php-general Digest 20 Jul 2002 11:14:47 -0000 Issue 1475

Topics (messages 108596 through 108647):

Re: == vs = should generate a warning or error -- was: Why won't this work?
        108596 by: Daevid Vincent
        108598 by: Rasmus Lerdorf
        108601 by: Steve Edberg
        108608 by: David Robley

include() and div align="top"
        108597 by: John Wulff
        108599 by: John Holmes
        108604 by: Vinod Palan
        108606 by: David Freeman

Re: Cookies - good or bad???
        108600 by: Analysis & Solutions

fopen()
        108602 by: Chris Knipe
        108603 by: Vinod Palan
        108605 by: David Freeman
        108607 by: Chris Knipe

Re: Forms problem?
        108609 by: David Robley

inserting html page
        108610 by: Chris
        108612 by: John Holmes

Browsers: Internet Explorer/Netscape : wich versions accept Frames (HTML) and PHP code interpreter ?
        108611 by: Lgualti
        108613 by: John Holmes
        108614 by: Mark Gallagher

CRLF Injection in mail()
        108615 by: John Holmes
        108643 by: Richard Lynch

Re: Please help with array
        108616 by: Sukumar .S

More File Uploading Problems
        108617 by: Roger Lewis
        108619 by: Jadiel Flores
        108620 by: Curtis Gordon
        108621 by: Peter James
        108644 by: Richard Lynch

POST question
        108618 by: Mike Tuller
        108622 by: Jadiel Flores

Re: Sorting array based on key string
        108623 by: Richard Lynch

Re: session_unregister question
        108624 by: Richard Lynch

Re: pdflib
        108625 by: Richard Lynch

Re: systematic "glitch" in pages due to cache?
        108626 by: Richard Lynch

Re: Translatting php to binary...
        108627 by: Richard Lynch

Re: question about ODBC and PHP
        108628 by: Richard Lynch

Re: PDF pain
        108629 by: Richard Lynch
        108630 by: Richard Lynch

retrieve data from multidimensional array
        108631 by: rdkurth.starband.net
        108646 by: Jason Wong

Object caching (!!!)
        108632 by: Rad0s-³aw Gajewski

damned "false"
        108633 by: Rad0s-³aw Gajewski
        108636 by: Sukumar .S
        108647 by: Rad0s-³aw Gajewski

Problem with sessions.(Again Sorry :)
        108634 by: JJ Harrison

Re: activating php scripts via cron
        108635 by: Boaz Yahav

Re: Getting name of referenced variable into string
        108637 by: Richard Lynch

Re: If + Multiple forms help
        108638 by: Richard Lynch

Re: Sablotron confusion
        108639 by: Richard Lynch

Re: Hyperlink display problem
        108640 by: Richard Lynch

Re: str_replace() broken in 4.2.1 (Apache 1.3.26/Linux 2.2)
        108641 by: Richard Lynch

Re: include error
        108642 by: Richard Lynch

Re: Sessions: watertight?
        108645 by: Lars Olsson

Administrivia:

To subscribe to the digest, e-mail:
        php-general-digest-subscribelists.php.net

To unsubscribe from the digest, e-mail:
        php-general-digest-unsubscribelists.php.net

To post to the list, e-mail:
        php-generallists.php.net

----------------------------------------------------------------------

attached mail follows:

Wow, that should have been a quiz. I can't believe how many people
missed the == vs = thing and had all these elaborate answers. *grin*

Which brings me to my point. Rasmus or any other PHP duder out there --
what are the possibilities of adding a config option in php.ini to WARN
or ERROR when you try to use = instead of == in conditional checks like
that.

I can't tell you the number of minutes/hours wasted debugging code that
turned out to be that stupid mistake. While it's handy to use an
assignment in the conditional part, it can easily be done otherwise and
I for one would be glad to never use it to save me valuable time
tracking that down. Most other languages don't allow it.

DÆVID.

> -----Original Message-----
> From: Rasmus Lerdorf [mailto:rasmusphp.net]
> Sent: Friday, July 19, 2002 12:27 AM
> To: John Wulff
> Cc: php-generallists.php.net
> Subject: Re: [PHP] Why won't this work?
>
>
> You need == instead of = there
>
> On Fri, 19 Jul 2002, John Wulff wrote:
>
> > Any ideas on why this won't work? It will only
> > include("inc/entrance.php") It never, no matter what the value of
> > $mode, displays collection.php.
> >
> > <?php
> > $mode = "entrance";
> > if ($mode = "entrance") {
> > include("inc/entrance.php");
> > }
> > else if ($mode = "collection") {
> > include("inc/collection.php");
> > }
> >
> > ?>

attached mail follows:

> Wow, that should have been a quiz. I can't believe how many people
> missed the == vs = thing and had all these elaborate answers. *grin*
>
> Which brings me to my point. Rasmus or any other PHP duder out there --
> what are the possibilities of adding a config option in php.ini to WARN
> or ERROR when you try to use = instead of == in conditional checks like
> that.

That would suck since many many PHP programs use stuff like:

  while($row=mysql_fetch_row($result)) { ... }

There is absolutely nothing wrong with doing an assignment in a
conditional and if it generated a warning it would drive a lot of people
crazy.

-Rasmus

attached mail follows:

Plus, most programmer's editors allow regexp-based searches - and
some even allow you to saved named patterns (eg; BBEdit, my fave).
You could create a search to find all conditionals using a single =
sign. It would have to be based on your particular style, but here's
a wild, off-top-of-head, probably wrong/incomplete approach to
finding things that look like

        while($row=mysql_fetch_row($result)) {

:
        /while\s*([^=]+=[^=]+)\s*{/i

I'm sure with a little thought that could also be extended to make
sure parens were balanced and other neat stuff within the expression.

        -steve

At 4:01 PM -0700 7/19/02, Rasmus Lerdorf wrote:
> > Wow, that should have been a quiz. I can't believe how many people
>> missed the == vs = thing and had all these elaborate answers. *grin*
>>
>> Which brings me to my point. Rasmus or any other PHP duder out there --
>> what are the possibilities of adding a config option in php.ini to WARN
>> or ERROR when you try to use = instead of == in conditional checks like
>> that.
>
>That would suck since many many PHP programs use stuff like:
>
> while($row=mysql_fetch_row($result)) { ... }
>
>There is absolutely nothing wrong with doing an assignment in a
>conditional and if it generated a warning it would drive a lot of people
>crazy.
>
>-Rasmus
>

-- 
+------------------------------------------------------------------------+
| Steve Edberg                                      sbedbergucdavis.edu |
| University of California, Davis                          (530)754-9127 |
| Programming/Database/SysAdmin               http://pgfsun.ucdavis.edu/ |
+------------------------------------------------------------------------+
| The end to politics as usual:                                          |
|                 The Monster Raving Loony Party (http://www.omrlp.com/) |
+------------------------------------------------------------------------+

attached mail follows:

In article <003001c22f77$e640df20$67bb3f04telecom>, daeviddaevid.com says... > Wow, that should have been a quiz. I can't believe how many people > missed the =3D=3D vs =3D thing and had all these elaborate answers. = > *grin* > > Which brings me to my point. Rasmus or any other PHP duder out there -- > what are the possibilities of adding a config option in php.ini to WARN > or ERROR when you try to use =3D instead of =3D=3D in conditional checks = > like > that. > > I can't tell you the number of minutes/hours wasted debugging code that > turned out to be that stupid mistake. While it's handy to use an > assignment in the conditional part, it can easily be done otherwise and > I for one would be glad to never use it to save me valuable time > tracking that down. Most other languages don't allow it.

As others have pointed out, there are times when an assignment is valid in those circumstances.

However, as a means of self protection :-) consider reversing your equivalence test, thus:

if ("entrance" = $mode) {

With suitable error reporting levels, that should spit a warning at you if you use assign instead of equivalence. (Not my original idea - picked it up from the mailing list ages ago)

Cheers

-- 
David Robley
Temporary Kiwi!
Quod subigo farinam

attached mail follows:

When i use <div align="top"> on an include inside of a table cell it dosen't work. Any reason?

attached mail follows:

> When i use <div align="top"> on an include inside of a table cell it > dosen't > work. Any reason?

That won't affect the PHP at all, so it's got to be something else. Or an overall problem in the generated HTML.

---John Holmes...

attached mail follows:

hi yes thats right its HTML you need to give Valign=top

instead of align=top

Thanks Vinod

-- 
Vinod Palan A
Calypso Technology, Inc.
Vinod_palancalypso-tech.com 
(415) 817-2463 Phone
 
 
"John Wulff" <johnworcasnet.com> wrote in message news:20020719225950.89394.qmailpb1.pair.com...
> When i use <div align="top"> on an include inside of a table cell it dosen't
> work.  Any reason?
> 
> 

attached mail follows:

> When i use <div align="top"> on an include inside of a table > cell it dosen't work. Any reason?

Almost certainly there'll be a reason. Browse the page in question in your web browser and then view the source - see if you've ended up with your page source as you'd intended. Most of these sorts of problems come down to html that isn't valid for whatever reason.

CYA, Dave

attached mail follows:

On Fri, Jul 19, 2002 at 11:39:03PM +0100, Danny Shepherd wrote: > I assume you're being somehow sarcastic here - after a single simple search > on Amazon.com I have 4 cookies set and there is javascript in the results > page.

Not at all.

Last time I used the site, I had cookies and Java'sCrap turned off. Everything went through just fine. Thus, they weren't essential to navigating the site and making your purchase.

--Dan

-- 
               PHP classes that make web design easier
        SQL Solution  |   Layout Solution   |  Form Solution
    sqlsolution.info  | layoutsolution.info |  formsolution.info
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7 Av #4AJ, Brooklyn NY     v: 718-854-0335     f: 718-854-0409

attached mail follows:

Lo all,

if (!($fc = fopen("http://www.google.com/search?hl=en&&ie=ISO-8859-1q=asdf", "r"))) { echo "couldnt open file."; } else { $content = fread($fc,10000000); } echo "$content\n";

Why doesn't this work?

The browser reports the following back:

Warning: fopen("http://www.google.com/search?hl=en&&ie=ISO-8859-1q=asdf", "r") - No error in c:\megalan\htdocs\test2.php on line 17 couldnt open file.

Needless to say, I'm completely clueless on this one. All the code is right, when I change the URL to be something more sanitally correct such as http://server.com/file.extension it works perfectly.

--
me

attached mail follows:

hi, I think there are some reserve character in your url and so can you do one thing

$url="http://www.google.com/search\?hl=en\&\&ie=ISO-8859-1q=asdf";

if (!($fc = fopen("$url", "r"))) { echo "couldnt open file."; } else { $content = fread($fc,10000000); } echo "$content\n";

Thanks Vinod

-- 
Vinod Palan A
Calypso Technology, Inc.
Vinod_palancalypso-tech.com 
(415) 817-2463 Phone
 
 
"Chris Knipe" <savagesavage.za.org> wrote in message news:001901c22f7e$99e54740$fe01a8c0genocide...
> Lo all,
> 
>   if (!($fc =
> fopen("http://www.google.com/search?hl=en&&ie=ISO-8859-1q=asdf", "r"))) {
>     echo "couldnt open file.";
>   } else {
>     $content = fread($fc,10000000);
>   }
>   echo "$content\n";
> 
> Why doesn't this work?
> 
> The browser reports the following back:
> 
> Warning: fopen("http://www.google.com/search?hl=en&&ie=ISO-8859-1q=asdf",
> "r") - No error in c:\megalan\htdocs\test2.php on line 17
> couldnt open file.
> 
> Needless to say, I'm completely clueless on this one.  All the code is
> right, when I change the URL to be something more sanitally correct such as
> http://server.com/file.extension it works perfectly.
> 
> --
> me
> 
> 

attached mail follows:

> if (!($fc = > fopen("http://www.google.com/search?hl=en&&ie=ISO-8859-1q=asd > f", "r"))) { > echo "couldnt open file."; > } else { > $content = fread($fc,10000000); > } > echo "$content\n"; > > Why doesn't this work?

What happens if you just type:

http://www.google.com/search?hl=en&&ie=ISO-8859-1q=asdf

Into a web browser? Does it load what you expected to load?

CYA, Dave

attached mail follows:

> > if (!($fc = > > fopen("http://www.google.com/search?hl=en&&ie=ISO-8859-1q=asd > > f", "r"))) { > > echo "couldnt open file."; > > } else { > > $content = fread($fc,10000000); > > } > > echo "$content\n"; > > > > Why doesn't this work? > > What happens if you just type: > > http://www.google.com/search?hl=en&&ie=ISO-8859-1q=asdf > > Into a web browser? Does it load what you expected to load?

Yes. It does. And to make it even more bizarre, when I use fsockopen and fgets I get the page back!

However, there are also instances where fsockopen and fgets do not return the page either... Some other instances, fgets prints a 301 / 302 redirect message as the output.

What I am starting to think, is that google often returns 301 / 302 error codes (Object has moved). Does fopen and fsockopen follow 30* redirect requests? Even a better question, does fopen() return error text if it gets a error code from the server?

--
me
PS: Here's the fsockopen code that works (on a temporary basis)
  $google = fsockopen("www.google.com", 80, $errno, $errstr, 30);
  if (!$google) {
    echo "Can't connect\n";
  } else {
    fputs($google, "GET /search?hl=en&&ie=ISO-8859-1q=asdf\r\n\r\n");
    while (!feof($google)) {
      echo fgets($google, 128);
    }
    close($google);
  }

attached mail follows:

In article <000901c22f42$97e269a0$5fa1ed18LITTLEBUG2>, skellerhealthtvchannel.org says... > > Or get an editor that understands PHP and JavaScript that > > will color-code it all for you. > > Homesite... w00t! > > Just don't try to use Homesite as a WYSIWYG editor.

Homesite 3.0 is my tool of preference under BillOS - before they added that 'user-friendly' gunk :-) Yes, it's old but it does the job.

Don't suppose anyone knows of an addon for PHP syntax highlighting for 3.0?

-- 
David Robley
Temporary Kiwi!
Quod subigo farinam

attached mail follows:

I am new to php, and I only need to do one thing with it. I just need to insert another html page within my php page. Anyone know how to do this.

Thanks.

attached mail follows:

> I am new to php, and I only need to do one thing with it. I just need to > insert another html page within my php page. Anyone know how to do this.

www.php.net/include

See Also: require, include_once, fopen, etc...

---John Holmes...

attached mail follows:

Dear sirs,

Please, I need the following information:

- from wich version of Internet Explorer and Netscape Navigator:

- frames are accepted ? (if it necessary any pluggin, please inform too).

- PHP code are accepted (called from php/bin) ? (If it necessary any pluggin, please inform too).

Best regards.

lgualtibol.com.br

attached mail follows:

> Please, I need the following information: > > - from wich version of Internet Explorer and Netscape Navigator: > > - frames are accepted ? (if it necessary any pluggin, please > inform too).

Probably 99% of the IE and NN users out there can use frames. They've been around for a while. I personally don't care for them, though, so I wouldn't recommend you use them.

> > - PHP code are accepted (called from php/bin) ? (If it > necessary any > pluggin, please inform too).

100%. PHP is server side and can give a rat's arse what browser you are using.

---John Holmes...

attached mail follows:

Lgualti wrote: > Please, I need the following information: > > - from wich version of Internet Explorer and Netscape Navigator: > > - frames are accepted ? (if it necessary any pluggin, please inform too).

Netscape began supporting frames in v2. IE began supporting them in v3.

The majority of IE users have IE5 or higher. Corporate users (who have no choice) may have IE4 due to a policy set three/four years ago they can't change, and users of Windows 3.11 (which will have its tenth anniversary in a year and a bit, yippee), if they somehow want to use a version of IE, probably won't go any higher than IE3. As for Netscape, most users have v2 or higher.

There's only (TMK) one user of IE2 worldwide - and that's me :-).

> - PHP code are accepted (called from php/bin) ? (If it necessary any > pluggin, please inform too).

PHP is server-side, so the browser is utterly irrelevant.

(two notes, though - 1. Frame support is integral to the browser. You won't find a frames-less browser that will start supporting them because of a patch or plugin. 2. It's spelt "plugin", not "pluggin".)

Hope this helps :-)

[OT: I've started hitting { or } every time I think "bracket". That scares me. :OT]

-- 
Mark Gallagher
http://cyberfuddle.com/infinitebabble/

attached mail follows:

Maybe I'm behind the times, but I just found out about this one today. Basically if a user can take your form that sends an email, and send a value like "This is my subject\nBcc: myemailmyisp.com" for the subject, then they will get Bcc'd on every email your script later sends. One method to use is to download your form (Save As), modify the usual 'text' box into a <textarea> and put in a value like that given above. Note that it has to be an actual line feed (like in a textarea), not just a \n typed in (that'll get escaped by magic_quotes, hopefully). Where this comes into play as "bad" is when you're trying to hide email addresses, and now the user can Bcc: themselves on everything sent out and find out the email address of everyone. Why isn't, or is this, considered a bug? Is there any valid reason for PHP not to check for this itself and say that Subject (and whatever other fields are vulnerable) can only contain a subject header and that's it? What do you think? ---John Holmes.

attached mail follows:

>Maybe I'm behind the times, but I just found out about this one today. >Basically if a user can take your form that sends an email, and send a >value like "This is my subject\nBcc: myemailmyisp.com" for the subject, >then they will get Bcc'd on every email your script later sends. One

NO! They'll get a Bcc: on the *ONE* email they sent with your FORM.

Since they *SENT* the email, that does not seem like much of an issue to me.

Or are you *STORING* the Subject:, and then re-using *THEIR* Subject for other emails? Yikes. Why in the world would you do that? If you're letting them decide what the subject is in emails sent out by somebody else, that's just wrong in the first place.

>method to use is to download your form (Save As), modify the usual >'text' box into a <textarea> and put in a value like that given above. >Note that it has to be an actual line feed (like in a textarea), not >just a \n typed in (that'll get escaped by magic_quotes, hopefully).

If they want to be really kosher, they need \r\n, not just \n in there.

Read the RFC's.

>Where this comes into play as "bad" is when you're trying to hide email >addresses, and now the user can Bcc: themselves on everything sent out >and find out the email address of everyone.

No, no, no. Unless you're foolish enough to let them upload their altered HTML to your web-site, or be sending out emails from other people using *THEIR* subject as data.

>Why isn't, or is this, considered a bug? Is there any valid reason for >PHP not to check for this itself and say that Subject (and whatever >other fields are vulnerable) can only contain a subject header and >that's it? > >What do you think?

If you are worried about it, your PHP script can simply check the subject before you send the email.

<?php $subject = explode("\n", $subject); $subject = trim($subject[0]); mail(...,$subject,...); ?>

It's certainly not a PHP "bug" for PHP to let you put whatever you want in your Subject, no matter how badly-designed that might be.

It's not PHP's job to stop you from doing "stupid" things :-)

-- 
Like Music?  http://l-i-e.com/artists.htm

attached mail follows:

try with array_slice like array_slice($shoppingCart,345,1);

this is one of the way to delete.

>>>> Date: Fri, 19 Jul 2002 23:13:10 +1000 From: Wee Keat <weekeatamorphosium.com> To: PHP General <php-generallists.php.net> Newsgroups: php.general Subject: Please help with Array..

Hi all how are yas?

I have one question for which I could not find the answer:

How do I remove an element of an array with a specific key or index?

To be clearer:

Lets say I have an array $shoppingCart[] (quite a lot of them) I want to delete $shoppingCart[345] (which is not the last or the first) How do I do it?

I have checked the PHP manual... it has array_pop, array_shift which are for the last element and the first element. But what about specific elements in between the first and the last?

Please help out... I'm really in a rush to finish my project... :(

Thanks soooo much in advance for your time.

Yours, Wee Keat Chin

---------------------------------------------------

"Man is only truly great when he acts from his passions."

attached mail follows:

I see from a search of the archives that there are many others with problems uploading files to servers, but I haven't come across my problem yet.

As a test, I took code direct from the php manual and tried to upload a file from my browser to the server.

I created a file called getfiles.php in which I put the form that the user uses to upload his file: (I've left the text and formatting out of this post)

<form enctype="multipart/form-data" name="frmUploadFile" action="storefile.php" method="post"> <input type="file" name="fileUpload" size="20"> <input type="submit" value="Upload this file" name="cmdSubmit"> </form>

I created another file called storefile.php that is supposed to copy or move the uploaded file from the default temp directory to the assigned directory.

<?php // In PHP earlier then 4.1.0, $HTTP_POST_FILES should be used instead of $_FILES. if (is_uploaded_file($HTTP_POST_FILES['fileUpload']['tmp_name'])) { copy($HTTP_POST_FILES['fileUpload']['tmp_name'], "http://www.mydomain.com/~demodocs/ProjDocs/"); } else { echo "Possible file upload attack. Filename: " . $HTTP_POST_FILES['fileUpload']['name']; } /* ...or... */ move_uploaded_file($HTTP_POST_FILES['fileUpload']['tmp_name'], "http://www.mydomain.com/~demodocs/ProjDocs/"); ?>

Both of the above files are put in the web site root, http://www.mydomain.com/~demo/

When I point my browser to getfiles.php the form appears and I can browse for files from my hard drive. But when I upload the file, I get the following messages:

Warning: Unable to create 'http://www.mydomain.com/~demodocs/ProjDocs/': No such file or directory in /home/sites/home/users/demo/web/storefile.php on line 15

Warning: Unable to create 'http://www.mydomain.com/~demodocs/ProjDocs/': No such file or directory in /home/sites/home/users/demo/web/storefile.php on line 20

Warning: Unable to move '/tmp/phpAZoDZh' to 'http://www.mydomain.com/~demodocs/ProjDocs/' in /home/sites/home/users/demo/web/storefile.php on line 20

It appears that the tmp file has been uploaded, but no amount of fiddling with the end file location, or the location of getfiles.php or storefiles.php, has changed anything but the wording of the error message.

I changed $HPPP_POST_FILES TO $_FILES, but that gave me the "Possible file upload attack… " message.

I'm using PHP 4.0.6. The chmod for ../ProjDocs/ is 755. I don't know what the permissions are for the temp directory, nor am I certain as to where exactly it is.

Does anyone have any thoughts as to why this is happening. Any help is appreciated.

Roger Lewis

attached mail follows:

You can't use the directory http://www.mydomain.com/~demodocs/ProjDocs/ in the move_uploaded_file, you have to use the linux or unix directory like /home/sites/home/users/demo/web/demodocs/ProjDocs/

The move_uploaded_file doesn't work because the directory http://www.mydomain.com/~demodocs/ProjDocs/ obviously doesn't exist in you server.

Jadiel

At 10:18 p.m. 07/19/2002 -0700, you wrote: >I see from a search of the archives that there are many others with problems >uploading files to servers, but I haven't come across my problem yet. > >As a test, I took code direct from the php manual and tried to upload a file >from my browser to the server. > >I created a file called getfiles.php in which I put the form that the user >uses to upload his file: (I've left the text and formatting out of this >post) > ><form enctype="multipart/form-data" name="frmUploadFile" >action="storefile.php" method="post"> ><input type="file" name="fileUpload" size="20"> ><input type="submit" value="Upload this file" name="cmdSubmit"> ></form> > >I created another file called storefile.php that is supposed to copy or move >the uploaded file from the default temp directory to the assigned directory. > ><?php >// In PHP earlier then 4.1.0, $HTTP_POST_FILES should be used instead of >$_FILES. >if (is_uploaded_file($HTTP_POST_FILES['fileUpload']['tmp_name'])) { >copy($HTTP_POST_FILES['fileUpload']['tmp_name'], >"http://www.mydomain.com/~demodocs/ProjDocs/"); >} else { >echo "Possible file upload attack. Filename: " . >$HTTP_POST_FILES['fileUpload']['name']; >} >/* ...or... */ >move_uploaded_file($HTTP_POST_FILES['fileUpload']['tmp_name'], >"http://www.mydomain.com/~demodocs/ProjDocs/"); >?> > >Both of the above files are put in the web site root, >http://www.mydomain.com/~demo/ > >When I point my browser to getfiles.php the form appears and I can browse >for files from my hard drive. But when I upload the file, I get the >following messages: > >Warning: Unable to create 'http://www.mydomain.com/~demodocs/ProjDocs/': No >such file or directory in /home/sites/home/users/demo/web/storefile.php >on line 15 > >Warning: Unable to create 'http://www.mydomain.com/~demodocs/ProjDocs/': No >such file or directory in /home/sites/home/users/demo/web/storefile.php >on line 20 > >Warning: Unable to move '/tmp/phpAZoDZh' to >'http://www.mydomain.com/~demodocs/ProjDocs/' in >/home/sites/home/users/demo/web/storefile.php on >line 20 > >It appears that the tmp file has been uploaded, but no amount of fiddling >with the end file location, or the location of getfiles.php or >storefiles.php, has changed anything but the wording of the error message. > >I changed $HPPP_POST_FILES TO $_FILES, but that gave me the "Possible file >upload attack… " message. > >I'm using PHP 4.0.6. The chmod for ../ProjDocs/ is 755. I don't know what >the permissions are for the temp directory, nor am I certain as to where >exactly it is. > >Does anyone have any thoughts as to why this is happening. Any help is >appreciated. > >Roger Lewis

attached mail follows:

I know that when I upload files I use a path that is relavent to the dir structure on the server:

linux | /home/hosting/clients/myclient/storefile/filename.extension windows | c:/webdocs/hosting/clients/myclient/filename.extension

You get the idea, I don't believe copy() works with a "non-local" path like "http://www.mydomain.com/~demodocs/ProjDocs/".

Roger Lewis wrote:

>I see from a search of the archives that there are many others with problems >uploading files to servers, but I haven't come across my problem yet. > >As a test, I took code direct from the php manual and tried to upload a file >from my browser to the server. > >I created a file called getfiles.php in which I put the form that the user >uses to upload his file: (I've left the text and formatting out of this >post) > ><form enctype="multipart/form-data" name="frmUploadFile" >action="storefile.php" method="post"> ><input type="file" name="fileUpload" size="20"> ><input type="submit" value="Upload this file" name="cmdSubmit"> ></form> > >I created another file called storefile.php that is supposed to copy or move >the uploaded file from the default temp directory to the assigned directory. > ><?php >// In PHP earlier then 4.1.0, $HTTP_POST_FILES should be used instead of >$_FILES. >if (is_uploaded_file($HTTP_POST_FILES['fileUpload']['tmp_name'])) { >copy($HTTP_POST_FILES['fileUpload']['tmp_name'], >"http://www.mydomain.com/~demodocs/ProjDocs/"); >} else { >echo "Possible file upload attack. Filename: " . >$HTTP_POST_FILES['fileUpload']['name']; >} >/* ...or... */ >move_uploaded_file($HTTP_POST_FILES['fileUpload']['tmp_name'], >"http://www.mydomain.com/~demodocs/ProjDocs/"); >?> > >Both of the above files are put in the web site root, >http://www.mydomain.com/~demo/ > >When I point my browser to getfiles.php the form appears and I can browse >for files from my hard drive. But when I upload the file, I get the >following messages: > >Warning: Unable to create 'http://www.mydomain.com/~demodocs/ProjDocs/': No >such file or directory in /home/sites/home/users/demo/web/storefile.php >on line 15 > >Warning: Unable to create 'http://www.mydomain.com/~demodocs/ProjDocs/': No >such file or directory in /home/sites/home/users/demo/web/storefile.php >on line 20 > >Warning: Unable to move '/tmp/phpAZoDZh' to >'http://www.mydomain.com/~demodocs/ProjDocs/' in >/home/sites/home/users/demo/web/storefile.php on >line 20 > >It appears that the tmp file has been uploaded, but no amount of fiddling >with the end file location, or the location of getfiles.php or >storefiles.php, has changed anything but the wording of the error message. > >I changed $HPPP_POST_FILES TO $_FILES, but that gave me the "Possible file >upload attack... " message. > >I'm using PHP 4.0.6. The chmod for ../ProjDocs/ is 755. I don't know what >the permissions are for the temp directory, nor am I certain as to where >exactly it is. > >Does anyone have any thoughts as to why this is happening. Any help is >appreciated. > >Roger Lewis > > > > >

attached mail follows:

> <?php > // In PHP earlier then 4.1.0, $HTTP_POST_FILES should be used instead of > $_FILES. > if (is_uploaded_file($HTTP_POST_FILES['fileUpload']['tmp_name'])) { > copy($HTTP_POST_FILES['fileUpload']['tmp_name'], > "http://www.mydomain.com/~demodocs/ProjDocs/"); > } else { > echo "Possible file upload attack. Filename: " . > $HTTP_POST_FILES['fileUpload']['name']; > }

[snip]

> Warning: Unable to create 'http://www.mydomain.com/~demodocs/ProjDocs/': No > such file or directory in /home/sites/home/users/demo/web/storefile.php > on line 15

[snip]

> Does anyone have any thoughts as to why this is happening. Any help is > appreciated.

You cannot copy to a url... use the path (relative or absolute) to this location.

For instance, change to something like:

copy($HTTP_POST_FILES['fileUpload']['tmp_name'], "/usr/local/www/..../ProjDocs");

Hope this helps. P.

attached mail follows:

><form enctype="multipart/form-data" name="frmUploadFile" >action="storefile.php" method="post"> ><input type="file" name="fileUpload" size="20">

I'm not sure size= has any meaning for a FILE input... shrug.

><input type="submit" value="Upload this file" name="cmdSubmit"> ></form> > >I created another file called storefile.php that is supposed to copy or move >the uploaded file from the default temp directory to the assigned directory. > ><?php >// In PHP earlier then 4.1.0, $HTTP_POST_FILES should be used instead of >$_FILES. >if (is_uploaded_file($HTTP_POST_FILES['fileUpload']['tmp_name'])) { >copy($HTTP_POST_FILES['fileUpload']['tmp_name'], >"http://www.mydomain.com/~demodocs/ProjDocs/");

Don't use "copy". Use move_uploaded_file.

More importantly, you *CANNOT* move a file to a URL. You have to move it to a *FILE* on your web-server computer.

The path should probably be something like:

"/www/mydomain.com/demodocs/ProjDocs/$fileUpload_name"

Note that you need a file NAME, not just a directory.

>} else { >echo "Possible file upload attack. Filename: " . >$HTTP_POST_FILES['fileUpload']['name']; >} >/* ...or... */ >move_uploaded_file($HTTP_POST_FILES['fileUpload']['tmp_name'], >"http://www.mydomain.com/~demodocs/ProjDocs/"); >?> > >Both of the above files are put in the web site root, >http://www.mydomain.com/~demo/

>Warning: Unable to create 'http://www.mydomain.com/~demodocs/ProjDocs/': No >such file or directory in /home/sites/home/users/demo/web/storefile.php >on line 15 > >Warning: Unable to create 'http://www.mydomain.com/~demodocs/ProjDocs/': No >such file or directory in /home/sites/home/users/demo/web/storefile.php >on line 20 > >Warning: Unable to move '/tmp/phpAZoDZh' to >'http://www.mydomain.com/~demodocs/ProjDocs/' in >/home/sites/home/users/demo/web/storefile.php on >line 20 > >It appears that the tmp file has been uploaded, but no amount of fiddling >with the end file location, or the location of getfiles.php or >storefiles.php, has changed anything but the wording of the error message.

You also will need that directory, not a URL, to be some place that the PHP user has WRITE access to.

In a shared ISP environment, that generally means you have to make it world-writable:

chmod 666 /www/mydomain.com/demodocs/

>I changed $HPPP_POST_FILES TO $_FILES, but that gave me the "Possible file >upload attack… " message. > >I'm using PHP 4.0.6. The chmod for ../ProjDocs/ is 755. I don't know what >the permissions are for the temp directory, nor am I certain as to where >exactly it is.

The temp directory seems to be working fine.

755 will not cut it.

666 or 766.

Or even, I suppose, 622, but then you'll need to have some kind of cron job running as a real user (you) to *READ* the files uploaded, since nobody else will be able to read them.

-- 
Like Music?  http://l-i-e.com/artists.htm

attached mail follows:

I have a page with a form that has a drop down menu that I can select different items that I want to display on another page where I can add more information to be entered into a database. I can do that by using this on the page that displays.

while ($row = mysql_fetch_array( $sql_result )) { $_POST["asset_type"] = $row["asset_type"]; }

What I want to do is have a different page display for different choices. So if I choose one type of asset to add, then submit it to be added to the database, I want to have a script that reads what the selection was and displays the page that matches the type of asset that matches it.

I think the best way to do this is to have the "$_POST["asset_type"]" go to a second page that decides if $_POST["asset_type"] = "Computer" go to the page for adding computer information, or if it equals "Printer" is goes to the page for entering printer information. The question I have is how can I make sure the $_POST["asset_type"] carries onto a third page and how do I make it so that when a selection is made, it opens the correct third page?

I hope I explained this well enough to understand.

Thanks, Mike

attached mail follows:

Ok, in the first page you create the select input with the results from the DB, the you submit the form to a second page, now, you have to check the value of the data sent in this page and then redirect the browser to the correct page, maybe you can use a switch like:

switch($_POST["asset_type"]){ case 'Computer': header("Location: computer.php"); break; case 'Printer': header("Location: printer.php"); break; }

etc.

I hope I understood your question.

At 12:39 a.m. 07/20/2002 -0500, you wrote: >I have a page with a form that has a drop down menu that I can select >different items that I want to display on another page where I can add more >information to be entered into a database. I can do that by using this on >the page that displays. > >while ($row = mysql_fetch_array( $sql_result )) >{ > $_POST["asset_type"] = $row["asset_type"]; >} > >What I want to do is have a different page display for different choices. So >if I choose one type of asset to add, then submit it to be added to the >database, I want to have a script that reads what the selection was and >displays the page that matches the type of asset that matches it. > >I think the best way to do this is to have the "$_POST["asset_type"]" go to >a second page that decides if $_POST["asset_type"] = "Computer" go to the >page for adding computer information, or if it equals "Printer" is goes to >the page for entering printer information. The question I have is how can I >make sure the $_POST["asset_type"] carries onto a third page and how do I >make it so that when a selection is made, it opens the correct third page? > >I hope I explained this well enough to understand. > >Thanks, >Mike > > >-- >PHP General Mailing List (http://www.php.net/) >To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

>Pardon my sloppy explanation but here it is: > >how can i sort an array based on key element ie.

http://php.net/asort

-- 
Like Music?  http://l-i-e.com/artists.htm

attached mail follows:

>Is it possible to somehow do a session unregister of all session variables >except for (say) 2 variables. varA and varB > >So if my session had : >varA, varB,varC, varD,varE (etc) > >I want to unregister all but varA and varB. > >Is there an 'elegant' way to do this without testing for all the variables >in the session?

session_destroy(); session_register('varA'); session_register('varB');

*MIGHT* "work" but you'd be relying on implementation details rather than documented behviour...

Risky in the long run, but might last forever, if it works...

You're probably safer to loop through $_SESSION and unregister everything except the ones you want. It shouldn't be that big of a loop.

-- 
Like Music?  http://l-i-e.com/artists.htm

attached mail follows:

>Hello, > >can you tell me what i have to do to generate more than one pdf document >with pdflib. At the moment i am not able to do this. the only thing i can do >is actually to make one pdf. > >It is really important for me to bring more sites in one document. the >problem is not solved if i just make more than one doc.

You *MIGHT* be able to send out "Keep-alive:" headers and send multiple documents to a browser, and some browsers *MIGHT* even do the right thing... I sure wouldn't count on it.

And the basic HTTP interchange must USERS are accustomed to is to click and get a single document, so you might have a lot of confused users even if you get it to work.

You can add more pages to the document with pdf_end_page/pdf_start_page.

You could create the PDF documents on your hard drive (be careful with permissions/security) and then tar and gzip them up to download into one big document.

-- 
Like Music?  http://l-i-e.com/artists.htm

attached mail follows:

>hello everybody, > >I have a real problem, and a vague description to it (can you guess?: newbie). > >I've created a site which retrieves a word from a database and displays it. >The user enters another word (a translation) which is checked against the >solution and feedback is given. These words are passed around in >sessionvariables. >Systematically after a while, I get a very slow loading of the page (and >therefor >the word i got from the database). >In the end, i get my data, but it's slow and >always with the same interval. I have a feeling this might be related to some >garbage retrieval, or cache problem with the browser, but I can't figure >it out. >Does anybody has some suggestions? >I'd really appreciate it!

Are you using the same variables over and over for your words, or different ones every time?...

I think if you registered a *LOT* of variables, you *MIGHT* get sluggish performance, eventually.

Can you show us the source code?

-- 
Like Music?  http://l-i-e.com/artists.htm

attached mail follows:

>PHP is a scripting language I am pretty much >aware of that... But is there a way to translate >php into binary/machine code or would one >have to write a translator program?

The Zend Encoder (http://zend.com) is a commercial product which is designed to protect proprietary code, and as part of its current protection scheme, I believe it turns PHP into a binary byte-code representation. It may or may not do even more to encrypt the source/binary at some point in the future, or even now, since I haven't played with it in awhile...

There are other alternatives, but last time I checked they really weren't "on par" to Zend Encoder for reliability, useability, etc. Again, I haven't looked hard at this stuff for over a year. YMMV.

NOTES: If somebody *REALLY* wants to sit there and dis-assemble your Zend encoded (or any other) binary, they can, but it would probably be easier to run it and reverse-engineer the behaviour in 99.9999% of the cases.

You will also want a CLEAR license, which is much more important than any technological hardware/software dongle/boondogle/whatever that's supposed to protect your code.

If you're thinking you'll get better performance this way, you won't -- At least not enough to make it worth it. The Zend Engine (the guts of the PHP parser) is quite zippy, and is not a significant drain on performance. Some quick hacks to your Apache and PHP C sources will prove this, or you can just trust me that the Zend Encoder does not significantly improve performance.

The Zend Cache *WILL* double (minimum) your throughput, however, primarily by keeping your PHP scripts in RAM, so the hard drive isn't accessed. The Cache also turns your code into byte-code, and that helps a little, but binary representation alone won't help performance significantly.

Disclosure: I used to work for Zend, often answering these very questions as a Booth Bunny. :-) YMMV.

-- 
Like Music?  http://l-i-e.com/artists.htm

attached mail follows:

>I am new to PHP, and I have got to download huge quantity of data from an >oracle server. >The ODBC cnnection works fine, and I found a useful "odbc_fetch_array()" >function on this site. > >Until now I store the data row after row into a temporrary file, and with it >i fill MySQL tables. > >The construction of the file takes nearly 50 minutes each , I have 10-12 >tables to search in, >and joins to make to integrate data in a final table.... ( !!! ) > > >Is there a quicker method to get data in an odbc result resource??

With Oracle, I think you can odbc_something_something the whole thing in one giant array...

That said, I'm willing to bet a DOLLAR that your FILE access is what's killing the performance, not the ODBC/Oracle or MySQL actions.

If you can get PHP to talk to *BOTH* databases at once, and skip the intermediate TEMP FILE, you'll probably see a huge performance increase.

Another option is to skip PHP entirely... I mean Oracle *HAS* to have some kind of export utility to create a tab delimited file, doesn't it? For what you paid for it, it had better have that!

That's bound to be faster than a PHP loop to write out data...

You may also want to consider using INSERT DELAYED on the MySQL side. It *MIGHT* let the PHP script finish sooner, and then MySQL will insert the data whenever it gets around to it... I've never played with it, just read the docs.

-- 
Like Music?  http://l-i-e.com/artists.htm

attached mail follows:

>I THINK I have installed pdflib and compiled it into PHP 4.2.1 OK. >At least, configure/make/make install all went OK and it is trying to >work.

You can confirm this FOR SURE with:

<?php phpinfo();?>

Be sure you have current PDF version.

>I copied the sample 'Hello World in PDF' script out of Programming PHP (p >234) into a file named pdftest.pdf

Make sure that the:

header("Content-type: application/x-pdf");

is very near the bottom of the script, right before the pdf_close()

Otherwise, error messages from PHP are getting stuff into the PDF, and since PHP error messages aren't PDF data, they really mess up the PDF file quite badly...

>When I try to access http://localhost/pdftest.pdf, Konqueror tries to open >a PDF file but then spits the dummy saying: > >"Could not open file >blahblah.pdf which has type application/x-zerosize. KGhostview can only >open Postscript and Portable Document Format files"

I'm seeing the word "zerosize" there, and wondering if maybe you need to do:

<?php . . . # End of script: ob_start(); header("Content-type: application/x-pdf"); echo pdf_close(); $pdf = ob_get_contents(); header("Content-length: " . strlen($pdf)); ob_flush(); ?>

This will allow to you sort of "snag" the PDF output, figure out how long it is, tell the browser how long it is, and then send it for real.

http://php.net/ob_start

>So it looks like a header problem or something?

Could be lots of things, really...

Get the header() calls at the bottom so you can see any PHP error messages in the browser, and you'll eliminate most of the possible problems.

>This raises a few other questions: > >- Should the PHP script be called pdftest.php or pdftest.pdf?

Yes. :-)

If you want to "fool" the maximum number of badly-broken browsers (IE) you'll need "something.pdf" in the URL at the end of the "path" part.

One way is to just tack on a bogus "something.pdf", no matter how silly it looks:

http://example.com/printable.php/something.pdf?file=whatever.pdf

Apache and PHP will pretty much ignore that extra crap 'something.pdf' in there, but some versions of IE use the URL rather than the Content-type (MS idiots!) to decide what kind of file they are getting.

Another way is to name your file pdftest.pdf, but then convince Apache that it's really a PHP file with this in your ".htaccess" file:

<Files pdftest.pdf> ForceType application/x-httpd-php </Files>

>- Does httpd.conf need an AddType directive for pdf files? I've tried a >few variations on "AddType application/x-pdf .pdf" etc

Yes, though it should already be getting that from the 'standard' mime-types in that one doo-hickey file... I haven't read httpd.conf for a while, I guess. Something about Magic Numbers maybe?

Adding a second one with the same settings might confuse Apache...

Upload a static PDF file, and see if it "works" If it does, don't mess with this.

>- Should .pdf be added to the php AddType directive? >eg. "AddType application/x-httpd-php .php .htm .pdf

I wouldn't do that, though -- You might some day want to have a static PDF file on your web-server.

Using the <Files> directive above, you're telling Apache to *ONLY* force that one single file to be PHP, even if it does end in .pdf, and you're leaving all the other .pdf files (which really are PDF) alone.

>Basically, I'm confused. Anyone been there done that?

Yup.

http://uncommonground.com/events.htm http://chatmusic.com/calendar.php

-- 
Like Music?  http://l-i-e.com/artists.htm

attached mail follows:

> >Thanks for all the suggestions. I am making progress after discovering a >typo in my code (single quotes in a header() string containing a $var ... >double quotes fixed it). > >Now I get a pdf document but no text :-( > >If I save the doc to disk and try to open it with xpdf, it complains that >the "xref table" is broken and that it can't find a "trailer dictionary".

Even though you fixed one bug, make sure the header calls are at the end of your PHP script...

Any other bugs lurking will show up in the browser before the Content-type, and you'll actually see them.

I'd also make sure all my PDF/PHP code as doing as much error-checking as possible.

Check all return values to be sure they are valid.

I don't know what an xref table or trailer dictionary are, but if those are standard PDF elements, and your PHP code is trying to create them, I'd sure zero in on that section of code first, as well as the section immediately preceding it, which might be polluting the PDF stream of data with a PHP error message.

Open up that PDF file in a text editor, and search for "Error" in it.

-- 
Like Music?  http://l-i-e.com/artists.htm

attached mail follows:

I have a multidimensional array. How can I search and retrieve all data that is like $value from it. the array looks like this $multi=array($row_0,$row_1); I want to retrieve all data where $value matches $row_1 and display the data on the screen. I know that array_search and in_array will tell me that the data exist but I what to retrieve it.

attached mail follows:

On Saturday 20 July 2002 15:49, rdkurthstarband.net wrote: > I have a multidimensional array. How can I search and retrieve all data > that is like $value from it. > the array looks like this $multi=array($row_0,$row_1); I want to > retrieve all data where $value matches $row_1 and display the data on > the screen. I know that array_search and in_array will tell me that > the data exist but I what to retrieve it.

Doesn't array_search() do what you want? Presumably if you're searching for something you know what you're searching for then all you need to know is where it is found.

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.com.hk
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
/*
Sacred cows make great hamburgers.
*/

attached mail follows:

I think there is a bug in PHP4.2.1, but maybe you would find a solution.

What I want to do is object caching so that i could work on two objects which are realy the only one object like: $a=new A(); $a->name="Leon"; $b=new A(); $b->surname="Galeon"; echo $a->name.$a->surname; echo $b->name.$b->surname;

should give me Leon.Galeon twice

That's how i want to do this:

class A { var $name="noName"; var $surname="noSurname"; function A() { if ($GLOBALS["cache"]) { $this=&$GLOBALS["cache"]; } else { $GLOBALS["cache"]=&$this; } } }

$a=&new A(); $b=&new B(); //here is not good, $b is a copy

$a->name="Leon"; //$cache will be changed too so it's ok echo $b->name;

will produce "noName";

THX!Please cc my priv mail.

-- 
--
                                     pozdr
                                        Rad0s
        Radek Gajewski rgajewsgh.waw.pl GG:694459 ICQ:110153822
        --------------------------------------------------------

attached mail follows:

I am not very happy how generaly boolean comparison is solved in PHP...but I checked different stuff and like this shouldn't be:

----
<?
$a="null";
if ($a="dwa") {		// one sign = so it is OK
	echo "OK";
}
if ($a=true) {
	echo "OK";
}
if ($a=false) {
	echo "OK";	//but it is not written!!!!!!!
}
?>
I tested it in PHP4.2.0 (LINUX)
-- 
--
                                     pozdr
                                        Rad0s
        Radek Gajewski rgajewsgh.waw.pl GG:694459 ICQ:110153822
        --------------------------------------------------------

attached mail follows:

Hi, This is working exactly the way it has to ...

What is wrong with it?.

In the first assignment in the 'if' is evaluating to string and it is a true so the "OK" is printed.

In the second "if", you are assigning a true value which is evaluated as true and it prints "OK".

In the third "if" statment, you are assigning a 'false' and it evaluates to false to the if statment so that it is not printing the "OK".

try this also for better understanding.... if($a=0) { echo "I never be printed"; }

if(!$a=0) { echo "I will be printed, if you run me." }

i hope i understand your question....

Sukumar.

> I am not very happy how generaly boolean comparison is solved in > PHP...but I checked different stuff and like this shouldn't be: > ---- > <? > $a="null"; > if ($a="dwa") { // one sign = so it is OK > echo "OK"; > } > if ($a=true) { > echo "OK"; > } > if ($a=false) { > echo "OK"; //but it is not written!!!!!!! > } > ?> > I tested it in PHP4.2.0 (LINUX) >

attached mail follows:

On Sat, 20 Jul 2002, Sukumar .S wrote: ++> In the second "if", you are assigning a true value which is evaluated as ++>true and it prints "OK". ++> ++> In the third "if" statment, you are assigning a 'false' and it evaluates ++>to false to the if statment so that it is not printing the "OK". OK now I see the point, but I used to "think in java" and "false" representation of other types maked me dizzy, Thx.Now It's clear.

-- 
--
                                     pozdr
                                        Rad0s
        Radek Gajewski rgajewsgh.waw.pl GG:694459 ICQ:110153822
        --------------------------------------------------------

attached mail follows:

I have a login script which calls this function if it is a proper user etc.

function register_in_session($uinfo){ // Used in conjuction with validate to input user info into the session $_SESSION['uid'] = $uinfo[0]; $_SESSION['gid'] = $uinfo[1]; $_SESSION['banid'] = $uinfo[2]; $_SESSION['username'] = $uinfo[3]; $_SESSION['fname'] = $uinfo[4]; $_SESSION['lname'] = $uinfo[5]; $_SESSION['email'] = $uinfo[6]; }

as a test i use this function in all my pages.

function welcome_or_login(){ if(isset($_SESSION['fname'])){ echo 'Hello '.$_SESSION['fname'].'.'; } else { do_h('Login', 3, 'y'); do_hr(); login_form(''); } }

Only on the login page my test user's name is displayed. On all other pages it reverts to the login form.

the files all link to a required includes file which includes all of the functions.

Here are my php.ini settings for sessions.

; Handler used to store/retrieve data. session.save_handler = files

; Argument passed to save_handler. In the case of files, this is the path ; where data files are stored. Note: Windows users have to change this ; variable in order to use PHP's session functions. session.save_path = C:\PHP\sessiondata ; argument passed to save_handler

; Whether to use cookies. session.use_cookies = 1

; Name of the session (used as cookie name). session.name = SID

; Initialize session on request startup. session.auto_start = 0

; Lifetime in seconds of cookie or, if 0, until browser is restarted. session.cookie_lifetime = 0

; The path for which the cookie is valid. session.cookie_path = /

; The domain for which the cookie is valid. session.cookie_domain =

; Handler used to serialize data. php is the standard serializer of PHP. session.serialize_handler = php

; Percentual probability that the 'garbage collection' process is started ; on every session initialization. session.gc_probability = 1

; After this number of seconds, stored data will be seen as 'garbage' and ; cleaned up by the garbage collection process. session.gc_maxlifetime = 1440

; Check HTTP Referer to invalidate externally stored URLs containing ids. session.referer_check =

; How many bytes to read from the file. session.entropy_length = 0

; Specified here to create the session id. session.entropy_file =

;session.entropy_length = 16

;session.entropy_file = /dev/urandom

; Set to {nocache,private,public} to determine HTTP caching aspects. session.cache_limiter = nocache

; Document expires after n minutes. session.cache_expire = 180

; use transient sid support if enabled by compiling with --enable-trans-sid. session.use_trans_sid = 1

url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

I don't pass along the session id manually either.

My server is windows 2000 server with ISS 5.0. - 400mhz pII 256mb ram 40gig hdd.

This is my first time using sessions so i could be doing anything

--
JJ Harrison
webmastertececo.com
www.tececo.com

attached mail follows:

You can do this :

59 23 * * * /usr/bin/wget http://www.weberdev.com/MyScript.php >> /var/log/messages

Sincerely

berber

Visit http://www.weberdev.com/ Today!!! To see where PHP might take you tomorrow.

-----Original Message----- From: Bas Jobsen [mailto:basstartpunt.cc] Sent: Tuesday, July 16, 2002 4:59 PM To: Andy; php-generallists.php.net Subject: Re: [PHP] activating php scripts via cron

Instead of a second version, you can call your script via lynx:

TERM=vt100 0 * * * * lynx -dump http://www.domeinnaam.nl/yourscript.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

>Is there a way to get and store the name of a referenced variable into >another variable? Example... > >$varname = "blah"; >checkit($varname); > >function checkit(&$name) { > ...code... >} > >In the function above, I'd like to find out the name of the referenced >variable (pointed to by $name) which should equal "varname" so I can store >this string in another variable (i.e., $thename = "varname"). > >Is there a way to do this in PHP??

No.

And, really, there shouldn't be...

The whole point of functions is to isolate the kinds of bugs you're going to create by doing whatever it is you are trying to do... :-)

What is that you're trying to do anyway? I suspect you'll get a much better solution by stepping back and asking about a general way of doing whatever it is.

-- 
Like Music?  http://l-i-e.com/artists.htm

attached mail follows:

>Im currently having a problem when I have multiple forms on the same page (I >assume that this is the problem).

You're not showing us how $include and $submit are getting set, so we really can't help you much...

>im currently doing something like this:

For starters, indent your code like this:

<? if(!$include) { if(!$submit) { ?> //html <? } if($submit) {

//do some code

} } if(($include) && ($include == "send")) { if(!$submit_send) { ?> //html goes here <? } if($submit_send) { //code goes here } } ?>

Also, if you have:

if ($foo){ } if (!$foo){ }

it should probable be:

if ($foo){ } else{ }

Unless, you are changing the value of $foo in the first block (inside the if)

>Okay now this is what happens, the first form works fine even if there is an >include. The second one ($submit_send) does not, it just reloads the page >without actually doing any code.. it seems to stop right before the >if($submit_send). I was wondering if it could be because I had multiple >forms in the script (but im only accessing one at the time).

My best guess is that you are assuming $include will be "set" the second time you come back.

It won't.

Unless you pass its variable on from FORM to FORM using: <INPUT TYPE=HIDDEN NAME=include VALUE="<?=htmlentities($include);?>>

or you use sessions (http://php.net/session_start) to register it.

HTTP is "stateless"

That means that every time you click a link or hit a button on a FORM, the next page knows *NOTHING* about the previous page.

Or, rather, it only knows the things you explicitly "pass on" in your FORM/URL or in sessions. No knowledge is "kept" from page to page.

>Im really stuck at the moment, to me, it should work, but its not. I don't >get any errors, it just seems to skip right over the code section for >$submit_send .

-- 
Like Music?  http://l-i-e.com/artists.htm

attached mail follows:

> >I've just downloaded a bunch of stuff from www.gingerall.org, which I hope >will set up Sablotron on my RH7.2/Apache1.3.24/PHP4.2.1 box. > >Can I just use the rpms?:

Maybe...

But I wouldn't recommend it.

>sablotron-0.95-1.i386.rpm >sablotron-devel-0.95-1.i386.rpm > >There is also a "Sablot-0.95-PHP.patch" in there, plus a >Sablot-0.95.tar.gz package that won't untar which I guess is the source.

The .gz on the end means it's *ALSO* a GZIP file, so you need to ungzip it first:

gunzip Sablot-0.95.tar.gz

*THEN* you can untar it:

tar -xf Sablot-0.95.tar

If you like to "see" all the files whiz by as the get untarr-ed, add a 'v' in between xf.

Or, if you have a recent OS, you can unzip and untar in one fell swoop:

tar -xzf Sablot-0.95.tar.gz

The 'z' will unzip before tar kicks in and un-tars.

You can still throw a 'v' in (for 'v'erbose) to get that dizzying list of all the files spewed out.

-- 
Like Music?  http://l-i-e.com/artists.htm

attached mail follows:

>I am a beginner at using PHP, and am developing a product "template" >utilizing a MySQL database. Basically, what I am attempted to do, in the >code below is: > >Code sample: >================================================ >printf(($result["REL_PLAN1"]), mysql_result($result,0,"REL_PLAN1")); >================================================ > >Questions: >1. In the first part, print out the value of the REL_PLAN1 database field >for display purposes. The value in this field will be in the format >http://www.yahoo.com. > >2. In the second part, make the value in the >mysql_result($result,0,"REL_PLAN1") field display on the page as a clickable >hyperlink. > >Basically, I want the value displayed in part 1 to change depending on what >value is actually in the REL_PLAN1 db field (in part 2). Hope this makes >sense. > >Any help would be greatly appreciated. Thanks.

You've got to at least give us some clue what you expect to have in $result['REL_PLAN1'] and in the database, or some sample input/output of what you are trying to do...

Are you allowing *ANY* valid input to printf() to be in the array?

Also, there's simply *NO* *WAY* you can use $result as both an array ($result['REL_PLAN1] and a mysql resource (mysql_result($result, 0, 'REL_PLAN1')).

They'll have to be different variables.

Or maybe you just want this:

function print_link($URL, $text){ echo "<A HREF='$URL'>$text</A>"; }

I'm not getting the question, and I doubt anybody else is either...

-- 
Like Music?  http://l-i-e.com/artists.htm

attached mail follows:

>In PHP 4.2.1 (stock php.ini) under Linux (RedHat 6.1) using Apache >1.3.26 the following code: > >$source = 'TEXT'; > >$replace = '<tag attribute=\"1\"><tag attribute=\"blah\">';

Why in the world are you doing \" in there?

You either want \\" or just ", but not \"

But $replace is not being filled with a valid string -- or at least probably not the string you think it is...

>$template = '<attribute="TEXT">'; >$expandedStr = str_replace( $source, $replace, $template ); > >print( "<h1>Result is: '$expandedStr'</h1>" ); > >Yields the incorrect result: > ><h1>Result is: '<attribute="<tag attribute="1><tag attribute="blah">">'</h1> > >Note the missing ". > >However, if the <> are removed from $template then the result becomes: > ><h1>Result is: 'attribute="<tag attribute=\"1\"><tag >attribute=\"blah\">"'</h1> > >which in this context is correct. > >I've filed a bug report but wanted to ask if anyone else has seen this?

-- 
Like Music?  http://l-i-e.com/artists.htm

attached mail follows:

>trying to include a file i get the following error > >Warning: Failed opening 'http://prepaenlinea.com/links/10.swf.inc' for >inclusion (include_path='.:/usr/local/lib/php') in >/home/www/prepaenlinea/main.php on line 36 > >i've used this same include with another hosting provider and it works just >fine. >trying to get help from them is not possible, they "do not provide tech >support when it comes to custom code". > >if anyone could help me, i'd be very grateful

Wait...

Are you trying to "include" a URL from a remote site?

Your ISP probably wisely turned that *OFF* in php.ini, and you can't turn it back on.

Use <?php phpinfo();?> or http://php.net/ini_get to find out what setting they have for remote_url_include or whatever it's called.

-- 
Like Music?  http://l-i-e.com/artists.htm

attached mail follows:

It depends on how PHP was compiled. If PHP was compiled with the flag --enable-trans-sid, you don't need to manually attach the session id. If PHP was compiled without this flag, you need to do something like this to make it work:

<A HREF="somepage.php?<?php echo SID?>">Link to some page</A>

Kindly

/lasso (lassolassoweb.nu)

Phpcoder wrote: > Hi > I'm doing some reading on sessions and how it works etc, and have a > concern (which is probably fed by my ignorance on the topic). > The couple of "simple session examples" I have found in the PHP/MySQL > book by Luke Welling & Laura Thompson gives a simple 3 page session > example where the session is started on the first page, a variable is > registered as a session var and then has a link to the next page where > the session_start() is called and the session_var is echoed to > illustrate the workings of a session. > My understanding is that PHP will either use cookies to store the > session ID on the client's pc, or send it via URL, so, assuming that > cookies is a no-go, can I now assume that PHP will attach it's session > ID to each and every URL located on my .php page? > The reason I'm asking is as follow: > I did the little excersise, and then deliberately rejected my browsers > call to process the cookie, and then the script didn't return the > variable as it did previously... > And now, assuming that I can assume that PHP will attach the SID to all > URL's , how does it know to which URL's to attach, or am I supposed to > manually attach them, leaving me with another question, If I have to > manually code the SID into the URL, then the whole session "coockies if > possible" approach doesn't seem to work??? > > Can someone explain it in more detail for me plz? > Thanks > >

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]