|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
php-general Digest 3 Jul 2004 01:35:12 -0000 Issue 2854
php-general-digest-help
lists.php.net
Date: Fri Jul 02 2004 - 20:35:12 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
php-general Digest 3 Jul 2004 01:35:12 -0000 Issue 2854
Topics (messages 189531 through 189601):
Re: Reference Scripts: Imaging Database, Recursion, Age Validation, Reg Ex
189531 by: Torsten Roehr
Strange Session Problem
189532 by: Shaun
189533 by: Shaun
Re: Online Users
189534 by: Greg Donald
189547 by: Matt Palermo
189556 by: Matt Palermo
Header or includes for one-level up access?
189535 by: Andre Dubuc
189540 by: Jordi Canals
189541 by: Daniel Kullik
Re: MySQL QUERY Results Not Appearing[Scanned]
189536 by: Harlequin
189537 by: Michael Egan
Re: Problem with session on first page loaded
189538 by: Michael Sims
session id changing all the time on some pc's
189539 by: Zilvinas Saltys
189545 by: Gerard Samuel
189551 by: Zilvinas Saltys
189557 by: Torsten Roehr
189559 by: Michael Sims
189561 by: Matthew Sims
189562 by: Torsten Roehr
189564 by: Matthew Sims
189571 by: Gerard Samuel
189572 by: Torsten Roehr
189573 by: Matthew Sims
189576 by: Torsten Roehr
189581 by: Matthew Sims
189584 by: Gerard Samuel
189585 by: Torsten Roehr
189586 by: Matthew Sims
189594 by: Curt Zirzow
189598 by: Zilvinas Saltys
Re: Header or includes for one-level up access? [SOLVED]
189542 by: Andre Dubuc
Uploading multiple files
189543 by: gennaro losappio
189546 by: Torsten Roehr
call_user_func and call-time pass-by-reference
189544 by: Andrew Nagy
189549 by: Tom Rogers
189550 by: Andrew Nagy
189578 by: Curt Zirzow
Best way to send XML via HTTPS POST
189548 by: Shaun Fanning
189552 by: Justin Patrin
189589 by: Manuel Lemos
189591 by: Shaun Fanning
189595 by: Manuel Lemos
Re: php functions avail ?
189553 by: John W. Holmes
include() with a query string?
189554 by: Trejkaz Xaoza
189555 by: Justin Patrin
PHP 5 Install problem:[sapi/cli/php] Error 1 ?
189558 by: Jough P
189569 by: Jough P
189596 by: Curt Zirzow
189597 by: Curt Zirzow
Re: safe mode/open basedir not working ?
189560 by: robert mena
189563 by: Justin Patrin
189565 by: robert mena
Password encyption
189566 by: Anzak Wolf
189568 by: Jay Blanchard
189570 by: John W. Holmes
189574 by: Anzak Wolf
189575 by: Jay Blanchard
189579 by: Anzak Wolf
189580 by: Bob Eldred
189582 by: Matthew Sims
189583 by: Anzak Wolf
189587 by: Bob Eldred
regular expression
189567 by: George Lantz
189577 by: Josh Close
PHP cgi
189588 by: Steve Douville
189592 by: Curt Zirzow
189593 by: Vail, Warren
Help needed
189590 by: Ingrid Angelin
php.ini mail settings
189599 by: Olly
189600 by: Justin Patrin
Help installing on Fedora 2
189601 by: David Bevan
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net
To post to the list, e-mail:
php-generallists.php.net
----------------------------------------------------------------------
attached mail follows:
"Jason Paschal" <j_paschalhotmail.com> wrote in message
news:BAY2-F364ZRCWO8Fxhc0001e199hotmail.com...
> Some things crop up while coding that I do not often use, so that I tend
to
> forget the proper way to handle them and end up researching it and going
> through the same inoperable code again and again until I end up with
> something that works.
>
> Finally decided to host the code on my site and thought someone else might
> benefit from it.
>
> Storing Images in MySQL and Displaying them with PHP:
> http://www.dailymedication.com/modules.php?name=Forums&file=viewtopic&t=15
>
> Recursion (Word Permutations/Jumble):
> http://www.dailymedication.com/modules.php?name=Forums&file=viewtopic&t=11
>
> Age Validation (Determine Age from Birthdate):
> http://www.dailymedication.com/modules.php?name=Forums&file=viewtopic&t=14
>
> Regular Expressions (Finding links in Web Code/ Gallery Image Ripper):
> http://www.dailymedication.com/modules.php?name=Forums&file=viewtopic&t=13
>
> They all have working demos except for the Imaging Database stuff. Hope
> these can help somebody. Plan to be adding more soon.
Thanks Jason for sharing your code with us. Greatly appreciated!
Torsten Roehr
attached mail follows:
Hi,
I have a config file which i include in every page:
<snip>
class object {};
$CFG = new object;
$CFG->dbhost = "localhost";
$CFG->dbname = "x";
$CFG->dbuser = "x";
$CFG->dbpass = "x";
$connection = mysql_connect($CFG->dbhost, $CFG->dbuser, $CFG->dbpass);
mysql_select_db($CFG->dbname) or die( "Unable to select database");
$CFG->wwwroot = http://www.xxx.com;
$CFG->dirroot = "/usr/home/xxx/public_html";
$CFG->templatedir = "$CFG->dirroot/templates";
$CFG->admindir = "$CFG->wwwroot/admin";
$CFG->usersdir = "$CFG->wwwroot/users";
session_start();
</snip>
On my login form I am attempting to initialise the seesion variables if the
login values are correct:
<snip>
include("application.php");
$user = verify_login($_POST[username], $_POST[password]);
if($user){
// register user sessions
$ses_user_id = $user["User_ID"];
$ses_name = $user["User_Name"];
$ses_user_type = $user["User_Type"];
session_register("ses_user_id");
session_register("ses_name");
session_register("ses_user_type");
include("$CFG->usersdir"); // ***This line causes session problems***
exit;
}
</snip>
The highlighted line is causing problems. If i leave it as it is the
following page (users/index.php) will not display session variables
<snip>
echo '$ses_user_type = '.$ses_user_type.'<br>'.
$ses_user_id = '.$ses_user_id.'<br>';
</snip>
displays:
$ses_user_type =
$ses_user_id =
However, if I rewrite the offending line to:
include("users/index.php");
then it worke fine and displays the session variables correctly:
$ses_user_type = Administrator
$ses_user_id = 1
I would be most grateful if someone could lend a hand here as this is as far
as I have been able to narrow down the problem to in the last 10 hours!!!
attached mail follows:
Ooops, sorry about the attempted fake URL!
"Shaun" <shaunthornburghhotmail.com> wrote in message
news:20040702120043.72328.qmailpb1.pair.com...
> Hi,
>
> I have a config file which i include in every page:
>
> <snip>
> class object {};
>
> $CFG = new object;
>
> $CFG->dbhost = "localhost";
> $CFG->dbname = "x";
> $CFG->dbuser = "x";
> $CFG->dbpass = "x";
>
> $connection = mysql_connect($CFG->dbhost, $CFG->dbuser, $CFG->dbpass);
> mysql_select_db($CFG->dbname) or die( "Unable to select database");
>
> $CFG->wwwroot = http://www.xxx.com;
> $CFG->dirroot = "/usr/home/xxx/public_html";
> $CFG->templatedir = "$CFG->dirroot/templates";
> $CFG->admindir = "$CFG->wwwroot/admin";
> $CFG->usersdir = "$CFG->wwwroot/users";
>
> session_start();
> </snip>
>
> On my login form I am attempting to initialise the seesion variables if
the
> login values are correct:
>
> <snip>
> include("application.php");
>
> $user = verify_login($_POST[username], $_POST[password]);
>
> if($user){
> // register user sessions
> $ses_user_id = $user["User_ID"];
> $ses_name = $user["User_Name"];
> $ses_user_type = $user["User_Type"];
>
> session_register("ses_user_id");
> session_register("ses_name");
> session_register("ses_user_type");
>
> include("$CFG->usersdir"); // ***This line causes session problems***
> exit;
> }
> </snip>
>
> The highlighted line is causing problems. If i leave it as it is the
> following page (users/index.php) will not display session variables
>
> <snip>
> echo '$ses_user_type = '.$ses_user_type.'<br>'.
> $ses_user_id = '.$ses_user_id.'<br>';
> </snip>
>
> displays:
>
> $ses_user_type =
> $ses_user_id =
>
> However, if I rewrite the offending line to:
>
> include("users/index.php");
>
> then it worke fine and displays the session variables correctly:
>
> $ses_user_type = Administrator
> $ses_user_id = 1
>
> I would be most grateful if someone could lend a hand here as this is as
far
> as I have been able to narrow down the problem to in the last 10 hours!!!
attached mail follows:
On Fri, 2 Jul 2004 01:13:14 -0400, Matt Palermo <webmastersweetphp.com> wrote:
>
> Is it possible to make a table of all logged in users session ids and then
> check to see if the session still exists every couple minutes? So every
> minute or two, it would go through the table and for each record it would
> get the session id, then check that session id to see if it's still in
> existance. Is this possible to do?
This is simple to accomplish if you use database managed PHP sessions.
You can override the default PHP session handling functions with
session_set_save_handler() then you will know what users are logged in
by what sessions are still active. Here's how I do it:
My sessions.php that I require in all other scripts on the site:
<?php
if(ini_get('session.use_trans_sid')==0){
ini_set("session.use_trans_sid", 1);
}
$sessionDbHandler = '';
function sessionOpen($save_path, $session_name){
global $sessionDbHandler;
if(! $sessionDbHandler = mysql_pconnect(DB_HOST, DB_USER, DB_PASS)){
die("Can't get sessionDbHandler: ".mysql_error());
}
return true;
}
function sessionClose(){
return true;
}
function sessionRead($key){
$sql = "
select
sessionData
from
".TB_USER_SESSIONS."
where
sessionID = '$key'
and
sessionExpire > UNIX_TIMESTAMP()
";
$query = mysql_query($sql);
if(mysql_num_rows($query)){
return mysql_result($query, 0, "sessionData");
}
return false;
}
function sessionWrite($key, $val){
$value = addslashes($val);
$sql = "
replace into ".TB_USER_SESSIONS." (
sessionID,
sessionData,
sessionExpire
) values (
'$key',
'$value',
UNIX_TIMESTAMP() + ".SITE_ONLINE_EXPIRE."
)
";
return mysql_query($sql);
}
function sessionDestroy($key){
$sql = "
delete from
".TB_USER_SESSIONS."
where
sessionID = '$key'
";
return mysql_query($sql);
}
function sessionGarbageCollection(){
$sql = "
delete from
".TB_USER_SESSIONS."
where
sessionExpire < UNIX_TIMESTAMP()
";
$query = mysql_query($sql);
return sqlAffectedRows();
}
session_set_save_handler("sessionOpen", "sessionClose",
"sessionRead", "sessionWrite", "sessionDestroy",
"sessionGarbageCollection");
session_start();
?>
Some config.php variables:
define('DB_HOST', 'localhost');
define('DB_DB', 'db_name');
define('DB_USER', 'db_user');
define('DB_PASS', 'db_pass');
define('TB_USER_SESSIONS', 'userSessions');
define('SITE_ONLINE_EXPIRE', 900);
The table structure for userSessions looks like this:
CREATE TABLE `userSessions` (
`sessionID` varchar(32) NOT NULL default '',
`sessionData` text NOT NULL,
`sessionExpire` int(10) unsigned NOT NULL default '0',
PRIMARY KEY (`sessionID`)
) TYPE=MyISAM;
When a user logs in you are probably already setting some kind of
userID or userName, so make that a session variable if it is not
already. Then it's just a matter of listing the userNames or userIDs
out of the userSessions table.
You might want to force session garbage collection at the top of each
script by calling sessionGarbageCollection(). That will make the
username listings more realtime.
--
Greg Donald
http://destiney.com/
attached mail follows:
This looks like a good solution. What is the best way to list the current
users, since the sesssionData seems to be serialized in the db or something?
I just want to list out all the users from the db.
Thanks,
Matt
http://sweetphp.com
"Greg Donald" <destineygmail.com> wrote in message
news:ea9da26c040702052617169185mail.gmail.com...
> On Fri, 2 Jul 2004 01:13:14 -0400, Matt Palermo <webmastersweetphp.com>
wrote:
> >
> > Is it possible to make a table of all logged in users session ids and
then
> > check to see if the session still exists every couple minutes? So every
> > minute or two, it would go through the table and for each record it
would
> > get the session id, then check that session id to see if it's still in
> > existance. Is this possible to do?
>
> This is simple to accomplish if you use database managed PHP sessions.
> You can override the default PHP session handling functions with
> session_set_save_handler() then you will know what users are logged in
> by what sessions are still active. Here's how I do it:
>
> My sessions.php that I require in all other scripts on the site:
>
> <?php
>
> if(ini_get('session.use_trans_sid')==0){
> ini_set("session.use_trans_sid", 1);
> }
>
> $sessionDbHandler = '';
>
> function sessionOpen($save_path, $session_name){
> global $sessionDbHandler;
> if(! $sessionDbHandler = mysql_pconnect(DB_HOST, DB_USER, DB_PASS)){
> die("Can't get sessionDbHandler: ".mysql_error());
> }
> return true;
> }
>
> function sessionClose(){
> return true;
> }
>
> function sessionRead($key){
> $sql = "
> select
> sessionData
> from
> ".TB_USER_SESSIONS."
> where
> sessionID = '$key'
> and
> sessionExpire > UNIX_TIMESTAMP()
> ";
> $query = mysql_query($sql);
> if(mysql_num_rows($query)){
> return mysql_result($query, 0, "sessionData");
> }
> return false;
> }
>
> function sessionWrite($key, $val){
> $value = addslashes($val);
> $sql = "
> replace into ".TB_USER_SESSIONS." (
> sessionID,
> sessionData,
> sessionExpire
> ) values (
> '$key',
> '$value',
> UNIX_TIMESTAMP() + ".SITE_ONLINE_EXPIRE."
> )
> ";
> return mysql_query($sql);
> }
>
> function sessionDestroy($key){
> $sql = "
> delete from
> ".TB_USER_SESSIONS."
> where
> sessionID = '$key'
> ";
> return mysql_query($sql);
> }
>
> function sessionGarbageCollection(){
> $sql = "
> delete from
> ".TB_USER_SESSIONS."
> where
> sessionExpire < UNIX_TIMESTAMP()
> ";
> $query = mysql_query($sql);
> return sqlAffectedRows();
> }
>
> session_set_save_handler("sessionOpen", "sessionClose",
> "sessionRead", "sessionWrite", "sessionDestroy",
> "sessionGarbageCollection");
> session_start();
>
> ?>
>
> Some config.php variables:
> define('DB_HOST', 'localhost');
> define('DB_DB', 'db_name');
> define('DB_USER', 'db_user');
> define('DB_PASS', 'db_pass');
> define('TB_USER_SESSIONS', 'userSessions');
> define('SITE_ONLINE_EXPIRE', 900);
>
> The table structure for userSessions looks like this:
>
> CREATE TABLE `userSessions` (
> `sessionID` varchar(32) NOT NULL default '',
> `sessionData` text NOT NULL,
> `sessionExpire` int(10) unsigned NOT NULL default '0',
> PRIMARY KEY (`sessionID`)
> ) TYPE=MyISAM;
>
> When a user logs in you are probably already setting some kind of
> userID or userName, so make that a session variable if it is not
> already. Then it's just a matter of listing the userNames or userIDs
> out of the userSessions table.
>
> You might want to force session garbage collection at the top of each
> script by calling sessionGarbageCollection(). That will make the
> username listings more realtime.
>
>
> --
> Greg Donald
> http://destiney.com/
attached mail follows:
Okay, I actually found out how to list the users, but you have the following
line of code:
define('SITE_ONLINE_EXPIRE', 900);
What is the 900? Is that 900 seconds?
Thanks,
Matt
http://sweetphp.com
"Matt Palermo" <webmastersweetphp.com> wrote in message
news:20040702163437.87265.qmailpb1.pair.com...
> This looks like a good solution. What is the best way to list the current
> users, since the sesssionData seems to be serialized in the db or
something?
> I just want to list out all the users from the db.
>
> Thanks,
>
> Matt
> http://sweetphp.com
>
>
> "Greg Donald" <destineygmail.com> wrote in message
> news:ea9da26c040702052617169185mail.gmail.com...
> > On Fri, 2 Jul 2004 01:13:14 -0400, Matt Palermo <webmastersweetphp.com>
> wrote:
> > >
> > > Is it possible to make a table of all logged in users session ids and
> then
> > > check to see if the session still exists every couple minutes? So
every
> > > minute or two, it would go through the table and for each record it
> would
> > > get the session id, then check that session id to see if it's still in
> > > existance. Is this possible to do?
> >
> > This is simple to accomplish if you use database managed PHP sessions.
> > You can override the default PHP session handling functions with
> > session_set_save_handler() then you will know what users are logged in
> > by what sessions are still active. Here's how I do it:
> >
> > My sessions.php that I require in all other scripts on the site:
> >
> > <?php
> >
> > if(ini_get('session.use_trans_sid')==0){
> > ini_set("session.use_trans_sid", 1);
> > }
> >
> > $sessionDbHandler = '';
> >
> > function sessionOpen($save_path, $session_name){
> > global $sessionDbHandler;
> > if(! $sessionDbHandler = mysql_pconnect(DB_HOST, DB_USER, DB_PASS)){
> > die("Can't get sessionDbHandler: ".mysql_error());
> > }
> > return true;
> > }
> >
> > function sessionClose(){
> > return true;
> > }
> >
> > function sessionRead($key){
> > $sql = "
> > select
> > sessionData
> > from
> > ".TB_USER_SESSIONS."
> > where
> > sessionID = '$key'
> > and
> > sessionExpire > UNIX_TIMESTAMP()
> > ";
> > $query = mysql_query($sql);
> > if(mysql_num_rows($query)){
> > return mysql_result($query, 0, "sessionData");
> > }
> > return false;
> > }
> >
> > function sessionWrite($key, $val){
> > $value = addslashes($val);
> > $sql = "
> > replace into ".TB_USER_SESSIONS." (
> > sessionID,
> > sessionData,
> > sessionExpire
> > ) values (
> > '$key',
> > '$value',
> > UNIX_TIMESTAMP() + ".SITE_ONLINE_EXPIRE."
> > )
> > ";
> > return mysql_query($sql);
> > }
> >
> > function sessionDestroy($key){
> > $sql = "
> > delete from
> > ".TB_USER_SESSIONS."
> > where
> > sessionID = '$key'
> > ";
> > return mysql_query($sql);
> > }
> >
> > function sessionGarbageCollection(){
> > $sql = "
> > delete from
> > ".TB_USER_SESSIONS."
> > where
> > sessionExpire < UNIX_TIMESTAMP()
> > ";
> > $query = mysql_query($sql);
> > return sqlAffectedRows();
> > }
> >
> > session_set_save_handler("sessionOpen", "sessionClose",
> > "sessionRead", "sessionWrite", "sessionDestroy",
> > "sessionGarbageCollection");
> > session_start();
> >
> > ?>
> >
> > Some config.php variables:
> > define('DB_HOST', 'localhost');
> > define('DB_DB', 'db_name');
> > define('DB_USER', 'db_user');
> > define('DB_PASS', 'db_pass');
> > define('TB_USER_SESSIONS', 'userSessions');
> > define('SITE_ONLINE_EXPIRE', 900);
> >
> > The table structure for userSessions looks like this:
> >
> > CREATE TABLE `userSessions` (
> > `sessionID` varchar(32) NOT NULL default '',
> > `sessionData` text NOT NULL,
> > `sessionExpire` int(10) unsigned NOT NULL default '0',
> > PRIMARY KEY (`sessionID`)
> > ) TYPE=MyISAM;
> >
> > When a user logs in you are probably already setting some kind of
> > userID or userName, so make that a session variable if it is not
> > already. Then it's just a matter of listing the userNames or userIDs
> > out of the userSessions table.
> >
> > You might want to force session garbage collection at the top of each
> > script by calling sessionGarbageCollection(). That will make the
> > username listings more realtime.
> >
> >
> > --
> > Greg Donald
> > http://destiney.com/
attached mail follows:
Orginally when I designed my site, I put the db access file, conn.php, in the
webarea - where all files reside. After reading a recent thread, I realize
that this may not be too secure. Therefore, I would like to shove conn.php
one level above the webarea. However, I don't feel like re-writng 300+ files
with the new db access info, so I thought a simple re-direct page might do
the trick.
I've tried three methods:
the header approach
header("location: ../conn-up.php");
an absolute header:
header("location: /vhome/conn-up.php");
and an include approach:
include("../conn-up.php");
/* Db file access (conn.php) -- all pages presently refer or call this file */
<?php session_start(); ob_start(); ?>
<?php
/* $db = pg_connect("dbname=big user=me password=pwd"); old string */
header("location: /vhome/site/conn-up.php"); // tried 3 approaches above
?>
/* New db access (conn-up.php) - now located one level above webpages */
<?php session_start(); ob_start(); ?>
<?php
$db = pg_connect("dbname=big user=me password=pwd");
?>
All three approaches will not allow db access. I'm stumped. Is it possible to
do this, and will this protect the db password any better than if it stays in
the webarea?
Any help, guidance, or ideas most welcome.
Tia,
Andre
attached mail follows:
Andre Dubuc wrote:
> I thought a simple re-direct page might do
> the trick.
>
> I've tried three methods:
>
> the header approach
> header("location: ../conn-up.php");
>
> an absolute header:
> header("location: /vhome/conn-up.php");
>
> and an include approach:
> include("../conn-up.php");
>
>
Te header methods will not work. You need to access directly the
filesystem in order to include a file. Cannot do it by URL.
The third aproach perhaps could work, not sure. But I would test to
things (I assume conn.php is on your site root) :
1. Check the user running the web server hsa permisions to read on the
directory the file is located.
2. Try an absolute path to the file. Perhaps it will not permit
portability, but for test purposes could help.
On conn.php you could try:
include("/vhome/conn-up.php");
If it does not work, problably is a permissions problem.
3. For portability, and when you have been able to include the file as
said in point 2. You could do in conn.php something like:
$conn_dir = dirname(dirname(__FILE__)); // Gives parent dir
include($conn_dir . 'conn-up.php');
4. Could set the path to de directory including the file with
set_include_path(); and then include just by name:
$mypath = get_include_path() . PATH_SEPARATOR . "/vhome";
set_include_path($mypath);
Hope this can help to investigate a bit more on your problem.
Regards,
Jordi
attached mail follows:
Andre Dubuc wrote:
> Orginally when I designed my site, I put the db access file, conn.php, in the
> webarea - where all files reside. After reading a recent thread, I realize
> that this may not be too secure. Therefore, I would like to shove conn.php
> one level above the webarea. However, I don't feel like re-writng 300+ files
> with the new db access info, so I thought a simple re-direct page might do
> the trick.
>
>
> I've tried three methods:
>
> the header approach
> header("location: ../conn-up.php");
>
> an absolute header:
> header("location: /vhome/conn-up.php");
>
> and an include approach:
> include("../conn-up.php");
>
>
>
> /* Db file access (conn.php) -- all pages presently refer or call this file */
>
> <?php session_start(); ob_start(); ?>
> <?php
> /* $db = pg_connect("dbname=big user=me password=pwd"); old string */
> header("location: /vhome/site/conn-up.php"); // tried 3 approaches above
> ?>
>
>
> /* New db access (conn-up.php) - now located one level above webpages */
>
> <?php session_start(); ob_start(); ?>
> <?php
> $db = pg_connect("dbname=big user=me password=pwd");
> ?>
>
>
> All three approaches will not allow db access. I'm stumped. Is it possible to
> do this, and will this protect the db password any better than if it stays in
> the webarea?
>
> Any help, guidance, or ideas most welcome.
>
> Tia,
> Andre
Maybe this aids:
[code]
define('FOOBAR', realpath(dirname(__FILE__) . '/..') . '/');
require_once(FOOBAR . 'conn_up.php');
[/code]
Add this line to a script in your docroot. In subdirs you'll certainly
have to add some '/..'. Some prepend-file is suggested.
Daniel
--
WWE e-commerce IT GmbH
Eiffestrasse 462, D-20537 Hamburg
Tel.: +49-40-2530659-0, Fax: +49-40-2530659-50
attached mail follows:
Michael
just wanted to thank you through the group for your time.
U R A Star...!
--
-----------------------------
Michael Mason
Arras People
www.arraspeople.co.uk
-----------------------------
"Michael Egan" <MEgan3tc.org.uk> wrote in message
news:9926D602EE82FB4FB203E442253043C44AA13Bsnip-exch.snipdom.co.uk...
Have a look at the mysql functions in the PHP manual - i.e.
http://uk.php.net/mysql_query
I'm also certain this question has been raised fairly recently on the list.
All mysql_query is going to do is either open up the resource or not. You'll
need to use something else to display the data.
For example:
$sql = "select * from members";
if(!$result = mysql_query($sql))
echo mysql_error();
while($row = mysql_fetch_array($result))
{
echo $row['column_name'];
}
HTH,
Michael Egan
-----Original Message-----
From: Harlequin [mailto:michael.masonarraspeople.co.uk]
Sent: 30 June 2004 12:42
To: php-generallists.php.net
Subject: [PHP] MySQL QUERY Results Not Appearing[Scanned]
Hi all...
Despite being able to make a connection to the server and execute a query I
am unable to do this through PHP using the following commands:
echo "<h3>active members should appear here</h3>";
$query = "SELECT * FROM RegisteredMembers";
$result = mysql_query($query) or die ("could not execute query");
echo "$result";
Any ideas...?
--
-----------------------------
Michael Mason
Arras People
www.arraspeople.co.uk
-----------------------------
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
The information contained in this email (and in any attachments sent with
it) is confidential. It is intended for the addressee only. Access to this
email by anyone else is unintended and unauthorized.
If you are not the original addressee, 3tc asks you to please maintain
confidentiality. If you have received this email in error please notify 3tc
immediately by replying to it, then destroy any copies and delete it from
your computer system.
Any use, dissemination, forwarding, printing or copying of this email by
anyone except the addressee in the normal course of his/her business, is
strictly prohibited. 3tc owns the copyright in this email and any document
created by us and assert the right to be identified as the author of it.
Copyright has not been transferred to the addressee.
We protect our systems with Sophos Anti-virus -
www.sophos.com
attached mail follows:
Glad to be of help. I'm sure there will be many more occasions when I'm badly in need of assistance.
Cheers,
Michael
-----Original Message-----
From: Harlequin [mailto:michael.masonarraspeople.co.uk]
Sent: 02 July 2004 13:55
To: php-generallists.php.net
Subject: Re: [PHP] MySQL QUERY Results Not Appearing[Scanned]
Michael
just wanted to thank you through the group for your time.
U R A Star...!
--
-----------------------------
Michael Mason
Arras People
www.arraspeople.co.uk
-----------------------------
"Michael Egan" <MEgan3tc.org.uk> wrote in message
news:9926D602EE82FB4FB203E442253043C44AA13Bsnip-exch.snipdom.co.uk...
Have a look at the mysql functions in the PHP manual - i.e.
http://uk.php.net/mysql_query
I'm also certain this question has been raised fairly recently on the list.
All mysql_query is going to do is either open up the resource or not. You'll
need to use something else to display the data.
For example:
$sql = "select * from members";
if(!$result = mysql_query($sql))
echo mysql_error();
while($row = mysql_fetch_array($result))
{
echo $row['column_name'];
}
HTH,
Michael Egan
-----Original Message-----
From: Harlequin [mailto:michael.masonarraspeople.co.uk]
Sent: 30 June 2004 12:42
To: php-generallists.php.net
Subject: [PHP] MySQL QUERY Results Not Appearing[Scanned]
Hi all...
Despite being able to make a connection to the server and execute a query I
am unable to do this through PHP using the following commands:
echo "<h3>active members should appear here</h3>";
$query = "SELECT * FROM RegisteredMembers";
$result = mysql_query($query) or die ("could not execute query");
echo "$result";
Any ideas...?
--
-----------------------------
Michael Mason
Arras People
www.arraspeople.co.uk
-----------------------------
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
The information contained in this email (and in any attachments sent with
it) is confidential. It is intended for the addressee only. Access to this
email by anyone else is unintended and unauthorized.
If you are not the original addressee, 3tc asks you to please maintain
confidentiality. If you have received this email in error please notify 3tc
immediately by replying to it, then destroy any copies and delete it from
your computer system.
Any use, dissemination, forwarding, printing or copying of this email by
anyone except the addressee in the normal course of his/her business, is
strictly prohibited. 3tc owns the copyright in this email and any document
created by us and assert the right to be identified as the author of it.
Copyright has not been transferred to the addressee.
We protect our systems with Sophos Anti-virus -
www.sophos.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
The information contained in this email (and in any attachments sent with it) is confidential. It is intended for the addressee only. Access to this email by anyone else is unintended and unauthorized.
If you are not the original addressee, 3tc asks you to please maintain confidentiality. If you have received this email in error please notify 3tc immediately by replying to it, then destroy any copies and delete it from your computer system.
Any use, dissemination, forwarding, printing or copying of this email by anyone except the addressee in the normal course of his/her business, is strictly prohibited. 3tc owns the copyright in this email and any document created by us and assert the right to be identified as the author of it. Copyright has not been transferred to the addressee.
We protect our systems with Sophos Anti-virus -
www.sophos.com
attached mail follows:
Jordi Canals wrote:
> the ISP changed a param in the PHP.INI, and they changed
> session.use_trans_sid setting it to 1.
[...]
> Now I should talk to the provider to not set this parameter to ON by
> default, because the security risk on it (As stated on the manuals).
If they allow you to use .htaccess files, you can create one at the root of
your application with the following:
php_flag session.use_trans_sid off
attached mail follows:
Hello,
I have a strange problem.
For example i have a script:
<?php
session_start();
echo session_id();
?>
Once it started a session the session_id should never change. It works on my localhost with default php configuration. I'm using mozilla firefox and IE.
I put this script on some other server on the net. It works just fine too with both browsers.
But i also put it on one other server and while you are you using IE the session_id changes all the time. With mozilla firefox everything just works fine. On all servers.
I looked at server configurations but i couldn't find anything usefull. I tried to change IE settings to accept all cookies but nothing changed.
Maybe someone knows where's the problem..
Thanks
Bye
attached mail follows:
On Friday 02 July 2004 12:12 pm, Zilvinas Saltys wrote:
> I looked at server configurations but i couldn't find anything usefull. I
> tried to change IE settings to accept all cookies but nothing changed.
>
> Maybe someone knows where's the problem..
I dont know of all the specifics of your situation, but I know when it
happened to my code, it boiled down to a cookie problem. (I never
experienced it first hand unless I turned off cookies in my own browser. I
saw it was happening for other users on my code).
So what I eventually did, was modified my code to work with browsers that do
not store cookies (for what ever reason that may be).
By that I mean to pass the session id in the url and in forms...
attached mail follows:
On Fri, 2 Jul 2004 12:21:34 -0400
Gerard Samuel <php-generaltrini0.org> wrote:
> On Friday 02 July 2004 12:12 pm, Zilvinas Saltys wrote:
> > I looked at server configurations but i couldn't find anything usefull. I
> > tried to change IE settings to accept all cookies but nothing changed.
> >
> > Maybe someone knows where's the problem..
>
> I dont know of all the specifics of your situation, but I know when it
> happened to my code, it boiled down to a cookie problem. (I never
> experienced it first hand unless I turned off cookies in my own browser. I
> saw it was happening for other users on my code).
> So what I eventually did, was modified my code to work with browsers that do
> not store cookies (for what ever reason that may be).
> By that I mean to pass the session id in the url and in forms...
I know i can pass the session id by url.. But this solution is ugly and hopefully not the only one there is..
The problem is as i understand IE is not accepting the cookie. So the session id allways regenerates. Everything works fine with mozilla.
The strangest part of the show is some pc's that have IE installed accepts those cookies. I turned 'accept ALL cookies'. Same result..
Maybe ... this could be a domain problem..
The only thing i want to know is all the truth about IE (6?) and cookies :)
Heeelp :)
attached mail follows:
"Zilvinas Saltys" <arakiesu.lt> wrote in message
news:20040702200258.14e44393.arakiesu.lt...
> On Fri, 2 Jul 2004 12:21:34 -0400
> Gerard Samuel <php-generaltrini0.org> wrote:
>
> > On Friday 02 July 2004 12:12 pm, Zilvinas Saltys wrote:
> > > I looked at server configurations but i couldn't find anything
usefull. I
> > > tried to change IE settings to accept all cookies but nothing changed.
> > >
> > > Maybe someone knows where's the problem..
> >
> > I dont know of all the specifics of your situation, but I know when it
> > happened to my code, it boiled down to a cookie problem. (I never
> > experienced it first hand unless I turned off cookies in my own browser.
I
> > saw it was happening for other users on my code).
> > So what I eventually did, was modified my code to work with browsers
that do
> > not store cookies (for what ever reason that may be).
> > By that I mean to pass the session id in the url and in forms...
>
> I know i can pass the session id by url.. But this solution is ugly and
hopefully not the only one there is..
> The problem is as i understand IE is not accepting the cookie. So the
session id allways regenerates. Everything works fine with mozilla.
>
> The strangest part of the show is some pc's that have IE installed accepts
those cookies. I turned 'accept ALL cookies'. Same result..
>
> Maybe ... this could be a domain problem..
>
> The only thing i want to know is all the truth about IE (6?) and cookies
:)
>
> Heeelp :)
Sorry to say that but just DO NOT use cookies. You will always have problems
with users having weird cookie settings in their browser. Cookies are fine
for intranets where you know the infrastructure you are dealing with.
Passing the session id via GET/POST may be ugly but makes you independent of
the browser's cookie settings.
Regards, Torsten Roehr
attached mail follows:
Zilvinas Saltys wrote:
> The problem is as i understand IE is not accepting the cookie. So the
> session id allways regenerates. Everything works fine with mozilla.
[...]
> The only thing i want to know is all the truth about IE (6?) and
> cookies :)
Could it be a problem with IE6 and P3P (http://www.w3.org/P3P/)?
This is just hearsay, but a friend of mine told me about a problem he was having
with IE6 and cookies in his application. He had to send a P3P header before some
versions of IE would accept the cookie. I've read that P3P only applies to
persistant cookies, but his was temporary and was still not working until he added
this:
header('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"');
I have no first hand experience with this myself, and I haven't done the proper
research to become familiar with it. Make of this what you will. :) More
information here:
http://www.computercops.biz/modules.php?name=News&file=print&sid=837
HTH
attached mail follows:
> "Zilvinas Saltys" <arakiesu.lt> wrote in message
> news:20040702200258.14e44393.arakiesu.lt...
>> On Fri, 2 Jul 2004 12:21:34 -0400
>> Gerard Samuel <php-generaltrini0.org> wrote:
>>
>> > On Friday 02 July 2004 12:12 pm, Zilvinas Saltys wrote:
>> > > I looked at server configurations but i couldn't find anything
> usefull. I
>> > > tried to change IE settings to accept all cookies but nothing
>> changed.
>> > >
>> > > Maybe someone knows where's the problem..
>> >
>> > I dont know of all the specifics of your situation, but I know when it
>> > happened to my code, it boiled down to a cookie problem. (I never
>> > experienced it first hand unless I turned off cookies in my own
>> browser.
> I
>> > saw it was happening for other users on my code).
>> > So what I eventually did, was modified my code to work with browsers
> that do
>> > not store cookies (for what ever reason that may be).
>> > By that I mean to pass the session id in the url and in forms...
>>
>> I know i can pass the session id by url.. But this solution is ugly and
> hopefully not the only one there is..
>> The problem is as i understand IE is not accepting the cookie. So the
> session id allways regenerates. Everything works fine with mozilla.
>>
>> The strangest part of the show is some pc's that have IE installed
>> accepts
> those cookies. I turned 'accept ALL cookies'. Same result..
>>
>> Maybe ... this could be a domain problem..
>>
>> The only thing i want to know is all the truth about IE (6?) and cookies
> :)
>>
>> Heeelp :)
>
> Sorry to say that but just DO NOT use cookies. You will always have
> problems
> with users having weird cookie settings in their browser. Cookies are fine
> for intranets where you know the infrastructure you are dealing with.
> Passing the session id via GET/POST may be ugly but makes you independent
> of
> the browser's cookie settings.
>
> Regards, Torsten Roehr
I can agree with this. I created an internal website for my company that
requires login. And even then some users a restricted to certain areas of
the website depending on their user level. Passing the $_SESSION variables
around was just plain easier than setting up cookies. I also felt I had a
greater control over the whole process from login to logout.
Instead of passing the session_id through the URL ($_GET) just assign it
to $_SESSION and pass that around. Then it'll stay transparent to the
user.
--Matthew Sims
--<http://killermookie.org>
attached mail follows:
"Matthew Sims" <mattkillermookie.org> wrote in message
news:50495.208.44.135.18.1088792934.squirrel208.44.135.18...
>
>
>
> > "Zilvinas Saltys" <arakiesu.lt> wrote in message
> > news:20040702200258.14e44393.arakiesu.lt...
> >> On Fri, 2 Jul 2004 12:21:34 -0400
> >> Gerard Samuel <php-generaltrini0.org> wrote:
> >>
> >> > On Friday 02 July 2004 12:12 pm, Zilvinas Saltys wrote:
> >> > > I looked at server configurations but i couldn't find anything
> > usefull. I
> >> > > tried to change IE settings to accept all cookies but nothing
> >> changed.
> >> > >
> >> > > Maybe someone knows where's the problem..
> >> >
> >> > I dont know of all the specifics of your situation, but I know when
it
> >> > happened to my code, it boiled down to a cookie problem. (I never
> >> > experienced it first hand unless I turned off cookies in my own
> >> browser.
> > I
> >> > saw it was happening for other users on my code).
> >> > So what I eventually did, was modified my code to work with browsers
> > that do
> >> > not store cookies (for what ever reason that may be).
> >> > By that I mean to pass the session id in the url and in forms...
> >>
> >> I know i can pass the session id by url.. But this solution is ugly and
> > hopefully not the only one there is..
> >> The problem is as i understand IE is not accepting the cookie. So the
> > session id allways regenerates. Everything works fine with mozilla.
> >>
> >> The strangest part of the show is some pc's that have IE installed
> >> accepts
> > those cookies. I turned 'accept ALL cookies'. Same result..
> >>
> >> Maybe ... this could be a domain problem..
> >>
> >> The only thing i want to know is all the truth about IE (6?) and
cookies
> > :)
> >>
> >> Heeelp :)
> >
> > Sorry to say that but just DO NOT use cookies. You will always have
> > problems
> > with users having weird cookie settings in their browser. Cookies are
fine
> > for intranets where you know the infrastructure you are dealing with.
> > Passing the session id via GET/POST may be ugly but makes you
independent
> > of
> > the browser's cookie settings.
> >
> > Regards, Torsten Roehr
>
> I can agree with this. I created an internal website for my company that
> requires login. And even then some users a restricted to certain areas of
> the website depending on their user level. Passing the $_SESSION variables
> around was just plain easier than setting up cookies. I also felt I had a
> greater control over the whole process from login to logout.
>
> Instead of passing the session_id through the URL ($_GET) just assign it
> to $_SESSION and pass that around. Then it'll stay transparent to the
> user.
Could you describe the last paragraph a bit more in detail? Thanks in
advance!
Torsten
attached mail follows:
>> Instead of passing the session_id through the URL ($_GET) just assign it
>> to $_SESSION and pass that around. Then it'll stay transparent to the
>> user.
>
> Could you describe the last paragraph a bit more in detail? Thanks in
> advance!
>
> Torsten
What if you used this?
session_start();
$_SESSION['sid']=session_id($HTTP_GET_VARS['sid']);
Now as long as each of your pages has session_start() at the top, you can
use $_SESSION['sid'] whereever.
To the mailing list: Am I doing this correctly?
--Matthew Sims
--<http://killermookie.org>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
attached mail follows:
On Friday 02 July 2004 02:13 pm, Torsten Roehr wrote:
> Passing the session id via GET/POST may be ugly but makes you independent
> of the browser's cookie settings.
I would have to agree...
attached mail follows:
"Matthew Sims" <mattkillermookie.org> wrote in message
news:50583.208.44.135.18.1088794835.squirrel208.44.135.18...
>
> >> Instead of passing the session_id through the URL ($_GET) just assign
it
> >> to $_SESSION and pass that around. Then it'll stay transparent to the
> >> user.
> >
> > Could you describe the last paragraph a bit more in detail? Thanks in
> > advance!
> >
> > Torsten
>
> What if you used this?
>
> session_start();
> $_SESSION['sid']=session_id($HTTP_GET_VARS['sid']);
>
> Now as long as each of your pages has session_start() at the top, you can
> use $_SESSION['sid'] whereever.
>
> To the mailing list: Am I doing this correctly?
But somehow you have to pass the session id from page to page!?!
By the way, the session id is always available as the constant SID.
Torsten
attached mail follows:
> "Matthew Sims" <mattkillermookie.org> wrote in message
> news:50583.208.44.135.18.1088794835.squirrel208.44.135.18...
>>
>> >> Instead of passing the session_id through the URL ($_GET) just assign
> it
>> >> to $_SESSION and pass that around. Then it'll stay transparent to the
>> >> user.
>> >
>> > Could you describe the last paragraph a bit more in detail? Thanks in
>> > advance!
>> >
>> > Torsten
>>
>> What if you used this?
>>
>> session_start();
>> $_SESSION['sid']=session_id($HTTP_GET_VARS['sid']);
>>
>> Now as long as each of your pages has session_start() at the top, you
>> can
>> use $_SESSION['sid'] whereever.
>>
>> To the mailing list: Am I doing this correctly?
>
> But somehow you have to pass the session id from page to page!?!
>
> By the way, the session id is always available as the constant SID.
>
> Torsten
The $_SESSION['sid'] will follow from page to page. As long as the user
stays in the current session, all $_SESSION variables will follow from
page to page as long as session_start() is used.
--Matthew Sims
--<http://killermookie.org>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
attached mail follows:
"Matthew Sims" <mattkillermookie.org> wrote in message
news:50644.208.44.135.18.1088796771.squirrel208.44.135.18...
> > "Matthew Sims" <mattkillermookie.org> wrote in message
> > news:50583.208.44.135.18.1088794835.squirrel208.44.135.18...
> >>
> >> >> Instead of passing the session_id through the URL ($_GET) just
assign
> > it
> >> >> to $_SESSION and pass that around. Then it'll stay transparent to
the
> >> >> user.
> >> >
> >> > Could you describe the last paragraph a bit more in detail? Thanks in
> >> > advance!
> >> >
> >> > Torsten
> >>
> >> What if you used this?
> >>
> >> session_start();
> >> $_SESSION['sid']=session_id($HTTP_GET_VARS['sid']);
> >>
> >> Now as long as each of your pages has session_start() at the top, you
> >> can
> >> use $_SESSION['sid'] whereever.
> >>
> >> To the mailing list: Am I doing this correctly?
> >
> > But somehow you have to pass the session id from page to page!?!
> >
> > By the way, the session id is always available as the constant SID.
> >
> > Torsten
>
> The $_SESSION['sid'] will follow from page to page. As long as the user
> stays in the current session, all $_SESSION variables will follow from
> page to page as long as session_start() is used.
OK, but HOW do you manage that the user stays in the current session.
Usually this is made sure by passing the session id around. But obviously
you are not doing this, are you?
Torsten
attached mail follows:
>> The $_SESSION['sid'] will follow from page to page. As long as the user
stays in the current session, all $_SESSION variables will follow from
page to page as long as session_start() is used.
>
> OK, but HOW do you manage that the user stays in the current session.
Usually this is made sure by passing the session id around. But
obviously
> you are not doing this, are you?
>
> Torsten
>
As long as the user keeps his browser pointing at your site, then they'll
stay in the currect session. The moment they shut down the web browser,
the session is lost.
When the user first comes to your site, assign the session_id to a
$_SESSION variable. Then as the user jumps from page to page, check the
$_SESSION variable with the session_id on that page.
Try this, on the front page:
session_start();
$_SESSOIN['sid']=session_id();
On another page:
if ($_SESSION['sid']==session_id()) {
continue browsing;
} else {
redirect to front page;
}
or however you want it to be. The above isn't tested. Not sure if
session_id needs to be assigned to a variable.
Is this what you're referring to or am I just misreading what you're asking?
--Matthew Sims
--<http://killermookie.org>
attached mail follows:
On Friday 02 July 2004 04:38 pm, Matthew Sims wrote:
> As long as the user keeps his browser pointing at your site, then they'll
> stay in the currect session. The moment they shut down the web browser,
> the session is lost.
>
The logic doesnt compute with me. I guess I'll have to try this myself...
attached mail follows:
"Matthew Sims" <mattkillermookie.org> wrote in message
news:50795.208.44.135.18.1088800728.squirrel208.44.135.18...
> >> The $_SESSION['sid'] will follow from page to page. As long as the user
> stays in the current session, all $_SESSION variables will follow from
> page to page as long as session_start() is used.
> >
> > OK, but HOW do you manage that the user stays in the current session.
> Usually this is made sure by passing the session id around. But
> obviously
> > you are not doing this, are you?
> >
> > Torsten
> >
>
> As long as the user keeps his browser pointing at your site, then they'll
> stay in the currect session. The moment they shut down the web browser,
> the session is lost.
This does only work *with* using a cookie.
>
> When the user first comes to your site, assign the session_id to a
> $_SESSION variable. Then as the user jumps from page to page, check the
> $_SESSION variable with the session_id on that page.
>
> Try this, on the front page:
>
> session_start();
> $_SESSOIN['sid']=session_id();
>
> On another page:
>
> if ($_SESSION['sid']==session_id()) {
> continue browsing;
> } else {
> redirect to front page;
> }
>
> or however you want it to be. The above isn't tested. Not sure if
> session_id needs to be assigned to a variable.
>
> Is this what you're referring to or am I just misreading what you're
asking?
No, this is exactly what I wanted to know. But it would contradict
everything I experienced with sessions until now - and it does. I just
tested your code (with session_start() also at the top of page2). It does
not work because there is absolutely no relation between page1 and page2
with your code. In this case a new session is being started on page two.
You have got to pass the session id from one page to another (when not using
a cookie) otherwise it won't work and rightly so.
Maybe your memory played a trick on you ;) Don't mind.
Regards, Torsten
attached mail follows:
> No, this is exactly what I wanted to know. But it would contradict
> everything I experienced with sessions until now - and it does. I just
> tested your code (with session_start() also at the top of page2). It does
> not work because there is absolutely no relation between page1 and page2
> with your code. In this case a new session is being started on page two.
>
> You have got to pass the session id from one page to another (when not
> using
> a cookie) otherwise it won't work and rightly so.
Ah, you are so correct. My apologies. Without cookies turned on then the
session id is different with each page. Bleh.
Okay...so...ignore all that I said. :)
So I guess $_GET is the only option...that sucks.
Sorry dude.
--Matthew Sims
--<http://killermookie.org>
attached mail follows:
* Thus wrote Torsten Roehr:
> "Zilvinas Saltys" <arakiesu.lt> wrote in message
> news:20040702200258.14e44393.arakiesu.lt...
> >
> > The only thing i want to know is all the truth about IE (6?) and cookies
> :)
> >
> > Heeelp :)
>
> Sorry to say that but just DO NOT use cookies. You will always have problems
> with users having weird cookie settings in their browser. Cookies are fine
> for intranets where you know the infrastructure you are dealing with.
> Passing the session id via GET/POST may be ugly but makes you independent of
> the browser's cookie settings.
I would strongly discourage trans_id with sessions that contain
sensitive data.
Curt
--
First, let me assure you that this is not one of those shady pyramid schemes
you've been hearing about. No, sir. Our model is the trapezoid!
attached mail follows:
On Fri, 2 Jul 2004 22:45:23 +0000
Curt Zirzow <php-generalzirzow.dyndns.org> wrote:
> * Thus wrote Torsten Roehr:
> > "Zilvinas Saltys" <arakiesu.lt> wrote in message
> > news:20040702200258.14e44393.arakiesu.lt...
> > >
> > > The only thing i want to know is all the truth about IE (6?) and cookies
> > :)
> > >
> > > Heeelp :)
> >
> > Sorry to say that but just DO NOT use cookies. You will always have problems
> > with users having weird cookie settings in their browser. Cookies are fine
> > for intranets where you know the infrastructure you are dealing with.
> > Passing the session id via GET/POST may be ugly but makes you independent of
> > the browser's cookie settings.
>
> I would strongly discourage trans_id with sessions that contain
> sensitive data.
Yes it does contain sensitive data.. And those people cant work with that data because of IE...
Those people have to travel from place to place. They can't use mozilla everywhere or change the IE settings or even to turn the zone alarm off...
So what are your suggestions? Using trans sid is the only solution as i see now.. No matter how unsafe it is.. Or it looks or works ugly..
That is the problem :)
attached mail follows:
On Friday 02 July 2004 09:16 am, Jordi Canals wrote:
> Andre Dubuc wrote:
> > I thought a simple re-direct page might do
> > the trick.
> >
> > I've tried three methods:
> >
> > the header approach
> > header("location: ../conn-up.php");
> >
> > an absolute header:
> > header("location: /vhome/conn-up.php");
> >
> > and an include approach:
> > include("../conn-up.php");
>
> Te header methods will not work. You need to access directly the
> filesystem in order to include a file. Cannot do it by URL.
>
> The third aproach perhaps could work, not sure. But I would test to
> things (I assume conn.php is on your site root) :
>
> 1. Check the user running the web server hsa permisions to read on the
> directory the file is located.
>
> 2. Try an absolute path to the file. Perhaps it will not permit
> portability, but for test purposes could help.
>
> On conn.php you could try:
> include("/vhome/conn-up.php");
>
> If it does not work, problably is a permissions problem.
>
> 3. For portability, and when you have been able to include the file as
> said in point 2. You could do in conn.php something like:
>
> $conn_dir = dirname(dirname(__FILE__)); // Gives parent dir
> include($conn_dir . 'conn-up.php');
>
> 4. Could set the path to de directory including the file with
> set_include_path(); and then include just by name:
>
> $mypath = get_include_path() . PATH_SEPARATOR . "/vhome";
> set_include_path($mypath);
>
> Hope this can help to investigate a bit more on your problem.
>
> Regards,
> Jordi
Hi Jordi,
Thanks for the advice! I tried
include("/vhome/conn-up.php");
works like a charm! Funny I never thought of giving the absolute path for the
include . . . sigh!
Regards,
Andre
attached mail follows:
Dear All.
I ma trying to write a script that let the user choose
how many languages to upload. Therefore the first
script checks weather the user has choosed to add
images, if not, he'll get a preview of the web site;
otherwise array_padd will increment the array for the
number of images the user has choosen:
<?php
if(($add == "") or ($add == "0")){
$description= wordwrap($description,50,"<br>");
echo "<table frame=\"border\">
<tr><th>$font1 PREVIEW DEL SITO</font></th></tr>
<tr><td colspan=\"2\" align=\"left\"><img
src=\"../ecom/$u/$logo_name\"></td></tr>
<tr><td>$description</td><td><img
src=\"../ecom/$u/$img_az_name\"></td></tr>
</table>";
}else{
$img = array('img','desc');
$img = array_pad($img, $add, '');
echo "<table> <tr><th colspan=\"6\">$font1 GESTIONE
SITO - Add images</font></th>
<form action=\"./panel.php\" method=\"post\"
enctype=\"multipart/form-data\">
<input type=\"hidden\" name=\"servizio\" value=\"4\">
<input type=\"hidden\" name=\"visione\"
value=\"imdone\">";
foreach($img as $k => $img){
$k++;
echo "<tr><td>$font1 Image $k: </font></td>
<td><input type=\"file\" name=\"img[$k]\"></td>
<td>$font1 Title: </font></td>
<td><input type=\"text\" name=\"title[$k]\"
maxlength=\"50\"></td>
<td>$font1 Description: </font></td>
<td><textarea name=\"desc[$k]\"></textarea></td>
</tr>";
}
?>
The second script would be:
<?php
$uploaddir =
"/web/htdocs/www.example.it/home/ecom/$u/";
$uploadfile = $uploaddir.$_FILES['img']['name'];
print "<pre>";
if
(move_uploaded_file($HTTP_POST_FILES['img']['tmp_name'],
$uploadfile)) {
print "File is valid, and was successfully
uploaded. ";
print "Here's some more debugging info:\n";
print_r($HTTP_POST_FILES);
} else {
print "Possible file upload attack! Here's some
debugging info:\n";
print_r($HTTP_POST_FILES);
}
print "</pre>";
?>
I keep on getting a possible upload file attack. The
debugging info says there are no errors. I have tried
using $_FILES instead of $HTTP_POST_FILES. My ISP has
Gobals turned on and max file size is 8 MB, in this
example I have been using 2 files of 246K each.
Where do you think the problem might lay?
Thank you,
Gennaro Losappio
____________________________________________________________
Yahoo! Companion - Scarica gratis la toolbar di Ricerca di Yahoo!
http://companion.yahoo.it
attached mail follows:
"Gennaro losappio" <glosappioyahoo.it> wrote in message
news:20040702142420.99618.qmailweb20505.mail.yahoo.com...
> Dear All.
Hi.
>
> I ma trying to write a script that let the user choose
> how many languages to upload. Therefore the first
> script checks weather the user has choosed to add
> images, if not, he'll get a preview of the web site;
> otherwise array_padd will increment the array for the
> number of images the user has choosen:
> <?php
> if(($add == "") or ($add == "0")){
You can use empty() here:
if (empty($add)) {
>
> $description= wordwrap($description,50,"<br>");
> echo "<table frame=\"border\">
> <tr><th>$font1 PREVIEW DEL SITO</font></th></tr>
> <tr><td colspan=\"2\" align=\"left\"><img
> src=\"../ecom/$u/$logo_name\"></td></tr>
> <tr><td>$description</td><td><img
> src=\"../ecom/$u/$img_az_name\"></td></tr>
> </table>";
>
> }else{
> $img = array('img','desc');
>
> $img = array_pad($img, $add, '');
> echo "<table> <tr><th colspan=\"6\">$font1 GESTIONE
> SITO - Add images</font></th>
> <form action=\"./panel.php\" method=\"post\"
> enctype=\"multipart/form-data\">
> <input type=\"hidden\" name=\"servizio\" value=\"4\">
> <input type=\"hidden\" name=\"visione\"
> value=\"imdone\">";
> foreach($img as $k => $img){
> $k++;
> echo "<tr><td>$font1 Image $k: </font></td>
> <td><input type=\"file\" name=\"img[$k]\"></td>
> <td>$font1 Title: </font></td>
> <td><input type=\"text\" name=\"title[$k]\"
> maxlength=\"50\"></td>
> <td>$font1 Description: </font></td>
> <td><textarea name=\"desc[$k]\"></textarea></td>
> </tr>";
> }
> ?>
>
> The second script would be:
> <?php
> $uploaddir =
> "/web/htdocs/www.example.it/home/ecom/$u/";
> $uploadfile = $uploaddir.$_FILES['img']['name'];
Where is $u being set? It's better to use a constant for path information:
define('UPLOAD_PATH',
'/web/htdocs/www.example.it/home/ecom/whateverumightbe');
Otherwise someone could call the file with:
page.php?u=../../ or whatever
You should NOT rely on register_globals. You can turn it off in run time by
putting this line at the top of all scripts:
ini_set('register_globals', 0);
Then access all variables with $_GET['var1'], $_POST['var1'],
$_FILES['file'] etc.
You should also check the file's mime type ($_FILES['file']['type']) and
only allow specific file types (GIF, JPEG).
>
>
> print "<pre>";
> if
> (move_uploaded_file($HTTP_POST_FILES['img']['tmp_name'],
> $uploadfile)) {
>
> print "File is valid, and was successfully
> uploaded. ";
> print "Here's some more debugging info:\n";
> print_r($HTTP_POST_FILES);
> } else {
> print "Possible file upload attack! Here's some
> debugging info:\n";
> print_r($HTTP_POST_FILES);
> }
> print "</pre>";
> ?>
>
> I keep on getting a possible upload file attack. The
> debugging info says there are no errors. I have tried
> using $_FILES instead of $HTTP_POST_FILES. My ISP has
> Gobals turned on and max file size is 8 MB, in this
> example I have been using 2 files of 246K each.
>
> Where do you think the problem might lay?
>
> Thank you,
> Gennaro Losappio
How do you know you are getting upload attacks? Any symptoms?
Regards, Torsten Roehr
attached mail follows:
How do you use the call_user_func function with call-time
pass-by-reference deprecation?
For example:
function fun(&$arg) {
$arg++;
}
$var = 0;
call_user_func("fun", $var);
echo $var; //echoes 0 instead of 1
Is their anyway to do this:
call_user_func("fun", &$var);
Thanks for any help with this!
Andrew Nagy
attached mail follows:
Hi,
Saturday, July 3, 2004, 2:02:42 AM, you wrote:
AN> How do you use the call_user_func function with call-time
AN> pass-by-reference deprecation?
AN> For example:
AN> function fun(&$arg) {
AN> $arg++;
AN> }
AN> $var = 0;
AN> call_user_func("fun", $var);
AN> echo $var; //echoes 0 instead of 1
AN> Is their anyway to do this:
AN> call_user_func("fun", &$var);
AN> Thanks for any help with this!
AN> Andrew Nagy
With call_user_function() you need to do this:
call_user_func("fun", &$var);
--
regards,
Tom
attached mail follows:
Tom Rogers wrote:
>With call_user_function() you need to do this:
>
>call_user_func("fun", &$var);
>
>
Tom, this won't work due to the Call-Time Pass-By-Reference deprecation.
Does anyone know how to do this?
The error message says "If you would like to pass it by reference,
modify the declaration of call_user_func()" ... how would i do this?
Andrew
attached mail follows:
* Thus wrote Andrew Nagy:
> How do you use the call_user_func function with call-time
> pass-by-reference deprecation?
>
> For example:
>
> function fun(&$arg) {
> $arg++;
> }
> $var = 0;
> call_user_func("fun", $var);
> echo $var; //echoes 0 instead of 1
$func_call = 'fun';
$func_call($var);
Curt
--
First, let me assure you that this is not one of those shady pyramid schemes
you've been hearing about. No, sir. Our model is the trapezoid!
attached mail follows:
I need to interface with a partner's XML API and they require that the XML
request be sent via HTTPS POST. I also need to parse the XML response that
the partner's server will send back. Is CURL the best way to handle the
transfer or something like PEAR HTTP_Request? I'm looking for the approach
that will be the most reliable under heavy load. Thanks for any advice.
attached mail follows:
On Fri, 02 Jul 2004 12:40:56 -0400, Shaun Fanning
<shaun.fanningnaviance.com> wrote:
>
> I need to interface with a partner's XML API and they require that the XML
> request be sent via HTTPS POST. I also need to parse the XML response that
> the partner's server will send back. Is CURL the best way to handle the
> transfer or something like PEAR HTTP_Request? I'm looking for the approach
> that will be the most reliable under heavy load. Thanks for any advice.
>
I'm not sure about load, but I've had great success with HTTP_Request
and HTTP_Client. I'v even submitted a bunch of patches to them to fix
bugs. :-) They're very flexible, can do just about anything, and are
very simple to use.
As for parsing XML, I've created a simple extention of XML_Parser that
parses the XML into a (useful!) associative array. It's large if you
print_r it, but it gives you *all* of the data and lets you choose
exactly what you want.
http://www.reversefold.com/PEAR/Assoc.phps
--
DB_DataObject_FormBuilder - The database at your fingertips
http://pear.php.net/package/DB_DataObject_FormBuilder
paperCrane --Justin Patrin--
attached mail follows:
Hello,
On 07/02/2004 01:40 PM, Shaun Fanning wrote:
> I need to interface with a partner's XML API and they require that the XML
> request be sent via HTTPS POST. I also need to parse the XML response that
> the partner's server will send back. Is CURL the best way to handle the
> transfer or something like PEAR HTTP_Request? I'm looking for the approach
> that will be the most reliable under heavy load. Thanks for any advice.
SSL (HTTPS) support is a little tricky. Some hosts may or may not
provide curl or openssl PHP extensions that are necessary to support SSL.
You may want to try this popular HTTP client that makes SSL requests
figuring automatically whether it is possible to use curl or openssl for
you. The usage of the class is the same regardless which of the
libraries is available.
It already comes with an example to make XML HTTP POST requests:
http://www.phpclasses.org/httpclient
--
Regards,
Manuel Lemos
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
PHP Reviews - Reviews of PHP books and other products
http://www.phpclasses.org/reviews/
Metastorage - Data object relational mapping layer generator
http://www.meta-language.net/metastorage.html
attached mail follows:
Thanks Manuel, I will take a look at it. I do have complete control over the
box this is running on, so I can rebuild PHP with support for CURL and
OpenSSL if necessary. My main concern is having a robust approach that is
fast and efficient under a high load.
On 7/2/04 5:55 PM, "Manuel Lemos" <mlemosacm.org> wrote:
> Hello,
>
> On 07/02/2004 01:40 PM, Shaun Fanning wrote:
>> I need to interface with a partner's XML API and they require that the XML
>> request be sent via HTTPS POST. I also need to parse the XML response that
>> the partner's server will send back. Is CURL the best way to handle the
>> transfer or something like PEAR HTTP_Request? I'm looking for the approach
>> that will be the most reliable under heavy load. Thanks for any advice.
>
> SSL (HTTPS) support is a little tricky. Some hosts may or may not
> provide curl or openssl PHP extensions that are necessary to support SSL.
>
> You may want to try this popular HTTP client that makes SSL requests
> figuring automatically whether it is possible to use curl or openssl for
> you. The usage of the class is the same regardless which of the
> libraries is available.
>
> It already comes with an example to make XML HTTP POST requests:
>
> http://www.phpclasses.org/httpclient
>
attached mail follows:
Hello,
On 07/02/2004 07:18 PM, Shaun Fanning wrote:
> Thanks Manuel, I will take a look at it. I do have complete control over the
> box this is running on, so I can rebuild PHP with support for CURL and
> OpenSSL if necessary. My main concern is having a robust approach that is
> fast and efficient under a high load.
In that case a Curl based solution is probably better because it is a
library purely written in C and it takes care about low level details
that would probably take more time to execute with pure PHP and socket
access calls with OpenSSL.
>>>I need to interface with a partner's XML API and they require that the XML
>>>request be sent via HTTPS POST. I also need to parse the XML response that
>>>the partner's server will send back. Is CURL the best way to handle the
>>>transfer or something like PEAR HTTP_Request? I'm looking for the approach
>>>that will be the most reliable under heavy load. Thanks for any advice.
>>
>>SSL (HTTPS) support is a little tricky. Some hosts may or may not
>>provide curl or openssl PHP extensions that are necessary to support SSL.
>>
>>You may want to try this popular HTTP client that makes SSL requests
>>figuring automatically whether it is possible to use curl or openssl for
>>you. The usage of the class is the same regardless which of the
>>libraries is available.
>>
>>It already comes with an example to make XML HTTP POST requests:
>>
>>http://www.phpclasses.org/httpclient
>>
>
>
>
>
&