|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
php-general-digest-help_at_lists.php.net
Date: Wed Jan 15 2003 - 19:56:32 CST
php-general Digest 16 Jan 2003 01:56:32 -0000 Issue 1825
Topics (messages 131701 through 131797):
Re: emptying hte array??
131701 by: Scott Fletcher
Re: update more "same" fields at the same time
131702 by: Chris Hayes
Re: Windows vs Linux
131703 by: Scott Fletcher
131782 by: Beauford.2002
131783 by: 1LT John W. Holmes
131790 by: Beauford.2002
Re: sending array
131704 by: Danielle van Gladbach
131714 by: Gerald Timothy Quimpo
131718 by: Jason Wong
131753 by: [-^-!-%-
difference between shared and /usr/bin/mysql
131705 by: gamin
131707 by: Leon Mergen
131709 by: Marco Tabini
All Request to the same script
131706 by: SLanger.spirit21.de
131708 by: Leon Mergen
131712 by: Chris Hayes
131715 by: Brad Pauly
131755 by: [-^-!-%-
Re: Question about $_GET
131710 by: Chris Shiflett
131741 by: gamin
131748 by: [-^-!-%-
131762 by: Jason Wong
fgets and Macs
131711 by: Jason Jacobs
131713 by: Chris Shiflett
Send email when some action
131716 by: Miguel Brás
131720 by: Maxim Maletsky
131721 by: Jason Wong
phpBB
131717 by: Félix García Renedo
131719 by: Maxim Maletsky
Is there a way to substitute HTTP_REFERER for PHPSESSID ???
131722 by: Scott Fletcher
imagecreatefromjpeg crash
131723 by: Hitek
Windows PHP vs Linux PHP
131724 by: Beauford.2002
131727 by: Scott Fletcher
131728 by: Jeff Lewis
131732 by: Matt Schroebel
131737 by: Scott Fletcher
131740 by: 1LT John W. Holmes
131747 by: Jim Lucas
Re: PHP/Flash Dynamic Graphs?
131725 by: Scott Fletcher
Regular Expression Help in my PHP! Sorry if wrong group
131726 by: Jason Lehman
131734 by: Jason Lehman
131736 by: 1LT John W. Holmes
131759 by: Jason Lehman
DSO or static Module?
131729 by: Lic. Carlos A. Triana Torres
131730 by: Ray Hunter
Re: Authentication programming
131731 by: Jordan Elver
Re: Session wierdness...
131733 by: Duncan Abbott
131743 by: Timothy Hitchens \(HiTCHO\)
OOP
131735 by: Jordan Elver
131738 by: 1LT John W. Holmes
131739 by: Jordan Elver
131785 by: Greg Beaver
Security in included PHP files
131742 by: Jacob Copsey
131745 by: Kevin Stone
131746 by: Jacob Copsey
131750 by: Chris Shiflett
131752 by: Jacob Copsey
131756 by: [-^-!-%-
131758 by: Chris Shiflett
HTTP_REFERER work without a problem....
131744 by: Scott Fletcher
131751 by: Chris Shiflett
131754 by: Scott Fletcher
131757 by: Paul Roberts
131761 by: Scott Fletcher
131763 by: Chris Shiflett
131764 by: Kevin Stone
131765 by: Scott Fletcher
131766 by: Scott Fletcher
131768 by: Chris Shiflett
131769 by: Christoph Grottolo
131771 by: Chris Shiflett
131773 by: Scott Fletcher
131775 by: Scott Fletcher
131776 by: Scott Fletcher
131781 by: Kevin Stone
File() function and require()
131749 by: Mike Tharp
Version Upgrade on Apache/win
131760 by: Malcolm Brownell
timing out a for loop, fopen
131767 by: ROBERT MCPEAK
Setting session variables from a MySQL field value.
131770 by: Stephen of Blank Canvas
131780 by: Mark Heintz PHP Mailing Lists
include question
131772 by: Ryan
131774 by: Brad Bonkoski
131778 by: Ryan
131779 by: Christoph Grottolo
[phplib template] file does not exist
131777 by: roel
getopt usage?
131784 by: Eli Criffield
Session Problem
131786 by: Pushpinder Singh Garcha
131789 by: janet.valade.com
Getting a dynamic IP address
131787 by: Kyle Lampkin
Re: "document contained no data"
131788 by: Justin French
Form won't submit when pressing enter key
131791 by: Sarah Heffron
131794 by: Michael Sims
alternative control structure syntax
131792 by: Justin French
131795 by: Michael Sims
131796 by: Matt
I wanta the PHP doc notes.
131793 by: Avenger
Free web-hosting
131797 by: Gladky Anton
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscribe
lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net
To post to the list, e-mail:
php-generallists.php.net
----------------------------------------------------------------------
attached mail follows:
It wouldn't be a good idea to undefined the array with 'unset()' if it is to
be re-use.....
"Jason K Larson" <jlarsoncandlefire.org> wrote in message
news:3E24C050.30208candlefire.org...
> That's not going to 'empty' the array it's going to undefine it.
> Just overwrite the array with a new empty array like:
>
> $a = array();
>
> That keeps the variable an array variable type and is of course empty.
>
> HTH,
> Jason k Larson
>
> Justin French wrote:
>
> > on 15/01/03 7:52 AM, Scott Fletcher (scottabcoa.com) wrote:
> >
> >
> > >How to do the proper way of emptying hte array??
> > >
> > >Example...
> > >
> > >$a[0] = "test1";
> > >$a[1] = "test2";
> > >$a[2] = "test3";
> > >$a[3] = "test4";
> > >
> > >$a = ""; <-- Is this hte proper way to do it????
> >
> >
> > unset($a);
> >
> > http://php.net/unset
> >
> > Justin
>
attached mail follows:
At 14:29 15-1-03, you wrote:
> > not with the same data
> >
>You can put your data and the primary keys in arrays and exec a loop
>but the data[0] must be the data for the id[0],
>data[1] must be the data for id[1] etc.
>
>The loop should be something like this:
>
>for (int $i=0; $i<=total_records_select_returned -1; $i++)
> update table set field1='$data[$i]' where id=$id[$i];
>
>I 'm not sure for the syntax but the idea is correct.
That would work good and is shorter than what i did (and accidently mailed
to myself in stead of to this list):
You split the record ID and value in two form elements while I lump the
fieldname with the recordID into the form element name.
>>I have table with six records in it. I can use "while" to display them all,
>>but in form. Is there any way I can edit all six records, and update them
>>all with one submit.
The way i understand the question is, you have several records (or rows) in
one table that you want to edit on the same page.
>One of the many ways to do it:
>When writing the form, number the fieldnames with the ID's of the items.
>Separate name and ID with a clear character like '__'
> <input type="text" name="field__531">
> <input type="text" name="field__532">
> <input type="text" name="field__533">
So to make this do something like
1. make a query to select the items, select the values you want to show as
well as the record's ID field, from now I will call that $recordID.
Echo a <form method="POST" action="whatever.php"> tag
2. Loop through the query result with your favourite loop structure and in
the loop echo each record somehow like this:
echo ' <input type="text" name="'.fieldname__$recordID.'"
value='.$recordfield.'>';
>In the receiving page, split the name again.
>Then build a query for every record.
With fieldname 'fieldname':
while (list ($key, $val) = each ($_POST)) //walk
through all form results, key is form_element_name
//and
value is value.
{if (! strpos($key,'fieldname')===false) //only
with variables starting with the fieldname
{ $keybits=explode('__',$key);$recordID=$keybits[1]; //split
the recordID out of the name of the variable
$query="UPDATE mytable SET fieldname='.$value.' WHERE
recordID=$recordID";
mysql_query($query) or die('Problem updating data );
}
}
attached mail follows:
The default setting for hte error message is different in Windows and Linux.
I had that problem but reduced it when I configure the error setting in
php.ini. Window just display more error over things that aren't really an
error, like an undefined variable that haven't been yet used. In Unix and
Linux, it doesn't display it.
"Beauford.2002" <beauford.2002rogers.com> wrote in message
news:000701c2bc0c$8c20bb60$6401a8c0p1...
> Hi
>
> I just installed MySQL and PHP on Windows, and I have found that I am
> getting all sorts of errors (in both) when I try to use some of the same
> commands I use in the Linux versions. Are their a lot of differences in
the
> two, and where can I find out what these are - I just got used to using
them
> in Linux....
>
> TIA
>
>
attached mail follows:
Notice: I have given up on PHP and MySQL on Windows in E:\IIS Webs\beauford as it is a total pain in the butt. The simplest of things I try and do are inundated with errors - I fix one and 5 more come up. I have changed settings in php.ini as suggested and put the in front of variables and whatever else has been suggested, but alas, nothing.
Anyway, thanks for all the help to all those that replied to my questions, but I'll just use Linux as I know it works.....
attached mail follows:
You give up too easily.
PHP is the same on both of them, it's just different settings in php.ini
that are causing your problems. Take your php.ini on the Linux box and copy
it over to you Windows machine. The only change you'll probably have to make
(depending on what you've got loaded) is the session.save_path setting, if
you're using sessions.
---John Holmes...
----- Original Message -----
From: "Beauford.2002" <beauford.2002rogers.com>
To: "PHP General" <php-generallists.php.net>
Sent: Wednesday, January 15, 2003 5:41 PM
Subject: Re: [PHP] Windows vs Linux
Notice: I have given up on PHP and MySQL on Windows in E:\IIS Webs\beauford
as it is a total pain in the butt. The simplest of things I try and do are
inundated with errors - I fix one and 5 more come up. I have changed
settings in php.ini as suggested and put the in front of variables and
whatever else has been suggested, but alas, nothing.
Anyway, thanks for all the help to all those that replied to my questions,
but I'll just use Linux as I know it works.....
attached mail follows:
The settings in both were virtually identical. It's a mute point however as
I have uninstalled both PHP and MySQL. This was just a test project anyway,
and I really don't want to put the time into it. I have a working copy of
both on my Linux box and prefer this anyway.
Thanks for the input.
----- Original Message -----
From: "1LT John W. Holmes" <holmes072000charter.net>
To: "Beauford.2002" <beauford.2002rogers.com>; "PHP General"
<php-generallists.php.net>
Sent: Wednesday, January 15, 2003 5:59 PM
Subject: Re: [PHP] Windows vs Linux
> You give up too easily.
>
> PHP is the same on both of them, it's just different settings in php.ini
> that are causing your problems. Take your php.ini on the Linux box and
copy
> it over to you Windows machine. The only change you'll probably have to
make
> (depending on what you've got loaded) is the session.save_path setting, if
> you're using sessions.
>
> ---John Holmes...
>
> ----- Original Message -----
> From: "Beauford.2002" <beauford.2002rogers.com>
> To: "PHP General" <php-generallists.php.net>
> Sent: Wednesday, January 15, 2003 5:41 PM
> Subject: Re: [PHP] Windows vs Linux
>
>
> Notice: I have given up on PHP and MySQL on Windows in E:\IIS
Webs\beauford
> as it is a total pain in the butt. The simplest of things I try and do are
> inundated with errors - I fix one and 5 more come up. I have changed
> settings in php.ini as suggested and put the in front of variables and
> whatever else has been suggested, but alas, nothing.
>
> Anyway, thanks for all the help to all those that replied to my questions,
> but I'll just use Linux as I know it works.....
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
attached mail follows:
It works thanks!!!!
Here is the code, if anyone has the same problem:
test1.php
<?
$org["index-A"]=17010000;
$org["index-B"]=12090000;
$var=serialize($org);
$var=urlencode($var);
print "<a href=\"test2.php?var=".$var."\">test2</a><BR>\n";
?>
test2.php
<?
$var=urldecode($var);
$org=unserialize($var);
while (list ($key, $val) = each($org))
{
print "key=".$key."val".$val."<br>\n";
}
?>
Jason Wong wrote:
> On Wednesday 15 January 2003 20:59, Danielle van Gladbach wrote:
>
> > I am trying to send an array from one php to another:
> >
> > $org["index-A"]=17010000;
> > $org["index-B"]=12090000;
> >
> > print "<a href=\"test2.php?org=".$org."\">test2</a><BR>\n";
> >
> > But if I try to read te array in test2.php, I get "Warning: Variable
> > passed to each() is not an array ".
>
> You can't pass an array thru the URL. What you need to do is serialize() it
> then urlencode() it (or maybe rawurlencode()). Then you can put the resulting
> string in the URL.
>
> In test2.php you would unserialize() $org ($_GET['org']).
>
> --
> Jason Wong -> Gremlins Associates -> www.gremlins.biz
> Open Source Software Systems Integrators
> * Web Design & Hosting * Internet & Intranet Applications Development *
>
> /*
> E Pluribus Unix
> */
attached mail follows:
On Wednesday 15 January 2003 08:59 pm, Danielle van Gladbach wrote:
> I am trying to send an array from one php to another:
>
> $org["index-A"]=17010000;
> $org["index-B"]=12090000;
>
> print "<a href=\"test2.php?org=".$org."\">test2</a><BR>\n";
>
> But if I try to read te array in test2.php, I get "Warning: Variable
> passed to each() is not an array ".
others have discussed the particular error and things to try, so i won't
do that here. instead i point out that if the array is going to be any
significant length, then you might want to use some method of
sending the array other than sending it in the URI.
the particular limits on URI length are browser and web server (and
sometimes OS dependent), but i'd be conservative about sending
arrays along. i'd probably completely give up on sending them in
the URI and instead construct some other way.
e.g., you might have a system whereby you encode the array
somehow into something easily parsed, e.g., index->value
pairs separated by a special delimiter, or urlencoded index
and value separated by a space. save the encoded format
on the disk. give it a random name. then pass the name to
the other URL as a GET param.
you would also have a reaper program (maybe running through
crontab if you're on Unix, or some windows scheduler otherwise)
that deletes array files that are more than, say, 5 minutes old.
tiger
--
Gerald Timothy Quimpo tiger*quimpo*org gquimpo*sni-inc.com tiger*sni*ph
Public Key: "gpg --keyserver pgp.mit.edu --recv-keys 672F4C78"
Veritas liberabit vos.
Doveryai no proveryai.
attached mail follows:
On Thursday 16 January 2003 23:59, Gerald Timothy Quimpo wrote:
> e.g., you might have a system whereby you encode the array > somehow into something easily parsed, e.g., index->value > pairs separated by a special delimiter, or urlencoded index > and value separated by a space. save the encoded format > on the disk. give it a random name. then pass the name to > the other URL as a GET param. > > you would also have a reaper program (maybe running through > crontab if you're on Unix, or some windows scheduler otherwise) > that deletes array files that are more than, say, 5 minutes old.
IOW use sessions :-)
-- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development */* The two oldest professions in the world have been ruined by amateurs. -- G.B. Shaw */
attached mail follows:
This method seems to have a size limitation (which is very small). If your array is (relatively) large, page two will not display the passed values.
I'm not sure the url string became too long or if the problem came from SERIALIZE(). Just beware.
FYI
-john
=P e p i e D e s i g n s www.pepiedesigns.com Providing Solutions That Increase Productivity
Web Developement. Database. Hosting. Multimedia.
On Wed, 15 Jan 2003, Danielle van Gladbach wrote:
> It works thanks!!!! > > Here is the code, if anyone has the same problem: > test1.php > <? > $org["index-A"]=17010000; > $org["index-B"]=12090000; > > $var=serialize($org); > $var=urlencode($var); > > print "<a href=\"test2.php?var=".$var."\">test2</a><BR>\n"; > ?> > > test2.php > <? > $var=urldecode($var); > $org=unserialize($var); > > while (list ($key, $val) = each($org)) > { > print "key=".$key."val".$val."<br>\n"; > } > ?> > > Jason Wong wrote: > > > On Wednesday 15 January 2003 20:59, Danielle van Gladbach wrote: > > > > > I am trying to send an array from one php to another: > > > > > > $org["index-A"]=17010000; > > > $org["index-B"]=12090000; > > > > > > print "<a href=\"test2.php?org=".$org."\">test2</a><BR>\n"; > > > > > > But if I try to read te array in test2.php, I get "Warning: Variable > > > passed to each() is not an array ". > > > > You can't pass an array thru the URL. What you need to do is serialize() it > > then urlencode() it (or maybe rawurlencode()). Then you can put the resulting > > string in the URL. > > > > In test2.php you would unserialize() $org ($_GET['org']). > > > > -- > > Jason Wong -> Gremlins Associates -> www.gremlins.biz > > Open Source Software Systems Integrators > > * Web Design & Hosting * Internet & Intranet Applications Development * > > > > /* > > E Pluribus Unix > > */ > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
attached mail follows:
Hi,
When compiling PHP what is the difference between these two :
./configure --with-mysql=shared
./configure --with-mysql=/usr/bin/mysql
What are the advantages/disadvatages of using either.
thx
g
attached mail follows:
"Gamin" <gaminvsnl.net> wrote in message
news:20030115141903.68577.qmailpb1.pair.com...
> ./configure --with-mysql=shared
> ./configure --with-mysql=/usr/bin/mysql
> What are the advantages/disadvatages of using either.
Somebody correct me if I'm wrong, but from what I know is that when using shared it is compiled as a shared object and only loaded when needed. This decreases ram usage (which is good) , but increases load (which is bad) .
If you have a few spare kb's of ram, I wouldn't recommend using shared...
attached mail follows:
On Wed, 2003-01-15 at 09:36, Leon Mergen wrote: > Somebody correct me if I'm wrong, but from what I know is that when using > shared it is compiled as a shared object and only loaded when needed. This > decreases ram usage (which is good) , but increases load (which is bad) .
AFAIK, you should use a shared module when you're also using other Apache modules that interface to MySQL. When you ./configure the PHP interpreter, you get this info:
| You chose to compile PHP with the built-in MySQL support. If you | | are compiling a server module, and intend to use other server | | modules that also use MySQL (e.g, mod_auth_mysql, PHP 3.0, | | mod_perl) you must NOT rely on PHP's built-in MySQL support, and | | instead build it with your local MySQL support files, by adding | | --with-mysql=/path/to/mysql to your configure line. |
Cheers,
Marco
-- ---------------- php|architect - The Monthly Magazine for PHP Professionals Come check us out on the web at http://www.phparch.com!
attached mail follows:
Hello
Is it possible to send all incoming requests to the same script within PHP? In other words: How can I get http://mysite/script.php to point to the same script as http://mysite/anotherscript.php ? And is it possible to do send a request like http://mysite/someextrapathinfo to the same php script? The background behind it is to create a controler that handles all incoming requests and dispatches them to different worker scripts as nessecary.
Thanks in advance
Stefan Langer
attached mail follows:
<SLangerspirit21.de> wrote in message
news:OFCB6ABDBA.21C09566-ONC1256CAF.00501417-41256CAF.005090ACspirit21.de..
.
> Is it possible to send all incoming requests to the same script within
> PHP?
> In other words: How can I get http://mysite/script.php to point to the
> same script as http://mysite/anotherscript.php ? And is it possible to do
> send a request like
> http://mysite/someextrapathinfo to the same php script?
> The background behind it is to create a controler that handles all
> incoming requests and dispatches them to different worker scripts as
> nessecary.
If you're using unix, use ln... type "man ln" for a manual...
attached mail follows:
At 15:39 15-1-03, you wrote: >Hello > >Is it possible to send all incoming requests to the same script within >PHP? >In other words: How can I get http://mysite/script.php to point to the >same script as http://mysite/anotherscript.php ? And is it possible to do >send a request like >http://mysite/someextrapathinfo to the same php script? >The background behind it is to create a controler that handles all >incoming requests and dispatches them to different worker scripts as >nessecary.
I think to achieve that you need to have a certain amount of rights, so you may have problems to get modules in Apache or .htaccess (see below) working when your ISP does not want to help you.
I've heard that Apache's mod_rewrite module can be very powerful in doing things like you propose. But I had to find another way and i have now put a .htaccess file in the main directory of my website with a redirect in it:
ErrorDocument 404 /redirect/redirect.php
So this means that when people ask for a directory or file that does not exist, they do not get the standard 404 error message, but they are send on to the file www.mysite.org/redirect/redirect.php. BUT! it is very important that you do not write www.yourdomain.org because then you loose the information in the URL.
So then you come to the redirect.php file.
In this file you should see the original URL in $_SERVER['SCRIPT_URL']:
$path=trim($_SERVER['SCRIPT_URL']);
The way i did is was to use such links (Search Engine friendly!) www.mysite.org/news/1224 www.mysite.org/researcher/SLanger
I would then split the URL at the slashes like this:
$path_bits=explode('/',$path);
And then i forward to the longer urls i normally use:
switch (strtolower($path_bits[1])) { case 'news': Header("Location: http://www.sense.nl/modules.php?op=modload&name=News&file=article&mode=nested&order=0&thold=0&sid=".trim($path_bits[2]) ); break;
case 'researcher': Header("Location: http://www.sense.nl/redirect/research.php?".trim($path_bits[2]) ); break;
default: Header("Location: http://www.sense.nl/redirect/404.html");
}
404.html would send real 404's to a polite message.
attached mail follows:
On Wed, 2003-01-15 at 08:24, Chris Hayes wrote: > At 15:39 15-1-03, you wrote: > >Hello > > > >Is it possible to send all incoming requests to the same script within > >PHP? > >In other words: How can I get http://mysite/script.php to point to the > >same script as http://mysite/anotherscript.php ? And is it possible to do > >send a request like > >http://mysite/someextrapathinfo to the same php script? > >The background behind it is to create a controler that handles all > >incoming requests and dispatches them to different worker scripts as > >nessecary. > > I think to achieve that you need to have a certain amount of rights, so you > may have problems to get modules in Apache or .htaccess (see below) working > when your ISP does not want to help you. > > I've heard that Apache's mod_rewrite module can be very powerful in doing > things like you propose.
Yes. I use mod_rewrite to do this. If you have access to httpd.conf, that is the best place to put rules. You can also put rules in .htaccess if that is your only option, however, you take a performance hit for doing it that way.
http://httpd.apache.org/docs/mod/mod_rewrite.html#InternalAPI
- Brad
attached mail follows:
have you tried
==idex.php===
switch($op) { case "intro": include("welcome.php"); break; case "about": include("about.php"); break; case "contact": incldue("contact.php"); break; default: include("welcome.php"); }
==== You would then list your links (in the html pages) as <a href='index.php?op=about'>About us</a> <a href='index.php?op=contact'>About us</a> <a href='index.php?op=intro'>Back to home</a>
Note: You can substitute 'index.php?op=about' with '?op=about'. i.e. <a href='?op=about'>About Us</a>
-john
=P e p i e D e s i g n s www.pepiedesigns.com Providing Solutions That Increase Productivity
Web Developement. Database. Hosting. Multimedia.
On Wed, 15 Jan 2003 SLangerspirit21.de wrote:
> Hello > > Is it possible to send all incoming requests to the same script within > PHP? > In other words: How can I get http://mysite/script.php to point to the > same script as http://mysite/anotherscript.php ? And is it possible to do > send a request like > http://mysite/someextrapathinfo to the same php script? > The background behind it is to create a controler that handles all > incoming requests and dispatches them to different worker scripts as > nessecary. > > Thanks in advance > > Stefan Langer
attached mail follows:
--- Frank Keessen <fkeessenplanet.nl> wrote:
> So the code looks like this:
>
> $query = "SELECT Newsheadline, News, Contact FROM news
> WHERE Newsid = $_GET['id']";
>
> But all i'm getting in my browser is:
>
> parse error, expecting `T_STRING' or `T_VARIABLE' or
> `T_NUM_STRING'
I could not tell if your question had been adequately answered, but there is an easy way to deal with these types of things without worrying yourself with syntax. Just use concatenation (.) as follows:
$query = "select newsheadline, news, contact from news where newsid = '" . $_GET['id'] . "'";
This builds $query using three separate strings. The first and third strings are double quoted, and the middle string is your variable. Note another difference is that the value of $_GET['id'] is going to be surrounded by single quotes once $query is constructed.
Chris
attached mail follows:
Frank,
With so many various suggestions coming your way, i'll add my 2 cents.
I have gone through all this mess. Read the information from the manual about
strings constants arrays (why "$some_array[id]", $some_array[id] are wrong, but would work sometimes) [unless u have intentionally defined id as a constant] error_reporting (set this to E_ALL at all times, it advocates cleaner code)
read the posts from tomh and jason wong again, they will make things clear
HTH
g
attached mail follows:
I agree with Chris, the quote should stay there to prevent confusion. Nevertheless, I often run in the same problem. Sometimes, the only way to fix it is by removing the quotes ($_GET[id]).
I know PHP documents goes against this, but it dosn't always work with the quotes.
Perhaps the dev team can look more into this.
-john
=P e p i e D e s i g n s www.pepiedesigns.com Providing Solutions That Increase Productivity
Web Developement. Database. Hosting. Multimedia.
On Wed, 15 Jan 2003, Chris Hayes wrote:
> At 11:57 15-1-03, Marek Kilimajer wrote: > >"SELECT Newsheadline, News, Contact FROM news WHERE Newsid = $_GET[id]"; > > > >- removed single quotes > > I think that that is a really bad advice. > > Let me explain. > > For one, the single quotes are not in the way here because the query is > written between double quotes. > > Then, leaving out the single quotes like Marek suggests will only work > because PHP is too programmer-friendly. > But the indexes of such arrays should always be quoted, because they are > strings, and not the name of 'constant' values. If you do not quote them > PHP will first try to look up whether you defined id somewhere, as a > constant (with define ('id','value');). Which you did not, so PHP will fail > to find it. Only then PHP will gently assume that since there is no > constant defined with the name id, that you meant 'id'. Valuable processing > time wasted for no reason. > Set error_reporting to ~E_ALL if you do not believe me. > > I would support the $_POST suggestion by Jason. > > Suggested reading: the 'PHP Bible'. > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
attached mail follows:
On Thursday 16 January 2003 04:35, [-^-!-%- wrote: > I agree with Chris, the quote should stay there to prevent confusion. > Nevertheless, I often run in the same problem. Sometimes, the only way to > fix it is by removing the quotes ($_GET[id]). > > I know PHP documents goes against this, but it dosn't always work with the > quotes.
The recommended way to refer variables inside doubled-quoted strings is enclose them in braces {}. Thus:
"{$_GET['id']}"
> Perhaps the dev team can look more into this.
Can you give examples where it doesn't work?
-- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development */* Only Irish coffee provides in a single glass all four essential food groups -- alcohol, caffeine, sugar, and fat. -- Alex Levine */
attached mail follows:
Hello all. I was doing some reading and found that fgets() doesn't work so well with a text file created on a mac, and php.net has a fix. It would be wonderful if my php.ini file actually contained the variable "auto_detect_line_endings." How can I solve this problem? Is my only solution (without upgrading php) to convert the text files to unix format? Or am I looking in the wrong place for that value? Thanks for your help.
----------------------------- Jason Jacobs
Support a Constitutional Amendment to protect the Pledge of Allegiance and National Motto. Go to www.wepledge.com
attached mail follows:
--- Jason Jacobs <jasonfactory7.com> wrote:
> It would be wonderful if my php.ini file actually
> contained the variable "auto_detect_line_endings."
> How can I solve this problem?
Try adding it yourself. Don't let its absence dissuade you from giving it a shot. :-)
Chris
attached mail follows:
Hi gents,
i have a script to manage the registered users on my site. have also a table with id, name, uname, passwrd, email, datejoined, level and status
my question is... it there any possibility to inform a member by mail that his (let'say) current status changed from inactive to active, or from active to inactive? I mean, whenever a change occur on member's details, a mail is sent to him telling what was changed. Any posssibility?
Miguel
attached mail follows:
mail() function http://php.net/mail
-- Maxim Maletsky maxim"Miguel Brás" <molino26
> Hi gents, > > i have a script to manage the registered users on my site. > have also a table with id, name, uname, passwrd, email, datejoined, level > and status > > my question is... > it there any possibility to inform a member by mail that his (let'say) > current status changed from inactive to active, or from active to inactive? > I mean, whenever a change occur on member's details, a mail is sent to him > telling what was changed. Any posssibility? > > Miguel > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
attached mail follows:
On Thursday 16 January 2003 00:54, Miguel Brás wrote: > Hi gents, > > i have a script to manage the registered users on my site. > have also a table with id, name, uname, passwrd, email, datejoined, level > and status > > my question is... > it there any possibility to inform a member by mail that his (let'say) > current status changed from inactive to active, or from active to inactive? > I mean, whenever a change occur on member's details, a mail is sent to him > telling what was changed. Any posssibility?
Yes, use the mail() command.
-- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development */* The difficult we do today; the impossible takes a little longer. */
attached mail follows:
Hi,
How could I download phpBB? I tryed in http://www.phpbb.com/index.php but I couldn't.
Thanks. Un saludo.
Félix García Renedo ( felixuva.es )
attached mail follows:
-- Maxim Maletsky maximFélix García Renedo <felix
> Hi, > > How could I download phpBB? > I tryed in http://www.phpbb.com/index.php but I couldn't. > > Thanks. > Un saludo. > > Félix García Renedo ( felix
attached mail follows:
My company's website rely heavily on $_SERVER["HTTP_REFERER"] and it use Session ID also. Problem is HTTP_REFERER is not reliable because it's data come from the web browser, just like javascript in a way. When I use the Hier Menus or the javascript, 'location.replace', it prevent the HTTP_REFERER from working and it instead show a blank.
I have been experimenting with a new sway of checking. Is there a way that Session ID that can completely replace the HTTP_REFERER? HTTP_REFERER have been a lot of help for my company's website because it prevent the direct access attempt without logging in. This is pretty important for the credit bureau.
I'm open to your ideas and what you use...
Thanks, Scott F.
attached mail follows:
Greetings, I am having a very peculiar problem trying to use imagecreatefromjpeg (indeed, ANY of the imagecreatefrom... functions) under both Windows and FreeBSD.
First off, here are my server specs: Win: apache 1.3.23, php 4.2.1, GD 2.0 or better BSD: apache 1.3.26, php 4.2.3, GD 2.0 or better
And now the problem: I am trying to use imagecreatefromjpg() to load in an image so that I can copy parts of it to other images. Here;s the code: $orig = imagecreatefromjpeg('46880_img.jpg');
// initialize the image parts for the email form $cell1 = imagecreate (468, 29); $cell2 = imagecreate (231, 25); $cell5 = imagecreate (468, 26);
//copy the parts of the original banner to the individual cell images imagecopy($cell1, $orig, 0,0,0,0,468, 29); imagecopy($cell2, $orig, 0,0,0,29,231, 25); imagecopy($cell5, $orig, 0,0,0,54,486, 26);
$c1 = imagejpeg ( $cell1, "cell1_img.jpg",80); $c2 = imagejpeg ( $cell2, "cell2_img.jpg",80); $c5 = imagejpeg ( $cell5, "cell5_img.jpg",80); $c7 = imagejpeg ( $orig, "orig_img.jpg",80);
On windows, I get: "php.exe has generated errors and will be closed by windows". The apache error log shows: "Premature end of script headers: f:/nusphere/apache/php/php.exe"
On BSD, I get: DNS error in IE Netscape just waits forever.
If I comment out the imagecreatefromjpeg function, the script behaves as expected on both systems: The imagecopy functions complain that the original image doesn't exist.
Note: I have tried to fopen the image, and use imagecreatefromstring with the exact same results. Is this a problem with GD? Is there a workaround?
Thanks, Keith
attached mail follows:
Hi,
I asked previously about the differences between the two and the concensus was any differences are in the operating systems themselves and not with PHP. Knowing this, how do I get rid of these errors that keep coming up in Windows, that don't in Linux. One specific one is "Notice: Undefined variable: add in E:\IIS Webs\address.php on line 3"
Someone said to turn on register_globals which I have. Another suggestion
was to put a sign in from of all variables. This is a real pain. Anyone
have any other suggestions, or is this basically it?
Also, is there anything else that anyone can think of that I may have to look forward to using PHP under Windows?
TIA
attached mail follows:
global register had nothing to do with it. It's the configuration in the PHP.INI.
Look for error_report & display_error in php.ini. Once you reduced the
error messages on the webpages, then put hte in front of the php variable
or function....
Windows is not equal to Linux or Unix. Windows is not even a language environment like Linux or Unix do. So, we're gonna have to deal with M$ Window.
"Beauford.2002" <beauford.2002rogers.com> wrote in message
news:000901c2bcbe$d18c34b0$6401a8c0p1...
> Hi,
>
> I asked previously about the differences between the two and the concensus
> was any differences are in the operating systems themselves and not with
> PHP. Knowing this, how do I get rid of these errors that keep coming up in
> Windows, that don't in Linux. One specific one is "Notice: Undefined
> variable: add in E:\IIS Webs\address.php on line 3"
>
> Someone said to turn on register_globals which I have. Another suggestion
> was to put a sign in from of all variables. This is a real pain. Anyone
> have any other suggestions, or is this basically it?
>
> Also, is there anything else that anyone can think of that I may have to
> look forward to using PHP under Windows?
>
> TIA
>
>
>
attached mail follows:
Set your php.ini file and error reporting as such:
error_reporting = E_ALL & ~E_NOTICE
See if that helps with the undefined notice.
jeff
----- Original Message -----
From: "Beauford.2002" <beauford.2002rogers.com>
To: "PHP General" <php-generallists.php.net>
Sent: Wednesday, January 15, 2003 12:52 PM
Subject: [PHP] Windows PHP vs Linux PHP
> Hi,
>
> I asked previously about the differences between the two and the concensus
> was any differences are in the operating systems themselves and not with
> PHP. Knowing this, how do I get rid of these errors that keep coming up in
> Windows, that don't in Linux. One specific one is "Notice: Undefined
> variable: add in E:\IIS Webs\address.php on line 3"
>
> Someone said to turn on register_globals which I have. Another suggestion
> was to put a sign in from of all variables. This is a real pain. Anyone
> have any other suggestions, or is this basically it?
>
> Also, is there anything else that anyone can think of that I may have to
> look forward to using PHP under Windows?
>
> TIA
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
>
attached mail follows:
> -----Original Message-----
> From: Jeff Lewis [mailto:jeffhyrum.net]
> Sent: Wednesday, January 15, 2003 1:00 PM
> To: Beauford.2002; PHP General
> Subject: Re: [PHP] Windows PHP vs Linux PHP
>
>
> Set your php.ini file and error reporting as such:
>
> error_reporting = E_ALL & ~E_NOTICE
Or initialize your variables before using them ... especially true if register_globals is on.
attached mail follows:
Well, beaten to it......
"Scott Fletcher" <scottabcoa.com> wrote in message
news:20030115175846.70416.qmailpb1.pair.com...
> global register had nothing to do with it. It's the configuration in the
> PHP.INI.
>
> Look for error_report & display_error in php.ini. Once you reduced the
> error messages on the webpages, then put hte in front of the php
variable
> or function....
>
> Windows is not equal to Linux or Unix. Windows is not even a language
> environment like Linux or Unix do. So, we're gonna have to deal with M$
> Window.
>
> "Beauford.2002" <beauford.2002rogers.com> wrote in message
> news:000901c2bcbe$d18c34b0$6401a8c0p1...
> > Hi,
> >
> > I asked previously about the differences between the two and the
concensus
> > was any differences are in the operating systems themselves and not with
> > PHP. Knowing this, how do I get rid of these errors that keep coming up
in
> > Windows, that don't in Linux. One specific one is "Notice: Undefined
> > variable: add in E:\IIS Webs\address.php on line 3"
> >
> > Someone said to turn on register_globals which I have. Another
suggestion
> > was to put a sign in from of all variables. This is a real pain.
Anyone
> > have any other suggestions, or is this basically it?
> >
> > Also, is there anything else that anyone can think of that I may have to
> > look forward to using PHP under Windows?
> >
> > TIA
> >
> >
> >
>
>
attached mail follows:
>> Set your php.ini file and error reporting as such: >> >> error_reporting = E_ALL & ~E_NOTICE
>Or initialize your variables before using them ... especially true if >register_globals is on.
Yeah, that's the best recommendation. Especially if you plan on distributing your code for others to use, where you have no idea of the error setting on their machines. Sure, you can set it with error_reporting() in your script, but maybe they don't want it changed, regardless if it's just for your script.
---John Holmes..
attached mail follows:
it has to do with declaring all php variables before using them in the script.
$var='';
then do something with the variable.
Jim
----- Original Message -----
From: "Beauford.2002" <beauford.2002rogers.com>
To: "PHP General" <php-generallists.php.net>
Sent: Wednesday, January 15, 2003 9:52 AM
Subject: [PHP] Windows PHP vs Linux PHP
> Hi,
>
> I asked previously about the differences between the two and the concensus
> was any differences are in the operating systems themselves and not with
> PHP. Knowing this, how do I get rid of these errors that keep coming up in
> Windows, that don't in Linux. One specific one is "Notice: Undefined
> variable: add in E:\IIS Webs\address.php on line 3"
>
> Someone said to turn on register_globals which I have. Another suggestion
> was to put a sign in from of all variables. This is a real pain. Anyone
> have any other suggestions, or is this basically it?
>
> Also, is there anything else that anyone can think of that I may have to
> look forward to using PHP under Windows?
>
> TIA
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
attached mail follows:
I did once read the article on the website about using PHP and Flash. As we know, that HTML & Javascript is client side and the PHP is the server side. The Flash help to bridge that gap by acting as a glue that hold them together. So, it is indeed possible for the Flash to contact the PHP server to get data and display it without having to refresh the web browser. It's a really great article on how to do it.
Unfortunately, I don't remember where on the internet. I found it on Google in the past.
"Mh" <mindhuntermailbox.co.za> wrote in message
news:20030115133443.33553.qmailpb1.pair.com...
> Hi,
>
> I want to create dynamic graphs with PHP and Flash for data that changes
> constantly (let's say every 2 seconds). The graphs must change visibly in
> the browser window without refreshing the page. Is this possible? I have
> read most that I could find on MING and searched the web as well, but
didn't
> have much luck. Is PHP/Flash approach the best?
>
> Any info/scripts/url's would be appreciated.
>
> TX
> MH
>
>
attached mail follows:
I have a script that turns certain words into links. That I am having no problems with, it is when I want to turn the links back in to plain text that I am having the problem. Below are my examples. And I know my regex is being greedy but I don't know how to stop it from being so damn greedy I thought the ? mark would help but it didn't. Any help would be appreciated. So here it goes:
The code:
$strStr = "This is <a href=test>USF</a> at <a href=test>Tampa</a>. This is <a href=test>USF</a> at <a href=test>Tampa</a>."; echo $strStr."<br>\n"; $strStr = preg_replace("/<a.*?>(Tampa)<\/a>/","\\1",$strStr); echo $strStr."<br>\n"; $strStr = preg_replace("/<a.*?>(USF)<\/a>/","\\1",$strStr); echo $strStr."<br>\n";
The output:
This is <a href=test>USF</a> at <a href=test>Tampa</a>. This is <a href=test>USF</a> at <a href=test>Tampa</a>. This is Tampa. This is Tampa. This is Tampa. This is Tampa.
The expected output:
This is <a href=test>USF</a> at <a href=test>Tampa</a>. This is <a href=test>USF</a> at <a href=test>Tampa</a>. This is <a href=test>USF</a> at Tampa. This is <a href=test>USF</a> at Tampa. This is USF at Tampa. This is USF at Tampa.
attached mail follows:
I figured out what I was doing wrong. My regexp should of looked like this /<a[^>]*>(Tampa)<\/a>/ and that made it more specific and kept it to that match.
Jason Lehman wrote: > I have a script that turns certain words into links. That I am having > no problems with, it is when I want to turn the links back in to plain > text that I am having the problem. Below are my examples. And I know > my regex is being greedy but I don't know how to stop it from being so > damn greedy I thought the ? mark would help but it didn't. Any help > would be appreciated. So here it goes: > > > The code: > > $strStr = "This is <a href=test>USF</a> at <a href=test>Tampa</a>. This > is <a href=test>USF</a> at <a href=test>Tampa</a>."; > echo $strStr."<br>\n"; > $strStr = preg_replace("/<a.*?>(Tampa)<\/a>/","\\1",$strStr); > echo $strStr."<br>\n"; > $strStr = preg_replace("/<a.*?>(USF)<\/a>/","\\1",$strStr); > echo $strStr."<br>\n"; > > The output: > > This is <a href=test>USF</a> at <a href=test>Tampa</a>. This is <a > href=test>USF</a> at <a href=test>Tampa</a>. > This is Tampa. This is Tampa. > This is Tampa. This is Tampa. > > The expected output: > > This is <a href=test>USF</a> at <a href=test>Tampa</a>. This is <a > href=test>USF</a> at <a href=test>Tampa</a>. > This is <a href=test>USF</a> at Tampa. This is <a href=test>USF</a> at > Tampa. > This is USF at Tampa. This is USF at Tampa. >
attached mail follows:
> I have a script that turns certain words into links. That I am having > no problems with, it is when I want to turn the links back in to plain > text that I am having the problem. Below are my examples. And I know > my regex is being greedy but I don't know how to stop it from being so > damn greedy I thought the ? mark would help but it didn't. Any help > would be appreciated. So here it goes: > > > The code: > > $strStr = "This is <a href=test>USF</a> at <a href=test>Tampa</a>. This > is <a href=test>USF</a> at <a href=test>Tampa</a>."; > echo $strStr."<br>\n"; > $strStr = preg_replace("/<a.*?>(Tampa)<\/a>/","\\1",$strStr); > echo $strStr."<br>\n"; > $strStr = preg_replace("/<a.*?>(USF)<\/a>/","\\1",$strStr); > echo $strStr."<br>\n"; > > The output: > > This is <a href=test>USF</a> at <a href=test>Tampa</a>. This is <a > href=test>USF</a> at <a href=test>Tampa</a>. > This is Tampa. This is Tampa. > This is Tampa. This is Tampa. > > The expected output: > > This is <a href=test>USF</a> at <a href=test>Tampa</a>. This is <a > href=test>USF</a> at <a href=test>Tampa</a>. > This is <a href=test>USF</a> at Tampa. This is <a href=test>USF</a> at > Tampa. > This is USF at Tampa. This is USF at Tampa.
Well, a /U at the end of your pattern will make it so the regex isn't greedy. That may solve your problem.
Or you could try matching "/<a[^>]+>(Tampa)<\/a>/"
which will match an <a followed by anything that's not a >, followed by a >. So it essentially makes it ungreedy.
---John Holmes...
attached mail follows:
Thanks for the response. I found this web page (http://www.itworld.com/nl/perl/01112001/) right after I submitted my question. It was great for explaining regexp's greediness.
1lt John W. Holmes wrote: >>I have a script that turns certain words into links. That I am having >>no problems with, it is when I want to turn the links back in to plain >>text that I am having the problem. Below are my examples. And I know >>my regex is being greedy but I don't know how to stop it from being so >>damn greedy I thought the ? mark would help but it didn't. Any help >>would be appreciated. So here it goes: >> >> >>The code: >> >>$strStr = "This is <a href=test>USF</a> at <a href=test>Tampa</a>. This >>is <a href=test>USF</a> at <a href=test>Tampa</a>."; >>echo $strStr."<br>\n"; >>$strStr = preg_replace("/<a.*?>(Tampa)<\/a>/","\\1",$strStr); >>echo $strStr."<br>\n"; >>$strStr = preg_replace("/<a.*?>(USF)<\/a>/","\\1",$strStr); >>echo $strStr."<br>\n"; >> >>The output: >> >>This is <a href=test>USF</a> at <a href=test>Tampa</a>. This is <a >>href=test>USF</a> at <a href=test>Tampa</a>. >>This is Tampa. This is Tampa. >>This is Tampa. This is Tampa. >> >>The expected output: >> >>This is <a href=test>USF</a> at <a href=test>Tampa</a>. This is <a >>href=test>USF</a> at <a href=test>Tampa</a>. >>This is <a href=test>USF</a> at Tampa. This is <a href=test>USF</a> at >>Tampa. >>This is USF at Tampa. This is USF at Tampa. > > > Well, a /U at the end of your pattern will make it so the regex isn't > greedy. That may solve your problem. > > Or you could try matching "/<a[^>]+>(Tampa)<\/a>/" > > which will match an <a followed by anything that's not a >, followed by a >. > So it essentially makes it ungreedy. > > ---John Holmes... >
attached mail follows:
Hi all, Here is a question that might be too simple to be asked, but I need to know the answer: Is there a way to find out if PHP is compiled as a DSO or as a static module?
Thanx
attached mail follows:
phpinfo()
You can review the configuration command and in there view the command for apache...
static = --with-apache=../apache_1.3.27 dso = --with-apxs=/path/to/apxs
that should help you out or get you started...you can also verify in apache which module are built-in...
On Wed, 2003-01-15 at 11:08, Lic. Carlos A. Triana Torres wrote: > Hi all, > Here is a question that might be too simple to be asked, but I need to know the answer: Is there a way to find out if PHP is compiled as a DSO or as a static module? > > Thanx
--Ray Hunter email: bigdog
attached mail follows:
Hi Justin,
Thanks for that link, looks pretty interesting. I'll take a closer read later.
Cheers, Jord
-- Jordan Elver Eagles may soar high, but weasels don't get sucked into jet engines. -- David Brent (The Office)
attached mail follows:
I did what you suggested and I've attached the output - there's no $_SESSIONS array in there.
But I've managed to register session vars outside of this function I'm having trouble with so what's going on?
Duncan
-----Original Message-----
From: Timothy Hitchens (HiTCHO) [mailto:hitchophp.net]
Sent: 13 January 2003 10:04
To: 'Duncan Abbott'; php-generallists.php.net
Subject: RE: [PHP] Session wierdness...
Do this for me:
print_r($GLOBALS);
and see if you have the $_SESSIONS array visible.. you will need to view the output in a text editor as the print_r won't look good rendered in the browser.
Timothy Hitchens (HiTCHO)
Open Platform Consulting
e-mail: timhitcho.com.au
> -----Original Message-----
> From: Duncan Abbott [mailto:duncanphonicmonkey.net]
> Sent: Monday, 13 January 2003 1:05 AM
> To: php-generallists.php.net
> Subject: [PHP] Session wierdness...
>
>
> I can't seem to be able to set a session var from within a
> function in an include file....
>
> I have a call to a function at the top of my doc (but after
> session_start()) and if I write the line:
> $_SESSION['userData'] = test1; in the function body - it does
> nothing...
>
> .... but if I put this statement on the line above or below
> the call to the function, it works
>
> I've tried using session_register() instead but the same
> thing happens. The block of code is definitely being executed.
>
> Someone please please help me, I'm going insane. Thanks...
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
- text/plain attachment: printr.txt
attached mail follows:
Now what is the output if you do this outside of the function after registering a session var??
Timothy Hitchens (HiTCHO)
Open Source Consulting
e-mail: timhitcho.com.au
> -----Original Message-----
> From: Duncan Abbott [mailto:duncanphonicmonkey.net]
> Sent: Thursday, 16 January 2003 4:53 AM
> To: hitchophp.net; php-generallists.php.net
> Subject: RE: [PHP] Session wierdness...
>
>
> I did what you suggested and I've attached the output -
> there's no $_SESSIONS array in there.
>
> But I've managed to register session vars outside of this
> function I'm having trouble with so what's going on?
>
> Duncan
>
> -----Original Message-----
> From: Timothy Hitchens (HiTCHO) [mailto:hitchophp.net]
> Sent: 13 January 2003 10:04
> To: 'Duncan Abbott'; php-generallists.php.net
> Subject: RE: [PHP] Session wierdness...
>
>
> Do this for me:
>
> print_r($GLOBALS);
>
> and see if you have the $_SESSIONS array visible.. you will
> need to view the output in a text editor as the print_r won't
> look good rendered in the browser.
>
>
> Timothy Hitchens (HiTCHO)
> Open Platform Consulting
> e-mail: timhitcho.com.au
>
> > -----Original Message-----
> > From: Duncan Abbott [mailto:duncanphonicmonkey.net]
> > Sent: Monday, 13 January 2003 1:05 AM
> > To: php-generallists.php.net
> > Subject: [PHP] Session wierdness...
> >
> >
> > I can't seem to be able to set a session var from within a
> function in
> > an include file....
> >
> > I have a call to a function at the top of my doc (but after
> > session_start()) and if I write the line: $_SESSION['userData'] =
> > test1; in the function body - it does nothing...
> >
> > .... but if I put this statement on the line above or below
> the call
> > to the function, it works
> >
> > I've tried using session_register() instead but the same thing
> > happens. The block of code is definitely being executed.
> >
> > Someone please please help me, I'm going insane. Thanks...
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
>
>
>
attached mail follows:
Hi, I've been doing a little OOP lately and have a few questions. I want to build an application, there a re lots of elements to the application: Authentication, Database, Presentation, Error Handling etc.
Now, I want to code this cleanly and make it reusable. So, a class for each of these elements would be a good idea? Say I have an Authentication class. It has to run on it own. Should I build database, error methods into each of my classes? That seems to defeat the point in the first place?
At the moment I seem to struggling with how to do somthing right and well, rather than the actual code :)
Thanks for any advice you can give, Jord
-- Jordan Elver You don't have to be mad to work here! In fact we ask you to complete a medical questionnaire to ensure that you are not. -- David Brent (The Office)
attached mail follows:
> I've been doing a little OOP lately and have a few questions. > I want to build an application, there a re lots of elements to the > application: Authentication, Database, Presentation, Error Handling etc. > > Now, I want to code this cleanly and make it reusable. So, a class for each of > these elements would be a good idea? Say I have an Authentication class. It > has to run on it own. Should I build database, error methods into each of my > classes? That seems to defeat the point in the first place? > > At the moment I seem to struggling with how to do somthing right and well, > rather than the actual code.
I'd recommend you make a separate database class and error class that each of your other classes access. That would make it the most modular and re-usable.
---John Holmes...
attached mail follows:
> I'd recommend you make a separate database class and error class that each > of your other classes access. That would make it the most modular and > re-usable. > > ---John Holmes...
I was hoping someone would say that :) How could I code that though. I've only just started with OOP and don't understand how I can inherit methods to classes? Is it a good idea to create a new object within each class which, for example, needs to do database stuff or should I inherit the methods?
I haven't found any clear examples of this kind of OOP, only the real basics (which I still need help with by the way :) ).
Thanks for your help, Jord
-- Jordan Elver Is your work done? Are all pigs fed, watered and ready to fly?.... -- David Brent (The Office)
attached mail follows:
Hi Jordan,
If you are doing this to learn PHP, that is great, keep plugging. If you want to see working examples of the things you've described, there are a number of scripts out there, both in pear (pear.php.net) and at other repositories like phpbuilder.com and phpclasses.org. You would benefit from examining how other authors have solved the same problems even if you are simply trying to learn php
Take care, Greg
-- phpDocumentor http://www.phpdoc.org"Jordan Elver" <jordan.elver
attached mail follows:
I am beginning work on a new web-based application using PHP and MySQL. I have been doing a lot of reading about PHP security and web application security in general to make sure I am up-to-date on what is known in this area.
My style of PHP is to name all included files with a .php extension and of course this raises the problem of people accessing these script files directly. My main question is if all of the code inside an included PHP file is put inside one or more functions this should prevent anyone from running any of that code by directly calling that PHP file correct? There is no way for them to invoke a function just from a URL assuming I have no code at all outside the functions.
And this leads to another question... if I encapsulate most of my variables inside one or more classes doesn't this help protect against attacks also? Is there a way for someone to set a class variable to a value just from a GET or POST request (or even file or cookie)? As long as I am carefully validating what information I put into the object variable this seems to be a way of adding another layer of protection.
Any thoughts or comments regarding this and any other issues I should take into consideration regarding security are welcome.
Jacob
attached mail follows:
Most web accounts have at least one or two directory levels behind the public directory. Simply place the files behind the public directory and call them into your main script from there. Absolutely no reason those files need to be publically accessible. -Kevin
----- Original Message -----
From: "Jacob Copsey" <jacobskyhill.com>
To: <php-generallists.php.net>
Sent: Wednesday, January 15, 2003 1:02 PM
Subject: [PHP] Security in included PHP files
> I am beginning work on a new web-based application using PHP and MySQL. I > have been doing a lot of reading about PHP security and web application > security in general to make sure I am up-to-date on what is known in this > area. > > My style of PHP is to name all included files with a .php extension and of > course this raises the problem of people accessing these script files > directly. My main question is if all of the code inside an included PHP file > is put inside one or more functions this should prevent anyone from running > any of that code by directly calling that PHP file correct? There is no way > for them to invoke a function just from a URL assuming I have no code at all > outside the functions. > > And this leads to another question... if I encapsulate most of my variables > inside one or more classes doesn't this help protect against attacks also? > Is there a way for someone to set a class variable to a value just from a > GET or POST request (or even file or cookie)? As long as I am carefully > validating what information I put into the object variable this seems to be > a way of adding another layer of protection. > > Any thoughts or comments regarding this and any other issues I should take > into consideration regarding security are welcome. > > Jacob > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
attached mail follows:
True. But let's just call me anal retentive. :-) Let's say I didn't have the option of doing what you suggested. Are my ideas sound? Also, those ideas apply to top-level PHP scripts in an application.
Jacob
"Kevin Stone" <kevinhelpelf.com> wrote in message
news:007801c2bcd4$02d000f0$6601a8c0kevin...
> Most web accounts have at least one or two directory levels behind the
> public directory. Simply place the files behind the public directory and
> call them into your main script from there. Absolutely no reason those
> files need to be publically accessible.
> -Kevin
attached mail follows:
--- Jacob Copsey <jacobskyhill.com> wrote:
> My style of PHP is to name all included files with a .php
> extension and of course this raises the problem of people
> accessing these script files directly.
I always name included files *.inc myself, but that's a personal preference combined with a strong desire to adhere to strict naming conventions.
It is very easy to make sure people cannot access your include files directly. There are two common ways to do this, and I will mention my preference first.
1. Do not store your include files under document root. This is a very simple and straightforward approach that negates all of the types of questions you were asking.
2. Deny access to any file with an extension of inc. Of course, you would have to conform to a naming standard a bit more for this to work. A quick Google search revealed this example for Apache:
<Files ~ "\.inc$"> Order Allow, Deny Deny from all </Files>
Chris
attached mail follows:
I agree these are good solutions and I have considered them. However, I am looking for an all-inclusive solution that is code only within PHP that allows the admin of the application to copy the files to their server and not need to do any server specific configuration. That is why I don't name the included files with .inc. It would require configuration of the server to prevent downloading of those files and I don't want to require that step of people who choose to run the app on their server.
Thanks for the input!
Jacob
"Chris Shiflett" <shiflettphp.net> wrote in message
news:20030115205016.53901.qmailweb14304.mail.yahoo.com...
> --- Jacob Copsey <jacobskyhill.com> wrote:
> > My style of PHP is to name all included files with a .php
> > extension and of course this raises the problem of people
> > accessing these script files directly.
>
> I always name included files *.inc myself, but that's a
> personal preference combined with a strong desire to adhere
> to strict naming conventions.
>
> It is very easy to make sure people cannot access your
> include files directly. There are two common ways to do
> this, and I will mention my preference first.
>
> 1. Do not store your include files under document root.
> This is a very simple and straightforward approach that
> negates all of the types of questions you were asking.
>
> 2. Deny access to any file with an extension of inc. Of
> course, you would have to conform to a naming standard a
> bit more for this to work. A quick Google search revealed
> this example for Apache:
>
> <Files ~ "\.inc$">
> Order Allow, Deny
> Deny from all
> </Files>
>
> Chris
attached mail follows:
Have you thought about moving your include files outside of the web directory?
i.e. If your site is in ../apache/htdocs/web/mywbsite_folder then move your include files to ../apache/my_include_folder/ or something similar.
-john
=P e p i e D e s i g n s www.pepiedesigns.com Providing Solutions That Increase Productivity
Web Developement. Database. Hosting. Multimedia.
On Wed, 15 Jan 2003, Jacob Copsey wrote:
> I am beginning work on a new web-based application using PHP and MySQL. I > have been doing a lot of reading about PHP security and web application > security in general to make sure I am up-to-date on what is known in this > area. > > My style of PHP is to name all included files with a .php extension and of > course this raises the problem of people accessing these script files > directly. My main question is if all of the code inside an included PHP file > is put inside one or more functions this should prevent anyone from running > any of that code by directly calling that PHP file correct? There is no way > for them to invoke a function just from a URL assuming I have no code at all > outside the functions. > > And this leads to another question... if I encapsulate most of my variables > inside one or more classes doesn't this help protect against attacks also? > Is there a way for someone to set a class variable to a value just from a > GET or POST request (or even file or cookie)? As long as I am carefully > validating what information I put into the object variable this seems to be > a way of adding another layer of protection. > > Any thoughts or comments regarding this and any other issues I should take > into consideration regarding security are welcome. > > Jacob > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
attached mail follows:
--- Jacob Copsey <jacobskyhill.com> wrote:
> I agree these are good solutions and I have considered
> them. However, I am looking for an all-inclusive
> solution that is code only within PHP that allows the
> admin of the application to copy the files to their
> server and not need to do any server specific
> configuration.
This places a large restriction on your ability to provide the best solution. However, there are still a couple of things you might consider, though I'm not sure if you will be fond of them:
1. Force those who install your software to place include files outside of document root. I know a few applications that check this and will output an error with a brief description of the security hazard if the include files are found to be under document root. This way, you can be assured that by the time people get your application to work, the include files will no longer be under document root. A similar notion is to combine this with a Web-based installation program, where your application relocates the include files during installation.
2. If your users are using Apache, you can include a .htaccess file in the top-level directory of your application that denies access to *.inc files.
Maybe something like that will work for you.
Chris
attached mail follows:
Here's what I found so interesting....
This code, $_SERVER['HTTP_REFERER'] have worked without a problem when I use the latest Mozilla build. It even work with the HierMenus, location.replace('http://whatever.com'), and location.href = http://whatever.com...
This is a good news for PHP everywhere.
Unfortunately, Internet Explorer still have this bug.......
attached mail follows:
--- Scott Fletcher <scottabcoa.com> wrote:
> Here's what I found so interesting....
>
> This code, $_SERVER['HTTP_REFERER'] have worked without a
> problem when I use the latest Mozilla build. It even work
> with the HierMenus,
location.replace('http://whatever.com'),
> and location.href = http://whatever.com...
>
> This is a good news for PHP everywhere.
>
> Unfortunately, Internet Explorer still have this
> bug.......
What bug is that?
Is there a question here somewhere? I think I am having a hard time interpreting it.
Chris
attached mail follows:
It's not a PHP bug. Many PHP programmer tried to their best to use HTTP_REFERER so they can keep track of which webpages on the current website did the user last visited. That way, they can keep out the unauthorized access to the website without first logging in to the website.
Well, my company's website use both SSL and Session ID. They are good for starter but they aren't any secure if anyone can make a direct access without logging in. That's where I use HTTP_REFERER to see what last page did he or she visited, if the last page being visited is outside of my company's website then php moved the end user to the login page. It is pretty effective.
The common problem with the browsers is that they aren't compactible so HTTP_REFERER don't alway work right and sometime return a blank if those three are being used. I had been observing it for a few years. Those three are 1) HierMenus, 2) location.replace('') and 3) location.href=''. When either one of these are in use, some browsers return with a blank in HTTP_REFERER.
Cheers....
"Chris Shiflett" <shiflettphp.net> wrote in message
news:20030115205307.15329.qmailweb14302.mail.yahoo.com...
> --- Scott Fletcher <scottabcoa.com> wrote:
> > Here's what I found so interesting....
> >
> > This code, $_SERVER['HTTP_REFERER'] have worked without a
> > problem when I use the latest Mozilla build. It even work
> > with the HierMenus,
> location.replace('http://whatever.com'),
> > and location.href = http://whatever.com...
> >
> > This is a good news for PHP everywhere.
> >
> > Unfortunately, Internet Explorer still have this
> > bug.......
>
> What bug is that?
>
> Is there a question here somewhere? I think I am having a
> hard time interpreting it.
>
> Chris
attached mail follows:
try looking at sessions,
if they don't have a login session id send them to the login page otherwise they are logged in so let them see the page.
works for me
Best Wishes & Happy New Year
Paul Roberts
mailpaul-roberts.com
++++++++++++++++++++++++
----- Original Message -----
From: "Scott Fletcher" <scottabcoa.com>
To: <php-generallists.php.net>
Sent: Wednesday, January 15, 2003 9:07 PM
Subject: Re: [PHP] HTTP_REFERER work without a problem....
It's not a PHP bug. Many PHP programmer tried to their best to use HTTP_REFERER so they can keep track of which webpages on the current website did the user last visited. That way, they can keep out the unauthorized access to the website without first logging in to the website.
Well, my company's website use both SSL and Session ID. They are good for starter but they aren't any secure if anyone can make a direct access without logging in. That's where I use HTTP_REFERER to see what last page did he or she visited, if the last page being visited is outside of my company's website then php moved the end user to the login page. It is pretty effective.
The common problem with the browsers is that they aren't compactible so HTTP_REFERER don't alway work right and sometime return a blank if those three are being used. I had been observing it for a few years. Those three are 1) HierMenus, 2) location.replace('') and 3) location.href=''. When either one of these are in use, some browsers return with a blank in HTTP_REFERER.
Cheers....
"Chris Shiflett" <shiflettphp.net> wrote in message
news:20030115205307.15329.qmailweb14302.mail.yahoo.com...
> --- Scott Fletcher <scottabcoa.com> wrote:
> > Here's what I found so interesting....
> >
> > This code, $_SERVER['HTTP_REFERER'] have worked without a
> > problem when I use the latest Mozilla build. It even work
> > with the HierMenus,
> location.replace('http://whatever.com'),
> > and location.href = http://whatever.com...
> >
> > This is a good news for PHP everywhere.
> >
> > Unfortunately, Internet Explorer still have this
> > bug.......
>
> What bug is that?
>
> Is there a question here somewhere? I think I am having a
> hard time interpreting it.
>
> Chris
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
That wouldn't work if there is already a Session ID, so that's where HTTP_REFERER come into play.
Try it out by logging to any webpages with Session ID. Then copy the URL address with the Session ID already there. Paste it into an email and send it to a different computer. On the new computer, substitute a couple of alpha-numeric characters with a different one. Like replace any of the 5 characters with a different 5 characters. Finally, copy the URL address with the alter Session ID and paste it into the URL address of a browser and press enter. You'll find yourself being able to access the website without logging in. The $_SESSION data would not exist but it gave the hacker what they need to break in and hacker aren't pretty dumb, they can figure out to make it work along the way.
What so ironic is that the SSL can be established anyway.
"Paul Roberts" <mailpaul-roberts.com> wrote in message
news:021c01c2bcda$d007cde0$28ef86d9laptop1...
try looking at sessions,
if they don't have a login session id send them to the login page otherwise they are logged in so let them see the page.
works for me
Best Wishes & Happy New Year
Paul Roberts
mailpaul-roberts.com
++++++++++++++++++++++++
----- Original Message -----
From: "Scott Fletcher" <scottabcoa.com>
To: <php-generallists.php.net>
Sent: Wednesday, January 15, 2003 9:07 PM
Subject: Re: [PHP] HTTP_REFERER work without a problem....
It's not a PHP bug. Many PHP programmer tried to their best to use HTTP_REFERER so they can keep track of which webpages on the current website did the user last visited. That way, they can keep out the unauthorized access to the website without first logging in to the website.
Well, my company's website use both SSL and Session ID. They are good for starter but they aren't any secure if anyone can make a direct access without logging in. That's where I use HTTP_REFERER to see what last page did he or she visited, if the last page being visited is outside of my company's website then php moved the end user to the login page. It is pretty effective.
The common problem with the browsers is that they aren't compactible so HTTP_REFERER don't alway work right and sometime return a blank if those three are being used. I had been observing it for a few years. Those three are 1) HierMenus, 2) location.replace('') and 3) location.href=''. When either one of these are in use, some browsers return with a blank in HTTP_REFERER.
Cheers....
"Chris Shiflett" <shiflettphp.net> wrote in message
news:20030115205307.15329.qmailweb14302.mail.yahoo.com...
> --- Scott Fletcher <scottabcoa.com> wrote:
> > Here's what I found so interesting....
> >
> > This code, $_SERVER['HTTP_REFERER'] have worked without a
> > problem when I use the latest Mozilla build. It even work
> > with the HierMenus,
> location.replace('http://whatever.com'),
> > and location.href = http://whatever.com...
> >
> > This is a good news for PHP everywhere.
> >
> > Unfortunately, Internet Explorer still have this
> > bug.......
>
> What bug is that?
>
> Is there a question here somewhere? I think I am having a
> hard time interpreting it.
>
> Chris
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
--- Scott Fletcher <scottabcoa.com> wrote:
> Many PHP programmer tried to their best to use
> HTTP_REFERER so they can keep track of which
> webpages on the current website did the user
> last visited.
I think I see what you are referring to now.
The reason that many people (myself included) discourage the use of REFERER for this purpose is not only because support is inconsistent, but also because it is not required that a Web client send this header. In fact, the only required header in the latest version of HTTP (1.1) is the Host header. So, it really boils down to not depending on something that is not guaranteed to be there.
More reliable solutions usually incorporate some sort of shared secret between the client and the server. For example, say you have a form located at foo.php that submits to bar.php. Rather than checking the REFERER on bar.php to make sure it is foo.php, it is better to include a hidden form field on foo.php that is dynamically generated and stored in the user's session. You can be assured that the hidden form field will be included with the other form elements, so you can compare it to the value stored in the user's session and not run the risk of it being absent or blank (for the legitimate user, the good guy).
Of course, this is just one example of many, but the point is that you need to rely on something that is reliable. :-)
Chris
attached mail follows:
You can never fully rely on any information given to you by the browser. You can't rely it being accurate or even being there at all. What I suggest to you is code a solution around the IP address. The IP address of course, like any information coming from the client, can be tampered with but more than likely it's not going to change while the user is browsing your website. Right? So you just use it as a temporary ID. Log the IP to the database, track the IP's movements on your website, log those actions to a database. That's the best way to do it without having to force the user to login. If you're concerned about people browsing from network IP then code a solution using Sessions and track the session id. And finally if you need to know that a client has 'returned' to your website set a cookie on their computer. I'm sure you'll find ways to elaborate from there. You can do all of this without requiring the user to "login". -Kevin
----- Original Message -----
From: "Scott Fletcher" <scottabcoa.com>
To: <php-generallists.php.net>
Sent: Wednesday, January 15, 2003 2:07 PM
Subject: Re: [PHP] HTTP_REFERER work without a problem....
> It's not a PHP bug. Many PHP programmer tried to their best to use
> HTTP_REFERER so they can keep track of which webpages on the current
website
> did the user last visited. That way, they can keep out the unauthorized
> access to the website without first logging in to the website.
>
> Well, my company's website use both SSL and Session ID. They are good for
> starter but they aren't any secure if anyone can make a direct access
> without logging in. That's where I use HTTP_REFERER to see what last page
> did he or she visited, if the last page being visited is outside of my
> company's website then php moved the end user to the login page. It is
> pretty effective.
>
> The common problem with the browsers is that they aren't compactible so
> HTTP_REFERER don't alway work right and sometime return a blank if those
> three are being used. I had been observing it for a few years. Those
three
> are 1) HierMenus, 2) location.replace('') and 3) location.href=''. When
> either one of these are in use, some browsers return with a blank in
> HTTP_REFERER.
>
> Cheers....
>
> "Chris Shiflett" <shiflettphp.net> wrote in message
> news:20030115205307.15329.qmailweb14302.mail.yahoo.com...
> > --- Scott Fletcher <scottabcoa.com> wrote:
> > > Here's what I found so interesting....
> > >
> > > This code, $_SERVER['HTTP_REFERER'] have worked without a
> > > problem when I use the latest Mozilla build. It even work
> > > with the HierMenus,
> > location.replace('http://whatever.com'),
> > > and location.href = http://whatever.com...
> > >
> > > This is a good news for PHP everywhere.
> > >
> > > Unfortunately, Internet Explorer still have this
> > > bug.......
> >
> > What bug is that?
> >
> > Is there a question here somewhere? I think I am having a
> > hard time interpreting it.
> >
> > Chris
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
attached mail follows:
I agree with you on that. Having something that is reliable is not a bad idea. Anyway, this HTTP_REFERER script have been in use for 4 years and we sometime very little have problem with it. It the HTTP_REFERER doesn't work then all the user will experienced is a direct access attempt and be brought to the login page, it's part of the fail-safe code. I haven't come up with an alternative to HTTP_REFERER that work even better than this. So, better safe than sorry. :-)
"Chris Shiflett" <shiflettphp.net> wrote in message
news:20030115212721.66116.qmailweb14311.mail.yahoo.com...
> --- Scott Fletcher <scottabcoa.com> wrote:
> > Many PHP programmer tried to their best to use
> > HTTP_REFERER so they can keep track of which
> > webpages on the current website did the user
> > last visited.
>
> I think I see what you are referring to now.
>
> The reason that many people (myself included) discourage
> the use of REFERER for this purpose is not only because
> support is inconsistent, but also because it is not
> required that a Web client send this header. In fact, the
> only required header in the latest version of HTTP (1.1) is
> the Host header. So, it really boils down to not depending
> on something that is not guaranteed to be there.
>
> More reliable solutions usually incorporate some sort of
> shared secret between the client and the server. For
> example, say you have a form located at foo.php that
> submits to bar.php. Rather than checking the REFERER on
> bar.php to make sure it is foo.php, it is better to include
> a hidden form field on foo.php that is dynamically
> generated and stored in the user's session. You can be
> assured that the hidden form field will be included with
> the other form elements, so you can compare it to the value
> stored in the user's session and not run the risk of it
> being absent or blank (for the legitimate user, the good
> guy).
>
> Of course, this is just one example of many, but the point
> is that you need to rely on something that is reliable. :-)
>
> Chris
attached mail follows:
Or worse, not substituting the characters in the Session ID. Just use the same Session ID. What if there is leftover session file in the /tmp directory of the Unix machine and we're dealing with hundred of users each day. Some of those session files aren't deleted because the user just closed the browser without logging out. It is unfortunate that there is no better solution to this.
"Scott Fletcher" <scottabcoa.com> wrote in message
news:20030115212021.56474.qmailpb1.pair.com...
> That wouldn't work if there is already a Session ID, so that's where
> HTTP_REFERER come into play.
>
> Try it out by logging to any webpages with Session ID. Then copy the URL
> address with the Session ID already there. Paste it into an email and
send
> it to a different computer. On the new computer, substitute a couple of
> alpha-numeric characters with a different one. Like replace any of the 5
> characters with a different 5 characters. Finally, copy the URL address
> with the alter Session ID and paste it into the URL address of a browser
and
> press enter. You'll find yourself being able to access the website
without
> logging in. The $_SESSION data would not exist but it gave the hacker
what
> they need to break in and hacker aren't pretty dumb, they can figure out
to
> make it work along the way.
>
> What so ironic is that the SSL can be established anyway.
>
>
> "Paul Roberts" <mailpaul-roberts.com> wrote in message
> news:021c01c2bcda$d007cde0$28ef86d9laptop1...
> try looking at sessions,
>
> if they don't have a login session id send them to the login page
otherwise
> they are logged in so let them see the page.
>
> works for me
>
> Best Wishes & Happy New Year
>
> Paul Roberts
> mailpaul-roberts.com
> ++++++++++++++++++++++++
> ----- Original Message -----
> From: "Scott Fletcher" <scottabcoa.com>
> To: <php-generallists.php.net>
> Sent: Wednesday, January 15, 2003 9:07 PM
> Subject: Re: [PHP] HTTP_REFERER work without a problem....
>
>
> It's not a PHP bug. Many PHP programmer tried to their best to use
> HTTP_REFERER so they can keep track of which webpages on the current
website
> did the user last visited. That way, they can keep out the unauthorized
> access to the website without first logging in to the website.
>
> Well, my company's website use both SSL and Session ID. They are good for
> starter but they aren't any secure if anyone can make a direct access
> without logging in. That's where I use HTTP_REFERER to see what last page
> did he or she visited, if the last page being visited is outside of my
> company's website then php moved the end user to the login page. It is
> pretty effective.
>
> The common problem with the browsers is that they aren't compactible so
> HTTP_REFERER don't alway work right and sometime return a blank if those
> three are being used. I had been observing it for a few years. Those
three
> are 1) HierMenus, 2) location.replace('') and 3) location.href=''. When
> either one of these are in use, some browsers return with a blank in
> HTTP_REFERER.
>
> Cheers....
>
> "Chris Shiflett" <shiflettphp.net> wrote in message
> news:20030115205307.15329.qmailweb14302.mail.yahoo.com...
> > --- Scott Fletcher <scottabcoa.com> wrote:
> > > Here's what I found so interesting....
> > >
> > > This code, $_SERVER['HTTP_REFERER'] have worked without a
> > > problem when I use the latest Mozilla build. It even work
> > > with the HierMenus,
> > location.replace('http://whatever.com'),
> > > and location.href = http://whatever.com...
> > >
> > > This is a good news for PHP everywhere.
> > >
> > > Unfortunately, Internet Explorer still have this
> > > bug.......
> >
> > What bug is that?
> >
> > Is there a question here somewhere? I think I am having a
> > hard time interpreting it.
> >
> > Chris
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
>
>
attached mail follows:
--- Kevin Stone <kevinhelpelf.com> wrote:
> What I suggest to you is code a solution around the IP
> address. The IP address of course, like any information
> coming from the client, can be tampered with but more
> than likely it's not going to change while the user is
> browsing your website. Right?
Sorry to disagree, but this is incorrect. The IP address is a terrible metric for client identification. I mean, it is absolutely terrible.
Yes, it is easier for a potential attacker to spoof information at the HTTP level than the TCP/IP level, but that is no defense.
More (most?) importantly, there are two situations where you will run into trouble with legitimate users who are just trying to use your site:
1. The users are behind an HTTP proxy, which is a very popular configuration for business environments. Thus, the IP address will be that of the HTTP proxy, not the client. Many people will appear to be the same person.
2. The users are behind a round-robin HTTP proxy, such as all AOL users (a large number of Web users). One person can appear to be many different people.
Anyway, I hated to let that one go. Again, sorry to disagree, but relying on an IP address for client identification can lead to some very frustrating problems for inexperienced developers.
Chris
attached mail follows:
shiflettphp.net (Chris Shiflett) wrote:
>--- Scott Fletcher <scottabcoa.com> wrote:
>> Many PHP programmer tried to their best to use
>> HTTP_REFERER so they can keep track of which
>> webpages on the current website did the user
>> last visited.
>
>I think I see what you are referring to now.
>
>The reason that many people (myself included) discourage
>the use of REFERER for this purpose is not only because
>support is inconsistent, but also because it is not
>required that a Web client send this header. In fact, the
>only required header in the latest version of HTTP (1.1) is
>the Host header. So, it really boils down to not depending
>on something that is not guaranteed to be there.
It even dangerous to rely on HTTP_REFERER because it's not under your control. The client could set the HTTP headers itself (e.g. a php script using CURL, www.php.net/curl). You should at least combine the REFERER check with a valid session on your host or look for a corresponding log entry or something alike.
Christoph
attached mail follows:
--- Scott Fletcher <scottabcoa.com> wrote:
> Or worse, not substituting the characters in the
> Session ID. Just use the same Session ID. What if
> there is leftover session file in the /tmp
> directory of the Unix machine and we're dealing
> with hundred of users each day. Some of those
> session files aren't deleted because the user
> just closed the browser without logging out. It
> is unfortunate that there is no better solution to
> this.
Actually, there is a better solution.
Your observations are perfectly valid and correct. If the session ID is given complete trust (which is the case for many people, unfortunately, especially with the default configuration for sessions), then there are many security risks. Given your observations, I think you are on the right track to developing more secure state and session management mechanisms yourself.
I am actually considering submitting a proposal to speak about this topic (well, Web application security with PHP in general) at OSCON and perhaps the PHP Conference coming in May. The reason that many people are hesitant to offer solutions is because no solution is perfectly secure. There are, however, many reliable methods you can use that will not adversely affect your legitimate users in any way and make life a bit harder for the bad guys.
A common example I give just to get you going is that you can store the user agent in a session variable. While all Web clients may not send the User-Agent header, you can be assured that those that do will send the same User-Agent header for every request. Verifying this against the session variable can at least prevent the copy/paste from an email attack that you mentioned unless the attacker replicates the exact same User-Agent header.
Anyway, you have very valid points. Hopefully I will get the chance to speak about this in more depth at a conference soon, and if not, I will probably at least write an article on it.
Chris
attached mail follows:
That sound wonderful!!! I'm looking forward to hearing about this in the near future...
Thanks, Scott F.
"Chris Shiflett" <shiflettphp.net> wrote in message
news:20030115215804.74315.qmailweb14307.mail.yahoo.com...
> --- Scott Fletcher <scottabcoa.com> wrote:
> > Or worse, not substituting the characters in the
> > Session ID. Just use the same Session ID. What if
> > there is leftover session file in the /tmp
> > directory of the Unix machine and we're dealing
> > with hundred of users each day. Some of those
> > session files aren't deleted because the user
> > just closed the browser without logging out. It
> > is unfortunate that there is no better solution to
> > this.
>
> Actually, there is a better solution.
>
> Your observations are perfectly valid and correct. If the
> session ID is given complete trust (which is the case for
> many people, unfortunately, especially with the default
> configuration for sessions), then there are many security
> risks. Given your observations, I think you are on the
> right track to developing more secure state and session
> management mechanisms yourself.
>
> I am actually considering submitting a proposal to speak
> about this topic (well, Web application security with PHP
> in general) at OSCON and perhaps the PHP Conference coming
> in May. The reason that many people are hesitant to offer
> solutions is because no solution is perfectly secure. There
> are, however, many reliable methods you can use that will
> not adversely affect your legitimate users in any way and
> make life a bit harder for the bad guys.
>
> A common example I give just to get you going is that you
> can store the user agent in a session variable. While all
> Web clients may not send the User-Agent header, you can be
> assured that those that do will send the same User-Agent
> header for every request. Verifying this against the
> session variable can at least prevent the copy/paste from
> an email attack that you mentioned unless the attacker
> replicates the exact same User-Agent header.
>
> Anyway, you have very valid points. Hopefully I will get
> the chance to speak about this in more depth at a
> conference soon, and if not, I will probably at least write
> an article on it.
>
> Chris
attached mail follows:
I understand. To combine the Session Id with HTTP_REFERER sound good but it didn't work too well. I'm still open to idea... :-) Fortunately, not many people know it because it is done behind the scene, so they'll have a lot more to guess about what's working behind the scene.
"Christoph Grottolo" <cggordimer.net> wrote in message
news:5skb2vcr64q04vo104pq8gfn03uce5b2ks4ax.com...
> shiflettphp.net (Chris Shiflett) wrote:
>
> >--- Scott Fletcher <scottabcoa.com> wrote:
> >> Many PHP programmer tried to their best to use
> >> HTTP_REFERER so they can keep track of which
> >> webpages on the current website did the user
> >> last visited.
> >
> >I think I see what you are referring to now.
> >
> >The reason that many people (myself included) discourage
> >the use of REFERER for this purpose is not only because
> >support is inconsistent, but also because it is not
> >required that a Web client send this header. In fact, the
> >only required header in the latest version of HTTP (1.1) is
> >the Host header. So, it really boils down to not depending
> >on something that is not guaranteed to be there.
>
> It even dangerous to rely on HTTP_REFERER because it's not under your
> control. The client could set the HTTP headers itself (e.g. a php
> script using CURL, www.php.net/curl). You should at least combine the
> REFERER check with a valid session on your host or look for a
> corresponding log entry or something alike.
>
> Christoph
attached mail follows:
Here's one way I can do, I checked the session id in the HTTP_REFERER and grab the existing session id in the database table. This is still not an effective method.
"Christoph Grottolo" <cggordimer.net> wrote in message
news:5skb2vcr64q04vo104pq8gfn03uce5b2ks4ax.com...
> shiflettphp.net (Chris Shiflett) wrote:
>
> >--- Scott Fletcher <scottabcoa.com> wrote:
> >> Many PHP programmer tried to their best to use
> >> HTTP_REFERER so they can keep track of which
> >> webpages on the current website did the user
> >> last visited.
> >
> >I think I see what you are referring to now.
> >
> >The reason that many people (myself included) discourage
> >the use of REFERER for this purpose is not only because
> >support is inconsistent, but also because it is not
> >required that a Web client send this header. In fact, the
> >only required header in the latest version of HTTP (1.1) is
> >the Host header. So, it really boils down to not depending
> >on something that is not guaranteed to be there.
>
> It even dangerous to rely on HTTP_REFERER because it's not under your
> control. The client could set the HTTP headers itself (e.g. a php
> script using CURL, www.php.net/curl). You should at least combine the
> REFERER check with a valid session on your host or look for a
> corresponding log entry or something alike.
>
> Christoph
attached mail follows:
Chris I appreciate your response but please read my post again. I did not suggest using the IP for user identification. I suggested using it as a temporary id. I went on further to suggest to use sessions to identify individual users behind a proxy server. -Kevin
----- Original Message -----
From: "Chris Shiflett" <shiflettphp.net>
To: "Kevin Stone" <kevinhelpelf.com>; <php-generallists.php.net>
Sent: Wednesday, January 15, 2003 2:37 PM
Subject: Re: Fw: [PHP] HTTP_REFERER work without a problem....
> --- Kevin Stone <kevinhelpelf.com> wrote:
> > What I suggest to you is code a solution around the IP
> > address. The IP address of course, like any information
> > coming from the client, can be tampered with but more
> > than likely it's not going to change while the user is
> > browsing your website. Right?
>
> Sorry to disagree, but this is incorrect. The IP address is
> a terrible metric for client identification. I mean, it is
> absolutely terrible.
>
> Yes, it is easier for a potential attacker to spoof
> information at the HTTP level than the TCP/IP level, but
> that is no defense.
>
> More (most?) importantly, there are two situations where
> you will run into trouble with legitimate users who are
> just trying to use your site:
>
> 1. The users are behind an HTTP proxy, which is a very
> popular configuration for business environments. Thus, the
> IP address will be that of the HTTP proxy, not the client.
> Many people will appear to be the same person.
>
> 2. The users are behind a round-robin HTTP proxy, such as
> all AOL users (a large number of Web users). One person can
> appear to be many different people.
>
> Anyway, I hated to let that one go. Again, sorry to
> disagree, but relying on an IP address for client
> identification can lead to some very frustrating problems
> for inexperienced developers.
>
> Chris
>
>
attached mail follows:
How can I get the file() function to ignore the first three lines of a file it is reading in?
I have a site with:
<?PHP require("membercheck.php"); ?> ... rest of file
at the top of all the pages to control user logins. The problem is the file() function only reads in the contents of that file, not the rest of the contents after the require statement.
Is there a way to tell file() to ignore the first three lines?
attached mail follows:
To: php-general
lists.php.net
From: Malcolm Brownell <malcolmmbrownell.com>
Message-ID: <1103_1042665314news.php.net>
Date: Wed, 15 Jan 2003 21:15:14 GMT
Content-Type: text/plain; charset="windows-1252"
Subject: Version Upgrade on Apache/win
Hello all,
I'm having trouble with upgrading my php 4.1.1 to 4.3. I have Apache 1.3.2 /php 4.1.1/Mysql 3.23.39 on winME. It has been running fine but I can't make php 4.3 work. I have installed 4.3 to a directory next to my current php. I put 4.3 in /php43 and have php 4.1.1 in /php in the same directory. When I switch the directory in httpd.conf to php43 and restart Apache it says it can't LoadModule php4_module /php43/sapi/php4apache.dll but if I switch back to /php it starts right up. All of the files in php exist in php43. The names are all the same anyway. The two installations of php appear almost identical but Apache doesn't like the new one. What am I missing ?
attached mail follows:
Dear PHP Gurus:
I'm looking for a way to timeout an fopen function. I'm doing some link checking inside of a for loop and some links "hang" rather than return a definitive "can't connect" or "can connect." (Pardon the highly technical jargon there...)
In cases where my link hangs, I'd like to simply display a message (i.e., "hanging") and advance to the next loop.
I have search the docs/forumns far and wide and can't find anything definitive. As far as I can tell socket_set_timeout won't quite do what I want it to.
Any ideas? Here's the important part of my code:
for ()
{
echo "Checking: $link : \n"; flush();
$fp = fopen($link, "r");
if (!$fp) { echo "<font class=linksred>The link is dead!</font>"; }
else { fclose($fp); echo "<font class=linksgreen>The link is working!</font>"; }
echo "<br><bR>";
echo "</font>";
}
Thanks in advance!
attached mail follows:
Hi Everyone,
I'm trying to use MySQL to store some general settings for a site I am
working on, which I was then going to access as session variables on
pages as needed without having to call the dB each time. However I am
having problems setting the name of the session variable in a way that I
can reference it later. The code I am trying to use is:
===============================================================
session_start();
$connection =
mysql_connect("$MySQLHost","$MySQLUser","$MySQLPassword") or
die("Unable to connect to MySQL Host. ".mysql_error() );
$db = mysql_select_db($MySQLdB, $connection) or die("Unable to
connect to MySQL dB. ".mysql_error() );
$query = "SELECT * FROM config WHERE status = 1";
$result = mysql_query($query,$connection) or die("Unable to execute
select query. ".mysql_error() );
$num_rows = mysql_numrows($result);
while ($row = mysql_fetch_array($result))
{
$config_$row[config_id] = $row[config_value];
session_register(config_$row[config_id]);
}
mysql_free_result($result);
mysql_close($connection);
===============================================================
Any pointers much appreciated.
Stephen
attached mail follows:
Date: Wed, 15 Jan 2003 16:20:47 -0600 (CST) From: Mark Heintz PHP Mailing Lists <heintzphp
mail.groupm7.com>
To: Stephen of Blank Canvas <stephenblankcanvas.info>
cc: php-generallists.php.net
Message-ID: <Pine.LNX.4.44.0301151613390.1774-100000mail.groupm7.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: Re: [PHP] Setting session variables from a MySQL field value.
The problem may be your variable variable syntax... See if the following works:
while ($row = mysql_fetch_array($result)) { session_register('config_'.$row['config_id']); ${'config_'.$row['config_id']} = $row['config_value']; }
Although I personally prefer using the session superglobal over session_register, which means you'd just need a string for the key value and can avoid variable variables altogether...
while ($row = mysql_fetch_array($result)) { $_SESSION['config_'.$row['config_id']] = $row['config_value']; }
mh.
On Wed, 15 Jan 2003, Stephen of Blank Canvas wrote:
> Hi Everyone,
>
> I'm trying to use MySQL to store some general settings for a site I am
> working on, which I was then going to access as session variables on
> pages as needed without having to call the dB each time. However I am
> having problems setting the name of the session variable in a way that I
> can reference it later. The code I am trying to use is:
>
> ===============================================================
> session_start();
> $connection =
> mysql_connect("$MySQLHost","$MySQLUser","$MySQLPassword") or
> die("Unable to connect to MySQL Host. ".mysql_error() );
> $db = mysql_select_db($MySQLdB, $connection) or die("Unable to
> connect to MySQL dB. ".mysql_error() );
> $query = "SELECT * FROM config WHERE status = 1";
> $result = mysql_query($query,$connection) or die("Unable to execute
> select query. ".mysql_error() );
> $num_rows = mysql_numrows($result);
>
> while ($row = mysql_fetch_array($result))
> {
> $config_$row[config_id] = $row[config_value];
> session_register(config_$row[config_id]);
> }
>
> mysql_free_result($result);
> mysql_close($connection);
> ===============================================================
>
> Any pointers much appreciated.
>
> Stephen
>
attached mail follows:
Hello all,
I'm have a PHP script that works in a folder.. for the sake of clarity we'll call it c:\project
In c:\project\htmls there are several HTML documents which refer to images in the project\htmls directory with tags like <img src="file.gif">
In my PHP script in c:\project I include "htmls/file.html" and the HTML file renders alright from the script, but the image's path is c:\project\file.gif when the page is rendered, not c:\project\htmls\file.gif like it should be. Is there any way to change the "working directory" so when I include a file images are on the page, too?
Thanks in advance!
-- Ryan Cassin rcassin
attached mail follows:
It would probably be best to include the absolute path to the images. so instead of: <img src="file.gif"> use: <img src='c:\project\htmls\file.gif'> Is something like that possible? Otherwise at the very least you should use: <img src='htmls\file.gif'> HTH -Brad Ryan wrote:
> Hello all,
>
> I'm have a PHP script that works in a folder.. for the sake of clarity we'll
> call it c:\project
>
> In c:\project\htmls there are several HTML documents which refer to images
> in the project\htmls directory with tags like <img src="file.gif">
>
> In my PHP script in c:\project I include "htmls/file.html" and the HTML file
> renders alright from the script, but the image's path is c:\project\file.gif
> when the page is rendered, not c:\project\htmls\file.gif like it should be.
> Is there any way to change the "working directory" so when I include a file
> images are on the page, too?
>
> Thanks in advance!
>
> --
> Ryan Cassin
> rcassinsupernova.org
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
No unfortunately something like that isn't possible... The HTML files are generated by a closed-source application.
-----Original Message-----
From: Brad Bonkoski [mailto:bbonkosktampabay.rr.com]
Sent: Wednesday, January 15, 2003 5:04 PM
To: Ryan
Cc: php-generallists.php.net
Subject: Re: [PHP] include question
It would probably be best to include the absolute path to the images. so instead of: <img src="file.gif"> use: <img src='c:\project\htmls\file.gif'> Is something like that possible? Otherwise at the very least you should use: <img src='htmls\file.gif'> HTH -Brad Ryan wrote:
> Hello all, > > I'm have a PHP script that works in a folder.. for the sake of clarity
> we'll call it c:\project
>
> In c:\project\htmls there are several HTML documents which refer to
> images in the project\htmls directory with tags like <img
> src="file.gif">
>
> In my PHP script in c:\project I include "htmls/file.html" and the
> HTML file renders alright from the script, but the image's path is
> c:\project\file.gif when the page is rendered, not
> c:\project\htmls\file.gif like it should be. Is there any way to
> change the "working directory" so when I include a file images are on
> the page, too?
>
> Thanks in advance!
>
> --
> Ryan Cassin
> rcassinsupernova.org
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
bbonkosktampabay.rr.com (Brad Bonkoski) wrote:
>It would probably be best to include the absolute path to the images. >so instead of: <img src="file.gif"> use: <img src='c:\project\htmls\file.gif'> >Is something like that possible?
??? forget this... this will only work on some browsers and as long as you keep the files exactly there.
>Otherwise at the very least you should use: <img src='htmls\file.gif'>
<img src="htmls/file.gif"> (slash instead of back slash).
>> In c:\project\htmls there are several HTML documents which refer to images >> in the project\htmls directory with tags like <img src="file.gif"> >> >> In my PHP script in c:\project I include "htmls/file.html" and the HTML file >> renders alright from the script, but the image's path is c:\project\file.gif >> when the page is rendered, not c:\project\htmls\file.gif like it should be.
If you include a file into a php script like you do, the HTML-paths will be relative to that php script, not to the original HTML-file. PHP includes the file as is (imagine it puts the HTML code at the place of the include statement) The browser does not know that there is another HTML file, it only sees the output of the php script.
Christoph
attached mail follows:
Hi,
i'm having a problem. I just installed a webserver with mysql and php. I copied my files that i had stored on another webserver to my new. I didn't change anything to these files and the files worked fine on the other server.
Now in this server i get this error with a template: Template Error: filename: file ./templates/nav_left_body.tpl.php does not exist. Halted
But that file does exist. I can see it through ftp an i can get to it via http browser.
What could be wrong? Could it be a config failure in my php.ini? Or in httpd.conf? In case it is the config, what could it be?
Thanks in advance!!
attached mail follows:
I can't seem to find any examples of code using getopt() around. I'm thinking not many people use php for command line shell scripts.
Here is what i came up with for getopt();
<? $options = getopt("a:bc");
reset($options); while(list($key, $value) = each($options)) { switch ($key) { case 'b': $B=1; break; case 'a': $A=$value; break; case 'c': $C=1; break; default: echo "unknown option"; // print usage or something break; } } ?>
The problem with this is it never hits default in the switch. If you give an argument that it doesn't know about it accepts it without doing anything and without an error, same thing if you don't give a value for an argument thats supposed to have one (like -a above). Oh and --long arguments would be nice too.
So why not use the Console/Getopt.php library you ask. Because i can't figure out how to parse the output array. I can figure out the first part
<? require 'Console/Getopt.php';
$optclass = new Console_Getopt; $args = $optclass->readPHPArgv(); array_shift($args);
$shortoptions = "a:bc"; $longoptions = array("long", "alsolong=", "doublelong==");
$options = $optclass->getopt( $args, $shortoptions, $longoptions); print_r($options); ?>
But that returns an array with more then one dimension and i have no idea how to loop though to set variables like i did with getopt().
My questions are what is the preferred way to get command line options, is there a way to give errors and take long arguments with getopt(), and how would one parse though the array returned from $optclass->getopt?
Code examples of anyone using getopt(); or Getopt.php would be greatly appreciated.
thanks
eli
PS anyone ever thought of setting up a website and maybe mailing list devoted to php as a shell scripting language (not web scripting)
attached mail follows:
Hello
I am trying to make use of sessions to auhenticate users on the secure parts of the website. Things seems to work fine...but I keep getting this warning. Can some one pl explain what this means ... Warning: Cannot send session cache limiter - headers already sent (output started at /Users/pgarcha/Sites/edit.php:7) in /Users/pgarcha/Sites/edit.php on line 8
Thanks in advance --pS
Pushpinder Singh Garcha
attached mail follows:
Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit MIME-Version: 1.0 To: php-general
lists.php.net
From: janetvalade.com
Date: Wed, 15 Jan 2003 16:53:18 -0800 (PST)
Message-Id: <20030115165319.28313.h005.c000.wmmail.valade.com.criticalpath.net>
Subject: Re: [PHP] Session Problem
In a message dated 1/15/2003 4:18:10 PM Pacific Standard Time,
pgarchaadelphia.net writes:
>I am trying to make use of sessions to auhenticate users on the secure >parts of the website. Things seems to work fine...but I keep getting >this warning. Can some one pl explain what this means ... >Warning: Cannot send session cache limiter - headers already sent >(output started at /Users/pgarcha/Sites/edit.php:7) in >/Users/pgarcha/Sites/edit.php on line 8
Headers must be sent before any other output is sent. This message is telling you that some output was sent on line 7, so now it can't send a header (like for a session) on line 8. You need to open your session before you send any output. Sometimes the output is just a blank space or blank line before the <?php.
Janet
----------------- Janet Valade Author, PHP & MySQL for Dummies
attached mail follows:
Hello all, Newbie here---- I need to know if there is a way I can get my dynamic IP address for use in a php script?
-- Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop
attached mail follows:
Just as an update, the sysadmin definitely thinks it's my code... I'm not convinced, but I'm faced with the task of finding out :)
> It appears your site is causing the webserver to segfault (crash), which is > why nothing comes up some times - these crashes are logged in the main Apache > logfile, which is why you saw nothing in your site logfile when this happened. > I don't know exactly what is causing it to crash, but it is definately > something in your PHP code.
I asked for a copy of the logfiles she talked about:
> [Wed Jan 15 08:23:32 2003] [notice] child pid 8153 exit signal Segmentation > fault (11) > [Wed Jan 15 08:34:57 2003] [notice] child pid 7702 exit signal Segmentation > fault (11) > [Wed Jan 15 08:34:58 2003] [notice] child pid 7366 exit signal Segmentation > fault (11) > [Wed Jan 15 08:34:59 2003] [notice] child pid 7511 exit signal Segmentation > fault (11) > [Wed Jan 15 08:35:00 2003] [notice] child pid 7512 exit signal Segmentation > fault (11) >
Not very helpfull :)
As far as I can tell, the error I receive (basically a "document contained no data" error) is the result of the server shitting itself because of ANOTHER script on my site, that was accessed before it.
This makes debugging even worse, because I don't even know what script to look in!
It could be in any include()'d file in my header or footer, or the guts of any script on my site!! Yay!!
The other possibility is that the crash occurs on the actual script I'm calling, which IS a bit easier to debug... I think!
The sysadmin has pretty much ruled out memory leaks:
> I checked the httpd processes > to see if any memory was leaking (if the memory usage climbs constantly, > memory is being leaked), but it was all fine.
Has any one got any suggestions on how I might track down this bug, or ascertain which script/include file is causing the server to segfault?
Justin
attached mail follows:
I have a form created by this code (I don't know if it's important):
if ($_POST["submit"]) {
//do form stuff
} else { echo "<html>"; echo "<head>"; echo "<title>Form</title>"; echo "</head>"; echo "<body>"; echo "<h3>Lookup Customer</h3>"; echo "Enter the customer's <u>home</u> phone number:<br/>"; echo "<form action=\"$PHP_SELF\" method=\"post\">"; echo "<input type=\"text\" name=\"phone\" size=\"10\"> "; echo "<input type=\"submit\" name=\"submit\" value=\"Search\">"; echo "</form>"; echo "</body>"; echo "</html>"; }
After you fill out the only field, you HAVE to click the submit button to submit the form. If you press enter to submit the form it reloads the form and clears out the info that was entered. I can't figure out why this is happening and I need to make it submit using the enter key and I don't want to do something fancy with javascript at all.
Please help
Thanks, Sarah
attached mail follows:
On Wed, 15 Jan 2003 17:23:26 -0800, you wrote:
>I have a form created by this code (I don't know if it's important): > >if ($_POST["submit"]) { [...] >After you fill out the only field, you HAVE to click the submit button to >submit the form. If you press enter to submit the form it reloads the form [...]
When you submit a form by pressing enter, the value of the submit button is not sent in the POST data. This is not a problem though, just replace:
if ($_POST["submit"]) {
with:
if (!empty($_POST)) {
Which basically says process the form if the $_POST superglobal has any elements in it whatsoever.
attached mail follows:
Hi,
Can someone point me to the page in the manual where this style of control structure syntax is documented?
$var = ($something) ? "foo" : "bah";
???
Can't see it,
Justin
attached mail follows:
On Thu, 16 Jan 2003 12:34:26 +1100, you wrote:
>Hi, > >Can someone point me to the page in the manual where this style of control >structure syntax is documented? > >$var = ($something) ? "foo" : "bah";
This is the ternary operator. It's kinda buried in the documentation:
http://www.php.net/manual/en/language.operators.comparison.php
attached mail follows:
----- Original Message -----
From: "Justin French" <justinindent.com.au>
To: "php" <php-generallists.php.net>
Sent: Wednesday, January 15, 2003 8:34 PM
Subject: [PHP] alternative control structure syntax
> Can someone point me to the page in the manual where this style of control > structure syntax is documented? > > $var = ($something) ? "foo" : "bah";
It's called 'ternary conditional operator', and is in expressions http://www.php.net/manual/en/language.expressions.php
attached mail follows:
Hey,I wanta used the PHP doc user notes.
Where can i get it.
Thx..
attached mail follows:
Hello everybody! Can anybody advice me the best free web-hosting with PHP? Thank you.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]