NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > PHP Discussion Digest> 2002-07

php-general-digest-help_at_lists.php.net
Date: Tue Jul 09 2002 - 01:00:38 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

php-general Digest 9 Jul 2002 06:00:38 -0000 Issue 1453

Topics (messages 106142 through 106240):

UNSETing Session Variables
        106142 by: jepadilla.bh-corp.com
        106144 by: Kevin Stone
        106147 by: jepadilla.bh-corp.com
        106152 by: Kevin Stone
        106163 by: jepadilla.bh-corp.com
        106164 by: Kevin Stone
        106166 by: jepadilla.bh-corp.com
        106167 by: Kevin Stone
        106169 by: jepadilla.bh-corp.com
        106171 by: Martin Clifford

Re: Editing Word Documents
106143 by: Kevin Stone
106176 by: Joshua Alexander

Re: Checking for a successful login and setting a global flag.
        106145 by: Kevin Stone
        106151 by: Kevin Stone
        106155 by: Pete James
        106158 by: Martin Clifford

Best Content Management METHOD...
        106146 by: Monty
        106148 by: Lowell Allen
        106206 by: Justin French
        106211 by: Peter J. Schoenster
        106223 by: Philip Hallstrom

Executing WinZip command line not working.
106149 by: Kevin Stone

Re: getting the IP address off a visitor
106150 by: Miguel Cruz

seeking experienced PHP programmer in Houston, TX (no telecommuting)
106153 by: Peter J. Schoenster

Re: Survey: MySQL vs PostgreSQL for PHP
        106154 by: Philip Hallstrom
        106156 by: Philip Hallstrom
        106157 by: Philip Hallstrom
        106193 by: Lazor, Ed

storing data from multi-line text boxes into mysql
        106159 by: Phil Schwarzmann
        106160 by: Kevin Stone
        106162 by: Brendan P. Caulfield

GD Lib
106161 by: Yang
106183 by: Norman Zhang

Re: don't want to receive but email please
106165 by: Cal Evans

Difference between executable and Apache server
        106168 by: Jay Blanchard
        106173 by: Peter
        106175 by: Jay Blanchard
        106178 by: Pete James
        106179 by: Peter
        106184 by: Chris Wesley

PHP Script Speed
        106170 by: Crane, Christopher
        106172 by: Peter
        106201 by: Christopher J. Crane
        106238 by: Miguel Cruz

Re: is their a jobs mailing list?
        106174 by: César Aracena
        106180 by: Peter
        106181 by: César Aracena
        106216 by: Alberto Serra

Re: [PHP-DB] PDF
106177 by: Chris Boget
106187 by: Peter Janett

storing an array in mysql - what's the best data type?
        106182 by: Steven Jarvis
        106185 by: Kevin Stone
        106203 by: Analysis & Solutions

PHP and Object-Orientated Programming
        106186 by: CM
        106188 by: Jerome Houston
        106232 by: Manuel Lemos
        106234 by: Alberto Serra

Re: Linked drop down selection lists and dynamically genera ted links
106189 by: Lazor, Ed

Re: Cross-Site Sesison ID Propagation
        106190 by: Chris Shiflett
        106191 by: Chris Shiflett
        106224 by: Stefen Lars
        106228 by: Chris Shiflett

Storing images in MySQL bad idea, performance-wise?
        106192 by: René Fournier
        106194 by: Andy
        106195 by: Analysis & Solutions
        106202 by: Gerald R. Jensen

HELP !!! : Sablotron and not good HTML
106196 by: Markas
106199 by: Michael Sweeney

Re: HTTPS vs. HTTP ?
        106197 by: Richard Lynch
        106200 by: Analysis & Solutions
        106207 by: Miguel Cruz

Re: Help needed with hexdec();
106198 by: Richard Lynch

tree structures
106204 by: Alexander Ross

help pls..
106205 by: Peter

HTML Get POST forms
        106208 by: Varsha Agarwal
        106209 by: Analysis & Solutions
        106210 by: Jason Wong

Stripslashes help
        106212 by: Chris Kay
        106215 by: Chris Shiflett
        106218 by: Martin Towell
        106226 by: Chris Shiflett

my PHP scripts hangs over a simple error
106213 by: Joseph Szobody

mbstring: Japanese conversion not working for me
        106214 by: Jean-Christian Imbeault
        106227 by: Alberto Serra
        106233 by: Alberto Serra
        106235 by: Jean-Christian Imbeault
        106237 by: Alberto Serra
        106239 by: Alberto Serra
        106240 by: Jean-Christian Imbeault

Re: $_REQUEST???
106217 by: Alberto Serra

if statement
        106219 by: rdkurth.starband.net
        106220 by: Joseph Szobody
        106221 by: Martin Towell
        106222 by: rdkurth.starband.net
        106225 by: Martin Towell

Zip Problem
106229 by: Mathew Joseph

Re: Time to Calculate Time
106230 by: Lord Loh.

Session data not being deleted on browser close.
106231 by: Youngie

Re: Cannot start Apache
106236 by: Alexander Skwar

Administrivia:

To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net

To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net

To post to the list, e-mail:
php-generallists.php.net

----------------------------------------------------------------------

attached mail follows:

I am having a slight problem unseting some session variable.

here is an exaple of what I have

Page1:
choice: 1
choice: 2
choice: 3
choice: 4
Click on Submit button after choosing 1, 2, 3, or 4

Page 2:
Loads information from previoius choice.
Start over again

I am using a session variable for choice and am trying at the beginning of
page 1 to unset the session variable, but it is never beign over written
or rest.

Please Help

Jed

attached mail follows:

unsset($_SESSION['choice']);
// .. or .. //
session_unregister('choice');

-Kevin

----- Original Message -----
From: <jepadillabh-corp.com>
To: <php-generallists.php.net>
Sent: Monday, July 08, 2002 11:54 AM
Subject: [PHP] UNSETing Session Variables

> I am having a slight problem unseting some session variable.
>
> here is an exaple of what I have
>
> Page1:
> choice: 1
> choice: 2
> choice: 3
> choice: 4
> Click on Submit button after choosing 1, 2, 3, or 4
>
> Page 2:
> Loads information from previoius choice.
> Start over again
>
> I am using a session variable for choice and am trying at the beginning of
> page 1 to unset the session variable, but it is never beign over written
> or rest.
>
> Please Help
>
> Jed

attached mail follows:

I tried to enter the comand as such
unset ($_SESSION["choice"]);

I thought everything in php was double quotes. but even with single quotes
it still isn't quite working. If I do it on the first page then it won't
let a later command assign anything to the variable, but if I do it on a
seperate third page, it doesn't reset anything.

I have been trying to avoid unregistering variables and then reseting
them. Seems a little too messy for my programming tastes.

Jed

"Kevin Stone" <kevinhelpelf.com>
07/08/2002 12:01 PM

        To: <php-generallists.php.net>, <jepadillabh-corp.com
        cc:
        Subject: Re: [PHP] UNSETing Session Variables

unsset($_SESSION['choice']);
// .. or .. //
session_unregister('choice');

-Kevin

----- Original Message -----
From: <jepadillabh-corp.com>
To: <php-generallists.php.net>
Sent: Monday, July 08, 2002 11:54 AM
Subject: [PHP] UNSETing Session Variables

> I am having a slight problem unseting some session variable.
>
> here is an exaple of what I have
>
> Page1:
> choice: 1
> choice: 2
> choice: 3
> choice: 4
> Click on Submit button after choosing 1, 2, 3, or 4
>
> Page 2:
> Loads information from previoius choice.
> Start over again
>
> I am using a session variable for choice and am trying at the beginning
of
> page 1 to unset the session variable, but it is never beign over written
> or rest.
>
> Please Help
>
> Jed

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

We're going to need to see some of your code to help you further. -Kevin ----- Original Message ----- From: jepadillabh-corp.com To: Kevin Stone ; php-generallists.php.net Sent: Monday, July 08, 2002 12:15 PM Subject: Re: [PHP] UNSETing Session Variables

I tried to enter the comand as such unset ($_SESSION["choice"]);

I thought everything in php was double quotes. but even with single quotes it still isn't quite working. If I do it on the first page then it won't let a later command assign anything to the variable, but if I do it on a seperate third page, it doesn't reset anything.

I have been trying to avoid unregistering variables and then reseting them. Seems a little too messy for my programming tastes.

Jed

"Kevin Stone" <kevinhelpelf.com> 07/08/2002 12:01 PM

To: <php-generallists.php.net>, <jepadillabh-corp.com cc: Subject: Re: [PHP] UNSETing Session Variables

unsset($_SESSION['choice']); // .. or .. // session_unregister('choice');

-Kevin

----- Original Message ----- From: <jepadillabh-corp.com> To: <php-generallists.php.net> Sent: Monday, July 08, 2002 11:54 AM Subject: [PHP] UNSETing Session Variables

> I am having a slight problem unseting some session variable. > > here is an exaple of what I have > > Page1: > choice: 1 > choice: 2 > choice: 3 > choice: 4 > Click on Submit button after choosing 1, 2, 3, or 4 > > Page 2: > Loads information from previoius choice. > Start over again > > I am using a session variable for choice and am trying at the beginning of > page 1 to unset the session variable, but it is never beign over written > or rest. > > Please Help > > Jed

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

I more or less figured that. below is the code for the two pages in question.

Page 1: <? require("connect.inc"); unset ($_SESSION['currentbid']); ?> <HEAD> <TITLE></TITLE> </HEAD> <BODY> Borrowers <TABLE BORDER="1"> <TR> <? /* Get all users select call */ $users = mysql_query("SELECT bname, bphone, address, admin, bid FROM Borrowers ORDER BY bname");

echo "<TH>"; echo "Name"; echo "</TH>"; echo "<TH>"; echo "Phone"; echo "</TH>"; echo "<TH>"; echo "Address"; echo "</TH>"; echo "<TH>"; echo "Admin"; echo "</TH>"; echo "<TR>";

if($users) while($row=mysql_fetch_row($users)) { echo "<TR>"; echo "<TD> $row[0] </TD>"; echo "<TD> $row[1] </TD>"; echo "<TD> $row[2] </TD>"; if($row[3]) echo "<TD> Yes </TD>"; else echo "<TD> No </TD>"; print "<TD> <FORM METHOD=\"post\" action=\"uupdate.php\"> <input type=\"hidden\" name=\"ubid\" value=\"$row[4]\"> <INPUT TYPE=\"SUBMIT\" VALUE=\"Change User.\"> </FORM> </TD>"; print "<TD> <FORM METHOD=\"post\" action=\"udelete.php\"> <input type=\"hidden\" name=\"ubid\" value=\"$row[4]\"> <INPUT TYPE=\"SUBMIT\" VALUE=\"Delete User.\"> </FORM> </TD>"; print "<TD> <FORM METHOD=\"post\" action=\"uadmin.php\"> <input type=\"hidden\" name=\"ubid\" value=\"$row[4]\"> <INPUT TYPE=\"SUBMIT\" VALUE=\"Make Admin.\"> </FORM> </TD>"; echo "</TR>\n"; } ?> </TR> </TABLE>

<? require("tail.inc") ?>

page2: <? require("connect.inc"); ?> <HEAD> <TITLE> User Update Page </TITLE> </HEAD> <BODY> <BR> <BR> <? print "$currentbid-current, $ubid-change, $bid-current"; ?>

<? if($admin) $currentbid = $ubid; else $currentbid = $bid; $result = mysql_query("SELECT bname, bphone, address FROM Borrowers Where bid=$currentbid"); if($result) { $row = mysql_fetch_row($result); $oname = $row[0]; $ophone = $row[1]; $oaddress = $row[2]; } ?>

Please enter the new information into the fields below. <TABLE BORDER> <TR><TH> Current Information </TH></TR> <TR><TH><FORM method="post" action="ucupdate.php"> <INPUT TYPE="text" NAME="uname" value=<?print "'$oname'"?> SIZE="30"></TH> <TH><INPUT TYPE="text" NAME="uphone" value=<?print "$ophone"?> SIZE="30"></TH> <TH><INPUT TYPE="text" NAME="uaddress" value=<?print "'$oaddress'"?> SIZE="30"></TH></TR> <? if($admin) { print "<TH><INPUT TYPE=\"text\" NAME=\"upassword\" value="; $cpass = mysql_query("SELECT admin_pass FROM Borrowers WHERE bid=$currentbid"); $cpassr = mysql_fetch_row($cpass); print "\"$cpassr[0]\" "; print "SIZE=\"30\"></TH></TR>"; } ?> </TABLE> <INPUT TYPE="SUBMIT" VALUE="Submit your information."> <INPUT TYPE="RESET" VALUE="Clear"> </FORM>

<? require("tail.inc"); ?>

The first page gives the admin user a list of users, and three options (change their information, delete them, or make them and Admin). The option we are choosing is to change information. If I select user number 1 the only way to edit another user is to log out and log back in.

If any of the code is unclear please let me know. I haven't gotten to commenting it all yet.

Jed

"Kevin Stone" <kevinhelpelf.com> 07/08/2002 12:47 PM

To: <php-generallists.php.net> cc: Subject: Re: [PHP] UNSETing Session Variables

I tried to enter the comand as such unset ($_SESSION["choice"]);

I thought everything in php was double quotes. but even with single quotes it still isn't quite working. If I do it on the first page then it won't let a later command assign anything to the variable, but if I do it on a seperate third page, it doesn't reset anything.

I have been trying to avoid unregistering variables and then reseting them. Seems a little too messy for my programming tastes.

Jed

"Kevin Stone" <kevinhelpelf.com> 07/08/2002 12:01 PM

To: <php-generallists.php.net>, <jepadillabh-corp.com cc: Subject: Re: [PHP] UNSETing Session Variables

unsset($_SESSION['choice']); // .. or .. // session_unregister('choice');

-Kevin

----- Original Message ----- From: <jepadillabh-corp.com> To: <php-generallists.php.net> Sent: Monday, July 08, 2002 11:54 AM Subject: [PHP] UNSETing Session Variables

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

$_SESSION['currentbid'] isn't available until you do session_start();

session_start(); unset($_SESSION['currentbid']);

Or is this what does connect.inc contains?

-Kevin

----- Original Message ----- From: jepadillabh-corp.com To: Kevin Stone Cc: php-generallists.php.net Sent: Monday, July 08, 2002 1:43 PM Subject: Re: [PHP] UNSETing Session Variables

I more or less figured that. below is the code for the two pages in question.

echo "<TH>"; echo "Name"; echo "</TH>"; echo "<TH>"; echo "Phone"; echo "</TH>"; echo "<TH>"; echo "Address"; echo "</TH>"; echo "<TH>"; echo "Admin"; echo "</TH>"; echo "<TR>";

<? require("tail.inc") ?>

page2: <? require("connect.inc"); ?> <HEAD> <TITLE> User Update Page </TITLE> </HEAD> <BODY> <BR> <BR> <? print "$currentbid-current, $ubid-change, $bid-current"; ?>

<? require("tail.inc"); ?>

If any of the code is unclear please let me know. I haven't gotten to commenting it all yet.

Jed

"Kevin Stone" <kevinhelpelf.com> 07/08/2002 12:47 PM

To: <php-generallists.php.net> cc: Subject: Re: [PHP] UNSETing Session Variables

I tried to enter the comand as such unset ($_SESSION["choice"]);

I thought everything in php was double quotes. but even with single quotes it still isn't quite working. If I do it on the first page then it won't let a later command assign anything to the variable, but if I do it on a seperate third page, it doesn't reset anything.

I have been trying to avoid unregistering variables and then reseting them. Seems a little too messy for my programming tastes.

Jed

"Kevin Stone" <kevinhelpelf.com> 07/08/2002 12:01 PM

To: <php-generallists.php.net>, <jepadillabh-corp.com cc: Subject: Re: [PHP] UNSETing Session Variables

unsset($_SESSION['choice']); // .. or .. // session_unregister('choice');

-Kevin

----- Original Message ----- From: <jepadillabh-corp.com> To: <php-generallists.php.net> Sent: Monday, July 08, 2002 11:54 AM Subject: [PHP] UNSETing Session Variables

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

Sorry about that I should have been more detailed. session_start() and all of my session_register() calls happen on login.php here is a sample session_register call. session_register("currentbid"); I am under the impression that I only need one session register call.

Jed

"Kevin Stone" <kevinhelpelf.com> 07/08/2002 02:00 PM

To: <jepadillabh-corp.com> cc: <php-generallists.php.net> Subject: Re: [PHP] UNSETing Session Variables

$_SESSION['currentbid'] isn't available until you do session_start(); session_start(); unset($_SESSION['currentbid']); Or is this what does connect.inc contains? -Kevin ----- Original Message ----- *snip please see previous messages for this information snip*

attached mail follows:

page 1 ---------- <? session_start(); $myvar = "foo bar"; session_register('myvar'); // or // $_SESSION['myvar'] = $myvar; ?>

page 2 --------- <? session_start(); unset($_SESSION['myvar']; // or // session_unregister('myvar'); ?>

----- Original Message ----- From: jepadillabh-corp.com To: Kevin Stone Cc: jepadillabh-corp.com ; php-generallists.php.net Sent: Monday, July 08, 2002 2:05 PM Subject: Re: [PHP] UNSETing Session Variables

Jed

"Kevin Stone" <kevinhelpelf.com> 07/08/2002 02:00 PM

To: <jepadillabh-corp.com> cc: <php-generallists.php.net> Subject: Re: [PHP] UNSETing Session Variables

attached mail follows:

/me feels kinda dumb now.

Well even after adding session_start to my connect.inc, it doesn't work. I only need to do session_register() once correct? Or do I need to do that everytime I do session start? If I have to do it everytime then what is the point of sessions?

Jed

"Kevin Stone" <kevinhelpelf.com> 07/08/2002 02:12 PM

To: <jepadillabh-corp.com>, <php-generallists.php.net cc: Subject: Re: [PHP] UNSETing Session Variables

I fear you're missing something fundemental here. The active session needs to be requested for each script. So session_start() needs to be called at the top of each script (or at least before any output). Example.. page 1 ---------- <? session_start(); $myvar = "foo bar"; session_register('myvar'); // or // $_SESSION['myvar'] = $myvar; ?> page 2 --------- <? session_start(); unset($_SESSION['myvar']; // or // session_unregister('myvar'); ?> ----- Original Message ----- From: jepadillabh-corp.com To: Kevin Stone Cc: jepadillabh-corp.com ; php-generallists.php.net Sent: Monday, July 08, 2002 2:05 PM Subject: Re: [PHP] UNSETing Session Variables

Jed

"Kevin Stone" <kevinhelpelf.com> 07/08/2002 02:00 PM To: <jepadillabh-corp.com> cc: <php-generallists.php.net> Subject: Re: [PHP] UNSETing Session Variables

attached mail follows:

You only have to register the session variables once. If you need to register the same variables again (such as for a different user), then you should use session_destroy() before registering the variables again.

The variables should be available throughout your pages as long as session_start() is done before ANY output goes to the HTML. It's usually best to have it as the FIRST thing on your pages.

Martin

>>> <jepadillabh-corp.com> 07/08/02 04:19PM >>> /me feels kinda dumb now.

Jed

"Kevin Stone" <kevinhelpelf.com> 07/08/2002 02:12 PM

To: <jepadillabh-corp.com>, <php-generallists.php.net cc: Subject: Re: [PHP] UNSETing Session Variables

Jed

"Kevin Stone" <kevinhelpelf.com> 07/08/2002 02:00 PM To: <jepadillabh-corp.com> cc: <php-generallists.php.net> Subject: Re: [PHP] UNSETing Session Variables

attached mail follows:

Of course you can open and edit any file in PHP you just need to know the file format. But I highly doubt there is any method using PHP that will allow you to prompt the opening of a file into an external application. Editing of the file would have to be done in memory, or manually in the browser (HTML form, textarea field). Unfortunately Microsoft is notoriously protective of its file formats. -Kevin

----- Original Message ----- From: "Chris Hewitt" <g0paemanordat.demon.co.uk> To: "David Russell" <DavidRBarloworldOptimus.com> Cc: "php-general" <php-generallists.php.net> Sent: Monday, July 08, 2002 11:51 AM Subject: Re: [PHP] Editing Word Documents

> David Russell wrote: > > > ------------snip---------------------- > > 5. The client then closes the file, it "auto-saves" and he goes about > > his business. > > By coincidence, I'd be very interested in this too, particularly from a > linux server. > > Regards > > Chris > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >

attached mail follows:

It sounds like a job for WebDAV to me...

-Josh

attached mail follows:

Simply put you can not protect HTML pages through your login system. You must have some kind of continuous login/check at the top of each page. Give the page the .php extension so it can parse and execute the check. If you're using Cookies that's perfect.. you can just check for the existance of that cookie at the top of each page. Same thing if you were using sessions. They can only get the cookie or the session from one script... your login script. So as long as you continuously check for that you're pretty much all set. -Kevin

> ----- Original Message ----- > From: "Youngie" <youngieyoungie.com> > To: <php-generallists.php.net> > Sent: Monday, July 08, 2002 11:54 AM > Subject: [PHP] Checking for a successful login and setting a global flag. > > > > Hi Follks > > > > I'm writing an application that requires the user to login to gain access > to > > the rest of the site. > > The login dailog is on index.html, once verified by login.php the user is > > presented with a menu from > > which he can select several options option1.htm which executes a query > > through option1.php etc, > > option2.htm and option3.htm and so on. But there's nothing stopping him > > from bypassing the login completely > > and just brining up option2.htm directly in the browser. I'm looking for > > some kind of mechanism to set a > > flag for a successful logon in index.php that can be tested in the other > php > > scripts. > > > > I tried using a cookie and got that to work but the user can close the > > browser, reopen and the cookie is still > > set. I looked in to session variables but one page could seem to see the > > session variable values set in the > > login page, it saw the variable was registered but not the value it was > set > > to. > > > > I know this has to be a simple exercise but I'm a newbie. > > > > Thanks > > > > John. > > > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > >

attached mail follows:

Okay sorry for the misunderstanding. You can set the lifetime of the cookie to die when the browser window is closed. Or if you use sessions this will happen automatically. http://www.php.net/manual/en/function.setcookie.php -Kevin

----- Original Message ----- From: "Youngie" <youngieyoungie.com> To: "Kevin Stone" <kevinhelpelf.com> Sent: Monday, July 08, 2002 12:21 PM Subject: Re: [PHP] Checking for a successful login and setting a global flag.

> Hi Kevin, > > Firstly, thanks for your answer. I am infact only protecting my php pages. I > don't really care that the user > can bring up a form on an HTML page like query.htm, sure he can submit the > query to query.php but it's > there I do the check to see if the cookie has been set. Problem is someone > could log on properly > and the cookie would be set. They could then close the browser, someone else > could come along > and the cookie would still be set. How do I clear all cookies when the > browser is closed? > > Thanks > > John. > > ----- Original Message ----- > From: "Kevin Stone" <kevinhelpelf.com> > Newsgroups: php.general > To: "PHP-general" <php-generallists.php.net> > Sent: Monday, July 08, 2002 11:07 AM > Subject: Fw: [PHP] Checking for a successful login and setting a global > flag. > > > > Simply put you can not protect HTML pages through your login system. You > > must have some kind of continuous login/check at the top of each page. > Give > > the page the .php extension so it can parse and execute the check. If > > you're using Cookies that's perfect.. you can just check for the existance > > of that cookie at the top of each page. Same thing if you were using > > sessions. They can only get the cookie or the session from one script... > > your login script. So as long as you continuously check for that you're > > pretty much all set. > > -Kevin > > > > > ----- Original Message ----- > > > From: "Youngie" <youngieyoungie.com> > > > To: <php-generallists.php.net> > > > Sent: Monday, July 08, 2002 11:54 AM > > > Subject: [PHP] Checking for a successful login and setting a global > flag. > > > > > > > > > > Hi Follks > > > > > > > > I'm writing an application that requires the user to login to gain > > access > > > to > > > > the rest of the site. > > > > The login dailog is on index.html, once verified by login.php the user > > is > > > > presented with a menu from > > > > which he can select several options option1.htm which executes a query > > > > through option1.php etc, > > > > option2.htm and option3.htm and so on. But there's nothing stopping > him > > > > from bypassing the login completely > > > > and just brining up option2.htm directly in the browser. I'm looking > for > > > > some kind of mechanism to set a > > > > flag for a successful logon in index.php that can be tested in the > other > > > php > > > > scripts. > > > > > > > > I tried using a cookie and got that to work but the user can close the > > > > browser, reopen and the cookie is still > > > > set. I looked in to session variables but one page could seem to see > the > > > > session variable values set in the > > > > login page, it saw the variable was registered but not the value it > was > > > set > > > > to. > > > > > > > > I know this has to be a simple exercise but I'm a newbie. > > > > > > > > Thanks > > > > > > > > John. > > > > > > > > > > > > > > > > > > > > -- > > > > PHP General Mailing List (http://www.php.net/) > > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > > >

attached mail follows:

You could also try using Javascript to popup a window when they close the current one, and reset your cookies (and/or destroy your session) in that window.

Pete.

Kevin Stone wrote: > > Okay sorry for the misunderstanding. You can set the lifetime of the cookie > to die when the browser window is closed. Or if you use sessions this will > happen automatically. > http://www.php.net/manual/en/function.setcookie.php > -Kevin > > ----- Original Message ----- > From: "Youngie" <youngieyoungie.com> > To: "Kevin Stone" <kevinhelpelf.com> > Sent: Monday, July 08, 2002 12:21 PM > Subject: Re: [PHP] Checking for a successful login and setting a global > flag. > > > Hi Kevin, > > > > Firstly, thanks for your answer. I am infact only protecting my php pages. > I > > don't really care that the user > > can bring up a form on an HTML page like query.htm, sure he can submit the > > query to query.php but it's > > there I do the check to see if the cookie has been set. Problem is someone > > could log on properly > > and the cookie would be set. They could then close the browser, someone > else > > could come along > > and the cookie would still be set. How do I clear all cookies when the > > browser is closed? > > > > Thanks > > > > John. > > > > ----- Original Message ----- > > From: "Kevin Stone" <kevinhelpelf.com> > > Newsgroups: php.general > > To: "PHP-general" <php-generallists.php.net> > > Sent: Monday, July 08, 2002 11:07 AM > > Subject: Fw: [PHP] Checking for a successful login and setting a global > > flag. > > > > > > > Simply put you can not protect HTML pages through your login system. > You > > > must have some kind of continuous login/check at the top of each page. > > Give > > > the page the .php extension so it can parse and execute the check. If > > > you're using Cookies that's perfect.. you can just check for the > existance > > > of that cookie at the top of each page. Same thing if you were using > > > sessions. They can only get the cookie or the session from one > script... > > > your login script. So as long as you continuously check for that you're > > > pretty much all set. > > > -Kevin > > > > > > > ----- Original Message ----- > > > > From: "Youngie" <youngieyoungie.com> > > > > To: <php-generallists.php.net> > > > > Sent: Monday, July 08, 2002 11:54 AM > > > > Subject: [PHP] Checking for a successful login and setting a global > > flag. > > > > > > > > > > > > > Hi Follks > > > > > > > > > > I'm writing an application that requires the user to login to gain > > > access > > > > to > > > > > the rest of the site. > > > > > The login dailog is on index.html, once verified by login.php the > user > > > is > > > > > presented with a menu from > > > > > which he can select several options option1.htm which executes a > query > > > > > through option1.php etc, > > > > > option2.htm and option3.htm and so on. But there's nothing stopping > > him > > > > > from bypassing the login completely > > > > > and just brining up option2.htm directly in the browser. I'm looking > > for > > > > > some kind of mechanism to set a > > > > > flag for a successful logon in index.php that can be tested in the > > other > > > > php > > > > > scripts. > > > > > > > > > > I tried using a cookie and got that to work but the user can close > the > > > > > browser, reopen and the cookie is still > > > > > set. I looked in to session variables but one page could seem to see > > the > > > > > session variable values set in the > > > > > login page, it saw the variable was registered but not the value it > > was > > > > set > > > > > to. > > > > > > > > > > I know this has to be a simple exercise but I'm a newbie. > > > > > > > > > > Thanks > > > > > > > > > > John. > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > PHP General Mailing List (http://www.php.net/) > > > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > > > > > > >

attached mail follows:

No need to open a new window to reset the cookies. Just have a function that is trigged onunload().

Martin

>>> Pete James <peter_jamesadvanis.ca> 07/08/02 03:18PM >>> You could also try using Javascript to popup a window when they close the current one, and reset your cookies (and/or destroy your session) in that window.

Pete.

attached mail follows:

I'm setting up a simple content-management system for a webzine. I'm not sure which method would be the most efficient:

1) Put all content in a database and dynamically flow content into a few different "article" template files.

Or...

2) Build the content as actual pages with dynamic elements for menus, and store only basic info about each article in CMS database (such as title, publish date, writer, keywords, etc.).

Option 1 would make it very easy to modify the look of all articles, but, I'm concerned that using just a few templates for all articles would slow down the site if lots of people are simultaneously accessing articles. The site gets about 750,000 page views per month, so, while it's no Yahoo, it does get a decent amount of traffic.

Option 2, on the other hand, would remove the load from just a few templates by setting up actual pages for each article, but, it won't be as easy to make site-wide design changes this way, and I won't be able to do some things like automatically paginating longer articles over several pages.

Anyone have any input or words of wisdom they can offer on the best method for setting up a content management system? Thanks!

Monty

attached mail follows:

> From: Monty <monty3hotmail.com> > > I'm setting up a simple content-management system for a webzine. I'm not > sure which method would be the most efficient: > > 1) Put all content in a database and dynamically flow content into a few > different "article" template files. > > Or... > > 2) Build the content as actual pages with dynamic elements for menus, and > store only basic info about each article in CMS database (such as title, > publish date, writer, keywords, etc.). > > Option 1 would make it very easy to modify the look of all articles, but, > I'm concerned that using just a few templates for all articles would slow > down the site if lots of people are simultaneously accessing articles. The > site gets about 750,000 page views per month, so, while it's no Yahoo, it > does get a decent amount of traffic. > > Option 2, on the other hand, would remove the load from just a few templates > by setting up actual pages for each article, but, it won't be as easy to > make site-wide design changes this way, and I won't be able to do some > things like automatically paginating longer articles over several pages. > > Anyone have any input or words of wisdom they can offer on the best method > for setting up a content management system? Thanks! > If possible, make the home page (and other heavy traffic pages) "semi-dynamic" by generating static HTML from PHP. This also provides a preview system for CMS administrators. In other words, administrators login and make changes to the database and see a script-generated home page. Once satisfied with the changes, they call a PHP script to update the public home page. The public home page is static HTML that's generated by opening a script-generated version of the page as an http: URL with fopen(), written to a temp file, then copied to replace the previous static home page. Detail/article page displays would remain script generated.

-- Lowell Allen

attached mail follows:

I'm a firm believer in option 1. 750,000 page views per month is only 1 page every 3.4 seconds (ish) on average, so I don't believe you'd see any server load even in peak periods.

If there IS server load, you can have an option 3, which basically combines option 1 and 2. Keep the raw article data in a database which is there forever. Then run a program which batch-creates 'HTML' pages from templates and the database, and publish a static website (as per option 2).

The difference between option 2 and 3 is that you get to keep all your raw article data in the database, and when you change your template design, you can just do a new batch-creation of all the static html pages.

I do this for a client of mine who has got 6 months left on a hosting contract without MySQL... essentially I do a weekly "build" of a static site from data and templates stored on my local server, then upload these static pages.

Cheers,

Justin

on 09/07/02 4:11 AM, Monty (monty3hotmail.com) wrote:

> I'm setting up a simple content-management system for a webzine. I'm not > sure which method would be the most efficient: > > 1) Put all content in a database and dynamically flow content into a few > different "article" template files. > > Or... > > 2) Build the content as actual pages with dynamic elements for menus, and > store only basic info about each article in CMS database (such as title, > publish date, writer, keywords, etc.). > > Option 1 would make it very easy to modify the look of all articles, but, > I'm concerned that using just a few templates for all articles would slow > down the site if lots of people are simultaneously accessing articles. The > site gets about 750,000 page views per month, so, while it's no Yahoo, it > does get a decent amount of traffic. > > Option 2, on the other hand, would remove the load from just a few templates > by setting up actual pages for each article, but, it won't be as easy to > make site-wide design changes this way, and I won't be able to do some > things like automatically paginating longer articles over several pages. > > Anyone have any input or words of wisdom they can offer on the best method > for setting up a content management system? Thanks! > > Monty >

attached mail follows:

On 9 Jul 2002 at 11:54, Justin French wrote:

> I'm a firm believer in option 1. 750,000 page views per month is only > 1 page every 3.4 seconds (ish) on average, so I don't believe you'd > see any server load even in peak periods. > > If there IS server load, you can have an option 3, which basically > combines option 1 and 2. Keep the raw article data in a database > which is there forever. Then run a program which batch-creates 'HTML' > pages from templates and the database, and publish a static website > (as per option 2).

I'm with Justin on this. Here is a very good article that goes into depth on the subject by a guy who seems to have disappeared:

http://philip.greenspun.com/internet-application-workbook/content-management

Peter

attached mail follows:

> If there IS server load, you can have an option 3, which basically combines > option 1 and 2. Keep the raw article data in a database which is there > forever. Then run a program which batch-creates 'HTML' pages from templates > and the database, and publish a static website (as per option 2).

Or put squid into reverse-proxy/caching mode in front of your dynamic server and let it cache the pages for you... just another option.

-philip

attached mail follows:

I'm trying to executing winzip command line via the system() function. I know it can be done but I'm recieving a "Warning: Unable to fork" error every time. The server is running the latest PHP v4.21.

<? // -------------------------------------------- // extract command structure.. // winzip[32].exe -e [options] filename[.zip] directory // --------------------------------------------- $exe = 'c:\Inetpub\WinZip\WINZIP32.EXE'; $opts = '-e'; $obj = 'e:\NLObjects\Arches_n_Tunnels.zip'; $dest = 'e:\NLObjects\arches'; $cmd = "$exe $opts $obj $dest"; system($cmd); ?>

Warning: Unable to fork [c:\Inetpub\WinZip\WINZIP32.EXE -e e:\NLObjects\Arches_n_Tunnels.zip e:\NLObjects\arches] in c:\inetpub\wwwroot\exchange_tmp\unzip_test.php on line 8

The path to the WinZip executable is confirmed via fopen(). Could there be something wrong with the way I am constructing the command? Or maybe there's something wrong with this method all together? Your help is greatly appreciated.

-- Kevin

attached mail follows:

On Mon, 8 Jul 2002, Justin French wrote: > 1. in the case of most dial-up users with an ISP, the IP address is usually > dynamically assigned, so next time they dial-up (or re-connect) they will > more than likely have a different IP address. > > 2. in the many cases of computers with a static IP (cable/ADSL/etc), the IP > address does not necessarily represent a "user"... think about shared > computers in families, in libraries, corporations, net cafe's, etc. > > 3. Data storage -- eeek! If you get 1000 visitors with upto 15 bytes > (nnn.nnn.nnn.nnn) each, that's 15k of IP address' you have to search through > constantly, without any real way to make it quicker (eg indexing). That may > not sound so bad, but perhaps when you reach 30000 visitors, it's now upto > 450k. Yuk.

Well, an IP address is only 4 bytes, and they can be sorted and indexed, but otherwise I completely agree with your points. Using IP addresses to recognize people is doomed to failure.

miguel

attached mail follows:

Hello,

I'm posting this ad for the company looking for a PHP programmer. I have no clue if the company is good or not. Do your due dilligence.

__BEGIN JOB POST

We are a Houston, Texas based company in need of 1-2 VERY GOOD AND EXPERIENCED PHP programmers for 4-6 weeks to build a new web site. This project will be very exciting and involves many very challenging and elaborate programming feature-sets. ABSOLUTELY NO TELECOMMUTING. All programming for the scope of this project must be performed in our office Monday - Friday from 8AM - 5PM Central Standard Time. We would prefer programmers who currently live in the Houston area opposed to programmers willing to relocate to the Houston area for the duration of the 4-6 week development period but we will consider all options. This opportunity could possibly lead to fulltime permanent employment following completion of the initial development. All experienced PHP programmers interested should email **** at *******.*** or call during regular business hours at ***-***-****.

The web site will include a MySQL database backend, e-commerce shopping cart-style ad submission form on front-end with real-time credit card authorization through CardService International, several other ad submission forms on both front-end and back-end, and an extensive back-end Web Admin Control Panel for us to control various features and components of the web site. We will be happy to share further details on the feature-sets with any interested programming candidates for this project.

__END JOB POST

attached mail follows:

On Fri, 5 Jul 2002, [iso-8859-1] João Paulo Vasconcellos wrote:

> I don't feel that. I run a web site with a big deal of traffic, and in speed > and scalability, MySQL is better than PGSQL or Sybase. I know because I tryed > each one of these before getting to MySQL in definitive. Sybase is WAAAAAY > too slow, and Postgres has a habit of melting down from time to time. In the > features field, if you need referential integrity you can use InnoDB or BDB > tables in MySQL, wich supports ON DELETE CASCADE and many things more, like > row-level locking, blah, blah, blah. To keep your data secure, Sybase is a > better option than PGSQL, because when PGSQL melts down, you lose some > records as a gift. I had not seen this behavior mainly because I did not ran

What version of postgres were you experiencing meltdowns? I've only used pg since 7.x and I recall that the 6.x had some serious problems, but 7.x has been extremely stable for us...

> PGSQL long enough to see this, and the memory requirements of Sybase are just > too much to stand. I prefer MySQL above every other, even lacking SP's. Of > course, my business do not require anything more than standard MyISAM offers, > so PGSQL may be a better option in some cases. > > > > On Friday 05 July 2002 17:59, Lazor, Ed wrote: > > How many here feel PostgreSQL has surpassed MySQL as the better backend for > > PHP? This would be based on performance (speed, scalability, etc.) and > > features. > > > > -Ed > > > > -- > João Paulo Vasconcellos > Gerente de Tecnologia - NetCard > Tel. 21 3852-9008 Ramal 31 > jvasconcellosnetcard.com.br > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >

attached mail follows:

> PostgreSQL also has a number of things that it lacks when compared to MySQL. > For example, it does not support unsigned integers, which forces you to use > int8 to store timestamps, which will eventually reach 4.2 billion. In case

Is there a reason you can't use the timestamp data type? It's still 8 bytes, but you don't have to deal with the casting issues...

> PostgreSQL also does not support ENUM type, although you can port your ENUMs > to PostgreSQL by using CONSTANTS.

It's also worth noting that ENUM isn't part of the SQL standard (at least according to mysql's own docs)

> Now we come to the actual database speed itself. In this regard in most > applications MySQL is MUCH faster probably because it has to do allot less > work then PostgreSQL does. For example, lets analyze the most common action > performed in a database system, a SELECT. When you do a select in MySQL, > MySQL internally locks the table for the duration of the select. PostgreSQL > on the other hand does a row level lock, internally, for every row you > select.

This is true.. but if you add in a good amount of updates (intranet type of app) then mysql will be much slower because it is locking the entire table. But for a lot of small websites it is 90% selects so mysql will be faster.

> PostgreSQL also does not optimize count(),max() and min() queries, which in > MySQL are instant regardless of the table size since they are cached > internally. PostgreSQL on the other hand needs to go every single row in the > table. However, I should note that PostgreSQL developers I spoke to, told me

I'm pretty sure that count(*) is optimized and if you've got an index on the columns you want to max/min then it will just look at the index and not the table...

> PostgreSQL, whenever that happens. PostgreSQL also syncs any inserted or > updated to disk right away to ensure that you don't loose any data should the

No, it doesn't. It can, but it doesn't have to. With the WAL (write ahead logging) stuff they've added in the 7.x series I am pretty sure fsync is disabled by default.

> computer crash on the other hand MySQL keeps memory buffers and will often > not sync to disk right away to avoid disk IO. PostgreSQL offers greater data > security, which would be important in a shopping cart, however it looses much > speed in this approach compared to MySQL's approach which is ideal for > programs where fast inserts are critical, like a web counter for example.

Doesn't this contradict what you're saying below about table-level locking? If a thousand people all hit your page at the same time, mysql can only insert that row one at a time, right?

> still read from a table. In MySQL once a table is locked to write, no other > user can read from the very same table until the lock is released. This in > particular makes PostgreSQL much more scalable then MySQL. Unlike MySQL,

> Bottom line is that both MySQL and PostgreSQL have their 'markets'. IMHO in > most cases MySQL is a simpler, faster and easier solution to use. However, if > you require 100% data integrity and are dealing with sensitive data and in > those case probably can spend a little more or hardware PostgreSQL should be > your tool of choice.

Agreed... there's also the argument that a lot more ISP's have mysql support than postgresql support so that's a factor as well.

attached mail follows:

> > How many here feel PostgreSQL has surpassed MySQL as the better backend for > > PHP? This would be based on performance (speed, scalability, etc.) and > > features. > > I've been using MySQL/PHP for quite some time. Several months ago, I > wanted to port a project over to PostgreSQL. I found everything about pg > (eg the website, documentation, installation process) far less straight > ahead than MySQL. So much so, that I didn't get around to actually > installing pg.

This is actually something they are working on right now. One thing to remember is that for quite a while now mysql has had a corporate entity behind it that can spend money on marketing efforts -- postgresql doesn't have this since Great Bridge went away...

> Plus, as others have pointed out, the supporting functions in PHP aren't > as powerful/diverse. For example, there's no insert id function.

There are sequences however... which once you use them for awhile you'll hate the way MySQL does it.

attached mail follows:

Thanks to everyone who contributed on this thread. It proved to be very informative and enjoyable.

-Ed **************************************************************************** This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message. Thank you very much.

attached mail follows:

I want to store user inputed data from a HTML multi-line text box into a mysql database. But unfortunately, it doesn't remember any of the hard returns....is there a painless why to do this? Thanks!

attached mail follows:

nl2br(); http://www.php.net/manual/en/function.nl2br.php

Switch beween Unix and HTML line breaks. -Kevin

----- Original Message ----- From: "Phil Schwarzmann" <pschwarjhmi.edu> To: <php-generallists.php.net> Sent: Monday, July 08, 2002 1:29 PM Subject: [PHP] storing data from multi-line text boxes into mysql

> I want to store user inputed data from a HTML multi-line text box into a > mysql database. But unfortunately, it doesn't remember any of the hard > returns....is there a painless why to do this? > > Thanks! >

attached mail follows:

try nl2br()

http://www.php.net/manual/en/function.nl2br.php

-brendan

attached mail follows:

Hi there;

I installed Apache2.0.39 and PHP4.2.1 on RedHat Linux 7.2. The installation procedure is fine. The php installation inlcude gd and some extension, but I can't find the php-gd.so on my computer.

Anybody can help?

Yang

attached mail follows:

Check out

http://rpmfind.net/linux/rpm2html/search.php?query=php-gd&submit=Search+...& system=&arch=

"Yang" <yangbarewalls.com> wrote in message news:20020708193851.54672.qmailpb1.pair.com... > > can't find the php-gd.so on my computer. >

attached mail follows:

only if user stupidity can be considered a virus.

=C= ----- Original Message ----- From: "Lazor, Ed" <ELazorprovidence.org> To: "PHP List" <php-generallists.php.net> Sent: Monday, July 08, 2002 11:37 AM Subject: RE: [PHP] don't want to receive but email please

> So.... is this a new virus? > > -----Original Message----- > From: Rodolfo Contreras T. [mailto:roccottohotmail.com] > Sent: Friday, July 05, 2002 6:30 PM > To: adminmyispnet.net; PHP List > Subject: [PHP] don't want to receive but email please > > > don't want to receive but email please don't want to receive but email > please don't want to receive but email please don't want to receive but > email please don't want to receive but email please don't want to receive > but email please don't want to receive but email please don't want to > receive but email please don't want to receive but email please don't want > to receive but email please don't want to receive but email please don't > want to receive but email please don't want to receive but email please > don't want to receive but email please don't want to receive but email > please don't want to receive but email please don't want to receive but > email please don't want to receive but email please don't want to receive > but email please don't want to receive but email please don't want to > receive but email please don't want to receive but email please don't want > to receive but email please don't want to receive but email please don't > want to receive but email please don't want to receive but email please > don't want to receive but email please don't want to receive but email > please don't want to receive but email please don't want to receive but > email please don't want to receive but email please don't want to receive > but email please don't want to receive but email please don't want to > receive but email please don't want to receive but email please don't want > to receive but email please don't want to receive but email please don't > want to receive but email please don't want to receive but email please > don't want to receive but email please don't want to receive but email > please don't want to receive but email please don't want to receive but > email please don't want to receive but email please don't want to receive > but email please don't want to receive but email please > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > **************************************************************************** > This message is intended for the sole use of the individual and entity to > whom it is addressed, and may contain information that is privileged, > confidential and exempt from disclosure under applicable law. If you are > not the intended addressee, nor authorized to receive for the intended > addressee, you are hereby notified that you may not use, copy, disclose or > distribute to anyone the message or any information contained in the > message. If you have received this message in error, please immediately > advise the sender by reply email and delete the message. Thank you very > much. > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >

attached mail follows:

Good afternoon,

We have some cases where we run PHP as a standalone executable for scripting certain processes that can be called from CRON, and we also have PHP for Apache. Does the php.ini affect both? Specifically script times?

Thanks!

Jay

attached mail follows:

On my system, the PHP executeable looks for the PHP.INI file in the same directory as the executeable, whereas the Apache module uses the one in my C:\WINDOWS directory. Are you using Windows? Due to this, I suppose you can have two different PHP setups if you wanted.

"Jay Blanchard" <jay.blanchardniicommunications.com> wrote in message news:002501c226bc$87a28f40$8102a8c0niigziuo4ohhdt... > Good afternoon, > > We have some cases where we run PHP as a standalone executable for scripting > certain processes that can be called from CRON, and we also have PHP for > Apache. Does the php.ini affect both? Specifically script times? > > Thanks! > > Jay > >

attached mail follows:

Nope, not Windows, Linux and FreeBSD

-----Original Message----- From: Peter [mailto:newsaddresssaracenvsu.org.uk] Sent: Monday, July 08, 2002 11:44 PM To: php-generallists.php.net Subject: [PHP] Re: Difference between executable and Apache server

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

I also would like to hear the answer to this... I try set_time_limit(3600), but my script still appears to time out early

Jay Blanchard wrote: > > Good afternoon, > > We have some cases where we run PHP as a standalone executable for scripting > certain processes that can be called from CRON, and we also have PHP for > Apache. Does the php.ini affect both? Specifically script times? > > Thanks! > > Jay

attached mail follows:

I'm not too familiar with Linux systems. See if there are two copies of your PHP.ini file. One might be in the conf directory and the other in the PHP directory. Make modifications to one and see what effect it has-have a fiddle!

"Peter" <newsaddresssaracenvsu.org.uk> wrote in message news:20020708204550.27469.qmailpb1.pair.com... > On my system, the PHP executeable looks for the PHP.INI file in the same > directory as the executeable, whereas the Apache module uses the one in my > C:\WINDOWS directory. Are you using Windows? > Due to this, I suppose you can have two different PHP setups if you wanted. > > "Jay Blanchard" <jay.blanchardniicommunications.com> wrote in message > news:002501c226bc$87a28f40$8102a8c0niigziuo4ohhdt... > > Good afternoon, > > > > We have some cases where we run PHP as a standalone executable for > scripting > > certain processes that can be called from CRON, and we also have PHP for > > Apache. Does the php.ini affect both? Specifically script times? > > > > Thanks! > > > > Jay > > > > > >

attached mail follows:

On Mon, 8 Jul 2002, Jay Blanchard wrote:

> We have some cases where we run PHP as a standalone executable for scripting > certain processes that can be called from CRON, and we also have PHP for > Apache. Does the php.ini affect both? Specifically script times?

Check the output of phpinfo() for each and see. You're looking for the line that's tagged "Configuration File (php.ini) Path". Usually there are different files for the module and the cgi. (i.e. - the packages from Debian Linux distribution(s) puts separate php.ini files into /etc/php4/apache and /etc/php4/cgi.)

g.luck, ~Chris /"\ \ / Microsoft Security Specialist: X The moron in Oxymoron. / \ http://www.thebackrow.net

attached mail follows:

I have a question on speed but also dealing with the method of scripting. I have a few pages where I get things like weather and stocks. I get the data, which is usually in the form of a Comma delimited string like the stock quotes from Yahoo.com. In the past, I also wrote a function to get the data and split into variables like $S_Current, $S_ChangePercent, $S_ChangeDollar ect.... Then I would print out a whole HTML table with the variables embedded within. This function was called from a PHP type web page. Lately, I have been making the variables global and using them when I need them. For instance, I have a page called index.php. At the stock section of the page, I have a function that is called and returns the major indices, like NASDAQ, DOW and S&P. I global the variables and then within the index.php page I called the variables as I need them in tables. This makes designing the page simple. I can do it in Frontpage or Dreamweaver or whatever. The old way was to call the function and the function would print out the HTML table as part of the function. I hope I am explaining this well enough to understand. Doing it the newer way for me with the global variables makes it easier to design the web page, but I am wondering if it is at the cost of a slower page loading. The reason I think this is whenever I would like to display a variable I have to put in a script tag like <?PHP print $S_Current; ?>. I might have as many as 20 of these on a page. Every time doesn't PHP have to start again and parse out this information causing it to be really slow? The old way was for me to call the function like <?PHP indices(); ?> and then the function would print out; <table> <tr> <td>Dow</td> <td>NASDAQ</td> <td>S & P</td> </tr> <tr> <td>$Dow_Current<img src=\"img\up.gif\"></td> <td>$Nas_Current<img src=\"img\up.gif\"></td> <td>$Snp_Current<img src=\"img\dn.gif\"></td> </tr> </table> Which is faster? Which is better? Is there another way?

Christopher J. Crane Network Operations Manager

IKON Office Solutions 860.659.6464

attached mail follows:

I understand what you're getting at, I'm not sure of the answer though. I know it would stop you using FrontPage or Dreamweaver but if for example you had <?PHP print "<HTML><HEAD><TITLE>Index page</TITLE></HEAD><BODY>"; print "<P>Current: $_Current</P>"; print "<P>Percent Change: $_ChangePercent</P>"; print "</BODY></HTML>"; ?> You'd eliminate that problem.

"Christopher Crane" <CCraneIKON.com> wrote in message news:91D948A579ADD4118F7900D0B7B9E3C307B8D25Chfd01-msx-03.ikon.org... > I have a question on speed but also dealing with the method of scripting. > I have a few pages where I get things like weather and stocks. I get the > data, which is usually in the form of a Comma delimited string like the > stock quotes from Yahoo.com. In the past, I also wrote a function to get the > data and split into variables like $S_Current, $S_ChangePercent, > $S_ChangeDollar ect.... Then I would print out a whole HTML table with the > variables embedded within. This function was called from a PHP type web > page. Lately, I have been making the variables global and using them when I > need them. For instance, I have a page called index.php. At the stock > section of the page, I have a function that is called and returns the major > indices, like NASDAQ, DOW and S&P. I global the variables and then within > the index.php page I called the variables as I need them in tables. This > makes designing the page simple. I can do it in Frontpage or Dreamweaver or > whatever. The old way was to call the function and the function would print > out the HTML table as part of the function. > > I hope I am explaining this well enough to understand. Doing it the newer > way for me with the global variables makes it easier to design the web page, > but I am wondering if it is at the cost of a slower page loading. The reason > I think this is whenever I would like to display a variable I have to put in > a script tag like <?PHP print $S_Current; ?>. I might have as many as 20 of > these on a page. Every time doesn't PHP have to start again and parse out > this information causing it to be really slow? > > The old way was for me to call the function like <?PHP indices(); ?> and > then the function would print out; > <table> > <tr> > <td>Dow</td> > <td>NASDAQ</td> > <td>S & P</td> > </tr> > <tr> > <td>$Dow_Current<img src=\"img\up.gif\"></td> > <td>$Nas_Current<img src=\"img\up.gif\"></td> > <td>$Snp_Current<img src=\"img\dn.gif\"></td> > </tr> > </table> > > Which is faster? Which is better? Is there another way? > > Christopher J. Crane > Network Operations Manager > > IKON Office Solutions > 860.659.6464 > > >

attached mail follows:

I use to do it that way, but i like to be able to see it in Dreamweaver for more control, not so much Frontpage, I don't know how to use front page. I hope someone helps me figure this out.

"Peter" <newsaddresssaracenvsu.org.uk> wrote in message news:20020708204218.24454.qmailpb1.pair.com... > I understand what you're getting at, I'm not sure of the answer though. > I know it would stop you using FrontPage or Dreamweaver but if for example > you had > <?PHP > print "<HTML><HEAD><TITLE>Index page</TITLE></HEAD><BODY>"; > print "<P>Current: $_Current</P>"; > print "<P>Percent Change: $_ChangePercent</P>"; > print "</BODY></HTML>"; > ?> > You'd eliminate that problem. > > > "Christopher Crane" <CCraneIKON.com> wrote in message > news:91D948A579ADD4118F7900D0B7B9E3C307B8D25Chfd01-msx-03.ikon.org... > > I have a question on speed but also dealing with the method of scripting. > > I have a few pages where I get things like weather and stocks. I get the > > data, which is usually in the form of a Comma delimited string like the > > stock quotes from Yahoo.com. In the past, I also wrote a function to get > the > > data and split into variables like $S_Current, $S_ChangePercent, > > $S_ChangeDollar ect.... Then I would print out a whole HTML table with > the > > variables embedded within. This function was called from a PHP type web > > page. Lately, I have been making the variables global and using them when > I > > need them. For instance, I have a page called index.php. At the stock > > section of the page, I have a function that is called and returns the > major > > indices, like NASDAQ, DOW and S&P. I global the variables and then within > > the index.php page I called the variables as I need them in tables. This > > makes designing the page simple. I can do it in Frontpage or Dreamweaver > or > > whatever. The old way was to call the function and the function would > print > > out the HTML table as part of the function. > > > > I hope I am explaining this well enough to understand. Doing it the newer > > way for me with the global variables makes it easier to design the web > page, > > but I am wondering if it is at the cost of a slower page loading. The > reason > > I think this is whenever I would like to display a variable I have to put > in > > a script tag like <?PHP print $S_Current; ?>. I might have as many as 20 > of > > these on a page. Every time doesn't PHP have to start again and parse out > > this information causing it to be really slow? > > > > The old way was for me to call the function like <?PHP indices(); ?> and > > then the function would print out; > > <table> > > <tr> > > <td>Dow</td> > > <td>NASDAQ</td> > > <td>S & P</td> > > </tr> > > <tr> > > <td>$Dow_Current<img src=\"img\up.gif\"></td> > > <td>$Nas_Current<img src=\"img\up.gif\"></td> > > <td>$Snp_Current<img src=\"img\dn.gif\"></td> > > </tr> > > </table> > > > > Which is faster? Which is better? Is there another way? > > > > Christopher J. Crane > > Network Operations Manager > > > > IKON Office Solutions > > 860.659.6464 > > > > > > > >

attached mail follows:

On Mon, 8 Jul 2002, Crane, Christopher wrote: > I hope I am explaining this well enough to understand. Doing it the newer > way for me with the global variables makes it easier to design the web page, > but I am wondering if it is at the cost of a slower page loading. The reason > I think this is whenever I would like to display a variable I have to put in > a script tag like <?PHP print $S_Current; ?>. I might have as many as 20 of > these on a page. Every time doesn't PHP have to start again and parse out > this information causing it to be really slow?

You would have to have hundreds of thousands of them on the page in order for the speed difference to be noticeable to a human.

miguel

attached mail follows:

The only problem I see if projects are thrown to developers, is that the beginners will have less work... maybe it would be a good idea to divide it into two categories:

1) Developers for hire (local & foreign)

2) Projects to Develop (Interested developers *BID* at them)

> -----Original Message----- > From: Brian McGarvie [mailto:bmcgarvielennox-mckinlay.co.uk] > Sent: Monday, July 08, 2002 6:57 AM > To: PHP General List > Subject: RE: [PHP] is their a jobs mailing list? > > Yes... I agree... > > I would like formyself and anyothers interested if this was to go-ahead... > develop similar to but not as deep as and more importantly FREE version of > elance or something like that... > > Can anyone from PHP let us (this thread) know if this is a viable > prospect? > > > -----Original Message----- > > From: Chris Hewitt [mailto:g0paemanordat.demon.co.uk] > > Sent: 08 July 2002 10:42 AM > > To: PHP General List > > Subject: Re: [PHP] is their a jobs mailing list? > > > > > > As not all work involving PHP need be on a customer's site > > (the type of > > work that agencies deal with), I'd like to suggest that the site is > > flexible enough to offer PHP "work" in the broader sense, not just > > on-site contract/employment. E.g. an end customer can post that they > > need a particular piece of work done and ask for > > tenders/interested people. > > > > Chris > > > > Brian McGarvie wrote: > > > > >Yeh sure... > > > > > >I have worked on a recruitment site for a UK agency. > > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

I think a mailing list would be a good idea, but the job's always going to be awarded to the best person, and companies are more likely to go with someone experienced than someone cheap :o(

"César aracena" <icaamicaam.com.ar> wrote in message news:003401c226c0$8dc3a220$2fed0dd1gateway... > The only problem I see if projects are thrown to developers, is that the > beginners will have less work... maybe it would be a good idea to divide > it into two categories: > > 1) Developers for hire (local & foreign) > > 2) Projects to Develop (Interested developers *BID* at them) > > C. > > > -----Original Message----- > > From: Brian McGarvie [mailto:bmcgarvielennox-mckinlay.co.uk] > > Sent: Monday, July 08, 2002 6:57 AM > > To: PHP General List > > Subject: RE: [PHP] is their a jobs mailing list? > > > > Yes... I agree... > > > > I would like formyself and anyothers interested if this was to > go-ahead... > > develop similar to but not as deep as and more importantly FREE > version of > > elance or something like that... > > > > Can anyone from PHP let us (this thread) know if this is a viable > > prospect? > > > > > -----Original Message----- > > > From: Chris Hewitt [mailto:g0paemanordat.demon.co.uk] > > > Sent: 08 July 2002 10:42 AM > > > To: PHP General List > > > Subject: Re: [PHP] is their a jobs mailing list? > > > > > > > > > As not all work involving PHP need be on a customer's site > > > (the type of > > > work that agencies deal with), I'd like to suggest that the site is > > > flexible enough to offer PHP "work" in the broader sense, not just > > > on-site contract/employment. E.g. an end customer can post that they > > > need a particular piece of work done and ask for > > > tenders/interested people. > > > > > > Chris > > > > > > Brian McGarvie wrote: > > > > > > >Yeh sure... > > > > > > > >I have worked on a recruitment site for a UK agency. > > > > > > > > > > > > > -- > > > PHP General Mailing List (http://www.php.net/) > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php >

attached mail follows:

Well, if someone offers his/her services lets say in Panama and it's the only one there, a Company in Panama will try to talk to this person first... Not the same as in New York City I guess, but it can give work to many unknown people from across the street... right?

> -----Original Message----- > From: Peter [mailto:newsaddresssaracenvsu.org.uk] > Sent: Tuesday, July 09, 2002 2:01 AM > To: php-generallists.php.net > Subject: Re: [PHP] is their a jobs mailing list? > > I think a mailing list would be a good idea, but the job's always going to > be awarded to the best person, and companies are more likely to go with > someone experienced than someone cheap :o( > > > "César aracena" <icaamicaam.com.ar> wrote in message > news:003401c226c0$8dc3a220$2fed0dd1gateway... > > The only problem I see if projects are thrown to developers, is that the > > beginners will have less work... maybe it would be a good idea to divide > > it into two categories: > > > > 1) Developers for hire (local & foreign) > > > > 2) Projects to Develop (Interested developers *BID* at them) > > > > C. > > > > > -----Original Message----- > > > From: Brian McGarvie [mailto:bmcgarvielennox-mckinlay.co.uk] > > > Sent: Monday, July 08, 2002 6:57 AM > > > To: PHP General List > > > Subject: RE: [PHP] is their a jobs mailing list? > > > > > > Yes... I agree... > > > > > > I would like formyself and anyothers interested if this was to > > go-ahead... > > > develop similar to but not as deep as and more importantly FREE > > version of > > > elance or something like that... > > > > > > Can anyone from PHP let us (this thread) know if this is a viable > > > prospect? > > > > > > > -----Original Message----- > > > > From: Chris Hewitt [mailto:g0paemanordat.demon.co.uk] > > > > Sent: 08 July 2002 10:42 AM > > > > To: PHP General List > > > > Subject: Re: [PHP] is their a jobs mailing list? > > > > > > > > > > > > As not all work involving PHP need be on a customer's site > > > > (the type of > > > > work that agencies deal with), I'd like to suggest that the site is > > > > flexible enough to offer PHP "work" in the broader sense, not just > > > > on-site contract/employment. E.g. an end customer can post that they > > > > need a particular piece of work done and ask for > > > > tenders/interested people. > > > > > > > > Chris > > > > > > > > Brian McGarvie wrote: > > > > > > > > >Yeh sure... > > > > > > > > > >I have worked on a recruitment site for a UK agency. > > > > > > > > > > > > > > > > > -- > > > > PHP General Mailing List (http://www.php.net/) > > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > > > > > > > -- > > > PHP General Mailing List (http://www.php.net/) > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

ðÒÉ×ÅÔ!

Peter wrote: > I think a mailing list would be ...

I think the basic question is WHERE this thing will be. HOW it works becomes a secondary decision, once you know whether it makes sense to spend time on the project or not.

IF php.net wants to add up a job-oriented location this makes sense and can be discussed in depth. As for myself I can throw in a few ours a day of my scarce time (beginning in autumn). It's a nice way for offshore companies like ours to make themselves visible so it's totally worth the effort.

IF this is going to be the 1 billionth indipendent effort to capture audience share you must ask yourself first whether you can reasonably expect yourself to be able to position this site into a visible place. You hardly will have the money needed to support full-time marketing activity (we all already have quite a lot of things to do and tend to work on sundays anyway).

So I guess the first question is: do PHP.NET people need/want this thing?

ÐÏËÁ áÌØÂÅÒÔÏ ëÉÅ×

-_=}{=_--_=}{=_--_=}{=_--_=}{=_--_=}{=_--_=}{=_--_=}{=_-

LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu? lOrD i'M sHiNiNg... YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE tHe TeSt, YeS iT iS ThE tEsT, yEs It Is tHe TeSt, YeS iT iS ThE tEsT, yEs It Is.......

attached mail follows:

> > If someone has any idea, please let me know > I would strongly suggest that you use a PDF class of some sort. There're > quite a few available. I've had good results with pc4p.

Typically, most PDF classes require that it be working from some sort of static template. If that is fine, then definitely check out any of the PDF classes out there. If you can't use a static template, check out an app called "htmldoc". I use it here with great success.

Chris

attached mail follows:

I needed to create invoices, one per page, that could be printed, and chose to use http://www.fpdf.org/.

It was easy to take my HTML formated output and change it to PDF.

HTH,

Peter Janett

New Media One Web Services ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ New Upgrades Are Now Live!!! Windows 2000 accounts - Cold Fusion 5.0 and Imail 7.1 Sun Solaris (UNIX) accounts - PHP 4.1.2, mod_perl/1.25, Stronghold/3.0 (Apache/1.3.22), MySQL 3.23.43 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ PostgreSQL coming soon!

http://www.newmediaone.net webmasternewmediaone.net (303)828-9882

----- Original Message ----- From: "Chris Boget" <chriswild.net> To: <php-generallists.php.net>; <php-dblists.php.net> Sent: Monday, July 08, 2002 2:53 PM Subject: Re: [PHP-DB] PDF

> > > If someone has any idea, please let me know > > I would strongly suggest that you use a PDF class of some sort. There're > > quite a few available. I've had good results with pc4p. > > Typically, most PDF classes require that it be working from some sort of > static template. If that is fine, then definitely check out any of the PDF > classes out there. If you can't use a static template, check out an app > called "htmldoc". I use it here with great success. > > Chris > > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >

attached mail follows:

I have an array that I want to store in a field of a mysql db. I've got it set as type text currently, but when I retrieve it, I can't get the arrary to parse.

If I look at the listings in the mysql cli, it just says "Array" for that field.

Here's my retrieval code:

$storyid = $_REQUEST['storyid'];

$db = mysql_connect("localhost", "user", "pass") or die ("Could Not connect to db."); mysql_select_db("storiestest", $db) or die("Could not select database."); $query = "SELECT * FROM ADGstories WHERE (storyid='$storyid')"; $results = mysql_query($query, $db); $num_results = mysql_num_rows($results); for ($i=0; $i < $num_results; $i++) { $row = mysql_fetch_array($results); while ($element = each($row)) { echo $element["key"]; echo ": "; echo $element["value"]; echo "<br>\n"; $varname = $element["key"]; $$varname = $element["value"]; } echo "<h2>$headline</h2>\n <p class='byline'>$byline</p>\n"; // just as a test, not looping through the array. Loop code not included. echo "<p class='bodycopy'>$bodycopy[0]</p>\n"; }

Even with the version at the end there, I get "A" echoed to the screen.

If I try a print_r($bodycopy), it says "Array".

Where did I screw up?

Thanks!

Steven

-- Steven Jarvis Web Publishing Manager/Web Developer NWAnews.com: Arkansas Democrat-Gazette, Northwest Edition Northwest Arkansas Times Benton County Daily Record

attached mail follows:

You can store arrays as strings with..

$str = serialize($ary);

.. and turn a serialized string back into an array with..

$ary = unserialize($str);

The string can be stored in either a TEXT or TINYTEXT field. Is this what you wanted to know? I had trouble following your code after the for loop. $headline, $byline and $bodycopy are variable names stored in the database?

-Kevin

----- Original Message ----- From: "Steven Jarvis" <stevenjnwanews.com> To: <php-generallists.php.net> Sent: Monday, July 08, 2002 3:23 PM Subject: [PHP] storing an array in mysql - what's the best data type?

> I have an array that I want to store in a field of a mysql db. I've got > it set as type text currently, but when I retrieve it, I can't get the > arrary to parse. > > If I look at the listings in the mysql cli, it just says "Array" for > that field. > > Here's my retrieval code: > > $storyid = $_REQUEST['storyid']; > > $db = mysql_connect("localhost", "user", "pass") or die ("Could Not > connect to db."); > mysql_select_db("storiestest", $db) or die("Could not select database."); > $query = "SELECT * FROM ADGstories WHERE (storyid='$storyid')"; > $results = mysql_query($query, $db); > $num_results = mysql_num_rows($results); > > for ($i=0; $i < $num_results; $i++) > { > $row = mysql_fetch_array($results); > while ($element = each($row)) > { > echo $element["key"]; > echo ": "; > echo $element["value"]; > echo "<br>\n"; > > $varname = $element["key"]; > $$varname = $element["value"]; > } > > echo "<h2>$headline</h2>\n > <p class='byline'>$byline</p>\n"; > > // just as a test, not looping through the array. Loop code not > included. > echo "<p class='bodycopy'>$bodycopy[0]</p>\n"; > } > > Even with the version at the end there, I get "A" echoed to the screen. > > If I try a print_r($bodycopy), it says "Array". > > Where did I screw up? > > Thanks! > > Steven > > -- > Steven Jarvis > Web Publishing Manager/Web Developer > NWAnews.com: > Arkansas Democrat-Gazette, Northwest Edition > Northwest Arkansas Times > Benton County Daily Record > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >

attached mail follows:

On Mon, Jul 08, 2002 at 04:23:08PM -0500, Steven Jarvis wrote: > > $row = mysql_fetch_array($results); > while ($element = each($row))

Nay! Combine those two rows into this:

while ($element = mysql_fetch_array($results) ) {

--Dan

-- PHP classes that make web design easier SQL Solution | Layout Solution | Form Solution sqlsolution.info | layoutsolution.info | formsolution.info T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y 4015 7 Av #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409

attached mail follows:

I have a medium sized project that I'm started in PHP and mySQL. I think an object-orientated approach may be the best to reduce the amount of code. My question is if I'm using PHP should I even try to do it an object-orientated manner. I've seen some posts that say that doing it this way will really slow down PHP and that if you're doing OO you should really do it in a language like Java.

attached mail follows:

oh, mucho disagree-o.

i dunno, maybe the people who say that it will slow you down have HUGE projects, and HUGE classes with hundreds of member variables, but i use OO for all the DB interactions (i have a class with get, update, insert, delete methods, etc. for each table) and i think it works just fine. i even wrote a script to generate those classes, so if the DB structure changes, i only have very minimal code editing.

maybe if you're holding hundreds of big classes in memory at a time, this could give you a problem, but even if a user is looking at a data set that has thousands of results, you're not going to be showing them all on a page at once, so you don't need them in memory.... just be smart about your queries.

even with all the data being in objects, and lots of those objects in memory, i don't see a big difference.

my $.02

jerome

>From: "CM" <chillman80hotmail.com> > >I have a medium sized project that I'm started in PHP and mySQL. I think >an >object-orientated approach may be the best to reduce the amount of code. >My question is if I'm using PHP should I even try to do it an >object-orientated manner. I've seen some posts that say that doing it this >way will really slow down PHP and that if you're doing OO you should really >do it in a language like Java.

_________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com

attached mail follows:

Hello,

On 07/08/2002 06:56 PM, Cm wrote: > I have a medium sized project that I'm started in PHP and mySQL. I think an > object-orientated approach may be the best to reduce the amount of code. > My question is if I'm using PHP should I even try to do it an > object-orientated manner. I've seen some posts that say that doing it this > way will really slow down PHP and that if you're doing OO you should really > do it in a language like Java.

Non-sense. You can do OOP in PHP just fine, just differently than you would do some things in Java. That did not stop thousands of people using hundreds of PHP classes written in by many PHP developers and made available here for free:

http://www.phpclasses.org/

Regards, Manuel Lemos

attached mail follows:

ðÒÉ×ÅÔ!

Manuel Lemos wrote: > Hello, > > On 07/08/2002 06:56 PM, Cm wrote: > >> I have a medium sized project that I'm started in PHP and mySQL. I >> think an >> object-orientated approach may be the best to reduce the amount of code. >> My question is if I'm using PHP should I even try to do it an >> object-orientated manner. I've seen some posts that say that doing it >> this >> way will really slow down PHP and that if you're doing OO you should >> really >> do it in a language like Java. > > > Non-sense. You can do OOP in PHP just fine, just differently than you > would do some things in Java. That did not stop thousands of people > using hundreds of PHP classes written in by many PHP developers and made > available here for free: > > http://www.phpclasses.org/

We do OOP and never noticed a performance downgrade, right the opposite. Again, *any* tech solution will downgrade performance if unproperly coded. If you can do efficient OOP you can do it in whatever language you choose (well, maybe smalltalk and java qualify as an exception LOL)

I won't repeat the usual warnings about correct OOP in itself as it's OT here. Just watch out *PHP returns copies from the assignement operator = and not references*. That's it. Once you know that, you know everything. Learn to use the & sign when you need a reference (which *is* slower, so use it only when needed) and everything will be just fine. And *much* quicker than any java OOP will ever be.

ðÏËÁ áÌØÂÅÒÔÏ ëÉÅ×

-_=}{=_--_=}{=_--_=}{=_--_=}{=_--_=}{=_--_=}{=_--_=}{=_-

attached mail follows:

The only problem is that this page isn't completely dynamic. For example, column #3 should automatically update when column #2 changes. Plus, imagine what happens when the page and the form both become more complex.

I guess I'm just spouting off my opinion that Javascript is the easier solution - even though I'd prefer PHP to handle everything for me.

-----Original Message----- Here's a simple quick code (partial) how I'd do it on one php page:

http://photography-on-the.net/php/3_choice_select.php

**************************************************************************** This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message. Thank you very much.

attached mail follows:

Stefen,

There is no built-in way to do what you are speaking about here (that I know of), but there is a pretty easy technique. However, even this requires a lot of work to integrate into your existing code, but it will ease all future additions and maintenance.

Keep a variable called something like $next_query_string (so you don't confuse it with the current one - you can just use $query or something if you prefer brevity), and keep up with any and all variables that you may need to include in all of your external links to other affiliated sites.

For example:

$next_query_string="sid=1234567";

For all links where you're wanting to include the session ID in the URL, build them as follows:

I'm sure this seems like just as much work, but once in place, your development will be much easier.

This will also allow you to add conditional logic to which sites receive the "special sauce" in their URL. :-)

if (in_array("www.site3.com", $hosts_allow)) { ?> <a href="http://www.site3.com/<? echo $next_query_string; ?>">Site 3</a> <? } else { ?> <a href="http://www.site3.com/">Site 3</a> <? }

This will also allow you to make global changes to how you handle this cross-domain session management. I wrote an extensive CDSM specification for the USPS to use (if you ever notice, many of their "services" are not in the usps.com domain) that leverages the HTTP protocol to maintain *some* security. I would recommend that you also consider passing additional information on the URL that is, for example, some encrypted information about the client that would at least be somewhat challenging to spoof. This would make it more difficult for someone to impersonate your user, since more than just the session ID on the URL would be necessary. How secure you want to make this needs to be balanced with your performance requirements, of course, because checks do take time.

Just a suggestion.

Happy hacking.

Chris

Stefen Lars wrote:

> Hello all fellow-hackers > > I am working on a project that includes a number of web sites, which > are grouped together into one network. Kind of like the 'OSDN' > network, of which Slashdot.org, for example, is a member.

attached mail follows:

I made an error in my explanation (below). The reason you don't want to include the query string separator character in your variable is to allow flexibility with the types of URLs you can easily integrate this in with. My example should have looked like this:

The same conditional logic can be used. This allows for URLs that already have a query string to be addressed as follows:

Happy hacking.

Chris

Chris Shiflett wrote:

> Stefen, > > There is no built-in way to do what you are speaking about here (that > I know of), but there is a pretty easy technique. However, even this > requires a lot of work to integrate into your existing code, but it > will ease all future additions and maintenance. > > Keep a variable called something like $next_query_string (so you don't > confuse it with the current one - you can just use $query or something > if you prefer brevity), and keep up with any and all variables that > you may need to include in all of your external links to other > affiliated sites. > > For example: > > $next_query_string="sid=1234567"; > > For all links where you're wanting to include the session ID in the > URL, build them as follows: > > <a href="http://www.site3.com/<? echo $next_query_string; ?>">Site 3</a> > > I'm sure this seems like just as much work, but once in place, your > development will be much easier. > > This will also allow you to add conditional logic to which sites > receive the "special sauce" in their URL. :-) > > if (in_array("www.site3.com", $hosts_allow)) > { > ?> > <a href="http://www.site3.com/<? echo $next_query_string; ?>">Site 3</a> > <? > } > else > { > ?> > <a href="http://www.site3.com/">Site 3</a> > <? > } > > This will also allow you to make global changes to how you handle this > cross-domain session management. I wrote an extensive CDSM > specification for the USPS to use (if you ever notice, many of their > "services" are not in the usps.com domain) that leverages the HTTP > protocol to maintain *some* security. I would recommend that you also > consider passing additional information on the URL that is, for > example, some encrypted information about the client that would at > least be somewhat challenging to spoof. This would make it more > difficult for someone to impersonate your user, since more than just > the session ID on the URL would be necessary. How secure you want to > make this needs to be balanced with your performance requirements, of > course, because checks do take time. > > Just a suggestion. > > Happy hacking. > > Chris > > Stefen Lars wrote: > >> Hello all fellow-hackers >> >> I am working on a project that includes a number of web sites, which >> are grouped together into one network. Kind of like the 'OSDN' >> network, of which Slashdot.org, for example, is a member. > > > >

attached mail follows:

Hello Chris

And thank you for your comments and suggestions.

I think that the solution you offer is a great idea. However, in my case, I may not be able to implement it as I, as the webmaster, do not always get the chance to add ‘$next_query_string’ to the a href. Some of the cross-site links are added to discussion forums by the users.

I will try making a wrapper function that makes the ‘special sauce’ links in the normal body of the pages. That will just leave the cross site links in the forum. May be I will be able to implement a special solution for the forum…

May I asked what ‘CDSM specification’ is… I am not familiar with the term.

Thanks again for your comments. They have been really helpful to me.

Stefen

>From: Chris Shiflett <shiflettphp.net> >To: Chris Shiflett <shiflettphp.net> >CC: Stefen Lars <stefenlarshotmail.com>, php-generallists.php.net >Subject: Re: [PHP] Cross-Site Sesison ID Propagation >Date: Mon, 08 Jul 2002 17:31:02 -0500 > >I made an error in my explanation (below). The reason you don't want to >include the query string separator character in your variable is to allow >flexibility with the types of URLs you can easily integrate this in with. >My example should have looked like this: > ><a href="http://www.site3.com/?<? echo $next_query_string; ?>">Site 3</a> > >The same conditional logic can be used. This allows for URLs that already >have a query string to be addressed as follows: > ><a href="http://www.site3.com/index.php?task=incoming&<? echo >$next_query_string; ?>">Site 3</a> > >Happy hacking. > >Chris > >Chris Shiflett wrote: > >>Stefen, >> >>There is no built-in way to do what you are speaking about here (that I >>know of), but there is a pretty easy technique. However, even this >>requires a lot of work to integrate into your existing code, but it will >>ease all future additions and maintenance. >> >>Keep a variable called something like $next_query_string (so you don't >>confuse it with the current one - you can just use $query or something if >>you prefer brevity), and keep up with any and all variables that you may >>need to include in all of your external links to other affiliated sites. >> >>For example: >> >>$next_query_string="sid=1234567"; >> >>For all links where you're wanting to include the session ID in the URL, >>build them as follows: >> >><a href="http://www.site3.com/<? echo $next_query_string; ?>">Site 3</a> >> >>I'm sure this seems like just as much work, but once in place, your >>development will be much easier. >> >>This will also allow you to add conditional logic to which sites receive >>the "special sauce" in their URL. :-) >> >>if (in_array("www.site3.com", $hosts_allow)) >>{ >>?> >><a href="http://www.site3.com/<? echo $next_query_string; ?>">Site 3</a> >><? >>} >>else >>{ >>?> >><a href="http://www.site3.com/">Site 3</a> >><? >>} >> >>This will also allow you to make global changes to how you handle this >>cross-domain session management. I wrote an extensive CDSM specification >>for the USPS to use (if you ever notice, many of their "services" are not >>in the usps.com domain) that leverages the HTTP protocol to maintain >>*some* security. I would recommend that you also consider passing >>additional information on the URL that is, for example, some encrypted >>information about the client that would at least be somewhat challenging >>to spoof. This would make it more difficult for someone to impersonate >>your user, since more than just the session ID on the URL would be >>necessary. How secure you want to make this needs to be balanced with your >>performance requirements, of course, because checks do take time. >> >>Just a suggestion. >> >>Happy hacking. >> >>Chris >> >>Stefen Lars wrote: >> >>>Hello all fellow-hackers >>> >>>I am working on a project that includes a number of web sites, which are >>>grouped together into one network. Kind of like the 'OSDN' network, of >>>which Slashdot.org, for example, is a member. >> >> >> >>

_________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com

attached mail follows:

Stefen Lars wrote:

> I think that the solution you offer is a great idea. However, in my > case, I may not be able to implement it as I, as the webmaster, do not > always get the chance to add '$next_query_string' to the a href. Some > of the cross-site links are added to discussion forums by the users.

In that case, it might be worth looking into Apache's mod_rewrite by Ralph Engelschall. However, being able to wrap this up cleanly in the way you are wanting is going to require some fairly sophisticated coding on your part. Someone else can maybe give more direction in this area, as you might have access to some API functions in Apache to where you could write your own PHP extension and at least stay within the realm of PHP. This is, however, beyond my area of expertise, so I won't try to offer suggestions here. I do think this is the right tool to research to at least get you started.

> May I asked what 'CDSM specification' is... I am not familiar with the > term.

CDSM is just an acronym cross-domain session management. Sorry for being ambiguous. I hate when people do that. :-)

Happy hacking.

Chris

attached mail follows:

I'm working on a simple content management system that uses PHP and MySQL for updating a web site's text (stored in a MySQL database). (The PHP scripts that do the updating (my stuf) live on one web server, the actual DB data to be updated (my client's stuff) live on another.) So far, I've only had to he able to update the text content of a site--therefore, I've only had to bother to store textual data in the client's DB. But now the client wants to be able to upload/change/delete certain pictures on their web site--using my CMS tool--so I am faced with the following problem:

Do I store all such images in the DB? (Which I understand reduces performance.)

Or do I--somehow--store the images as files on the client's web server? And if so, how? (Because my PHP scripts are being executed on a different server.)

...Rene

--- René Fournier, rene

smartslitters.com

Toll-free +1.888.886.2754 Tel +1.403.291.3601 Fax +1.403.250.5228 www.smartslitters.com

SmartSlitters International #33, 1339 - 40th Ave NE Calgary AB T2E 8N6 Canada

attached mail follows:

if the images are not to big I would recommend saving them to blobs. It saves you a lot of work, since you have to think about lots of stuff. Even a garbage collector should be programmed since there is not a transaction possibility between FS and DB.

Andy

"René fournier" <renesmartslitters.com> schrieb im Newsbeitrag news:D8A91334-92C2-11D6-B0D7-0003931DAC94smartslitters.com... I'm working on a simple content management system that uses PHP and MySQL for updating a web site's text (stored in a MySQL database). (The PHP scripts that do the updating (my stuf) live on one web server, the actual DB data to be updated (my client's stuff) live on another.) So far, I've only had to he able to update the text content of a site--therefore, I've only had to bother to store textual data in the client's DB. But now the client wants to be able to upload/change/delete certain pictures on their web site--using my CMS tool--so I am faced with the following problem:

Do I store all such images in the DB? (Which I understand reduces performance.)

Or do I--somehow--store the images as files on the client's web server? And if so, how? (Because my PHP scripts are being executed on a different server.)

...Rene

--- René Fournier, rene

smartslitters.com

Toll-free +1.888.886.2754 Tel +1.403.291.3601 Fax +1.403.250.5228 www.smartslitters.com

SmartSlitters International #33, 1339 - 40th Ave NE Calgary AB T2E 8N6 Canada

attached mail follows:

On Mon, Jul 08, 2002 at 04:34:20PM -0600, René Fournier wrote: > > Do I store all such images in the DB? (Which I understand reduces > performance.)

You can, but it's a pain and inefficient.

> Or do I--somehow--store the images as files on the client's web server? > And if so, how? (Because my PHP scripts are being executed on a > different server.)

Images don't have to be served from one the page is on. Use a fully qualified URI in the img src.

--Dan

attached mail follows:

Rene:

I think a good deal depends on the size of the image files themselves. There are a number of apps that store small files (i.e.: icons, small gif's, etc.), which seems to make sense.

Larger files may be problematic. There was quite a discussion on this issue here just last week ... do a search of the list archive for 'blob versus file' and read some informed opinions.

Gerald Jensen

----- Original Message ----- From: "René Fournier" <renesmartslitters.com> To: <php-generallists.php.net>; <mysqllists.mysql.com> Sent: Monday, July 08, 2002 5:34 PM Subject: Storing images in MySQL bad idea, performance-wise?

Do I store all such images in the DB? (Which I understand reduces performance.)

Or do I--somehow--store the images as files on the client's web server? And if so, how? (Because my PHP scripts are being executed on a different server.)

...Rene

--- René Fournier, rene

smartslitters.com

Toll-free +1.888.886.2754 Tel +1.403.291.3601 Fax +1.403.250.5228 www.smartslitters.com

SmartSlitters International #33, 1339 - 40th Ave NE Calgary AB T2E 8N6 Canada

--------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive)

To request this thread, e-mail <mysql-thread114056lists.mysql.com> To unsubscribe, e-mail <mysql-unsubscribe-autodata=execpc.comlists.mysql.com> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

attached mail follows:

Sablotron seems not to like, when in my xsl file occurs "not good" html, like <IMG ...> (without closing tag), so how can I deal with this problem?!!! Checking and fixing all my HTML , which I want to use in XSL is not the way for me..., so I really HAVE to produce bad "not XML like" HTML, so I'll have to keep it in my XSL files, and Sablotron doesnt like that!!!

Is there any way OUT?!!!

attached mail follows:

The way out is to write standards compliant markup (meaning 'good' HTML). Read the RFCs, use a validator, Sablotron will stop complaining. (eg: <img src="path/to/image" /> ) <- (note method to close an image tag)

..mike..

On Mon, 2002-07-08 at 16:52, Markas wrote: > Sablotron seems not to like, when in my xsl file occurs "not good" html, > like <IMG ...> (without closing tag), so how can I deal with this > problem?!!! Checking and fixing all my HTML , which I want to use in XSL is > not the way for me..., so I really HAVE to produce bad "not XML like" HTML, > so I'll have to keep it in my XSL files, and Sablotron doesnt like that!!! > > Is there any way OUT?!!! > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

>>>How do you know their certificate hasn't been stolen, and they haven't even >figured it out yet? How do you know they were trustworthy people in the >first place?<< > >Why do you ASSUME that they're NOT trustworthy people? Do you go through >your entire life in that shell?

Everybody gets a limited amount of trust extended to them, for "free"

That amount is NOWHERE NEAR the trust where I hand them my credit card number.

Do you hand your credit-card to random people in the street?

With a brick-and-mortar retail establishment, I can tell a lot from location, size, even the "look" of the store -- I also know, right off the bat, that they've invested a *TON* of money and won't be able to make it back in a short-time con.

With a web-site, I can tell: They paid $119 to somebody for the CA. They paid $20/month or so to somebody else. They maybe paid somebody to design/build the site, or a turn-key system, or...

That really doesn't tell me a whole lot.

I don't know:

They aren't storing my credit card number in their database "just temporarily" while we process it. [I've had to fix this error a couple times myself, and I hate doing shopping carts. Too boring. I quit doing them. I can't imagine how many times a shopping cart "regular" has walked into this situation.]

They aren't using a badly-designed system where my CC# appears in "ps auxwwww" output.

They aren't using a badly-designed system where the CC# is stored on the disk during processing. [Hint -- Last I checked, Linkpoint's PHP interface did this. Guess what happens when you get a network time out or the script fails for some reason? Your CC# is left hanging around in that file. Sure, if the instructions were followed, only root can read it... If the server hasn't been hacked. If, if, if...]

The scripts that process my CC # have correct permissions, and are accessible only to one, okay, *two* people to avoid somebody inserting a back-door.

The list of failure points is endless, and I *STILL* don't even trust that randomsite.com has had any kind of background check carried out by the people issuing Certifcates. Jeez, people -- We're talking one of the major players is MICROSOFT! Do you trust them with Security?!

I've seen too many bad home-brew shopping carts to have any faith in them. I still shop on-line, but rely on the fact that I can only get dinged for $50, and we'll all be paying even higher interest rates next year. I have no trust that my CC# isn't being exposed.

>>>The more I think about this, the more I agree with people who just won't do >eCommerce at all...<<

Hey, I'm not saying I don't shop on-line. I'm saying I have no faith that I won't be calling up the credit card company and canceling the stolen account much faster than at a traditional store.

I have no faith that the e-theft of credit cards won't raise my interest rates.

The CC companies have already proven that they will accept an inordinately high level of theft and just pass on the cost to consumers. What do they care what your interest rates are?

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

Folks:

Allow me to emphasize Richard's point about not trusting certificate authorities. I have an SSL certificate. It was fairly simple to get, despite several discrepancies in my documentation.

While it made things easier for me, which I'm thankful for. Fortunately, I'm a legitimate operator. But, it certainly demonstrates that subverting the process for nefarious reasons is a piece of cake.

Enjoy,

--Dan

attached mail follows:

On Mon, 8 Jul 2002, Analysis & Solutions wrote: > Allow me to emphasize Richard's point about not trusting certificate > authorities. I have an SSL certificate. It was fairly simple to get, > despite several discrepancies in my documentation. > > While it made things easier for me, which I'm thankful for. Fortunately, > I'm a legitimate operator. But, it certainly demonstrates that subverting > the process for nefarious reasons is a piece of cake.

But you're both ignoring the actual significant point (which I already made at great length, and feel somewhat like a sap for repeating):

Having a certificate signed by a recognized certificate authority provides at least some guarantee that you are communicating with the named party using somewhat reliable encryption.

On the other hand, if you connect with a remote site that has a self-signed certificate, it's little better than using cleartext to port 80; almost anyone who would realistically have been in a position to snoop on your HTTP traffic is also in a position to intercept and decode your HTTPS traffic by masquerading as the remote host. So what's the point?

Self-signed certificates only make sense if you able to securely distribute your signer's public key to your users in advance of the web transaction. This is fine for internal or staff use, but it is pretty unwieldy when you're dealing with the general public.

miguel

attached mail follows:

>I wrote a less-limited hex2dec function years ago, and threw it up on >Sklar, >or, uhhh, the *other* PHP code repository. There were really only two, >back >then... :-)

Another option would be the BC Math package which will let you compute arbitrarily large numbers, albeit a bit slower.

Just how big do the numbers get?...

-- Like Music? http://l-i-e.com/artists.htm

attached mail follows:

I am creating a message board (pretty standard) using php and mysql. In order to manage all the posts and replies I am using a treenode structure (so that I can recursively add, delete, display, etc...) Everything works so far (www.bleen.net/forum). I want to be able to display 10 posts (including relies in that count) at a time; then have a next link and display the next 10 (you've all seen it before). How do I modify a recursive function to stop and start? My display finction is listed below.

Thanks Alexander Ross

function display($row, $start = 0) { //display the tree if($this->m_postid<>0) { // if this is the empty root node skip displaying print "<tr><td bgcolor="; if ($row%2 == 0) print "'#cccccc'>"; else print "'#ffffff'>";

// indent replies to the depth of nesting

print "<img src='images/spacer.gif' height=22 width=".(22*$this->m_depth)." alt='' valign = bottom>"; print " <a name = $this->m_postid ><a href = 'view_post.php?postid=$this->m_postid'>"; if ($this->m_depth == 1) print "<b> '$this->m_title' - $this->m_poster <i>(".reformat_date($this->m_posted).")</i></b></a>"; else print "'$this->m_title' - $this->m_poster <i>(".reformat_date($this->m_posted).")</i></a>"; print "</td></tr>"; } // increment row counter to alternate colors $row++;

$num_children = count($this->m_childlist); for($i = 0; ($i<$num_children); $i++) { // call display on each of this node's children $row = $this->m_childlist[$i]->display($row); }

return ($row); }

attached mail follows:

howdy all my aim is to have a user submit a form and then from there replace cell colours with in a table. I'm referencing the cells by cell id's eg <tr> <td height="10" bgcolor=<? echo $bg; ?> id="ph1"><font size="-2" face="Arial, Helvetica, sans-serif">1</font> </td> <td height="10" bgcolor=<? echo $bg; ?> id="ph2"><font size="-2" face="Arial, Helvetica, sans-serif">2</font> </td> <td height="10" bgcolor=<? echo $bg; ?> id="ph3"><font size="-2" face="Arial, Helvetica, sans-serif">3</font> </td> <td height="10" bgcolor=<? echo $bg; ?> id="ph4"><font size="-2" face="Arial, Helvetica, sans-serif">4</font> </td> </tr> now using a switch statement eg switch( $bg ) { case "red": print( "#FF0000" ); break; //a few more colours in here default: print( "#FFFFFF" ); break; } what would be the best way to tell it what cell colours to replace on submit would it be an if, for or a do/while statement that would be the better option ( or any others that 4 that matter) if i wanted to have just the cells with the ids of ph2 & ph3 to be changed? Cheers Peter "the only dumb question is the one that wasn't asked"

attached mail follows:

Hi, I want to create a simple form and reteive the data and print it. I have done the following in Foo.php.

<form action="foo.php" method="post"> *Name: <input type="text" name="username"><br> *Email : <input type="text" name="email"><br> <input type="submit" name="submit" value="Submit me!"> </form> Note: * fields are necessary. <?php print $_POST[ 'username' ]; print $_REQUEST[ 'username' ]; import_request_variables( 'p', 'p_' ); print $p_username; ?>

The browser gives me error that undefined index 'usename'. Can anyone tell me what could be wrong as i am very new to HTML and PHP.

-Varsha

__________________________________________________ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com

attached mail follows:

On Mon, Jul 08, 2002 at 08:06:27PM -0700, Varsha Agarwal wrote: > > The browser gives me error that undefined index > 'usename'. Can anyone tell me what could be wrong as i > am very new to HTML and PHP.

I'll bet this is happening the first time you view the page. That's happening because you haven't submitted those variables from the form yet. Submit the form and they'll be there.

To have your script display correctly under both conditions, do a if/empty test on each key before displaying them.

if ( !empty($_POST['username']) ) { echo $_POST['username']; }

Another approach is to do a test at the top of the script. When it's empty, set the key to a blank string, which will avoid the unset key errors.

if ( empty($_POST['username']) ) { $_POST['username'] = ''; }

Enjoy,

--Dan

attached mail follows:

Varsha Agarwal said: > Hi, > I want to create a simple form and reteive the data > and print it. I have done the following in Foo.php. > > <form action="foo.php" method="post"> > *Name: <input type="text" name="username"><br> > *Email : <input type="text" name="email"><br> > <input type="submit" name="submit" value="Submit > me!"> > </form> > Note: * fields are necessary. > <?php > print $_POST[ 'username' ]; > print $_REQUEST[ 'username' ]; > > import_request_variables( 'p', 'p_' ); > print $p_username; > ?> > > The browser gives me error that undefined index > 'usename'. Can anyone tell me what could be wrong as i > am very new to HTML and PHP.

What version of php are you using? If it's pre v4.1.X then $_POST is not available and you should use $HTTP_POST_VARS instead. But the best thing to do is to upgrade to v4.2.1.

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.com.hk

attached mail follows:

I have a script which emails users from a website form,

I have just run the script and got the following in the email

A worm of many subjects \\\"The Klez\\\" worm arrives in an e-mail message with one of 120 possible subject lines. There are 18 different standard subject headings, including \\\"let\\

I have fixed this with stripslashes() but problem I am having is that If a ( ' ) is used in the email and I loose what ever is after '

Running php4.1.2 apache 2.0.36 RH 7.3

My script is

$emailbody = stripslashes($_POST["body"]); $emailbody = stripslashes($emailbody);

$emailsub = stripslashes($_POST["subject"]); $emailsub = stripslashes($emailsub);

$message = "To: From: xxxxx <xxxxxxxx> Subject: [xxxx] xxxxx - $emailsub BCC: xxxxxxxx"; $message .= "\n$emailbody"; $message .= "\n ------------------------------------------------------ ";

In the form I typed

This is a "test" this is a 'test'

And what I got in the email was

This is a "test" this is a

Has anyone a few pointers as to what I am missing...

Regards in advance

------------------------------------------------------------------------

--- Chris Kay Technical Support - Techex Communications Website: www.techex.com.au Email: chris.kay

techex.net.au Telephone: 1300 88 111 2 - Fax: (02) 9970 5788 Address: Suite 13, 5 Vuko Place, Warriewood, NSW 2102 Platinum Channel Partner of the Year - Request DSL - Broadband for Business ------------------------------------------------------------------------ ---

attached mail follows:

Chris (nice name),

Chris Kay wrote:

>A worm of many subjects \\\"The Klez\\\" worm arrives in an e-mail >

Anytime you see three backslashes in a row, the likely case is the addslashes() has been performed twice. For example, the following two iterations:

1. "The Klez" -> \"The Klez\" 2. \"The Klez\" -> \\\"The Klez\\\" (the \ is escaped as \\ and the " is escaped as \")

If your php.ini specifies that magic quotes are on, then that is likely the reason for one execution of stripslashes() that you might be overlooking. Otherwise, check your code carefully to ensure that you know when data has been escaped. A good habit is to use a strict naming convention to help you:

$clean_data=stripslashes($data);

>I have fixed this with stripslashes() but problem I am having is that >If a ( ' ) is used in the email and I loose what ever is after ' >

When you store this in the database, the single quote terminates the literal string:

$data="It's hot in Memphis!"; $sql_statement="insert into quotes values('$data');";

echo $sql_statement;

This will give you:

insert into quotes values ('It's hot in Memphis!);

As you can see, your string only consists of "It" at this point.

>$emailbody = stripslashes($_POST["body"]); >$emailbody = stripslashes($emailbody); >

Well, here's where you're executing stripslashes() twice. See above.

My suggestion is to not try to get your message into a variable that can be used in an SQL query and be sent in an email. You want these to use two different formats. For the email, leave the single quotes as they are; you don't want to see the escaped quotes. For inserting into the database, make sure they are escaped with stripslashes().

Happy hacking.

Chris

attached mail follows:

Chris (or should I be addressing Chris :) )

Chris S - I think you're confusing stripslashes w/ addslashes, but everything else I'm an agreement w/.

Chris K - Somewhere you've got addslashes twice. As mentioned, one of those might be in your php.ini file. That's why you need to stripslashes() twice...

-----Original Message----- From: Chris Shiflett [mailto:shiflettphp.net] Sent: Tuesday, July 09, 2002 1:54 PM To: Chris Kay Cc: PHP General List Subject: Re: [PHP] Stripslashes help

Chris (nice name),

Chris Kay wrote:

>A worm of many subjects \\\"The Klez\\\" worm arrives in an e-mail >

Anytime you see three backslashes in a row, the likely case is the addslashes() has been performed twice. For example, the following two iterations:

1. "The Klez" -> \"The Klez\" 2. \"The Klez\" -> \\\"The Klez\\\" (the \ is escaped as \\ and the " is escaped as \")

$clean_data=stripslashes($data);

>I have fixed this with stripslashes() but problem I am having is that >If a ( ' ) is used in the email and I loose what ever is after ' >

When you store this in the database, the single quote terminates the literal string:

$data="It's hot in Memphis!"; $sql_statement="insert into quotes values('$data');";

echo $sql_statement;

This will give you:

insert into quotes values ('It's hot in Memphis!);

As you can see, your string only consists of "It" at this point.

>$emailbody = stripslashes($_POST["body"]); >$emailbody = stripslashes($emailbody); >

Well, here's where you're executing stripslashes() twice. See above.

Happy hacking.

Chris

attached mail follows:

Martin Towell wrote:

>Chris S - I think you're confusing stripslashes w/ addslashes, but >everything else I'm an agreement w/. >

You're absolutely right. *blush*

Chris K - Ignore my last paragraph, and everything else should make at least partial sense. :-)

Ignore this:

>Well, here's where you're executing stripslashes() twice. See above. > >My suggestion is to not try to get your message into a variable that can >be used in an SQL query and be sent in an email. You want these to use >two different formats. For the email, leave the single quotes as they >are; you don't want to see the escaped quotes. For inserting into the >database, make sure they are escaped with stripslashes(). >

Happy hacking.

Chris

attached mail follows:

Folks:

I just setup a Redhat/Apache/PHP box for testing purposes as I develop some PHP websites. The weird thing, is that the server takes FOREVER to respond when I make a very simple error in the code. On other servers it comes up with a 'Parse Error' message immediately, but not so with this box.

For example, I made a page with the following code:

<? echo "I'm making a purposeful mistake"; echo "The semi-colon is missing at the end of this line" echo "Now I'm going on"; ?>

When I requested this page with my browser, I started my stopwatch and waited. The little blue progress bar started moving, but ever so slowly. 3 minutes later (!!!!) I got the error message:

Parse error: parse error, expecting `','' or `';'' in /var/www/html/test.php on line 4

Now why didn't that come up immediately?! Any help is appreciated.

Thanks,

Joseph

attached mail follows:

I am hoping that someone can help can japanese user input into my pgsql database ...

I am still having trouble but am sure it is a simple thing; something about mbstring probably.

I tried to directly insert user input into my DB but I got the following error:

Warning: PostgreSQL query failed: ERROR: Invalid EUC_JP character sequence found (0x8140) in /www/htdocs/test.php on line 31

So I assumed that I should first convert user input into EUC-JP.

I wrote some PHP code to do this but my original user input gets mangled.

I am including the output from my test code and the code at the end of this email.

Can someone spot what my error/problem is?

PHP ouput as shown in browser (N6.2) ------------------------------------

$_POST["textfield"] : 111$B$"$$$&$($*!!4A;z$R$i$,$J(B1235 CONVERT "auto" to EUC-JP : 111$B!"!V!"!"!"%r!"%#!"%'!#!#%(%A%5yh%a!"r&%c!"%O(B1235

mb_internal_encoding() : EUC-JP mb_detect_order() : ASCII, JIS, UTF-8, EUC-JP, SJIS

mb_http_input() : FALSE mb_http_input():

-----------

input encoding is : pass

PHP code I wrote: -----------------

<?php

$input = $_POST["textfield"];

// convert the user input into EUC-JP (detect user's encoding // automatically)

$new = mb_convert_encoding($input, "EUC-JP", "auto");

// output original input and converted input to screen // this doesn't work as the original input gets mangled

echo("<PRE>"); echo("<BR>\$_POST[\"textfield\"] : ".$input."<BR>"); echo("CONVERT \"auto\" to EUC-JP : ".$new."<BR>");

// the following outputs mbstring settings to the screen echo("<BR>mb_internal_encoding() : ".mb_internal_encoding()."<BR>"); echo("mb_detect_order() : ".implode(", ", mb_detect_order())."<BR>");

// What is the value of the HTTP input conversion? // I get a return of "false" which is really strange // it should be "auto" since that is the setting in my // php.ini file, and also what phpinfo() says

$enc = mb_http_input("P"); if ($enc == false) echo("<BR>mb_http_input() : FALSE<BR>"); echo("mb_http_input(): $enc<BR>");

echo("<BR>-----------<BR>");

// Here I check to see what encoding PHP thinks the // input is in. I get a value of "pass" which is alse // strange since it is not a valid return value!

$interenc = mb_internal_encoding(); $inputenc = mb_convert_variables($interenc, "", $input);

echo("<BR>input encoding is : ".$inputenc."<BR>");

echo("</PRE>"); ?>

attached mail follows:

ðÒÉ×ÅÔ!

Jean-Christian Imbeault wrote: > Warning: PostgreSQL query failed: ERROR: Invalid EUC_JP character > sequence found (0x8140) in /www/htdocs/test.php on line 31 > > So I assumed that I should first convert user input into EUC-JP.

Now, let's make sure we have a clear background: 1) japanese chars come in three flavours: a) ISO-2022-JP (the one you are using yourself) b) SHIFT-JIS c) EUC-JP 2) your database setting requires you input in c) style while you present it values in a) style.

if all that describes your problem you have two ways out of it, which I cannot evaluate myself (no personal knowledge of the differences among the three charsets).

*Database configuration* if possible, turn your Postgres configuration into one that will all three charsets (this will leave you with mixed input, though, and it will kill your chances to do a search in your db later) *charset forcing* have your input page always delivered in standard format, that is, just one charset. This will free you from charset trouble when doing the query, but might end up in having all of your forms showing out with a different charset, if your site uses mixed charset output.

I usually use the charset approach, because russian all flavours contain the same set of characters, it's just a different way of coding them. But this solution is not so painless when ported to charset that might be "simplified" (like chinese) or not. AFAIK Japanese should be a syllabic alphabeth, so probably you can do that just as I can.

If you need to have your pages using a given charset (that is, you have legacy docs coming in one flavour but your forms need another) you can simply SPAN your page sections into different charset areas. that is <SPAN charset="yourset" lang="yourlang"> your text </SPAN>

Mind you, this is handy *and* dangerous. In russian the two SPANned sections will look exactly the same, while actually being different. So people might end-up cut-and-pasting data from CP-1251 to KOI-8. Not sure whether browsers will convert that themselves on the fly. You better check it out.

ðÏËÁ áÌØÂÅÒÔÏ ëÉÅ×

-_=}{=_--_=}{=_--_=}{=_--_=}{=_--_=}{=_--_=}{=_--_=}{=_-

attached mail follows:

ðÒÉ×ÅÔ!

As for deciding what your user language/charset requests are (in terms of his/her browser settings) you might use this function

// this function remains unchanged. It returns an array // 0 : negotiated charset // 1 : negotiated lancode function negotiated_langset() { // process charset request header and build charset request array $headchrreq = explode(',',$_SERVER['HTTP_ACCEPT_CHARSET']); $i = 0; while ($i<count($headchrreq)) { $chunk = explode(';',$headchrreq[$i]); $charsets[$i] = ltrim(rtrim($chunk[0])); $i++; }

// process language request header and build language request array $headlanreq = explode(',',$_SERVER['HTTP_ACCEPT_LANGUAGE']); $i = 0; while ($i<count($headlanreq)) { $chunk = explode(';',$headlanreq[$i]); $language[$i] = substr(ltrim(rtrim($chunk[0])),0,2); $i++; }

// start negotiation $i = 0; while ( isset($language[$i]) && !$this->has_content($language[$i]) ) { $i++; }

# did we get anything? if (isset($language[$i])) { $lancode = $language[$i]; if ($i==0) { $charset=$charsets[0]; } else { // default charset when first choice unavailable $charset="ISO-8859-1"; } } else { // default on nothing found $charset = "ISO-8859-1"; $lancode = "en"; }

$result[0] = $charset; $result[1] = $lancode;

return $result; }

*NOTE* the !$this->has_content($language[$i]) call goes to a local function of yours that will return true/false, depending on whether you have available content for this language.

Charset request will default to ISO-8859-1 when your first languace choice is unavailable, because there is no data about further languages in the headers. You might want this to became a utf-8 value.

Function will not negotiate charset against content availability (as usually you will not have separate content editions for different charsets in your content repository). But you may easily add up the code snippet needed to do it, if that is your case.

If you do please share the result :)

ðÏËÁ áÌØÂÅÒÔÏ ëÉÅ×

-_=}{=_--_=}{=_--_=}{=_--_=}{=_--_=}{=_--_=}{=_--_=}{=_-

attached mail follows:

Thanks for the ideas Alberto but what I relly want is to understand how to use the mbstring library, not how to implement a new solution. mbstring is supposed to do everything I want, I guess I am just not quite understanding how to use it yet.

Also in regard to some things you said,

> Now, let's make sure we have a clear background: > 1) japanese chars come in three flavours: > a) ISO-2022-JP (the one you are using yourself) > b) SHIFT-JIS > c) EUC-JP > 2) your database setting requires you input in c) style while > you present it values in a) style.

1) is true but irrelavant. I am assuming that mbstring can automatically detect and convert the user's input.

> *Database configuration* if possible, turn your Postgres configuration > into one that will all three charsets

Impossible, though it would be nice. Postgres can only accept one charset for it's input not multiple.

> *charset forcing* have your input page always delivered in standard > format,

My page is always in the same charset, the problem is that the user input might not be ...

attached mail follows:

ðÒÉ×ÅÔ!

Jean-Christian Imbeault wrote: > Impossible, though it would be nice. Postgres can only accept one > charset for it's input not multiple.

I hope you mean one charset per language. Otherwise I can just cancel POstgres from my list of usable engines. But yes, it can't be just one.

>> *charset forcing* have your input page always delivered in standard >> format, > My page is always in the same charset, the problem is that the user > input might not be ...

You mean that browsers will accept charset mixing in japanese? You explicitely declare charset="mycharset" in the page headers and the damned thing returns input in charset="hischarset"??? Now that's a awful surprise to me. What browser does that?

ÐÏËÁ áÌØÂÅÒÔÏ ëÉÅ×

-_=}{=_--_=}{=_--_=}{=_--_=}{=_--_=}{=_--_=}{=_--_=}{=_-

attached mail follows:

ðÒÉ×ÅÔ! > Jean-Christian Imbeault wrote: >> My page is always in the same charset, the problem is that the user >> input might not be ...

Okay, I went thru a bit of docs on the japanese multibyte problem and got some surface understanding of the problem. Yes, since char dimensions are going to be different I see why browser would end-up mixing up the input. If you find any interesting site explaining how to do this please share. I'll be extending an existing content-repository to add chinese text management in the winter so I'll better start to worry about it. Thanks in advance.

As for your problem, I am afraid you would better turn to a japanese programmers' mailing list. That's if you speak japanese yourself, but you seem to do, so...

ÐÏËÁ áÌØÂÅÒÔÏ ëÉÅ×

-_=}{=_--_=}{=_--_=}{=_--_=}{=_--_=}{=_--_=}{=_--_=}{=_-

attached mail follows:

Alberto Serra wrote:

> > I hope you mean one charset per language. Otherwise I can just cancel > POstgres from my list of usable engines. But yes, it can't be just one.

I'm no pgsql expert but I think that yes, it will only accept input in one charset. But for charsets that use only 8-bits I think you can insert data that is in more than one charset.

But for charsets that use more than 8-bits I think pgsql actually checks that the input is in the charset the DB expects it to be in.

attached mail follows:

ðÒÉ×ÅÔ!

Scott Fletcher wrote: > Can the $_REQUEST be trusted?? The documentation said it is the combination > of $_GET, $_POST, $_COOKIE & $_FILE. If the PHPSESSID is found in > $_REQUEST, I can tell it is from $_COOKIE. I wonder if the PHPSESSID can be > stored into $_REQUEST if hte $_COOKIE is unavailable or turned off? >

Think of it as channels. You have 4 channels your data can come in: 1) GET (the link parameters or a form sent on the GET channel) 2) POST (a POSTed form) 3) COOKIE (data stored on the client machine IF the client machine will accept doing that for you)

Now, as the song goes, "you only get what you give". If you tried storing your data in a cookie $_REQUEST will have the data *only* if the cookie worked. For you to find it in there anyway you should send it back on multiple channels (but them why should you need a cookie when you are sure you are going to get anyway from another channel?)

The basic weak spot in using $_REQUEST is in that people may have your software believe that it received the input while they do send it from another channel: 1) me disables the cookies on my browser 2) me adds ?yourCookieName=myValue on the link (or &yourCookieName=myValue if you already have stuff on the GET line) 3) you (your software) thinks you got the cookie and uses it. What happens next depends on the nature of data involved.

That's possible if you use the $_REQUEST. Again, it might mean nothing in your context (that is cookie value might be absolutely irrilevant from a security point-of-view). But it should be taken in consideration.

ðÏËÁ áÌØÂÅÒÔÏ ëÉÅ×

-_=}{=_--_=}{=_--_=}{=_--_=}{=_--_=}{=_--_=}{=_--_=}{=_-

attached mail follows:

Is it possible to do something like this all on one line. What I need is if any one of these are true then run the script

if($type=="test1")or($type=="test2")or($type=="test3"){

-- Best regards, rdkurth mailto:rdkurth

starband.net

attached mail follows:

try this:

if($type=="test1" || $type=="test2" || $type=="test3"){

Joseph

<rdkurthstarband.net> wrote in message news:8333129677.20020708211108starband.net... > > Is it possible to do something like this all on one line. > What I need is if any one of these are true then run the script > > if($type=="test1")or($type=="test2")or($type=="test3"){ > > > > -- > Best regards, > rdkurth mailto:rdkurthstarband.net >

attached mail follows:

You can do this:

if ($type == "test1" || $type == "test2" || $type == "test3") {

or, what I prefer in this case

if (in_array($type, array("test1", "test2", "test3"))) {

Martin

-----Original Message----- From: rdkurthstarband.net [mailto:rdkurthstarband.net] Sent: Tuesday, July 09, 2002 2:11 PM To: php-general Subject: [PHP] if statement

Is it possible to do something like this all on one line. What I need is if any one of these are true then run the script

if($type=="test1")or($type=="test2")or($type=="test3"){

-- Best regards, rdkurth mailto:rdkurth

starband.net

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

Hello Martin, Thanks the array worked just perfect. Where do you find stuff like this I looked all over the manual and could not find anything that told me how to do this.

Monday, July 08, 2002, 9:01:44 PM, you wrote:

MT> You can do this:

MT> if ($type == "test1" || $type == "test2" || $type == "test3") {

MT> or, what I prefer in this case

MT> if (in_array($type, array("test1", "test2", "test3"))) {

MT> Martin

MT> -----Original Message----- MT> From: rdkurthstarband.net [mailto:rdkurthstarband.net] MT> Sent: Tuesday, July 09, 2002 2:11 PM MT> To: php-general MT> Subject: [PHP] if statement

MT> Is it possible to do something like this all on one line. MT> What I need is if any one of these are true then run the script

MT> if($type=="test1")or($type=="test2")or($type=="test3"){

-- Best regards, rdkurth mailto:rdkurth

starband.net

attached mail follows:

I was looking for a similar functionality to Pascal's "in" statement and when I looked at someone's code one day and saw this in_array() thing and thought, "Aha! That's how you do it!" and ever since I've made good use of it.

-----Original Message----- From: rdkurthstarband.net [mailto:rdkurthstarband.net] Sent: Tuesday, July 09, 2002 2:21 PM To: php-general Subject: Re[2]: [PHP] if statement

Hello Martin, Thanks the array worked just perfect. Where do you find stuff like this I looked all over the manual and could not find anything that told me how to do this.

Monday, July 08, 2002, 9:01:44 PM, you wrote:

MT> You can do this:

MT> if ($type == "test1" || $type == "test2" || $type == "test3") {

MT> or, what I prefer in this case

MT> if (in_array($type, array("test1", "test2", "test3"))) {

MT> Martin

MT> -----Original Message----- MT> From: rdkurthstarband.net [mailto:rdkurthstarband.net] MT> Sent: Tuesday, July 09, 2002 2:11 PM MT> To: php-general MT> Subject: [PHP] if statement

MT> Is it possible to do something like this all on one line. MT> What I need is if any one of these are true then run the script

MT> if($type=="test1")or($type=="test2")or($type=="test3"){

attached mail follows:

Hi There, I am trying to incorporate zipping and unzipping files on a windows platform via PHP. I came across ZZiplib but wasnt able to find any information with regard to windows installation. Is there anyone who has tried something similar ? If yes, could you give me installation details and if possible a DLL which works on the windows platform. thanks in advance, Mathew

attached mail follows:

<?php function getmicrotime(){ list($usec, $sec) = explode(" ",microtime()); $time=$sec+$usec; return $time; }

$start=getmicrotime(); echo "wasting time...<br>"; $i=0; do{ $i++; }while($i<=1000000); $stop=getmicrotime(); $difference=($stop-$start)/3600; echo $start."<br>".$stop."<br>".$difference." Hours"; ?>

Does this help...

- Lord Loh

attached mail follows:

Why would my session data not be deleted after my browser is closed?

I can set some session variables, close my browser, reopen them and the old values are still present, I can verify this by seeing that the file still containts my session data and values.

Thanks

John.

attached mail follows:

So sprach Alexander Skwar am 2002-07-08 um 10:11:16 +0200 : > I thought that I had PHP 4.2.1 compiled just fine on SuSE 7.2, > however when I start Apache 1.3.19, it seg faults.

I've now found out, that this was caused by --with-recode. When I compile PHP like I did but don't use recode, it works fine. However, the standalone binary always worked fine - even --with-recode.

I'm using the recode-3.6-48 SuSE RPM.

Any ideas?

Alexander Skwar

-- 
How to quote:	http://learn.to/quote (german) http://quote.6x.to (english)
Homepage:	http://www.iso-top.de      |    Jabber: askwara-message.de
   iso-top.de - Die günstige Art an Linux Distributionen zu kommen
                       Uptime: 1 day 21 hours 37 minutes

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]