RE: [PHP] Credit Card Validation With Expiration Date
> I'm looking for an algorithm or a free PHP Script which enable me > to verify > expiration date with a credit card number. > > Does anybody knows this ? It doesn't existcredit card number alogrithms do not use the expiry date in their formulas (at least I'm not aware of any that are). Also there is no way to actually check if a credit card is valid without using a company that keeps an online database of active credit cards. The most you can do is verify that the number provided could potentially be a credit card...and even then the expiry date has no algorithm attached to it...as long as it is past the present date there's no way to consider it invalid without cross-referencing against a database of active cards. Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Help needed about queries with MySQL, thanks.
> I have a MySQL database (called "sessions") with a auto-increment > INT field called "sessionID". I try to check if there is already > a record in this database with a given sessionID, which is called > $sessionID in PHP. I use this query, which must be wrong (but I > cannot find out why !!!) : > >SELECT * FROM sessions WHERE sessionID = $sessionID Although this may or may not help depending on your code (please post it if you still haven't found a solution...it's the best way for us to help. Try SELECT * FROM sessions WHERE sessionID = '$sessionID' Although if $sessionID contains an integer (which I assume is would) the quotes aren't needed, you never know. Some OSes are quirky. Also you may want to add an echo mysql_error(); line after your initial mysql_query to see if perhaps there's a problem with PHP communicating with MySQL. Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Using HTTP Referer
The problem I'm having right now is that after the user is logged in, the login.php can never send it back to the page the user came from, it will just redraw the login.php page. Obviously, $_SERVER['HTTP_REFERER'] contains the location of itself instead of the location of the page sent the user here. That would make sense as after a form submission has been done the new referring url would be the page the form was submitted from (hence the login.php). What you need to do is either embed the HTTP_REFER on the login page either via a hidden field in the form, or through a session variable or even a cookie. Basically you need to temporarily store where the user originally came from so then after the submission from the login.php page, you can grab what the old referring URL was and redirect the user to the proper site. Also keep in mind that some browsers do not pass referring URLs at all, and some browsers (such as AOL) do not pass referring URLs if the page now being access was opened up in a new window. You may want to prepare for the potential of not having a referring url be passed occasionally as well. Craig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] hosting "closed" web application for multiple users
2) user cannot trick other root processes to read script.php for her. Is there a better alternative? Depending on your budget yes there is. Zend has a PHP encoding utility which performs two functions, first off since it needs to run through their optimizer your PHP scripts will tend to run faster (at the expense of a bit more memory consumption) and also you don't need to worry about preventing the source code from being read as the php scripts are converted into a binary executable. License to use these programs are I believe around $600 per year but offer a wide range of additional features but I would consider it well worth it to a company rather than spending countless tech hours and security testing to prevent the source from being viewed. http://www.zend.com Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] mail() problem
Below the code i use. Everything works, the $mailto variable is buils up from a database and contains more then one email adresses. Now my question: how can i make the receivers of my message NOT to see the email addresses of all the receivers, so then can't reply to all? The simpliest thing to do would be to break up the $mailto into an array with a separate field for each email address you need then use a foreach loop on the array to send out individual mailings. Or to better improve efficiency don't even put the addresses into an array but rather send out the mail in the routine that grabs the email addresses out of your database. Depending on the number of emails you need to send out this is actually a much better solution than just sending out a mail with 50 or 100 email address in the To/CC/BCC adresses. With the majority of my systems I can pump out around 1000 - 1500 individual emails per minute with minimal resources consumed on the system so a solution of this nature more than likely will work out in your favor. Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Problem using unpack
I'm current trying to use PHP's unpack feature to decode a binary string and
am running into a problem.
Here is the unpack command I am using
$playerdata = unpack("czero/A$lengthone/itwo/fthree/A*four", $rest);
basically it is setup so that the hash created has 5 key/value pairs named
zero, one, two, three and four. However my problem is with the second
key/value pair. Since the information I need for the second field is
dynamic I need to be able to set a variable there to tell PHP exactly how
many characters are to be parsed for that field. So say $length = 5 right
now the command would be translated by PHP as
$playerdata = unpack("czero/A5one/itwo/fthree/A*four", $rest);
At least that's what I need =) The problem I'm experiencing right now is
that PHP translates the variable as $lengthone instead of just $length which
of course always results in 0 and then causes the data to be parsed
incorrectly. I cannot use whitespace to separate $length and one as then
the unpack feature breaks down thinking that whitespace should be in the
string I'm unpacking which messes things up as well.
Any suggestions/tips for handling this problem would be much appreciated =)
I've been plagued with this problem for a few days now and I'm having no
luck =/
Sincerely,
Craig Vincent
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] select the max value
SELECT MAX(scorevalue) FROM score Will display the maximum value of your scorevalue column. Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] function to complete strings with white spaces on the left
untested! The reason for the if statement is that str_repeat will produce an error if 17-strlen($word) <= 0 and that'll break your scriptof course you could remove the if state if you're positive the # of characters in $word never exceeds 16. Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Variables Limit
>Is there any limit on the amount of variables that you can use? I can't say for certain as I don't know the insides of PHP *that* well...but I would guess your limitation on variables would be based on your server/user memory allowances and/or your memory limitations for PHP scripts. Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] some problems about gd in php
> But the result is warning message in IE:"Warning: > ImagePng: No PNG support in this PHP build in > /usr/local/apache/htdocs/index.php on line 9". > > Is this a compiling problem?The compiling command of php is: > > ./configure --with-mysql=/usr/local/mysql > --with-apache=../apache_1.3.24 --enable-track-vars > --with-gd=../gd-1.8.4 --with-png-dir=../libpng --with-zlib-dir=../zlib What version of PHP are you using? Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] problem when my php forum tries to send a mail
> an email. If sombody forgots his password, and tries to get his lost > password, there is the following warning: > Warning: Failed to Connect in c:\program files\apache > group\apache\htdocs\forum03\phpbb\sendpassword.php on line 87 http://www.phpbb.com/phpBB/ There are support forums here for phpBB. You may want to search here to see if there have been others with a similar problem. My guess would be that you don't have an smtp setup on win 98. Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] creating table help
> Warning: Wrong parameter count for pg_exec() in > /var/www/html/elkan/createtable.php on line 23 > The table, ghdsl could not be created > if (pg_exec($dbname, $query, $connect)) I assume pg_exec is a synonym for pg_query (the pg_exec command does exist in the PHP docs). According to the function docs http://www.php.net/manual/en/function.pg-query.php resource pg_query ( resource connection, string query) It only requires two parametersyour $dbname parameter is not acceptable. Since however you specified $dbname in the connect line you shouldn't need to specify the dbname again. So in theory if (pg_exec($query, $connect)) should do what you want, although you should change pg_exec to pg_query to keep in tune with the accepted functions. Also in the future...please ensure you mention what version of PHP you're using. It can help a great deal in helping to resolve your issues. Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php permissions
> How? Manually each time a file is uploaded? Or with PHP somehow? > > I appreciate your response, but perhaps I'm not clear enough. > > Isn't it quite common to have php creating/editing/deleting files on > the server? How is this done in a secure manner? > > Could you explain further? Well technically unless your admin is using the latest PHP updates, the server is already open to known exploits (albeit most are pretty difficult to recreate). Your admin is probably panicing as many others did when the exploits were announced they were mentioned as problems in the file upload routineshowever most people don't realize that these exploits were usable whether file uploading was used or not. In answer to your question the file upload system is fairly secure but you should never rely on it alone. When it initially uploads the file, the file is stored as a temporary name (so there's no way to execute code with a screwy filename). And although it shouldn't be an issue regardless, as long as you remove any fancy characters from the true filename before you store it in another area (anything not alphanumeric or a .) you should have no problems whatsoever. However as was mentioned before, assuming someone did manage to use the file upload system ...the worst damage one could do to a system would be to erase/modify files associated with the webserver username (or files with open permissions)...so really worse case scenario if your admin has done his job properly is one could manage to erase all the other php uploaded files if they found an exploit. Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] $PHP_AUTH_USER
> I have trouble unseting the values of $PHP_AUTH_USER and > $PHP_AUTH_PW. I use > the WWW-Authenticate via header() to authorize the user when accessing the > page. But when the user logs out, values in $PHP_AUTH_USER and PW seem to > remain and the user isn't asked again to authorize till a new > browser window > is opened. I suppose that this problem should be solved by > sending a proper > header() to end the session ... but which one? Of course, I could be wrong > :-) ... I would appreciate if anyone could help me to solve this. Unfortunately I can't find my notes so I can't give you an exact answerhowever if I remember correctly by sending a 401 error header to the user when they log out it will force the browser to re-request authentication Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Checkbox Initial Value based on record in db
> Kinda off topic here, just checking to see If I am on the right track with > this > > > > the result should be : > > IF the record contains the field "abb" and it has a value of 1 > then it will > be checked off for viewing. No, that wouldn't workto have a checkbox autochecked the HTML must be similar to So a sample coding might be > Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP Editors
> > I would love to hear other people's experiences with these > editors though. > > Second that. Has anyone used this new Dreamweaver? What's it like? I guess > I'll have to download it tonite. Dreamweaver used to be my > favorite, but it > sucks for PHP so now I'm hooked on TextPad. Let us know if you have any > experience using Dreamweaver MX. I don't know about thatI've used Dreamweaver Ultradev for years and it worked great for my PHP/HTML coding. I haven't tried MX but am curious as to how it may work. Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Query > Close
> What's happen if when I used a query, I don't do that : > > mysql_close($connection); Well there's a number of issues: - First and foremost, if your connection timeout is at it's default setting (8 hours)you'll run out of connections quickly in MySQL if scripts like this are run frequently - If you're doing more in the script (and not intending to use mysql anymore in the script), php will be hogging more resources on the system than it should. Also mysql will report an error in the logs when the connection finally times out - You'll sleep better at night using mysql_close() =) Really the question to ask is why shouldn't you use mysql_close()? Overall it is better for your system and relieves you of worrying about any potential memory hogging or MySQL connection rejections. Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] getting a function name of the calling function
> Does anybody know of any constants or predefined functions that will
> retrieve the calling functions name? For example:
>
> function new_func($somedata) {
> echo "I am function ".get_func_name();
> }
> ?>
I don't believe there is anything setup to pass the name of a parent
function to a child function. However you could always pass the parent
function's name to the child function as a normal parameter.
Sincerely,
Craig Vincent
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Initially Does Work
> something else after the initial page everything works fine. I > require this > to work initially because if someone comes in directly using a > link certain > content will render a error message because the registered variable is not > present for some reason. Oh and yes the cookie to set the session is being > put on the client's machine properly and at the initial page. > > Am I doing something wrong? Any suggestions would be greatly appreciated! When do you set the session cookie? Keep in mind cookies don't not function in the same call they are created so say you create the cookie on page A, until the user refreshes page A or goes to page B the cookie won't actually be in effect. A snippet of your code would be helpful as well Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Initially Does Work
> Well the cookie is set at the start of the PHP file that gets referenced
> each time. I'm not setting any manual cookies just using the
> default session
> cookie set by PHP. Below is all the code I use for the session. Formatting
> is kind of goofed up in e-mail but it's there. So even though the
> cookie is
> placed in the client's browser it's not used/session is not used or
> recognized until you refresh/reload or go to another page??
That's correct, although the cookie will remain resident it requires an
inital page change/refresh. However after looking at your code I'm not
convinced that is the problem since the first page of a session creation
should still be usable with the session as the session ID is still resident
in memory. Have you tried running the page w/o the use of session_name()?
Also as an FYI $REMOTE_USER is an unsecure variable to use for checking
authentication. Basically because a url parameter will overwrite the
original $REMOTE_USER.
Example say I log into : www.foobar.com/members/index.php with the username
of apollo.
Typically the script would consider $REMOTE_USER = 'Apollo'
However if I changed the link to
www.foobar.com/members/index.php?REMOTE_USER=admin
Now I still have access via basic authentication but now PHP considered
$REMOTE_USER = 'admin' ...or any other username for that matter.
To avoid this at the beginning of the page make sure you force $REMOTE_USER
to equal the apache authentication username
easiest method (for me anyways) is:
$REMOTE_USER = getenv('REMOTE_USER');
Sincerely,
Craig Vincent
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Initially Does Work
> Alright that's good to hear. In a specific case that I'm having > this problem > the main PHP file is including file (content) that refers to > $_SESSION[nSID_PeopleID] in main. This value is vital in > rendering the page. > So it should be there right? Also about removing session_name(), how can I > do this. It was my understanding that you must call session_name before > session_start() and session_register(). Is this not correct? Ahhh, so that's your problem thenthe include isn't getting the session id. I've never used an include with a session setup before but I would see the easiest thing to do be have the include first echo the session id number and see if it is actually getting passed or not on the first call echo session_id(); if that returns nothing for you then the next step might be to assign a temporary variable in your main script $sess_id = session_id(); and then set that session id in the include file directly session_id($sess_id); This is all uncharted waters for me, I usually don't use includes and functions together so I've never had to deal with such an issue. As far as the session name goesyou actually don't need to specify oneby default the session name is PHPSESSION and really unless you have a real reason for using a different session name there is no real benefit to specifying another session name (afaik). Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Kinda HTML and PHP question....
> so the problem is... like some stupid people put word...without > spaces or something without them...just letters no spaces...and > it doesn't warp the text. What do you think i should do at that > point? What do you do in your sites to protect that? because my > tables get wight bigger..they are set to wight=100% . thanks for > any help or any suggestion what should i do. http://www.php.net/manual/en/function.wordwrap.php This I think is exactly what you're looking for. Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] variables over 2 pages w/ a table.
> $left = "news";
> $ltitle = "index";
> $lext= "php";
>
> include ("$left/$ltitle.$lext");
>
> next
>
> so this should link to the index page, which calls upon
> news/index.php, opens
> it in the left column of the table, and gives $start the value of 8.
>
> but it gives me this error:
>
> Warning: Failed opening 'news/index.php?start=8' for inclusion
> (include_path='') in /home/blindtheory/web/newweb/index.php on line 31
>
> so how can i solve this and get the articles to show in groups of 8?
Well your error message tells you your problem immediately.
do you have a file named
/home/blindtheory/web/newweb/news/index.php?start=8
?
I doubt you do =)
You're trying to pass what would normally be an HTTP query string as a
parameter for opening a local file on your system. There's an exact example
of this on http://www.php.net/manual/en/function.include.php example 11-5.
Basically you need the include to be an http link...not a local link
ex.
include("http://www.foobar.com/index.php?lext=php?start=8";);
Sincerely,
Craig Vincent
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Opinions Wanted
> Whats the best way of keeping this page temporarily in existence ?? > > I don't want the query to run every time when they have changed no > information and I don't want the Warning Page has expired please re-submit > details when the reload the page ! > > At the moment I'm thinking I can create a temporary static version of the > page ? > but would like to here some other opinions about it ! You could generate temporary pages but unless they're on a ramdisk more than likely they'll cause more disk i/o usage than just rerunning the query every time the person accessed the page. As for elimininating the repost warning if someone refreshes the page that's simplechange your search for to use the GET method instead of POSTthis then has all the variables transmitted via the URL and has no warning messages associated with it if a person refreshes the page or returns to that page using the forward/back navigation buttons on their browser. Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Stupid question
> I have a script that outputs this: > 0.023884057998657 > > What's the command to make it shrink down to this: > 0.023 > > > I thought it was eregi() something, but I forgot. sorry It depends on what you need. If you want to round the number off to 3 decimal points use the round() function. However if you don't want to round and instead just want to truncate the number, the number_format() function would be what you need. Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] arithimetic
> $section = $box3 + $box4 + $box5 + $box6; // new ones i have added that > won't work Are the $box values listed here actually receiving values from the form? If you do an echo "$box3 $box4 $box5 $box6"; what do you see? Could you provide the HTML for your form as well please? It may help shed some light on your situation. Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Linux and permissions
> My PHP scripts are in a directory, "php". The owner of the > directory is "root" > and the group is "apache". Other has no rights. > > Group has rx rights. All works well *except* the surfer can view > the directory > of the php directory *and* copy the files. It means that DirectoryIndexing is enabled in apache =) you can either disable that (recommended) or as a quick fix put a blank index.htm (or .html file) in that directory so when someone calls up just the directory they get that blank page. Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Self Destruct code
> Hi > I have a funny request; I wrote a system for a client and am rather > concerned that I am not going to receive payment for the work done. They > want me to hand over the code before they are willing to pay, so > basically I will be left at their mercy; if they don't pay, they will > still have a working version of the system... > So, is there any way I can inconspicuously code in some boo-boo's that > are time related etc. Something that will bomb the mysql tables or break > some code if it is not "unlocked" within a month etc. > I'm not sure if people out tjere might have existing safeguard tools > etc, so I'm open for suggestions. > PS, I know about Zend's encrypter, but since it will live on their > server, I don't think it will help much since they will need the > decrypter on there anyway right? I wouldn't do something like this, there's too many legalities at stake. Personally I would suggest requiring at least a modest retainer before transmitting the code if you don't trust him (and in the future you may want to consider getting a deposit from a company before even beginning work). The other thing you could do is encode the file using the zend encoder and transmit just the compiled version to themthen they could still wind up not paying you but worse case scenario means they get the code only as is, no ability to modify it or fix bugs. I know you mention in your post you're aware of it but trust me, being unable to fix any bugs with it can serious cause problemsor to even go a step further you could add an extra line of code (assuming you encode this of course) the does an http call to a file/url on a server you controlyou could instruct your program immediately terminate if it cannot access that specific file. Then if the company doesn't pay you, you remove that file and poof the program is no longer usableand since it's encoded they could not determine what the problem is nor solve it. However in the future I strongly urge you to get a deposit for any projects you're going to work on. Such a retainer is perfectly acceptable in a circumstance like thisand it protects you from companies deciding to terminate a project mid-development (or if they don't pay you, you at least get something out of it). Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP and mySQL
}else if(!$submit){
Acthough you didn't show 75 lines of code my guess would be your problem
lies here. The else and the if shouldn't have a space between them.
} elseif(!$submit){
See how that works for you =)
Also your SQL is faulty
$sql = "UPDATE Book2 SET stock ='$stock-quantity' WHERE booktitle=$booktitle
AND quantity=quantity";
$booktitle I'm 99.9% certain is not an integer. Therefore you need single
quotes around it. And the condition quantity=quantity is a tad redundant
since quantity would always equal itself =) I suspect you meant
quantity=$quantity (again if it's not an integer you need single
quotesheck put single quotes around it anyways...it doesn't hurt)
$sql = "UPDATE Book2 SET stock ='$stock-quantity' WHERE
booktitle='$booktitle' AND quantity='$quantity'";
Sincerely,
Craig Vincent
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP and mySQL
> You are missing a " before $booktitle. > old:booktitle=$booktitle AND quantity=quantity"; > new:booktitle="$booktitle AND quantity=quantity"; So you're saying $sql = "UPDATE Book2 SET stock ='$stock-quantity' WHERE booktitle="$booktitle AND quantity=quantity"; is the correct SQL statement? Me thinks you would be mistaken. That's another painful parsing error waiting to happen. You are partially right though, quotes were missing from the statement (although the missing quotes would have no effect on PHP running the code, just the MySQL server trying to execute the query). Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] newbie bigtime
> /* This page receives and handles the data generated > by "form.html". */ > print "Your first name is $FirstName.\n"; > print "Your last name is $LastName.\n"; > print "Your E-mail Address is $Email.\n"; > print "This is what you had to say:\n > $Comments\n"; More than likely you're using 4.2.0 which had global variables turned off by default. You're not the first one to experience this problem and probably won't be the last. You'll need to call the files using a global arraysince you're using the post method $_POST['$FirstName'] would be the correct variable to use to get the FirstName data from the form. Or an easier approach would be $_REQUEST['$FirstName'] which will provide you with the results no matter what method you use to post the form. > And the book suggested POST instead of GET because it > is stated that Post is secure and GET is not. hehehahaha =) The book is dead wrong. Both formats are insecure, the main difference is that the GET method displays the variables in the url string whereas post caches the variable values in the browser. There are advantages and disadvantages to both but neither of which have the advantage of security. IMO POST is better to use generally since it presents much cleaner URLs to the end user, but I find the GET method much better when debugging a script designed to process a form submission. Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] is $HTTP_REFERER worth trusting?
> I have a php program which executes a heavy mysql query upon request. > Normally, it should not be requested too often, but I am afraid > malicious user trying to massively call this program. I am considering > to use $HTTP_REFERER to restrict the connection source, but is it worth > trusting? Is it possible for a hacker to make an identical $HTT_REFERER > in the header? I have no idea how $HTTP_REFERER is made, is it made from > the http client and put in the http header? > > If I can't trust $HTTP_REFERER, how can I deny malicious attack like > that? An HTTP_REFERER header is sent by the client browser...which means it is mimicable (and quite easily I might add). Although adding HTTP_REFERER restrictions to a script may add a small bit of security against script kiddies it by no means is a true method of defence against hackers. The best thing you can do is temporarily record the IPs of connections to your script, and then block IPs that connect to the script too often directly from your routing table. It doesn't necessarily stop those using proxies but definately is more reliable than an HTTP_REFERER protection scheme. Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP and MySQL
> mysql_select_db( $db, $link )
>
> or die ( "Couldn't open the $db: ".mysql_error() );
>
>
> if ($submit){
>
> if( $booktitle AND "quantity" ){
>
> $sql = "UPDATE Book2 SET stock ='$stock-quantity' WHERE
> booktitle='$booktitle' AND quantity=quantity";
>
> }
Easy enough =) You're not running the mysql query =) You're never sending
a command to MySQL to tell it to execute the $sql statement
if( $booktitle AND "quantity" ){
$sql = "UPDATE Book2 SET stock ='$stock-quantity' WHERE
booktitle='$booktitle' AND quantity=quantity";
mysql_query($sql);
}
Should do the trick. Or even cleaner
if( $booktitle AND "quantity" ){
mysql_query("UPDATE Book2 SET stock ='$stock-quantity' WHERE
booktitle='$booktitle' AND quantity=quantity");
}
Sincerely,
Craig Vincent
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP and MySQL
Missed a spot =)
> if( $booktitle AND "quantity" ){
I'm not certain if this if statement is accurate. I've never used a
statement like this but from the looks of it the AND "quantity" part would
always be true (assuming it parses it). This could be adding to your
problem as well. I think you were aiming for something like
if ($booktitle AND $quantity) {
or how I do it (although it looks a bit messier)
if (($booktitle) && ($quantity)) {
Sincerely,
Craig Vincent
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP and MySQL
> You do realise, you have just pasted your database connection details to > the world?! I gonna have to write an article on how to communicate > securely over the internet. (not just with PHP, but with the data you > communicate in the messages as well!!) Well not quite, she did post her username password but it's not like we're aware of the server IP she's using. Not to mention most people are competent enough now a days to properly restrict their MySQL servers to talk only with specific hosts and IPs. I think she's safe from anyone trying to maliciously abuse her MySQL server due to her post =) Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Feelin' dumb...
> For each loop, I want to add 20 to $i, so after the first
> iteration, I have
> 21, then 41, 61, etc. I've tried $i+20, $i + 20, I've tried looking in the
> manual, but I assume this is some C-type function, and I'm not
> familiar with
> C!
Well this is a bit of a detour from the other suggestions however since you
haven't gotten a successful solution yet how about
for ($i=1; $i<=$num_pages; $i++) {
$number = ($i * 20) + 1;
// print stuff here
}
The results would be $number = 21 on first run, then 41, then 61 etc (which
I believe is what you are looking for). Note the parenthesis in the $number
line are not needed however I typically code with them as it makes it easier
to understand the code with less though =)
Sincerely,
Craig Vincent
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Feelin' dumb...
> I wonder why the other suggestions weren't working. They seemed logical
> enough, I even tried variations of your suggestion, first I tried:
>
> for ($i=1; $i<=$num_pages; $number = $i + 20) {}
> for ($i=1; $i<=$num_pages;) { $number = $i + 20; }
The problem with these two statements was that the loop would be indefinate.
Without the third option $i is never incremented (unless you manually
increment it from within the loop). So with your examples $i would always
be 1 and would therefore always be <= $num_pages unless $num_pages was zero
or negative.
Sincerely,
Craig Vincent
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Feelin' dumb...
> I think I figured this out - > > Since I only have 2 pages, the first iteration of the loop sets $i greater > than than the number of pages, i.e. $i becomes 21, which is > greater than 2, > so the second iteration stops there. Am I seeing this right? > > So Craig's way worked because $i was left alone in the for() > expressions and > only modified in the statement, therefore on the second > iteration, $i was 2 > and thus it satisfied the second expression and iterated once more. > > I *think* I'm understanding this correctly, though if others see it > differently, please let me know! Yupthat's what I figured you were doing which was why I saw a problem with the for loops having $i being incremented by more than one (ex. $i + 20). In order for that to have worked more effectively you would have needed to multiple $num_pages by 20 as well before the for loop was called which was redundantand probably would have caused problems with getting the proper results from the database depending on how you coded it. Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Feelin' dumb...
> I think I see the error here.
>
> if ($num_pages >= 2) {
> for ($i=1; $i<=$num_pages; $i++) {
> $number = ($i * 20) + 1;
> printf("| href=\"test.php?page=%s\">Page %s | ", $number,
> $i);
> }
> }
>
> Is ALMOST right... Except that the I need the first iteration to return 1.
> In this case, it returns 21, so the next iteration is 41. Follow
> me? I need
> 1, 21, not 21, 41. Almost there I think, unfortunately, I need to
> jet. I'll
> be thinkin' on this one while DJing, definitely!
Easy fix =) Put the $number = ($i * 20) + 1; at the end of your for loop
so it is the last thing done prior to starting a new loop.
Sincerely,
Craig Vincent
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP,Apache disabled FTP?
> I'm a newbie so please forgive the question, > I have reciently setup apache and PHP and now FTP does not work! > I am running a win2k pro machine, is this because of PHP or > APACHE or what? > am going crazy and have searched google like crap without any damn > answer...then went to microsoft.com searching...still no @#$#$#@ answer. Unless you did something totally off the wall I seriously doubt Apache or PHP are affecting your FTP server. Perhaps you should check the documentation at your FTP provider's site. Perhaps it can assist you in troubleshooting why the server isn't working. Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] how to select a file on a random basis?
> I would like to pick a file out of a directory by random. There are 400 > files and I just want to pick on of those by random. > > Is there a way with rand() and file ? Well there's a couple ways you could do this...it's too early in the morning to post code but with some quick searches in the manual you should find all you need. The most dynamic way to do this is to grab all the filenames in the directory you want, then randomize the array using shufflethen use the first cell value in the array. If you don't understand what I'm suggesting just lmk =) I'll try explaining in better detail when I'm more awake hehe. Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Baffled, line producing error
I was happily coding when I came across a mysterious error. I've traced it
to this line
if ($player_password != $player_password_verify) { $errmsg .= 'Password
don't match. Please try again'; $error = 1; }
commented out the script runs fine, if this line is active an error is
produced. My eyes are going bug eyed trying to find what the problem is and
I'm hoping a second pair of eyes may point out my error.
I've provided the entire script in case by chance the error is actually
stemming from elsewhere in the script and I'm missing that as well. The
error message from the compiler states the error is stemming from line 15
(which is the line I posted above). Any suggestions?
0) { $errmsg .= 'Player name already
exists'; $error = 1; }
if (!$player_password) { $errmsg .= 'You must specify a password for this
user'; $error = 1; }
# For some weird reason the line below produces an error...I can't find
anything wrong
if ($player_password != $player_password_verify) { $errmsg .= 'Password
don't match. Please try again'; $error = 1; }
if (!$error) {
mysql_query("INSERT INTO eq_guildmembers (player_name, date_joined,
player_email_address, player_icq, priv_admin, player_password) VALUES
('$player_name',NOW(),
'$player_email_address','$player_icq','$priv_admin','$player_password')");
else { echo 'Submission successful...click here
to return to the roster'; exit; }
}
}
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Baffled, line producing error
> If the "error" is a warning about undefined variable, then set a default > value for $errmsg before you start adding strings to it. > > $errmsg .= "this"; > > That by itself means $errmsg = $errmsg . "this";, but if $errmsg isnt' > defined, you'll get the warning. > > Set $errmsg = ''; at the beginning of your script if that is the > problem... > > For future reference, always give the exact error when posting. > > Trying to be psychic, You'll notice a few lines up I have defined $errmsg =) It's a standard parsing error I'm getting Parse error: parse error in admin_add_player.php on line 15 Since this message does not arise when line 15 is removed I can only assume the error is actually on that line and not a missing quote or bracket somewhere else in the script. Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Baffled, line producing error
> Notice the ' inside the '', this is bad syntax. For more > information on using strings in PHP, see: Sheesh you're right, as I said it was probably a dumb error, three other people have looked at this that I'm aware of and missed it toolol glad your eyes are better than ours. Thank you for pointing out the mistake Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Which 'make' is needed for linux to install php?
> I learned I need 3.8 at least gnu make for installing this freetype > which seems mandatory for good fonts with gd/php image creation > > ok, so that made me think, which 'make' version on linux (raq 3 fyi) > would one need for php 4+? I currently use 3.79.1 of GNU make (Linux slackware and redhat) and have never had a problem with any version of PHP (3.x or 4.x) Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Selecting databases
> I have a script that needs to be able to choose between 3 different
> databases related to a pull down menu. Any ideas about what functions I
> should be looking at
There's really no need for a function. Most ANSI standard SQL servers will
allow you to specify databases on the fly in your queries.
So say you had a pulldown menu
Database 1
Database 2
Database 3
With this the name of the database will be transfered to the $database
variable upon the form being submitted.
Then:
mysql_query("SELECT * FROM $database.table_name");
Will run a query on the appropriate database...of course this format is
assuming that all the table names will be identical, although if you do have
different table names for each database it's very easy to change that
dynamically as well.
Sincerely,
Craig Vincent
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Why doesn't this work? HTTP_USER_AGENT
What have I done wrong in such a simple bit of code? - Howdy I copy & pasted your code onto a test HTML page and modified the mysql commands to appropriately connect to my MySQL server. There was absolutely no problem with this code at all. What version of PHP are you using? Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] database question
> what does \S means? http://www.php.net/manual/en/pcre.pattern.syntax.php This page gives a good description of many of the regex metacharacters and their meanings. Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Security and Cookies
A more secure choice would be using a basic authentication scheme. If you're using apache there are several apache based modules for MySQL username/password authentication. With a little finess a similar scheme can be done for PHP. However if that's not an option my recommended PHP choice is to use sessions (needs 4.x+)when a person logs in they get assigned a session ID. If you use PHP's session functionality the codes should be more than distinct enough that no one could "guess" another person's session ID. A second benefit is that only users who have been online prior to the session expiring could be accessed. Plus since the ID would be unique every login it would prevent people from bookmarking the member pages and would need to relog back in every time they wish to access the site. As for being afraid people can access the admin files...the best solution is to move the admin files to an area a normal individual could access... (ie another domain or subfolder protected by username/password, or IP or both). Sincerely, Craig Vincent -Original Message- From: Steph [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 8:45 PM To: [EMAIL PROTECTED] Subject: [PHP] Security and Cookies A friend of mine needs help, we are both PHP newbies. Here's her prob: I have user authentication program that uses mySQL to store the username/password and other information that they entered when they registered. The secured pages use ?userid=$userid at the end of the page name to designate who the user is. (example: main.php?userid=admin) I want to make this more secure so that you can't just type the example in and have access to the admin files (or type in someone's username and have access to their files). I'm using a cookie right now but I'm having troubles with it because you have to refresh the main page every time you login or it says that you're not a valid user. Steph -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] check if user exists
> how do i check if user exist?
> I tried...
> $result = mysql_query("SELECT count(uname) FROM users WHERE
> uname=\'$username@$domain\'");
> if(isSet($result))
> return("Username already exists.\n");
> but still wont work.. :(
if (mysql_num_rows(mysql_query("SELECT uname FROM users WHERE uname =
'$username@$domain'")) > 0) { return("Username already exists.\n"; }
That should work for you.
Sincerely,
Craig Vincent
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] not null
> When a field is declared as an integer, not null and is the primary,
> how would I address it's empty set?
>
> ex: if($value == ???)
> {
> bla
> bla
> bla
> }
>
>
> My condition wants there to be nothing in $value.
Are you referring to the (INT, NOT NULL, PRIMARY) field being in a database?
Sincerely,
Craig Vincent
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
