[PHP] Re: PHP5 simpleXML bug or am i just being silly :)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
or this:
print('$this->user->site[0]::');
print_r($this->user->site[0]);
wait... thats what he done hehe
nvm?
what is your php5 build?
have you tried the examples?
(http://www.php.net/manual/en/ref.simplexml.php)
did they work?
anyway, it looks pretty odd...
Luke wrote:
Dont you need to use " instead of ' as ' is a string literal, while " parses
variables etc in that string
try this instead:
print("$this->user->site[0]::");
Maybe that will help?
- --
André Cerqueira
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAPuGxaxdA/5C8vH8RAmdMAKDUQ49EszUioLy4VXZ8UEnaJmpq4wCggKNB
ROhlu0/fR4E43KDaFdsrzmI=
=NW8F
-END PGP SIGNATURE-
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Uploading a file to server behind a firewall
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
i dont know if that can be fixed using php, it looks like a firewall
setup problem?
which port is apache running?
i got confused with your ponctuation and explanations, maybe some
rephrasing and more details, like error message, could help
Rick Laird wrote:
I am trying to upload a file to a server behind a firewall.
Notes
It works fine from inside the firewall.
I access the server and run the following
Bug when I run the following code. It works in from within the firewall.
But not from outside.
I have port forwarding turned on obviously. But is there anything else that
I need to do.
Any help would be much appreciated.
Thanks
Rick Laird
?>
Back
File Upload
File
Upload
File 1:
File Upload Results
File Upload
Results
$uploadpath = '/files/';
$source = $HTTP_POST_FILES['file1']['tmp_name'];
$dest = $uploadpath.$HTTP_POST_FILES['file1']['name'];
if ( move_uploaded_file( $source, $dest ) ) {
echo 'File successfully stored.';
} else {
echo 'File could not be stored.';
}
?>
Back
- --
André Cerqueira
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAPtRhaxdA/5C8vH8RAiIjAJ9wtAfZ9UV0FcabcfXv7z6qZxQIiwCg1DGR
H3D5zq0s/2XSFIJSDiBKLKA=
=4OMG
-END PGP SIGNATURE-
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: 2 questions - PHP site Automatic search and slow display
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 (1) dont know if u understood, but have you tryed flush()? (http://www.php.net/flush) (2) i think you could make a script for 404 error, and that script could take that path in the url and use it for searching... Ryan A wrote: Hi, I have to questions which are pretty unrelated except that both of them are in PHP. (1) I am using a class to send email, 3 different kinds (text, html, text+html attachement) no problem there, but I am giving the client the option to mail all his members/clients at the same time...I have set the timeout to +30 everytime it loops so each email has enough time to go through even if its a couple of thousand, heres my problem: I want to display a message after each mail has gone through eg: after the first mail it says: Mail #1: Sent the after the second mail Mail #2: Sent etc etc something like a progress bar...but for now, it waits then loads the whole page at a go instead of one by one. I have looked at the manual and the closest I can come up with is to use sleep() but even then am not getting the display like that and its of course slowing down the sending of mail. Next I looked at buffering...which is not really for my needs either... Any ideas? (2) We are developing a developer site and its going to be php powered and very php related, we want to have that php function search facility that php.net has eg: you type http://php.net/mail and it shows you the mail functions page... I searched the php.net site but I couldnt find any reference to how they are doing that... I know it probably has mod_rewrite which takes the variable to a search script...right? any ideas? or is it somewhere on the php.net site that i have not looked? URL? Thanks, -Ryan - -- André Cerqueira -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAQUYbaxdA/5C8vH8RAjoFAJ0d47zlJvZWv6PVVGBGg/sAvdbkeQCfTGKR eeeFXfm7SGtDWuIBcsnj8KE= =6s7N -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHPdoc web interface
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 i think you are talking about this: http://www.phpdoc.de/ while this newsgroups is about this: http://www.php.net/ you may find what you want to now here, but maybe you would have more luck here: http://www.phpdoc.de/doc/ or here: http://www.phpdoc.de/feedback.html (where the author said it would be very hard to find him here) [EMAIL PROTECTED] wrote: Has anyone tried out the new version ? I've never managed to make it work without having to make ini files for each directory i want to document. I tried just making my options in the form, but it doesnt work here is the output Parsing Files ... PHP Version 4.3.1 phpDocumentor version 1.3.0RC2 Parsing configuration file phpDocumentor.ini... done using tokenizer Parser ERROR: nothing parsed I also like to make a introduction page and some comments and links to other documentation, has anyone done this sought of thing ? - -- André Cerqueira -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAQaR3axdA/5C8vH8RAmGnAJoCRjm8fpeJoCLVGLLyXbQQ8BOBDQCgzMmE q7BtHM6WqQORvv16/yZaR5U= =I0dx -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP Sessions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 if you try, i think you will see that you can Paul Higgins wrote: Hello everyone, I'm beginning to experiment with PHP sessions. I was wondering if it is possible to place objects into the session? Thanks, Paul _ Take off on a romantic weekend or a family adventure to these great U.S. locations. http://special.msn.com/local/hotdestinations.armx - -- André Cerqueira -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAQo0aaxdA/5C8vH8RAk0DAJ4iXSGVPUyqrUm4xm+bK1AxRnSj5gCgr7c/ JZvZMKJyXtzaJ2BzjsmTp5o= =eH2W -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Session performance
i got that doubt too than i checked the manual: http://www.php.net/session seems like it can cache, but the default is no cache using http://br.php.net/manual/en/function.session-cache-limiter.php , you can tune it (dont know how good it would do it) anyway... i use mysql heap table (it stays on ram) for storing session and anything else that i need to access fast Thiago Silva wrote: Hello all, I was wondering... Why session data are stored on files rather than in on memory? People have been telling that acessing session data can be slow, and I need some kind of (fast) caching mechanism to store application data. After some search I found some php code that handles the session with a mysql database. But still, I don't know how fast (or slow) this can be. In general, I will need to cache data (some objects...sometimes kindda big) on, basically, every request and the fact that session data are stored in files scares me a bit. And one more thing...php5 has the same php4 session mechanism?? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Loop Oops....
probably, some of those $_SESSION['question#'] are unset, or arent arrays..
try:
foreach ($answers as $questions) {
$question .= "__";
if (!is_array($questions))
continue;
foreach ($questions as $subquestion)
$question .= $subquestion."--";
}
}
>$insert_query = "INSERT INTO SurveyTable
>(sur_ques_id, sur_ans, sur_num)
>VALUES (1, '$questions', 1)";
>
> $result = MSSQL_QUERY($insert_query) or die("Can not execute query
> $insert_query. ");
>
> The value in the db is either "Array" or part of the string but not
> the whole string. I know the error is creating most of the problem.
you can only concatenate string with scalars (actually only strings, but
php do some conversions...)
if $questions is an array, you cant do that, and if its a string, you
cant foreach it
didnt you mean *VALUES (1, '$question', 1)"; ?
maybe im missing something... but i hope this helps
Alex Hogan wrote:
Hi All,
I am having trouble with a nested loop and I can't seem to get it figured
out.
I keep getting an error that states, Invalid argument on line 20.
Here is the code;
Sessions capture question answers that are multiple answers for each
question.
$answers =
array($_SESSION['question1'],$_SESSION['question2'],$_SESSION['question3'],$
_SESSION['question4'],
$_SESSION['question6'],$_SESSION['question7'],$_SESSION['question8'],$_SESSI
ON['question9'],
$_SESSION['question10'],$_SESSION['question11']);
I init the vars
$question = "";
$subquestion = "";
Here's the loop I'm having trouble with.
foreach ($answers as $questions) {
$question .= "__";
foreach ($questions as $subquestion) { -- Here's the offending line --
$question .= $subquestion."--";
}
}
I am inserting an array of arrays..., I know it's not the best way to do
this but I was only given a few hours to get this up.
The array is delimited by a double underscore and individual answers are
delimited by a double hyphen. Or at lease that's what's supposed to happen.
$insert_query = "INSERT INTO SurveyTable
(sur_ques_id, sur_ans, sur_num)
VALUES (1, '$questions', 1)";
$result = MSSQL_QUERY($insert_query) or die("Can not execute query
$insert_query. ");
The value in the db is either "Array" or part of the string but not the
whole string. I know the error is creating most of the problem.
I can't see what I'm doing wrong Why is that argument invalid?
alex hogan
**
The contents of this e-mail and any files transmitted with it are
confidential and intended solely for the use of the individual or
entity to whom it is addressed. The views stated herein do not
necessarily represent the view of the company. If you are not the
intended recipient of this e-mail you may not copy, forward,
disclose, or otherwise use it or any part of it in any form
whatsoever. If you have received this e-mail in error please
e-mail the sender.
**
--
André Cerqueira
signature.asc
Description: OpenPGP digital signature
[PHP] Re: Parse error, unexpected T_STRING!!
Enrique Martinez wrote: Hello, I'm getting an error that says: Parse error, unexpected T_STRING on line 73 line 73 is: this is what I have below line 73: http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> http://www.w3.org/1999/xhtml";> I have PHP-4.2.2, Apache 2.0 on RedHat Linux 9.0 Any idea how can I fix the problem? Thanks in advance. __ Do you Yahoo!? Yahoo! Search - Find what you’re looking for faster http://search.yahoo.com -- André Cerqueira signature.asc Description: OpenPGP digital signature
[PHP] Re: Forms, or multiple headers?
i think you have to give each checkbox a different name
try: del0, del1, del2,...
and each one with the id of the thing you are displaying
than you do something like this:
for ($i=0; isset($_POST['del'.$i]); $i++)
{
if (!empty($_POST['del'.$i]))
$res = mysql_query("DELETE FROM $table_name
WHERE id='". intval($_POST['del'.$i]) ."'");
}
intval() it or u may have ppl sending a fake form with "' OR '1'='1"
that would end up like: "DELETE FROM $table_name WHERE id='' OR '1'='1'"
you dont want that, right?
Tristan Pretty wrote:
I'm talking to a MySQL database that contains info on all downloads from
our site.
I list all these entries, on a PHP page.
The table structure etc, are static, but the fields retrieved, are
dynamic, based on the users search criteria.
Within each result, I've added a small form, that posts that data, to an
external site (salesforce.com).
Each field looks like this:
http://www.risk.sungard.com/del.gif
But one can have entries on a page..
At present, a user can submit a field to salesforce one at a time, no
probs, and I'll probably wanna keep it that way.
However..
TO enable multiple deletions, I must place the whole table in another
form.
What happens is that no matter how many deletions I select, it only picks
up the one at the top of the page, or none, if the top one isn't selected.
I'm using the following PHP...
if ($submit == 'DELETE SELECTED') {
foreach($_POST[select] as $del) {
$res = mysql_query("DELETE FROM $table_name WHERE
id='$del'");
}
}
But I presume that the embedded forms that talk to sales force, are
disrupting it...
So I need to either:
1. find out how to let the page detect what's selected anotehr way.. OR
2. enable multiple post to salesforce.com, WITHOUT opening potentially
dozens of new windows (one for each submision)
Any takers on a unique way to acheive this?
Tris..
(P.S. Glad you asked ;-) )
*
The information contained in this e-mail message is intended only for
the personal and confidential use of the recipient(s) named above.
If the reader of this message is not the intended recipient or an agent
responsible for delivering it to the intended recipient, you are hereby
notified that you have received this document in error and that any
review, dissemination, distribution, or copying of this message is
strictly prohibited. If you have received this communication in error,
please notify us immediately by e-mail, and delete the original message.
***
--
André Cerqueira
signature.asc
Description: OpenPGP digital signature
[PHP] Re: Necesito una función
spanish newsgroup: http://news.php.net/group.php?group=php.general.es php.general.es just complementing Alex Hogan words: http://www.php.net/manual/en/function.getenv.php (read the comments, they have the code you want) :: N A S S A T :: Depto Tecnico wrote: En una news de www.php.net informan de que esta dirección se puede utilizar para pedir ayuda. En ese caso, necesitaría saber, por favor, si existe una función para saber la IP desde la que se está accediendo a una página. De no ser esta la utilidad de esta cuenta de correo, les ruego disculpen las molestias. Muchas gracias. Un saludo, Pepi García. Dpto. Programación. [EMAIL PROTECTED] www.nassat.com -- André Cerqueira signature.asc Description: OpenPGP digital signature
[PHP] Re: ASCII
char->decimal = ord('a')
http://www.php.net/manual/en/function.ord.php
Csko wrote:
Hi!
Is there a function to convert a ASCII char to decimal or binary?
Or a program?
csko
--
André Cerqueira
signature.asc
Description: OpenPGP digital signature
[PHP] Re: scope problem
can you post something that would run on php?
Larry Brown wrote:
Apparently I'm having some kind of meltdown here. Can anyone explain the
logic behind why the following variable has the original value and how I can
pull/push the value to access it at the end?
while loop
{
$variable = 100;
while loop
{
switch($othervar)
{
case 1:
$variable = $variable + 100;
break;
case 2:
$variable = $variable + 200;
break;
case 3:
$variable = $variable + 300;
break;
}
echo $variable."";
}
echo "The final value is ".$variable."";
}
This gives values something to the tune of...
200
400
700
100
I usually have variables set outside of a while loop that increment based on
the contents of the loop and I could swear that they hold the value on the
other side of the loop. I don't usually use break; in my scripts unless I'm
using switch. However, I would think that if using break was throwing me,
that the value wouldn't print on each cycle of the loop.
TIA
Larry
--
André Cerqueira
signature.asc
Description: OpenPGP digital signature
[PHP] Re: FIle Upload problems
try echo'ing $_FILES['image_upload']['tmp_name'], and check if the path
exists
maybe some wrong configuration on php.ini
upload_tmp_dir ?
it is usually a good idea trying to isolate the smallest piece of code
that gives the unwanted result
makes it easier for other ppl to help, and sometimes you find out the
bug, by yourself, on the way
Brian V Bonini wrote:
The form:
Add Rider
Name:
Lic. Cat.:
Comments:
Upload Image:
The code:
if (is_uploaded_file($_FILES['image_upload']['tmp_name'])) {
move_uploaded_file($_FILES['image_upload']['tmp_name'],
$upload_file_path);
echo "success";
} else {
echo "Possible file upload attack. Filename: " .
$_FILES['image_upload']['name'] . "\n";
switch($_FILES['HTTP_POST_FILES']['userfile']['error']){
case 0: //no error; possible file attack!
echo "There was a problem with your upload.\n";
break;
case 1: //uploaded file exceeds the upload_max_filesize
directive in php.ini
echo "The file you are trying to upload is too
big.\n";
break;
case 2: //uploaded file exceeds the MAX_FILE_SIZE
directive that was specified in the html form
echo "The file you are trying to upload is too
big.\n";
break;
case 3: //uploaded file was only partially uploaded
echo "The file you are trying upload was only
partially uploaded.\n";
break;
case 4: //no file was uploaded
echo "You must select an image for upload.\n";
break;
default: //a default error, just in case! :)
echo "There was a problem with your upload.\n";
break;
}
}
}
No matter what I try this keeps falling through to the default switch.
--
André Cerqueira
signature.asc
Description: OpenPGP digital signature
[PHP] Re: XSS Vulnerabilities and strip_tags
i didnt know what XSS was, just read it on webopedia.com now, maybe i got the wrong idea... strip_tags should prevent a kind of explotation, but maybe its behavior is not exactly what you want... see also htmlentities (http://www.php.net/htmlentities) you need to ask yourself how the environment that you are using will interpret things if you are sending "SELECT ... FROM ... WHERE field1='". $_POST['field1'] ."'", if $_POST['field1'] is: 0' OR field2=0 AND ''=' the resulting string would be: SELECT ... FROM ... WHERE field1='0' OR field2=0 AND ''='' and you probably dont want people making queries as they like hehe dont let ppl upload files and save them as .php or any other extension that would trigger a special behavior on the server that they shouldnt be able to remember you can never trust input data... [EMAIL PROTECTED] wrote: Is the general wisdom that using strip_tags on input is sufficient to protect against XSS vulnerabilities from that input? I have been doing some reading on it but haven't found anything that suggests a vulnerability that removing the tags in this way would not cure. Are there multi-level encodings that can get past strip_tags? I probably should also be doing a urldecode before strip_tags to get around any hex encodings, or does strip_tags handle that? Thanks for any info, -- Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Thank you, Microsoft! Now I need an alternate login method
try absolute urls on 'Location' headers
if thats the problem, ie is not exactly broken, just making some
(questionable) standards mandatory
Chris De Vidal wrote:
Microsoft broke IE 6.0 SP1 on XP in January, requiring this patch to be
able to log into our MySQL-authenticated website:
http://www.microsoft.com/downloads/details.aspx?FamilyId=254EB128-5053-48A7-8526-BD38215C74B2&displaylang=en
Microsoft won't put out this patch into the regular XP updates (I guess
because many websites use an alternate method and it doesn't impact as
many people). You have to download it manually.
Of course, this is generating many complaints and we even lost a few
customers; people believe we're requring them to install software just to
log in, when we're really just requiring they fix something Microsoft
broke.
So I really need an alternate MySQL-authenticated method. Surely they exist?
I have a login page on an SSL-enabled Apache server that (I don't admin).
Here's my code (you can download a complete copy from
http://devidal.tv/~chris/mysql_auth.tar.bz2, including the SQL to create
the members table).
login.php:
==
===
edit_agent.php:
===
echo "You won't be able to see this unless you have a valid login.";
require_once ("close_db.php");
?>
==
check_login.php:
// Only alphanumeric
$password = preg_replace ("/[^\w]/", "", $_POST["password"]);
$query = "
SELECT ID
FROM members
WHERE Email = '$email'
AND Password = PASSWORD('$password')
AND Active = '1'
";
$result = @mysql_query ($query);
// Only if we have matching records
if ([EMAIL PROTECTED] ($result) >= 1)
{
require_once ("close_db.php");
header ("Location: login.php?login_failed=true");
exit;
}
?>
=
valid_email.php:
=
open_db.php is just mysql_connect and mysql_select_db, while close_db.php
is just mysql_free_result and mysql_close. I've included them in the
tarball above as well as the SQL you will need if you want to try this for
yourself.
Again, this code worked well until Microsoft broke IE. It still works if
you apply the patch that Microsoft isn't rolling out to everyone.
I'd considered using Apache's .htaccess files, but I haven't tried
connecting that to MySQL for authentication. And I don't have admin
access on the box to install anything on the server.
Ideas??
/dev/idal
"GNU/Linux is free freedom." -- Me
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: date()
is that all? Khalid Judeh wrote: hello all, i am new to php, i am trying to call the date function this way: and the result i get is: object18/03/04 any help would be appreciated Khaled Jouda cell. phone: 0163-2382758 fax: 1(801)439-1253 alternative email: [EMAIL PROTECTED] _ Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Guru's advice needed ........[Security: SQL injection]
you need to ask yourself how the environment that you are using will interpret things if you are sending this query: "SELECT ... FROM ... WHERE field1='". $_POST['field1'] ."'" and $_POST['field1'] is: 0' OR field2=0 AND ''=' the resulting string would be: SELECT ... FROM ... WHERE field1='0' OR field2=0 AND ''='' if u dont want that to happen, u should escape characters that can be interpreted as something that isnt plain data "SELECT ... FROM ... WHERE field1='". addslashes($_POST['field1']) ."'" result: SELECT ... FROM ... WHERE field1='0\' OR field2=0 AND \'\'=\'' Tariq Murtaza wrote: *Dear Friends!* Can someone shed some light on how "SQL injection" attack occurs when *magic_quotes_gpc *is"ON" and how it prevents when its "OFF". To my understanding apostrophise are escaped automatically in POST/GET/COOKIE when its ON, so how it tends towards SQL Injection. Someone suggested to keep magic_quotes_qpc OFF through .htaccess file and use following line of codes to prevent attacks at start of the file... But unfortunately it does not work for nested POST requests. do anyone have better idea? Secondly why we have to stripslashes while DB (mysql for example) is doing it for us on execution and another question arises doesn't it prevent from SQL injection attack when apostrophise are escaped in query. *What is the best practices handling 'quotation marks' in input string and how to prevent SQL injection. *Looking forward for some advice from panel of experts on forum. Thanks and have a nice day!* *Cheers! *Tariq* -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
