source, and may remember to post if/when I find out...

Don't see how the average could be US $92 per hour...

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

>>>> I'm registering if people are logged in. The login page is situated in >> the >>>> mainFrame. >>>> Now in my leftFrame I want to put the status (i.e. "you are logged in as >>>> .....") >>>> >>>> When people are succesfully logged in I register their name as >>>> session_register('session_loginname'); >>>> I then refresh the leftFrame. >>>> In the page to be displayed in the leftFrame I put: >>>>

You also need to do:

session_start();

in this leftFrame page (URL)...

Otherwise, the leftFrame page (URL) has no idea that you are using sessions.

>>>> <?php if (!isset($session_loginname)) >>>> { >>>> echo "you are not a member"; >>>> } >>>> else >>>> { >>>> echo "login: $session_loginname"; >>>> } >>>> ?>

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

>All... > >I have a PDF plug-in problem... > >Now before you say anything the problem doesnt exesi when I remove PHP from >the equation... > >I have a script that generates a drop-down list of ID's basically... >Clicking continue will pass the ID to a script which I use to get the >correct filename to display... > >ALSO, this only seems to happen on IE 5... > >This is what happens... > >1) login >2) select option to display list... >3) Select Item... >4) Pass & display item >5) select option to display list... >6) Select Item... >7) Pass & display item > >Now... at stage 7... is where it appears to go wrong... i.e. IE hangs.... > >The PDF file is being displayed via an <iframe>, also note that if I remove >the <iframe> the flow is as normal... > >[ http://www.the-local-guide.com :: http://www.mcgarvie.net ]

I had a recent case where the header() functions I was using to mark my PDF files as being out-dated (Expires:, Pragma, all that crap) were causing IE 5.5 to choke on PDF files.

Don't ask me why stupid IE was choking on the idea that a PDF file was maybe dated, but it was.

Sigh. Ask Bill.

Anyway, take a look at the *HEADERS* that are coming out under the two different situations, and see what you see...

One way to see the headers is to do:

telnet the-local-guide.com 80 GET /index.php HTTP/1.0 Host: the-local-guide.com

[Hit "return" twice after that last line] This is a crude way to "fake out" a web-server into thinking you're a browser. Won't do Cookies or authentication or anything fancy like that, but it's a start.

Also, I dunno what an iframe is, but that sounds suspect. I'm a Luddite. I don't use HTML that doesn't work reliably on 3.0 browsers.

No DHTML/layers, no CSS -- I've seen too many broken CSS sites to believe in it.

Show me a CSS site, and I'll show you unreadable text and INPUT boxes I can't read what the hell I'm typing on my Mac IE 4.01 browser.

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

In the old days, Rasmus would answer with something like:

http://php.net/FAQ.php#4.17

That was back when the whole FAQ could fit in the head of a single person... :-) [Well, a single person as smart as Rasmus, anyway... :-)]

This meta-thread about what to do about posters who obviously didn't do their homework is just as endemic to the system as the original problem.

"The poor will always be with you"

I truly believe that the best solution is to simply point them to the URL they should have found in the first place, maybe politely suggest they try the search engine first next time, and leave it at that.

Being abusive is not going to make them want to improve themselves, really. Who gets the good results -- The sports coach who yells and screams at new, untrained players for stupid mistakes, or the one who politely informs them of their error, and sets them on the true path?

Now if you got a poster who *CONTINUES* in their wayward behaviour, an off-list explanation of their error is a Good Idea (tm). :-)

And, you'll never get the volume of a General list for something as popular as PHP to significantly decrease no matter how you try to hit users over the head with "Do your homework" There have already been more meta-posts about FAQs than FAQs, and that's just silly. [Which is why I'm making another one, of course :-)]

Not saying that making it easy to find the right way to search isn't a Good Idea (tm) but extremes like a daily post to tell people that is just "too much" and won't help.

Disclaimer:

Once upon a time, a long time ago, as a brand-new user, I read the FAQ. A year went by. I asked question # 4.17. Why? Well, when I read the FAQ, I didn't even understand the QUESTION, much less the answer to #4.17. :-)

A fellow named Rasmus was kind enough to just reply:

http://php.net/FAQ.php#4.17

And you know what? About a year after that, I figured out (Hey, I'm slow, okay?) that this Rasmus guy (and that Zeev guy and that Andi guy) were the actual *DEVELOPERS* of PHP, and I figured they could better spend his (their) time fixing PHP for me, instead of answering questions with: http://php.net/FAQ.php#4.17

So, you know what I did? I started answering for him.

Hey, I even answered questions I didn't even understand. No, really. There was this one Oracle question that kept popping up with the same error message, and the answer (not yet in the FAQ at that time) was SetEnv("ORACLE_HOME=/home/oracle"); [And that's not even the correct answer any more, but it was then.]

I didn't really know what SetEnv was, and I hadn't actually touched Oracle (well, okay, Oracle 4.1.17 or somesuch when I worked this day job years and years before, and they had this *horrible* command-line ASCII art interface that you couldn't even create a database without answering a zillion questions I didn't understand the question, much less know the answer to...) Anyway, for all practical purposes, I knew nothing about Oracle. [Still don't, for all practical purpose, but I reckon I can get away with "Just like chicken" if I ever need to use it.]

There were other questions about CGI and Module (whatever those are) and I just memorized the FAQ answers and posted away. I think I did that pretty solid for, oh, three, maybe four years or so... :-)

Next thing you know, I was being hailed as PHP expert (and eventually became one, I guess...).

'Course, I also got abusive emails from (eg) Oracle users after I told them (in response to direct-email followup questions) that I had no idea how to work Oracle and had never even seen it, and they seemed to think I was deliberately lying to them and taunting them, but that's another story... :-)

Anyway, my point is this -- Abusive answers don't help, no matter how frustrated you are. If you're that frustrated, let somebody else answer the FAQ, or just let the guy flounder for awhile. They'll either get answered by somebody else, or the poster will get off their duff and start digging. Either way, just hit delete.

Just my take as a former (and maybe once again) "regular" You'll have to use my old email addresses to dig out my old posts if you wanna figure out just how "regular" I was, back in the day... ceol-i-e.com richardzend.com rlynchignitionstate.com lynchignitionstate.com lynchcognitivearts.com lynchlscorp.com lynchils.nwu.edu

And a few more I reckon I've forgotten, but that's okay :-)

I think Stas even had this nifty interface on the Zend site for a while tracking post frequency by email. I don't think I ever was more vociferous than Rasmus, but it was close sometimes :-)

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

>1. I know that you initially begin the session with the session_start() >function. Is this function required on all pages in order for the session >variables to remain globalized?

Yes -- on all pages that intend to use sessions.

If you have a page "in between" that has no use for session data, you can (probably) not do session_start() unless you need the variable/functions to pass the Session ID around as part of the URL if you don't like/trust the Cookies to maintain user identification.

Not 100% sure about it if you are using URLs to pass session ID... I mostly figure anybody too paranoid to use Cookies is a lost cause anyway :-) :-) :-)

>2. If you have a "process login" page, which the user is sent to after >submitting the login information, is this page ideal to hold the >session_register() functions to define global variables and their values?

Probably...

It may be more natural to just session_register() variables as you go, but if there are some high-level global variables, yeah, that's a good place to put them.

>3. Would this piece of code be good to hold the preferences of a user that >has just logged in?

Yes, but... :-)

><?php > >session_start(); >$link = mysql_connect("localhost", "user", "pass") > or die("Could not connect to database."); >$db = mysql_db_select("users", $link) > or die("Could not select database."); > >$query = "SELECT user, pass FROM users WHERE user='$user' AND pass='$pass' >LIMIT 1"; >$result = mysql_query($query, $link) > or die("Query was not successful. " . mysql_error());

Don't ever spew mysql_error() to the web browser. Reveals too much to hackers.

Something like:

$result = mysql_query($query, $line) or error_log(mysql_error()); if (!$result){ die("Query was not successful"); }

And, really, $result is about a generic a variable name as $i

How about using $user_info or even $user_info_result?

Yes, I know every example and every PHP book on the planet uses $result. That doesn't make it right :-)

>if(mysql_num_rows($result) < 1) { > "User not found. Please try again.";

You need to echo that or something more than just have it sitting there...

Probably okay syntax-wise, but not what you intended. :-)

>} else { > $query = "SELECT * FROM users WHERE user='$user' AND pass='$pass' LIMIT 1";

SELECT * is bad.

Figure out which columns you need, and ask for them by name.

> $result = mysql($query, $link) > or die("Query was not successful. " . mysql_error()); > while($row = mysql_fetch_array($result)) { > $name = $row['name']; > $colorpref = $row['colorpref']; > $fontpref = $row['fontpref']; > $sizepref = $row['sizepref']; > } > session_register("UserName"); $UserName = $name; > session_register("Color"); $Color = $colorpref; > session_register("Font"); $Font = $fontpref; > session_register("Size"); $Size = $sizepref; >}

Problem: If it's my first time here, and I haven't selected any color/font/size preferences, your code may or may not "break"... It's hard to say without knowing how/when/what you initialize by default in the SQL, but watch out for it.

In particular, if you are not going to die() on the "num_rows(...) < 1" above...

> >?> > >I know it's a lengthy example, but I wrote it, and want to know whether or >not that would work to load user preferences into the variables UserName, >Color, Font and Size?

I personally would do the session_register() before the while() loop, and then just one (1) assignment for each setting. Why assign to $name, and then $UserName when you can just use $UserName?

Actually, I'd have the session_register() stuff 'way at the top of the page, so I know what's "global" on this whole page. Feels "cleaner" to me. This is a religious issue. :-)

Also -- Since you are only getting one row, why the while() loop?

Would it not make it more clear that your code expects one, and only one, row if you used no while() loop and did:

list($UserName, $Color, $Font, $Size) = mysql_fetch_row($result, 0);

Or use the mysql_fetch_array() and four assignments if you like that better, but get rid of the loop that will never, ever, really be a loop.

And in the end, there can be only one.

If you are enforcing unique usernames in the SQL and in other parts of your application, shouldn't your PHP code reflect that business logic, and be distinct from a while loop that could potentially spew out 100 records? I think it should. But maybe I'm just being too preachy :-)

>That about does it for this installment of PHP Session Questions. Please >reply directly since I'm on the digest!

Note that some of these comments are strictly on "style" and are arguable. I've tried to note them as such or frame them as possibilities when that was the case.

I suspect other posters will comment on my comments and explain how "wrong" I am on those parts. :-)

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

On Tuesday, July 2, 2002, at 03:04 AM, Richard Lynch wrote:

> And, really, $result is about a generic a variable name as $i > > How about using $user_info or even $user_info_result? > > Yes, I know every example and every PHP book on the planet uses $result. > That doesn't make it right :-)

I hear you -- I used to use longer names for my SQL queries -- like $user_update_sql or $filerequest_result.

But once I had moved most of my code into object methods and functions (and therefore out of the global namespace/scope/whatever), I realized this really didn't matter as much. In fact, for consistency and neatness, it was better that I use only $sql or $result, since there was only ever one query in the method or function definition, and this terseness was less cluttering to my code.

I completely agree if you're putting database calls into the body of a script, but if you can wrap everything into smaller scopes, it's not such a big deal. IMHO. This applies to a lot of variable names, in fact. But I agree, in the main body of the script (global scope) it is best to be descriptive.

Erik

----

Erik Price Web Developer Temp Media Lab, H.H. Brown priceehhbrown.com

attached mail follows:

Dear people:

I have a development that I made a year ago. In the first screen I set a cookie that is used along all the parts of the software. This cookie establish the language of the software. Now some people that are installing the software are reporting me problems using the software like this first cookie doesn´t arrive to the navigators. They are installing newer versions of PHP than I have. Could be a problem of the globals variables? I have used the cookie like a global value along all the php files.

Thanks a lot. Emiliano Marmonti

attached mail follows:

> Dear people: > > I have a development that I made a year ago. In the first screen I set > a cookie that is used along all the parts of the software. This cookie > establish the language of the software. Now some people that are > installing the software are reporting me problems using the software like > this first cookie doesn´t arrive to the navigators. They are installing > newer versions of PHP than I have. Could be a problem of the globals > variables? I have used the cookie like a global value along all the php > files.

Yes, it's more than likely a register_globals problem. You need to update your code or tell them to turn on register_globals in php.ini, since it now defaults to off in new versions of PHP.

---John Holmes...

attached mail follows:

I am trying to make a simple php program to produce text lIkE tHiS. The thing is, it hangs for a while andd then says it's reached the maximum execution time of 30 seconds. The error is on line 18. Any ideas? My code: <?php print "<html><body>"; if(!isset($_POST['text'])){ print <<< END <form action="case.php" method="post"> <b>Text:</b> <input type="text" name="text" /><br /> <input type="submit" value="Do" /></form> END; }else{ $text = $_POST['text']; $last = false; $final = ""; $count = 0; while($count < strlen($text)){ $this = $text{$count}; if(ereg("[a-zA-Z]",$this)){ if($last){ $final = $final.strtolower($this); $last = false; }else{ $final = $final.strtoupper($this); $last = true; } } } print $final; } print "</body></html>"; ?>

attached mail follows:

You're not incrementing $count within your while loop. So it's staying at zero the whole time...

---John Holmes...

> -----Original Message----- > From: Leif K-Brooks [mailto:eurleifbuyer-brokerage.com] > Sent: Tuesday, July 02, 2002 4:31 AM > To: php-generallists.php.net > Subject: [PHP] Why is this code hanging? > > I am trying to make a simple php program to produce text lIkE tHiS. > The thing is, it hangs for a while andd then says it's reached the > maximum execution time of 30 seconds. The error is on line 18. Any > ideas? My code: > <?php > print "<html><body>"; > if(!isset($_POST['text'])){ > print <<< END > <form action="case.php" method="post"> > <b>Text:</b> <input type="text" name="text" /><br /> > <input type="submit" value="Do" /></form> > END; > }else{ > $text = $_POST['text']; > $last = false; > $final = ""; > $count = 0; > while($count < strlen($text)){ > $this = $text{$count}; > if(ereg("[a-zA-Z]",$this)){ > if($last){ > $final = $final.strtolower($this); > $last = false; > }else{ > $final = $final.strtoupper($this); > $last = true; > } > } > } > print $final; > } > print "</body></html>"; > ?> > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

Oops, sorry for the dumb problem...

John Holmes wrote:

>You're not incrementing $count within your while loop. So it's staying >at zero the whole time... > >---John Holmes... > > > >>-----Original Message----- >>From: Leif K-Brooks [mailto:eurleifbuyer-brokerage.com] >>Sent: Tuesday, July 02, 2002 4:31 AM >>To: php-generallists.php.net >>Subject: [PHP] Why is this code hanging? >> >>I am trying to make a simple php program to produce text lIkE tHiS. >> The thing is, it hangs for a while andd then says it's reached the >>maximum execution time of 30 seconds. The error is on line 18. Any >>ideas? My code: >><?php >>print "<html><body>"; >>if(!isset($_POST['text'])){ >>print <<< END >><form action="case.php" method="post"> >><b>Text:</b> <input type="text" name="text" /><br /> >><input type="submit" value="Do" /></form> >>END; >>}else{ >>$text = $_POST['text']; >>$last = false; >>$final = ""; >>$count = 0; >>while($count < strlen($text)){ >>$this = $text{$count}; >>if(ereg("[a-zA-Z]",$this)){ >>if($last){ >>$final = $final.strtolower($this); >>$last = false; >>}else{ >>$final = $final.strtoupper($this); >>$last = true; >>} >>} >>} >>print $final; >>} >>print "</body></html>"; >>?> >> >> >>-- >>PHP General Mailing List (http://www.php.net/) >>To unsubscribe, visit: http://www.php.net/unsub.php >> >> > > > > >

attached mail follows:

Leif,

I think you are missing a $count++ somewhere. Its a mistake I commonly make... HTH Chris

Leif K-Brooks wrote:

> I am trying to make a simple php program to produce text lIkE tHiS. > The thing is, it hangs for a while andd then says it's reached the > maximum execution time of 30 seconds. The error is on line 18. Any > ideas? My code: > <?php > print "<html><body>"; > if(!isset($_POST['text'])){ > print <<< END > <form action="case.php" method="post"> > <b>Text:</b> <input type="text" name="text" /><br /> > <input type="submit" value="Do" /></form> > END; > }else{ > $text = $_POST['text']; > $last = false; > $final = ""; > $count = 0; > while($count < strlen($text)){ > $this = $text{$count}; > if(ereg("[a-zA-Z]",$this)){ > if($last){ > $final = $final.strtolower($this); > $last = false; > }else{ > $final = $final.strtoupper($this); > $last = true; > } > } > } > print $final; > } > print "</body></html>"; > ?> > >

attached mail follows:

On Tuesday 02 July 2002 16:31, Leif K-Brooks wrote: > I am trying to make a simple php program to produce text lIkE tHiS. > The thing is, it hangs for a while andd then says it's reached the > maximum execution time of 30 seconds. The error is on line 18. Any > ideas? My code: > <?php > print "<html><body>"; > if(!isset($_POST['text'])){ > print <<< END

[snip]

I know your question has already been answered, but in future please indicate which is line X. I for one would not count the lines to see which one is line 18. Make it easy for people to help you.

-- Jason Wong -> Gremlins Associates -> www.gremlins.com.hk Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development *

/* Question: Is it better to abide by the rules until they're changed or help speed the change by breaking them? */

attached mail follows:

Hey,

Yeah, I was thinking of writing up a javascript function to do all of this, but considering one of the browsers I use to test is Amaya & Amaya doesn't even recognize javascript as anything other than extra garbage I was looking around for a way to do it on the server.

I installed the newest version of php & noticed the browscap.ini file (yeah, I've played with this file with IIS & the previous version of php, but I didn't think about it). So I looked up browscap.ini on php.net & found this nifty little function - get_browser() - which compares the info in the browscap.ini file to what the browser sends you. Only problem with this is if your browscap.ini file is incomplete or has missing info (konqueror is not listed as having a platform = Linux, even though Linux is part of the listing).

If anyone knows where there might be a full listing of the browscap.ini file somewhere, please let me know! :) My linux box is down for a bit as I'm swapping some hardware around, until it's finished I'm stuck trying to compare files manually on win boxes I think :(

Heh, I only found this out after I spent several hours working on writing several functions using eregi to find stuff... with no success. Then again I am pretty pathetic in using ereg/eregi to find more than a couple characters.

Thanks for your help guys :)

Patrick

----- Original Message ----- From: "Chris Garaffa" <aquaxoptonline.net> To: "Erik Price" <priceehhbrown.com>; "Patrick Teague" <webdudeveslach.com> Cc: <php-generallists.php.net> Sent: Thursday, June 27, 2002 5:20 PM Subject: Re: [PHP] Detecting Browser Type/OS from HTTP_USER_AGENT

> Erik, > > While I agree in principal, you must remember that not all UAs (User > Agents) comply with the Standards, especially newer ones like XHTML, > CSS 2, etc. Even a somewhat mainstream UA, like OmniWeb, for example > (because I've been having problems with it lately) will not render > your page the same as, say, IE or NS4 or the Gecko engine. > -------- > Patrick, > > To answer your question without coding for you, search some > JavaScript sites for UA detection scripts. Then, translate them into > PHP (I'd say just use the JS, but 1: Not all UAs support JS, 2: those > who do support JS may have it turned off by user preference, and 3: > this is, after all, a PHP list ;) > I once saw a beautiful script which detected everything from Netscape > to IE to Sun's UA to Amaya to Opera, iCab, OmniWeb, Mozilla, > Konqueror, WebTV, etc, and versions of each, too, then grouped the > UAs together by capability (which standards they support/do not > support), and redirected appropriately. I, unfortunately, cannot > remember where I saw this script. May have been at www.javascript.com > (there are some good ones there). Or, try builder.com's Web Builder > Library. > -- > Chris Garaffa > > > > > > At 9:58 AM -0400 6/27/02, Erik Price wrote: > >On Thursday, June 27, 2002, at 08:57 AM, Patrick Teague wrote: > > > >>Has anyone else done something similar to this? The main purpose for doing > >>this is to find out what clients are using the most so that we can provide > >>content more specific to the browsers. I've noticed things that work on Win > >>MSIE don't look half the same on Mac MSIE, not to mention the differences > >>between MSIE, Konqueror, & Mozilla. The other reason is I have people > >>developing stuff on Mac, Linux, & Windoze. I'm trying to put together > >>something sane to mesh all of these together. > > > >The best thing you can do is make every attempt to code to the > >standards, and then hope that the browsers do their best to meet > >those standards too. You could argue with my opinion on this, > >saying that "Well that's just not realistic because everyone's using > >IE" or whatever, but then something like AOL's decision to use > >Mozilla as its internal browser engine comes along and changes the > >whole paradigm. Boom, you now have to change your entire site > >because now most people aren't using IE. > > > >Coding to the standards is your best option. In my opinion. Good luck. > > > > > >Erik > > > > > > > > > >---- > > > >Erik Price > >Web Developer Temp > >Media Lab, H.H. Brown > >priceehhbrown.com > > > > > >-- > >PHP General Mailing List (http://www.php.net/) > >To unsubscribe, visit: http://www.php.net/unsub.php > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > >

attached mail follows:

>"Justin French" <justinindent.com.au> wrote in message >news:B9425D5F.9573%justinindent.com.au... >> 1. Name all included files .inc > > If you name them *.php then put anything in them inside a function, then >when the user browses to that file he/she won't see anything at all.

You've already moved them out of the web tree so that they can't browse to them in the first place...

It's better to clearly denote them as *NOT* "entry point" .php (or .htm) files than to possibly upload them into htdocs.

When you see .inc in htdocs, you know you screwed up. Vice versa for .php in your includes directory, which is not in htdocs.

Works for me. :-)

YMMV.

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

on 02/07/02 5:41 PM, Richard Lynch (richphpbootcamp.com) wrote:

>> "Justin French" <justinindent.com.au> wrote in message >> news:B9425D5F.9573%justinindent.com.au... >>> 1. Name all included files .inc >> >> If you name them *.php then put anything in them inside a function, then >> when the user browses to that file he/she won't see anything at all. > > You've already moved them out of the web tree so that they can't browse to > them in the first place...

Actually, the OP was about securing an includes directory which COULD NOT be placed outside the docroot.

Justin French

attached mail follows:

On Tuesday 02 July 2002 18:02, Justin French wrote: > on 02/07/02 5:41 PM, Richard Lynch (richphpbootcamp.com) wrote: > >> "Justin French" <justinindent.com.au> wrote in message > >> news:B9425D5F.9573%justinindent.com.au... > >> > >>> 1. Name all included files .inc > >> > >> If you name them *.php then put anything in them inside a function, then > >> when the user browses to that file he/she won't see anything at all. > > > > You've already moved them out of the web tree so that they can't browse > > to them in the first place... > > Actually, the OP was about securing an includes directory which COULD NOT > be placed outside the docroot.

Can we kill this thread. Please? It's going round and round in circles.

-- Jason Wong -> Gremlins Associates -> www.gremlins.com.hk Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development *

/* Violence is molding. */

attached mail follows:

>>header("Location http://www.domain.net/script.php? >>fsi=dgfs&login=password=refergf4";) >> >Don't forget your colon after "Location" in the function call. Browsers >might be able to interpret it anyway, but it's wrong and might break >somewhere. > >>The problem is this redirection is being done with the GET method, so >>all query string will be shown. How can I make this redirection use the >>POST method? >> >You can't. This "redirection" is just a way of informing the browser >that it needs to to to the location identified in the "Location" header >to receive the content it desires. Even if a POST method was used in the >request, the GET method will be used in all 300 range responses.

I don't even know what you're trying to say here...

But I don't think any of the 3xx responses give a damn whether it's GET or POST data coming in a priori. Not saying you couldn't hack your PHP or your server to do something different and return something other than 3xx based on a GET or POST request, mind you.

>>Anybody know of an easy hack? I know there is a way but that requires me >to re-compile PHP , which I >>cant do. >> >I'm guessing the "way" you speak of is having the server do the POST >itself using a PHP extension. This isn't the same thing. You can't >exactly *force* the browser to submit a POST request. It's a good thing. :)

And this is patently false.

You send the right data to a web-server, and it looks like a POST, and that's what you got.

Spew that out to the browser, and there it is... Oh. Okay, no, the Location bar will still show your URL, not the destination URL. I see what you mean...

I think the guy just wants the POST data and doesn't care what the user sees in the Location box... If I'm wrong on that score, apologies all around :-)

If you just want the damn thing to work, and it requires that you POST to the other page/server/URL, read on.

Dig out Rasmus' old "posttohost" function written in PHP about, oh, 4, 5 years ago, or look in http://upperdesign.com for the solutions involving POST but not SSL (cURL is only *needed* when you need SSL, really).

A Google for "posttohost and 'Rasmus Lerdorf'" ought to turn it up. At least it did the last time I answered this question... :-)

Essentially you fsockopen to port 80 on the other guy's web-server, spew the right HTTP request at it, and you've done a POST. End of story.

POST is no more secure, no more "tricky" and no more magical than GET. It's just that any idiot can see the URL in their browser and figure out GET, and you have to actually read some documentation to figure out POST. But it really ain't any different when you start looking at it from the perspective of making the web-server turn over and do tricks.

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

>I am having a problem with php4 and a get url. For instance the URL: >http://server/page.php?test1.test.com=debug. > >I have a script which does a foreach through all the _GET vars: >foreach ($_GET as $var => $value) >This peice works fine except that when the var (name) has a period in it >that is changed to a _. If the value has a period it is not changed to _. > >I have snooped the packets and it is sent to the server as '.' Is this a >server (apache) issue or a php issue. Is there anything I can do.

It's a PHP thing.

Same thing will trip you up if you use <INPUT TYPE=IMAGE NAME=image> which sends image.x and image.y, but you can't have variable names with '.' in them, so PHP changes them to $image_x and $image_y

(Only now with register_globals off, it doesn't :-^)

If you *really* need the original data, put a phpinfo() in front of your foreach loop and reload the URL (or re-POST the form or whatever).

Do a search (control-F or whatever) for the 'test1.test.com' in that mess. (Search again to see all your choices for extracting your data -- It will be in there a few times, some easier to use than others.)

At least one of those variables is going to have the information you need.

Rule of Thumb: Any time your data ain't what you want it to be, throw in phpinfo() and see what you've got :-)

I can see where you'd expect $_GET to have array keys with '.' in them, since that's kosher, but if/when register_globals is on, it's kinda critical to have the keys match up with the variable names, or folks will get real confused, real fast...

The data you need is just in some other less convenient variable, but it's there.

Might be $REQUEST_URI or something like that. But phpinfo() will tell you for sure.

Hope that all makes sense...

If register_globals were completely abolished forever everywhere no matter what, then I suppose it does get kinda silly that array keys, where '.' is perfectly acceptable, get converted into '_' instead... But, there it is, and it ain't gonna change any time soon. :-)

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

>Does anyone have problem with libmcrypt with PHP? With older version of PHP >and libmcrypt, it work just fine and when I use the newer version, PHP 4.2.1 >and libmcrypt 2.5.2. It does not work. I check with php_info() and it >showed the mcrypt on it and it is supported. Does it require a different >configuration or what? What just happen here?

Is the mcrypt in ../../lib really 2.5.2 ?

Does phpinfo() show version 2.5.2 ?

I'm wondering if you've got multiple mcrypt installs, and, like, somehow the headers of one are getting compiled in, while the other one is the one that gets used...

Just how many unique (not symlinks) libmcrypt.so files turn up when you do:

locate libmcrypt

>I use the ./configure option > >--snip-- > >./configure >--with-apache=../apache_1.3.26 >--with-ibm-db2=/usr/lpp/db2_06_01 >--with-openssl=../openssl-0.9.6d >--with-mcrypt=../../lib >--without-mysql >--with-config-file-path=/etc >--enable-track-vars >--with-curl=../../lib >--with-xml > >--snip-- > >2nd thing, what would happen when I leave out the "--with-config-file-path" >option? Not sure what this is use for.

Then php.ini would go in /usr/local/lib where it belongs instead of in /etc where you think it belongs, but doesn't :-) :-) :-)

At least, I'm pretty sure that's what --config-file-path does -- Tells PHP where php.ini is living this week. :-)

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

>Never mind! It took me all day to find out what the problem is. It turned >out that PHP use $SSL_PROTOCOL, $SSL_CIPHER_USEKEYSIZE, etc. It is >displayed automatically when the register_global is turned on. With some >research, found out that it is part of Mod_SSL where PHP use it from. Yet, >I still struggle and I tried specifying the environment variables like file >put_env(), etc. So, far they never work. Until I got to the documentation >at http://www.php.net/release_4_1_0.php and I got the clue from it saying >that "REMOTE_ADDR" is part of "$_SERVER". I never knew that. So, I began >to understand that any environment variables like "REMOTE_ADDR" or >"SSL_PROTOCOL", etc is part of "$_SERVER". I'm going to need better >documentation on what variables are include in things like "$_GET", >"$_COOKIE", "$_ENV", "$_SERVER", etc. So, I can use whatever the variables >I never heard of and put it to good use on the website. Anyone know?

<?php phpinfo();?>

This will tell you everything, no matter what your server and/or environment do that's screwy...

Nobody can tell you in advance, since PHP simply sucks in what's there.

If your Server don't set 'FOO', then $_SERVER['FOO'] ain't set. If your server does, it is.

If you are writing code to be distributed to the public for a zillion different servers, don't assume that $_SERVER['SSL_PROTOCOL'] or whatever is going to be there, and not somewhere else, or, err, whatever... Assume nothing. Always safer. :-)

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

>I think there is also a directive in php.ini to ALWAYS include a certain >file at the top of each script, transparently.

Search for "append" or "prepend" in php.ini and you'll find it.

>> Depending on what data you need to have in these variables, you might be >> able to set them as environment variables through apache (that is, _if_ >> you're running apache, _if_ you have access to the configuration file, >> _if_ mod_env is installed, etc). I'm guessing that wouldn't be a >> flexible enough alternative for you, but it might be worth considering.

There actually *ARE* alternatives to the database...

LDAP -- okay, just a weird kind of database

Shared Memory -- not for the faint of heart, but possibly the "right" solution for some kinds of things that one might use application variables in ASP for.

But, really, a simple include file to define a bunch of constants or do something on every page is no big deal.

Sure beats all the headaches and *OVERHEAD* of ASP's application variables. (Huge overhead on the web server, IIRC)

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

>My company is going to be >1. Hosting our code on other people servers >2. selling our programs. > >We are going to be needing to encrypt the code....what would you all >suggest? >How about Zend Encoder...is it any good? (even though its so much $$)

Disclosure: I'm a former employee and come with some bias...

I think it works pretty nifty myself.

Not cheap, no, but it's a very niche market.

Note, however, that you *STILL* want a clear license and make sure people know it.

There's probably still a free trial download, right? Try it.

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

> >I'm surprized I can't find a description of how to do what seems >like an obvious thing to me: I want to have my script send output >to the user, then drop the connection, and then continue doing >stuff that the user shouldn't have to wait for. There's lots of >documentation about what to do when the user drops, but no mention >of how to make the server drop it but keep running the script.

http://php.net/exec and put an & at the end...

However, *IF* your script messes with stdin and/or stdout, that may not be enough, and you have to muck with making a stub script that has the & in it, and then PHP calls the script that forks the script that does the work.

I never did quite track down when you could or couldn't just throw & into an exec() call, but it's somehow tied to the binding of stdin and stdout by Apache, PHP, the shell, the PHP user and their environment (or lack thereof) and... Well, I was getting a headache, and a one-line shell script to do the & for me was better than taking more aspirin.

Hope I'm making sense. It's getting late and I should sleep now.

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

>I'm trying to seach for a string that would occur about 10 lines into a text >file. I don't want to search the entire file, and I just want to know if the >string exsists or not, but I don't really know what I'm doing. This is what >I was trying, it occurs inside a loop that is listing the files in a >directory. > > $fp = fopen("$target_filename", "r"); > $contents = fgets("$fp","4096");

fgets will quite after 4096 characters *OR* a SINGLE line of text.

You can either do "about 10" fgets() in a row, and check each one -- each one will be a single line, unless a line is over 4096 characters...

*OR* you could just use fread() and assume the first line is only 4096 (or whatever number you feel is safe) characters total:

$contents = fread($fp, 4096);

> if(strstr("$contents", "$search_str")) > { > echo "<pre>"; > readfile("$target_filename"); > echo "</pre>"; > }

Meta-comment -- If all you have is "$foo" then the quote marks are silly, and you can just use $foo.

It will make your code a lot less "cluttered" looking.

Works the same, for all practical purposes, but looks nicer.

Technically, the "$foo" *might* cause the parser to waste a micro-second longer to figure out that "$foo" is "4" which is 4, instead of just going $foo is 4, but we're not talking measurable performance here, unless it's inside a loop with a zillion iterations...

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

>OK, i made this image.php file: >------------start--------------- ><?php > $theFile = ""; > > $fcontents = file ('Logo.gif'); > while (list ($line_num, $line) = each ($fcontents)) { > $theFile .= $line."\n"; > } > > echo $theFile; >?> >-------------end----------------- > >and I have an html file that does <img src="image.php"> but it just prints >out a red box with an X, as if image is broken. I know the image is getting >read in because I can echo it and its a bunch of garble, just like the jpg >is if I open it up in notepad. > >Any idead?

You are *ADDING* an extra "\n" for every "\n" in the GIF.

The file() command does not strip off the "\n" characters.

You then loop through each "line" and tack on an extra "\n"

Don't.

If you take off the extra "\n", I think this script will actually work.

But, while we are at it, why in the world are you treating the GIF as if it were lines and lines of text, and reading one line at a time?... :-)

And then, to compound your folly, you are taking each "line" as tacking it onto a HUMONGOUS string variable, which, in the end, you just spew out to the browser.

Just use http://php.net/readfile or http://php.net/passthrough or whatever is easiest.

You still just store 'Logo.gif' in your database, though. :-)

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

Maybe something like this...

<?php $filename = "Logo.gif"; $fd = fopen ($filename, "r"); $contents = fread ($fd, filesize ($filename)); fclose ($fd);

$str_sql = "INSERT INTO mytable (myblob) VALUES ('$contents')";

$link = mysql_connect("localhost", "mysql_user", "mysql_password"); $dbselect = mysql_select_db("mydb", $link); $result = mysql_query($str_sql, $link); ?>

If you are going to use this with different types of images you should probably store the content-type along with the image in the dB.

/Joakim

> -----Original Message----- > From: Brandon [mailto:brandoaugmented-chaos.com] > Sent: Saturday, June 29, 2002 3:52 AM > To: php-generallists.php.net > Subject: Re: [PHP] Writing a GIF/JPG Image > > > Well, hehe I'm kinda just learning it all, here is what I > really wanna do: > I have a table in a MySQL database that will contain the gif data in a > column. I want to be able to read that in with a SELECT > statement (which I > can do), problem is I need to actually put hte images in the > database, so I > need to somehow read in the Logo.gif file, and store it in SQL with an > INSERT statement... thats what Im trying to do, can't figure > it out 8(.

attached mail follows:

>I changed the reporting level. I found it myself later on. Just was a bit to >quick when posting this question.

Change it back.

You'll find a lot more bugs a lot quicker that way.

:-)

Use E_ALL

Might need to transition one page at a time with error_reporting() at the top or something, but migrate to E_ALL.

You *will* benefit in the long run. Promise.

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

On Tuesday, July 2, 2002, at 04:48 AM, Richard Lynch wrote:

> Change it back. > > You'll find a lot more bugs a lot quicker that way. > > :-) > > Use E_ALL > > Might need to transition one page at a time with error_reporting() at > the > top or something, but migrate to E_ALL. > > You *will* benefit in the long run. Promise.

Except in a production environment, where you really never want your users to see PHP error messages that you haven't coded yourself for the user's benefit. It could reveal just a bit too much about your setup... even filenames are valuable to maleficants.

I recommend setting your php.ini to E_NONE and then putting error_reporting(E_ALL) at the top of each of your scripts, and then when the file is migrated to production, comment or remove the line.

Erik

----

Erik Price Web Developer Temp Media Lab, H.H. Brown priceehhbrown.com

attached mail follows:

On Tue, Jul 02, 2002 at 10:17:10AM -0400, Erik Price wrote: > > Except in a production environment, where you really never want your > users to see PHP error messages that you haven't coded yourself for the > user's benefit. It could reveal just a bit too much about your setup... > even filenames are valuable to maleficants.

Very true.

> I recommend setting your php.ini to E_NONE and then putting > error_reporting(E_ALL) at the top of each of your scripts, and then when > the file is migrated to production, comment or remove the line.

Dude, that's nuts. It creates way more work. Having to put it on each page in the first place, then having to change it before you put it up. Then, there's the possibility that you forget to change it before uploading. OUCH!

Set error_reporting to E_ALL in php.ini on the development machine and to 0 in php.ini or .htaccess on the live server. Set it once on each machine and you're good.

--Dan

attached mail follows:

On Tuesday, July 2, 2002, at 10:58 AM, Analysis & Solutions wrote:

> Dude, that's nuts. It creates way more work. Having to put it on each > page in the first place, then having to change it before you put it up. > Then, there's the possibility that you forget to change it before > uploading. OUCH!

<sheepish> In my case that could never happen. First, all the scripts for this site are based on a template, so I stamp out a new template which already has this line on it when I need a new script. But I also never use FTP/scp directly, I invoke scp from some shell/perl scripts I've written which "clean up" my files for me -- do things like rename the "dev" version to the "prod" version, move it to the appropriate directory of the appropriate machine, adjust the permissions appropriately, and do things like strip away certain lines (such as the aforementioned error_reporting() line). So in my case, I *never* forget, since nothing gets moved to production without going through the shell script... </sheepish>

> Set error_reporting to E_ALL in php.ini on the development machine and > to > 0 in php.ini or .htaccess on the live server. Set it once on each > machine > and you're good.

You're right -- that's a far better way to do it. I do my dev work in a separate virtual host on the prod machine though, so that's why I do it the way I described. (This prod server is a firewalled "intranet", as they call it, so is not really public, so I feel okay about doing dev work on it. I'm also kind of an amateur.)

Erik

----

Erik Price Web Developer Temp Media Lab, H.H. Brown priceehhbrown.com

attached mail follows:

>Is there a way to programatically (inside a session) change session duration >for the current session only? (using cookie-based sessions) ?

Wild Guess:

What if you use the PHP functions to alter the php.ini value for session time out in that script before you call session_start()?...

Totally Stupid, Ugly, Ikcy, Hack Answer:

PHP is just sending Cookies with the session ID and a time-frame for their duration... So you send the same Cookie with a different time duration... It's a bit tricky cuz different browsers will response differently to getting the same cookie twice, and they are order-dependent, so you might need to send your cookie, call session_start() and send your cookie *again*...

Still not gonna work on every browser, but may be within acceptable market-penetration levels...

This is just *SOOO* wrong to do, but it may let you limp by until you come up with a better answer...

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

"Richard Lynch" <richphpbootcamp.com> wrote in message news:20020702092207.GERZ903.sccrmhc03.attbi.com[192.168.1.103]... > >Is there a way to programatically (inside a session) change session duration > >for the current session only? (using cookie-based sessions) ? > > Wild Guess: > > What if you use the PHP functions to alter the php.ini value for session > time out in that script before you call session_start()?...

maybe, but that would change the duration for ALL follwing sessions...?

> PHP is just sending Cookies with the session ID and a time-frame for their

not just. There is the matter of session variables that are serialized into files on the filesystem, and garbage collected when sessions expire...

> This is just *SOOO* wrong to do, but it may let you limp by until you come > up with a better answer...

probably not :)

I am very surprised that such capability is missing from php!

-- -- Ashes to ashes, DOS to DOS ivoras

fer.hr

attached mail follows:

>'lo, > >anybody ever experience this: > >1. i start a session w/ session_start() >2. register some vars w/ session_register() >3. click to next page, everything cool. all vars are there, and session id >is same >4. any other page, all session vars gone, but sessid is still the same. > >so session is persisting, but data is being emptied from it.

You're doing session_start() on the third page?...

You need to.

Maybe even on the second, but I think not...

So long as the ID makes it through, once you do session_start() all the vars spring back into life.

Is that making sense?

Warning: Haven't used PHP sessions enough to be 100% sure I'm telling the truth...

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

Richard Lynch schrieb in Nachricht <20020701232114.VOAI6023.sccrmhc02.attbi.com[192.168.1.103]>... > >Try this: >$my_string = "This is {MY_CONSTANT} and I love it!"; > >Can't promise it will work, mind you... > >It's not all that common to bury constants in strings... And is the extra " >. " K ". " that big a deal? Seems a small price for cleaner code.

Thank's Richard, you are right: it's not such a big deal - I was just surprised that I can't integrate constants as variables.

A question - since english is not my first language - what do you mean with >It's not all that common to bury constants in strings

Is something bad about it? I would e. g. define our name with the formatting tags as a constant or parts of query clauses which will never change but are often used.

Greetings, Uwe

attached mail follows:

Ack!

Ok, Ereg/Eregi returns the first matching string. How do I find any other matching strings? Or is there a better way of doing this?

$eregi_str = "(\; |$)Win[ \.a-z0-9]*($|\;)"; if( eregi( $eregi_str, $browser_string, $arrstring ) ) { $browser_os = $arrstring[0]; }

This works fine except on some browsers which like to return Windows multiple times such as this -

"Mozilla/5.0 (Windows; U; Win98; en-US;........"

Knowing that it's Windows doesn't help, I need to know it's Win98, etc.

Thanks for any help :)

Patrick

attached mail follows:

On Tue, Jul 02, 2002 at 05:26:45AM -0500, Patrick Teague wrote: > > $eregi_str = "(\; |$)Win[ \.a-z0-9]*($|\;)";

$eregi_str = "(Windows|Win[^d])[^;]+";

> if( eregi( $eregi_str, $browser_string, $arrstring ) ) > { > $browser_os = $arrstring[0]; > } > > This works fine except on some browsers which like to return Windows > multiple times such as this - > > "Mozilla/5.0 (Windows; U; Win98; en-US;........" > > Knowing that it's Windows doesn't help, I need to know it's Win98, etc.

--Dan

attached mail follows:

Thanks for that info.

I am still a bit new to programming/PHP to fully grasp that but I am sure I will in time.

*anyway*

when I echo menu($id) I get the current page's title.

How do I print it's peers and it's single parent?

--
JJ Harrison
webmastertececo.com
www.tececo.com
P.S. I originally wanted to build a hierachy based menu like this but failed
Page 3
Page 4
 P4 C1
 P4 C2(I am here)
 etc...
I went fine until I have to print the parent and it's peers like shown in
the example
P.P.S if you had a couple of functions which would help me do this I would
be grateful, but don't write anything.
P.P.P.S. All pages have information provided by this script:
$fn = explode("/", $_SERVER['PHP_SELF']);
  $num_of_s = count($fn) - 1;
  $fn = "$fn[$num_of_s]";
  $query = "SELECT * FROM meta_data WHERE page_name = '$fn'";
  $result = mysql_query($query);
  $num_results = mysql_num_rows($result);
  $row = mysql_fetch_array($result);
  $id = $row['id'];
  $pid = $row['pid'];
  $title = $row['title'];
  $description = $row['description'];
  $keywords = $row['keywords'];
It is my metadata page and is used all over the place. so why re-query the
db for it's parent?
"Richard Lynch" <richphpbootcamp.com> wrote in message
news:20020701232031.VNMV6023.sccrmhc02.attbi.com[192.168.1.103]...
> >I have a table with id, pid(parent), title and page_name(url) fields.
> >
> >The vars provided to the script are the current page's title, id and
> >pid(parent)
>
> You can look up the parent and in the database, so it's not horribly
> important that those be provided.
>
> *UNLESS* you have a heterarchy, and not a hierarchy -- In other words,
> *UNLESS* there are two different "paths" to get to 'id' through different
> parents.  In other other words, *UNLESS* you have duplicate id's in the
> database...  If you *DO* have a heterarchy, you'd need to track the user's
> path as they traveled to know which route to display.
>
> I'll assume you don't have a heterarchy, for now.
>
> >When I am on the parent page I get this(Which is what I want):
> >[ Chronological History ][ Website Chronological History ]
> >
> >When I am in the Child I get this:
> >
> >[ Website Chronological History ][ Website Chronological History ]
> >
> >What am I doing wrong???
>
> You really can't get all the parents in one SQL statement.
>
> You'll need to look up the parent.  Then the grand-parent.  Then the
> great-grand-parent.  And so on.
>
> Each with a different SQL query.
>
> Now, this is not ideal for performance.
>
> In fact, it's *HORRIBLE* if (A) your tree is really "deep" -- If you have
10
> generations of "depth" to the ggggg'great-grand-parents, then it's gonna
> take 9 queries to look it up.
>
> If you're only looking at three or four levels, it's really no big deal...
> Unless your site is, like, getting a zillion hits.
>
> Let's assume it's not getting a zillion hits for now, okay?
>
> >I have stared at this two many times now and am probably missing the
obvious
> >
> >function menu($id, $pid, $title) {
> >    $query = "select * from meta_data WHERE pid = '$id' OR pid = '$pid'
&&
> >pid != 0";
>
> This will give both the current record and the parent record, but never,
> ever, ever, the grand-parent record...
>
> >    $result = mysql_query($query);
> >    $num_results = mysql_num_rows($result);
> >  if($num_results != 0){
> >  ?>
> ><table width="100%">
> ><tr><td align="center">
> >  <?
> >    echo '[ '.$title.' ]';
> >    for ($i=0; $i < $num_results; $i++)
> >      {
> >        $row = mysql_fetch_array($result);
> >        if($id == $row['id']){
> >            echo '[ '.$row['title'].' ]';
> >        } elseif($row['pid'] == $id || $row['id'] == $pid && $pid != 0) {
> >            echo '[ <a
> >href="'.$row['page_name'].'">'.$row['title'].'</a> ]';
> >        }
> >      }
> >    ?>
> ></td></tr>
> ></table>
> >  <?
> >  }
>
> Try something more like this:
>
> function menu($id){
>   $query = "select pid, title from meta_data where id = $id";
>   $meta = mysql_query($query) or error_log(mysql_error()); # Check HTTP
> error_log for SQL errors!
>   list($pid, $title) = mysql_fetch_row($meta, 0);
>   if (isset($pid) && $pid)){
>     # Switch the menu() and $title parts around if you want bread-crumbs
in
> the other direction
>     $result = menu($pid) . $title;
>   }
>   else{
>     $result = '';
>   }
>   return $result;
> }
>
> NOTE:
>
> There *ARE* techniques for encoding the SQL in such a way that a single
SQL
> statement can get the entire "path" at once, but they get kinda
complicated
> and gnarly, and, really, as I said, if you have a shallow tree, it's just
> not worth the hassle...  If you have a really *DEEP* tree, you'll need to
do
> some more research.
>
> --
> Like Music?  http://l-i-e.com/artists.htm

attached mail follows:

hi,

the above question has been puzzling me for a while. the situation is this.

http://domainname.com/register.php display a user registration form having [form action="https://domainname.com/register.php" method="post"]

will the data from that page be encrypted when it is sent via https specified in the [form] action?

note: the registration form is served from http.

could someone enlighten me on this?

regards, b.c. lance

attached mail follows:

Does anyone know what encryption is used on passwords in a .htpasswd file?

Zim

attached mail follows:

%htpasswd --help Usage: htpasswd [-cmdps] passwordfile username htpasswd -b[cmdps] passwordfile username password

htpasswd -n[mdps] username htpasswd -nb[mdps] username password -c Create a new file. -n Don't update file; display results on stdout. -m Force MD5 encryption of the password. -d Force CRYPT encryption of the password (default). -p Do not encrypt the password (plaintext). -s Force SHA encryption of the password. -b Use the password from the command line rather than promp On Windows, TPF and NetWare systems the '-m' flag is used by default. On all other systems, the '-p' flag will probably not work.

attached mail follows:

I have a problem with pdf_show_boxed(), it doesn't output anything. Everything else shows up just fine. Is there something that I have overlooked in this code?

Hugo <?php $theme='Kaos i mellanöstern'; $title='Någon tidning' . rand(0,1000); $issuedesc='Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat.'; $pdf = pdf_new(); pdf_open_file($pdf, "pdf/test.pdf"); pdf_set_info($pdf, "Author", "Hugo Wetterberg"); pdf_set_info($pdf, "Title", "Informationsblad för $title"); pdf_set_info($pdf, "Creator", "Hugo Wetterberg"); pdf_set_info($pdf, "Subject", $theme);

pdf_begin_page($pdf, 595, 842); pdf_add_outline($pdf, $theme);

pdf_set_font($pdf, "Times-Roman", 30, "host"); pdf_set_value($pdf, "textrendering", 0);

//Output text pdf_show_xy($pdf, $title, 50, 750);

//Origin of path pdf_moveto($pdf, 50, 740); //End of path pdf_lineto($pdf, 50, 100); //Make stroke at path pdf_stroke($pdf);

pdf_set_font($pdf, "Times-Roman", 10, "host"); pdf_show_boxed ( $pdf, //Object $issuedesc, //text 70, //left 700, //top 350, //width 400, //height left); //justify

//End the page pdf_end_page($pdf);

//Close the document pdf_close($pdf);

//Delete the object in memory pdf_delete($pdf);

//Gimme the link echo "<A HREF=pdf/test.pdf>finished</A>"; ?>

attached mail follows:

Hi there,

I have a problem with content data. Currently I do store images inside a data folder. /data

This is causing a problem, because everytime I installan update of the application on the server I have to move this folder around to the new version of my application. I am worried that during this coppy an error will apear, due to my fault, or whatever might happen. The immages are part of a dataset stored in a mysqldb. So I tryed to store them to blobs, but this is causing performance problems. Images apear much quicker while comming from the filesystem. They also seem not to be cached by the client anymore.

Does anybody know a good method to store the images outside the rootfolder and still access them the old fashion way?

Any suggestions are appreciated.

Thanx, Andy

attached mail follows:

On Tue, Jul 02, 2002 at 01:42:25PM +0200, Andy wrote: > > I have a problem with content data. Currently I do store images inside a > data folder. > /data > > This is causing a problem, because everytime I installan update of the > application on the server I have to move this folder around to the new > version of my application.

Why not store it in one place but use symbolic links in your application to point to that place?

--Dan

attached mail follows:

Has anyone her got any idea how I could access the User Env Vars so I can get processor type, speed, ram etc. Is there any way to do this? Or would be be something other than PHP. Also I need to do this over the web and not on their machine.

Any ideas?

James.

attached mail follows:

Hello php-general,

Dear PHP programmers, anyone can point me to a nice tutorial working with NNTP (Usenet) servers?

-- Best regards, Latex mailto:freeman

submission.org.ru

attached mail follows:

a few weeks ago there was discussion on how to force open the dialogue save on mac ie using header()

was that issue resolved? is there a solution?

comments at http://www.php.net/manual/en/function.header.php discuss only win platforms

cheers Henry

attached mail follows:

I haven't been able to figure it out as yet.... got every other browser I can get my hands on to do it, except IE mac.

I'm thinking I'll just .zip everything :)

Let me know what you find out, please.

Justin French

on 02/07/02 10:36 PM, Henry (henrythejoinery.com.au) wrote:

> a few weeks ago there was discussion on how to force open the dialogue save on > mac ie using header() > > was that issue resolved? is there a solution? > > comments at http://www.php.net/manual/en/function.header.php discuss only win > platforms > > cheers > Henry >

attached mail follows:

Here is a piece of my code... Could someone tell me what I did wrong? I get the following errors;

Warning: Undefined offset: 1 in c:/www/htdocs/demos/download/inx_news.php on line 33 Warning: Undefined offset: 1 in c:/www/htdocs/demos/download/inx_news.php on line 34

(obviously, the line numers will not be the same here)

define('SCRIPT_NAME', 'InXNews'); define('SCRIPT_VERSION', 'v1.1'); define('SCRIPT_CREATOR', '<a href="mailto:ccraneinxdesign.com">Chris Crane</a>'); define('CREATE_DATE', '05/29/02'); define('REVISED_DATE', '06/04/02');

$open = fopen("http://www.yahoo.com/index.html", "r"); $read = fread($open, 25000); fclose($open);

list($StringA, $StringB)= split ("In The News", $read); list($StringC, $StringD)= split ("</td></tr></table></td></tr></table>", $StringB); list($StringE, $StringF)= split ("</td></tr></table>", $StringD); $StringE = str_replace("s/", "http://yahoo.com/s/", $StringE); $StringE = str_replace("<a ", "<a target=\"_new\" ", $StringE);

// Can be changed to whatever you like or remove all together. print "<small><b>In the News</b></small>";

// Keep this line, everything else can change for the output. print "$StringE</table>";

// Ok to be suppressed. print "<small><b>Script Name:</b> " . SCRIPT_NAME . "<br><b>Version:</b> " . SCRIPT_VERSION; print "<br><b>Creator:</b> " . SCRIPT_CREATOR . "</small>";

Christopher J. Crane Network Operations Manager IKON Office Solutions 860.659.6464

attached mail follows:

On Tuesday 02 July 2002 20:35, Crane, Christopher wrote: > Here is a piece of my code... > Could someone tell me what I did wrong? I get the following errors; > > Warning: Undefined offset: 1 in c:/www/htdocs/demos/download/inx_news.php > on line 33 > Warning: Undefined offset: 1 in c:/www/htdocs/demos/download/inx_news.php > on line 34 > > (obviously, the line numers will not be the same here)

Please indicate which is line 33.

-- Jason Wong -> Gremlins Associates -> www.gremlins.com.hk Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development *

/* There's nothing wrong with teenagers that reasoning with them won't aggravate. */

attached mail follows:

Hi, I upgraded to 4.2 and now I get those errormessages "Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in ..."

when doing sth like: $name = "My $row['name']";

Why?

greetings, Uwe

attached mail follows:

> "Parse error: parse error, unexpected > T_ENCAPSED_AND_WHITESPACE, expecting > T_STRING or T_VARIABLE or T_NUM_STRING in ..." > > when doing sth like: > $name = "My $row['name']";

You have to wrap array references in curly braces within double quoted strings. Proper form is: $name = "My {$row['name']}";

See: http://www.php.net/manual/en/language.types.string.php#language.types.string.parsing.complex

attached mail follows:

On Tuesday 02 July 2002 13:49, Uwe Birkenhain wrote:

> Hi, > I upgraded to 4.2 and now I get those errormessages > "Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting > T_STRING or T_VARIABLE or T_NUM_STRING in ..." > > when doing sth like: > $name = "My $row['name']"; >

Try

$name = "My {$row['name']}";

$name = "My ".$row['name'];

AFAIR you can't use array variables straight within strings.

Maybe I'm just about to be proved wrong :)

matt

attached mail follows:

I'm putting together a PHP/MySQL search and have run into a minor problem. I have a text field to fill in a keyword on one page and that brings up another PHP page "xxxx.com/showkey.php?id=division&search=Bob%20Cobb". Within that new page, you can sort the results by ID, and to do this I made the hyperlink go to, for example, "showkey.php3?id=project&search=$search". When I do this, however, it shortens the $search variable from "Bob Cobb" or "Bob%20Cobb" to just "Bob". Can anyone help? Thanks.... Dave

<?php $db = mysql_connect("localhost", "webmstr"); mysql_select_db("contracts",$db); $result = mysql_query("SELECT * FROM contracts WHERE project = '$search' OR agency = '$search' OR location = '$search' OR description = '$search' OR account = '$search' OR contact = '$search' OR division = '$search' ORDER BY $id",$db); echo "<table width=750 border=1 cellspacing=0 cellpadding=1>\n"; echo "<tr><td width=255><b><font face=arial size=2> <a href=showkey.php3?id=project&search=$search>Project Title</a></td> <td width=50><b><font face=arial size=2><a href=showkey.php3?id=status&search=$search>......

attached mail follows:

Dave:

On Tue, Jul 02, 2002 at 09:13:00AM -0400, Dave Rosenberg wrote: > > "xxxx.com/showkey.php?id=division&search=Bob%20Cobb". Within that new > page, you can sort the results by ID, and to do this I made the > hyperlink go to, for example, "showkey.php3?id=project&search=$search". > When I do this, however, it shortens the $search variable from "Bob > ... snip ... > echo "<tr><td width=255><b><font face=arial size=2> > <a href=showkey.php3?id=project&search=$search>

Before echoing out the search string into the new uri, do this: $search = urlencode($search);

Please read http://www.php.net/manual/en/function.urlencode.php to make sure you understand the nuances with this.

Enjoy,

--Dan

attached mail follows:

odbc_fetch_into didn't give me the result I expect it to. When returning the data, It skipped some columns. With the register_global turned off. How do I transform the defined data into an array to be use for odbc_fetch_into? I never got it to work right. I will appreciate any of the help here. Never had that problem with global_register turned on.

--clip-- define(CUSTOMER_ID,0); define(CUSTOMER_NAME,1); define(STATE,6);

// blah blah blah

if (odbc_fetch_row($result)) { odbc_fetch_into($result,$user_detail,1); { echo $user_detail[STATE]; } } --clip--

I expect the result to give me the state name, not zip code or address number, etc.

Thanks, Scott

attached mail follows:

I tried this script and it showed all of the data correctly, so how do I make the define variable to work correctly?

--clip-- // 97 columns are used, so I used 98 to stop the loop (this loop is for testing only) for($x=0;$x<98;$x++) { echo $user_detail[$x]."<br>"; } --clip-- "Scott Fletcher" <scottabcoa.com> wrote in message news:20020702132549.51335.qmailpb1.pair.com... > odbc_fetch_into didn't give me the result I expect it to. When returning > the data, It skipped some columns. With the register_global turned off. > How do I transform the defined data into an array to be use for > odbc_fetch_into? I never got it to work right. I will appreciate any of > the help here. Never had that problem with global_register turned on. > > --clip-- > define(CUSTOMER_ID,0); > define(CUSTOMER_NAME,1); > define(STATE,6); > > // blah blah blah > > if (odbc_fetch_row($result)) > { > odbc_fetch_into($result,$user_detail,1); > { > echo $user_detail[STATE]; > } > } > --clip-- > > I expect the result to give me the state name, not zip code or address > number, etc. > > Thanks, > Scott > >

attached mail follows:

Scott:

On Tue, Jul 02, 2002 at 10:05:31AM -0400, Scott Fletcher wrote: > I tried this script and it showed all of the data correctly, so how do I > make the define variable to work correctly? > > > define(CUSTOMER_ID,0); > > define(CUSTOMER_NAME,1); > > define(STATE,6); > > > > // blah blah blah > > > > if (odbc_fetch_row($result)) > > { > > odbc_fetch_into($result,$user_detail,1); > > { > > echo $user_detail[STATE]; > > } > > }

Why not make life simpler via odbc_fetch_array()? The names of the fields become the names of the array's keys. Drop the defines() and odbc_fetch_row() and just do this:

while ( $user_detail = odbc_fetch_array($result) ) { echo $user_detail['State']; }

--Dan

attached mail follows:

That's a great idea! Less hassle to deal with updating the defines() over the time. I have one little problem. If I do the odbc_fetch_array then I can't include two tables because of the two of the same column name. Look like I'll have to use one array for one table and one other array for one other table. Sigh! I'm not looking forward to it because I had to update the website to deal without the register_global and now this. In the long run, it will be worth it. My boss is going to be after my hide for the time it take to upgrade the website to work with the newer version of PHP. Heh, heh. I'm going to have to change the job soon because of the poor work policy and lousy salary. Well, wish I can leave now but I'm not ready for that yet.

Thanks! Scott F.

"Analysis & Solutions" <danielcanalysisandsolutions.com> wrote in message news:20020702144849.GB12581panix.com... > Scott: > > On Tue, Jul 02, 2002 at 10:05:31AM -0400, Scott Fletcher wrote: > > I tried this script and it showed all of the data correctly, so how do I > > make the define variable to work correctly? > > > > > define(CUSTOMER_ID,0); > > > define(CUSTOMER_NAME,1); > > > define(STATE,6); > > > > > > // blah blah blah > > > > > > if (odbc_fetch_row($result)) > > > { > > > odbc_fetch_into($result,$user_detail,1); > > > { > > > echo $user_detail[STATE]; > > > } > > > } > > Why not make life simpler via odbc_fetch_array()? The names of the fields > become the names of the array's keys. Drop the defines() and > odbc_fetch_row() and just do this: > > while ( $user_detail = odbc_fetch_array($result) ) { > echo $user_detail['State']; > } > > --Dan > > -- > PHP classes that make web design easier > SQL Solution | Layout Solution | Form Solution > sqlsolution.info | layoutsolution.info | formsolution.info > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > 4015 7 Av #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409

attached mail follows:

Hi Scott:

On Tue, Jul 02, 2002 at 11:08:30AM -0400, Scott Fletcher wrote: > That's a great idea!

Good.

> I have one little problem. If I do the odbc_fetch_array then I > can't include two tables because of the two of the same column name.

In your query, rename the fields using an AS statement.

SELECT Tbl1.ID AS ID1, Tbl2.ID AS ID2 FROM...

Then, in your data array, refer to them as 'ID1' and 'ID2.' You can name the fields nearly anything you want (as long as you're not using a reserved word the database needs for internal use).

--Dan

attached mail follows:

Hi there.That's my question...A file that is in the 4th level's subdir must read a file that's in the 1st level. but I wish avoid to use millions of ../../../thefile.php I hope have been clear... is there a unix like ~/ , to access to root directory of my site, so open the file? tnx in advance, jonny

attached mail follows:

On Tue, Jul 02, 2002 at 03:47:20PM +0200, Nightshade wrote: > is there a unix like ~/ , to access to root directory of my site

Does $_SERVER['DOCUMENT_ROOT'] help?

Whenever you have a question like this, run phpinfo() and see what's there which produces the variable you're looking for.

--Dan

attached mail follows:

All,

I upgraded from PHP 4.1.2 to 4.2.1 today along with revving Apache to 1.3.26 from 1.3.22, and, woe is me, my $DOCUMENT_ROOT now evaluates to "" on all of my PHP pages!

phpinfo() shows "DOCUMENT_ROOT" being set correctly under the Apache variables category. I tried several variations, including setting "global $DOCUMENT_ROOT:" and "$ENV{DOCUMENT_ROOT}" and "$GLOBALS["DOCUMENT_ROOT"]" and so forth, but all to no avail. Good 'ol $DOCUMENT_ROOT seems quite gone, and I wasn't able to find mentions of this happening to others on the 'Net. Any pointers?

-david

attached mail follows:

On Mon, 1 Jul 2002 22:01:27 -0700 "David E. Weekly" <dweeklyCommunityColo.net> wrote:

> All, > > I upgraded from PHP 4.1.2 to 4.2.1 today along with revving Apache to 1.3.26 > from 1.3.22, and, woe is me, my $DOCUMENT_ROOT now evaluates to "" on all of > my PHP pages!

$_SERVER['DOCUMENT_ROOT']

Kevin

-- Kevin Waterson Byron Bay, Australia

attached mail follows:

Try $_SERVER['DOCUMENT_ROOT']. Global register is turned off by default in PHP version 4.2.x. See http://www.php.net/release_4_1_0.php for more detail. Global register had been turned off as part of more security since many people use the global register. So, $_SERVER, $_ENV, $_SESSION, etc. is use for this purpose.

FletchSOD

"David E. Weekly" <dweeklyCommunityColo.net> wrote in message news:20020702050128.98129.qmailpb1.pair.com... > All, > > I upgraded from PHP 4.1.2 to 4.2.1 today along with revving Apache to 1.3.26 > from 1.3.22, and, woe is me, my $DOCUMENT_ROOT now evaluates to "" on all of > my PHP pages! > > phpinfo() shows "DOCUMENT_ROOT" being set correctly under the Apache > variables category. I tried several variations, including setting "global > $DOCUMENT_ROOT:" and "$ENV{DOCUMENT_ROOT}" and "$GLOBALS["DOCUMENT_ROOT"]" > and so forth, but all to no avail. Good 'ol $DOCUMENT_ROOT seems quite gone, > and I wasn't able to find mentions of this happening to others on the 'Net. > Any pointers? > > -david > >

attached mail follows:

Kevin,

After many tries, that is what indeed worked, but I'm a little irked, since shouldn't it have been that setting register_global to "On" in my php.ini would re-enable these base globals? I had to retool all of my scripts. =/

-david

----- Original Message ----- From: "Kevin Waterson" <kevinoceania.net> To: "David E. Weekly" <dweeklyCommunityColo.net> Cc: <php-generallists.php.net> Sent: Tuesday, July 02, 2002 7:23 AM Subject: Re: [PHP] DOCUMENT_ROOT disappeared on me!

> On Mon, 1 Jul 2002 22:01:27 -0700 > "David E. Weekly" <dweeklyCommunityColo.net> wrote: > > > All, > > > > I upgraded from PHP 4.1.2 to 4.2.1 today along with revving Apache to 1.3.26 > > from 1.3.22, and, woe is me, my $DOCUMENT_ROOT now evaluates to "" on all of > > my PHP pages! > > $_SERVER['DOCUMENT_ROOT'] > > Kevin > -- > Kevin Waterson > Byron Bay, Australia >

attached mail follows:

On Tuesday, July 2, 2002, at 10:47 AM, David E. Weekly wrote:

> After many tries, that is what indeed worked, but I'm a little irked, > since > shouldn't it have been that setting register_global to "On" in my > php.ini > would re-enable these base globals? I had to retool all of my > scripts. =/

IMHO you're better off, but yes, if you set register_globals = on then you shouldn't need to have retooled your scripts. Did you restart your webserver after you adjusted php.ini?

Erik

----

Erik Price Web Developer Temp Media Lab, H.H. Brown priceehhbrown.com

attached mail follows:

> IMHO you're better off

I agree and understand why, but...

> but yes, if you set register_globals = on then > you shouldn't need to have retooled your scripts.

I agree. =)

> Did you restart your > webserver after you adjusted php.ini?

Yes. Full stop/start cycle.

-david

attached mail follows:

On Tuesday 02 July 2002 22:58, David E. Weekly wrote: > > IMHO you're better off > > I agree and understand why, but... > > > but yes, if you set register_globals = on then > > you shouldn't need to have retooled your scripts. > > I agree. =) > > > Did you restart your > > webserver after you adjusted php.ini? > > Yes. Full stop/start cycle.

And you verified that register_globals is on using phpinfo() ?

-- Jason Wong -> Gremlins Associates -> www.gremlins.com.hk Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development *

/* I'm encased in the lining of a pure pork sausage!! */

attached mail follows:

Hello,

I am interested in creating svg graphics with php like creating a image with gd. I tried a PHP script with :

header ("Content-type: image/xml+svg");

but I don't know how to output correctly svg lines.

It is not possible to ouput svg lines with the print command and a command like "imagesvg($im);" does'nt exit.

Thanks in advance Is there any solution ?

Herve

attached mail follows:

I think the proper MIME type for sgv is image/svg-xml. Why aren't you able to output svg lines with print() (or echo())?

Bogdan

Herve le Martret wrote:

>Hello, > >I am interested in creating svg graphics with php like creating a image with >gd. >I tried a PHP script with : > >header ("Content-type: image/xml+svg"); > >but I don't know how to output correctly svg lines. > >It is not possible to ouput svg lines with the print command and a command >like >"imagesvg($im);" does'nt exit. > >Thanks in advance >Is there any solution ? > >Herve > > > > > > > > >

Mail scanat cu RAV Antivirus!

attached mail follows:

Bonjour,

Sur mon poste qui tourne avec une distribution Mandrake 8.1 j'ai compiler et installé PostgreSQL ainsi que apache 1.3.24 et php 4.2.1 tous ça fonctionne très bien.

Lorsque j'ai installé les extension FrontPage 2002 sur mon serveur Apache, PHP ne tourne plus.

j'ai essaier de recompiler php en faisaint un make clean;make mais cela ne marche pas.

j'ai essayé de refaire un ./configure --with-apxs=/usr/local/apache/bin/apxs --with-pgsql=/usr/local/pgsql dans php

mais l'erreur suivante apparaît

Sorry, I was not able to successfully run APXS

merci de votre aide

attached mail follows:

[snip] >> print($curlline); <----this looks fine >> exec($curline); > >Have you tried executing $curlline directly from a shell/command-line? This >will determine whether it is a PHP problem or a cURL problem. >[/snip] > >That was the first thing I did, and I have gone back a couple of times now >to make sure.

Post an example $curlline with the iteration value plugged in...

Any chance it has, say, quotes or apostrophes in it? How about unprintable control characters? Spaces that don't show up in the browser but that you can see in "View Source" ? :-) [/snip]

As a matter of fact, when viewing the source (which should display properly if word wrap is off in Notepad) the line appears to be broken up. I have an idea...write the line to a file then open the file and get the line for exec()...blabbering now, must go...

Jay

attached mail follows:

Balaji,

I tried to implement the code you put in this email and I'm having some problems. I am able to browse and choose a file from my system then click upload. The php script doesn't get the value of $path.

The site is running PHP 4.2.1 on Windows NT 5.0. I am using Internet Explorer 6.0.26. Any suggestions on what I need to add?

Thanx,

Bev

-----Original Message----- From: Balaji Ankem [mailto:balaji.ankemwipro.com] Sent: Monday, July 01, 2002 12:11 PM To: 'Phil Schwarzmann' Cc: php-generallists.php.net Subject: RE: [PHP] uploading a file

Upload.html ===============

<!DOCTYPE html public "-//w3c//dtd html 4.0 transitional//en"> <HTML> <TITLE> FileUpload </TITLE> <head> <script language="Javascript">

function check() {

document.upload.method = "POST"; document.upload.enctype='multipart/form-data' document.upload.action="upload.php"; document.upload.submit(); return true;

}

</script> </head>

<BODY>

</td> <td width="5%"> </td> <td width="50%"> <p align="left"> <input type="submit" Value="UPLOAD" ></td> </tr> </table>

</form> </center>

</BODY> </HTML>

Upload.php ================

<?php

if(copy($path,$path_name)) { print "<br><br><br><center><font face='verdana' size=+2 color=blue>Your file $path_name has been uploaded!!!</font></center>" ; } else { print "<font face='verdana' size=+2 color=red>A problem was encountered during your file upload.</font><br>"; }

=================

-----Original Message----- From: Phil Schwarzmann [mailto:pschwarjhmi.edu] Sent: Monday, July 01, 2002 9:29 PM To: php-generallists.php.net Subject: [PHP] uploading a file

anyone have some code they can send me that will successfully upload a file? I've got all the HTML correct, it's just that my PHP code ain't working.

Thanks! Phil

attached mail follows:

On Tuesday 02 July 2002 22:35, Beverly Steiner wrote: > Balaji, > > I tried to implement the code you put in this email and I'm having some > problems. I am able to browse and choose a file from my system then click > upload. The php script doesn't get the value of $path. > > The site is running PHP 4.2.1 on Windows NT 5.0. I am using Internet > Explorer 6.0.26. Any suggestions on what I need to add?

The manual has a perfectly good example on how to upload files.

-- Jason Wong -> Gremlins Associates -> www.gremlins.com.hk Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development *

/* Hope not, lest ye be disappointed. -- M. Horner */

attached mail follows:

I am slowly coming up with a solution to my cURL problem and have narrowed down the possibilities. One of these being that the cURL command written out with variables and such breaks into more than one line. This is not allowed in cURL. So, I had decided to write out a file as follows; ($curline is all on one line in the code.)

<?php $curllist = fopen("curllist.txt", "w+"); $curlline = ("curl -d \"name=myname&password=mypassword&btnsubmit=submit\" -s -o $listline https://rc.qwest.com/servlet/rmcDownload/$listline?area\=cdr\&file=$listline "); fputs($curllist, $curlline); fclose($curllist); ?>

Then I would pull out a line to execute for the download of the file. Well, when I vi curllist.txt the $curlline's are still broken after $listine variable is replaced and before the https:

Is there a way to force all of this to be on the same line? I have placed newline characters at the end of the line I actually want, I have broken and reassembled the line in many different ways. I am going to go nuts on this I am sure.

Thanks!

Jay

"They're coming to take me away, hoho, hehe..."

attached mail follows:

On Tuesday 02 July 2002 23:13, Jay Blanchard wrote: > I am slowly coming up with a solution to my cURL problem and have narrowed > down the possibilities. One of these being that the cURL command written > out with variables and such breaks into more than one line. This is not > allowed in cURL. So, I had decided to write out a file as follows; > ($curline is all on one line in the code.) > > <?php > $curllist = fopen("curllist.txt", "w+"); > $curlline = ("curl -d > \"name=myname&password=mypassword&btnsubmit=submit\" -s -o $listline > https://rc.qwest.com/servlet/rmcDownload/$listline?area\=cdr\&file=$listlin >e "); > fputs($curllist, $curlline); > fclose($curllist); > ?> > > Then I would pull out a line to execute for the download of the file. Well, > when I vi curllist.txt the $curlline's are still broken after $listine > variable is replaced and before the https: > > Is there a way to force all of this to be on the same line? I have placed > newline characters at the end of the line I actually want, I have broken > and reassembled the line in many different ways. I am going to go nuts on > this I am sure.

Where are you getting $listline from? My guess is that $listline has a newline character at the end. Confirm using strlen($listline).

-- Jason Wong -> Gremlins Associates -> www.gremlins.com.hk Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development *

/* Al didn't smile for forty years. You've got to admire a man like that. -- from "Mary Hartman, Mary Hartman" */

attached mail follows:

Hi All...... I have recently completed work on a PHP, MySQL driven job site for Technical employment. Geared toward independent contractors and the people who hire them.

If any one has the time, could you look at: www.tech-temp.com and give feedback either on the list or privately? I *think* I have covered all the bases but could use the input....

Thanks, Bret

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]