php-general Digest 26 Aug 2001 07:54:07 -0000 Issue 838

php-general-digest-help Sat, 25 Aug 2001 22:22:33 -0700


php-general Digest 26 Aug 2001 07:54:07 -0000 Issue 838

Topics (messages 64449 through 64478):

Re: Stripping line break characters
        64449 by: Rory O'Connor
        64450 by: jimw.apache.org
        64458 by: Chris Hayes

relative filename /home/www... in stead of /www/.....
        64451 by: Chris Hayes

multi-dimensional array won't echo
        64452 by: bill
        64455 by: Rasmus Lerdorf
        64460 by: bill

Re: source of global variable
        64453 by: Dell Coleman
        64457 by: Dell Coleman

Echo/Print
        64454 by: Andy Ladouceur
        64456 by: Jeff Oien
        64468 by: Andy Ladouceur

Program to check for cookies
        64459 by: Sunil Jagarlamudi
        64461 by: idesign.tampabay.rr.com

Re: escaping special charecters upon submit
        64462 by: idesign.tampabay.rr.com
        64465 by: Andy Ladouceur
        64467 by: idesign.tampabay.rr.com
        64469 by: Don Read
        64470 by: idesign.tampabay.rr.com

Re: The future of PHP
        64463 by: Martin Wright
        64471 by: Manuel Lemos

Re: konquerer and php
        64464 by: Scott

last bit of help ....
        64466 by: Dan McCullough

Re: The secrecy of PHP code
        64472 by: Artyom Plouzhnikoff

Safe mode + /usr/share/php
        64473 by: Artyom Plouzhnikoff
        64474 by: Rasmus Lerdorf

thanks Dell coleman!
        64475 by: nafiseh saberi

disable_functions....
        64476 by: Andy Ladouceur
        64477 by: Rasmus Lerdorf

Re: escaping special characters upon submit
        64478 by: Navid Yar

Administrivia:

To subscribe to the digest, e-mail:
        [EMAIL PROTECTED]

To unsubscribe from the digest, e-mail:
        [EMAIL PROTECTED]

To post to the list, e-mail:
        [EMAIL PROTECTED]


----------------------------------------------------------------------

I have been trying similar arrangements, but to no avail.  I think it
has something to do with the actual string I am checking - it's an SQL
statement.  I am trying to create a log of SQL statements in a textfile,
and the newline/return characters that people put in the TEXTAREA is
screwing it up.  But I can't for the life of me figure out why test code
such as this does not strip out the \n's...

-----
$sql = "UPDATE contact set firstname = 'rory', lastname = 'jones',
interest = 'rory', optin = 'yes', comments = 'hello\n\n,rory' WHERE id =
5055";

$sql2=$sql;
$sql2=str_replace("","\n",$sql2);
$sql2=str_replace("","\r",$sql2);   
-----

it is still outputting the following to my log:

-----
UPDATE contact set firstname = 'rory', lastname = 'jones' interest =
'rory' optin = 'yes' comments = 'hello

,rory' WHERE id = 5055;   
-----

Any help is appreciated!

Thanks


On Sat, 25 Aug 2001 11:17:43 -0700, Rory O'Connor <[EMAIL PROTECTED]>
wrote:
>I had the same problem, I was writing the textarea to a text file,and
>reading it using fgets, therefor, any unspecified newlines would really
mess
>my script up. This probably isn't the best solution, but it'swhat I
used,and
>works fine.
>
>$data=$textarea;
>$data=str_replace("","\n",$data);
>$data=str_replace("","\r",$data);
>
>That's all there was to it, it replaced all newlines and returns with
>blanks. You can change it to replace with breaks if you are outputting
to an
>HTML file, hope I was able to help,
>-Andy
>----- Original Message -----
>From: Rory O'Connor <[EMAIL PROTECTED]>
>Newsgroups: php.general
>To: PHP list <[EMAIL PROTECTED]>
>Sent: Saturday, August 25, 2001 9:27 AM
>Subject: Stripping line break characters
>
>
>> I need to strip line break characters (or whatever the character is
that
>> results from users hitting their "enter" key inside a TEXTAREA form
>> input) from a string.  These characters will appear anywhere in the
>> string, not just at the end.  In perl, the regex would look
something
>> like this...
>>
>> $a="a\nb\nc\nd\n\n\n";
>> $b=$/;
>> $a =~ s/$b//g;  # produces "abcd"
>>
>> but i'm a newbie and i don't know how I can translate this to PHP
syntax
>> to do the same thing.  Any help is appreciated!
>>
>> Thanks!
>>
>>
>>
>> providing the finest in midget technology
>
>
>

providing the finest in midget technology

Rory O'Connor <[EMAIL PROTECTED]> wrote:
> $sql2=str_replace("","\n",$sql2);
> $sql2=str_replace("","\r",$sql2);   

you've got the first two arguments backwards.

  $sql2=str_replace("\n","",$sql2);
  $sql2=str_replace("\r","",$sql2);   

or with php4.0.5 (or later):

  $sql2=str_replace(array("\n","\r"),"",$sql2);

for more details:

  http://www.php.net/manual/en/function.str-replace.php

jim



Hi!


> $sql2=str_replace("","\n",$sql2);

> $sql2=str_replace("","\r",$sql2);   


well that was easy:


manual: 

 string str_replace (string needle, string str, string haystack)


and you did: 

                str_replace (string str, string needle, string haystack)


So better try 


$sql2=str_replace("\n","",$sql2);

$sql2=str_replace("\r","",$sql2);   


Time to get some sleep ? ;-)



cheers,


Chris H.



--------------------------------------------------------------------
--  C.Hayes  Droevendaal 35  6708 PB Wageningen  the Netherlands  --
--------------------------------------------------------------------





--------------------------------------------------------------------
--  C.Hayes  Droevendaal 35  6708 PB Wageningen  the Netherlands  --
--------------------------------------------------------------------

dear group,


I use the $DOCUMENT_ROOT to make a complete file name.

        $fpname=$DOCUMENT_ROOT.'/includes/blocks/dynmenu.php';


It does not work on one site: the document root misses the /home/ start. I could 
just hardcode this but i'ld rather have a function that would work everywhere.

What can i do?


Warning: fopen("/www/ecodorp/admin/modules/dynmenu.src","r") 
- No such file or directory in /home/www/ecodorp/php/post/admin/modules/dynmenu.php on 
line 378
I cannot open /www/ecodorp/admin/modules/dynmenu.src
Chris




--------------------------------------------------------------------
--  C.Hayes  Droevendaal 35  6708 PB Wageningen  the Netherlands  --
--------------------------------------------------------------------

The first echo statement doesn't work, the second does.  Anybody know
why?

$string1=15;
$string2=27;
$myarray[$string1][$string2]="syncopated";
echo "$myarray[$string1][$string2]<br />\n";   //displays Array[27]
echo $myarray[$string1][$string2] . "<br />\n";  //displays syncopated

> The first echo statement doesn't work, the second does.  Anybody know
> why?
>
> $string1=15;
> $string2=27;
> $myarray[$string1][$string2]="syncopated";
> echo "$myarray[$string1][$string2]<br />\n";   //displays Array[27]
> echo $myarray[$string1][$string2] . "<br />\n";  //displays syncopated

Complex variables inside quoted strings need to be dereferenced using {}'s

eg.

echo "{$myarray[$string1][$string2]}<br />\n";

Or better yet:

echo $myarray[$string1][$string2] . "<br />\n";

-Rasmus

Not only a good answer, but the best explanation.

thanks,

bill hollett

Rasmus Lerdorf wrote:

> > The first echo statement doesn't work, the second does.  Anybody know
> > why?
> >
> > $string1=15;
> > $string2=27;
> > $myarray[$string1][$string2]="syncopated";
> > echo "$myarray[$string1][$string2]<br />\n";   //displays Array[27]
> > echo $myarray[$string1][$string2] . "<br />\n";  //displays syncopated
>
> Complex variables inside quoted strings need to be dereferenced using {}'s
>
> eg.
>
> echo "{$myarray[$string1][$string2]}<br />\n";
>
> Or better yet:
>
> echo $myarray[$string1][$string2] . "<br />\n";
>
> -Rasmus

I'm not sure of the problem but something like

<?
if ($condition) { echo $time}
else { //do something else}
?>
You can also print or echo html from php if that helps your program flow

like
<?
echo "<Table>
         <TR><TH>title</TH></TR>
          <TR><TD>$data</TD></TR>
          </Table>";
?>
Often you will want to generate the table rows in an if() or while()
statement
You can do the same thing with any html tags , javascript, etc.

Web pages are not static so pass parameters you need through url
A php trick is that <a href="$PHP_SELF?params"> calls itself with the
parameters
you give it. This works on form action= statements too

HTH

Nafiseh Saberi wrote:

> hi.
> I write program with php,then for build table I must to close it,
> write html tag and then open php and continue,...
>
> I ask time in one line and in another line I want to show it.
> but I want the first line doesnot run in all condition.
>
> I think my problem will solve with static variables.???
> thanks.

--
Dell Coleman, Principal
PICO Technology Corp.
Victoria, BC
Email [EMAIL PROTECTED]
Web http://members.home.com/pico/

I think I did misunderstand -- php is not like C where you declare things
global
both in the main program and in subroutines. If you are not in a function
everything is
automatically "global"; in php functions you need to declare variables to be
global.
--so you don't need it

the problem looks like the call to strtotime('now')
see http://www.php.net/manual/en/function.strtotime.php
for the proper usage

I am fairly new to PHP Scripting, and I am learning from a book.
Throughout the book, print is used as the basic command to output
text/variables.. yet I see almost everyone in here uses echo. Might I ask
what the differences of the two are, and if there are any benefits of using
one over the other?
Thanks,
Andy

You can read the notes lower on the page here to get a good idea:
http://www.php.net/manual/en/function.print.php
Jeff Oien 

> I am fairly new to PHP Scripting, and I am learning from a book.
> Throughout the book, print is used as the basic command to output
> text/variables.. yet I see almost everyone in here uses echo. Might I ask
> what the differences of the two are, and if there are any benefits of using
> one over the other?
> Thanks,
> Andy
> 
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>

Thanks!
Helped a lot.
-Andy
Jeff Oien <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> You can read the notes lower on the page here to get a good idea:
> http://www.php.net/manual/en/function.print.php
> Jeff Oien
>
> > I am fairly new to PHP Scripting, and I am learning from a book.
> > Throughout the book, print is used as the basic command to output
> > text/variables.. yet I see almost everyone in here uses echo. Might I
ask
> > what the differences of the two are, and if there are any benefits of
using
> > one over the other?
> > Thanks,
> > Andy
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
> >

Is there a program which will check for cookies before
it allows access into the web site ?

I want the user to enter the userid/password on a
secure web server and pass the cookie information to
the regular server. I don't want them to access
regular web server without that cookie being enabled
through the secure server.

Thank You

Sunil

__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/

I have a form that submits data to a database, works great until someome 
puts in an apostrophe in the comments area...how do i escape this 
charecter upon
insert?

> I have a form that submits data to a database, works great until 
someome 
> puts in an apostrophe in the comments area...how do i escape this 
> charecter upon
> insert?

http://www.php.net/manual/en/function.addslashes.php
That should work fine.
-Andy
<[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I have a form that submits data to a database, works great until
> someome
> > puts in an apostrophe in the comments area...how do i escape this
> > charecter upon
> > insert?
>
>
>
>

Tried addslashes also urlencode, neither worked...

the input is from a comment area in a form...that adds data to a mysql 
database...the comments contain commas and apostrphes, that when 
you try to subit, screw up the execution of the insert....

Any help would be very very very very appreciated....driving me nuts.


> http://www.php.net/manual/en/function.addslashes.php
> That should work fine.
> -Andy
> <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > I have a form that submits data to a database, works great until
> > someome
> > > puts in an apostrophe in the comments area...how do i escape this
> > > charecter upon
> > > insert?
> >
> >
> >
> >
> 
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>


On 26-Aug-2001 [EMAIL PROTECTED] wrote:
> Tried addslashes also urlencode, neither worked...
> 
> the input is from a comment area in a form...that adds data to a mysql 
> database...the comments contain commas and apostrphes, that when 
> you try to subit, screw up the execution of the insert....
> 
> Any help would be very very very very appreciated....driving me nuts.
> 
> 

The Ouji board:  'check line 47' (but then it always sez that).
How about posting some code ?

Regards,
-- 
Don Read                                       [EMAIL PROTECTED]
-- It's always darkest before the dawn. So if you are going to 
   steal the neighbor's newspaper, that's the time to do it.

> mine always says ask don" lol...actually got it figured out right after muy 
last post.... "rawurlencode" worked great....

Thanks though!


> On 26-Aug-2001 [EMAIL PROTECTED] wrote:
> > Tried addslashes also urlencode, neither worked...
> > 
> > the input is from a comment area in a form...that adds data to a mysql 
> > database...the comments contain commas and apostrphes, that 
when 
> > you try to subit, screw up the execution of the insert....
> > 
> > Any help would be very very very very appreciated....driving me nuts.
> > 
> > 
> 
> The Ouji board:  'check line 47' (but then it always sez that).
> How about posting some code ?
> 
> Regards,
> -- 
> Don Read                                       [EMAIL PROTECTED]
> -- It's always darkest before the dawn. So if you are going to 
>    steal the neighbor's newspaper, that's the time to do it.
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>

Hmmm.  Manuel what's that you're smoking?  Where can I get some?

M

-----Original Message-----
From: Manuel Lemos [mailto:[EMAIL PROTECTED]] 
Sent: 24 August 2001 20:30
To: [EMAIL PROTECTED]
Subject: Re: [PHP] The future of PHP

Hello,

Egan wrote:
> 
> On Fri, 24 Aug 2001 15:34:04 -0300, Manuel Lemos <[EMAIL PROTECTED]>
> wrote:
> 
> >> Many small businesses would like to do e-commerce, but can't afford

> >> expensive consultants, expensive hardware, and expensive software 
> >> tools developed by huge corporations.
> >
> >e-commerce? You mean B2C? Can small business live from that? I'm 
> >afraid not! Maybe I am wrong. :-)
> 
> 100 years ago you could easily do business without a telephone.  But 
> what percentage of businesses today operate without a telephone?
> 
> A web presence with web commerce will become a utility like the 
> telephone.  Having it will be more important than measuring artificial

> distinctions between B2C vs. B2B.

Huh? That's a nice marketoid speech for you to talk Internet-ignorant
people to get into e-commerce, but what does that have to do with my
question?

Can small business live from e-commerce today?

> >> Look at all the large corporations bleeding money and cutting 
> >> staff. Mega-corporations are in decline, and their era is ending.  
> >> Long live the small business!
> >
> >What? Large business are being affected because the whole networking 
> >business is in recession.
> 
> Large corporations don't know you or care about you as an individual 
> customer.  You're just an account number to them.  The only thing they

> care about is the "big" sale to other "big" corporations.  But even 
> then, do they really care?  Not in my experience.
> 
> The networking recession is just one symptom of their disease.

Do you really believe that? As far as I can recall, this recession
started when a "mean judge" convicted Microsoft for anti-trust
practices. That caused NASDAQ crash that scared people away from
investing in tech company stocks. Many Internet companies dried and
without cash from the investors many went bankrupt. That affected all
the small or big corporations that have grown and were dependent on the
networking market. I don't think this affected much non-technological
companies, big or small. So I don't think  your anti-big corporations
speech has much to do with this.

Regards,
Manuel Lemos

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED] To
contact the list administrators, e-mail: [EMAIL PROTECTED]

Hello Rasmus,

Rasmus Lerdorf wrote:
> 
> > So, it is very hard to convince the anybody to bet all the farm in PHP.
> > You may have the technical arguments, but is not enough, I'm afraid.
> >
> > You in particular, may not need to convince others to bet on PHP, but it
> > is nothing like that for most people that want to live from software
> > development. They have to put up with work/business opportunities that
> > the market offers to live from it. So, today, I'm afraid that you
> > already still have an hard time to convince people to dedicate only to
> > PHP, even those that know and believe PHP is that great.
> 
> PHP is represented at every important technical conference right alongside
> Perl and Python.  When you hear someone talk about scripting languages,
> they will usually say Perl, Python and PHP.  I don't see any problem with
> the current state of PHP "marketing" in the technical community.

I think that is not the largest part of the PHP community. Let me
explain: I believe the largest part of the community is made of those
that develop Web sites and applications for some one else and do it for
a living. Many of those don't always manage to make the technological
decisions, their bosses do.

There you have two problems: convince those bosses that PHP is still a
superior technical solution to solve their development needs as they
evolve, and then convince them that other languages/technologies that
have been also evolving are not yet as good as PHP, despite they have
been flooded of news from everywhere that they are much more advanced
and better for the developer needs.

The first problem is technical. You just keep developing PHP to satisfy
the user needs as soon as you perceive them and that's it.

The second problem is marketing. It doesn't matter for people that have
to make the decisions how much better PHP in fact is if people don't
hear about it. Even if they hear about it, it may not be enough if they
hear much more from the rest (Java, ASP.Net, C#, , whatever).

Here PHP looses bigtime. You may not want to believe me, but I am afraid
that unless PHP is better marketted, soon or later its market acceptance
will be weakened.

> PHP is not marketed the way Java and .NET is.  There are no multi-billion
> dollar corporations behind PHP and asking us, and apparently me

That's not my point. Some marketing is better than no marketing at all
which is what you do today. There are plenty of ways to do some
marketing on PHP that don't even cost money to you.

> personally, to make that happen is unrealistic.  Like Linux 5 years ago,
> PHP is adopted by the techies and somewhat shunned by the suits because
> they haven't read about it in their latest advertisement-sponsored
> magazine.

oh, man Linux was a different story. Expecting a similar future for PHP
I'm afraid it may be wishful thinking. PHP is mostly focused on Web
development. Web market is fading out.

Even if you can do non Web programming with PHP, most people are not
aware of that. You need to do some marketing to put in evidence that PHP
is as much capable for non-Web programming.

There you have another big problem that is there is no affordable way to
compile and generate executables from PHP programs. I know that
historically you never liked this ability into PHP programs, but that is
a vital need for people that will want to distribute their programs like
VB or Delphi programs.

> We can't possibly hope to compete with Sun and Microsoft when it comes to
> suit-oriented marketing drivel.  What we can do is concentrate on what we
> do best.  Writing a solid and very focused tool.  Building the grassroot
> community and being visible at all relevant technical conferences.  If we
> continue to do this, I see no reason for any dropoff in PHP popularity
> which leads directly to more and more corporate acceptance.

You believe in whatever you want, off course, but I think it is time to
adjust course. Assumming that the future of PHP is just a technical
matter, I'm affraid you are neglecting an important part of the
equation: the people. The needs and beliefs change through time.

I am try to show my current view of what people feel and need today that
I don't see addressed. You can see that and work on the changes if you
agree. I have more ideias if you care to work on that direction.

Regards,
Manuel Lemos

I should probably just forget I ever sent this post, but in case anyone is 
curious, the problem was that I was using the address cached in the address 
bar in Konqueror to open the home page of the application.  For some reason 
this address was "file: /var/ww/html/homepage.html" instead of 
http://localhost/blahblahblah.html and I never noticed.  So the html pages 
looked normal, but without the server, the php pages left something to be 
desired. 
 
Thanks,
SW

On Friday 24 August 2001 09:15, you wrote:
> <Original message>
> From: Scott <[EMAIL PROTECTED]>
> Date: Thu, Aug 23, 2001 at 08:29:07PM -0400
> Message-ID: <[EMAIL PROTECTED]>
> Subject: [PHP] konquerer and php
>
> > I have a database browser that I made with php and mysql.  When I use it
> > in Netscape it behaves normally.  However when I view it using Konquerer,
> > all kinds of php code shows up on the screen when I execute a php page. 
> > I thought that Konquerer might not be recognizing the <? and ?> start and
> > end tags so I tried <script language="php"> and </script>.  However if I
> > use these nothing at all shows up on the screen.  Can someone tell me
> > what the problem is?
> > Thanks,
> > SW
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
> </Original message>
>
> <Reply>
>
> For the script execution it doesn't matter at all which browser you
> use. PHP is processed server-side, so the browser just gets 'plain'
> HTML. I guess something else is wrong than using a different
> browser.
>
> </Reply>

I need to output an array to a text file, now I have created the text file now I just 
need to
write to it, well I need to get the output of the browser to this text file.  HOw can 
i do this,
oh and return each line ...

heres the code

that gets the output
array1.php

<?
// Mail text file extractor.
// Written to extract out certain parts of the file and output in a csv friendly 
format.
// Dan McCullough


 include("functions.php");

if ($submit) {
        $extract = eXtractor1($file_name,$tmp_file_name,$new_file_name);


if ($extract) {

//here goes, get the parsed file from the output of the grep command.
//read the file and output
$fcontents =  file("/tmp/$tmp_file_name", "r");

// run this funtion to format and display the file in a certain output.
function GetField($offset)
{
   global $fcontents;
   global $new_file_name;
   return  trim(substr($fcontents[$offset], strpos($fcontents[$offset], 
" ")));
}

for($i = 0, $count = sizeof($fcontents); $i < $count; $i += 6)
{
   // Make the numbers 1-6 constants if desired
   
   echo GetField($i + 1) . "," .
        GetField($i + 2) . "," .
        GetField($i + 3) . "," .
        GetField($i)     . "," .
        GetField($i + 5) . "," .
        GetField($i + 4) . ",yes<br>\n";
}
        exit;}
}
?>

<html>
<head>
<title>Extractor</title>
</head>
<body>
<form method="post" action="<? echo $PHP_SELF; ?>">
Please input the name of the text file.<br><br>
File to extract:  <input type="text" name="file_name"><br>
Temp file name:  <input type="text" name="tmp_file_name"><br>
CSV File Name:  <input type="text" name="new_file_name"><br>
<input type="submit" name="submit" value="submit">
</form>
</body>
</html>

function.php
function eXtractor1($file_name,$tmp_file_name,$new_file_name) 
{
global $file_name;
global $tmp_file_name;
global $new_file_name;

$filename = "/tmp/$tmp_file_name";
$newfilename = "/tmp/$new_file_name";

if (!file_exists($filename)) { 
touch($filename); // Create blank file
touch($newfilename);
chmod($filename,0777);
chmod($newfilename,0777);

$command = "cat /home/sites/projects/web/extractor/$file_name | egrep
'State:|Name:|Address:|City:|e-mail:|Zip:'>$filename";
system($command);
## nothing worked for me until I added this next line. 
system("exit(0)");
}
return $tmp_file_name;
return $new_file_name;
}

?>

anythoughts would be appreaciated

dan

=====
Dan McCullough
-------------------------------------------------------------------
"Theres no such thing as a problem unless the servers are on fire!"
h: 603.444.9808
w: McCullough Family
w: At Work

__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/

> If your php-code is on a web-server which gives access to other than you
> they can read your code. An example could be other people being hosted
> on the same server..
  Not necessarily. You can enable safe_mode and/or set an open_basedir in 
order to prevent those people from doing that. You should also ensure that 
your *nix permissions won't allow them to do that without interacting with 
the Web server.

  Is it possible to use safe mode yet allow all scripts to include any files 
from /usr/share/php? Normal users ain't gonna have *write* access to that 
directory, so it shouldn't be much of a security concern, I just don't know 
how to do this. I know that I can disable safe_mode and enable open_basedir, 
but that will create yet another security hole because normal users will be 
able to alter LD_LIBRARY_PATH, which is not a very good idea. AFAIK, they can 
make PHP load a custom glibc and thus gain root access to the box if I allow 
them to do that.

A recent feature addition (4.0.7) is a safe_mode_include_dir php.ini
directive where you can do exactly this.

-Rasmus

On Sun, 26 Aug 2001, Artyom Plouzhnikoff wrote:

>   Is it possible to use safe mode yet allow all scripts to include any files
> from /usr/share/php? Normal users ain't gonna have *write* access to that
> directory, so it shouldn't be much of a security concern, I just don't know
> how to do this. I know that I can disable safe_mode and enable open_basedir,
> but that will create yet another security hole because normal users will be
> able to alter LD_LIBRARY_PATH, which is not a very good idea. AFAIK, they can
> make PHP load a custom glibc and thus gain root access to the box if I allow
> them to do that.
>
>


hi.
thanks .
can you describe more about <a href="$PHP_SELF?params"> ???
nafiseh.

 Does anyone know if its possible to use disable_functions on only specified
directories, and not all?
Hopefully its possible..

Any php.ini directive can be used in your httpd.conf on a per-dir basis.
See the manual..

-Rasmus

On Sat, 25 Aug 2001, Andy Ladouceur wrote:

>  Does anyone know if its possible to use disable_functions on only specified
> directories, and not all?
> Hopefully its possible..
>
>
>
>

Try this:

$text = nl2br(htmlspecialchars(stripslashes($text)));

With $text being the data outputted. It will replace apostrophes, quotes,
etc. with their proper html formatting.

Example: input: "PHP is Cool!"
           html output: &quot;PHP is Cool!&quot;

Then if you don't want the $quot;, or whatever is outputted depending on the
input, you can write a script to strip them out if you like. There are lots
of things you can do from this point. Anyway, hope that helps you out...

Navid


-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Saturday, August 25, 2001 2:49 PM
To: Sunil Jagarlamudi; [EMAIL PROTECTED]
Subject: [PHP] Re: escaping special charecters upon submit


> I have a form that submits data to a database, works great until
someome
> puts in an apostrophe in the comments area...how do i escape this
> charecter upon
> insert?





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

php-general Digest 26 Aug 2001 07:54:07 -0000 Issue 838

Reply via email to