|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: php-general-digest-help
lists.php.netDate: Wed Jul 03 2002 - 23:06:08 CDT
php-general Digest 4 Jul 2002 04:06:08 -0000 Issue 1443
Topics (messages 105229 through 105351):
Another Regex Question (General)
105229 by: Martin Clifford
105232 by: Erik Price
105315 by: Analysis & Solutions
Re: V basic newbie problem
105230 by: Dan Vande More
Re: Stock Prices
105231 by: Stuart Dallas
105295 by: Richard Lynch
Re [PHP] cURL in an exec() . more. SOLVED
105233 by: Jay Blanchard
105236 by: Scott Fletcher
105238 by: Scott Fletcher
Re: cURL in an exec() . more
105234 by: Jason Wong
Need Help with $_SESSION.
105235 by: Scott Fletcher
105242 by: Al Baker
105245 by: Scott Fletcher
105252 by: Scott Fletcher
105253 by: Johnson, Kirk
105263 by: Scott Fletcher
105276 by: Scott Fletcher
Re: $_SESSION
105237 by: Scott Fletcher
Re: sample javascript popup+php - newbie
105239 by: Bogdan Stancescu
105241 by: Bogdan Stancescu
Other than substr
105240 by: César Aracena
105243 by: Leotta, Natalie (NCI/IMS)
105244 by: Erik Price
105310 by: Richard Lynch
Re: $this in an XML data handler ... in a class
105246 by: Clay Loveless
105248 by: Analysis & Solutions
105255 by: Clay Loveless
105260 by: Clay Loveless
105287 by: Analysis & Solutions
105319 by: Clay Loveless
105325 by: Analysis & Solutions
uploading a file via php - i need some simple code
105247 by: Phil Schwarzmann
105249 by: Philip Hallstrom
105251 by: Lowell Allen
105307 by: Richard Lynch
Re: SESSION newbie question ***STILL UNRESOLVED***
105250 by: php.net.co.cr
105256 by: Kevin Stone
Re: PHP and Apache
105254 by: Al Baker
Solution to register_globals=off & existing code???
105257 by: PHPCoder
105258 by: Kevin Stone
105259 by: PHPCoder
105262 by: 1LT John W. Holmes
parsing of SSI scripts.
105261 by: Sandman
105264 by: 1LT John W. Holmes
105265 by: Sandman
105268 by: Lazor, Ed
105270 by: 1LT John W. Holmes
105275 by: Lazor, Ed
105282 by: Sandman
105283 by: Sandman
105285 by: 1LT John W. Holmes
105286 by: Andrew Chase
105290 by: Sandman
105293 by: Paul Roberts
105311 by: Lazor, Ed
Re: SESSION newbie question ***FINALLY RESOLVED*** =-)
105266 by: php.net.co.cr
How to determine a function's outer context?
105267 by: Alberto Serra
Authentication
105269 by: Peter
105272 by: Lazor, Ed
105277 by: Martin Clifford
105284 by: Cal Evans
105308 by: Richard Lynch
105324 by: Chris Shiflett
105333 by: Alberto Serra
105334 by: Chris Shiflett
105336 by: Jason Wong
105339 by: Alberto Serra
105348 by: Chris Shiflett
105349 by: Alberto Serra
105351 by: Alberto Serra
How to start hello program
105271 by: Varsha Agarwal
105274 by: Lazor, Ed
105278 by: Martin Clifford
GET data in URL
105273 by: Jay
105280 by: Martin Clifford
105281 by: Jay
105309 by: Richard Lynch
Exim sendmail faults
105279 by: Liam Gibbs
105314 by: Lazor, Ed
adding a variable to a variable name
105288 by: Tom Beidler
105292 by: val petruchek
105312 by: Bogdan Stancescu
Warning: Undefined Index?
105289 by: David Busby
105291 by: 1LT John W. Holmes
odbc_**** failing?
105294 by: David Busby
105331 by: Analysis & Solutions
Re: Problem with menu
105296 by: Richard Lynch
105346 by: JJ Harrison
Re: Does Location: headers constantly
105297 by: Richard Lynch
Re: help with PHPwebsite
105298 by: Richard Lynch
105313 by: Analysis & Solutions
Re: synchronizing php functions
105299 by: Richard Lynch
Re: Submitting Form Data
105300 by: Richard Lynch
Re: Program executing in PHP. Please help
105301 by: Richard Lynch
Re: Simple Example of Passing on a file through a PHP script
105302 by: Richard Lynch
105347 by: JJ Harrison
Re: addslahes and magic quote woes
105303 by: Richard Lynch
105304 by: Richard Lynch
Re: Problem With ora_do
105305 by: Richard Lynch
Re: $_SESSION (turned off, destory??)
105306 by: Richard Lynch
Using PHP to access a Microsoft SQL server
105316 by: David Busby
105318 by: Lazor, Ed
Recognition: Richard Lynch
105317 by: Lazor, Ed
105320 by: Greg Donald
105344 by: Manuel Lemos
New emalloc() error?
105321 by: David Busby
105323 by: Lazor, Ed
105326 by: David Busby
Re: Security: PHP: how to "harden" PHP scripts?
105322 by: Chris Shiflett
105328 by: Alberto Serra
opening pdf file in new window with a POST operation
105327 by: Pete James
Configuration problems concerning sessions.
105329 by: Mannequin*
Question about using XSLT_Process?
105330 by: john2.mccarty.ps.ge.com
mySQL and phpMyAdmin
105332 by: Jadiel Flores
Multiple Forms and 1 SQL table
105335 by: CM
105342 by: Analysis & Solutions
105343 by: Alberto Serra
default/optional parameters in function
105337 by: Chris Lott
105338 by: Analysis & Solutions
105340 by: Chris Lott
105341 by: Analysis & Solutions
storing echo to MySQL or converting to a variable
105345 by: Jose Arce
105350 by: Analysis & Solutions
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net
To post to the list, e-mail:
php-generallists.php.net
----------------------------------------------------------------------
attached mail follows:
This may sound like a stupid question, but... within a regular expression, are the values in brackets evaluated consecutively, or no? For example:
Does [a-zA-Z0-9] (yes, I know [:alnum:] is the same) mean that there can be a number, but it has to follow a letter? Or would you just do [a-zA-Z][0-9] to do that?
Elementry, my dear newbie. Hehe. Thanks all!
Martin
attached mail follows:
On Wednesday, July 3, 2002, at 12:00 PM, Martin Clifford wrote:
> Does [a-zA-Z0-9] (yes, I know [:alnum:] is the same) mean that there
> can be a number, but it has to follow a letter? Or would you just do
> [a-zA-Z][0-9] to do that?
That bracketed construction is called a character class. It represents
any *one* of the contained characters. But not more than one. So there
is no following at all, since for all intents and purposes the character
class matches a single character (unless you use a qualifier like +, ?,
or *).
Erik
----Erik Price Web Developer Temp Media Lab, H.H. Brown pricee
attached mail follows:
On Wed, Jul 03, 2002 at 12:00:50PM -0400, Martin Clifford wrote: > > Does [a-zA-Z0-9] (yes, I know [:alnum:] is the same) mean that there can > be a number, but it has to follow a letter? Or would you just do > [a-zA-Z][0-9] to do that?
Your second question/statement is correct.
--Dan
--
PHP classes that make web design easier
SQL Solution | Layout Solution | Form Solution
sqlsolution.info | layoutsolution.info | formsolution.info
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
4015 7 Av #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409
attached mail follows:
DMX is a little shy on descriptions, but you want to use the "Dynamic Table" under the Application Section. I make these 5 times a day.
-----Original Message-----
From: Ray Hunter [mailto:rhunterventicon.com]
Sent: Wednesday, July 03, 2002 8:52 AM
To: PHP GEN; Duncan Ellwood
Subject: Re: [PHP] V basic newbie problem
try something like this
echo '<table>';
while( $result = mysql_fetch_array( $q ) ) { output here... }
echo '</table>';
S RAY HUNTER
email: rhunterventicon.com
www: http://www.venticon.com
aim: spinebl8d3
----- Original Message -----
From: "Duncan Ellwood" <fraggamanhotmail.com>
To: <php-generallists.php.net>
Sent: Wednesday, July 03, 2002 8:43 AM
Subject: [PHP] V basic newbie problem
> I'm not sure if this is the right place for this but I'm just starting out > with php and MySQL.... > > I have succesfully got a database up and I have managed to populate the > first row of the html table with the first row of dynamic content without > too > much problem. I have used the visual enviroment of DW Mx for this and it was > staightforward enough > > My problem arises when I want to fill in the subsequent rows of the table > with the subesquent rows from the database. How do I create the recordset > that will pull the info from the relevant subsequent rows for my columns? > > The code for the first row and first column entry is: > > <?php echo $row_RsSingStanDailybb['DailyBB']; ?> > > but in the row below in the html table I want to refer to the second row DB > entry for DailyBB but I cant see how to go about this:( The Repeat server > behaviour in DW Mx simply puts all the values in one html cell which is not > what I wish to achieve. Basically I want the html table to match the > database but have only succeeded in getting the first row to display so > far:( > > I'm sure this is simple but its my first time at all this and any help would > be appreciated:) > > TIA > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
On Wednesday, July 3, 2002, 4:12:02 PM, Analysis & Solutions wrote: > On Fri, Mar 29, 2002 at 03:00:29AM +0200, David Russell wrote: >> >> How would I get recent stock prices in a page? I obviously need to get >> this from some source. >> >> I am looking for local (South African) and international share prices >> for a portal-type system. > > This may or may not be of some assistance: > > http://www.analysisandsolutions.com/code/phpxml.htm > > I don't know if it'll obtain South African stocks.
Before you go republishing data from Nasdaq.com (or any other site) please be sure that you understand the legal implications of doing so. For 99% of sites (probably 100% of sites providing live market quotes considering the cost of obtaining said data) you need explicit written permission to do it. For example, the following paragraph was taken from the copyright message returned in the XML obtained by the code given by the above link:
<quote source="http://quotes.nasdaq.com/quote.dll?page=xml&mode=stock&symbol=">
Unless you have a Nasdaq Logo License or other written agreement in effect with The Nasdaq Stock Market, Inc. which states otherwise, you may only provide a hypertext link to the Nasdaq Site on another website, provided that (a) the link must be a text-only link clearly marked "Nasdaq Home Page" or "nasdaq.com", (b) the link must "point" to the URL "http://www.nasdaq.com" and not to other pages within the Nasdaq Site, (c) the appearance, position and other aspects of the link may not be such as to damage or dilute the goodwill associated with Nasdaq's name and trademarks, (d) the appearance, position and other aspects of the link may not create the false appearance that an entity is associated with or sponsored by Nasdaq, (e) the link, when activated by a user, must display the Nasdaq Site full-screen and not within a "frame" on the linked website, and (f) The Nasdaq Stock Market, Inc. reserves the right to revoke its consent to the link at any time in its sole discretion.
</quote>
Or diluted down to the basic message:
You may not republish this information without written permission!
-- Stuart
attached mail follows:
>How would I get recent stock prices in a page? I obviously need to get >this from some source.
It's so easy, you have to pinch yourself to make sure you're not dreaming... :-)
<?php $stockhtml = file('http://www.sometocksite.com') or die("Could not read stock page"); $stockhtml = implode('', $stockhtml); # You now have their HTML in $stockhtml # Do whatever you want with it # Tear it apart, stuff it in the database, whatever. ?>
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
It's always the smallest things that will get you, I should be slapped (preferably by a good looking woman) :) ....
exec was not broken the permissions don't have to be mucked with ownership and group can be left alone this should be stamped on the forehead of each and every PHP developer
USE FULL PATHS!
$bash = "#!/bin/sh"; $curl = "/usr/local/bin/curl -d \"name=myname&password=mypassword&btnsubmit=submit\" -s -o cdrlist.html https://theserver.com/download/list.html"; $sh = fopen("/var/www/htdocs/rcr/getlist.sh", "w+"); fputs($sh, $bash."\n\n"); fputs($sh, $curl); fclose($sh); chmod("/var/www/htdocs/rcr/getlist.sh", 0755); exec("/var/www/htdocs/rcr/getlist.sh");
This solved all of the problems. I did the full paths thing during the process of elimination, to remove all doubt about the code. This will make sure that the script can be found and executed.
On another note;
Had I done this with exec and the cURL statement earlier it would have worked as well. But I think that i am going to keep it this way as it will hopefully make the code clearer. I will have to write more cURL statements later in the script and I can then assemble shell scripts as needed.
Thanks for all of your help...
Jay
attached mail follows:
Ha ha! Just what I mentioned from above. FULL PATH!!!!! :-) FletchSOD
"Jay Blanchard" <jay.blanchardniicommunications.com> wrote in message
news:003201c222ac$9760ad90$8102a8c0niigziuo4ohhdt...
> It's always the smallest things that will get you, I should be slapped
> (preferably by a good looking woman) :) ....
>
> exec was not broken
> the permissions don't have to be mucked with
> ownership and group can be left alone
> this should be stamped on the forehead of each and every PHP developer
>
> USE FULL PATHS!
>
> $bash = "#!/bin/sh";
> $curl = "/usr/local/bin/curl -d
> \"name=myname&password=mypassword&btnsubmit=submit\" -s -o cdrlist.html
> https://theserver.com/download/list.html";
> $sh = fopen("/var/www/htdocs/rcr/getlist.sh", "w+");
> fputs($sh, $bash."\n\n");
> fputs($sh, $curl);
> fclose($sh);
> chmod("/var/www/htdocs/rcr/getlist.sh", 0755);
> exec("/var/www/htdocs/rcr/getlist.sh");
>
> This solved all of the problems. I did the full paths thing during the
> process of elimination, to remove all doubt about the code. This will make
> sure that the script can be found and executed.
>
> On another note;
>
> Had I done this with exec and the cURL statement earlier it would have
> worked as well. But I think that i am going to keep it this way as it will
> hopefully make the code clearer. I will have to write more cURL statements
> later in the script and I can then assemble shell scripts as needed.
>
> Thanks for all of your help...
>
> Jay
>
>
>
attached mail follows:
:-) I went through the same thing the first time! Never again! I just pray and hope that I don't forget the next time!
"Scott Fletcher" <scottabcoa.com> wrote in message
news:20020703162448.3546.qmailpb1.pair.com...
> Ha ha! Just what I mentioned from above. FULL PATH!!!!! :-) FletchSOD
>
> "Jay Blanchard" <jay.blanchardniicommunications.com> wrote in message
> news:003201c222ac$9760ad90$8102a8c0niigziuo4ohhdt...
> > It's always the smallest things that will get you, I should be slapped
> > (preferably by a good looking woman) :) ....
> >
> > exec was not broken
> > the permissions don't have to be mucked with
> > ownership and group can be left alone
> > this should be stamped on the forehead of each and every PHP developer
> >
> > USE FULL PATHS!
> >
> > $bash = "#!/bin/sh";
> > $curl = "/usr/local/bin/curl -d
> > \"name=myname&password=mypassword&btnsubmit=submit\" -s -o cdrlist.html
> > https://theserver.com/download/list.html";
> > $sh = fopen("/var/www/htdocs/rcr/getlist.sh", "w+");
> > fputs($sh, $bash."\n\n");
> > fputs($sh, $curl);
> > fclose($sh);
> > chmod("/var/www/htdocs/rcr/getlist.sh", 0755);
> > exec("/var/www/htdocs/rcr/getlist.sh");
> >
> > This solved all of the problems. I did the full paths thing during the
> > process of elimination, to remove all doubt about the code. This will
make
> > sure that the script can be found and executed.
> >
> > On another note;
> >
> > Had I done this with exec and the cURL statement earlier it would have
> > worked as well. But I think that i am going to keep it this way as it
will
> > hopefully make the code clearer. I will have to write more cURL
statements
> > later in the script and I can then assemble shell scripts as needed.
> >
> > Thanks for all of your help...
> >
> > Jay
> >
> >
> >
>
>
attached mail follows:
On Wednesday 03 July 2002 23:08, Jay Blanchard wrote:
> {snip] > Try hand writing a script then exec() it from php. > [/snip] > > Tried that, no go.
Can we go back to basics?
Does:
echo shell_exec('ls');
work? If not, are you running in safe-mode?
-- Jason Wong -> Gremlins Associates -> www.gremlins.com.hk Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development */* QOTD: "It's sort of a threat, you see. I've never been very good at them myself, but I'm told they can be very effective." */
attached mail follows:
Have not been successful in making this work for 2 days now. I'm focusing on making the $_SESSION to work on each webpages. The 1st page is the login. The 2nd page represent the rest of the webpages on a secure side after logging in. I could use some help in making this work. The $_SESSION does not work on the 2nd page. Since I can't use the register_global(), so I don't see how someone claim that it can work without it. I will appreciate it.
--clip-- (Page 1)
odbc_fetch_into($result,$_SESSION,1);
$salt = strtoupper(md5(uniqid(rand()))); session_id($salt); session_start(); header("Location: https://test.whatever/index.php?".SID);
--clip-- (Page 2)
print_r($_COOKIE); print_r($_SESSION);
--clip--
Thanks! FletchSOD
attached mail follows:
You must do a session_start() before you can use the session ID or the session array.
On Wed, 2002-07-03 at 12:24, Scott Fletcher wrote: > Have not been successful in making this work for 2 days now. I'm focusing > on making the $_SESSION to work on each webpages. The 1st page is the > login. The 2nd page represent the rest of the webpages on a secure side > after logging in. I could use some help in making this work. The $_SESSION > does not work on the 2nd page. Since I can't use the register_global(), so > I don't see how someone claim that it can work without it. I will > appreciate it. > > --clip-- (Page 1) > > odbc_fetch_into($result,$_SESSION,1); > > $salt = strtoupper(md5(uniqid(rand()))); > session_id($salt); > session_start(); > header("Location: https://test.whatever/index.php?".SID); > > --clip-- (Page 2) > > print_r($_COOKIE); > print_r($_SESSION); > > --clip-- > > Thanks! > FletchSOD > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
-- This email was sent with Ximian Evolution.
attached mail follows:
That one doesn't work too well! Also, here's the old script that work with the register_global turned on. But making it work with register global turned off is what I haven't gotten it to work.
--clip-- (Page 1) odbc_fetch_into($result,$user_detail,1);
$salt = strtoupper(md5(uniqid(rand()))); session_id($salt); session_start(); session_register("user_detail"); header("Location: https://test.whatever/index.php?".SID); --clip-- (Page 2) session_register("user_detail"); --clip--
Thanks, FletchSOD
"Al Baker" <ajb732comcast.net> wrote in message
news:1025712692.3987.0.camelworkstation...
> You must do a session_start() before you can use the session ID or the
> session array.
>
> On Wed, 2002-07-03 at 12:24, Scott Fletcher wrote:
> > Have not been successful in making this work for 2 days now. I'm
focusing
> > on making the $_SESSION to work on each webpages. The 1st page is the
> > login. The 2nd page represent the rest of the webpages on a secure side
> > after logging in. I could use some help in making this work. The
$_SESSION
> > does not work on the 2nd page. Since I can't use the register_global(),
so
> > I don't see how someone claim that it can work without it. I will
> > appreciate it.
> >
> > --clip-- (Page 1)
> >
> > odbc_fetch_into($result,$_SESSION,1);
> >
> > $salt = strtoupper(md5(uniqid(rand())));
> > session_id($salt);
> > session_start();
> > header("Location: https://test.whatever/index.php?".SID);
> >
> > --clip-- (Page 2)
> >
> > print_r($_COOKIE);
> > print_r($_SESSION);
> >
> > --clip--
> >
> > Thanks!
> > FletchSOD
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> --
> This email was sent with Ximian Evolution.
>
attached mail follows:
Al Baker's comment does help to iron out the broken script. Thanks, Al!!!! Now, I still can not understand why the 2nd page show the $_SESSION as blank. It is suppose to contain datas. The php.net stated that $_SESSION is global. Any comments?
> > --clip-- (Page 1) > > > > session_start(); // Recently Moved Up Here!!!! > > odbc_fetch_into($result,$_SESSION,1); > > > > $salt = strtoupper(md5(uniqid(rand()))); > > session_id($salt);
> > header("Location: https://test.whatever/index.php?".SID); > > > > --clip-- (Page 2) > > > > session_start(); // Recently Added
> > print_r($_COOKIE); > > print_r($_SESSION); > > > > --clip--
Thanks, FletchSOD
"Al Baker" <ajb732comcast.net> wrote in message
news:1025712692.3987.0.camelworkstation...
> You must do a session_start() before you can use the session ID or the
> session array.
>
> On Wed, 2002-07-03 at 12:24, Scott Fletcher wrote:
> > Have not been successful in making this work for 2 days now. I'm
focusing
> > on making the $_SESSION to work on each webpages. The 1st page is the
> > login. The 2nd page represent the rest of the webpages on a secure side
> > after logging in. I could use some help in making this work. The
$_SESSION
> > does not work on the 2nd page. Since I can't use the register_global(),
so
> > I don't see how someone claim that it can work without it. I will
> > appreciate it.
> >
> > --clip-- (Page 1)
> >
> > odbc_fetch_into($result,$_SESSION,1);
> >
> > $salt = strtoupper(md5(uniqid(rand())));
> > session_id($salt);
> > session_start();
> > header("Location: https://test.whatever/index.php?".SID);
> >
> > --clip-- (Page 2)
> >
> > print_r($_COOKIE);
> > print_r($_SESSION);
> >
> > --clip--
> >
> > Thanks!
> > FletchSOD
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> --
> This email was sent with Ximian Evolution.
>
attached mail follows:
> Now, I still can not understand why the 2nd page show the $_SESSION as > blank. It is suppose to contain datas. The php.net stated > that $_SESSION > is global. Any comments?
register_globals on ------------------- Page 1 <? session_start(); $foo = 'bar'; session_register('foo'); $foo = 'someNewValue'; ?>
Page 2: <? session_start(); echo $foo; $foo = 'aDifferentValue'; ?>
register_globals off -------------------- Page 1:
<? session_start(); $_SESSION['foo'] = 'bar'; $_SESSION['foo'] = 'someNewValue'; ?>
Page 2: <? session_start(); echo {$_SESSION['foo']}; // several syntaxes to do this $_SESSION['foo'] = 'aDifferentValue'; ?>
Kirk
attached mail follows:
The demostration written by Kirk Johnson worked pretty well. So, it should work with my demo script I posted earlier today. Alright! I'm going to have to debug it to find the problem. I'll post the final script once everything is ironed out. Hope to get it done today.
Thanks, FletchSOD
"Kirk Johnson" <kjohnsonzootweb.com> wrote in message
news:01A4B59FD1EBD311838100A0C98BE0D9023C4953chef...
> > Now, I still can not understand why the 2nd page show the $_SESSION as
> > blank. It is suppose to contain datas. The php.net stated
> > that $_SESSION
> > is global. Any comments?
>
> register_globals on
> -------------------
> Page 1
> <?
> session_start();
> $foo = 'bar';
> session_register('foo');
> $foo = 'someNewValue';
> ?>
>
> Page 2:
> <?
> session_start();
> echo $foo;
> $foo = 'aDifferentValue';
> ?>
>
>
> register_globals off
> --------------------
> Page 1:
>
> <?
> session_start();
> $_SESSION['foo'] = 'bar';
> $_SESSION['foo'] = 'someNewValue';
> ?>
>
> Page 2:
> <?
> session_start();
> echo {$_SESSION['foo']}; // several syntaxes to do this
> $_SESSION['foo'] = 'aDifferentValue';
> ?>
>
> Kirk
attached mail follows:
Still working on the script. Here what I found out so far. Why does the example #1 work and example #2 doesn't?
Example #1
Page 1
$_SESSION[0] = "Zero";
$_SESSION[1] = "One";
Page 2
echo $_SESSION[0];
echo $_SESSION[1];
Example #2
Page 1
$array[0] = "Zero";
$array[1] = "One";
//This is either for an array or
//substitute array for odbc_fetch_into
for($x=0;$x<2;$x++) {
$_SESSION[$x] = $array[$x];
}
Page 2
echo $_SESSION[0];
echo $_SESSION[1];
"Scott Fletcher" <scottabcoa.com> wrote in message
news:20020703190544.52521.qmailpb1.pair.com...
> The demostration written by Kirk Johnson worked pretty well. So, it
should
> work with my demo script I posted earlier today. Alright! I'm going to
> have to debug it to find the problem. I'll post the final script once
> everything is ironed out. Hope to get it done today.
>
> Thanks,
> FletchSOD
>
> "Kirk Johnson" <kjohnsonzootweb.com> wrote in message
> news:01A4B59FD1EBD311838100A0C98BE0D9023C4953chef...
> > > Now, I still can not understand why the 2nd page show the $_SESSION as
> > > blank. It is suppose to contain datas. The php.net stated
> > > that $_SESSION
> > > is global. Any comments?
> >
> > register_globals on
> > -------------------
> > Page 1
> > <?
> > session_start();
> > $foo = 'bar';
> > session_register('foo');
> > $foo = 'someNewValue';
> > ?>
> >
> > Page 2:
> > <?
> > session_start();
> > echo $foo;
> > $foo = 'aDifferentValue';
> > ?>
> >
> >
> > register_globals off
> > --------------------
> > Page 1:
> >
> > <?
> > session_start();
> > $_SESSION['foo'] = 'bar';
> > $_SESSION['foo'] = 'someNewValue';
> > ?>
> >
> > Page 2:
> > <?
> > session_start();
> > echo {$_SESSION['foo']}; // several syntaxes to do this
> > $_SESSION['foo'] = 'aDifferentValue';
> > ?>
> >
> > Kirk
>
>
attached mail follows:
I'm with you on this one! I'm working on transforming the website to use the stuffs that will do the dirty work for me. Like $_SESSION, $_COOKIE, etc. Found that this code is stored in the $_COOKIE. So, how cool!
FletchSOD
"Kevin Stone" <kevinhelpelf.com> wrote in message
news:014201c221fe$98fd92c0$6501a8c0kevin...
> Unless you have your php.ini file configured differently, simply adding
> session_start(); at the top of each page will make the session available
> without having to pass the SID through the URL string. Not that there is
> anything wrong or insecure by passing the session id through the URL
string.
> -Kevin
>
> ----- Original Message -----
> From: "Scott Fletcher" <scottabcoa.com>
> To: <php-generallists.php.net>
> Sent: Tuesday, July 02, 2002 1:05 PM
> Subject: [PHP] $_SESSION
>
>
> > Hi Again! I missed part of the past responses to the past posting over
> the
> > last few days because I had it cleaned from MS-Outlook folder. So, feel
> > free to provide some feedback on the transformation from the script with
> > register global turned on to off. Need some feedback on hiding the $SID
> > from the URL as I saw somewhere on hte posting. I can't find it right
> now.
> > I'll keep looking. Thanks! FletchSOD
> >
> > --clip-- (Old Script --> Register_Global turned on)
> >
> > --Page 1--
> > $user['data'] = "Yes!";
> > $salt = strtoupper(md5(uniqid(rand())));
> > session_id($salt);
> > session_start();
> > session_register("user");
> > header("Location:
> > https://test.whatever.com/test1.php?".SID."&init_login=TRUE");
> >
> > --Page 2--
> > session_register("user_detail");
> > --clip--
> > // ###############
> > --clip-- (New Script --> Register_Global turned off)
> >
> > --Page 1
> > $user['data'] = "Yes!";
> > $salt = strtoupper(md5(uniqid(rand())));
> > session_id($salt);
> > session_start();
> > $_SESSION['user'];
> > header("Location:
> > https://test.whatever.com/test1.php?".SID."&init_login=TRUE");
> >
> > --Page 2
> > $_SESSION['user'];
> > --clip--
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
>
attached mail follows:
In file1.php:
<script language="javascript"> <!-- function popItUp() { var gogu=open("file2.php","mypopup",<winparameters>); } // --> </script>
<form bla-bla> <input type="text"> <input type='button" onClick="popItUp()"> </form>
In file2.php: <script language="javascript"> <!-- function sendText { window.opener.document.forms[0][0].value=document.forms[0][0].value; } // --> </script>
<form bla-bla> <input type="text"> <input type="button" onClick="sendText()"> </form>
Wrote this in the mail client, so it may not work exactly like it is now, but that's the general idea.
HTH
Bogdan
adi wrote:
>filled in
>
>----- Original Message -----
>From: "Bogdan Stancescu" <mgvcanad.ro>
>To: "php-general" <php-generallists.php.net>
>Sent: Wednesday, July 03, 2002 5:50 PM
>Subject: Re: [PHP] sample javascript popup+php - newbie
>
>
>
>
>>Submitted or filled in? i.e. do you want textbox1 to contain whatever is
>>in textbox2 or do you want the form in file2.php to be submitted to
>>file1.php? The difference is that in the first case no PHP gets to run
>>when button2 is pressed, whereas in the second case file1.php gets to
>>run with the data in the form in file2.php.
>>
>>Bogdan
>>
>>adi wrote:
>>
>>
>>
>>>hi,
>>>I want to make an app with properties:
>>>-i have a file1.php with a textbox1 and button1; when i press button1,
>>>
>>>
>file2.php is popup-ed.
>
>
>>>- in file2.php i have textbox2 and button2; when button2 is pressed,
>>>
>>>
>file2 is closed, and value of textbox2 is submited to texbox1.
>
>
>>>There is somewere an sample app like this?
>>>
>>>tx in adv for any help
>>>adi
>>>
>>>
>>>
>>>
>>>
>>
>>
>>--
>>PHP General Mailing List (http://www.php.net/)
>>To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>>
>
>
>
>
attached mail follows:
Ah, and of course I forgot window.close() in sendText() after sending it.
Bogdan
adi wrote:
>filled in
>
>----- Original Message -----
>From: "Bogdan Stancescu" <mgvcanad.ro>
>To: "php-general" <php-generallists.php.net>
>Sent: Wednesday, July 03, 2002 5:50 PM
>Subject: Re: [PHP] sample javascript popup+php - newbie
>
>
>
>
>>Submitted or filled in? i.e. do you want textbox1 to contain whatever is
>>in textbox2 or do you want the form in file2.php to be submitted to
>>file1.php? The difference is that in the first case no PHP gets to run
>>when button2 is pressed, whereas in the second case file1.php gets to
>>run with the data in the form in file2.php.
>>
>>Bogdan
>>
>>adi wrote:
>>
>>
>>
>>>hi,
>>>I want to make an app with properties:
>>>-i have a file1.php with a textbox1 and button1; when i press button1,
>>>
>>>
>file2.php is popup-ed.
>
>
>>>- in file2.php i have textbox2 and button2; when button2 is pressed,
>>>
>>>
>file2 is closed, and value of textbox2 is submited to texbox1.
>
>
>>>There is somewere an sample app like this?
>>>
>>>tx in adv for any help
>>>adi
>>>
>>>
>>>
>>>
>>>
>>
>>
>>--
>>PHP General Mailing List (http://www.php.net/)
>>To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>>
>
>
>
>
attached mail follows:
Hi all.
I need to show up some data from a DB which consist of phone numbers
with area code. They’re stored like (xxxx) xxxxxxxx. What is the best
approach to print them into some textboxes so they can be edited? I’m
using substr but area codes (inside parenthesis) goes from 3 to 5
numbers, so sometimes the closing parenthesis is showed and other times
even the first number from the actual number is also showed. Can I use
regex instead? How is it used? I tried to figure it out in the PHP
manual, but it is NOT written in my level of English.
Thanks in advance,
<mailto:webmastericaam.com.ar> Cesar Aracena
CE / MCSE+I
Neuquen, Argentina
+54.299.6356688
+54.299.4466621
attached mail follows:
What do you want it to look like in the text boxes? If you just want to take out the two parentheses, you can use strstr to get the index of the ")" string to use in your substring statement.
http://www.php.net/manual/en/function.strstr.php
I hope this helps!
-Natalie
-----Original Message-----
From: César Aracena [mailto:icaamicaam.com.ar]
Sent: Wednesday, July 03, 2002 12:36 PM
To: PHP General List
Subject: [PHP] Other than substr
Hi all.
I need to show up some data from a DB which consist of phone numbers with
area code. They're stored like (xxxx) xxxxxxxx. What is the best approach to
print them into some textboxes so they can be edited? I'm using substr but
area codes (inside parenthesis) goes from 3 to 5 numbers, so sometimes the
closing parenthesis is showed and other times even the first number from the
actual number is also showed. Can I use regex instead? How is it used? I
tried to figure it out in the PHP manual, but it is NOT written in my level
of English.
Thanks in advance,
<mailto:webmastericaam.com.ar> Cesar Aracena
CE / MCSE+I
Neuquen, Argentina
+54.299.6356688
+54.299.4466621
attached mail follows:
On Wednesday, July 3, 2002, at 12:35 PM, César Aracena wrote:
> I need to show up some data from a DB which consist of phone numbers > with area code. They're stored like (xxxx) xxxxxxxx. What is the best > approach to print them into some textboxes so they can be edited? I'm > using substr but area codes (inside parenthesis) goes from 3 to 5 > numbers, so sometimes the closing parenthesis is showed and other times > even the first number from the actual number is also showed. Can I use > regex instead? How is it used? I tried to figure it out in the PHP > manual, but it is NOT written in my level of English.
It would be a good idea to store the phone numbers in the DB as two separate columns of only numbers, for performance and for ease of coding. One column for area codes (SMALLINT) and one column for the rest of the number (INT). Then you can add the parentheses or reformat the numbers as desired.
But if the database is beyond your control, here is a regex that may help you:
// $number = the whole phone number record from the DB preg_match_all('/^\((\d+)\) (\d+)$/', $number, $matches);
$area_code = $matches[1][0]; $rest_of_number = $matches[2][0];
Try that, but it's untested.
Erik
----Erik Price Web Developer Temp Media Lab, H.H. Brown pricee
attached mail follows:
>I need to show up some data from a DB which consist of phone numbers >with area code. They’re stored like (xxxx) xxxxxxxx. What is the best >approach to print them into some textboxes so they can be edited? I’m >using substr but area codes (inside parenthesis) goes from 3 to 5 >numbers, so sometimes the closing parenthesis is showed and other times >even the first number from the actual number is also showed. Can I use >regex instead? How is it used? I tried to figure it out in the PHP >manual, but it is NOT written in my level of English.
Ya know what?
*UNLESS* you are using SQL to figure out who's in which area code, and match up their distances or something, just leave it all in one field, and let the humans figure out what the () and - and x and + mean in:
+(054)-123-4567x89 +54(123)4567 ext 89 +54-123-4567 e 89
Because, really, there is no point in working really hard at this, when sooner or later, you'll have somebody who insists on using:
1-800-MY-STUFF instead of the numbers.
Or they'll insist that their phone number have more digits than you planned.
Or you'll need to support phone numbers in Outer Mongolia where they don't use the system you support
Or...
There are a billion ways for this to "go wrong" and make you re-write your code every year or so. Don't do it.
If you *are* using the digits to figure out who's where and match up area codes, ignore me. :-)
Actually, you *might* be better off to let a human enter what they want, and then *YOU* figure out the area code later or something...
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
Unfortunately, the xml_set_object function does not work to solve this problem. I tried using it, and my results were the same as they were when I was not using it.
[I found that the array($this, 'function_name') method instead of 'string function_name' for the xml_set_*_handler functions worked just as well, only without this Warning message one gets from PHP 4.2.1 upon using xml_set_object($this->parser, &$this):
"PHP Warning: Call-time pass-by-reference has been deprecated - argument passed by value; If you would like to pass it by reference, modify the declaration of xml_set_object(). If you would like to enable call-time pass-by-reference, you can set allow_call_time_pass_reference to true in your INI file. However, future versions may not support this any longer."]
Still searching for an answer on this one ...
Thanks, -Clay
> "Peter Clarke" <peterjingo.com>
>
> Have a look at:
> http://www.php.net/manual/en/function.xml-set-object.php
>
> xml_set_object($this->parser, &$this);
>
>
>
> "Clay Loveless" <claykillersoft.com> wrote in message
> news:B9481008.158BF%claykillersoft.com...
>> Here's a brain-bender ... At least it is for me at the moment. : )
>>
>> When I use an XML parser inside a class, the xml_*_handler functions
> aren't
>> recognizing "$this->" variables. I can kind of see why ... But would like
> it
>> to work anyway. : )
>>
>> Here's an example:
>>
>> class Blah
>> {
>> var $xmlparser;
>> var $current_element;
>>
>> // ...
>>
>> function _parseXML($data)
>> {
>> $this->xmlparser = xml_parser_create();
>> xml_set_element_handler(
>> $this->xmlparser,
>> array($this,"_xml_start_element"),
>> array($this,"_xml_end_element"));
>> xml_set_character_data_handler(
>> $this->xmlparser,
>> array($this,"_xml_character_data"));
>> xml_parse($this->xmlparser, $data);
>> xml_parser_free($this->xmlparser);
>> }
>>
>> function _xml_start_element($p, $e_name, $e_attributes)
>> {
>> $this->current_element = $e_name;
>> }
>>
>> function _xml_end_element($p, $e_name)
>> {
>> // ...
>> }
>>
>> function _xml_character_data($p, $data)
>> {
>> echo "element is: ".$this->current_element."\n";
>> echo "data is: $data\n";
>> }
>>
>> } // end of class Blah
>>
>>
>>
>> When this XML parser gets called from within the Blah class, the "element
>> is:" portion of _xml_character_data comes out blank!
>>
>> This sort of makes sense, because the callback functions are "children" of
>> the xml_parser_create "parent" ... But should that make the children
>> ignorant of the "grandparent" variables referred to by $this->varname?
>>
>> I hope this makes sense ... Has anyone else encountered this sort of
>> problem? I'm an old hat at PHP, but am relatively new to both XML parsing
>> and writing my own classes.
>>
>> Thanks,
>> Clay
>>
>
>
attached mail follows:
Clay:
On Wed, Jul 03, 2002 at 02:20:56AM -0700, Clay Loveless wrote: > > xml_set_element_handler( > $this->xmlparser, > array($this,"_xml_start_element"), > array($this,"_xml_end_element")); > xml_set_character_data_handler( > $this->xmlparser, > array($this,"_xml_character_data"));
Without getting into all of the other potential issues in your code, allow me to quickly point out that the function name parameters to the set_*_handler() are supposed to be strings. The string is to be the name of the function. So, for example, do this:
xml_set_character_data_handler($this->xmlparser, '_xml_character_data');
Now, I'm not guaranteeing this will cause the function to become part of the class, but at least the function will be properly initiated.
--Dan
--
PHP classes that make web design easier
SQL Solution | Layout Solution | Form Solution
sqlsolution.info | layoutsolution.info | formsolution.info
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
4015 7 Av #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409
attached mail follows:
Actually, a careful reading of the docs reveals the following at the bottom of each xml_set_*_handler section:
"Note: Instead of a function name, an array containing an object reference and a method name can also be supplied."
-Clay
> From: Analysis & Solutions <danielcanalysisandsolutions.com>
> Date: Wed, 3 Jul 2002 13:14:34 -0400
> To: PHP List <php-generallists.php.net>
> Subject: Re: [PHP] $this in an XML data handler ... in a class
>
> Clay:
>
> On Wed, Jul 03, 2002 at 02:20:56AM -0700, Clay Loveless wrote:
>>
>> xml_set_element_handler(
>> $this->xmlparser,
>> array($this,"_xml_start_element"),
>> array($this,"_xml_end_element"));
>> xml_set_character_data_handler(
>> $this->xmlparser,
>> array($this,"_xml_character_data"));
>
> Without getting into all of the other potential issues in your code, allow
> me to quickly point out that the function name parameters to the
> set_*_handler() are supposed to be strings. The string is to be the name
> of the function. So, for example, do this:
>
> xml_set_character_data_handler($this->xmlparser, '_xml_character_data');
>
> Now, I'm not guaranteeing this will cause the function to become part of
> the class, but at least the function will be properly initiated.
>
> --Dan
attached mail follows:
In a follow up on this, here's something else that's kind of bizzare ...
Within this class example, if I add a variable declaration of:
var $testval = 'this is a test';
And then add to _xml_character_data():
echo "TEST: $this->testval\n";
... I find that within the class structure, _xml_character_data can READ the $this->testval values (set outside of any callback function), but apparently the _xml_start_element() callback function cannot SET $this->current_element.
My output is:
element is: data is: [valid data] TEST: this is a test
Is this a bug? It's beginning to have the feel of one...
-Clay
>>> Here's a brain-bender ... At least it is for me at the moment. : ) >>> >>> When I use an XML parser inside a class, the xml_*_handler functions >> aren't >>> recognizing "$this->" variables. I can kind of see why ... But would like >> it >>> to work anyway. : ) >>> >>> Here's an example: >>> >>> class Blah >>> { >>> var $xmlparser; >>> var $current_element; >>> >>> // ... >>> >>> function _parseXML($data) >>> { >>> $this->xmlparser = xml_parser_create(); >>> xml_set_element_handler( >>> $this->xmlparser, >>> array($this,"_xml_start_element"), >>> array($this,"_xml_end_element")); >>> xml_set_character_data_handler( >>> $this->xmlparser, >>> array($this,"_xml_character_data")); >>> xml_parse($this->xmlparser, $data); >>> xml_parser_free($this->xmlparser); >>> } >>> >>> function _xml_start_element($p, $e_name, $e_attributes) >>> { >>> $this->current_element = $e_name; >>> } >>> >>> function _xml_end_element($p, $e_name) >>> { >>> // ... >>> } >>> >>> function _xml_character_data($p, $data) >>> { >>> echo "element is: ".$this->current_element."\n"; >>> echo "data is: $data\n"; >>> } >>> >>> } // end of class Blah >>> >>> >>> >>> When this XML parser gets called from within the Blah class, the "element >>> is:" portion of _xml_character_data comes out blank! >>> >>> This sort of makes sense, because the callback functions are "children" of >>> the xml_parser_create "parent" ... But should that make the children >>> ignorant of the "grandparent" variables referred to by $this->varname? >>> >>> I hope this makes sense ... Has anyone else encountered this sort of >>> problem? I'm an old hat at PHP, but am relatively new to both XML parsing >>> and writing my own classes. >>> >>> Thanks, >>> Clay >>>
attached mail follows:
Clay:
On Wed, Jul 03, 2002 at 11:05:34AM -0700, Clay Loveless wrote: > > "Note: Instead of a function name, an array containing an object reference > and a method name can also be supplied."
Interesting. Thanks!
Anyway, back to your situation. I put together a test. Two counters are running and get displayed each time each function is called. One counter is a regular variable which I bring into each function via a global statement. The other counter is part of the object.
Interestingly, in this case, the object variables are not acting as if they are part of the class, rather they're behaving as if their scope is stuck within each function.
As far as parsing XML, be aware that the character data handler get's called for each bit of non-tag data, including white spaces in tags and between tags. And, character data can contain multiple lines but they get passed through the character data handler function one line at a time, not all at once. So, performing maneuvers in the character_handler function is tricky. I save my character data in an array and then implode the array in the end handler function. This process is in the test, below, as well.
I've got a PHP XML expat parsing tutorial up on the web that may prove helpful: http://www.analysisandsolutions.com/code/phpxml.htm
#! /usr/local/bin/php -q <?php
class Blah { var $xmlparser; var $current_element; var $count = 0;
function _parseXML($data) { global $g; $g = 0;
$this->xmlparser = xml_parser_create(); xml_set_element_handler( $this->xmlparser, array($this,"_xml_start_element"), array($this,"_xml_end_element")); xml_set_character_data_handler( $this->xmlparser, array($this,"_xml_character_data")); xml_parse($this->xmlparser, $data); xml_parser_free($this->xmlparser); }
function _xml_start_element($p, $e_name, $e_attributes) { global $CData, $g; $CData = array(); echo 'g:' . ++$g . ' o:' . ++$this->count . " start\n"; echo " start element: $e_name\n"; }
function _xml_character_data($p, $data) { global $CData, $g; $CData[] = $data; echo 'g:' . ++$g . ' o:' . ++$this->count . " character\n"; echo " character data: $data\n"; }
function _xml_end_element($p, $e_name) { global $CData, $g; echo 'g:' . ++$g . ' o:' . ++$this->count . " end\n"; echo " end element: $e_name\n"; echo " end data array: " . trim( implode('', $CData) ) . "\n"; }
} // end of class Blah
$XML = ' <doc> <item> Some Item Text </item> </doc> ';
echo "$XML\n";
$Class = new Blah(); $Class->_parseXML($XML);
?>
Enjoy,
--Dan
--
PHP classes that make web design easier
SQL Solution | Layout Solution | Form Solution
sqlsolution.info | layoutsolution.info | formsolution.info
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
4015 7 Av #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409
attached mail follows:
Dan,
Thanks for your reply ... Glad to be helpful on the one tidbit I uncovered!
Looks like your conclusion is the same as mine: the object variables are readable within the handler functions, but they are not writeable. Hence your use of the global variables ... That seems to be the only workaround.
I'm convinced this has to be a bug ... Because what good is a "contained" class if you've got to interact with global variables in order to get the job done? Theoretically speaking, how do you know that you're not stepping on the toes of some other global variable?
This solution may be good enough for me and you ... If we're not writing classes for distribution ... But they go against the grain of all the bennies I've read about classes.
I'm not normally one to "cry 'BUG!'" ... But I think this qualifies. Do you agree?
-Clay
> From: Analysis & Solutions <danielcanalysisandsolutions.com>
> Date: Wed, 3 Jul 2002 16:38:38 -0400
> To: PHP List <php-generallists.php.net>
> Subject: Re: [PHP] $this in an XML data handler ... in a class
>
> Clay:
>
> On Wed, Jul 03, 2002 at 11:05:34AM -0700, Clay Loveless wrote:
>>
>> "Note: Instead of a function name, an array containing an object reference
>> and a method name can also be supplied."
>
> Interesting. Thanks!
>
> Anyway, back to your situation. I put together a test. Two counters are
> running and get displayed each time each function is called. One counter
> is a regular variable which I bring into each function via a global
> statement. The other counter is part of the object.
>
> Interestingly, in this case, the object variables are not acting as if
> they are part of the class, rather they're behaving as if their scope is
> stuck within each function.
>
> As far as parsing XML, be aware that the character data handler get's
> called for each bit of non-tag data, including white spaces in tags and
> between tags. And, character data can contain multiple lines but they get
> passed through the character data handler function one line at a time, not
> all at once. So, performing maneuvers in the character_handler function
> is tricky. I save my character data in an array and then implode the
> array in the end handler function. This process is in the test, below, as
> well.
>
> I've got a PHP XML expat parsing tutorial up on the web that may prove
> helpful: http://www.analysisandsolutions.com/code/phpxml.htm
>
>
> #! /usr/local/bin/php -q
> <?php
>
> class Blah
> {
> var $xmlparser;
> var $current_element;
> var $count = 0;
>
> function _parseXML($data)
> {
> global $g;
> $g = 0;
>
> $this->xmlparser = xml_parser_create();
> xml_set_element_handler(
> $this->xmlparser,
> array($this,"_xml_start_element"),
> array($this,"_xml_end_element"));
> xml_set_character_data_handler(
> $this->xmlparser,
> array($this,"_xml_character_data"));
> xml_parse($this->xmlparser, $data);
> xml_parser_free($this->xmlparser);
> }
>
> function _xml_start_element($p, $e_name, $e_attributes)
> {
> global $CData, $g;
> $CData = array();
> echo 'g:' . ++$g . ' o:' . ++$this->count . " start\n";
> echo " start element: $e_name\n";
> }
>
> function _xml_character_data($p, $data)
> {
> global $CData, $g;
> $CData[] = $data;
> echo 'g:' . ++$g . ' o:' . ++$this->count . " character\n";
> echo " character data: $data\n";
> }
>
> function _xml_end_element($p, $e_name)
> {
> global $CData, $g;
> echo 'g:' . ++$g . ' o:' . ++$this->count . " end\n";
> echo " end element: $e_name\n";
> echo " end data array: " . trim( implode('', $CData) ) . "\n";
> }
>
>
> } // end of class Blah
>
>
> $XML = '
> <doc>
> <item>
> Some Item Text
> </item>
> </doc>
> ';
>
> echo "$XML\n";
>
> $Class = new Blah();
> $Class->_parseXML($XML);
>
>
> ?>
>
>
> Enjoy,
>
> --Dan
>
> --
> PHP classes that make web design easier
> SQL Solution | Layout Solution | Form Solution
> sqlsolution.info | layoutsolution.info | formsolution.info
> T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
> 4015 7 Av #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
attached mail follows:
Hey Clay:
On Wed, Jul 03, 2002 at 03:25:42PM -0700, Clay Loveless wrote: > > Looks like your conclusion is the same as mine: the object variables are > readable within the handler functions, but they are not writeable.
I don't think that's an accurate description. The object variables are writiable, but their scope remains within the particular funciton. So, in essence, in my test, there are three $this->count variables floating around -- one for each function.
> I'm convinced this has to be a bug ... Because what good is a "contained" > class if you've got to interact with global variables in order to get the > job done?
Well, it may or may not be a bug. This strange behavior is probably due to the special nature of the XML functions. They don't really seem to be integrated into the class.
Other user defined methods inside classes still behave as usual. With the scope of object variables being global to the object and all methods therein.
Further clarification on this subject need to be provided by someone with a better understanding PHP's inner workings.
--Dan
--
PHP classes that make web design easier
SQL Solution | Layout Solution | Form Solution
sqlsolution.info | layoutsolution.info | formsolution.info
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
4015 7 Av #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409
attached mail follows:
I am having the worst trouble trying to write a tiny simple script that will upload a file. Below is my code - can anyone tell me why it's not working.... HTML <form name="form1" method="post" action="upload.php" enctype="multipart/form-data"> <input type="hidden" name="MAX_FILE_SIZE" value="1000"> <input type="file" name="userfile"> <input type="submit" name="Submit" value="Submit"> </form> PHP (upload.php) $filename = "/test.txt"; if (!move_uploaded_file($userfile, $filename)) { echo "something barfed."; exit; } else { echo "uploaded."; } Something is most likely wrong with the $filename variable. I don't know what exactly to put in there. All I want to do is upload a file and then move/copy it to a specific directory. What am I doing wrong?!?! THANKS!!
attached mail follows:
Read http://www.php.net/manual/en/features.file-upload.php
On Wed, 3 Jul 2002, Phil Schwarzmann wrote:
> I am having the worst trouble trying to write a tiny simple script that > will upload a file. Below is my code - can anyone tell me why it's not > working.... > > HTML > > <form name="form1" method="post" action="upload.php" > enctype="multipart/form-data"> > <input type="hidden" name="MAX_FILE_SIZE" value="1000"> > <input type="file" name="userfile"> > <input type="submit" name="Submit" value="Submit"> > </form> > > PHP (upload.php) > > $filename = "/test.txt"; > if (!move_uploaded_file($userfile, $filename)) > { > echo "something barfed."; > exit; > } > > else > { > echo "uploaded."; > } > > Something is most likely wrong with the $filename variable. I don't > know what exactly to put in there. All I want to do is upload a file > and then move/copy it to a specific directory. > > What am I doing wrong?!?! > > THANKS!! >
attached mail follows:
> From: "Phil Schwarzmann" <pschwarjhmi.edu>
>
> I am having the worst trouble trying to write a tiny simple script that
> will upload a file. Below is my code - can anyone tell me why it's not
> working....
>
> HTML
>
> <form name="form1" method="post" action="upload.php"
> enctype="multipart/form-data">
> <input type="hidden" name="MAX_FILE_SIZE" value="1000">
[snip]
Without looking at your other code, I'll just point out that the value for MAX_FILE_SIZE is in bytes, so you're specifying a very small files size as your max. Perhaps you're off by a few magnitudes. For example, "24576000" would be the value for a 24Mb max size.
-- Lowell Allen
attached mail follows:
>I am having the worst trouble trying to write a tiny simple script that >will upload a file. Below is my code - can anyone tell me why it's not >working.... > >HTML > ><form name="form1" method="post" action="upload.php" >enctype="multipart/form-data"> > <input type="hidden" name="MAX_FILE_SIZE" value="1000"> > <input type="file" name="userfile"> > <input type="submit" name="Submit" value="Submit"> ></form> > >PHP (upload.php) > >$filename = "/test.txt"; >if (!move_uploaded_file($userfile, $filename)) >{ > echo "something barfed."; > exit; >} > >else >{ > echo "uploaded."; >} > >Something is most likely wrong with the $filename variable. I don't >know what exactly to put in there. All I want to do is upload a file >and then move/copy it to a specific directory. > >What am I doing wrong?!?!
MOST LIKELY.
PHP does not have the permission to write data to '/test.txt'
You'll have to change $filename to a world-writable directory.
Do *NOT* *NOT* *NOT* make it in your web-tree.
Create a new directory next to your 'htdocs' (or 'www' or 'web' or whatever).
NEXT TO that, not *inside*
cd mkdir newdir
Then, make that directory world-writable:
chmod 777 newdir
Then, use the full path to newdir in your $filename:
cd newdir pwd
$filename = '/full/path/to/newdir/test.txt';'
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
I did as you said Richard, however I still encounter the same problem, you can take a look at the code in test.txt, I updated it too.
For other people, here is the original message: Hello,
I got this example of sessions: www.net.co.cr/test/test.php , however, as you can see in the code at /test/text.txt , isnt $_SESSION ['tree'] suppose to contain a value and not be NULL?
Thanks.
> > >www.net.co.cr/test/test.php > > > > <? > > if ($QUERY_STRING == "") > > { > > session_start(); > > $_SESSION['tree'] = "green"; > > > > > > > > Change the line above to these two lines: > > session_register('tree'); > > $tree = 'green'; > > > > Think of $_SESSION (and the other $_XXX vars) as "read-only" > > > > Use session_register() to say which variables should "live long and > prosper" > > and then just use them like regular variables. > > > > > > echo '<HTML> > > <HEAD> > > <TITLE>frame session test</TITLE> > > </HEAD> > > > > <FRAMESET cols="165,*" border=0 frameborder=0 framespacing=0"> > > <FRAME SRC="?1.html" name="mainMenu" MARGINWIDTH="0" > MARGINHEIGHT="0" > > border=0 frameborder=0 FRAMESPACING="0" NORESIZE SCROLLING="no"> > > <FRAME SRC="?2.html" name="right" MARGINWIDTH="0" WIDTH="0" > border=0 > > frameborder=0 FRAMESPACING="0"> > > > > </FRAMESET> > > > > </HTML>'; } > > > > if ($QUERY_STRING == "1.html") > > { echo "<b>This is just a dummy frame.</b>"; } > > > > if ($QUERY_STRING == "2.html") > > { > > echo "<b>"; > > echo "The value of \$_SESSION['tree'] is:"; > > echo gettype($_SESSION['tree']); > > echo "</b>"; > > } > > > > ?> > > > > > > -- > > Like Music? http://l-i-e.com/artists.htm > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > >
attached mail follows:
You must understand that although it's all the same script each frame is its own HTML page and Session vars will not be called into a frame unless you specify it. So..
if ($QUERY_STRING == "2.html") { session_start(); // call session vars into this frame. // .. blah blah blah.. }
Also set your variables before you register them into the session. If you don't have register globals on it won't work the other way around. Hope this helps. Very clever by the way I never thought of doing it this way. I'd always called the PHP into the SRC tag. :-)
Good luck -Kevin
----- Original Message -----
From: <phpnet.co.cr>
To: <php-generallists.php.net>
Sent: Wednesday, July 03, 2002 11:33 AM
Subject: Re: [PHP] Re: SESSION newbie question ***STILL UNRESOLVED***
> I did as you said Richard, however I still encounter the same problem, > you can take a look at the code in test.txt, I updated it too. > > > For other people, here is the original message: > > Hello, > > I got this example of sessions: www.net.co.cr/test/test.php , > however, as you can see in the code at /test/text.txt , isnt $_SESSION > ['tree'] suppose to contain a value and not be NULL? > > Thanks. > > > > > >www.net.co.cr/test/test.php > > > > > > <? > > > if ($QUERY_STRING == "") > > > { > > > session_start(); > > > $_SESSION['tree'] = "green"; > > > > > > > > > > > > Change the line above to these two lines: > > > session_register('tree'); > > > $tree = 'green'; > > > > > > Think of $_SESSION (and the other $_XXX vars) as "read-only" > > > > > > Use session_register() to say which variables should "live long and > > prosper" > > > and then just use them like regular variables. > > > > > > > > > echo '<HTML> > > > <HEAD> > > > <TITLE>frame session test</TITLE> > > > </HEAD> > > > > > > <FRAMESET cols="165,*" border=0 frameborder=0 framespacing=0"> > > > <FRAME SRC="?1.html" name="mainMenu" MARGINWIDTH="0" > > MARGINHEIGHT="0" > > > border=0 frameborder=0 FRAMESPACING="0" NORESIZE SCROLLING="no"> > > > <FRAME SRC="?2.html" name="right" MARGINWIDTH="0" WIDTH="0" > > border=0 > > > frameborder=0 FRAMESPACING="0"> > > > > > > </FRAMESET> > > > > > > </HTML>'; } > > > > > > if ($QUERY_STRING == "1.html") > > > { echo "<b>This is just a dummy frame.</b>"; } > > > > > > if ($QUERY_STRING == "2.html") > > > { > > > echo "<b>"; > > > echo "The value of \$_SESSION['tree'] is:"; > > > echo gettype($_SESSION['tree']); > > > echo "</b>"; > > > } > > > > > > ?> > > > > > > > > > -- > > > Like Music? http://l-i-e.com/artists.htm > > > > > > > > > -- > > > PHP General Mailing List (http://www.php.net/) > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > > > > > > > > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
attached mail follows:
I had a problem where I compiled in too many extensions and apache thought the module file was too complicated, and thus corrupt and wouldn't start.
On Tue, 2002-07-02 at 14:09, B i g D o g wrote:
> Sorry bro...doing to many things at once.
>
> Apache 1.3.23
> Linux 7.2
> PHP 4.1.2
>
> Configuration:
> ./configure
> --with-apxs=/usr/local/apache/bin/apxs
> --with-sybase-ct=/sybase
> --with-mysql' '--enable-exif
> --with-gd
> --with-jpeg-dir=/usr/lib
> --with-png-dir=/usr/local/lib
> --with-zlib
> --with-config-file-path=/etc
> --with-freetype-dir=/usr/local/lib
>
>
> My webserver keeps crashing: error log entry
> [Tue Jul 2 15:12:07 2002] [error] [client 164.214.4.59] (24)Too many open
> files
>
> I am just wondering if this a php issue or something else...
>
>
> B i g D o G
>
>
>
> ----- Original Message -----
> From: "Michael Sweeney" <sweeneyverisity.com>
> To: "B i g D o g" <bigdogventicon.com>
> Cc: "PHP GEN" <php-generallists.php.net>
> Sent: Tuesday, July 02, 2002 12:04 PM
> Subject: Re: [PHP] PHP and Apache
>
>
> > No. Only you. :-)
> >
> > Platform? Environment? Configuration information?
> >
> > ..mike..
> >
> > On Tue, 2002-07-02 at 11:01, B i g D o g wrote:
> > > Has anyone had a problem where PHP created to many open files and
> crashed
> > > apache?
> > >
> > > B i g D o g
> > >
> > >
> >
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
-- This email was sent with Ximian Evolution.
attached mail follows:
Hi Already posted a question asking what to do with existing code that uses register_globals=on and migrating to a new PHP with register_globals=off; solution seemed to be "have to re-code"; I came up with this code, and am basically asking the more enlightened if this might be a solution, ie, plug this code in at the top of all form action pages written with the "old style"... It's crude, so be nice.
.... if (isset($HTTP_POST_VARS)) { $type = $HTTP_POST_VARS; } elseif (isset($HTTP_GET_VARS)) { $type = $HTTP_GET_VARS; } foreach ($type as $key => $val) { $string = "\$$key = \"$val\";"; eval($string); } ....
If this will help, can it be written into a function? Is there a more "elegant" way of doing the same?Will this actually work?
Ta Petre
attached mail follows:
Or just use extract($HTTP_POST_VARS); Same thing. :) -Kevin
----- Original Message -----
From: "PHPCoder" <internetvsa.co.za>
To: "php-general" <php-generallists.php.net>
Sent: Wednesday, July 03, 2002 12:24 PM
Subject: [PHP] Solution to register_globals=off & existing code???
> Hi > Already posted a question asking what to do with existing code that uses > register_globals=on and migrating to a new PHP with > register_globals=off; solution seemed to be "have to re-code"; > I came up with this code, and am basically asking the more enlightened > if this might be a solution, ie, plug this code in at the top of all > form action pages written with the "old style"... It's crude, so be nice. > > .... > if (isset($HTTP_POST_VARS)) { > $type = $HTTP_POST_VARS; > } elseif (isset($HTTP_GET_VARS)) { > $type = $HTTP_GET_VARS; > } > foreach ($type as $key => $val) { > $string = "\$$key = \"$val\";"; > eval($string); > } > .... > > If this will help, can it be written into a function? Is there a more > "elegant" way of doing the same?Will this actually work? > > Ta > Petre > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
attached mail follows:
DOH! Now you tell me!!! :-[ Hah, thanks man, should have known that there is always a simple solution in PHP, just need to know where to look for it...
Kevin Stone wrote:
>Or just use extract($HTTP_POST_VARS); Same thing. :)
>-Kevin
>
>----- Original Message -----
>From: "PHPCoder" <internetvsa.co.za>
>To: "php-general" <php-generallists.php.net>
>Sent: Wednesday, July 03, 2002 12:24 PM
>Subject: [PHP] Solution to register_globals=off & existing code???
>
>
>>Hi
>>Already posted a question asking what to do with existing code that uses
>>register_globals=on and migrating to a new PHP with
>>register_globals=off; solution seemed to be "have to re-code";
>>I came up with this code, and am basically asking the more enlightened
>>if this might be a solution, ie, plug this code in at the top of all
>>form action pages written with the "old style"... It's crude, so be nice.
>>
>>....
>>if (isset($HTTP_POST_VARS)) {
>> $type = $HTTP_POST_VARS;
>>} elseif (isset($HTTP_GET_VARS)) {
>> $type = $HTTP_GET_VARS;
>>}
>>foreach ($type as $key => $val) {
>> $string = "\$$key = \"$val\";";
>> eval($string);
>> }
>>....
>>
>>If this will help, can it be written into a function? Is there a more
>>"elegant" way of doing the same?Will this actually work?
>>
>>Ta
>>Petre
>>
>>
>>
>>
>>
>>--
>>PHP General Mailing List (http://www.php.net/)
>>To unsubscribe, visit: http://www.php.net/unsub.php
>>
>
>
attached mail follows:
Or just use import_request_variables(). You can do all of them at once. It's only in PHP > 4.1.0, though.
www.php.net/import_request_variables
---John Holmes...
----- Original Message -----
From: "Kevin Stone" <kevinhelpelf.com>
To: "php-general" <php-generallists.php.net>
Sent: Wednesday, July 03, 2002 2:33 PM
Subject: Re: [PHP] Solution to register_globals=off & existing code???
> Or just use extract($HTTP_POST_VARS); Same thing. :)
> -Kevin
>
> ----- Original Message -----
> From: "PHPCoder" <internetvsa.co.za>
> To: "php-general" <php-generallists.php.net>
> Sent: Wednesday, July 03, 2002 12:24 PM
> Subject: [PHP] Solution to register_globals=off & existing code???
>
>
> > Hi
> > Already posted a question asking what to do with existing code that uses
> > register_globals=on and migrating to a new PHP with
> > register_globals=off; solution seemed to be "have to re-code";
> > I came up with this code, and am basically asking the more enlightened
> > if this might be a solution, ie, plug this code in at the top of all
> > form action pages written with the "old style"... It's crude, so be
nice.
> >
> > ....
> > if (isset($HTTP_POST_VARS)) {
> > $type = $HTTP_POST_VARS;
> > } elseif (isset($HTTP_GET_VARS)) {
> > $type = $HTTP_GET_VARS;
> > }
> > foreach ($type as $key => $val) {
> > $string = "\$$key = \"$val\";";
> > eval($string);
> > }
> > ....
> >
> > If this will help, can it be written into a function? Is there a more
> > "elegant" way of doing the same?Will this actually work?
> >
> > Ta
> > Petre
> >
> >
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
attached mail follows:
I have a perl script that outputs HTML data. How would I do to execute that script from within a php-script and have it's output parsed by -apache-.
I'm not talking about eval(), but rather have apache parse it to invoke php for whatever code I output. Let's say the perl script outputs:
<span class="a">The year is <? print date("Y"); ?></span>
Now, if I use system() or shell_exec(), the output is just printed to the page and whatever php code there is is ignored.
Is there ANY way to have the output parsed to make the above say "The year is 2002"?
-- Sandman[.net]
attached mail follows:
Look into exec() or virtual().
If the script is run over the web, you can just do a fopen("http://www.example.com/script.php"); and read the result. You can do the same for any other script that's run through the web b/c you'll receive it's parsed output, not the source.
---John Holmes...
----- Original Message -----
From: "Sandman" <mrsandman.net>
To: <php-generallists.php.net>
Sent: Wednesday, July 03, 2002 2:58 PM
Subject: [PHP] parsing of SSI scripts.
> I have a perl script that outputs HTML data. How would I do to execute that > script from within a php-script and have it's output parsed by -apache-. > > I'm not talking about eval(), but rather have apache parse it to invoke php > for whatever code I output. Let's say the perl script outputs: > > <span class="a">The year is <? print date("Y"); ?></span> > > Now, if I use system() or shell_exec(), the output is just printed to the > page and whatever php code there is is ignored. > > Is there ANY way to have the output parsed to make the above say "The year > is 2002"? > > -- > Sandman[.net] > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
attached mail follows:
In article <007501c222c5$2014f020$2f7e3393TB447CCO3>,
holmes072000charter.net (1lt John W. Holmes) wrote:
> > I have a perl script that outputs HTML data. How would I do to execute > > that script from within a php-script and have it's output parsed by > > -apache-. > > > > I'm not talking about eval(), but rather have apache parse it to > > invoke php for whatever code I output. Let's say the perl script > > outputs: > > > > <span class="a">The year is <? print date("Y"); ?></span> > > > > Now, if I use system() or shell_exec(), the output is just printed to > > the page and whatever php code there is is ignored. > > > > Is there ANY way to have the output parsed to make the above say "The > > year is 2002"?
> Look into exec() or virtual().
Neither returns apache-parsed output, especially not exec()
> If the script is run over the web, you can just do a > fopen("http://www.example.com/script.php"); and read the result. You can > do the same for any other script that's run through the web b/c you'll > receive it's parsed output, not the source.
But apache won't parse CGI-scripts for php syntax, will they? And that seems like a bad work-around.
-- Sandman[.net]
attached mail follows:
You're only receiving the processed results when you source the php file from another server. In other words, it's like viewing the web page through your browser.
-----Original Message----- > If the script is run over the web, you can just do a > fopen("http://www.example.com/script.php"); and read the result. You can > do the same for any other script that's run through the web b/c you'll > receive it's parsed output, not the source.
But apache won't parse CGI-scripts for php syntax, will they? And that seems like a bad work-around.
**************************************************************************** This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message. Thank you very much.
attached mail follows:
I think I misunderstood your question. You have a Perl script that returns HTML and SSI and you want that string, returned to PHP, to be parsed by Apache, so the SSI is evaluated, right?
Okay, now that I've sorted that out, I don't have an answer for you. Sorry. It seems like a very bad way to do things and you're making things harder than they should be.
In thinking about it, are you really sure that virtual won't do what you want?
http://www.php.net/manual/en/function.virtual.php
virtual() is an Apache-specific function which is equivalent to <!--#include virtual...--> in mod_include. It performs an Apache sub-request. It is useful for including CGI scripts or .shtml files, or anything else that you would parse through Apache. Note that for a CGI script, the script must generate valid CGI headers. At the minimum that means it must generate a Content-type header. For PHP files, you need to use include() or require(); virtual() cannot be used to include a document which is itself a PHP file.
---John Holmes...
----- Original Message -----
From: "Sandman" <mrsandman.net>
To: <php-generallists.php.net>
Sent: Wednesday, July 03, 2002 3:21 PM
Subject: Re: [PHP] parsing of SSI scripts.
> In article <007501c222c5$2014f020$2f7e3393TB447CCO3>,
> holmes072000charter.net (1lt John W. Holmes) wrote:
>
> > > I have a perl script that outputs HTML data. How would I do to execute
> > > that script from within a php-script and have it's output parsed by
> > > -apache-.
> > >
> > > I'm not talking about eval(), but rather have apache parse it to
> > > invoke php for whatever code I output. Let's say the perl script
> > > outputs:
> > >
> > > <span class="a">The year is <? print date("Y"); ?></span>
> > >
> > > Now, if I use system() or shell_exec(), the output is just printed to
> > > the page and whatever php code there is is ignored.
> > >
> > > Is there ANY way to have the output parsed to make the above say "The
> > > year is 2002"?
>
> > Look into exec() or virtual().
>
> Neither returns apache-parsed output, especially not exec()
>
> > If the script is run over the web, you can just do a
> > fopen("http://www.example.com/script.php"); and read the result. You can
> > do the same for any other script that's run through the web b/c you'll
> > receive it's parsed output, not the source.
>
> But apache won't parse CGI-scripts for php syntax, will they? And that
> seems like a bad work-around.
>
> --
> Sandman[.net]
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
attached mail follows:
It seems that PHP is much more powerful and would completely replace the need for SSI.
-----Original Message----- I think I misunderstood your question. You have a Perl script that returns HTML and SSI and you want that string, returned to PHP, to be parsed by Apache, so the SSI is evaluated, right? **************************************************************************** This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message. Thank you very much.
attached mail follows:
In article <008c01c222c9$fa9c3fb0$2f7e3393TB447CCO3>,
holmes072000charter.net (1lt John W. Holmes) wrote:
> I think I misunderstood your question. You have a Perl script that returns > HTML and SSI and you want that string, returned to PHP, to be parsed by > Apache, so the SSI is evaluated, right? > > Okay, now that I've sorted that out, I don't have an answer for you. Sorry. > It seems like a very bad way to do things and you're making things harder > than they should be. > > In thinking about it, are you really sure that virtual won't do what you > want? > > http://www.php.net/manual/en/function.virtual.php > > virtual() is an Apache-specific function which is equivalent to <!--#include > virtual...--> in mod_include. It performs an Apache sub-request. It is > useful for including CGI scripts or .shtml files, or anything else that you > would parse through Apache. Note that for a CGI script, the script must > generate valid CGI headers. At the minimum that means it must generate a > Content-type header. For PHP files, you need to use include() or require();
> virtual() cannot be used to include a document which is itself a PHP file. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
But my SSI script outputs data that contains PHP scripts, which I want to have parsed.
-- Sandman[.net]
attached mail follows:
In article
<C8891DEC2698D411A91B00508BF9898806E11884phsormsg04.phsor.org>,
ELazorprovidence.org (Ed Lazor) wrote:
>> I think I misunderstood your question. You have a Perl script that >> returns HTML and SSI and you want that string, returned to PHP, to be >> parsed by Apache, so the SSI is evaluated, right?
> It seems that PHP is much more powerful and would completely replace the > need for SSI.
PHP more powerful than Perl?? I disagree violently of course. And since this is a -HUGE- perlscript which is pretty advanced, having to re-code it in PHP just because PHP can't have it parsed the way I want to seems like a drag.
-- Sandman[.net]
attached mail follows:
> It seems that PHP is much more powerful and would completely replace the > need for SSI.
Heh...wow...the understatement of the century.. :)
Glad you figured that out.
---John Holmes...
attached mail follows:
I'm not sure if Apache will recursively process documents this way (Perl script -> HTML output with embedded PHP -> parsed PHP), but what about adding this HTTP header to your PERL script's output before the HTML/PHP code:
Content-type: application/x-httpd-php
That way Apache would (in theory) know know that the PERL script's output should be parsed by PHP.
-Andy
> -----Original Message-----
> From: Sandman [mailto:mrsandman.net]
> Sent: Wednesday, July 03, 2002 1:09 PM
> To: php-generallists.php.net
> Subject: Re: [PHP] parsing of SSI scripts.
>
>
> In article <008c01c222c9$fa9c3fb0$2f7e3393TB447CCO3>,
> holmes072000charter.net (1lt John W. Holmes) wrote:
>
> > I think I misunderstood your question. You have a Perl script
> that returns
> > HTML and SSI and you want that string, returned to PHP, to be parsed by
> > Apache, so the SSI is evaluated, right?
> >
> > Okay, now that I've sorted that out, I don't have an answer for
> you. Sorry.
> > It seems like a very bad way to do things and you're making
> things harder
> > than they should be.
> >
> > In thinking about it, are you really sure that virtual won't do what you
> > want?
> >
> > http://www.php.net/manual/en/function.virtual.php
> >
> > virtual() is an Apache-specific function which is equivalent to
> <!--#include
> > virtual...--> in mod_include. It performs an Apache sub-request. It is
> > useful for including CGI scripts or .shtml files, or anything
> else that you
> > would parse through Apache. Note that for a CGI script, the script must
> > generate valid CGI headers. At the minimum that means it must generate a
> > Content-type header. For PHP files, you need to use include()
> or require();
>
>
>
> > virtual() cannot be used to include a document which is itself
> a PHP file.
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> But my SSI script outputs data that contains PHP scripts, which I want to
> have parsed.
>
> --
> Sandman[.net]
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
attached mail follows:
In article <NGBBLCLNFOGFEGNEMCCCGEJLEKAA.andrew.chasevalleypres.org>,
andrew.chasevalleypres.org (Andrew Chase) wrote:
> I'm not sure if Apache will recursively process documents this way (Perl > script -> HTML output with embedded PHP -> parsed PHP), but what about adding > this HTTP header to your PERL script's output before the HTML/PHP code: > > Content-type: application/x-httpd-php > > That way Apache would (in theory) know know that the PERL script's output > should be parsed by PHP.
Good idea, even though it doesn't seem to work... And I just figured that virtual() doesn't send the ENV-variables to the script, so it's worthless anyway... :(
-- Sandman[.net]
attached mail follows:
>> I think I misunderstood your question. You have a Perl script that >> returns HTML and SSI and you want that string, returned to PHP, to be >> parsed by Apache, so the SSI is evaluated, right?
you can do this with apache 2 but not apache 1
Paul Roberts
roberts_paulbigfoot.com
++++++++++++++++++++++++
----- Original Message -----
From: "Sandman" <mrsandman.net>
To: <php-generallists.php.net>
Sent: Wednesday, July 03, 2002 9:11 PM
Subject: Re: [PHP] parsing of SSI scripts.
In article
<C8891DEC2698D411A91B00508BF9898806E11884phsormsg04.phsor.org>,
ELazorprovidence.org (Ed Lazor) wrote:
>> I think I misunderstood your question. You have a Perl script that >> returns HTML and SSI and you want that string, returned to PHP, to be >> parsed by Apache, so the SSI is evaluated, right?
> It seems that PHP is much more powerful and would completely replace the > need for SSI.
PHP more powerful than Perl?? I disagree violently of course. And since this is a -HUGE- perlscript which is pretty advanced, having to re-code it in PHP just because PHP can't have it parsed the way I want to seems like a drag.
-- Sandman[.net]-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
Of course. Btw... You aren't running into a PHP limitation. You're experiencing an issue of programming design and how to integrate different technologies. If anything, Apache is what's limiting you, because of the order of presedence in how it processes files.
From what you've said, you want the order of processing to flow like this:
CGI/PERL => PHP => SSI => HTML => End-User
. . .
If I had a CGI script outputing PHP/SSI code that needed to be processed, I'd probably grab it using fopen and run it through eval.
For fun, let's start a PHP vs PERL discussion. PHP doesn't have the overhead of spawning and forking the additional processes associated with running CGI scripts. That makes PHP faster. As I understand, PHP has all the functionality of PERL, but in a way that's more integrated with the web server. I also believe PHP has functionality lacking in PERL, but I don't know PERL well enough to make this claim myself - anyone care to elaborate on this? Basically, web development is fairly specific. PERL may be a very good language, but PHP is superior in the area of web development. Anyone else have feedback on which is better and why?
-Ed
-----Original Message----- PHP more powerful than Perl?? I disagree violently of course. And since this is a -HUGE- perlscript which is pretty advanced, having to re-code it in PHP just because PHP can't have it parsed the way I want to seems like a drag. **************************************************************************** This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message. Thank you very much.
attached mail follows:
Kevin you got it!
Wow.. that gave many of us pain.. however I thought about that and said to myself that would just start a new session.. anyways that didnt.
For the rest of the people looking at this e-mail, you may look at the code, its updated.
Thanks. Josepablo Pérez
> You must understand that although it's all the same script each frame
is its
> own HTML page and Session vars will not be called into a frame unless
you
> specify it. So..
>
> if ($QUERY_STRING == "2.html")
> {
> session_start(); // call session vars into this frame.
> // .. blah blah blah..
> }
>
> Also set your variables before you register them into the session.
If you
> don't have register globals on it won't work the other way around.
Hope
> this helps. Very clever by the way I never thought of doing it this
way.
> I'd always called the PHP into the SRC tag. :-)
>
> Good luck
> -Kevin
>
>
>
> ----- Original Message -----
> From: <phpnet.co.cr>
> To: <php-generallists.php.net>
> Sent: Wednesday, July 03, 2002 11:33 AM
> Subject: Re: [PHP] Re: SESSION newbie question ***STILL UNRESOLVED***
>
>
> > I did as you said Richard, however I still encounter the same
problem,
> > you can take a look at the code in test.txt, I updated it too.
> >
> >
> > For other people, here is the original message:
> >
> > Hello,
> >
> > I got this example of sessions: www.net.co.cr/test/test.php ,
> > however, as you can see in the code at /test/text.txt , isnt
$_SESSION
> > ['tree'] suppose to contain a value and not be NULL?
> >
> > Thanks.
> >
> >
> > > > >www.net.co.cr/test/test.php
> > > >
> > > > <?
> > > > if ($QUERY_STRING == "")
> > > > {
> > > > session_start();
> > > > $_SESSION['tree'] = "green";
> > > >
> > > >
> > > >
> > > > Change the line above to these two lines:
> > > > session_register('tree');
> > > > $tree = 'green';
> > > >
> > > > Think of $_SESSION (and the other $_XXX vars) as "read-only"
> > > >
> > > > Use session_register() to say which variables should "live long
and
> > > prosper"
> > > > and then just use them like regular variables.
> > > >
> > > >
> > > > echo '<HTML>
> > > > <HEAD>
> > > > <TITLE>frame session test</TITLE>
> > > > </HEAD>
> > > >
> > > > <FRAMESET cols="165,*" border=0 frameborder=0 framespacing=0">
> > > > <FRAME SRC="?1.html" name="mainMenu" MARGINWIDTH="0"
> > > MARGINHEIGHT="0"
> > > > border=0 frameborder=0 FRAMESPACING="0" NORESIZE SCROLLING="no">
> > > > <FRAME SRC="?2.html" name="right" MARGINWIDTH="0" WIDTH="0"
> > > border=0
> > > > frameborder=0 FRAMESPACING="0">
> > > >
> > > > </FRAMESET>
> > > >
> > > > </HTML>'; }
> > > >
> > > > if ($QUERY_STRING == "1.html")
> > > > { echo "<b>This is just a dummy frame.</b>"; }
> > > >
> > > > if ($QUERY_STRING == "2.html")
> > > > {
> > > > echo "<b>";
> > > > echo "The value of \$_SESSION['tree'] is:";
> > > > echo gettype($_SESSION['tree']);
> > > > echo "</b>";
> > > > }
> > > >
> > > > ?>
> > > >
> > > >
> > > > --
> > > > Like Music? http://l-i-e.com/artists.htm
> > > >
> > > >
> > > > --
> > > > PHP General Mailing List (http://www.php.net/)
> > > > To unsubscribe, visit: http://www.php.net/unsub.php
> > > >
> > > >
> > >
> > >
> > >
> > >
> > >
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
attached mail follows:
Hi!
suppose we have this:
class utility {
function general_purpose($parm) { some_process or die("classname::callerfunction error with parm $parm") ; }
}
class someclass {
var $utility;
function someclass() { $this->utility = new utility; }
function do_something() { $this->utility->general_purpose("what-to-do"); }
}
Now, is there anyway we can trace that utility::general_purpose() is being called from within someclass::do_something() without explicitely passing a string among utility::general_purpose() parameters?
Apart from leading to more compact code writing this would avoid typo errors and give a more accurate tracing system. I am sure it can be done, but I cannot figure out how to do it myself.
Thanks Alberto Kiev
--
LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu? lOrD i'M sHiNiNg... YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE tHe TeSt, YeS iT iS ThE tEsT, yEs It Is tHe TeSt, YeS iT iS ThE tEsT, yEs It Is.......
attached mail follows:
On my site, when a user logs in, their password is encrypted using md5() and the username and encrypted password is then passed from page to page using hidden form inputs (clicking on a link submits the form using POST). Does anyone have any comments on this method e.g. security wise? I know I could use sessions or cookies but is it relly necessary?
attached mail follows:
Use sessions. Create a user_id and pass that as a session variable rather than the user's actual login and password.
-----Original Message----- On my site, when a user logs in, their password is encrypted using md5() and the username and encrypted password is then passed from page to page using hidden form inputs (clicking on a link submits the form using POST). Does anyone have any comments on this method e.g. security wise? I know I could use sessions or cookies but is it relly necessary? **************************************************************************** This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message. Thank you very much.
attached mail follows:
Sessions make life so much eaiser, in my opinion. I used to do what you do, passing from one page the next. Now, when a user successfully logs in, ONE line of code passes all the necessary variables from page to page without me having to do a damn thing.
I don't personally see TOO much wrong with passing the encrypted password along, especially since you aren't displaying it in the URI's query string. BUT, if someone DID get a hold of the encrypted password, they can run millions of words through md5() until one matched. I would hope that people aren't bored enough to do that, but past actions have proved that wrong.
The magic line: session_start(). That's it. It holds ALL information about the session, and makes my life SO much eaiser.
HTH
Martin
>>> "Peter" <newsaddresssaracenvsu.org.uk> 07/03/02 03:32PM >>>
On my site, when a user logs in, their password is encrypted using md5() and
the username and encrypted password is then passed from page to page using
hidden form inputs (clicking on a link submits the form using POST).
Does anyone have any comments on this method e.g. security wise? I know I
could use sessions or cookies but is it relly necessary?
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
I agree with Ed. Use sessions.
It's more secure that how you are doing it because theusername is not stored in the page and retransmitted each page.
=C=
* * Cal Evans * The Virtual CIO * http://www.calevans.com *
-----Original Message-----
From: Peter [mailto:newsaddresssaracenvsu.org.uk]
Sent: Wednesday, July 03, 2002 2:32 PM
To: php-generallists.php.net
Subject: [PHP] Authentication
On my site, when a user logs in, their password is encrypted using md5() and the username and encrypted password is then passed from page to page using hidden form inputs (clicking on a link submits the form using POST). Does anyone have any comments on this method e.g. security wise? I know I could use sessions or cookies but is it relly necessary?
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
>On my site, when a user logs in, their password is encrypted using md5() and >the username and encrypted password is then passed from page to page using >hidden form inputs (clicking on a link submits the form using POST). >Does anyone have any comments on this method e.g. security wise? I know I >could use sessions or cookies but is it relly necessary?
Well, I can still 'sniff' their encrypted password and then hijack that session, or walk into the public library and take the cookies from your site...
Won't work for Fort Knox, but might be fine for your needs.
What are you trying to guard?
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
Lazor, Ed wrote:
>Use sessions. Create a user_id and pass that as a session variable rather >than the user's actual login and password. > >-----Original Message----- >On my site, when a user logs in, their password is encrypted using md5() and >the username and encrypted password is then passed from page to page using >hidden form inputs (clicking on a link submits the form using POST). >Does anyone have any comments on this method e.g. security wise? I know I >could use sessions or cookies but is it relly necessary? >
This is good advice. There are many reasons why, but here's one off the top of my head:
When you pass the encrypted password around, you can pretty much consider it in the public domain, right? Well, what happens when someone else takes that encrypted password (why bother decrypting it?) and presents it back to your site? That's right; they're in. This is called a presentation attack, and you'd be amazed at how many sites are vulnerable to this (I wrote an article a while back about how to break into MS Passport using this technique).
How do sessions help against this? Well, they don't solve the problem entirely, of course, but the unique ID you pass around won't be the same unique ID *every* time that user visits the site. So, you at least have a good chance of making the window of time that an imposter has to work with very small.
Security is all about making things really hard for potential attackers.
Chris
attached mail follows:
Chris Shiflett wrote:
> How do sessions help against this? Well, they don't solve the problem > entirely, of course, but the unique ID you pass around won't be the same > unique ID *every* time that user visits the site. So, you at least have > a good chance of making the window of time that an imposter has to work > with very small.
If you want to avoid even this small window, just store on a db file the session numbers you give away, along with the IP address of the user who got it. Then when you get a new request for that session check the IP you are getting it from and you are 100% sure the guy is who he says to be.
There is one side-effect, though. Users on unstable dial-up lines do lose their sessions when they get disconnected and call again. It may have an impact on sales.
Alberto Kiev
--
LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu? lOrD i'M sHiNiNg... YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE tHe TeSt, YeS iT iS ThE tEsT, yEs It Is tHe TeSt, YeS iT iS ThE tEsT, yEs It Is.......
attached mail follows:
Alberto Serra wrote:
> Chris Shiflett wrote: > >> How do sessions help against this? Well, they don't solve the problem >> entirely, of course, but the unique ID you pass around won't be the >> same unique ID *every* time that user visits the site. So, you at >> least have a good chance of making the window of time that an >> imposter has to work with very small. > > > If you want to avoid even this small window, just store on a db file > the session numbers you give away, along with the IP address of the > user who got it. Then when you get a new request for that session > check the IP you are getting it from and you are 100% sure the guy is > who he says to be.
The 100% part is inaccurate. :)
IPs can also be spoofed, but this is good advice, because it further complicates attacks. Anything you can do to make an attack more difficult is a good idea, but you can get to a point where the decrease in risk just isn't going to be worth the extra effort. So, while Mr. Serra's suggestion is a very good one, remember that any security model can be improved.
As a caveat to Mr. Serra's suggestion, remember that there are *many* users who will go through an IP masquerading gateway or proxy, so their IP may fluctuate, even though they are actively browsing. For this reason, it is often necessary to tolerate some fluctuation in the IP address, perhaps only in the last octet though.
Another thing some people use to strengthen their security model is to involve some sort of sequence number in the data that the client sends back. For example, instead of just a session ID, perhaps you have a cookie, URL variable, or whatever that is an encrypted (two-way so you can decrypt it) session ID, sequence number, and anything else you might think of to include. When you decrypt this at the beginning of each script, you make sure the sequence number is not less than the last sequence number sent (which you store on the server), that the timestamp is acceptable to you, and that the session ID in the encrypted string matches the session ID they are using. This presents a sort of race condition for a potential attacker where he/she must respond with the sequence number prior to the client's next request. This will make the window of opportunity as small as the client's time spent on a particular page.
That's just another idea or two. You can probably improve on that with your own creativity; just don't get carried away. :)
Happy hacking.
Chris
attached mail follows:
On Thursday 04 July 2002 09:09, Chris Shiflett wrote:
> As a caveat to Mr. Serra's suggestion, remember that there are *many* > users who will go through an IP masquerading gateway or proxy, so their > IP may fluctuate, even though they are actively browsing. For this > reason, it is often necessary to tolerate some fluctuation in the IP > address, perhaps only in the last octet though.
This can be self-defeating in that an attacker in the same network segment of the user is probably in the best position to sniff and hijack the session that you're trying to protect. Allowing this leeway makes the attacker's job much easier!
-- Jason Wong -> Gremlins Associates -> www.gremlins.com.hk Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development */* "Life, loathe it or ignore it, you can't like it." -- Marvin, "Hitchhiker's Guide to the Galaxy" */
attached mail follows:
Chris Shiflett wrote: > Alberto Serra wrote: >> If you want to avoid even this small window, just store on a db file >> the session numbers you give away, along with the IP address of the >> user who got it. Then when you get a new request for that session >> check the IP you are getting it from and you are 100% sure the guy is >> who he says to be.
> The 100% part is inaccurate. :)
Much too true LOLOL
> As a caveat to Mr. Serra's suggestion, remember that there are *many* > users who will go through an IP masquerading gateway or proxy, so > their IP may fluctuate, even though they are actively browsing. For > this reason, it is often necessary to tolerate some fluctuation in > the IP address, perhaps only in the last octet though.
Thanks, I guess I'll just do that. I was actually wondering how to leave this barrier up without being nasty to normal users. That also solves the dial-up problem, at least much of it, as callers will fluctuate mostly on the last octet if they do reconnect through the same ISP, right? Besides, IP masquerading gateways ARE a problem with the suggestion I gave. And I guess this also explains why we are having so much trouble in counting users (that is, IPs) whenever ADSL connection come around. Any suggestion?
> Another thing some people use to strengthen their security model is to > involve some sort of sequence number in the data that the client sends > back. For example, instead of just a session ID, perhaps you have a > cookie, URL variable, or whatever that is an encrypted (two-way so you > can decrypt it) session ID, sequence number, and anything else you > might think of to include.
So you mean I have a 32 byte MD5 session id to identify the current visit, plus another such thing to identify the step within it, right? But why decrypting it? A presentation attack would give it back to server in the encrypted form anyway. What do we lose by just generating a random MD5 key and using it as it is with no encrypted meaning?
Now, just tell me if I got you right. Since we are comparing 3 IP octets plus the two MD5 keys we get an attack window like this:
hacker has three matching octets on his IP, plus he does attack while the real user is still using the visit-session/content-session key the hacker has stolen, right? This makes it dangerous for last pages (those seen right before exiting site), as they actually last for ages.
Anyway, it DOES seems more than enough security to me. Thanks a lot!
Alberto Kiev
--
LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu? lOrD i'M sHiNiNg... YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE tHe TeSt, YeS iT iS ThE tEsT, yEs It Is tHe TeSt, YeS iT iS ThE tEsT, yEs It Is.......
attached mail follows:
Alberto Serra wrote:
> So you mean I have a 32 byte MD5 session id to identify the current > visit, plus another such thing to identify the step within it, right? > But why decrypting it? A presentation attack would give it back to > server in the encrypted form anyway. What do we lose by just > generating a random MD5 key and using it as it is with no encrypted > meaning?
I probably didn't explain this well enough; I was in a hurry earlier. :)
People who use this method of including an encrypted string (I've only used it on maybe two sites, because it does incur a performance hit) are *adding* to whatever security methods they are already using. So, in the case of using PHP's regular session management and adding the IP address, sequence number, and timestamp as an encrypted string, you get these two pieces of data residing with the client:
1. PHPSESSID in a cookie 2. Really long encrypted string in a cookie, in every URL, or whatever.
Item #2 is generated again on each page. It could be something like this when decrypted:
ip=xxx.xxx.xxx.xxx×tamp=yyyy-mm-dd&seq_num=13
The idea is to make it very difficult to successfully pull off a presentation attack. If someone intercepts the encrypted string (which you should basically assume is going to happen), it's not going to do them any good unless they can achieve the following:
1. Make their IP address appear as close to the real user's IP address as necessary, depending on the type of checking you're doing 2. Make sure they request the next page before the real user does, so that the sequence number is correct 3. Do all of this within whatever window of time you allow as a maximum before the session times out, based on the timestamp in the encrypted string.
or:
1. Decrypt the string
Decryption can take a lot of time, depending on the algorithm you choose. Additionally, if you make sure the sequence number is exactly what you're expecting (rather than just making sure it hasn't already been passed), prompting for a password otherwise, you make it difficult for the attacker to choose the right one.
Either way, if you can make them attempt the decryption rather than any of the other methods, you've done a pretty good job tightening everything up. Most people aren't going to go through the hassle of that.
> Now, just tell me if I got you right. Since we are comparing 3 IP > octets plus the two MD5 keys we get an attack window like this: > > hacker has three matching octets on his IP, plus he does attack while > the real user is still using the visit-session/content-session key the > hacker has stolen, right? This makes it dangerous for last pages > (those seen right before exiting site), as they actually last for ages.
This is where the maximum window comes in. You should have a maximum window that you tolerate for the users. You'll want to balance usability with security here; don't annoy your users too much. :)
Having the sequence number just adds the ability to make this window of time much smaller, as most users will browse through a site much more quickly than most timeouts. Though the "last page" opportunity you speak of does exist, the attacker must guess the correct transaction as well as accomplish the feat within your maximum window.
These are just some ideas, mind you. Many people (you sound like such a person) can develop their applications quite securely once they can step back and see the big picture and follow a few general guidelines, such as not trusting data from the client. In this case, the data from the client is like a driver's license, and rather than just use the license number, we're also checking their photograph and other personal information, so that an imposter has a more difficult time. :)
Happy hacking.
Chris
attached mail follows:
Chris Shiflett wrote:
> > These are just some ideas, mind you. Many people (you sound like such a > person) can develop their applications quite securely once they can step > back and see the big picture and follow a few general guidelines, such > as not trusting data from the client. In this case, the data from the > client is like a driver's license, and rather than just use the license > number, we're also checking their photograph and other personal > information, so that an imposter has a more difficult time. :) >
Thanks a lot! We have actually decided to use the fact that Register_globals off will end up paralyzing our legacy stuff to write a core object system that will be shared among all of our customers and have security built in at very low level. So you actually did help in projecting a number of sites security by answering to my annoying questions :)) I made sure you got credited for this on the source docs.
Thanks again :) Alberto Kiev
--
LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu? lOrD i'M sHiNiNg... YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE tHe TeSt, YeS iT iS ThE tEsT, yEs It Is tHe TeSt, YeS iT iS ThE tEsT, yEs It Is.......
attached mail follows:
Jason Wong wrote: > On Thursday 04 July 2002 09:09, Chris Shiflett wrote: > > >>As a caveat to Mr. Serra's suggestion, remember that there are *many* >>users who will go through an IP masquerading gateway or proxy, so their >>IP may fluctuate, even though they are actively browsing. For this >>reason, it is often necessary to tolerate some fluctuation in the IP >>address, perhaps only in the last octet though. > > > This can be self-defeating in that an attacker in the same network segment of > the user is probably in the best position to sniff and hijack the session > that you're trying to protect. Allowing this leeway makes the attacker's job > much easier! >
That's true. And since I am making a core structure that has to be shared by users having different security needs I guess I better leave this configurable just as the time-out interval. So local admins may decide on their own which level of security they want to apply to their sites.
Thanks for helping :)) Alberto Kiev
--
LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu? lOrD i'M sHiNiNg... YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE tHe TeSt, YeS iT iS ThE tEsT, yEs It Is tHe TeSt, YeS iT iS ThE tEsT, yEs It Is.......
attached mail follows:
Hi, I am completely new to PHP and webserver things. I followed instructions in the online manual of PHP and installed it on my Win2000 machine which has IIS istalled. I have written a hello.php program. I am stuck here. The manual does not say how to run it. I tried to open it in internet explorer, but it shows a blank page. I know this is a foolish Q, but please help me.
Thanks, Varsha
__________________________________________________ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com
attached mail follows:
Installing the web server will create a folder on your hard drive with pre-made web pages. Find this directory. This is where you'll want to put your PHP files.
You can access your personal server by opening your web browser and giving the address of
If you put files in the folder mentioned above, you would access them like this:
-----Original Message-----
From: Varsha Agarwal [mailto:agarwal_varshayahoo.com]
Sent: Wednesday, July 03, 2002 12:42 PM
To: php-generallists.php.net
Subject: [PHP] How to start hello program
Hi, I am completely new to PHP and webserver things. I followed instructions in the online manual of PHP and installed it on my Win2000 machine which has IIS istalled. I have written a hello.php program. I am stuck here. The manual does not say how to run it. I tried to open it in internet explorer, but it shows a blank page. I know this is a foolish Q, but please help me.
Thanks, Varsha
__________________________________________________ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php **************************************************************************** This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message. Thank you very much.
attached mail follows:
What address are you using the run the program?
Try using http://localhost/hello.php and see if that works. I don't use IIS, so I couldn't tell you anything relating to configuration.
>>> Varsha Agarwal <agarwal_varshayahoo.com> 07/03/02 03:42PM >>>
Hi,
I am completely new to PHP and webserver things. I
followed instructions in the online manual of PHP and
installed it on my Win2000 machine which has IIS
istalled. I have written a hello.php program. I am
stuck here. The manual does not say how to run it. I
tried to open it in internet explorer, but it shows a
blank page.
I know this is a foolish Q, but please help me.
Thanks, Varsha
__________________________________________________ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
I just installed php 4.2.1 and i have a couple of URL's that pass variables through links (www.domain.com/index.php?test=123) and when I run that it comes up on the next page and the test variable is empty? I can't figure this out but if I had to guess I would think it's some setting in the php.ini?
Any thoughts?
Thanks!
attached mail follows:
PHP now comes with register_globals set to OFF by default, as far as I'm aware. You can access the variables using $_POST['variable'] and $_GET['variable'], or turn register_globals back ON. :o)
Martin
>>> "Jay" <jaydvdfuture.com> 07/03/02 03:46PM >>>
I just installed php 4.2.1 and i have a couple of URL's that pass variables
through links (www.domain.com/index.php?test=123) and when I run that it
comes up on the next page and the test variable is empty? I can't figure
this out but if I had to guess I would think it's some setting in the
php.ini?
Any thoughts?
Thanks!
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
Thanks! Turning on register_globals and restarting Apache solved the problem!
Thanks!
----- Original Message -----
From: "Martin Clifford" <MLC1nrc.gov>
To: <jaydvdfuture.com>; <php-generallists.php.net>
Sent: Wednesday, July 03, 2002 2:46 PM
Subject: Re: [PHP] GET data in URL
PHP now comes with register_globals set to OFF by default, as far as I'm aware. You can access the variables using $_POST['variable'] and $_GET['variable'], or turn register_globals back ON. :o)
Martin
>>> "Jay" <jaydvdfuture.com> 07/03/02 03:46PM >>>
I just installed php 4.2.1 and i have a couple of URL's that pass variables
through links (www.domain.com/index.php?test=123) and when I run that it
comes up on the next page and the test variable is empty? I can't figure
this out but if I had to guess I would think it's some setting in the
php.ini?
Any thoughts?
Thanks!
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
>I just installed php 4.2.1 and i have a couple of URL's that pass variables >through links (www.domain.com/index.php?test=123) and when I run that it >comes up on the next page and the test variable is empty? I can't figure >this out but if I had to guess I would think it's some setting in the >php.ini?
Search for 'register_globals' in php.ini
Or, just use $_GET['test] instead of $test.
There's a ton of old code (sample and real) that will break with 4.2.1 because of this...
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
I apologize; this may be more a question for the people in php-install. But I'm having some problems with my mail stuff in PHP.
I have Exim version 3.12 installed, but I'm not getting any mails sent out by PHP. I *do* get this error mail, however:
This is automatically emailed back to me:
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. The following address(es) failed:
emailtheemailaddress.com:
unrouteable mail domain "theemailaddress.com"
This is in the error log files:
2002-07-02 03:26:13 17PI3B-0003sM-00 <=
roottheipaddress.org U=root
P=local S=2
95
2002-07-02 03:26:13 17PI3B-0003sM-00 **
anotheremailanotheremailaddress.com:
unrouteable mail d
omain "anotheremailaddress.com"
2002-07-02 03:26:13 17PI3B-0003sO-00 <= <>
R=17PI3B-0003sM-00 U=mail
P=local S=1
063
2002-07-02 03:26:13 17PI3B-0003sM-00 Error message
sent to
roottheipaddress.org
2002-07-02 03:26:13 17PI3B-0003sM-00 Completed
2002-07-02 03:26:13 17PI3B-0003sO-00 => root
<roottheipaddress.org>
D=localuser
T=local_delivery
2002-07-02 03:26:13 17PI3B-0003sO-00 Completed
Any thoughts? I know all these e-mail addresses and ip addresses are valid (they're either mine or of acquaintances), but the server seems to fight me on this one.
__________________________________________________ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com
attached mail follows:
Are you able to do an nslookup of these domains from the server?
-----Original Message-----
From: Liam Gibbs [mailto:liamgibbsyahoo.com]
Sent: Wednesday, July 03, 2002 12:58 PM
To: php-generallists.php.net
Subject: [PHP] Exim sendmail faults
I apologize; this may be more a question for the people in php-install. But I'm having some problems with my mail stuff in PHP.
I have Exim version 3.12 installed, but I'm not getting any mails sent out by PHP. I *do* get this error mail, however:
This is automatically emailed back to me:
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. The following address(es) failed:
emailtheemailaddress.com:
unrouteable mail domain "theemailaddress.com"
This is in the error log files:
2002-07-02 03:26:13 17PI3B-0003sM-00 <=
roottheipaddress.org U=root
P=local S=2
95
2002-07-02 03:26:13 17PI3B-0003sM-00 **
anotheremailanotheremailaddress.com:
unrouteable mail d
omain "anotheremailaddress.com"
2002-07-02 03:26:13 17PI3B-0003sO-00 <= <>
R=17PI3B-0003sM-00 U=mail
P=local S=1
063
2002-07-02 03:26:13 17PI3B-0003sM-00 Error message
sent to
roottheipaddress.org
2002-07-02 03:26:13 17PI3B-0003sM-00 Completed
2002-07-02 03:26:13 17PI3B-0003sO-00 => root
<roottheipaddress.org>
D=localuser
T=local_delivery
2002-07-02 03:26:13 17PI3B-0003sO-00 Completed
Any thoughts? I know all these e-mail addresses and ip addresses are valid (they're either mine or of acquaintances), but the server seems to fight me on this one.
__________________________________________________ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php **************************************************************************** This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message. Thank you very much.
attached mail follows:
I'm wondering if this can be done, and if so, what's the proper way to do it.
For the current issue I'm trying to unset some variables with common names and I would like to step through them with a loop. Here's where I'm at to give you an idea but the code doesn't work.
for ($i = 2; $i <= 4; $i++) { unset($level$iName); unset($level$iUrl); }
so the code unsets
unset($level2Name); unset($level2Url); unset($level3Name); unset($level3Url); unset($level4Name); unset($level4Url);
I guess I could create a variable before the unset like so
$unsetA = "level" . $i . "Name";
but that seems cloogey.
Thanks, Tom
attached mail follows:
check for eval function
-- Sincerely, val petruchek "Tom Beidler" <tom
attached mail follows:
You are on the right track with the reasoning:
$unsetA = "level" . $i . "Name";
unset($$unsetA);
HTH
Bogdan
Tom Beidler wrote:
>I'm wondering if this can be done, and if so, what's the proper way to do >it. > >For the current issue I'm trying to unset some variables with common names >and I would like to step through them with a loop. Here's where I'm at to >give you an idea but the code doesn't work. > >for ($i = 2; $i <= 4; $i++) { > unset($level$iName); > unset($level$iUrl); >} > >so the code unsets > >unset($level2Name); >unset($level2Url); >unset($level3Name); >unset($level3Url); >unset($level4Name); >unset($level4Url); > >I guess I could create a variable before the unset like so > >$unsetA = "level" . $i . "Name"; > >but that seems cloogey. > >Thanks, >Tom > > > >
attached mail follows:
List, I'm getting this error and I don't know why...can someone please help out?
// Message on my web page Warning: Undefined index: mode in /var/www/html/inc/header.php on line 3
// My Script Here 1: <?php 2: // These are globals on every page 3: $mode = $_GET['mode']; 4: $si_uuid = $_GET['si_uuid']; 5: $po_uuid = $_GET['po_uuid'];
TIA /B
attached mail follows:
> // Message on my web page > Warning: Undefined index: mode in /var/www/html/inc/header.php on line 3 > > // My Script Here > 1: <?php > 2: // These are globals on every page > 3: $mode = $_GET['mode']; > 4: $si_uuid = $_GET['si_uuid']; > 5: $po_uuid = $_GET['po_uuid'];
PHP is warning you that 'mode' is not an index of $_GET. So whatever text box or check box or whatever that was supposed to set 'mode', didn't. You should check that $_GET['mode'] is set before you attempt to capture it's value.
if(isset($_GET['mode']) { $mode = $_GET['mode'];} else { $mode = "default"; }
---John Holmes...
attached mail follows:
List, The following code is erroring for me and I can't figure out why
$db = odbc_connect("something", "something", "passwd"); printf("%s", $db); // Prints ID 1 // Hangs here it looks like $rs = odbc_exec($db, "spGetItems"); // Never gets here while(odbc_fetch_row($rs)) { printf("%s", odbc_result($rs, 2)); }
attached mail follows:
David:
On Wed, Jul 03, 2002 at 02:19:28PM -0700, David Busby wrote: > > $rs = odbc_exec($db, "spGetItems");
Uh, what is "spGetItems?" The second argument of odbc_exec() is supposed to be a query string. That doesn't look like a query string.
--Dan
--
PHP classes that make web design easier
SQL Solution | Layout Solution | Form Solution
sqlsolution.info | layoutsolution.info | formsolution.info
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
4015 7 Av #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409
attached mail follows:
>when I echo menu($id) I get the current page's title. > >How do I print it's peers and it's single parent?
You will need a second query to ask for all the children of the parent:
$peer_query = "select id as child_id, title from meta_data where pid = $pid"; $peers = mysql_query($query) or error_log(mysql_error()); while (list($child, $child_title) = mysql_fetch_row($peers)){ echo "$child_title ($child)<BR>\n"; }
>P.P.P.S. All pages have information provided by this script: > >$fn = explode("/", $_SERVER['PHP_SELF']); > $num_of_s = count($fn) - 1; > $fn = "$fn[$num_of_s]"; > $query = "SELECT * FROM meta_data WHERE page_name = '$fn'"; > $result = mysql_query($query); > $num_results = mysql_num_rows($result); > $row = mysql_fetch_array($result); > $id = $row['id']; > $pid = $row['pid']; > $title = $row['title']; > $description = $row['description']; > $keywords = $row['keywords']; > >It is my metadata page and is used all over the place. so why re-query the >db for it's parent?
I'm saying: Don't do that. Don't use * in this first query. In *ANY* query, specify *exactly* which columns you need. You'll be a lot less confused by your data when you start forcing yourself to be more precise in your code about what you want.
*CHANGE* the line above to: $query = "select id, pid, title, description, keywords from meta_data where page_name = '$fn'";
Then, after you have the $pid, add in the stuff I wrote above.
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
Thx.
I a bit of a n00b so don't always understand.
I is a lot clearer now thank you
-- JJ Harrison webmaster
attached mail follows:
>1) does this HTTP protocol work with all browsers?
Every one I've ever seen...
But it *might* not work with, say, Mozilla 1.0 from 1989 or so... :-)
>2) are there any complications that need to be addressed
Yes.
Once you decide to send a Location: header, all bets are off on the other headers and HTML getting to the browser, and what the browser will do with them.
The browser might take your cookie, it might not. The browser might display your html, it might not. The browser might take your Expiration date, it might not. The browser might immediately jump right to the next page, ignoring anything else in your HTTP stream, it might not.
It's a good idea to get in the habit of doing:
header("Location: xxx"); exit;
There's no point in sending any more data after the Location: header anyway, and you won't confuse yourself with looking at any more data in the output stream nor any more source code.
>3) is there an accepted best style of the header text to maximise multiple >browser compatibility
Use the FULL URL, not just foo.html
>4) should I be asking this in a different new group? Perhaps http.general?
You probably should ask it somewhere else, but I dunno exactly where...
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
> >I get the following error when i try to install an app >called "PHPwebsite" ( http://phpwebsite.appstate.edu/ ) > >Warning: Cannot add header information - headers already sent by > (output started at C:\apache\htdocs\php\setup\index.php:9) >in C:\apache\htdocs\php\htmlheader.php on line 30 > > >I also installed php,apache,perl,mysql etc using a program called: >"PHPtriad" ( an app that installs/configures everything at once) > >Why am I getting that error, can anyone help? > >===================================================== >below is the header.php file I'm having trouble with: >=====================================================
The file below (now cut) is not your problem.
The problem is in lines 1 through 9 of index.php
You see, you *CANNOT* send any data to the browser before calling header() function.
Look, it's called a "header" for a reason. It comes at the HEAD (before) *ANY* HTML, GIF, JPEG, or other data. Sample output:
Try this:
<?php echo 'foo';?>
Now, upload that to your web-server, and do like this:
telnet yourwebserver.com 80 GET /foo.php HTTP/1.0 Host: yourwebserver.com
Hit return a couple times after that Host line.
See all that crap?
Look at it.
See the stuff *BEFORE* the blank line? Those are "headers"
See the 'foo' after the blank line? That's the content.
What do you think will happen if you try to do:
Header: blah, blah, blah Header: blah, blah, blah Header: blah, blah, blah
foo Header: blah blah, blah
See how that works? You can't do that.
That's what you tried to do.
Somewhere in index.php, on line 9, actually, you sent CONTENT to the browser. So PHP *had* to send the blank line marking the end of the headers.
Then, you went and tried to send some more headers.
No can do, buckaroo!
The blank line signalling the end of the headers already went out, and PHP can't suck it back in.
I dunno what you have in line 9 of index.php, but that's where the problem really is. Honest.
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
You started the same thread yesterday. I pointed you to the answer. You replied, saying, in essence, that you don't want put any real effort or thought into learning. Now, you're starting a whole new thread.
Sad.
--Dan
--
PHP classes that make web design easier
SQL Solution | Layout Solution | Form Solution
sqlsolution.info | layoutsolution.info | formsolution.info
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
4015 7 Av #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409
attached mail follows:
>Well I have a system that people can login to, and I want to produce an >array (or something of the sort) >that holds who is logged in so that I can monitor it.
Aha!
The "who's logged in right now" feature! :-)
Problem #1. First, you need to clearly define "logged in"
Am I logged in for the less than 2 (hopefully!) seconds that it takes me to download a single HTTP page, or am I logged in until I "log out" or am I logged in until I don't do nothing for N minutes, and then I'm auto-logged-out, or some combination.
Because "logged in" has *NO* real meaning in an HTTP connection, unless you want to strictly show who's using each HTTP connection at this 2-second instance in time...
> The problem is that >sessions are local to the clients machine
No, no, no.
PHP session data all lives on the server, except for the cookie ID on their local machine, and you can even avoid the cookie ID if you want to use the SID in every URL/ACTION/POST/GET HTTP connection.
>so if I tried to put this information in the session then the only >information that I would get back is the people that >are >logged in on my machine, not the server (Please tell me if I wrong in what >I say here).
Either I'm not understanding what you want, or you're *WAY* off target...
If you want to know who is LOGGED IN to telnet/SSH on your WEB server, you'd want to do like:
<?php `who`; # Is it called 'who' ? Whatever Un*x command tells you who's logged on.?>
If you want the web-server to know who is LOGGED ON to your desktop, there's no way PHP can do that. Big, big, big security issue on that one...
Now, maybe, if you had a Java applet and you authorized it to run and it sucked in who was logged in to your desktop and sent that back to a Java servelet, you could do that...
Dunno who would want that or why, nor who would trust the applet enough to run it in the first place, but I think you *could* do that...
If you want to know who's surfing your web-site "now", then you need to better define what "now" means, and read the other parts of this post.
> Therefore I need to be able to >but this >information in the session and have it available to all sessions (sort of >like the way static variables in Java belong >to the class and >not the individual objects that are created from that class). So if you >undersatnd what I'm trying to do here and know >of a way >to do it I would love to here it.
Easiest way to do this:
First, alter your user login/management table so that there is an 'activity' datetime field.
Next, include something like this file on every page:
<?php $query = "update users set activity = now() where user_id = $user_id"; mysql_query($query) or error_log(mysql_error()); ?>
To see who's "logged on", just do:
<?php $query = "select username from users where activity + 5*60 >= now()"; $current = mysql_query($query) or error_log(mysql_error()); while (list($username) = mysql_fetch_row($current)){ echo "$username<BR>\n"; } ?>
5*60 is 5 minutes. (60 seconds per minute) Change that to whatever you like.
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
>I have a php script that performs a query and then dynamically builds a >section of a page for every row returned. Each section has some fields and >three submit buttons. My problem is this. If I make a change to one >particular section, how can I submit the form passing only the relevant >section data?
Here are a couple ideas:
1. Have a different <FORM></FORM> for each section.
2. Have only one <FORM></FORM>, but name all the data so that the button and the 'section' are identifiable. All the other data is still transmitted, but you ignore it.
Example of #2:
<FORM> <?php $query = "select foo_id, foo from abc"; $data = mysql_query($query) or error_log(mysql_error()); while (list($foo) = mysql_fetch_row($data)){ echo "$foo<BR>\n"; echo "<INPUT TYPE=SUBMIT NAME=delete[$foo_id] VALUE='Delete'><BR>\n"; echo "<INPUT TYPE=SUBMIT NAME=update[$foo_id] VALUE='Update'><BR>\n"; echo "<INPUT TYPE=SUBMIT NAME=duplicate[$foo_id] VALUE='Duplicate'><BR>\n"; } ?> </FORM>
The "action" part would be something like this:
if (isset($delete)){ list($foo_id) = $delete; # The foo_id is the key, and the value was 'Delete' $query = "select from foo where foo_id = $foo_id"; mysql_query($query) or error_log(mysql_error()); } elseif (isset($update)){ list($foo_id) = $update; $query = "update foo set count = count + 1 where foo_id = $foo_id"; mysql_query($query) or error_log(mysql_error()); } elseif (isset($duplicate)){ list($foo_id) = $duplicate; $query = "insert into foo(count) select count from foo where foo_id = $foo_id"; mysql_query($query) or error_log(mysql_error()); }
It's a case of the medium *is* the message, I guess.
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
><? >$output = shell_exec("uudeview -i /bla/bla.txt -p /bla/bla/"); >echo "<pre>"; >echo $kick_my_ass; >echo "</pre>"; >?> > And I get nothing :(. Script like below:
Well, no...
Your data is in $output, and you are echo-ing out $kick_my_ass... Try echo $output
><? >$output = shell_exec("uudeview"); >echo "<pre>"; >echo $kick_my_ass; >echo "</pre>"; >?> > Work fine outputting me command line parameters. > > What have I done wrong?
It's also possible that you just made a typo here, but the real code has the right variables...
In that case, try this:
$command = "uudeview -i /bal/bal.txt -p /bla/la"; exec($command, $results, $errorcode); echo implode("<BR>\n", $results); if ($errorcode){ echo "OS Error: $errorcode. Use 'man errno' to look it up, but it's probably path/permissions.<BR>\n"); }
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
>I want to show info when my docs are viewed though my stats program. I have >decieded the best way would be to put the info into a DB through php file >then output the PDF, Excel, Zip or Powerpoint file. > >Only trouble is I have no Idea how to do this
Stuffing the actual data into your database doesn't really give you much added value to tracking who is viewing it...
Write something like this:
---------- display.php ---------------------- <?php $query = "update stats set count = count + 1 where filename = '$filename'"; mysql_query($query) or error_log(mysql_error());
# If it's the first time this file has ever been displayed... if (mysql_affected_rows() < 1){ $query = "insert into stats(filename, count) values('$filename', 1)"; mysql_query($query) or error_log(mysql_error()); }
readfile($filename); ?> ---------------------------------------------
You can then put your PDF files *outside* your web-tree so nobody can read them, except like:
http://yourserver.com/display.php?filename=foo.pdf
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
Thx.
I can output the file using readfile(). But the problem is that it appears to output the data in it's raw form. How can I get it to open in the right application?
I wasn't going to put the file in the DB. I am just working on a stats program for a couple of sites. One had about 50 downloads and I want info about who is viewing them also.
JJ Harrison
webmastertececo.com
www.tececo.com
"Richard Lynch" <richphpbootcamp.com> wrote in message
news:20020703213010.BFZW903.sccrmhc03.attbi.com[192.168.1.103]...
> >I want to show info when my docs are viewed though my stats program. I
have
> >decieded the best way would be to put the info into a DB through php file
> >then output the PDF, Excel, Zip or Powerpoint file.
> >
> >Only trouble is I have no Idea how to do this
>
> Stuffing the actual data into your database doesn't really give you much
> added value to tracking who is viewing it...
>
> Write something like this:
>
> ---------- display.php ----------------------
> <?php
> $query = "update stats set count = count + 1 where filename =
> '$filename'";
> mysql_query($query) or error_log(mysql_error());
>
> # If it's the first time this file has ever been displayed...
> if (mysql_affected_rows() < 1){
> $query = "insert into stats(filename, count) values('$filename', 1)";
> mysql_query($query) or error_log(mysql_error());
> }
>
> readfile($filename);
> ?>
> ---------------------------------------------
>
> You can then put your PDF files *outside* your web-tree so nobody can read
> them, except like:
>
> http://yourserver.com/display.php?filename=foo.pdf
>
>
> --
> Like Music? http://l-i-e.com/artists.htm
>
attached mail follows:
>I am trying to make my PHP safe against malicious data user inputs. >Reading up on this most people suggest using addslashes(), magic_quotes >on and other things like mysql_escape_string(); > >But I have been running into the problem that I mess up the user's input >because I use more then one of these functions in succession on the data. > >Is there any way to prevent the "re-escaping"/"re-slashing" of data that >has already been escaped or slashed?
There are functions to determing if Magic Quotes are on or not.
So, you would do:
function maybe_addslashes($text = ''){ if (get_php_ini('magic_quotes')){ $result = $text; } else{ $result = addslashes($text); } return $result; }
This is not nearly enough to stop 'malicious' data -- It simply makes it easier to insert the data they have provided to a database...
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
>magic_quotes is convenient for newbies, but after a while you'll find it >only trips you up, as you've discovered.
Odd.
In the 5 years I've been doing PHP, magic quotes has never hurt me in the least.
It's just more convenient than calling addslashses() all over the place.
And do you really nead to call stripslashes() to get the data out?
I mean...
Look the MySQL SQL engine is going to 'parse' your SQL, right?
And that parser is going to 'swallow up' the 'extra' \ characters -- Those characters exist to 'escape' the things MySQL needs to store.
Now, when MySQL spews that data out again, does it go adding back in escape characters?! Surely not... Maybe if you turn on the sql_magic_quotes feature, PHP will do it for you, but MySQL doesn't do it, does it?
You *DO* need stripslashes() when you have magic quotes on, and you wish to display data that has come from the user, as well as insert it to the database. (Or if that particular data was never meant to go to the database in the first place.)
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
>I'm having a weird problem with ora_do. It works fine as long as I don't >have a "WHERE" clause in the query. For example: > >select * from table_name > >works just fine but .... > >select * from table_name where col_name = value > >returns nothing. > >However, if I use ora_open, ora_parse and ora_exec everything works fine. >I'm running on Compaq Tru64 ver 5.1. I compiled PHP with gcc 3.1. I'm not >getting any errors or warnings and nothing is being logged in the Apache >logs. I guess it's not a big deal since I have been able to work around it, >but it would be nice to know what the problem is.
Show us real source code...
Nothing in what you say seems 'wrong', but who knows?
Wild Guesses:
You're not seeing any errors because you're not *ASKING* to see any errors. You have to specifically request error messages to be displayed or logged somewhere.
You are doing something like: $x = 2; $query = "select * from table_name where col_name = x"; And, oddly enough, there are none with 'x' even though there are lots with 2... So, there's no problem with the query, it's just not the query you intended. Try printing out your query, and paste it into the Oracle command-line thingie (sql-dba?)
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
>Say that the end-user closed the browser(s) without logging off. The >$_SESSION can not be destroyed because the broswer(s) is closed. So, if hte >end-user did log off and close the browser(s). How can I destroy the >$_SESSION since the session_register() & session_destroy() can not be used >with the register global turned off.
Sessions will "die" after a certain period of inactivity, unless you configure php.ini to *NOT* do that...
Read php.ini
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
List, Has anyone done this before? I got it to work for my root account on my computer but I cannot get access from my PHP scripts when I run under the "apache" user? What the dilly yo?
Setup: RH7.3 PHP4 unixODBC freeTDS
attached mail follows:
It sounds like you need to give your apache account access to the database. You can test this by logging in as root and running "su - apache". You'll be logged in as Apache; try running the commands you used to test everything when logged in as root. You'll probably get errors that will hopefully lead you to an answer.
-----Original Message-----
From: David Busby [mailto:busbypnts.com]
Sent: Wednesday, July 03, 2002 3:01 PM
To: php-general
Subject: [PHP] Using PHP to access a Microsoft SQL server
List, Has anyone done this before? I got it to work for my root account on my computer but I cannot get access from my PHP scripts when I run under the "apache" user? What the dilly yo?
Setup: RH7.3 PHP4 unixODBC freeTDS
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php **************************************************************************** This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message. Thank you very much.
attached mail follows:
Richard Lynch: It's amazing to see how many helpful and informative messages you're able to rattle off on a daily basis. You're a major contribution to the community - Good job!
**************************************************************************** This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message. Thank you very much.
attached mail follows:
On Wed, 3 Jul 2002, Lazor, Ed wrote:
>Richard Lynch: It's amazing to see how many helpful and informative >messages you're able to rattle off on a daily basis. You're a major >contribution to the community - Good job!
Absolutely. ..and not only does Richard offer lots of great answers in a timely manner, he does so with great wit and a true 'get the job done' programmer style that I myself have come to embrace. Richard has assisted me on more than one occasion.
Great job Richard. Glad your around man.
-- ----------------------------------------------------------------------- Greg Donald http://destiney.com/ -----------------------------------------------------------------------
attached mail follows:
Hello,
On 07/03/2002 07:01 PM, Ed Lazor wrote: > Richard Lynch: It's amazing to see how many helpful and informative > messages you're able to rattle off on a daily basis. You're a major > contribution to the community - Good job!
Yeah, for many years Richard is entitled to the Mr-PHP-Help award. :-)
--Regards, Manuel Lemos
attached mail follows:
List, I think I saw this one on here before...when reading/writing the database I get this when executing odbc_exec(...); What was the fix?
FATAL: emalloc(): Unable to allocate 1073784417 bytes
attached mail follows:
wow, 107megs of ram in one process is impressive. Have you checked your php.ini max memory setting? Is there sufficient ram / swap file space? Got enough free drive space?
-----Original Message----- List, I think I saw this one on here before...when reading/writing the database I get this when executing odbc_exec(...); What was the fix?
FATAL: emalloc(): Unable to allocate 1073784417 bytes **************************************************************************** This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message. Thank you very much.
attached mail follows:
Wow, Thats what that means? There must be some error. The procedure I'm trying to run doesn't return that much data and it will run via 'isql'. Anything else I should check?
/B
Lazor, Ed wrote: > wow, 107megs of ram in one process is impressive. Have you checked your > php.ini max memory setting? Is there sufficient ram / swap file space? Got > enough free drive space? > > -----Original Message----- > List, > I think I saw this one on here before...when reading/writing the > database > I get this when executing odbc_exec(...); What was the fix? > > > > FATAL: emalloc(): Unable to allocate 1073784417 bytes > > **************************************************************************** > This message is intended for the sole use of the individual and entity to > whom it is addressed, and may contain information that is privileged, > confidential and exempt from disclosure under applicable law. If you are > not the intended addressee, nor authorized to receive for the intended > addressee, you are hereby notified that you may not use, copy, disclose or > distribute to anyone the message or any information contained in the > message. If you have received this message in error, please immediately > advise the sender by reply email and delete the message. Thank you very > much. >
attached mail follows:
Jean-Christian Imbeault wrote:
> I'm writing my first commercial site and of course I am thinking about > security. I'm worried about someone using a flaw in my PHP script > logic to access information they shouldn't. > > I've read the PHP books I have and Googled around but can't quite find > specific answers to my questions about PHP and security. > > In general how does one go about hardening a PHP script. i.e. making > it as "hacker-proof" as possible
I'm sure you'll get a lot of responses to this including various opinions, so this will be short and a bit vague.
The most important thing you can do as a developer is:
1. Never, ever trust data from the client
That is the main thing you should focus on. There are many different methods of "cleaning" or "filtering" data from the client, and all of these have these key characteristics:
1. They make sure the data contains acceptable characters (rather than attempting to make sure it does *not* contain unacceptable characters - very important distinction). 2. They employ a strict naming convention that clearly identifies which data has/has not been filtered. For example, assign $clean_blah=$blah when you have found $blah to be acceptable. In order for this to be useful, you should never accept any data from the client that has a name beginning with "clean_", and you should only use the clean variables in queries or logical statements that affect access or any other critical function.
Along these lines, you should never make any assumptions in your scripts. For example, if you have a variable that can only have three possible values, don't do [if, elseif, else], rather do [if, elseif, elseif].
Also, make sure you intialize all variables you are depending on. In adhering to the golden rule mentioned above (Never, ever trust data from the client), you need to make sure you don't accidentally accept data from the client and think it is something that you set. People might try to include rogue variables in the URL, post their own forms to various URLs in your application, etc.
Basically, if you code very carefully and deliberately, you will create a very secure application. Many people focus only on securing the environment, but writing secure code is often much more important.
Hope that helps give you some ideas.
Chris
attached mail follows:
Chris Shiflett wrote: > Jean-Christian Imbeault wrote: >> In general how does one go about hardening a PHP script. i.e. making >> it as "hacker-proof" as possible
There is no such thing as a 100% secure solution (this applies to everything running on a computer, PHP included). But basically you can make it pretty secure. Then again, quite a lot depends on what you are going to write. Govt/Banks need much more defense than a small/midsized commercial site (and are capable to pay for it). You can basically be happy with some care in you development, just make sure your customers do understand the amount of time this is going to take and are ready to pay for it. Then let them decide themselves, but if you see they choose a risky path in order to save budget money do write them a formal letter, in which you acknowledge the problem. Many customers do not think they need security until it's too late, then they get mad at you because they did not want to buy the extra time for secure coding. So make sure everyone knows what their responsibility are and make sure this is stated on paper.
> 1. Never, ever trust data from the client
That's it. If you leave Register_globals off you will be sure you get only what you need to get. Then, of course, you shall control data content. As I am sure you know yourself most of the trouble will come from uncorrect data input. You might actually write client-side javascript controls to avoid uncorrect input and then think that your data are clean. This is where most of the problems come from (as Chris points out, it's not difficult to post a form to your script after writing it at home, or just do a plain command line call with altered parameters from a user browser, I see that stuff on our customers logs quite often). So, no matter what you checked on the client, check it again on the server (even if you are not paranoid, some users may just have disabled their javascript, right?)
> Basically, if you code very carefully and deliberately, you will create > a very secure application. Many people focus only on securing the > environment, but writing secure code is often much more important.
Words of wisdom! and actually about 75% of the code you write is dedicated to this very job, if you really want to get a stable application.
Alberto Kiev
--
LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu? lOrD i'M sHiNiNg... YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE tHe TeSt, YeS iT iS ThE tEsT, yEs It Is tHe TeSt, YeS iT iS ThE tEsT, yEs It Is.......
attached mail follows:
This is a strange one...
<h1>test</h1> <form action="https://my.server/reports.php" method="post" target="_blank"> <input type=text value='1' name=pdf_client_num> <input type=text value='q1_2002' name=pdf_time_period> <input type=text value='reports' name=task> <input type=text value='pdf' name=report_type> <input type=text value='admin' name=u> <input type=submit value='Show PDF'> </form> <form action="https://my.server/reports.php" method="get" target="_blank"> <input type=text value='1' name=pdf_client_num> <input type=text value='q1_2002' name=pdf_time_period> <input type=text value='reports' name=task> <input type=text value='pdf' name=report_type> <input type=text value='admin' name=u> <input type=submit value='Show PDF'> </form>
These forms are identical with the exception of the post/get methods.
A PDF file is being dynamically generated and displayed in a pop-up.
The GET method form works fine, while the POST method (which is what I need to use) pops up a message about the page containing both secure and nonsecure data.
WTF?
Any help out there?
Thanks in advance, Pete.
attached mail follows:
Hi all. I'm having problems using sessions. I've been able to narrow it down to a configuration problem, but I have no idea what to look for in php.ini or whatever.
Anyway, let me explain a bit more. For some odd reason php on my local machine will not pass any variables when you either reload the page or when you try and pass the $PHPSESSID to another page. For example, I've used a test script that is supposed to work like a counter.
<?PHP session_start(); session_register('count'); $count++; print("<P>You have been here $count times.</P>"); ?>
Okay, so when you reload this script it's supposed to increase $count by one. But it doesn't. No matter how many times I reload it stays at 1.
I'm using GNU Debian Linux Unstable (PPC platform) with Apache 1.3.26-1, PHP 4.2.1. I don't know how much this has to do with this, but I do have track-vars enabled.
Thanks for any light you can shed on this.
-Mannequin.
attached mail follows:
Hello,
I'm trying to use xslt_process with $arguments like in the third example in the online documentation, but I'm not having any luck. I can run the same .xml and .xsl using the simple examples, but I cannot when using the $arguments example. I would really like to get this figured out, but I've run into a brick wall and I can't seem to understand why it doesn't work.
I've pasted my .xml, .xsl and .php files below.
Thanks,
John
This does transform the xml and produce results: ----------------------------------------------------------------------- <?php // Create an XSLT processor $xh = xslt_create(); xslt_set_base($xh, "file://D:/Inetpub/wwwroot/phpxml/");
// NEED TO FIGURE OUT HOW TO SPECIFY THE INPUT XML and XSL FILE LOCATIONS!!!
// Process the XML $result = xslt_process($xh, 'test.XML', 'test.xsl'); if ($result){ // print "SUCCESS, book.xml was transformed by book.xsl into result.xml"; // print "result.xml has the following contents\n<br/>\n"; // print "<pre>\n"; print $result; // print "</pre>"; } else { print "Sorry, failure!"; print "<br/>"; echo xslt_error($xh); print "<br/>"; echo xslt_errno($xh); }
xslt_free($xh); ?> -----------------------------------------------------------------------
This does not: ----------------------------------------------------------------------- <?php echo "one"; // Grab the XSL and XML files $xsl = xmldoc(implode("",file("test.xsl"))); $xml = xmldoc(implode("",file("test.xml")));
// Set up the Arguments thingy $args = array( '/_xml'=>$xml, '/_xsl'=>$xsl );
// Create an XSLT processor $xh = xslt_create();
// Process the XML $result = xslt_process($xh, 'arg:/_xsl', 'arg:/_xml', null, $args); //$result = xslt_process($xh, 'files\book.XML', 'files\book.xsl', NULL, $args);
if ($result){ // print "SUCCESS, book.xml was transformed by book.xsl into result.xml"; // print "result.xml has the following contents\n<br/>\n"; print "<h2> Yes! </h2>\n"; print "<pre>\n"; print $result; print "</pre>"; } else { print "Sorry, failure!\n"; print "<br/>\n"; echo xslt_error($xh); print "<br/>\n"; echo xslt_errno($xh); }
xslt_free($xh); ?> -----------------------------------------------------------------------
The XML File: ----------------------------------------------------------------------- <?xml version="1.0" encoding="UTF-8"?>
<book>
<!-- Title of the book --> <title>Professional Php Programming (Programmer to Programmer)</title>
<!-- Authors of the book --> <text>This book has been authored by:</text> <authors> <author number="1">Sascha Schumann</author> <author number="2">Harish Rawat</author> <author number="3">Jesus M. Castagnetto</author> <author number="4">Deepak T. Veliath</author> </authors>
<!-- Image of the book -->
<text>A picture of the book's cover: </text>
<picture>http://images.amazon.com/images/P/1861002963.01.MZZZZZZZ.jpg
re>
<!-- Pricing info-->
<text>The pricing of the book is as follows:</text>
<prices>
<price>List price: $49.99</price>
<price>Our price: $39.99</price>
<price>You save: $10.00</price>
</prices>
<!-- Other misc info-->
<text>Here is some sundry info about the book:</text>
<bookinfo>
<type>Paperback</type>
<amazonrank>6,337</amazonrank>
<pages>909</pages>
<publisher>Wrox Press</publisher>
<isbn>1861002963</isbn>
<size>2.00 x 9.16 x 7.30</size>
<url>http://www.amazon.com/exec/obidos/ASIN/1861002963/o/qid=986194881/sr=8-
1/ref=aps_sr_b_1_1/107-4263716-8514955</url>
</bookinfo>
</book>
-----------------------------------------------------------------------
The XSL File:
-----------------------------------------------------------------------
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:fo="http://www.w3.org/1999/XSL/Format">
<xsl:template match="/">
<html><body>
<xsl:apply-templates/>
</body></html>
</xsl:template>
<!-- This is the title of the page -->
<xsl:template match="title">
<b><u>
<xsl:value-of select="."/>
</u></b>
</xsl:template>
<xsl:template match="text">
<p/> <b>
<xsl:value-of select="."/>
</b><br/>
</xsl:template>
<xsl:template match="authors">
<table>
<xsl:apply-templates/>
</table><br/>
</xsl:template>
<xsl:template match="author">
<tr>
<td>
<xsl:value-of select=" <xsl:template match="prices">
<p/> <table>
<xsl:apply-templates/>
</table><p/>
</xsl:template>
<xsl:template match="price">
<tr>
<td>
<xsl:value-of select="."/>
</td>
</tr>
</xsl:template>
<xsl:template match="bookinfo">
<p/>
<xsl:apply-templates/>
<p/>
</xsl:template>
<xsl:template match="bookinfo/*">
<xsl:choose>
<xsl:when test="local-name(.)='type'">
<b>Type:</b>
</xsl:when>
<xsl:when test="local-name(.)='amazonrank'">
<b>Amazon rank:</b>
</xsl:when>
<xsl:when test="local-name(.)='pages'">
<b>Number of pages:</b>
</xsl:when>
<xsl:when test="local-name(.)='publisher'">
<b>Publisher:</b>
</xsl:when>
<xsl:when test="local-name(.)='isbn'">
<b>ISBN #:</b>
</xsl:when>
<xsl:when test="local-name(.)='size'">
<b>Dimensions in inches:</b>
</xsl:when>
<xsl:when test="local-name(.)='url'">
<b>More info from this link:</b>
</xsl:when>
</xsl:choose>
<xsl:value-of select="."/>
<br/>
</xsl:template>
</xsl:stylesheet>
-----------------------------------------------------------------------
attached mail follows:
Hi, I installed php and mysql today and I'm trying to use phpMyAdmin but
I'm receiving the error message:
cannot load MySQL extension,
please check PHP Configuration.
I checked the php.ini and couldn't find anything related, my configure
command says '--with-mysql=shared,/usr' and I have no idea why it's not
working.
I'm using redhat 7.3, Apache 1.3.23, php 4.1.2 and MySQL 3.23.51
Any idea or similar problem??
Thanks.
Jadiel
attached mail follows:
What do you do if you have a huge form that you want broken up into several
different forms but each time the submit button is pressed the info is saved
to the sql table.
Do you just create the table on the first form submit and then on each
subsequent form you just update the table?
attached mail follows:
On Wed, Jul 03, 2002 at 07:18:45PM -0600, CM wrote:
>
> What do you do if you have a huge form that you want broken up into several
> different forms but each time the submit button is pressed the info is saved
> to the sql table.
>
> Do you just create the table on the first form submit and then on each
> subsequent form you just update the table?
In that second paragraph, I suspect you mean "record" rather than "table."
Your approach sounds fine. Grab the Insert ID from the INSERT INTO
statement and put it into a hidden field in your subsequent forms.
--Dan
attached mail follows:
CM wrote:
> What do you do if you have a huge form that you want broken up into several
> different forms but each time the submit button is pressed the info is saved
> to the sql table.
>
> Do you just create the table on the first form submit and then on each
> subsequent form you just update the table?
If you just do that chances are your table will be mostly made of
uncomplete (and useless) records. It looks like a long sequence and many
a user will leave it uncomplete.
If you want to save DB performance (by not fragmenting the table too
much) you'll better do that on a temporary table that has the same
format of the real table plus two more fields:
1) a session identifier (use something like a session id to recognize
current user input).
2) a timestamp.
This temporary table usually will have no referential checks (as they
might need full data set to make sense). Still, referential integrity
should be checked along the way by some code.
Once you finally have all the stuff you need you just:
1) select previous data from temporary table
2) add last form input
3) insert it in the real table
4) delete from the temporary table the record having the current identifyer.
Still, the temporary table will be crowded with all the uncomplete
sequences. If you cannot set a cleaning job on the server's chron just
have the first form of your input sequence delete all temporary records
that are older than delta time (where delta depends on the input process
you are managing).
This way your real table stays compact and DB performs much better.
Alberto
Kiev
LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu?
lOrD i'M sHiNiNg...
YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is.......
attached mail follows:
I have a function that writes meta tags... if a tag (or tags) is not
specified, then it gets a default value... is there a cleaner way to
do this?
function print_pmeta ($type)
{
if ($type["description"]) {
print '<meta name="description" content="' . $type["description"]
. '" />';
}
else {
print '<meta name="description" content="generic description" />';
}
if ($type["keywords"]) {
print '<meta name="keywords" content="' . $type["keywords"] . '"
/>';
}
else {
print '<meta name="keywords" content="generic keyword list" />';
}
}
print_meta2(array(
"description" => "A Real Description"
));
c
attached mail follows:
On Wed, Jul 03, 2002 at 05:44:28PM -0800, Chris Lott wrote:
>
> I have a function that writes meta tags... if a tag (or tags) is not
> specified, then it gets a default value... is there a cleaner way to
> do this?
Not that I can think of. I do have some thoughts, though...
> if ($type["description"]) {
if ( !empty($type['description']) ) {
Would be a better way to do this check, because that key may not be set
and if your error reporting level ever gets elevated, you'll be getting
lots of warnings.
> if ($type["keywords"]) {
> print '<meta name="keywords" content="' . $type["keywords"] . '"
> />';
> }
> else {
> print '<meta name="keywords" content="generic keyword list" />';
> }
I'd also tweak the process a bit to have just the different parts in the
if statement:
print '<meta name="keywords" content="';
if ( empty($type['keywords']) ) {
echo 'generic keyword list';
} else {
echo $type['keywords'];
}
echo '" />';
Note use of single quotes around the array key names, as well.
Enjoy,
--Dan
attached mail follows:
On Wed, 3 Jul 2002, Analysis & Solutions wrote:
> On Wed, Jul 03, 2002 at 05:44:28PM -0800, Chris Lott wrote:
> >
> > I have a function that writes meta tags... if a tag (or tags) is not
> > specified, then it gets a default value... is there a cleaner way to
> > do this?
>
> Not that I can think of. I do have some thoughts, though...
[...]
Good points. But I have a question about this:
> Note use of single quotes around the array key names, as well.
Why is this better-- I assume because PHP doesn't have to check for
variables to interpolate with single quotes?
Thanks!
c
attached mail follows:
On Wed, Jul 03, 2002 at 06:03:59PM -0800, Chris Lott wrote:
> On Wed, 3 Jul 2002, Analysis & Solutions wrote:
>
> > Note use of single quotes around the array key names, as well.
>
> Why is this better-- I assume because PHP doesn't have to check for
> variables to interpolate with single quotes?
DING! :) Sorry, no prizes, though...
--Dan
attached mail follows:
Hi, i want to know if i can convert this:
echo fgets($conexion,256);
to a variable, or store it to a MySQL database, and then email that variable
or data in the MySQL database...thx :D
_________________________________________________________________
MSN Fotos: la forma más fácil de compartir e imprimir fotos.
http://photos.msn.es/support/worldwide.aspx
attached mail follows:
On Wed, Jul 03, 2002 at 08:23:11PM -0600, Jose Arce wrote:
> Hi, i want to know if i can convert this:
>
> echo fgets($conexion,256);
>
> to a variable, or store it to a MySQL database, and then email that
> variable or data in the MySQL database...thx :D
Yes. Anything you can echo you can put into a variable.
$var = fgets($conexion,256);
Then you can do whatever you want with the string. Email it, put it in a
database, echo it out, unset it...
--Dan
number"/>.
</td>
<td>
<xsl:value-of select="."/>
</td>
</tr>
</xsl:template>
--
PHP classes that make web design easier
SQL Solution | Layout Solution | Form Solution
sqlsolution.info | layoutsolution.info | formsolution.info
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
4015 7 Av #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409
--
-_=}{=_--_=}{=_--_=}{=_--_=}{=_--_=}{=_--_=}{=_--_=}{=_-
--
PHP classes that make web design easier
SQL Solution | Layout Solution | Form Solution
sqlsolution.info | layoutsolution.info | formsolution.info
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
4015 7 Av #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409
--
PHP classes that make web design easier
SQL Solution | Layout Solution | Form Solution
sqlsolution.info | layoutsolution.info | formsolution.info
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
4015 7 Av #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409
--
PHP classes that make web design easier
SQL Solution | Layout Solution | Form Solution
sqlsolution.info | layoutsolution.info | formsolution.info
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
4015 7 Av #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409