[PHP] Filter out MS Word 'quotes' for RSS
Hi All, I've got a forum/blog system which is displaying correctly in the browser. However, I've also got an RSS feed that is created from the data entered. It seems that some of the users are copying and pasting from MS Word or other packages, and this means that strange quote marks (among others) are appearing, and breaking the RSS feed. Obviously I need to convert these on entry, or on output into RSS. Does anyone know of an easy way to do this, or is it a case of identifying each unusual character individually? I've been searching on Google for some advice on this, but not found anything so far... Thanks in advance, Kev -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Header("Location: ... or Header("Refresh: 0;...
Hi All,
I'd really appreciate your advice with this one...
I have a cart. Visitors can browse a catalogue, click 'Add to cart', and are
taken to the shopping cart with the new item added...
This is working perfectly for 99.9% of visitors, although 2 separate support
calls have reported they don't get redirected (catalogue page remains in
address bar), and the page doesn't load (blank white page with 'Done' in the
status bar).
Now I'm guessing this has something to do with the header command I'm using:
header ("Refresh: 0; URL=cart.php?action=add&id=$reference&c=$cat&p=$page");
exit;
I'm guessing the header isn't working, but the exit does, hence no page
load.
I've searched the web and some contributors say Refresh shouldn't be used,
and others say that a 0 Refresh is exactly the same is the same as a
'Location' header command. But is even related to my problem?
The user concerned has the same browser version and privacy settings as me.
I can get them to re-test, but would like to be fairly confident as to the
problem before I do... :)
What are your thoughts? Thanks in advance for your help.
Best regards,
Kevin
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Encryption Advice
So let's say that I want to integrate a shopping cart with a PSP, right up to the moment they get to the checkout, they see my client's URL. They hit the "Checkout" button and then they will see the URL of the PSP? Then once they place the order then they are redirected back to my client's site and see that URL again? Is that an accurate description of how it works? Do you normally have control over the "look and feel" of how the checkout looks on the PSP site? Hi Lawrence, The way you explain it is the way that most of the Payment Service providers seem to work. However - depending on the PSP you use will depend on how much of the look and feel you can change. PayPal for example only allows very basic styling, whereas something like WorldPay (not sure if they are UK only) allows you to create templates, so other than the URL the change is seamless. The PSP will send you an email with the order details, and additionally most can post back to a script on your server with the details of the transaction - i.e. did it work? What was the total amount/currency? Etc. You can then use this to validate it's the correct transaction and send your own email/receipt/picking list accordingly. I've worked on a couple of these so if I can be of any help give me a shout. Cheers, Kev -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] IP to country DB and script
Can anybody recommend a IP to country (or better still IP->city) database and script? Ryan, I've used Tracewatch (a web stats package) on a couple of sites, and it comes with a CSV of IP to Country conversions I believe. URL: www.tracewatch.com HTH, Kev -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] IP to country DB and script
URL: www.tracewatch.com Seems like their data is sourced from here: http://ip-to-country.webhosting.info/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Mailto members..?
Others here have mentioned the use of a mailer class I can't remember the name of (phpmailer maybe?). PHPMailer is really good for sending HTML/Text/Both emails - I'm using it on a few different sites. Link: http://phpmailer.sourceforge.net/ Also, if you're going to use PHPMailer an excellent tutorial can be found here: http://www.phpfreaks.com/tutorials/130/0.php HTH Cheers, Kev -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] displaying documents stored under web root
Hi Adrian, I had the same dilemma on a project I was working on, and came across this: http://www.vibralogix.com/linklokurl/index.php It basically adds an authentication code, which can lock the download to an IP address and also you can limit the life of the URL to a length of time. You can also store all the documents below the web root. It's not free, but for $30 dollars it was well worth the investment and saved me plenty of time! HTH, Kev -Original Message- From: Adrian Bruce [mailto:[EMAIL PROTECTED] Sent: 10 March 2006 11:02 To: php-general@lists.php.net Subject: [PHP] displaying documents stored under web root Hi After some advice (surprise!) I currently store restricted documents beneath the web root so they are not accessible via the URL, when a valid user wishes to view a document i copy it to a temporary folder above the root and load it in a new page. the only way i can then manage to delete the copy is automatically deleting all temp files when any user goes to the log out page. This is obviously not a very good way of doing this but unless i can establish when a user is no longer viewing the doc then i dont know when to delete it. I was wandering how others deal with these problems like this any advice appreciated greatly Ade -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: setcookie security concerns [medium]
I just picked up this thread, so excuse me if I'm repeating or have totally missed the point. Another concern I picked up from a PHP security book is using '--' - which simply comments out the remainder of the line (with MySQL anyway). Therefore if your SQL is "SELECT * FROM table WHERE user = '$user' AND pass = '$pass'" a malicious visitor could enter a valid username followed by '-- which may allow them entry to that person's account by creating the following: SELECT * FROM table WHERE user = 'valid_user'--' AND pass = '$pass' Obviously restricting/validating form input entry would avoid this issue. HTH, Kevin -Original Message- From: tedd [mailto:[EMAIL PROTECTED] Sent: 17 March 2006 14:49 To: php-general@lists.php.net; Rafael Subject: Re: [PHP] Re: setcookie security concerns [medium] Rafael wrote: > A tipical example would be a login script that uses the data >as it arrives, for example: > $login = $_POST['login']; > $passw = $_POST['passw']; > $sql = "SELECT * FROM user\n" > ."WHERE( login = '$login' AND passw = '$passw' )"; > >In this case, what happens if I send something like > login: ' OR '1'='1' OR '0 > passw: doesnt care >? (I avoided the ' in the passw, just in case) >Well, we'll end up with an SQL similar to this > SELECT * FROM user > WHERE( login = '' OR '1'='1' OR '0' AND passw = 'doesnt care' ) >and because of the priority of the AND / OR, we would have 3 >separated conditions each enough to validate the user, as '1'='1' is >true, then we have a validated user. > At first, your description confused me, but now I understand. You simply want to keep a user out of your code. In other words, if you don't validate the input, then a user can alter your code by injecting additional code into your query to bypass your authorization protocol -- very clever. Thanks for the lesson. tedd -- http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Completing forms offline with PHP/MySQL
Hi, Apologies if this is the wrong place for this question, but I'm sure there are some experts out there who might be able to point me in the right direction... :) I'm doing some work at the moment where remote teams can submit reports through to our database when connected over the internet to our server. However, I've been asked to look in the possibility of the teams completing the form offline, and uploading when they have access to a connection. It looks like I might be able offer something like Microsoft InfoPath forms (better recommendations?) to generate an XML file, and then use a PHP file to upload the file into the database. Additionally, I could also do with this process uploading a number of other files (e.g. images, text files) to the server. Does anyone have any experience in this area, and would be able to recommend a solution? Thanks in advance for your help... Kevin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Parsing variables within string variables
David, Is this what you're looking for? $bar = 'Hello '.$bar HTH, Kevin -Original Message- From: David Clough [mailto:[EMAIL PROTECTED] Sent: 07 April 2006 17:37 To: php-general@lists.php.net Subject: [PHP] Parsing variables within string variables I've been bashing my head against the wall on this, and would be glad of help to stop. I have a variable containing a string that contains the names of variables, and want to output the variable with the variables it contains evaluated. E.g. $foo contains 'cat' $bar contains 'Hello $foo' and I want to output $bar as Hello cat The problem is that if I use echo $bar I just get Hello $foo Note that $bar is loaded from a database query, so I can't control its contents: I just have to parse it. Any help appreciated. David. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
