|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
php-general-digest-help_at_lists.php.net
Date: Mon Jul 22 2002 - 19:56:18 CDT
php-general Digest 23 Jul 2002 00:56:18 -0000 Issue 1480
Topics (messages 108852 through 108994):
Re: xslt_process
108852 by: ctan
108853 by: ctan
108854 by: Peter Clarke
Re: == vs = should generate a warning or error -- was: Why won't this work?
108855 by: Brinkman, Theodore
Newbie getting close, form submission
108856 by: Dean Ouellette
108864 by: Matt Schroebel
108866 by: Dean Ouellette
108871 by: Matt Schroebel
108875 by: Dean Ouellette
108886 by: Jason Wong
108887 by: Kondwani Spike Mkandawire
108888 by: Kondwani Spike Mkandawire
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
108857 by: Marko Karppinen
108858 by: 1LT John W. Holmes
108860 by: Steve Meyers
108862 by: Ilia A.
108867 by: Jeff Bearer
108893 by: Greg Donald
108894 by: Adam Voigt
108897 by: Rouvas Stathis
108899 by: Greg Donald
108900 by: Richard Baskett
108901 by: Tyler Longren
108903 by: Michael Geier
108905 by: 1LT John W. Holmes
108906 by: Matt Babineau
108907 by: Jay Blanchard
108912 by: Peter
108913 by: Peter
108916 by: Rodolfo Gonzalez
108973 by: Richard Lynch
108975 by: Richard Lynch
problems with imap certificate
108859 by: martin.bugs.unl.edu.ar
Re: Newbie's question about \n
108861 by: Anas Mughal
108863 by: Martin Clifford
Can a form submit to two PHP form processers in succession?
108865 by: DonPro
108868 by: Jay Blanchard
108869 by: Bas Jobsen
108974 by: Richard Lynch
Doing an HTML POST using header()
108870 by: Francis
108873 by: Pete James
108884 by: Francis
108929 by: Pete James
108931 by: Andrew Braund
php 4.2.1 and MySQL
108872 by: Brian McLaughlin
108874 by: Tyler Longren
108911 by: Peter
is php.net down ?
108876 by: R'twick Niceorgaw
108877 by: John S. Huggins
108878 by: Jay Blanchard
108879 by: Sam Masiello
108880 by: Brian V Bonini
108881 by: B i g D o g
108883 by: Andrey Hristov
108885 by: R'twick Niceorgaw
Temporary Mirror for PHP 4.2.2 Binaries
108882 by: Daniel Kushner
Parse error
108889 by: Dean Ouellette
108890 by: Jay Blanchard
108891 by: Jason Wong
108895 by: Kondwani Spike Mkandawire
Windows NT Server, FORK, SOCKETS, and seperate processes
108892 by: David Buerer
108896 by: Paul Maine
108938 by: David Buerer
108940 by: Demitrious S. Kelly
108943 by: David Buerer
108945 by: Evan Nemerson
108948 by: David Buerer
108965 by: Jeremy
108982 by: Richard Lynch
stores / ecommerce
108898 by: Chris Edwards
108908 by: Matt Schroebel
108976 by: Richard Lynch
dbf Help
108902 by: Vinod Palan
108904 by: Matt Schroebel
Script executing Telnet Shell Command...
108909 by: Kondwani Spike Mkandawire
108977 by: Richard Lynch
Re: PHP Security Advisory: Vulnerability in PHP versions 4.2.0
108910 by: Lars Olsson
108920 by: Ian Ball
108937 by: Adam Alkins
MySQL - PHP combined log
108914 by: PHPCoder
108922 by: 1LT John W. Holmes
108923 by: 1LT John W. Holmes
108978 by: Richard Lynch
Problems Retrieving Session Variables on 2nd submit.
108915 by: Mario A. Salinas
108919 by: Mark Middleton
108979 by: Richard Lynch
Re: [ANNOUNCE] PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and4.2.1
108917 by: Anil Garg
108985 by: Richard Lynch
getservbyname
108918 by: Kondwani Spike Mkandawire
108980 by: Richard Lynch
108990 by: David Robley
Re: imagecolortransparent()
108921 by: Nick
108971 by: Richard Lynch
upgrade 4.1.2 to 4.2.2 (passing vars problem with 4.2.2)
108924 by: Kristopher Yates
108925 by: 1LT John W. Holmes
108926 by: Roedel, Mark A.
108928 by: Kristopher Yates
108935 by: 1LT John W. Holmes
108941 by: Evan Nemerson
108958 by: Pete James
108981 by: Richard Lynch
What does register_globals do?
108927 by: Matt Babineau
108930 by: Matt Schroebel
108932 by: Martin Clifford
108934 by: Matt Schroebel
108936 by: Martin Clifford
IMAP patch needing testing
108933 by: Dan Kalowsky
php security mailing list ...
108939 by: Dario Bahena Tapia
108942 by: Evan Nemerson
108946 by: Jason Reid
108949 by: Evan Nemerson
108984 by: Richard Lynch
Comma question
108944 by: B i g D o g
108947 by: Evan Nemerson
108950 by: Kevin Stone
108951 by: Lee Doolan
108953 by: Demitrious S. Kelly
108954 by: B i g D o g
108957 by: Martin Towell
108983 by: Richard Lynch
Simple question I guess.
108952 by: Raymond Lilleodegard
108955 by: 1LT John W. Holmes
108956 by: Evan Nemerson
Formating datevariables...
108959 by: Ragnar
108960 by: Demitrious S. Kelly
108962 by: David Buerer
108963 by: Wouter van Vliet
108987 by: Jeremy
108988 by: Martin Towell
108991 by: David Robley
Digit Grouping
108961 by: Wouter van Vliet
108964 by: Pete James
Re: Traversing an appendable file
108966 by: Richard Lynch
Re: Faster: Includes or DB Queries??
108967 by: Richard Lynch
Re: $HTTP_SERVER_VARS not accessible in Functions
108968 by: Richard Lynch
Re: Session Tracking
108969 by: Richard Lynch
Re: Inline Images ?
108970 by: Richard Lynch
Re: multiple search
108972 by: Richard Lynch
does this mean ....
108986 by: Peter
108993 by: David Robley
108994 by: Peter
another problem
108989 by: Georgie Casey
108992 by: David Robley
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscribe
lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net
To post to the list, e-mail:
php-generallists.php.net
----------------------------------------------------------------------
attached mail follows:
Thanks for the quick response...
See the thing is the XML is stored in a MySQL database. Is that what you
mean Peter?
Chia
-----Original Message-----
From: Peter Clarke [mailto:peterjingo.com]
Sent: 22 July 2002 13:56
To: php-generallists.php.net; Ctan
Cc: php-generallists.php.net
Subject: [PHP] Re: xslt_process
I may be missing something, but your not parsing XML. Your $line
contains an array of data from the database, not xml.
attached mail follows:
Thanks for the quick response...
See the thing is the XML is stored in a MySQL database. Is that what you
mean Peter?
Chia
-----Original Message-----
From: Peter Clarke [mailto:peterjingo.com]
Sent: 22 July 2002 13:56
To: php-generallists.php.net; Ctan
Cc: php-generallists.php.net
Subject: [PHP] Re: xslt_process
I may be missing something, but your not parsing XML. Your $line
contains an array of data from the database, not xml.
attached mail follows:
Ctan wrote:
> Hi all,
>
> I'm trying to use xslt_process() to transform a variable containing
XML data
> with an xsl file into a result using PHP. Incidentally the XML is from an
> external source, i.e. a database. However despite following the
examples in
> www.php.net I am unable to do so. The code works out to something
like this:
>
>
> if (! empty($searchword ))
>
> $query = "SELECT aml FROM arguments WHERE aml LIKE '%$searchword%'";
> $result = mysql_query($query) or die ("Query failed");
> $line = mysql_fetch_array($result, MYSQL_ASSOC);
>
> var_dump($line);
>
> // Create an array
> $arguments = array('/_xml'=> $line);
>
> //XSL file
> $xsl = "./sheet1.xsl";
>
> // Create an XSLT processor
> $xslthandler = xslt_create();
>
> // Perform the transformation
> $html = xslt_process( $xslthandler, 'arg:/_xml', $xsl, NULL, $arguments);
>
> // Detect errors
> if (!$html) die ('XSLT processing error: '.xslt_error($xslthandler));
>
> // Destroy the XSLT processor
> xslt_free($xslthandler);
>
> // Output the resulting HTML
> print $html;
>
>
> What I get on the screen is:
>
>
> Array ( [0] => "With the contents of my variable...")
>
>
> And:
>
>
> Warning: Sablotron error on line 1: XML parser error 2: syntax error in
> /home/httpd/html/ctan/resultworkingcopy2.php on line 93
> XSLT processing error: XML parser error 2: syntax error
>
>
> What gives? I'm really frustrated and would greatly appreciate it if
someone
> would point out where I've made an error before I start ripping all
my hair
> out! Thanks... Thanks... Thanks!
>
> Regards,
> Chia
I may be missing something, but your not parsing XML. Your $line
contains an array of data from the database, not xml.
attached mail follows:
If you want to get a warning when you accidentally do an assignment instead
of a comparison ( = instead of == ), get in the habbit of putting the
constant/function FIRST when you're doing a comparison.
For example, using 'while(mysql_fetch_row($result) = $row)' or 'if(5 = $x)'
should give the warning you're looking for because you can't assign $row to
mysql_fetch_row, or $x to 5.
- Theo
-----Original Message-----
From: Daevid Vincent [mailto:daeviddaevid.com]
Sent: Saturday, July 20, 2002 7:34 AM
To: php-generallists.php.net
Cc: 'Rasmus Lerdorf'
Subject: RE: [PHP] == vs = should generate a warning or error -- was:
Why won't this work?
> That would suck since many many PHP programs use stuff like:
>
> while($row=mysql_fetch_row($result)) { ... }
>
> There is absolutely nothing wrong with doing an assignment in
> a conditional and if it generated a warning it would drive a
> lot of people crazy.
First off, I have to LMAO at "that would suck".
So unexpected but humorus.
But seriously, this is why I suggest it be a config file option. Not a
new way of doing things, to break old code. But something toggle-able.
Or, I'm sure the PHP parser could be made smarter to look for common
'assigments' that are supposed to be 'conditions'.
For example I seriously doubt that NOBODY EVER means to do
if ($x = 5)
{
}
That CLEARLY is supposed to be using a == and not =
And I'm sure there are other such obvious cases that the parser could
check for somehow.
Just a suggestion. Thass all.
attached mail follows:
I am a complete newbie, search the web for examples right now and use
them.
The host has php 3.0
Having problems with for submission
Right now, no error messages, but does not actually send the email.
Ideas?
<?
$MailToAddress = "emailmyaddress.com";
$MailSubject = "Get Involved List";
if (!$MailFromAddress)
{
$MailFromAddress = "$email";
}
$Header = "";
$Footer = "";
?>
<?
if (!is_array($HTTP_POST_VARS))
return;
reset($HTTP_POST_VARS);
while(list($key, $val) = each($HTTP_POST_VARS))
{
$GLOBALS[$key] = $val;
$val=stripslashes($val);
$Message .= "$key = $val\n";
}
if ($Header)
{
$Message = $Header."\n\n".$Message;
}
if ($Footer)
{
$Message .= "\n\n".$Footer;
}
mail( "$MailToAddress", "$MailSubject", "$Message", "From:
$MailFromAddress");
?>
attached mail follows:
> From: Dean Ouellette [mailto:deanouellette.ws]
> Sent: Monday, July 22, 2002 9:43 AM
> Subject: [PHP] Newbie getting close, form submission
> I am a complete newbie, search the web for examples right now and use
> them.
>
> The host has php 3.0.
^^^^^^^^^^^^^^^^^^^^^
That's really old, you really ought to be using 4.2.x
>
> Having problems with for submission
> Right now, no error messages, but does not actually send the email.
> Ideas?
>
> <?
> $MailToAddress = "emailmyaddress.com";
> $MailSubject = "Get Involved List";
> if (!$MailFromAddress)
> {
> $MailFromAddress = "$email";
> }
> $Header = "";
> $Footer = "";
> ?>
>
> <?
> if (!is_array($HTTP_POST_VARS))
> return;
> reset($HTTP_POST_VARS);
> while(list($key, $val) = each($HTTP_POST_VARS))
> {
> $GLOBALS[$key] = $val;
> $val=stripslashes($val);
> $Message .= "$key = $val\n";
> }
> if ($Header)
> {
> $Message = $Header."\n\n".$Message;
> }
> if ($Footer)
> {
> $Message .= "\n\n".$Footer; // could put $Footer inside double quotes, vars expand then
> }
>
> mail( "$MailToAddress", "$MailSubject", "$Message", "From: // no need to quote these
> $MailFromAddress");
>
> ?>
There's no need to be doing all of the array manipulation. Just use the variables in the array. Also turn off magic_quotes_gpc in a .htaccess file so that you don't have to strip slashes.
<?php
If ('GET' == $HTTP_SERVER_VARS['REQUEST_METHOD']) {
$MailToAddress = 'emailmyaddress.com';
$MailSubject = 'Get Involved List';
?>
<form here>
<?php
exit;
}
?>
<?
If ('POST' == $HTTP_SERVER_VARS['REQUEST_METHOD']) {
if (isset($HTTP_POST_VARS['email'])) {
$MailFromAddress = $HTTP_POST_VARS['email']; // I'm assuming the vars were posted from a form
} else {
$MailFromAddress = 'memydomain.com'; // vars don't expand in single quotes, but we don't have any here.
}
$Message = $HTTP_POST_VARS['Message']; // should single quote associative array indexes
if (isset($HTTP_POST_VARS['Header'])) {
$Message = "{$HTTP_POST_VARS['Header']}\n\n$Message"; // need to wrap arrays in double quotes in {} to parse
}
if (isset($HTTP_POST_VARS['Footer'])) {
$Message .= "\n\n{$HTTP_POST_VARS['Footer']}";
}
mail($MailToAddress,$MailSubject,$Message,$MailFromAddress); // don't have to quote vars on parms
}
?>
attached mail follows:
I do not control server they will not upgrade. It is a tiny local host,
they suck, but the owner of site insists on using them.
Getting this
Parse error: parse error, expecting `STRING' or `NUM_STRING' or `'$'' in
/www/docs/site/email.php on line 78
This is the section
$Message = $HTTP_POST_VARS['Message']; // should single quote
associative array indexes
if (isset($HTTP_POST_VARS['Header'])) {
<<<<This is 78>>>> $Message = "{$HTTP_POST_VARS['Header']}\n\n$Message";
// need to wrap arrays in double quotes in {} to parse
}
-----Original Message-----
From: Matt Schroebel [mailto:MSchroebelhsus.org]
Sent: Monday, July 22, 2002 10:36 AM
To: 'Dean Ouellette'; php-generallists.php.net
Subject: RE: [PHP] Newbie getting close, form submission
> From: Dean Ouellette [mailto:deanouellette.ws]
> Sent: Monday, July 22, 2002 9:43 AM
> Subject: [PHP] Newbie getting close, form submission
> I am a complete newbie, search the web for examples right now and use
> them.
>
> The host has php 3.0.
^^^^^^^^^^^^^^^^^^^^^
That's really old, you really ought to be using 4.2.x
>
> Having problems with for submission
> Right now, no error messages, but does not actually send the email.
> Ideas?
>
> <?
> $MailToAddress = "emailmyaddress.com";
> $MailSubject = "Get Involved List";
> if (!$MailFromAddress)
> {
> $MailFromAddress = "$email";
> }
> $Header = "";
> $Footer = "";
> ?>
>
> <?
> if (!is_array($HTTP_POST_VARS))
> return;
> reset($HTTP_POST_VARS);
> while(list($key, $val) = each($HTTP_POST_VARS))
> {
> $GLOBALS[$key] = $val;
> $val=stripslashes($val);
> $Message .= "$key = $val\n";
> }
> if ($Header)
> {
> $Message = $Header."\n\n".$Message;
> }
> if ($Footer)
> {
> $Message .= "\n\n".$Footer; // could put $Footer inside double
quotes, vars expand then
> }
>
> mail( "$MailToAddress", "$MailSubject", "$Message", "From: // no need
to quote these
> $MailFromAddress");
>
> ?>
There's no need to be doing all of the array manipulation. Just use the
variables in the array. Also turn off magic_quotes_gpc in a .htaccess
file so that you don't have to strip slashes.
<?php
If ('GET' == $HTTP_SERVER_VARS['REQUEST_METHOD']) {
$MailToAddress = 'emailmyaddress.com';
$MailSubject = 'Get Involved List';
?>
<form here>
<?php
exit;
}
?>
<?
If ('POST' == $HTTP_SERVER_VARS['REQUEST_METHOD']) {
if (isset($HTTP_POST_VARS['email'])) {
$MailFromAddress = $HTTP_POST_VARS['email']; // I'm assuming the
vars were posted from a form
} else {
$MailFromAddress = 'memydomain.com'; // vars don't expand in
single quotes, but we don't have any here.
}
$Message = $HTTP_POST_VARS['Message']; // should single quote
associative array indexes
if (isset($HTTP_POST_VARS['Header'])) {
$Message = "{$HTTP_POST_VARS['Header']}\n\n$Message"; // need to
wrap arrays in double quotes in {} to parse
}
if (isset($HTTP_POST_VARS['Footer'])) {
$Message .= "\n\n{$HTTP_POST_VARS['Footer']}";
}
mail($MailToAddress,$MailSubject,$Message,$MailFromAddress); // don't
have to quote vars on parms
}
?>
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
> From: Dean Ouellette [mailto:deanouellette.ws]
> Sent: Monday, July 22, 2002 10:56 AM
> Subject: RE: [PHP] Newbie getting close, form submission
>
> $Message = $HTTP_POST_VARS['Message']; // should single quote
> associative array indexes
> if (isset($HTTP_POST_VARS['Header'])) {
> <<<<This is 78>>>> $Message =
> "{$HTTP_POST_VARS['Header']}\n\n$Message";
Oops, PHP 3.0 may need: $Message = $HTTP_POST_VARS['Header'] . "\n\n$Message"; > }
attached mail follows:
Last line Same error for this message Parse error: parse error, expecting `STRING' or `NUM_STRING' or `'$'' in /www/docs/www.electjoemarine.com/email.php on line 82
Was $Message .= "\n\n{$HTTP_POST_VARS['Footer']}";
Tried this, but same message
$Message .= "\n\n$HTTP_POST_VARS['Footer']";
-----Original Message-----
From: Matt Schroebel [mailto:MSchroebelhsus.org]
Sent: Monday, July 22, 2002 11:21 AM
To: 'Dean Ouellette'; Matt Schroebel; php-generallists.php.net
Subject: RE: [PHP] Newbie getting close, form submission
> From: Dean Ouellette [mailto:deanouellette.ws]
> Sent: Monday, July 22, 2002 10:56 AM
> Subject: RE: [PHP] Newbie getting close, form submission
>
> $Message = $HTTP_POST_VARS['Message']; // should single quote
> associative array indexes
> if (isset($HTTP_POST_VARS['Header'])) {
> <<<<This is 78>>>> $Message =
> "{$HTTP_POST_VARS['Header']}\n\n$Message";
Oops, PHP 3.0 may need: $Message = $HTTP_POST_VARS['Header'] . "\n\n$Message"; > }
attached mail follows:
On Monday 22 July 2002 23:44, Dean Ouellette wrote:
> Tried this, but same message > > $Message .= "\n\n$HTTP_POST_VARS['Footer']";
$Message .= "\n\n$HTTP_POST_VARS[Footer]";
-- Jason Wong -> Gremlins Associates -> www.gremlins.com.hk Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development */* You can extend EXTRAVERSION infinitely, but after the first 10 or so characters, it starts to get silly.
- Russell King on linux-kernel */
attached mail follows:
Work by process of elimination... Here goes...
Start with testing whether your mail will actually send the mail by executing a one line script... Just out of curiosity: how come your host is running an old version of php... Test the following:
<?php
( "mymailsomething.com," "Testing", "Just a Test", "");
?>
if possible try and run it as a script by connecting to your host via telnet or whatever (I am assuming the platform is UNIX or Linux):
php MyMailScript
If you are using Linux or UNIX and this doesn't work then there ought to be something wrong with the sendmail file... If you are on a MS Windows platform then there ought to be a problem in the ini file with the smtp setting...
If it sends then we can start sticking echo statements in your script to see where the breakdown is...
Drop another line on the news group if you still need help, I'll be behind this monitor for a while as will others I'm sure...
Spike...
"Dean Ouellette" <deanouellette.ws> wrote in message
news:004d01c23185$a8822cb0$9c89adacyoda...
> I am a complete newbie, search the web for examples right now and use
> them.
>
> The host has php 3.0
>
> Having problems with for submission
> Right now, no error messages, but does not actually send the email.
> Ideas?
>
> <?
> $MailToAddress = "emailmyaddress.com";
>
> $MailSubject = "Get Involved List";
>
> if (!$MailFromAddress)
>
> {
> $MailFromAddress = "$email";
> }
>
> $Header = "";
> $Footer = "";
> ?>
>
> <?
>
> if (!is_array($HTTP_POST_VARS))
>
> return;
>
> reset($HTTP_POST_VARS);
>
> while(list($key, $val) = each($HTTP_POST_VARS))
>
> {
> $GLOBALS[$key] = $val;
>
> $val=stripslashes($val);
>
> $Message .= "$key = $val\n";
> }
>
> if ($Header)
> {
> $Message = $Header."\n\n".$Message;
> }
>
> if ($Footer)
>
> {
> $Message .= "\n\n".$Footer;
> }
>
> mail( "$MailToAddress", "$MailSubject", "$Message", "From:
> $MailFromAddress");
>
> ?>
>
attached mail follows:
Sorry I forgot to stick the mail function there
<?php
mail( "mymailsomething.com," "Testing", "Just a Test", "");
?>
attached mail follows:
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Issued on: July 22, 2002 Software: PHP versions 4.2.0 and 4.2.1 Platforms: All
The PHP Group has learned of a serious security vulnerability in PHP versions 4.2.0 and 4.2.1. An intruder may be able to execute arbitrary code with the privileges of the web server. This vulnerability may be exploited to compromise the web server and, under certain conditions, to gain privileged access.
Description
PHP contains code for intelligently parsing the headers of HTTP POST requests. The code is used to differentiate between variables and files sent by the user agent in a "multipart/form-data" request. This parser has insufficient input checking, leading to the vulnerability.
The vulnerability is exploitable by anyone who can send HTTP POST requests to an affected web server. Both local and remote users, even from behind firewalls, may be able to gain privileged access.
Impact
Both local and remote users may exploit this vulnerability to compromise the web server and, under certain conditions, to gain privileged access. So far only the IA32 platform has been verified to be safe from the execution of arbitrary code. The vulnerability can still be used on IA32 to crash PHP and, in most cases, the web server.
Solution
The PHP Group has released a new PHP version, 4.2.2, which incorporates a fix for the vulnerability. All users of affected PHP versions are encouraged to upgrade to this latest version. The downloads web site at
http://www.php.net/downloads.php has the new 4.2.2 source tarballs, Windows binaries and source patches from 4.2.0 and 4.2.1 available for download. Workaround
If the PHP applications on an affected web server do not rely on HTTP POST input from user agents, it is often possible to deny POST requests on the web server.
In the Apache web server, for example, this is possible with the following code included in the main configuration file or a top-level .htaccess file:
<Limit POST> Order deny,allow Deny from all </Limit> Note that an existing configuration and/or .htaccess file may have parameters contradicting the example given above.
Credits
The PHP Group would like to thank Stefan Esser of e-matters GmbH for discovering this vulnerability.
Copyright (c) 2002 The PHP Group.
attached mail follows:
[snip] > PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 [/snip]
Looks like everyone will be using the new super globals, now... :)
Well, I guess I'm still assuming that in a perfect world, people will upgrade because of security issues...
---John Holmes...
attached mail follows:
Can you post this to php.announce as well?
Marko Karppinen wrote:
> > PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 > > > Issued on: July 22, 2002 > Software: PHP versions 4.2.0 and 4.2.1 > Platforms: All > > > The PHP Group has learned of a serious security vulnerability in PHP > versions 4.2.0 and 4.2.1. An intruder may be able to execute arbitrary > code with the privileges of the web server. This vulnerability may be > exploited to compromise the web server and, under certain conditions, > to gain privileged access. > > > Description > > PHP contains code for intelligently parsing the headers of HTTP POST > requests. The code is used to differentiate between variables and files > sent by the user agent in a "multipart/form-data" request. This parser > has insufficient input checking, leading to the vulnerability. > > The vulnerability is exploitable by anyone who can send HTTP POST > requests to an affected web server. Both local and remote users, even > from behind firewalls, may be able to gain privileged access. > > > Impact > > Both local and remote users may exploit this vulnerability to > compromise the web server and, under certain conditions, to gain > privileged access. So far only the IA32 platform has been verified to > be safe from the execution of arbitrary code. The vulnerability can > still be used on IA32 to crash PHP and, in most cases, the web server. > > > Solution > > The PHP Group has released a new PHP version, 4.2.2, which incorporates > a fix for the vulnerability. All users of affected PHP versions are > encouraged to upgrade to this latest version. The downloads web site at > > http://www.php.net/downloads.php > > has the new 4.2.2 source tarballs, Windows binaries and source patches > from 4.2.0 and 4.2.1 available for download. > > > Workaround > > If the PHP applications on an affected web server do not rely on HTTP > POST input from user agents, it is often possible to deny POST requests > on the web server. > > In the Apache web server, for example, this is possible with the > following code included in the main configuration file or a top-level > .htaccess file: > > <Limit POST> > Order deny,allow > Deny from all > </Limit> > > Note that an existing configuration and/or .htaccess file may have > parameters contradicting the example given above. > > > Credits > > The PHP Group would like to thank Stefan Esser of e-matters GmbH for > discovering this vulnerability. > > > Copyright (c) 2002 The PHP Group.
attached mail follows:
On July 22, 2002 10:12 am, 1LT John W. Holmes wrote: > [snip] > > > PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 > > [/snip] > > Looks like everyone will be using the new super globals, now... :) > > Well, I guess I'm still assuming that in a perfect world, people will > upgrade because of security issues... > > ---John Holmes...
As the Advisory suggests, the security fault affects only the 2 latest versions of PHP, all the people running older PHPs are not affected, so unless you've had the very latest stuff running this won't affect you and there will be no need to upgrade. If anything this will only convince people looking for 'stable' PHP to wait even longer before upgrading their releases because of potential bugs such as this one creeping up in 'new' releases.
Ilia
attached mail follows:
IIRC, just about every upgrae has security fixes, you may be hard pressed to find an older version that doesn't have any big holes in it.
On Mon, 2002-07-22 at 10:55, Ilia A. wrote: > On July 22, 2002 10:12 am, 1LT John W. Holmes wrote: > > [snip] > > > > > PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 > > > > [/snip] > > > > Looks like everyone will be using the new super globals, now... :) > > > > Well, I guess I'm still assuming that in a perfect world, people will > > upgrade because of security issues... > > > > ---John Holmes... > > As the Advisory suggests, the security fault affects only the 2 latest > versions of PHP, all the people running older PHPs are not affected, so > unless you've had the very latest stuff running this won't affect you and > there will be no need to upgrade. > If anything this will only convince people looking for 'stable' PHP to wait > even longer before upgrading their releases because of potential bugs such as > this one creeping up in 'new' releases. > > Ilia > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
-- Jeff Bearer, RHCE Webmaster, PittsburghLIVE.com 2002 EPpy Award Winner, Best Newspaper Website
attached mail follows:
On Mon, 22 Jul 2002, Marko Karppinen wrote:
> PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Not only did I get to re-write all my apps the past few months because of the new register_globals default that was imposed by `the php group`...
Now I get to upgrade my PHP install once a month or so cause of new security holes.. Yay!
Wasn't this new register_globals setting supposed to enhance security?
How would you like to be a sys admin with dozens of machines to upgrade before you can proceed with anythign else?
Can anyone say Ruby?
-- Greg Donald http://destiney.com
attached mail follows:
Hey man, if you can't stand the heat, get out of the freakin sun. Atleast PHP tells you about holes, not like Microsoft who will fix it six months down the line (if they even admit a hole exists). Plus, if your running anything past 4.1.2 on production systems, it's your own damn fault because several times it has been said that the 4.2 series wasn't considered safe for production use. And by the way, don't want to use PHP anymore because of this? Then don't. PHP doesn't need you, the rest of the people who can handle an update without whining will be fine.
Adam Voigt
adam.voigtcryptocomm.com
On Mon, 2002-07-22 at 12:55, Greg Donald wrote: > On Mon, 22 Jul 2002, Marko Karppinen wrote: > > > PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 > > Not only did I get to re-write all my apps the past few months because of > the new register_globals default that was imposed by `the php group`... > > Now I get to upgrade my PHP install once a month or so cause of new > security holes.. Yay! > > Wasn't this new register_globals setting supposed to enhance security? > > How would you like to be a sys admin with dozens of machines to upgrade > before you can proceed with anythign else? > > Can anyone say Ruby? > > > -- > Greg Donald > http://destiney.com > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
attached mail follows:
Hi all,
Just wanting to notify everyone that the link for the PHP.4.2.2 download is broken.
-Stathis.
-- Rouvas Stathis rouvas
attached mail follows:
On 22 Jul 2002, Adam Voigt wrote:
>Hey man, if you can't stand the heat, get out of the freakin sun. >Atleast PHP tells you about holes, not like Microsoft who will fix it >six months down the line (if they even admit a hole exists). Plus, if
Who said anything about M$? I don't use their crappy products so I don't have to deal with their security issues.
>your running anything past 4.1.2 on production systems, it's your own >damn fault because several times it has been said that the 4.2 series >wasn't considered safe for production use. And by the way, don't want to
If PHP 4.2 is unsafe then why is it listed at the top of the page for download? There is not a shread of text saying do not use in production, no unsafe warnings whatsoever. How am I supposed to magically find the 'do not use' warnings?
>use PHP anymore because of this? Then don't. PHP doesn't need you, the >rest of the people who can handle an update without whining will be >fine.
It's not about that.. It's about the hell I've already been through with the new register_globals setting. Then two huge ass security holes following in the next couple of months after that.
If it doesn't bother you the hassles 'the php group' is putting me, you, and alot of others through then I guess that's just you. I can't help but get pissed about it. I did not have the time to do these upgrades, but now I have to make time.
-- Greg Donald http://destiney.com
attached mail follows:
Well from the sound of it, it's a quick painless process to upgrade php to the newest version using the patch. Can anyone that has done it comment on the complexities of the upgrade? Im just going on what it says on the php homepage...
Rick
"When you walk to the edge of all the light you have and take that first step into the darkness of the unknown you must believe that one of two things will happen: There will be something solid for you to stand upon or, you will be taught how to fly." - Patrick Overton
> From: Greg Donald <gregdestiney.com>
> Date: Mon, 22 Jul 2002 12:30:50 -0500 (CDT)
> To: php-generallists.php.net
> Subject: Re: [PHP] PHP Security Advisory: Vulnerability in PHP versions 4.2.0
> and 4.2.1
>
> On 22 Jul 2002, Adam Voigt wrote:
>
>> Hey man, if you can't stand the heat, get out of the freakin sun.
>> Atleast PHP tells you about holes, not like Microsoft who will fix it
>> six months down the line (if they even admit a hole exists). Plus, if
>
> Who said anything about M$? I don't use their crappy products so I
> don't have to deal with their security issues.
>
>> your running anything past 4.1.2 on production systems, it's your own
>> damn fault because several times it has been said that the 4.2 series
>> wasn't considered safe for production use. And by the way, don't want to
>
> If PHP 4.2 is unsafe then why is it listed at the top of the page for
> download? There is not a shread of text saying do not use in production,
> no unsafe warnings whatsoever. How am I supposed to magically find the
> 'do not use' warnings?
>
>> use PHP anymore because of this? Then don't. PHP doesn't need you, the
>> rest of the people who can handle an update without whining will be
>> fine.
>
> It's not about that.. It's about the hell I've already been through with
> the new register_globals setting. Then two huge ass security holes
> following in the next couple of months after that.
>
> If it doesn't bother you the hassles 'the php group' is putting me, you,
> and alot of others through then I guess that's just you. I can't
> help but get pissed about it. I did not have the time to do these
> upgrades, but now I have to make time.
>
>
> --
> Greg Donald
> http://destiney.com
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
attached mail follows:
I actually enjoy all the security releases. They give me something to do at work!
tyler
On Mon, 22 Jul 2002 11:55:31 -0500 (CDT)
Greg Donald <gregdestiney.com> wrote:
> On Mon, 22 Jul 2002, Marko Karppinen wrote: > > > PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and > > 4.2.1 > > Not only did I get to re-write all my apps the past few months because > of the new register_globals default that was imposed by `the php > group`... > > Now I get to upgrade my PHP install once a month or so cause of new > security holes.. Yay! > > Wasn't this new register_globals setting supposed to enhance security? > > How would you like to be a sys admin with dozens of machines to > upgrade before you can proceed with anythign else? > > Can anyone say Ruby? > > > -- > Greg Donald > http://destiney.com > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
attached mail follows:
Quoting Greg Donald <gregdestiney.com>:
> It's not about that.. It's about the hell I've already been
> through with the new register_globals setting. Then two huge ass
> security holes following in the next couple of months after that.
> If it doesn't bother you the hassles 'the php group' is putting me, > you, and alot of others through then I guess that's just you. I > can't help but get pissed about it. I did not have the time to do > these upgrades, but now I have to make time.
php.ini: register_globals = on;
this would have allowed you to upgrade and keep your projects running until you converted them to $_ arrays.
And I think you seem to be taking things a little to personally.
...hassles the php group is putting YOU through?
Let's see...does Andi, Zeev and Rasmus get paid to produce new versions of PHP? Do you pay licensing fees for the product? Maybe if there were fees, the Holy Trinity (grin) could create an update app that made your life easier for you.
The night CERT released the security alert, I upgraded 23 servers in less than an hour. It is not hard work running three commands. You are not going to get alot of sympathy from the 'group'.
--
Michael Geier
CDM Sports, Inc. - Systems Administrator
email: operationscdmsports.com
phone: 314.991.1511 x 6505
pager: 314.318.9414 || page-michaelcdmsports.com
---------------------------------------------
This email sent using CDM Sports Webmail v2
[ http://webmail.cdmsports.com ]
attached mail follows:
> Well from the sound of it, it's a quick painless process to upgrade php to > the newest version using the patch. Can anyone that has done it comment on > the complexities of the upgrade? Im just going on what it says on the php > homepage...
Nice and easy for me, I'm running it on windows, though. Just delete the old PHP folder, unzip and copy the new one, and restart IIS. (php.ini is elsewhere).
This other guy needs to quit his freakin whining and just do his job. Or go use ASP...the choice is yours.
---John Holmes...
attached mail follows:
Heh....
ASP.
Hehehehehe....
Matt Babineau
MCWD / CCFD
-----------------------------------------
e: mattcriticalcode.com
p: 603.943.4237
w: http://www.criticalcode.com
PO BOX 601
Manchester, NH 03105
-----Original Message-----
From: 1LT John W. Holmes [mailto:holmes072000charter.net]
Sent: Monday, July 22, 2002 1:52 PM
To: Richard Baskett; PHP General
Subject: Re: [PHP] PHP Security Advisory: Vulnerability in PHP
versions4.2.0 and 4.2.1
> Well from the sound of it, it's a quick painless process to upgrade > php to the newest version using the patch. Can anyone that has done > it comment on > the complexities of the upgrade? Im just going on what it says on the
> php homepage...
Nice and easy for me, I'm running it on windows, though. Just delete the old PHP folder, unzip and copy the new one, and restart IIS. (php.ini is elsewhere).
This other guy needs to quit his freakin whining and just do his job. Or go use ASP...the choice is yours.
---John Holmes...
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
[snip] Can anyone that has done it comment on the complexities of the upgrade? [/snip]
Well, trying to updrade on Slackware Linux 8.0 and compiling with the GD (1.8.4) libraries are giving us some headaches. Some of what seems to be wrong;
phpinfo() does not show new build times for each compile, not seemingly a caching problem (we have shut down browsers and then re-opened them to no avail as far as updated information).
The configure command portion of phpinfo() does not show items we configured with PHP.
GD throws errors; imageCreate() as an undefined function.
We haven't moved on to our FreeBSD boxes yet.
Jay
attached mail follows:
The superglobals have been a round for a bit so it's not as if everything's got to be updated overnight.
I run PHP on windows and upgrading is just a matter of unzipping the archive to my PHP folder and overwriting all the older files - dead simple. Don't even have to change php.ini if I don't want to!
"Greg Donald" <gregdestiney.com> wrote in message
news:Pine.LNX.4.44.0207221147020.20154-100000destiney.com...
> On Mon, 22 Jul 2002, Marko Karppinen wrote:
>
> > PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
>
> Not only did I get to re-write all my apps the past few months because of
> the new register_globals default that was imposed by `the php group`...
>
> Now I get to upgrade my PHP install once a month or so cause of new
> security holes.. Yay!
>
> Wasn't this new register_globals setting supposed to enhance security?
>
> How would you like to be a sys admin with dozens of machines to upgrade
> before you can proceed with anythign else?
>
> Can anyone say Ruby?
>
>
> --
> Greg Donald
> http://destiney.com
>
attached mail follows:
Yes. Please post something to php.announce! Nothing ever gets announced in there anymore.
"Steve Meyers" <steve-php-devspamaphobia.com> wrote in message
news:20020722142441.37866.qmailpb1.pair.com...
> Can you post this to php.announce as well?
>
> Marko Karppinen wrote:
>
> >
> > PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
> >
> >
> > Issued on: July 22, 2002
> > Software: PHP versions 4.2.0 and 4.2.1
> > Platforms: All
> >
> >
> > The PHP Group has learned of a serious security vulnerability in PHP
> > versions 4.2.0 and 4.2.1. An intruder may be able to execute
arbitrary
> > code with the privileges of the web server. This vulnerability may be
> > exploited to compromise the web server and, under certain conditions,
> > to gain privileged access.
> >
> >
> > Description
> >
> > PHP contains code for intelligently parsing the headers of HTTP POST
> > requests. The code is used to differentiate between variables and
files
> > sent by the user agent in a "multipart/form-data" request. This
parser
> > has insufficient input checking, leading to the vulnerability.
> >
> > The vulnerability is exploitable by anyone who can send HTTP POST
> > requests to an affected web server. Both local and remote users, even
> > from behind firewalls, may be able to gain privileged access.
> >
> >
> > Impact
> >
> > Both local and remote users may exploit this vulnerability to
> > compromise the web server and, under certain conditions, to gain
> > privileged access. So far only the IA32 platform has been verified to
> > be safe from the execution of arbitrary code. The vulnerability can
> > still be used on IA32 to crash PHP and, in most cases, the web
server.
> >
> >
> > Solution
> >
> > The PHP Group has released a new PHP version, 4.2.2, which
incorporates
> > a fix for the vulnerability. All users of affected PHP versions are
> > encouraged to upgrade to this latest version. The downloads web site
at
> >
> > http://www.php.net/downloads.php
> >
> > has the new 4.2.2 source tarballs, Windows binaries and source
patches
> > from 4.2.0 and 4.2.1 available for download.
> >
> >
> > Workaround
> >
> > If the PHP applications on an affected web server do not rely on HTTP
> > POST input from user agents, it is often possible to deny POST
requests
> > on the web server.
> >
> > In the Apache web server, for example, this is possible with the
> > following code included in the main configuration file or a top-level
> > .htaccess file:
> >
> > <Limit POST>
> > Order deny,allow
> > Deny from all
> > </Limit>
> >
> > Note that an existing configuration and/or .htaccess file may have
> > parameters contradicting the example given above.
> >
> >
> > Credits
> >
> > The PHP Group would like to thank Stefan Esser of e-matters GmbH for
> > discovering this vulnerability.
> >
> >
> > Copyright (c) 2002 The PHP Group.
>
attached mail follows:
On Mon, 22 Jul 2002, 1LT John W. Holmes wrote: > This other guy needs to quit his freakin whining and just do his job. Or go > use ASP...the choice is yours.
Or JSP, for that matter. I've just discussing with a friend about this security issue, and he was trying to convince me to move to Java... :)
attached mail follows:
>Well, trying to updrade on Slackware Linux 8.0 and compiling with the GD >(1.8.4) libraries are giving us some headaches. Some of what seems to be >wrong; > >phpinfo() does not show new build times for each compile, not seemingly a >caching problem (we have shut down browsers and then re-opened them to no >avail as far as updated information). > >The configure command portion of phpinfo() does not show items we configured >with PHP. > >GD throws errors; imageCreate() as an undefined function.
You're simply looking at the old PHP.
You did stop/start Apache, right?... Cuz the new PHP won't kick in until you do.
If so, almost for sure your installation of the "new" PHP binary is not happening correctly.
Watch carefully when you do "make install" to see where your new copies go. Use "locate modphp.so" or whatever it is to find out where your old copies are.
I'm betting they don't match up.
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
>On Mon, 22 Jul 2002, Marko Karppinen wrote: > >> PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 > >Not only did I get to re-write all my apps the past few months because of >the new register_globals default that was imposed by `the php group`...
You could have just *CHANGED* the setting in php.ini if it was that big a friggin' deal. I did.
>Now I get to upgrade my PHP install once a month or so cause of new >security holes.. Yay!
If you want to examine PHP's Security history *OBJECTIVELY* it will go toe-to-toe against anything else in the same market.
>Wasn't this new register_globals setting supposed to enhance security?
Yes, and it does.
>How would you like to be a sys admin with dozens of machines to upgrade >before you can proceed with anythign else?
Ooooh, *dozens* of machines. Why, that should take you at least an hour to take care of, unless you want to sit there and twiddle your thumbs while the text scrolls by. Get a life!
>Can anyone say Ruby?
Can anyone say "No better"?
But, hey, we don't care. Go use Ruby if that will make you happy.
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
I'm trying to configure a php with imap support on a RedHat 7.3 server. The
problem is that it doesn't like the certificate (or something like that) and
it doesn't login.
I need this to get a webmail on the server working.
The error says this:
Jul 22 11:19:34 math httpd: PHP Warning: Certificate failure for localhost:
self signed certificate:
/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/Email=rootlocalhost.localdomain
(errflg=2) in Unknown on line 0
And the imap server logs this:
Jul 22 11:19:34 math imapd[31893]: imap service init from 127.0.0.1
Jul 22 11:19:34 math imapd[31893]: Command stream end of file, while reading
line user=??? host=UNKNOWN
Any idea on how I can solve this?
--
Porqué usar una base de datos relacional cualquiera,
si podés usar PostgreSQL?
-----------------------------------------------------------------
Martín Marqués | mmarquesunl.edu.ar
Programador, Administrador, DBA | Centro de Telematica
Universidad Nacional
del Litoral
-----------------------------------------------------------------
attached mail follows:
I often use: <br>\n
That way I get a new line in a browser and plain text as well.
KK Lee <kklee6yahoo.com> wrote: Dear ALL,
It seems that i have a very silly problem. I can't get the new line escape character to work. the following is my SIMPLE script and corresponding output.
PHP script: "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd" >
echo "this should be printed out:\n"; echo "this is a second line"; ?>
Output in IE6: this should be printed out: this is a second line
regards,
KK
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php--------------------------------- Do You Yahoo!? Yahoo! Health - Feel better, live better
attached mail follows:
Think of it this way: <br> creates a line break in HTML Output, \n creates a line break in HTML Code.
echo "I really\n like\n PHP!";
HTML Code:
I really like PHP!
HTML Output:
I really like PHP!
HTH
>>>It seems that i have a very silly problem. I can't get the new line escape character to work. the following is my SIMPLE script and corresponding output.
PHP script: "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd" >
echo "this should be printed out:\n"; echo "this is a second line"; ?>
Output in IE6: this should be printed out: this is a second line
regards,
KK<<<
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php--------------------------------- Do You Yahoo!? Yahoo! Health - Feel better, live better
Martin Clifford Homepage: http://www.completesource.net Developer's Forums: http://www.completesource.net/forums/
attached mail follows:
Hi,
I'm not sure how to do this but I have a form which I wish to do the following.
When the uses clicks the "submit button", I wish to perform a check where I look for a value in a MySQL database. If found, I need to return an error page telling the user that the value already exists. I assume that I can just POST to a PHP page that performs the check.
If the value was not found, I would like to POST the results to a PHP form handling script I use.
The above tow are separate PHP documents that are not connected. In essence, it is akin to one form processing page handing off the information to another page. Can this be done in PHP?
Thanks, Don
attached mail follows:
[snip] When the uses clicks the "submit button", I wish to perform a check where I look for a value in a MySQL database. If found, I need to return an error page telling the user that the value already exists. I assume that I can just POST to a PHP page that performs the check.
If the value was not found, I would like to POST the results to a PHP form handling script I use.
The above tow are separate PHP documents that are not connected. In essence, it is akin to one form processing page handing off the information to another page. Can this be done in PHP? [/snip]
Sure!
Pseudo-code in preliminary form handling script;
if (form value in database){ redirect to error page; } else { redirect to form handling script; }
HTH!
Jay
attached mail follows:
//post to this script if($value_found_in_database) include('error_document.php'); else include('handling_script.php');
Op maandag 22 juli 2002 16:59, schreef DonPro: > Hi, > > I'm not sure how to do this but I have a form which I wish to do the > following. > > When the uses clicks the "submit button", I wish to perform a check where I > look for a value in a MySQL database. If found, I need to return an error > page telling the user that the value already exists. I assume that I can > just POST to a PHP page that performs the check. > > If the value was not found, I would like to POST the results to a PHP form > handling script I use. > > The above tow are separate PHP documents that are not connected. In > essence, it is akin to one form processing page handing off the information > to another page. Can this be done in PHP? > > Thanks, > Don
attached mail follows:
>Hi, > >I'm not sure how to do this but I have a form which I wish to do the following. > >When the uses clicks the "submit button", I wish to perform a check where I >look for a value in a MySQL database. If found, I need >to return an error page telling the user that the value already exists. I >assume that I can just POST to a PHP page that performs >the check. > >If the value was not found, I would like to POST the results to a PHP form >handling script I use. > >The above tow are separate PHP documents that are not connected. In >essence, it is akin to one form processing page handing off the >information to another page. Can this be done in PHP?
In addition to the other worthy solutions, there is a "posttohost" function out there that Rasmus wrote ages ago in PHP.
It will let you POST any data you like to any web-form you can visit.
Quite handy. :-)
Google for "Rasmus Lerdorf and PostToHost"
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
I'm trying to redirect to another website but doing a post to that website at the same time. (ie POST rather than a GET (eg: header("Location: www.anothersite.com/index.php?page=22"); )
How do you do an HTML post using the header() whats the syntax? I just cant find it anywhere.
Thanks
attached mail follows:
Don't redirect, use curl to post your data to the new page.
Francis wrote: > > I'm trying to redirect to another website but doing a post to that website > at the same time. (ie POST rather than a GET (eg: header("Location: > www.anothersite.com/index.php?page=22"); ) > > How do you do an HTML post using the header() whats the syntax? I just cant > find it anywhere. > > Thanks
attached mail follows:
using NT? all I need it for is so the user can skip a registration step put its all coded using POST rather than GET, its gonna be quite simple.... but whats the syntax? there must be a way to do it...
"Pete James" <peter_jamesadvanis.ca> wrote in message
news:3D3C27A3.869D9A2Aadvanis.ca...
> Don't redirect, use curl to post your data to the new page.
>
> Francis wrote:
> >
> > I'm trying to redirect to another website but doing a post to that
website
> > at the same time. (ie POST rather than a GET (eg: header("Location:
> > www.anothersite.com/index.php?page=22"); )
> >
> > How do you do an HTML post using the header() whats the syntax? I just
cant
> > find it anywhere.
> >
> > Thanks
attached mail follows:
Forging a POST is a complicated task when compared to its GET cousin, and there is no 'easy' way
You must either use CURL, or write your own mini web client...
Francis wrote:
>
> using NT? all I need it for is so the user can skip a registration step put
> its all coded using POST rather than GET, its gonna be quite simple.... but
> whats the syntax? there must be a way to do it...
>
> "Pete James" <peter_jamesadvanis.ca> wrote in message
> news:3D3C27A3.869D9A2Aadvanis.ca...
> > Don't redirect, use curl to post your data to the new page.
> >
> > Francis wrote:
> > >
> > > I'm trying to redirect to another website but doing a post to that
> website
> > > at the same time. (ie POST rather than a GET (eg: header("Location:
> > > www.anothersite.com/index.php?page=22"); )
> > >
> > > How do you do an HTML post using the header() whats the syntax? I just
> cant
> > > find it anywhere.
> > >
> > > Thanks
attached mail follows:
> Forging a POST is a complicated task when compared to its GET cousin,
> and there is no 'easy' way
>
> You must either use CURL, or write your own mini web client...
>
> Francis wrote:
> >
> > using NT? all I need it for is so the user can skip a registration step put
> > its all coded using POST rather than GET, its gonna be quite simple.... but
> > whats the syntax? there must be a way to do it...
> >
> > "Pete James" <peter_jamesadvanis.ca> wrote in message
> > news:3D3C27A3.869D9A2Aadvanis.ca...
> > > Don't redirect, use curl to post your data to the new page.
> > >
> > > Francis wrote:
> > > >
> > > > I'm trying to redirect to another website but doing a post to that
> > website
> > > > at the same time. (ie POST rather than a GET (eg: header("Location:
> > > > www.anothersite.com/index.php?page=22"); )
> > > >
> > > > How do you do an HTML post using the header() whats the syntax? I just
> > cant
> > > > find it anywhere.
> > > >
> > > > Thanks
google for posttohost; http://www.php-faq.com/postToHost.html
attached mail follows:
We recently upgraded to php 4.2.1 with Apache and our scripts that access MySQL now fail in mysql_connect(). Apache shows the following:
Warning: Access denied for user: 'fredweb.georgefox.edu' (Using password:
YES) in /var/apache/share/scripts/ais/itweb/projects.php on line 40
Warning: MySQL Connection Failed: Access denied for user:
'fredweb.georgefox.edu' (Using password: YES) in
/var/apache/share/scripts/ais/itweb/projects.php on line 40
Sorry... Could not connect to database
Not sure why it says it's using password: YES. The call is mysql_connect("host", "fred", "password") as it always has been. I thought that perhaps the function call has changed to include an extra parameter or something, but haven't found anything that says that's true.
Can someone tell me what I can do to get these scripts working again? All of my scripts that use MySQL are failing in this same way.
Thanks,
Brian McLaughlin
bmclaughgeorgefox.edu
attached mail follows:
No extra parameters have been added to the mysql_connect() function. The error you're seeing is straight from mysql...so it's really not php. Mysql says "Using password: YES" because you're trying to login in with a password. If you took out "password" in the mysql_connect() function, it'd say "Using password: NO".
Go into mysql and make sure the username/password haven't been changed and make sure the machine that php is on is allowed to connect to the mysql server.
Good luck,
-- Tyler Longren Captain Jack Communications tylerOn Mon, 22 Jul 2002 08:32:35 -0700 "Brian McLaughlin" <bmclaugh
> We recently upgraded to php 4.2.1 with Apache and our scripts that > access MySQL now fail in mysql_connect(). Apache shows the > following: > > Warning: Access denied for user: 'fred
attached mail follows:
Did you do anything to Apache when you upgraded PHP e.g. change the host name? My MySQL scripts have worked through every upgrage from 4.0.6 to 4.2.1 without needing any modification.
"Brian McLaughlin" <bmclaughgeorgefox.edu> wrote in message
news:20020722153438.11512.qmailpb1.pair.com...
> We recently upgraded to php 4.2.1 with Apache and our scripts that access
> MySQL now fail in mysql_connect(). Apache shows the following:
>
> Warning: Access denied for user: 'fredweb.georgefox.edu' (Using password:
> YES) in /var/apache/share/scripts/ais/itweb/projects.php on line 40
>
> Warning: MySQL Connection Failed: Access denied for user:
> 'fredweb.georgefox.edu' (Using password: YES) in
> /var/apache/share/scripts/ais/itweb/projects.php on line 40
> Sorry... Could not connect to database
>
> Not sure why it says it's using password: YES. The call is
> mysql_connect("host", "fred", "password") as it always has been. I
thought
> that perhaps the function call has changed to include an extra parameter
or
> something, but haven't found anything that says that's true.
>
> Can someone tell me what I can do to get these scripts working again? All
> of my scripts that use MySQL are failing in this same way.
>
> Thanks,
>
> Brian McLaughlin
> bmclaughgeorgefox.edu
>
>
>
attached mail follows:
Hi guys, any one else able to get into www.php.net ?
I'm getting this
Warning: main("geoip.inc") - No such file or directory in /local/Web/sites/phpweb/include/prepend.inc on line 6
Fatal error: Failed opening required 'geoip.inc' (include_path='.:/local/Web/sites/phpweb/include') in /local/Web/sites/phpweb/include/prepend.inc on line 6
attached mail follows:
They seem to be working on it. It comes up every few minutes so keep trying. I managed to sneak it just long enough to snag 4.2.2.
On Mon, 22 Jul 2002, R'twick Niceorgaw wrote:
>-Hi guys, >-any one else able to get into www.php.net ? >- >-I'm getting this >- >-Warning: main("geoip.inc") - No such file or directory in >-/local/Web/sites/phpweb/include/prepend.inc on line 6 >- >-Fatal error: Failed opening required 'geoip.inc' >-(include_path='.:/local/Web/sites/phpweb/include') in >-/local/Web/sites/phpweb/include/prepend.inc on line 6 >- >- >- >- >- >--- >-PHP General Mailing List (http://www.php.net/) >-To unsubscribe, visit: http://www.php.net/unsub.php >-
**************************************
John Huggins VANet
jhugginsva.net
http://www.va.net/
**************************************
attached mail follows:
[snip] any one else able to get into www.php.net ? [/snip]
Nope... :^[
Jay
attached mail follows:
You could try one of the mirrors. For example, http://php.ca is up and running.
HTH
Sam Masiello
Software Quality Assurance Engineer
Synacor
(716) 853-1362 x289
smasiellosynacor.com
-----Original Message-----
From: Jay Blanchard [mailto:jay.blanchardniicommunications.com]
Sent: Monday, July 22, 2002 11:56 AM
To: 'R'twick Niceorgaw'; php-generallists.php.net
Subject: RE: [PHP] is php.net down ?
[snip] any one else able to get into www.php.net ? [/snip]
Nope... :^[
Jay
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
I can get in. Try a mirror if you having trouble.
> -----Original Message-----
> From: Jay Blanchard [mailto:jay.blanchardniicommunications.com]
> Sent: Monday, July 22, 2002 11:56 AM
> To: 'R'twick Niceorgaw'; php-generallists.php.net
> Subject: RE: [PHP] is php.net down ?
>
>
> [snip]
> any one else able to get into www.php.net ?
> [/snip]
>
> Nope... :^[
>
> Jay
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
attached mail follows:
It took me about 30 minutes to get it...just keep trying...some mirrors are really good...i used a canadian mirror and that worked great...
.: B i g D o g :.
----- Original Message -----
From: "Brian V Bonini" <b-boninicox.net>
To: "Jay Blanchard" <jay.blanchardniicommunications.com>; "'R'twick
Niceorgaw'" <rtwickniceorgaw.com>; <php-generallists.php.net>
Sent: Monday, July 22, 2002 10:05 AM
Subject: RE: [PHP] is php.net down ?
> I can get in. Try a mirror if you having trouble.
>
> > -----Original Message-----
> > From: Jay Blanchard [mailto:jay.blanchardniicommunications.com]
> > Sent: Monday, July 22, 2002 11:56 AM
> > To: 'R'twick Niceorgaw'; php-generallists.php.net
> > Subject: RE: [PHP] is php.net down ?
> >
> >
> > [snip]
> > any one else able to get into www.php.net ?
> > [/snip]
> >
> > Nope... :^[
> >
> > Jay
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
They are moving to another machine. The intention is to move the download resource to another resource to free the resources ot the current machine because there are too many working apache processes. And this is a problem for other applications. It will be fine soon.
Regards, Andrey
----- Original Message -----
From: "R'twick Niceorgaw" <rtwickniceorgaw.com>
To: <php-generallists.php.net>
Sent: Monday, July 22, 2002 6:51 PM
Subject: [PHP] is php.net down ?
> Hi guys, > any one else able to get into www.php.net ? > > I'm getting this > > Warning: main("geoip.inc") - No such file or directory in > /local/Web/sites/phpweb/include/prepend.inc on line 6 > > Fatal error: Failed opening required 'geoip.inc' > (include_path='.:/local/Web/sites/phpweb/include') in > /local/Web/sites/phpweb/include/prepend.inc on line 6 > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
attached mail follows:
cool...
thanks guys
----- Original Message -----
From: "Sam Masiello" <smasiellosynacor.com>
To: "'Jay Blanchard'" <jay.blanchardniicommunications.com>; "'R'twick
Niceorgaw'" <rtwickniceorgaw.com>; <php-generallists.php.net>
Sent: Monday, July 22, 2002 11:59 AM
Subject: RE: [PHP] is php.net down ?
>
> You could try one of the mirrors. For example, http://php.ca is up and
> running.
>
> HTH
>
> Sam Masiello
> Software Quality Assurance Engineer
> Synacor
> (716) 853-1362 x289
> smasiellosynacor.com
>
>
>
> -----Original Message-----
> From: Jay Blanchard [mailto:jay.blanchardniicommunications.com]
> Sent: Monday, July 22, 2002 11:56 AM
> To: 'R'twick Niceorgaw'; php-generallists.php.net
> Subject: RE: [PHP] is php.net down ?
>
>
> [snip]
> any one else able to get into www.php.net ?
> [/snip]
>
> Nope... :^[
>
> Jay
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
attached mail follows:
Hi PHPers,
To help along with the new PHP download crises I have added a temporary mirror: http://www.thehostingcompany.us/php/
Regards, Daniel Kushner
attached mail follows:
PHP 3.0 (I know I don't control it)
Getting Parse error on last line of code which is just <html>
Here is php code on page
<?php
If ('GET' == $HTTP_SERVER_VARS['REQUEST_METHOD']) {
$MailToAddress = 'deangisites.com';
$MailSubject = 'Get Involved List';
?>
<?php
exit;
}
?>
<?
If ('POST' == $HTTP_SERVER_VARS['REQUEST_METHOD']) {
if (isset($HTTP_POST_VARS['email'])) {
$MailFromAddress = $HTTP_POST_VARS['email']; // I'm assuming the
vars were posted from a form
} else {
$MailFromAddress = 'deangisites.com'; // vars don't expand in
single quotes, but we don't have any here.
}
$Message = $HTTP_POST_VARS['Message']; // should single quote
associative array indexes
if (isset($HTTP_POST_VARS['Header'])) {
$Message = $HTTP_POST_VARS['Header'] . "\n\n$Message"; // need to
wrap arrays in double quotes in {} to parse
}
if (isset($HTTP_POST_VARS['Footer'])) {
$Message .= "\n\n$HTTP_POST_VARS[Footer]";
}
mail($MailToAddress,$MailSubject,$Message,$MailFromAddress); // don't
have to quote vars on parms } ?>
attached mail follows:
[snip] Getting Parse error on last line of code which is just <html>
Here is php code on page ...
[/snip]
Check your curly braces, this is the most often cause of a last line error. You either have too many or not enough.
HTH!
Jay
attached mail follows:
On Tuesday 23 July 2002 00:32, Dean Ouellette wrote: > PHP 3.0 (I know I don't control it) > > Getting Parse error on last line of code which is just <html>
> mail($MailToAddress,$MailSubject,$Message,$MailFromAddress); // don't > have to quote vars on parms } ?> ^^^^
Make sure that the '} ?>' are on a separate line (ie not a continuation of your comment -- // don't have to quote ...)
-- Jason Wong -> Gremlins Associates -> www.gremlins.com.hk Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development */* I've got a very bad feeling about this. -- Han Solo */
attached mail follows:
>
> <?php
> If ('GET' == $HTTP_SERVER_VARS['REQUEST_METHOD']) {
> $MailToAddress = 'deangisites.com';
> $MailSubject = 'Get Involved List';
> ?>
>
> <?php
> exit;
> }
> ?>
You appear to be moving in and out of PHP Mode that could be pretty tough to follow... I've practically been looking at php Code 8 hours a day for the past 3 months with a good deal of former CGI Scripting experience and I'm still scared of learning this tactic... However I have never had to use it before so the circumstances may be different...
> <?
> If ('POST' == $HTTP_SERVER_VARS['REQUEST_METHOD']) {
> if (isset($HTTP_POST_VARS['email'])) {
> $MailFromAddress = $HTTP_POST_VARS['email']; // I'm assuming the
> vars were posted from a form
> } else {
> $MailFromAddress = 'deangisites.com'; // vars don't expand in
> single quotes, but we don't have any here.
> }
>
> $Message = $HTTP_POST_VARS['Message']; // should single quote
> associative array indexes
> if (isset($HTTP_POST_VARS['Header'])) {
> $Message = $HTTP_POST_VARS['Header'] . "\n\n$Message"; // need to
> wrap arrays in double quotes in {} to parse
> }
>
> if (isset($HTTP_POST_VARS['Footer'])) {
> $Message .= "\n\n$HTTP_POST_VARS[Footer]";
> }
>
> mail($MailToAddress,$MailSubject,$Message,$MailFromAddress); // don't
> have to quote vars on parms } ?>
>
attached mail follows:
I've got effectivly a glorified chat server which upon the arrival of a message thorugh a socket connection goes off and runs a bunch of database processed. My questions is this: How can I seperate the database processing into a seperate processor process? I really don't want the chat server to have to wait until after the database processing is done to go intercept and process another request--this just doesn't seem right. I want the chat server process to be able to deal with getting and receiving messages, and another process to deal with the database processing. That way if one of the processes get's slow, the other isn't affected. Something like the fork command would work really well, but fork doesn't exist in NT. Anyone have any ideas? I'm running Windows NT4.0 sp6a Apache Server 1.3.xx MySQL and of course, PHP 4.2.1
attached mail follows:
You can use threads with NT to accomplish what you are asking.
-----Original Message-----
From: David Buerer [mailto:davidpladesigns.com]
Sent: Monday, July 22, 2002 11:29 AM
To: 'php-generallists.php.net'
Subject: [PHP] Windows NT Server, FORK, SOCKETS, and seperate processes
I've got effectivly a glorified chat server which upon the arrival of a message thorugh a socket connection goes off and runs a bunch of database processed. My questions is this: How can I seperate the database processing into a seperate processor process? I really don't want the chat server to have to wait until after the database processing is done to go intercept and process another request--this just doesn't seem right. I want the chat server process to be able to deal with getting and receiving messages, and another process to deal with the database processing. That way if one of the processes get's slow, the other isn't affected. Something like the fork command would work really well, but fork doesn't exist in NT.
Anyone have any ideas?
I'm running Windows NT4.0 sp6a Apache Server 1.3.xx MySQL and of course, PHP 4.2.1
attached mail follows:
How to I inovoke a new Thread from the middle of a PHP script?
-----Original Message-----
From: Paul Maine [mailto:pmaineaustin.rr.com]
Sent: Monday, July 22, 2002 10:08 AM
To: David Buerer; php-generallists.php.net
Subject: RE: [PHP] Windows NT Server, FORK, SOCKETS, and seperate processes
You can use threads with NT to accomplish what you are asking.
-----Original Message-----
From: David Buerer [mailto:davidpladesigns.com]
Sent: Monday, July 22, 2002 11:29 AM
To: 'php-generallists.php.net'
Subject: [PHP] Windows NT Server, FORK, SOCKETS, and seperate processes
I've got effectivly a glorified chat server which upon the arrival of a message thorugh a socket connection goes off and runs a bunch of database processed. My questions is this: How can I seperate the database processing into a seperate processor process? I really don't want the chat server to have to wait until after the database processing is done to go intercept and process another request--this just doesn't seem right. I want the chat server process to be able to deal with getting and receiving messages, and another process to deal with the database processing. That way if one of the processes get's slow, the other isn't affected. Something like the fork command would work really well, but fork doesn't exist in NT.
Anyone have any ideas?
I'm running Windows NT4.0 sp6a Apache Server 1.3.xx MySQL and of course, PHP 4.2.1
attached mail follows:
Yes. Write a daemon which listens on a socket and manages the communications it gets from the satellite scripts and works the database for them...
The scripts send off data, and process replies. They don't do the heavy work...
-----Original Message-----
From: David Buerer [mailto:davidpladesigns.com]
Sent: Monday, July 22, 2002 2:30 PM
To: 'php-generallists.php.net'
Subject: RE: [PHP] Windows NT Server, FORK, SOCKETS, and seperate
processes
How to I inovoke a new Thread from the middle of a PHP script?
-----Original Message-----
From: Paul Maine [mailto:pmaineaustin.rr.com]
Sent: Monday, July 22, 2002 10:08 AM
To: David Buerer; php-generallists.php.net
Subject: RE: [PHP] Windows NT Server, FORK, SOCKETS, and seperate
processes
You can use threads with NT to accomplish what you are asking.
-----Original Message-----
From: David Buerer [mailto:davidpladesigns.com]
Sent: Monday, July 22, 2002 11:29 AM
To: 'php-generallists.php.net'
Subject: [PHP] Windows NT Server, FORK, SOCKETS, and seperate processes
I've got effectivly a glorified chat server which upon the arrival of a message thorugh a socket connection goes off and runs a bunch of database processed. My questions is this: How can I seperate the database processing into a seperate processor process? I really don't want the chat server to have to wait until after the database processing is done to go intercept and process another request--this just doesn't seem right. I want the chat server process to be able to deal with getting and receiving messages, and another process to deal with the database processing. That way if one of the processes get's slow, the other isn't affected. Something like the fork command would work really well, but fork doesn't exist in NT.
Anyone have any ideas?
I'm running Windows NT4.0 sp6a Apache Server 1.3.xx MySQL and of course, PHP 4.2.1
attached mail follows:
Yes, that's exactly what I want to do. But HOW do I do it?
i.e. I'm sitting in my accept connectinos loop in the chat daemon
While(true) { //waitforenwconnection $new_connection_id=socket_accept();
//got a new connection, go process it go_do_this_in_a_new_thread($new_connection_id); }
What do I put in place of go_do_this_in_a_new_thread()????
-----Original Message-----
From: Demitrious S. Kelly [mailto:apokalyptikapokalyptik.com]
Sent: Monday, July 22, 2002 3:01 PM
To: 'David Buerer'; php-generallists.php.net
Subject: RE: [PHP] Windows NT Server, FORK, SOCKETS, and seperate processes
Yes. Write a daemon which listens on a socket and manages the communications it gets from the satellite scripts and works the database for them...
The scripts send off data, and process replies. They don't do the heavy work...
-----Original Message-----
From: David Buerer [mailto:davidpladesigns.com]
Sent: Monday, July 22, 2002 2:30 PM
To: 'php-generallists.php.net'
Subject: RE: [PHP] Windows NT Server, FORK, SOCKETS, and seperate processes
How to I inovoke a new Thread from the middle of a PHP script?
-----Original Message-----
From: Paul Maine [mailto:pmaineaustin.rr.com]
Sent: Monday, July 22, 2002 10:08 AM
To: David Buerer; php-generallists.php.net
Subject: RE: [PHP] Windows NT Server, FORK, SOCKETS, and seperate processes
You can use threads with NT to accomplish what you are asking.
-----Original Message-----
From: David Buerer [mailto:davidpladesigns.com]
Sent: Monday, July 22, 2002 11:29 AM
To: 'php-generallists.php.net'
Subject: [PHP] Windows NT Server, FORK, SOCKETS, and seperate processes
I've got effectivly a glorified chat server which upon the arrival of a message thorugh a socket connection goes off and runs a bunch of database processed. My questions is this: How can I seperate the database processing into a seperate processor process? I really don't want the chat server to have to wait until after the database processing is done to go intercept and process another request--this just doesn't seem right. I want the chat server process to be able to deal with getting and receiving messages, and another process to deal with the database processing. That way if one of the processes get's slow, the other isn't affected. Something like the fork command would work really well, but fork doesn't exist in NT.
Anyone have any ideas?
I'm running Windows NT4.0 sp6a Apache Server 1.3.xx MySQL and of course, PHP 4.2.1
attached mail follows:
Either exec(), system(), or one of the functions like them (check the manual) doesn't wait for anything to return- it just begins executing a new process and sends it on its way. Perhaps you could use this and just make whatever you want to do a seperate file?
On Monday 22 July 2002 15:09 pm, David Buerer wrote:
> Yes, that's exactly what I want to do. But HOW do I do it?
>
> i.e. I'm sitting in my accept connectinos loop in the chat daemon
>
> While(true)
> {
> //waitforenwconnection
> $new_connection_id=socket_accept();
>
> //got a new connection, go process it
> go_do_this_in_a_new_thread($new_connection_id);
> }
>
> What do I put in place of go_do_this_in_a_new_thread()????
>
> -----Original Message-----
> From: Demitrious S. Kelly [mailto:apokalyptikapokalyptik.com]
> Sent: Monday, July 22, 2002 3:01 PM
> To: 'David Buerer'; php-generallists.php.net
> Subject: RE: [PHP] Windows NT Server, FORK, SOCKETS, and seperate processes
>
>
> Yes. Write a daemon which listens on a socket and manages the
> communications it gets from the satellite scripts and works the database
> for them...
>
> The scripts send off data, and process replies. They don't do the heavy
> work...
>
> -----Original Message-----
> From: David Buerer [mailto:davidpladesigns.com]
> Sent: Monday, July 22, 2002 2:30 PM
> To: 'php-generallists.php.net'
> Subject: RE: [PHP] Windows NT Server, FORK, SOCKETS, and seperate processes
>
> How to I inovoke a new Thread from the middle of a PHP script?
>
> -----Original Message-----
> From: Paul Maine [mailto:pmaineaustin.rr.com]
> Sent: Monday, July 22, 2002 10:08 AM
> To: David Buerer; php-generallists.php.net
> Subject: RE: [PHP] Windows NT Server, FORK, SOCKETS, and seperate processes
>
>
> You can use threads with NT to accomplish what you are asking.
>
> -----Original Message-----
> From: David Buerer [mailto:davidpladesigns.com]
> Sent: Monday, July 22, 2002 11:29 AM
> To: 'php-generallists.php.net'
> Subject: [PHP] Windows NT Server, FORK, SOCKETS, and seperate processes
>
>
> I've got effectivly a glorified chat server which upon the arrival of a
> message thorugh a socket connection goes off and runs a bunch of database
> processed. My questions is this: How can I seperate the database
> processing into a seperate processor process? I really don't want the chat
> server to have to wait until after the database processing is done to go
> intercept and process another request--this just doesn't seem right. I
> want the chat server process to be able to deal with getting and receiving
> messages, and another process to deal with the database processing. That
> way if one of the processes get's slow, the other isn't affected. Something
> like the fork command would work really well, but fork doesn't exist in NT.
>
> Anyone have any ideas?
>
> I'm running Windows NT4.0 sp6a
> Apache Server 1.3.xx
> MySQL
> and of course, PHP 4.2.1
-- Man discovers truth by reason only, not by faith.Leo Nikolaevich Tolstoy
attached mail follows:
I thought about this and it's actually not such a bad idea. I struggle with it a little though because it seems like kind of a brute force method. I'll end up with an awful lot of PHP.EXE processes going at the same time. Although it would get the job done, I'm not certain that it's the right solution. I was hoping for something a little more elegant. I really like the pcntl_xxx() functions, but they are only available on UNIX platforms. And no, UNIX is not an option for this client...they are on Windows and that's where they're going to stay.
Anyone else have any other ideas?
-----Original Message-----
From: Evan Nemerson [mailto:evancoeus-group.com]
Sent: Monday, July 22, 2002 3:47 PM
To: David Buerer; php-generallists.php.net
Subject: Re: [PHP] Windows NT Server, FORK, SOCKETS, and seperate processe s
Either exec(), system(), or one of the functions like them (check the manual) doesn't wait for anything to return- it just begins executing a new process and sends it on its way. Perhaps you could use this and just make whatever you want to do a seperate file?
On Monday 22 July 2002 15:09 pm, David Buerer wrote:
> Yes, that's exactly what I want to do. But HOW do I do it?
>
> i.e. I'm sitting in my accept connectinos loop in the chat daemon
>
> While(true)
> {
> //waitforenwconnection
> $new_connection_id=socket_accept();
>
> //got a new connection, go process it
> go_do_this_in_a_new_thread($new_connection_id);
> }
>
> What do I put in place of go_do_this_in_a_new_thread()????
>
> -----Original Message-----
> From: Demitrious S. Kelly [mailto:apokalyptikapokalyptik.com]
> Sent: Monday, July 22, 2002 3:01 PM
> To: 'David Buerer'; php-generallists.php.net
> Subject: RE: [PHP] Windows NT Server, FORK, SOCKETS, and seperate
> processes
>
>
> Yes. Write a daemon which listens on a socket and manages the
> communications it gets from the satellite scripts and works the
> database for them...
>
> The scripts send off data, and process replies. They don't do the
> heavy work...
>
> -----Original Message-----
> From: David Buerer [mailto:davidpladesigns.com]
> Sent: Monday, July 22, 2002 2:30 PM
> To: 'php-generallists.php.net'
> Subject: RE: [PHP] Windows NT Server, FORK, SOCKETS, and seperate
> processes
>
> How to I inovoke a new Thread from the middle of a PHP script?
>
> -----Original Message-----
> From: Paul Maine [mailto:pmaineaustin.rr.com]
> Sent: Monday, July 22, 2002 10:08 AM
> To: David Buerer; php-generallists.php.net
> Subject: RE: [PHP] Windows NT Server, FORK, SOCKETS, and seperate
> processes
>
>
> You can use threads with NT to accomplish what you are asking.
>
> -----Original Message-----
> From: David Buerer [mailto:davidpladesigns.com]
> Sent: Monday, July 22, 2002 11:29 AM
> To: 'php-generallists.php.net'
> Subject: [PHP] Windows NT Server, FORK, SOCKETS, and seperate
> processes
>
>
> I've got effectivly a glorified chat server which upon the arrival of
> a message thorugh a socket connection goes off and runs a bunch of
> database processed. My questions is this: How can I seperate the
> database processing into a seperate processor process? I really don't
> want the chat server to have to wait until after the database
> processing is done to go intercept and process another request--this
> just doesn't seem right. I want the chat server process to be able to
> deal with getting and receiving messages, and another process to deal
> with the database processing. That way if one of the processes get's
> slow, the other isn't affected. Something like the fork command would
> work really well, but fork doesn't exist in NT.
>
> Anyone have any ideas?
>
> I'm running Windows NT4.0 sp6a
> Apache Server 1.3.xx
> MySQL
> and of course, PHP 4.2.1
-- Man discovers truth by reason only, not by faith.Leo Nikolaevich Tolstoy
attached mail follows:
That's basically what happens in forking and threading. More "PHP.EXE" processes appear, even on *nix.
----- Original Message -----
From: "David Buerer" <davidpladesigns.com>
To: "'Evan Nemerson'" <evancoeus-group.com>; <php-generallists.php.net>
Sent: Tuesday, July 23, 2002 6:35 AM
Subject: RE: [PHP] Windows NT Server, FORK, SOCKETS, and seperate processe s
> I thought about this and it's actually not such a bad idea. I struggle
with
> it a little though because it seems like kind of a brute force method.
I'll
> end up with an awful lot of PHP.EXE processes going at the same time.
> Although it would get the job done, I'm not certain that it's the right
> solution. I was hoping for something a little more elegant. I really like
> the pcntl_xxx() functions, but they are only available on UNIX platforms.
> And no, UNIX is not an option for this client...they are on Windows and
> that's where they're going to stay.
>
> Anyone else have any other ideas?
>
> -----Original Message-----
> From: Evan Nemerson [mailto:evancoeus-group.com]
> Sent: Monday, July 22, 2002 3:47 PM
> To: David Buerer; php-generallists.php.net
> Subject: Re: [PHP] Windows NT Server, FORK, SOCKETS, and seperate processe
s
>
>
> Either exec(), system(), or one of the functions like them (check the
> manual)
> doesn't wait for anything to return- it just begins executing a new
process
> and sends it on its way. Perhaps you could use this and just make whatever
> you want to do a seperate file?
>
>
>
> On Monday 22 July 2002 15:09 pm, David Buerer wrote:
> > Yes, that's exactly what I want to do. But HOW do I do it?
> >
> > i.e. I'm sitting in my accept connectinos loop in the chat daemon
> >
> > While(true)
> > {
> > //waitforenwconnection
> > $new_connection_id=socket_accept();
> >
> > //got a new connection, go process it
> > go_do_this_in_a_new_thread($new_connection_id);
> > }
> >
> > What do I put in place of go_do_this_in_a_new_thread()????
> >
> > -----Original Message-----
> > From: Demitrious S. Kelly [mailto:apokalyptikapokalyptik.com]
> > Sent: Monday, July 22, 2002 3:01 PM
> > To: 'David Buerer'; php-generallists.php.net
> > Subject: RE: [PHP] Windows NT Server, FORK, SOCKETS, and seperate
> > processes
> >
> >
> > Yes. Write a daemon which listens on a socket and manages the
> > communications it gets from the satellite scripts and works the
> > database for them...
> >
> > The scripts send off data, and process replies. They don't do the
> > heavy work...
> >
> > -----Original Message-----
> > From: David Buerer [mailto:davidpladesigns.com]
> > Sent: Monday, July 22, 2002 2:30 PM
> > To: 'php-generallists.php.net'
> > Subject: RE: [PHP] Windows NT Server, FORK, SOCKETS, and seperate
> > processes
> >
> > How to I inovoke a new Thread from the middle of a PHP script?
> >
> > -----Original Message-----
> > From: Paul Maine [mailto:pmaineaustin.rr.com]
> > Sent: Monday, July 22, 2002 10:08 AM
> > To: David Buerer; php-generallists.php.net
> > Subject: RE: [PHP] Windows NT Server, FORK, SOCKETS, and seperate
> > processes
> >
> >
> > You can use threads with NT to accomplish what you are asking.
> >
> > -----Original Message-----
> > From: David Buerer [mailto:davidpladesigns.com]
> > Sent: Monday, July 22, 2002 11:29 AM
> > To: 'php-generallists.php.net'
> > Subject: [PHP] Windows NT Server, FORK, SOCKETS, and seperate
> > processes
> >
> >
> > I've got effectivly a glorified chat server which upon the arrival of
> > a message thorugh a socket connection goes off and runs a bunch of
> > database processed. My questions is this: How can I seperate the
> > database processing into a seperate processor process? I really don't
> > want the chat server to have to wait until after the database
> > processing is done to go intercept and process another request--this
> > just doesn't seem right. I want the chat server process to be able to
> > deal with getting and receiving messages, and another process to deal
> > with the database processing. That way if one of the processes get's
> > slow, the other isn't affected. Something like the fork command would
> > work really well, but fork doesn't exist in NT.
> >
> > Anyone have any ideas?
> >
> > I'm running Windows NT4.0 sp6a
> > Apache Server 1.3.xx
> > MySQL
> > and of course, PHP 4.2.1
>
> --
> Man discovers truth by reason only, not by faith.
>
> Leo Nikolaevich Tolstoy
>
>
attached mail follows:
>Yes, that's exactly what I want to do. But HOW do I do it? > >i.e. I'm sitting in my accept connectinos loop in the chat daemon > >While(true) >{ > //waitforenwconnection > $new_connection_id=socket_accept(); > > //got a new connection, go process it > go_do_this_in_a_new_thread($new_connection_id); >} > >What do I put in place of go_do_this_in_a_new_thread()????
Use fsockopen() to "talk" to your *OTHER* PHP script waiting in a loop to do the *real* work.
IE, have a *second* PHP file that runs on yet another socket to do the work.
>
>-----Original Message-----
>From: Demitrious S. Kelly [mailto:apokalyptikapokalyptik.com]
>Sent: Monday, July 22, 2002 3:01 PM
>To: 'David Buerer'; php-generallists.php.net
>Subject: RE: [PHP] Windows NT Server, FORK, SOCKETS, and seperate processes
>
>
>Yes. Write a daemon which listens on a socket and manages the communications
>it gets from the satellite scripts and works the database for them...
>
>The scripts send off data, and process replies. They don't do the heavy
>work...
>
>-----Original Message-----
>From: David Buerer [mailto:davidpladesigns.com]
>Sent: Monday, July 22, 2002 2:30 PM
>To: 'php-generallists.php.net'
>Subject: RE: [PHP] Windows NT Server, FORK, SOCKETS, and seperate processes
>
>How to I inovoke a new Thread from the middle of a PHP script?
>
>-----Original Message-----
>From: Paul Maine [mailto:pmaineaustin.rr.com]
>Sent: Monday, July 22, 2002 10:08 AM
>To: David Buerer; php-generallists.php.net
>Subject: RE: [PHP] Windows NT Server, FORK, SOCKETS, and seperate processes
>
>
>You can use threads with NT to accomplish what you are asking.
>
>-----Original Message-----
>From: David Buerer [mailto:davidpladesigns.com]
>Sent: Monday, July 22, 2002 11:29 AM
>To: 'php-generallists.php.net'
>Subject: [PHP] Windows NT Server, FORK, SOCKETS, and seperate processes
>
>
>I've got effectivly a glorified chat server which upon the arrival of a
>message thorugh a socket connection goes off and runs a bunch of database
>processed. My questions is this: How can I seperate the database
>processing into a seperate processor process? I really don't want the chat
>server to have to wait until after the database processing is done to go
>intercept and process another request--this just doesn't seem right. I want
>the chat server process to be able to deal with getting and receiving
>messages, and another process to deal with the database processing. That way
>if one of the processes get's slow, the other isn't affected. Something like
>the fork command would work really well, but fork doesn't exist in NT.
>
>Anyone have any ideas?
>
>I'm running Windows NT4.0 sp6a
>Apache Server 1.3.xx
>MySQL
>and of course, PHP 4.2.1
>
>
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
What are some good e-commerce stores written out there for PHP and mySQL??
attached mail follows:
> -----Original Message-----
> From: Chris Edwards [mailto:chris.edwardsobinet.com]
> Sent: Monday, July 22, 2002 1:11 PM
> Subject: [PHP] stores / ecommerce
> What are some good e-commerce stores written out there for > PHP and mySQL??
http://marc.theaimsgroup.com/?l=php-general&m=101839857008918&w=2
attached mail follows:
>What are some good e-commerce stores written out there for PHP and mySQL??
I got tired of this question cropping up all the time, years and years ago.
Your answer lies here:
:-)
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
Hi, I have already php installed on linux running with mysql enabled. Now I wanted to read dbf files and I came to know that we need to install php with
**************************************************************************** ********** Installation In order to use these functions, you must compile PHP with the --enable-dbase option. **************************************************************************** **********
Does this means I have to uninstall my existing php and reinstall as above ?
Can I keep my existing setting and have dbf function install without reinstalling whole php?
Thanks
Vinod
-- Vinod Palan A Calypso Technology, Inc. Vinod_palan
attached mail follows:
> From: Vinod Palan [mailto:vinod_palancalypso-tech.com]
> Sent: Monday, July 22, 2002 1:41 PM
> Subject: [PHP] dbf Help
> I have already php installed on linux running with mysql enabled. > Now I wanted to read dbf files and I came to know that we > need to install > php with > > ************************************************************** > Installation > In order to use these functions, you must compile PHP with > the --enable-dbase option. > ************************************************************** > Does this means I have to uninstall my existing php and > reinstall as above ? > > Can I keep my existing setting and have dbf function install without > reinstalling whole php?
Your previous compile options are in config.nice so you can simply: ./config.nice --enable-dbase-functions make stop apache make install start apache
attached mail follows:
I am trying to execute a Script running a telnet command testing through a range of IP connections... Here goes:
<? $str = "123.456.789."; $count = 0;
while ($count < 999){ $runTheScriptCommand... } ?>
What I want to stick into the while loop is if connection was successful, break... Is there a way I can check whether telnet connection was successful on each step through the loop or do I have to restructure my program and try connecting to a port via fsockopen... By the way does anyone know what port number telnet connects to...
Spike...
attached mail follows:
>I am trying to execute a Script running a telnet command >testing through a range of IP connections... >Here goes: > ><? > $str = "123.456.789."; > $count = 0; > > while ($count < 999){ > $runTheScriptCommand... > } >?> > >What I want to stick into the while loop is if connection >was successful, break... Is there a way I can check whether >telnet connection was successful on each step through the >loop or do I have to restructure my program and try >connecting to a port via fsockopen... By the way >does anyone know what port number telnet connects to...
You should be able to capture the output of http://php.net/exec or http://php.net/popen and do whatever you want with it.
fsockopen will, however, almost certainly be faster/better if you have to do a lot of these.
I think telnet is port 22, usually... Or maybe 23. SSH is the other one of those, and I always forget.
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
The correct path for the windows binary version is http://www.php.net/do_download.php?download_file=php-4.2.2-Win32.zip
/lasso (lassolassoweb.nu)
Rouvas Stathis wrote: > Hi all, > > Just wanting to notify everyone that > the link for the PHP.4.2.2 download is broken. > > -Stathis. > >
attached mail follows:
[delete some flaming....]
Hehe, and I thought I had to go to USENET to see a flamewar. This is great, a flamewar delivered directly to my mailbox, it doesn't get better.......
Let me put my $0.02 in. Security holes happen, no matter what software you use. PHP and open source in general, unlike M$, does not have a new vius of the week, or security hole of the month. Their recent couple of announcements is bad luck, not bad design/development and I still happily stand by the PHP guys. I think PHP users should also be grateful that the PHP guys have said there is a need to upgrade to fix this hole, rahter than just put out a new release and hope most people see it and think "great, a new version, I will upgrade".
As for the the implied terrible difficulty of upgrading, on my Linux systems it was tragically complicated - I chose to patch my 4.2.1 source, then recompile, install and restart apache:
patch -p0 < php-4.2.1-to-4.2.2.patch cd php-4.2.1 ./configure --with-mysql --with-apxs=/usr/local/apache/bin/apxs --with-ldap make make install /usr/local/apache/bin/apachectl restart
Yes, with a script like this, it is terribly complicated. This whole process took less than 5 minutes. I had to do it on three machines, and there were no problems to be seen.
If you are going to wine about having to upgrade software because of security holes, get off the net, it would be easier and take much less precious time.
That's my $0.02 (or in my case 0.02 Euro). Now I will go back to trying to work out my ldap problems.
Ian
attached mail follows:
Any real programmer should know that almost nothing is bug free, even if you test it beyond your imagination. Something is always going to elude you and be found by someone experimenting down the road.
For the widespread use of PHP, I'm rather impressed by the small amount of vunerabilities discovered in PHP so far.
Some humans are just never ever satisfied...
-------------- Adam Alkins http://www.rasadam.com --------------
attached mail follows:
Hi, tried this on mysql list, no luck:
I want to be able to view a single log that contains the following:
IP of user : page_name (PHP only): time/date: MySQL query ( 'select * from xxx' etc.) : error msg from mysql/php if any
So it's almost a hybrid between apache and mysql with some extra's
I'm sure you all should see the benifit of this in troubleshooting and specially keeping track of who does what when it comes to PHP coding on ones server, specially with crappy code that kills the server.
Is something like this possible, already there?
PS, Running RedHat 7.0 with PHP4 and mysql 3.23.x
Ta
attached mail follows:
The easiest way to do this would be to write a wrapper function to mysql_query() that does the writing to the log file and also executes the query and returns the result set.
function my_mysql_query($query) { //assuming file would already be open... global $fp;
$return = mysql_query($query); $error = mysql_error();
fwrite($fp,"info you want to save");
return $return; }
Can be improved upon many many ways I'm sure...just an idea.
---John Holmes...
----- Original Message -----
From: "PHPCoder" <internetvsa.co.za>
To: "php-general" <php-generallists.php.net>
Sent: Monday, July 22, 2002 2:30 PM
Subject: [PHP] MySQL - PHP combined log
> Hi, tried this on mysql list, no luck: > > I want to be able to view a single log that contains the following: > > IP of user : page_name (PHP only): time/date: MySQL query ( 'select * > from xxx' etc.) : error msg from mysql/php if any > > So it's almost a hybrid between apache and mysql with some extra's > > I'm sure you all should see the benifit of this in troubleshooting and > specially keeping track of who does what when it comes to PHP coding on > ones server, specially with crappy code that kills the server. > > Is something like this possible, already there? > > PS, Running RedHat 7.0 with PHP4 and mysql 3.23.x > > Ta > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
attached mail follows:
Or you can use the error_log functions within your function, instead of fopen/fwrite/fclose.
---John Holmes...
> The easiest way to do this would be to write a wrapper function to
> mysql_query() that does the writing to the log file and also executes the
> query and returns the result set.
>
> function my_mysql_query($query)
> {
> //assuming file would already be open...
> global $fp;
>
> $return = mysql_query($query);
> $error = mysql_error();
>
> fwrite($fp,"info you want to save");
>
> return $return;
> }
>
> Can be improved upon many many ways I'm sure...just an idea.
>
> ---John Holmes...
>
> ----- Original Message -----
> From: "PHPCoder" <internetvsa.co.za>
> To: "php-general" <php-generallists.php.net>
> Sent: Monday, July 22, 2002 2:30 PM
> Subject: [PHP] MySQL - PHP combined log
>
>
> > Hi, tried this on mysql list, no luck:
> >
> > I want to be able to view a single log that contains the following:
> >
> > IP of user : page_name (PHP only): time/date: MySQL query ( 'select *
> > from xxx' etc.) : error msg from mysql/php if any
> >
> > So it's almost a hybrid between apache and mysql with some extra's
> >
> > I'm sure you all should see the benifit of this in troubleshooting and
> > specially keeping track of who does what when it comes to PHP coding on
> > ones server, specially with crappy code that kills the server.
> >
> > Is something like this possible, already there?
> >
> > PS, Running RedHat 7.0 with PHP4 and mysql 3.23.x
> >
> > Ta
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
attached mail follows:
>Hi, tried this on mysql list, no luck: > >I want to be able to view a single log that contains the following: > >IP of user : page_name (PHP only): time/date: MySQL query ( 'select * >from xxx' etc.) : error msg from mysql/php if any > >So it's almost a hybrid between apache and mysql with some extra's > >I'm sure you all should see the benifit of this in troubleshooting and >specially keeping track of who does what when it comes to PHP coding on >ones server, specially with crappy code that kills the server. > >Is something like this possible, already there? > >PS, Running RedHat 7.0 with PHP4 and mysql 3.23.x
if you can get everybody to use your own function to query the database.
Or, you could use http://php.net/set_error_handler and http://php.net/trigger_error and catch all errors thrown by all PHP code.
Actually, to get the PHP page name and line number, set_error_handler is probably your best bet.
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
Hello folks,
I'm wondering if anyone has experienced this before. I'm trying to get sessions working for a small utility site I've developed. I'm using PHP Vers 4.0.2 (I know its an oldie but I don't know how to update it without crashing my entire server) on a Cobalt RAQ3 (RedHat Linux).
The url (if you're curious) is http://www.amazon-networks.com/bms
The steps:
1. Someone goes to the homepage selects a name from the drop-down and hits 'Submit'.
2. The form on the homepage calls my main script (decide.php).
3. The decide.php script generates an instructions page and places the person's $name and $department on the generated page (This Works).
4. Once the person reads the instructions they are told to hit the 'Proceed' button and when they click 'Proceed,'this action (again) calls the decide.php page (the very same script that created this page).
5. What happens next is another page is created by the decide.php script and displayed but the $name and $department fields have now lost their value (even though they worked in Step #3 above).
If this is confusing you can see how it works at:
http://www.amazon-networks.com/bms
Below is how the decide.php script registers the variables.
<? session_start();
// Below I'm setting up the Date and Expiration variables. // Below I'm setting up the Date and Expiration variables. // Below I'm setting up the Date and Expiration variables.
$expire = date("D, d M Y", mktime(0,0,0,date("n"),date("d")+14,date("Y"))); $date = date("D, d M Y", mktime(0,0,0,date("n"),date("d"),date("Y"))); header ("Expires: ".$expire." 05:00:00 GMT"); //header ("Expires: Mon, 26 Jul 2010 05:00:00 GMT");
// Below I'm registering all of the varibles that I will use for this application. // Below I'm registering all of the varibles that I will use for this application. // Below I'm registering all of the varibles that I will use for this application.
if (!$phpsessid) { session_register("$employee"); session_register("$employee_f_name"); session_register("$employee_l_name"); session_register("$employee_full_name"); session_register("$department"); session_register("$date"); session_register("$expire");
session_register("$col1"); session_register("$col2"); session_register("$col3"); session_register("$col4"); session_register("$col5"); session_register("$col6");
session_register("$row1"); session_register("$row2"); session_register("$row3"); session_register("$row4"); session_register("$row5"); session_register("$row6");
session_register("$row_1_title"); session_register("$row_2_title"); session_register("$row_3_title"); session_register("$row_4_title"); session_register("$row_5_title"); session_register("$row_6_title");
session_register("$where_from");
}
?>
Any suggestions anyone can offer will be greatly appreciated.
Thank You,
Mario A. Salinas
attached mail follows:
> session_register("$employee"); > session_register("$employee_f_name"); > session_register("$employee_l_name"); > session_register("$employee_full_name"); > session_register("$department"); > session_register("$date"); > session_register("$expire");
Try removing the "$" from each session_register call:
example: session_register("employee");
Hope this helps! -Mark
::::::::::::::::::::::::: Whirled Web Everybody needs a geek...
attached mail follows:
>Below is how the decide.php script registers the variables. > ><? >session_start(); > > >if (!$phpsessid) > { > session_register("$employee");
session_register('employee');
Right now, you're registering the variable named something like 'Bill Jones' which isn't even a legal variable name.
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
HI,
Not being an expert in php..i couldnt understand the vulnerability. Can someone shed some light here.
Regards
anil
----- Original Message -----
From: "Marko Karppinen" <markonenphp.net>
To: <php-generallists.php.net>; "PHP-DEV" <php-devlists.php.net>;
<php-announcelists.php.net>
Sent: Monday, July 22, 2002 9:49 AM
Subject: [ANNOUNCE] PHP Security Advisory: Vulnerability in PHP versions
4.2.0 and4.2.1
> > PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 > > > Issued on: July 22, 2002 > Software: PHP versions 4.2.0 and 4.2.1 > Platforms: All > > > The PHP Group has learned of a serious security vulnerability in PHP > versions 4.2.0 and 4.2.1. An intruder may be able to execute arbitrary > code with the privileges of the web server. This vulnerability may be > exploited to compromise the web server and, under certain conditions, > to gain privileged access. > > > Description > > PHP contains code for intelligently parsing the headers of HTTP POST > requests. The code is used to differentiate between variables and files > sent by the user agent in a "multipart/form-data" request. This parser > has insufficient input checking, leading to the vulnerability. > > The vulnerability is exploitable by anyone who can send HTTP POST > requests to an affected web server. Both local and remote users, even > from behind firewalls, may be able to gain privileged access. > > > Impact > > Both local and remote users may exploit this vulnerability to compromise > the web server and, under certain conditions, to gain privileged access. > So far only the IA32 platform has been verified to be safe from the > execution of arbitrary code. The vulnerability can still be used on IA32 > to crash PHP and, in most cases, the web server. > > > Solution > > The PHP Group has released a new PHP version, 4.2.2, which incorporates > a fix for the vulnerability. All users of affected PHP versions are > encouraged to upgrade to this latest version. The downloads web site at > > http://www.php.net/downloads.php > > has the new 4.2.2 source tarballs, Windows binaries and source patches > from 4.2.0 and 4.2.1 available for download. > > > Workaround > > If the PHP applications on an affected web server do not rely on HTTP > POST input from user agents, it is often possible to deny POST requests > on the web server. > > In the Apache web server, for example, this is possible with the > following code included in the main configuration file or a top-level > .htaccess file: > > <Limit POST> > Order deny,allow > Deny from all > </Limit> > > Note that an existing configuration and/or .htaccess file may have > parameters contradicting the example given above. > > > Credits > > The PHP Group would like to thank Stefan Esser of e-matters GmbH for > discovering this vulnerability. > > > Copyright (c) 2002 The PHP Group. > > > > -- > PHP Announcements Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
attached mail follows:
>Not being an expert in php..i couldnt understand the vulnerability. >Can someone shed some light here.
Very short explanation:
Upgrade. Now!
Longer one:
If your web-site has *ANY* FORM tags on it, and you have PHP ready-and-waiting to process those FORMs, then somebody could manage to create a really icky FORM page and POST to your site and break in.
Actually, even if you do *NOT* have the FORM tags, but you're "allowing" them in httpd.conf, and PHP is there, they could break in.
Presumably the precise details of what you'd have to slam into the FORM to break in are simply too complex to fit into an Announcement of this nature. I imagine the Details could be dug out of Bugtrak and/or wherever the bug was first announced/discussed. Presumably PHP-Dev and e-matters would be good places to start digging for gory details.
If Upgrading is impossible, *AND* you don't use FORMs with PHP in the first place (highly unlikely) than you could just "turn off" POST (forms) in your httpd.conf and nobody will be allowed to POST (send a form) anything to your web-site, and then PHP won't ever see the data, since Apache stopped them, and the bug wouldn't kick in.
Upgrade. Now!
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
getservbyname takes in the following arguments:
getservbyname(string service, string protocol);
is the parameter service similar to those diefined under unix's /etc/services file or is there something else to it?
Thanks in advance...
attached mail follows:
>getservbyname takes in the following arguments: > >getservbyname(string service, string protocol); > >is the parameter service similar to those diefined under >unix's /etc/services file or is there something else >to it?
Just based on the docs, I'd have to say you simply have to have a "match" for what's in /etc/services
Of course, if you're on Windows, only God knows what's going to happen with this one...
Try it and see.
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
In article <20020722190354.13000.qmailpb1.pair.com>, kondwanics.mun.ca
says...
> getservbyname takes in the following arguments:
>
> getservbyname(string service, string protocol);
>
> is the parameter service similar to those diefined under
> unix's /etc/services file or is there something else
> to it?
>
> Thanks in advance...
>
>
>
From the docs:
getservbyname() returns the Internet port which corresponds to service for the specified protocol as per /etc/services. protocol is either "tcp" or "udp" (in lowercase).
Cheers
-- David Robley Temporary Kiwi!Quod subigo farinam
attached mail follows:
"Tom Rogers" <trogerskwikin.com> wrote in message
news:16878540805.20020722210409kwikin.com...
> Hello Nick,
>
> Monday, July 22, 2002, 8:47:39 PM, you wrote:
>
> N> i get php to allocate a colour then make it transparent using
> N> imagecolortransparent()
>
> N> instead of turning it transparent it becomes black.
>
> N> Is it something i'm doing wrong? can anyone help me?
>
> N> thanx in advance
>
> Post a bit of the code so we can see what you are doing
>
> --
> Tom
>
$im = imagecreate($size, 21);
$bgcolour = imagecolorallocate($im,hexdec(substr($table[bg],0,2)),hexdec(substr($table[b g],2,2)),hexdec(substr($table[bg],4,2))); $fontcolour = imagecolorallocate($im,hexdec(substr($table[fg],0,2)),hexdec(substr($table[f g],2,2)),hexdec(substr($table[fg],4,2)));
if ($table[bg] == "no") { $trans = imagecolortransparent ($im,$bgcolour); }
attached mail follows:
>i get php to allocate a colour then make it transparent using >imagecolortransparent() > >instead of turning it transparent it becomes black. > >Is it something i'm doing wrong? can anyone help me?
Show us your code.
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
Hi,
I have been running 4.1.2 for a while with no problems. This morning, I downloaded 4.2.2, did a configure/make/make install. All seemed to have gone well. However, it broke all my sites that use PHP. Here is a description of how it appeared to be broken. This is just an example, as I dont really own fakename.com.
User goes to http://www.fakename.com/index.php
User clicks on "help" and gets the main index page instead of the help page.
The URL for help is.. http://www.fakename.com/index.php?target=help
It is like PHP gets passed variables and "forgets" them immediately.
What do I need to do? I reinstalled 4.1.2 and things are working again. Naturally, I would like to safely upgrade to 4.2.2.
Thanks in advance for any help out there. I am at a loss for ideas on solving this myself.
Kris
attached mail follows:
Upgrade and turn on register_globals in php.ini.
---John Holmes...
----- Original Message -----
From: "Kristopher Yates" <kris2binteractive.com>
To: "php-general" <php-generallists.php.net>
Sent: Monday, July 22, 2002 3:51 PM
Subject: [PHP] upgrade 4.1.2 to 4.2.2 (passing vars problem with 4.2.2)
> Hi, > > I have been running 4.1.2 for a while with no problems. This morning, I > downloaded 4.2.2, did a configure/make/make install. All seemed to have > gone well. However, it broke all my sites that use PHP. Here is a > description of how it appeared to be broken. This is just an example, > as I dont really own fakename.com. > > User goes to http://www.fakename.com/index.php > > User clicks on "help" and gets the main index page instead of the help > page. > > The URL for help is.. http://www.fakename.com/index.php?target=help > > It is like PHP gets passed variables and "forgets" them immediately. > > What do I need to do? I reinstalled 4.1.2 and things are working again. > Naturally, I would like to safely upgrade to 4.2.2. > > Thanks in advance for any help out there. I am at a loss for ideas on > solving this myself. > > Kris > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
attached mail follows:
You *did* read the notice that came up at the end of your 'configure' run, right? (Specifically the part that said "*** NOTE *** The default for register_globals is now off. If your application relies on register_globals being ON, you should explicitly set it to on in your php.ini file. Note that you are strongly encouraged to read http://www.php.net/manual/en/security.registerglobals.php about the implications of having register_globals set to on, and avoid using it if possible.")
For more info, see the above link, or the "External Variables" section of the 4.2.1 release notes at http://www.php.net/release_4_2_1.php, or the manual section on predefined variables at http://www.php.net/manual/en/language.variables.predefined.php
--- Mark Roedel | "Blessed is he who has learned to laugh Systems Programmer | at himself, for he shall never cease LeTourneau University | to be entertained." Longview, Texas, USA | -- John Powell> -----Original Message----- > From: Kristopher Yates [mailto:kris
attached mail follows:
I notice the INSTALL file in 4.2.2 mentions that people "should write their scripts to work with this [register_globals] turned off". Based on what I've mentioned below, what can I do to conform to this statement made by the PHP authors? From what I know about programming, I am setting globals where appropriate already.. but apparently I am incorrect, since upgrading to 4.2.2 broke all my stuff unless I turn [register_globals] on. Any suggestions?
Thanks for your reply,
Kris
1LT John W. Holmes wrote:
>Upgrade and turn on register_globals in php.ini.
>
>---John Holmes...
>
>----- Original Message -----
>From: "Kristopher Yates" <kris2binteractive.com>
>To: "php-general" <php-generallists.php.net>
>Sent: Monday, July 22, 2002 3:51 PM
>Subject: [PHP] upgrade 4.1.2 to 4.2.2 (passing vars problem with 4.2.2)
>
>
>
>
>>Hi,
>>
>>I have been running 4.1.2 for a while with no problems. This morning, I
>>downloaded 4.2.2, did a configure/make/make install. All seemed to have
>>gone well. However, it broke all my sites that use PHP. Here is a
>>description of how it appeared to be broken. This is just an example,
>>as I dont really own fakename.com.
>>
>>User goes to http://www.fakename.com/index.php
>>
>>User clicks on "help" and gets the main index page instead of the help
>>page.
>>
>>The URL for help is.. http://www.fakename.com/index.php?target=help
>>
>>It is like PHP gets passed variables and "forgets" them immediately.
>>
>>What do I need to do? I reinstalled 4.1.2 and things are working again.
>>Naturally, I would like to safely upgrade to 4.2.2.
>>
>>Thanks in advance for any help out there. I am at a loss for ideas on
>>solving this myself.
>>
>>Kris
>>
>>
>>--
>>PHP General Mailing List (http://www.php.net/)
>>To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>>
>
>
>
>
>
attached mail follows:
> I notice the INSTALL file in 4.2.2 mentions that people "should write > their scripts to work with this [register_globals] turned off". Based > on what I've mentioned below, what can I do to conform to this statement > made by the PHP authors? From what I know about programming, I am > setting globals where appropriate already.. but apparently I am > incorrect, since upgrading to 4.2.2 broke all my stuff unless I turn > [register_globals] on. Any suggestions?
Keeping register_globals OFF simply gives you the opportunity to make less mistakes in your code. When you have a link like http://www.example.com/page.php?ID=1, reg_globals ON will create a variable $ID that you can use in your script. The problem is, you don't know if it came from the URL, a POSTed form, a COOKIE, or what. The second problem is that if I use the variable $blah somewhere in my script, a malicious user could pass a value of $blah through the URL, POST, or COOKIE, and create problems in my code.
With reg_globals OFF, you have to access the variables in the $_GET, $_POST, $_COOKIE, etc, arrays. $_GET['ID'] for the example above, tells you for sure that the value came from the URL. Also, if I make a variable $blah somewhere in my script, I know that the user can't affect it's value at all, even by passing ?blah=foo in the URL.
So basically you should begin using the superglobal arrays $_GET, $_POST, $_COOKIE, $_ENV, $_SERVER, and $_SESSION in your scripts...
HTH!
---John Holmes...
attached mail follows:
If you need register globals on for your old stuff, but want to write better new code, you can just use <?php ini_set(register_globals, 0); ?> in your new stuff.
If you are trying to turn register_globals off for the whole system, make sure you're changing the right php.ini. phpinfo(); will give you the location where PHP looks for your php.ini. If you run the command line version (command line and apache module), just run
$ php -r 'phpinfo();' | grep 'php.ini'
from the command line
-Evan
-- What you cannot enforce, do not command.Sophocles
attached mail follows:
Evan Nemerson wrote: > > If you need register globals on for your old stuff, but want to write better > new code, you can just use <?php ini_set(register_globals, 0); ?> in your new > stuff.
You can't do this in a php file... by the time it gets to this line, it's too late.
According to the set_ini function on php.net, register_globals is only set-able in the ini file or in .htaccess.
P.
attached mail follows:
>Hi, > >I have been running 4.1.2 for a while with no problems. This morning, I >downloaded 4.2.2, did a configure/make/make install. All seemed to have >gone well. However, it broke all my sites that use PHP. Here is a >description of how it appeared to be broken. This is just an example, >as I dont really own fakename.com. > >User goes to http://www.fakename.com/index.php > >User clicks on "help" and gets the main index page instead of the help >page. > >The URL for help is.. http://www.fakename.com/index.php?target=help > >It is like PHP gets passed variables and "forgets" them immediately. > >What do I need to do? I reinstalled 4.1.2 and things are working again. >Naturally, I would like to safely upgrade to 4.2.2. > >Thanks in advance for any help out there. I am at a loss for ideas on >solving this myself.
Read the php.ini file and register_globals section.
Or the two million posts to this and every other PHP forum about register_globals
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
I have never had a clear understanding about what this does, the php.ini
has an explanation but being newer to PHP I don't understand it very
well. Could someone prodive a human explanation about what
register_globals does and why it is so important?
Matt Babineau
MCWD / CCFD
-----------------------------------------
e: <mailto:mattcriticalcode.com> mattcriticalcode.com
p: 603.943.4237
w: <http://www.criticalcode.com/> http://www.criticalcode.com
PO BOX 601
Manchester, NH 03105
attached mail follows:
> From: Matt Babineau [mailto:mattcriticalcode.com]
> Sent: Monday, July 22, 2002 3:59 PM
> Subject: [PHP] What does register_globals do?
>
> I have never had a clear understanding about what this does,
> the php.ini
> has an explanation but being newer to PHP I don't understand it very
> well. Could someone prodive a human explanation about what
> register_globals does and why it is so important?
Register globals makes it *really* easy to code in php. It's what takes the uri or posted form data, and turns them into global variables in your script.
So if a url looked like: http://www.fakename.com/index.php?target=help
and with register-globals on, php will create a variable, $target, which has the value 'help' in it. It's very useful and friendly but, if you don't initialize your variables then some non-so-nice person could initialize them for you by passing them on the uri/post/cookie/etc so that your code no longer works as expected. You're safe with it on if you always initialize variables, and set error_reporting to E_ALL while testing so you catch any you might otherwise miss.
If you leave it off, you need to use the associative arrays $_POST, $_GET etc. The above example would be $_GET['target'].
attached mail follows:
My way of thinking about is:
With register_globals ON, all variables defined are available anywhere in the script (with the exception of functions and classes, unless defined otherwise), whereas with register_globals OFF, they are only available through the superglobals for the respective variable types.
I'm sure there's a much better way to explain it, but it works for me :o)
Martin Clifford Homepage: http://www.completesource.net Developer's Forums: http://www.completesource.net/forums/
>>> "Matt Babineau" <mattcriticalcode.com> 07/22/02 03:59PM >>>
I have never had a clear understanding about what this does, the php.ini
has an explanation but being newer to PHP I don't understand it very
well. Could someone prodive a human explanation about what
register_globals does and why it is so important?
Matt Babineau
MCWD / CCFD
-----------------------------------------
e: <mailto:mattcriticalcode.com> mattcriticalcode.com
p: 603.943.4237
w: <http://www.criticalcode.com/> http://www.criticalcode.com
PO BOX 601
Manchester, NH 03105
attached mail follows:
> From: Martin Clifford [mailto:MLC1nrc.gov]
> Sent: Monday, July 22, 2002 4:21 PM
> Subject: Re: [PHP] What does register_globals do?
> My way of thinking about is:
>
> With register_globals ON, all variables defined are available
> anywhere in the script (with the exception of functions and
> classes, unless defined otherwise), whereas with
> register_globals OFF, they are only available through the
> superglobals for the respective variable types.
That's not quite right. Php's variable scoping is different than most langauges. Variables inside a function are always local, even with register_globals on (this has something to do with Rasmus' life experiences at IBM). So you would need to use global on a variable inside a function (unless it's passed in) and except for the 'magic' global arrays, $_POST, $_GET, $_COOKIE, $_SERVER, etc
------- register_globals on ---------- http://localhost/index.php?target=help
<?php
function echo_out() { global $target; echo "$target<br>"; }
echo_out(); ?>
------- register_globals off ---------- http://localhost/index.php?target=help
<?php
function echo_out() { echo "{$_GET['target']}<br>"; }
echo_out(); ?>
attached mail follows:
"unless defined otherwise" was what I said. When I said that, I simply meant that you declare the variables as global within the function and/or class.
Martin Clifford Homepage: http://www.completesource.net Developer's Forums: http://www.completesource.net/forums/
>>> Matt Schroebel <MSchroebelhsus.org> 07/22/02 04:41PM >>>
> From: Martin Clifford [mailto:MLC1nrc.gov]
> Sent: Monday, July 22, 2002 4:21 PM
> Subject: Re: [PHP] What does register_globals do?
> My way of thinking about is:
>
> With register_globals ON, all variables defined are available
> anywhere in the script (with the exception of functions and
> classes, unless defined otherwise), whereas with
> register_globals OFF, they are only available through the
> superglobals for the respective variable types.
That's not quite right. Php's variable scoping is different than most langauges. Variables inside a function are always local, even with register_globals on (this has something to do with Rasmus' life experiences at IBM). So you would need to use global on a variable inside a function (unless it's passed in) and except for the 'magic' global arrays, $_POST, $_GET, $_COOKIE, $_SERVER, etc
------- register_globals on ---------- http://localhost/index.php?target=help
<?php
function echo_out() { global $target; echo "$target<br>"; }
echo_out(); ?>
------- register_globals off ---------- http://localhost/index.php?target=help
<?php
function echo_out() { echo "{$_GET['target']}<br>"; }
echo_out(); ?>
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
To those of you reading this,
I'd like to submit the following patch for testing by the general public. It should add a few bug fixes to the IMAP quota system, and some new features. Unfortunately I cannot test this out, as my local machine cannot build cclient (for some unknown reason), and the IMAP server I have access to does not have quota capabilities turned on.
First off this should fix a bug in the imap_get_quota, where only the last values are consider for the usage and limit. It will now return an array of arrays that looks like so:
[NAME] => usage => limit [NAME2] => usage => limit ... etc ...
The rest of this function works exactly the same as manual page describes.
Secondly this should add the functionality of imap_get_quotaroot to PHP. As I haven't been able to get a result back, I'm not sure if the return array looks decent or not. But this should work fairly similiar to imap_get_quota, only there is no need to be the mailadmin user to view quota settings.
If those of you using IMAP can test these functions out and tell me how they work, I would appriciate it. Or if you can give me access to an IMAP server with quota services, that would be just as good.
This patch was made against 4.2.1, but there is no reason it shouldn't work against 4.2.2. Thanks for your time, and please cc me in any comments, I'm not subsribed to the list.
>---------------------------------------------------------------<
Dan Kalowsky "A little less conversation,
http://www.deadmime.org/~dank a little more action."
danknospam-deadmime.org - "A Little Less Conversation",
kalowskynospam-php.net Elvis Presley
attached mail follows:
Hi ...
I want to be warned about php security issues, I couldn't find an exact match in the mailing list names ... which one do you recommend me?
Thanks in advance.
saludos dario estepario ...
attached mail follows:
php-announce sends out notices.
On Monday 22 July 2002 16:07 pm, Dario Bahena Tapia wrote: > Hi ... > > I want to be warned about php security issues, I couldn't find > an exact match in the mailing list names ... which one do you > recommend me? > > Thanks in advance. > > saludos > dario estepario ...
-- Knowledge is power. Information is liberating. Education is the premise of progress, in every society, in every family.Kofi Annan
attached mail follows:
Some of the time.
Release announcments have been skipped a few times, but you'll notice people asking on every other list about what the changes are.
----- Original Message -----
From: "Evan Nemerson" <evancoeus-group.com>
To: "Dario Bahena Tapia" <dariociencias.unam.mx>;
<php-generallists.php.net>
Sent: Monday, July 22, 2002 9:19 AM
Subject: Re: [PHP] php security mailing list ...
> php-announce sends out notices. > > > > On Monday 22 July 2002 16:07 pm, Dario Bahena Tapia wrote: > > Hi ... > > > > I want to be warned about php security issues, I couldn't find > > an exact match in the mailing list names ... which one do you > > recommend me? > > > > Thanks in advance. > > > > saludos > > dario estepario ... > > -- > Knowledge is power. Information is liberating. Education is the premise of > progress, in every society, in every family. > > Kofi Annan > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
attached mail follows:
Well, you could always try bugtraq- i got an eMail there three hours before php-announce- although i slept through both and read them within about two mins. of one another...
On Monday 22 July 2002 15:55 pm, Jason Reid wrote:
> Some of the time.
>
> Release announcments have been skipped a few times, but you'll notice
> people asking on every other list about what the changes are.
>
> ----- Original Message -----
> From: "Evan Nemerson" <evancoeus-group.com>
> To: "Dario Bahena Tapia" <dariociencias.unam.mx>;
> <php-generallists.php.net>
> Sent: Monday, July 22, 2002 9:19 AM
> Subject: Re: [PHP] php security mailing list ...
>
> > php-announce sends out notices.
> >
> > On Monday 22 July 2002 16:07 pm, Dario Bahena Tapia wrote:
> > > Hi ...
> > >
> > > I want to be warned about php security issues, I couldn't find
> > > an exact match in the mailing list names ... which one do you
> > > recommend me?
> > >
> > > Thanks in advance.
> > >
> > > saludos
> > > dario estepario ...
> >
> > --
> > Knowledge is power. Information is liberating. Education is the premise
> > of progress, in every society, in every family.
> >
> > Kofi Annan
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
-- Take from the church the miraculous, the supernatural, the incomprehensible, the unreasonable, the impossible, the unknowable, the absurd, and nothing but a vacuum remains.Robert G. Ingersoll
attached mail follows:
>Hi ... > >I want to be warned about php security issues, I couldn't find >an exact match in the mailing list names ... which one do you >recommend me?
I believe that the Announce list would have any critical security warnings sent to it.
It's also very low-volume.
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
Tried to check the archive, but it is offline...
What does the "," and "{}" do in this type of statement?
Example: echo "<tr><td>{$strName}</td></tr>", htmlspecialchars( $teststr );
Thanks,
.: B i g D o g :.
attached mail follows:
The comma just concatenates the two. The brackets don't seem to do much of anything...
echo "<tr><td>$strName</td></tr>".htmlspecialchars( $teststr );
seems to be the same...
PS sorry to everyone who got an eMail with a screwed up time- I forgot to fix the clock after i re-installed winblows (dual-boot)
-- If you pick up a starving dog and make him prosperous, he will not bite you; that is the principal difference between a dog and a man.Samuel Clemens
attached mail follows:
Curly braces {} are sometimes required for PHP to properly parse variables within quoted strings. Good example might be defining variable-variables within a quoted string "${$myvarvar}". However I do not believe that curly braces are required in this particular string.
As for the comma I believe it does the same thing as the period. It will concatonate the quoted string with the output of the htmlspecialchars() function within the echo statement.
-Kevin
----- Original Message -----
From: "B i g D o g" <bigdogventicon.com>
To: "PHP GEN" <php-generallists.php.net>
Sent: Monday, July 22, 2002 4:34 PM
Subject: [PHP] Comma question
> Tried to check the archive, but it is offline... > > > What does the "," and "{}" do in this type of statement? > > Example: echo "<tr><td>{$strName}</td></tr>", htmlspecialchars( $teststr ); > > Thanks, > > > .: B i g D o g :. > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
attached mail follows:
>>>>> "B" == B I G D O G <bigdogventicon.com> writes:
B> Tried to check the archive, but it is offline... What does the B> "," and "{}" do in this type of statement?
B> Example: echo "<tr><td>{$strName}</td></tr>", htmlspecialchars(
in this case, the {}s don't really do anything; but {}s allow variables like this
echo "<tr><td>{$obj->strName[$i]}</td></tr>";
and so forth.
-- When the birdcage is open, | donate to causes I care about: the selfish bird flies away, | http://svcs.affero.net/rm.php?r=leed_25 but the virtuous one stays. |
attached mail follows:
I think someone working on learning php after learning C was a little too printf() happy :)
-----Original Message-----
From: B i g D o g [mailto:bigdogventicon.com]
Sent: Monday, July 22, 2002 3:34 PM
To: PHP GEN
Subject: [PHP] Comma question
Tried to check the archive, but it is offline...
What does the "," and "{}" do in this type of statement?
Example: echo "<tr><td>{$strName}</td></tr>", htmlspecialchars( $teststr );
Thanks,
.: B i g D o g :.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
Thanks all for the info...
I figured that the comma was to concatenate but is was wondering if the parser handled it different.
I knew the {} helped the parser now which was the variable...but i have never seen it like that...
I have only seen it like ${var}...
Just wondering the difference...
.: B i g D o G :.
----- Original Message -----
From: "Kevin Stone" <kevinhelpelf.com>
To: "B i g D o g" <bigdogventicon.com>; "PHP GEN"
<php-generallists.php.net>
Sent: Monday, July 22, 2002 5:00 PM
Subject: Re: [PHP] Comma question
> Curly braces {} are sometimes required for PHP to properly parse variables
> within quoted strings. Good example might be defining variable-variables
> within a quoted string "${$myvarvar}". However I do not believe that
curly
> braces are required in this particular string.
>
> As for the comma I believe it does the same thing as the period. It will
> concatonate the quoted string with the output of the htmlspecialchars()
> function within the echo statement.
>
> -Kevin
>
> ----- Original Message -----
> From: "B i g D o g" <bigdogventicon.com>
> To: "PHP GEN" <php-generallists.php.net>
> Sent: Monday, July 22, 2002 4:34 PM
> Subject: [PHP] Comma question
>
>
> > Tried to check the archive, but it is offline...
> >
> >
> > What does the "," and "{}" do in this type of statement?
> >
> > Example: echo "<tr><td>{$strName}</td></tr>", htmlspecialchars(
> $teststr );
> >
> > Thanks,
> >
> >
> > .: B i g D o g :.
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
attached mail follows:
I remember from a previous post, the dot operator will create a temporary string in memory, and then echo that out. The comma operator will just output as it goes - ie. it doesn't create a temporary string.
As for Lee Doolan's reply: echo "<tr><td>{$obj->strName[$i]}</td></tr>"; interesting - never thought of doing that, I alway's broke out of the quotes to do object dereferencing. Should make my future code more readable I think...
Martin
-----Original Message-----
From: B i g D o g [mailto:bigdogventicon.com]
Sent: Tuesday, July 23, 2002 9:06 AM
To: PHP GEN
Subject: Re: [PHP] Comma question
Thanks all for the info...
I figured that the comma was to concatenate but is was wondering if the parser handled it different.
I knew the {} helped the parser now which was the variable...but i have never seen it like that...
I have only seen it like ${var}...
Just wondering the difference...
.: B i g D o G :.
----- Original Message -----
From: "Kevin Stone" <kevinhelpelf.com>
To: "B i g D o g" <bigdogventicon.com>; "PHP GEN"
<php-generallists.php.net>
Sent: Monday, July 22, 2002 5:00 PM
Subject: Re: [PHP] Comma question
> Curly braces {} are sometimes required for PHP to properly parse variables
> within quoted strings. Good example might be defining variable-variables
> within a quoted string "${$myvarvar}". However I do not believe that
curly
> braces are required in this particular string.
>
> As for the comma I believe it does the same thing as the period. It will
> concatonate the quoted string with the output of the htmlspecialchars()
> function within the echo statement.
>
> -Kevin
>
> ----- Original Message -----
> From: "B i g D o g" <bigdogventicon.com>
> To: "PHP GEN" <php-generallists.php.net>
> Sent: Monday, July 22, 2002 4:34 PM
> Subject: [PHP] Comma question
>
>
> > Tried to check the archive, but it is offline...
> >
> >
> > What does the "," and "{}" do in this type of statement?
> >
> > Example: echo "<tr><td>{$strName}</td></tr>", htmlspecialchars(
> $teststr );
> >
> > Thanks,
> >
> >
> > .: B i g D o g :.
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
>Tried to check the archive, but it is offline... > >What does the "," and "{}" do in this type of statement? > >Example: echo "<tr><td>{$strName}</td></tr>", htmlspecialchars( $teststr );
The {} makes it *VERY* clear to PHP that $strName is a variable to be "interpolated" into the string.
This Programmer has actually read the Documentation and believed the warnings that some day just plain old $strName might not be enough.
The , simply gives more arguments to the echo construct.
You can echo as many things as you want, and they just get sent out one after the other.
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
Hi!
I have a site with all my movies and stuff stored in a database. And I have made a admin page where I can add, delete and update records. When I add new records, I have made a listbox for the category (ex. action, comedy etc.) so I dont have to write it every time I add a new record. But when I push the update button and the data thats stored in the database is printed its printed just in a textarea. I know its possible to list the data in a listbox, but how do I get the right category selected for the movie I choose?
Best regards Raymond
attached mail follows:
> I have a site with all my movies and stuff stored in a database. And I > have > made a admin page where I can add, delete and update records. When I add > new > records, I have made a listbox for the category (ex. action, comedy etc.) > so > I dont have to write it every time I add a new record. But when I push the > update button and the data thats stored in the database is printed its > printed just in a textarea. I know its possible to list the data in a > listbox, but how do I get the right category selected for the movie I > choose?
<select name="whatever"> <option value="1" <?if($something==1) { echo "selected"; } ?>>One</option> <option value="2" <?if($something==2) { echo "selected"; } ?>>Two</option> etc... </select>
Put it into a function and the possible values into an array to make it easier...
---John Holmes...
attached mail follows:
Okay im not sure i understand you- you want to create a page where it will suck an item out of a database, and use it to choose which item in a drop down menu should be selected?
If so, you can try something like
<select name="catagory> <option value="0"<?php if ($catagory == 0) {echo " selected"}; ?>>Action</option> <option value="1"<?php if ($catagory == 1) {echo " selected"}; ?>>Comedy</option> <option value="2"<?php if ($catagory == 2) {echo " selected"}; ?>>Etc.</option> </select>
On Monday 22 July 2002 16:07 pm, Raymond Lilleodegard wrote: > Hi! > > I have a site with all my movies and stuff stored in a database. And I have > made a admin page where I can add, delete and update records. When I add > new records, I have made a listbox for the category (ex. action, comedy > etc.) so I dont have to write it every time I add a new record. But when I > push the update button and the data thats stored in the database is printed > its printed just in a textarea. I know its possible to list the data in a > listbox, but how do I get the right category selected for the movie I > choose? > > Best regards Raymond
-- What I conclude is that religion has nothing to do with experience or reason but with deep and irrational needsRichard Taylor
attached mail follows:
I have a column in a mysql table with a timestamp. The value of this column is for instance:
20020722185242
How do i change the format on this to "DDMMYYYY" (22072002) in php?
Thanx
-R
attached mail follows:
Why not let mysql do it? It has a function do to exactly that, I think...
But php's date() is the function you're looking for...
-----Original Message-----
From: Ragnar [mailto:ragnarchello.no]
Sent: Monday, July 22, 2002 4:42 PM
To: php-generallists.php.net
Subject: [PHP] Formating datevariables...
I have a column in a mysql table with a timestamp. The value of this column is for instance:
20020722185242
How do i change the format on this to "DDMMYYYY" (22072002) in php?
Thanx
-R
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
Select TIMESTAMP(date_column) AS mydate
Then when you display it use the date function DATE('mdY',mydate)
-----Original Message-----
From: Ragnar [mailto:ragnarchello.no]
Sent: Monday, July 22, 2002 4:42 PM
To: php-generallists.php.net
Subject: [PHP] Formating datevariables...
I have a column in a mysql table with a timestamp. The value of this column is for instance:
20020722185242
How do i change the format on this to "DDMMYYYY" (22072002) in php?
Thanx
-R
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
Reply-To: <wouter
springt.nl>
From: "Wouter van Vliet" <wouterspringt.nl>
To: <php-generallists.php.net>
Date: Tue, 23 Jul 2002 01:51:18 +0200
Message-ID: <CPEAJACGLADEOMKBJJLNAEMADBAA.wouterspringt.nl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: RE: [PHP] Formating datevariables...
Yeah .. the php function date shud do it .. if only the timestamp would be in the correct format. I've been wrestling with it too, best way to do it for me was using some substr() calles to extract year, month and day from it.
anybody better ideas?
---------- Alle door mij verzonden email is careware. Dit houdt in dat het alleen herlezen en bewaard mag worden als je goed omgaat met al het leven op aarde en daar buiten. Als je het hier niet mee eens bent dien je mijn mailtje binnen 24 uur terug te sturen, met opgaaf van reden van onenigheid.
All email sent by me is careware. This means that it can only be reread and kept if you are good for all the life here on earth and beyond. If you don't agree to these terms, you should return this email in no more than 24 hours stating the reason of disagreement.
-----Oorspronkelijk bericht-----
Van: Demitrious S. Kelly [mailto:apokalyptikapokalyptik.com]
Verzonden: dinsdag 23 juli 2002 01:51
Aan: 'Ragnar'; php-generallists.php.net
Onderwerp: RE: [PHP] Formating datevariables...
Why not let mysql do it? It has a function do to exactly that, I think...
But php's date() is the function you're looking for...
-----Original Message-----
From: Ragnar [mailto:ragnarchello.no]
Sent: Monday, July 22, 2002 4:42 PM
To: php-generallists.php.net
Subject: [PHP] Formating datevariables...
I have a column in a mysql table with a timestamp. The value of this column is for instance:
20020722185242
How do i change the format on this to "DDMMYYYY" (22072002) in php?
Thanx
-R
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
Is the timestamp in UNIX format? if yes, try date() http://www.php.net/manual/en/function.date.php if no, try substr()
hope that helps :) - Jeremy
----- Original Message -----
From: "Ragnar" <ragnarchello.no>
To: <php-generallists.php.net>
Sent: Tuesday, July 23, 2002 7:42 AM
Subject: [PHP] Formating datevariables...
> I have a column in a mysql table with a timestamp. The value of this column > is for instance: > > 20020722185242 > > How do i change the format on this to "DDMMYYYY" (22072002) in php? > > Thanx > > -R > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
As Demitrious said, use mysql to do it.
But if you want to use php, just use substr(), since all the numbers are there, there's no point converting to unix time, just to convert it back again... unless you're going to do some maths of it
-----Original Message-----
From: Demitrious S. Kelly [mailto:apokalyptikapokalyptik.com]
Sent: Tuesday, July 23, 2002 9:51 AM
To: 'Ragnar'; php-generallists.php.net
Subject: RE: [PHP] Formating datevariables...
Why not let mysql do it? It has a function do to exactly that, I think...
But php's date() is the function you're looking for...
-----Original Message-----
From: Ragnar [mailto:ragnarchello.no]
Sent: Monday, July 22, 2002 4:42 PM
To: php-generallists.php.net
Subject: [PHP] Formating datevariables...
I have a column in a mysql table with a timestamp. The value of this column is for instance:
20020722185242
How do i change the format on this to "DDMMYYYY" (22072002) in php?
Thanx
-R
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
In article <20020722234455.41274.qmailpb1.pair.com>, ragnarchello.no
says...
> I have a column in a mysql table with a timestamp. The value of this column
> is for instance:
>
> 20020722185242
>
> How do i change the format on this to "DDMMYYYY" (22072002) in php?
>
> Thanx
>
> -R
You can do it as you get it out of the db - see DATEFORMAT
Cheers
-- David Robley Temporary Kiwi!Quod subigo farinam
attached mail follows:
Heey Listers,
I've got a small question. Does php provide any function to group a number like 3193576 into 3.193.576 ? Just reads easier when the hits for my website are being displayed ... Or if php doesn't have a function for it .. anybody any good suggestions on how to do it?
(it's not fully mine... technical team of two, one chief editor and some editors in estonia, latvia, sweden, germany, spain .. total of 20 folks in the esctoday.com team)
Thanks, Wouter
---------- Alle door mij verzonden email is careware. Dit houdt in dat het alleen herlezen en bewaard mag worden als je goed omgaat met al het leven op aarde en daar buiten. Als je het hier niet mee eens bent dien je mijn mailtje binnen 24 uur terug te sturen, met opgaaf van reden van onenigheid.
All email sent by me is careware. This means that it can only be reread and kept if you are good for all the life here on earth and beyond. If you don't agree to these terms, you should return this email in no more than 24 hours stating the reason of disagreement.
attached mail follows:
number_format()
Wouter Van Vliet wrote: > > Heey Listers, > > I've got a small question. Does php provide any function to group a number > like 3193576 into 3.193.576 ? Just reads easier when the hits for my > website are being displayed ... Or if php doesn't have a function for it .. > anybody any good suggestions on how to do it? > > (it's not fully mine... technical team of two, one chief editor and some > editors in estonia, latvia, sweden, germany, spain .. total of 20 folks in > the esctoday.com team) > > Thanks, > Wouter > > ---------- > Alle door mij verzonden email is careware. Dit houdt in dat het alleen > herlezen en bewaard mag worden als je goed omgaat met al het leven op aarde > en daar buiten. Als je het hier niet mee eens bent dien je mijn mailtje > binnen 24 uur terug te sturen, met opgaaf van reden van onenigheid. > > All email sent by me is careware. This means that it can only be reread and > kept if you are good for all the life here on earth and beyond. If you don't > agree to these terms, you should return this email in no more than 24 hours > stating the reason of disagreement.
attached mail follows:
>Is there any way to fseek (or something to the exact same effect) a file >opened with "a" or "a+"? > >I've tried rewinding and fseeking appendable files, but neither work. > >Opening up in "r+" gives me part of the desired result, but if where I want >to write is not at the end, it writes over things, which I obviously do not >want.
It may be obvious to you that you don't want that, but it's not to anybody else :-)
Use r+ and fseek to the end of the file. You can use PHP's filesize (filelength?) function to find out where that is.
I think a+ is only if you are "promising" not to go backwards into the old data... Maybe it's for some kind of OS optimization or something...
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
>Is there much of a difference in speed or efficiency between INCLUDEing >files in a script or loading data from a database? I'm building a dynamic >menu system for a website and not sure if it would be faster to store button >data in a DB or just do it with Included files.
How fast is your hard drive? Is the DB on the same box, or one with a 100Mbit Ethernet, or halfway across the planet? Do you already *have* a DB connection open?
Assuming a reasonable-speed hard drive, and a one-box PHP/MySQL setup, then only the last question matters: If the DB is already "there", it's faster. If not, probably the hard drive... Maybe.
Test it yourself to be sure with your hardware.
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
>I'm trying to access some settings in the $HTTP_SERVER_VARS[] array, but, >within a custom function() this array appears empty. In the calling script, >however, the $HTTP_SERVER_VARS[] array is defined. > >I thought this was supposed to be "superglobal" and available on every >level? If not, is there another command I can use? I also tried $_SERVER[] >but this appears to be always empty no matter what level I call it on.
$_SERVER, if you are in a current version, would be a super global. $_HTTP_SERVER_VARS would *NOT* be super global.
You'll need: global $HTTP_SERVER_VARS; inside your function to import the data.
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
>This may be a pretty naive question. >Do we have to use the key word >session_register("variablename"); >in every single page, in which we plan to use the "variablename"?. Or is it >possible that we register the variablename once, and in the subsequent pages >continue to access it using $variablename ?
Just register it one time.
You will still need session_start() on each page for the data to be there.
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
>Is there a way to display an image withouth sending the headers first?
Not reliably. *SOME* broken browsers will use the apparent "filename" in the URL to decide what kind of document you are sending, even if you *DO* send the headers! Grrr.
So you really want your URL to "end" (before any ?) in .jpg or .gif or .png or whatever.
>I'm trying to display an inline image... but when I try it just only >send the raw image data...
Don't. You cannot (as far as I know) cram an image "inline" into an HTML document.
>I've thinking that I need to save an image first to disk and then >display the image later...
You do not need to do that either, though.
>I don't want to do this... but I wanna hear another possiblities before >doing that...
You need two (2) files.
One with an IMG tag in it, that points to the second file. The second file needs to spew out a valid JPEG (or GIF or PNG)
Sample:
----------------- index.html ------------------------------------------------------ <HTML><BODY><IMG SRC=image.php/stupidbrowser.jpg?filename=pretty.jpg></BODY></HTML> ---------------------------------------------------------------------------- -------
----------------- pretty.jpg ------------------------------------------------------ <?php header("Content-type: image/jpeg"); header("Content-length: " . filesize("/full/path/to/$filename")); readfile("/full/path/to/$filename"); ?> ---------------------------------------------------------------------------- -------
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
>My question is what can I do if someone searches for php script for search? > >I would want to use OR in my SQL statment. The problem is how do I write the >query so that it will detect the number of words sent then put enough ORs >and LIKE '%$search[1]% in?
The LIKE operator will cheerfully return 1 or 0, which you can "add up", or in your case, "weight and add up" in your SELECT:
$query = "select 0 "; # The 0 is a kind of 'yeast' to start off our summation of matches.
$words = explode(' ', $search);
while (list(,$word) = $words){ $word = trim($word); if ($word){ $query .= " + article_keyword.weight * article_keyword.keyword like '%$word%' "; } }
$query .= " as score "; $query .= " from article_keyword, article_data "; $query .= " where score > 0 "; $query .= " and article_data.aid = article_keyword.aid "; $query .= " order by score desc ";
echo $query, "<BR>\n";
-- Like Music? http://l-i-e.com/artists.htm
attached mail follows:
hi all,
I'm tring to make a script to prompt for a username & then a password for that user onto the actual machine rather than just a web site...
now i've come across this this line in some documentation
if ( $File = popen( "$useradd_prog $useradd_name", "r" ) ) { . . . now to my actual question ..
does that "r" just mean read? and if so should that "r" be a "w" for write in order for it to work?
Cheers
Peter "the only dumb question is the one that wasn't asked"
attached mail follows:
In article <DPEPKCNEFOKBCNNANCIPMEINCGAA.phpvfsa.com.au>, phpvfsa.com.au
says...
> hi all,
>
> I'm tring to make a script to prompt for a username & then a password =
> for that user onto the actual machine rather than just a web site...
>
> now i've come across this this line in some documentation
>
> if ( $File =3D popen( "$useradd_prog $useradd_name", "r" ) )
> {
> .
> .
> .
> now to my actual question ..
>
> does that "r" just mean read? and if so should that "r" be a "w" for =
> write in order for it to work?
>
>
>
> Cheers=20
>
> Peter=20
> "the only dumb question is the one that wasn't asked"=20
> =20
If you are just checking the name/password against an existing list, then you only need read. If you want to add something, then you need a different mode.
However, I think you may be better off uing fopen, instead of popen, if you are trying to do what I think you are. The documentation for fopen has a comprehensive description of the modes available; note that w is kindof destructive in the wrong context :-)
Cheers
-- David Robley Temporary Kiwi!Quod subigo farinam
attached mail follows:
> -----Original Message-----
> From: David Robley [mailto:robleydparadise.net.nz]
> Sent: Tuesday, 23 July 2002 10:41 AM
> To: php-generallists.php.net
> Subject: [PHP] Re: does this mean ....
>
>
> In article <DPEPKCNEFOKBCNNANCIPMEINCGAA.phpvfsa.com.au>,
> phpvfsa.com.au
> says...
> > hi all,
> >
> > I'm tring to make a script to prompt for a username & then a password =
> > for that user onto the actual machine rather than just a web site...
> >
> > now i've come across this this line in some documentation
> >
> > if ( $File =3D popen( "$useradd_prog $useradd_name", "r" ) )
> > {
> > .
> > .
> > .
> > now to my actual question ..
> >
> > does that "r" just mean read? and if so should that "r" be a "w" for =
> > write in order for it to work?
> >
> >
> >
> > Cheers=20
> >
> > Peter=20
> > "the only dumb question is the one that wasn't asked"=20
> > =20
>
> If you are just checking the name/password against an existing list, then
> you only need read. If you want to add something, then you need a
> different mode.
>
> However, I think you may be better off uing fopen, instead of popen, if
> you are trying to do what I think you are. The documentation for
> fopen has
> a comprehensive description of the modes available; note that w is kindof
> destructive in the wrong context :-)
>
> Cheers
> --
> David Robley
> Temporary Kiwi!
>
> Quod subigo farinam
>
i'm tring to run the useradd command (under Solaris) to add a user to the
system so i don't have to continueously remote log in and also make it
easier for myself to add users to the system(s).. maybe popen isn't the best
option for this .. though i don't think fopen will be able to do what i need
it to do.. maybe playing around with sockets would be better?
Cheers
Peter "the only dumb question is the one that wasn't asked"
attached mail follows:
well, i solved the last problem on my own but now i need help on my new one :-)
how do you convert text to hexadecimal with PHP?
-- Regards, Georgie Casey webmaster*************************** http://www.filmfind.tv Online Film Production Directory ***************************
attached mail follows:
In article <20020723000444.87926.qmailpb1.pair.com>,
webmasterfilmfind.tv says...
> well, i solved the last problem on my own but now i need help on my new one
> :-)
>
> how do you convert text to hexadecimal with PHP?
>
> --
> Regards,
> Georgie Casey
> webmasterfilmfind.tv
If you are asking what I think you are asking - use ord to get the ascii (decimal) value of each character, then use dechex to convert to hex.
Cheers
-- David Robley Temporary Kiwi!Quod subigo farinam
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]