[PHP] Sending POST vars to pop-up window - How?
I'm writing a poll app. I want it to work this way:
1. On web page, user selects choice, clicks VOTE.
2. Clicking VOTE triggers a pop-up window.
3. PHP script running in pop-up records vote, displays results.
Problem is, POSTed vars that come from forms aren't available in the popup
window if I make the FORM action = javascript:popWin('/poll.php').
Is setting the vote choice in a session var the only way to make this work,
or is there a way to pass vars via a form POST to the popup window?
Thanks!
Monty
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Text Fields - How Big Can They Be?
Hi Guys... This is indirectly related to PHP: Does anyone know the max amount of text a free-form HTML text field can handle? I noticed that for some longer articles we're storing in a content management system written with PHP, we were unable to paste the body of the article into the text field because there was too much text. When we pared the text down, it was no problem. This is bad news for a content management system! We have some longer articles, around 8-10 HTML pages, and now I have no idea how we are going to get them into the system using an HTML form. I really don't want to have to do this manually in MySQL. That would make me break down and start sobbing. Has anyone else dealt with this and found a solution? Thanks a lot! Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Upgrading GD to 2.1
I've got GD 1.6 installed with PHP 4.2.2 on a Linux server. Is upgrading to GD 2.1 tricky? I'm very new to Linux and have no clue where to start or how to do it. My server is remote, so, I access it using Webmin. I've look for instructions on how to do this online, but, nothing specific enough for a Linux novice like me. Does anyone know of a good place to find out how to do this? I'm all Goggled out. Thanks! Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Upgrading GD to 2.1
Nofa, sorry, forgot to say Redhat Linux. What you mentioned seems pretty easy, actually. I'll give a try and keep my fingers crossed. Thanks! Monty > From: [EMAIL PROTECTED] (Nofa) > Reply-To: "nofa" <[EMAIL PROTECTED]> > Newsgroups: php.general > Date: Sat, 14 Dec 2002 20:13:20 +1300 > To: [EMAIL PROTECTED] > Subject: Re: Upgrading GD to 2.1 > > what "linux" are you running? Redhat? Mandrake? ifso it should just be a > matter of downloading the appropriate packages and doing a 'rpm -U > ' as root. ( if redhat/mandrake/some other rpm managed > dist ) > >> I've got GD 1.6 installed with PHP 4.2.2 on a Linux server. Is upgrading > to >> GD 2.1 tricky? I'm very new to Linux and have no clue where to start or > how >> to do it. My server is remote, so, I access it using Webmin. >> >> I've look for instructions on how to do this online, but, nothing specific >> enough for a Linux novice like me. Does anyone know of a good place to > find >> out how to do this? I'm all Goggled out. >> >> Thanks! >> >> Monty >> > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Text Fields - How Big Can They Be?
HI Nofa, When you say submit the file, do mean as a TXT file via a file upload field? If so, not sure what to do with the file once it's been uploaded. Do I read the file using fopen(), then just put this into a var that can be stored in the DB? Hmmm... sounds like a good solution. Monty > From: [EMAIL PROTECTED] (Nofa) > Reply-To: "nofa" <[EMAIL PROTECTED]> > Newsgroups: php.general > Date: Sat, 14 Dec 2002 20:00:45 +1300 > To: [EMAIL PROTECTED] > Subject: Re: Text Fields - How Big Can They Be? > > Have you considered allowing them to submit the actual file? rather than all > the text within. It may not be exactly what you're after, but its one way :] > > - Original Message - >> Hi Guys... This is indirectly related to PHP: Does anyone know the max >> amount of text a free-form HTML text field can handle? >> >> I noticed that for some longer articles we're storing in a content >> management system written with PHP, we were unable to paste the body of > the >> article into the text field because there was too much text. When we pared >> the text down, it was no problem. >> >> This is bad news for a content management system! We have some longer >> articles, around 8-10 HTML pages, and now I have no idea how we are going > to >> get them into the system using an HTML form. I really don't want to have > to >> do this manually in MySQL. That would make me break down and start > sobbing. >> >> Has anyone else dealt with this and found a solution? >> >> Thanks a lot! >> >> Monty >> > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Text Fields - How Big Can They Be?
Hi John, I'm using POST for the form. But it's the HTML form field itself that won't allow me to paste in a large amount of text. If I can get the field to accept the text, there's no problem sending it via POST to the PHP script. Are you behind the new PHP Architect magazine? I saw the site and will definitely be subscribing! It's a great idea. Thanks, Monty > From: [EMAIL PROTECTED] (John W. Holmes) > Organization: U.S. Army > Reply-To: <[EMAIL PROTECTED]> > Newsgroups: php.general > Date: Sat, 14 Dec 2002 02:06:59 -0500 > To: "'Monty'" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> > Subject: RE: [PHP] Text Fields - How Big Can They Be? > > Are you using GET or POST as the method of your form? GET will limit the > amount of text you can submit because it appears in the URL. POST really > doesn't have a limit, as far as I know. > > ---John W. Holmes... > > PHP Architect - A monthly magazine for PHP Professionals. Get your copy > today. http://www.phparch.com/ > >> -Original Message- >> From: Monty [mailto:[EMAIL PROTECTED]] >> Sent: Saturday, December 14, 2002 1:48 AM >> To: [EMAIL PROTECTED] >> Subject: [PHP] Text Fields - How Big Can They Be? >> >> Hi Guys... This is indirectly related to PHP: Does anyone know the max >> amount of text a free-form HTML text field can handle? >> >> I noticed that for some longer articles we're storing in a content >> management system written with PHP, we were unable to paste the body > of >> the >> article into the text field because there was too much text. When we > pared >> the text down, it was no problem. >> >> This is bad news for a content management system! We have some longer >> articles, around 8-10 HTML pages, and now I have no idea how we are > going >> to >> get them into the system using an HTML form. I really don't want to > have >> to >> do this manually in MySQL. That would make me break down and start >> sobbing. >> >> Has anyone else dealt with this and found a solution? >> >> Thanks a lot! >> >> Monty >> >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Using mail() for mailist list app
Happy New Year everyone! Is the PHP mail() command robust enough to use in a little mailing list app? The app will basically send an HTML or Text e-mail to the member database of about 6,000 people. I'm using RedHat Linux 7.2 with PHP 4.2.2, by the way. I'm concerned I'll bog down my server if I issue the mail() command 6,000 times on our server, but, maybe it won't be a problem? Also, although I'm sending HTML e-mail, I'm not including attachments or inline graphics (only direct hotlinks to graphics on a web server). Will mail() still work okay for this, or do I need to use one of the various PHP e-mail classes available to send HTML e-mail? Any recommendations for online tutorials about building a mailing list manager using PHP would be much appreciated! Thanks! Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Dreaded Return-Path and mail()
Okay, I've read just about everything on the Internet about how the change the Return-Path header in an e-mail sent using mail(), but, I STILL can't get it to work. All e-mail sent via PHP says Return-Path: [EMAIL PROTECTED] and Received: (from nobody@localhost). I have a Red Hat Linux 7.2 server running PHP 4.2.2. I've tried the following and none of them worked: + I put the following in my Apache httpd.conf file: php_admin_value sendmail_path "/usr/bin/sendmail -t -i -f [EMAIL PROTECTED]" I also tried this without -t and -i. None of them worked. I did remember to re-start Apache each time so the settings took effect. + I tried adding "-f [EMAIL PROTECTED]" as the fifth parameter for the mail() command, but, that didn't make a difference either. Actually, as I have other items for the fifth "header" parameter, I wasn't sure where the above command should be placed. I tried at the beginning and end of other header info I was placing, but, nothing seemed to work. + I added "nobody" to Sendmail's trusted users. No difference. Is there anything else I can try? I want to avoid changing this in the PHP.ini file because I don't want e-mail from all domains to look like it is coming from a single domain, if possible. Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Sessions Timing Out Too Often
I'm finding that my sessions seem to be timing out fairly quickly. For example, in a little forum I wrote with PHP, people are telling me that if they type a long message and click Submit, they are taken to the Login page because their session obviously timed out, and they loose their posts in the forum. I do have a "remember me" feature that uses a cookie, but, not all visitors are using it, and they are the ones experiencing this problem. Is there a way to extend session time, and is that the best way to reduce this problem from happening to most members? Thanks! Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Garbage at beginning of uploaded Text File
I have a form that allows someone to upload a text file, the contents of which will be inserted into the database. When I fread() the file, there is some garbage at the beginning and end of the text. Here's what the text looks like: This is the sentence of text. Here's what it looks like after uploaded and fread(): *ch?¡®ºdä?º†Ím This is the sentence of text.SORT~€ÿÿ The text file being uploaded is a BBedit file, which should be a plain text file. I'm not sure where this garbage is coming, and if there's an easy way to remove it before I put this into the Database. I searched the PHP help files for an hour and searched here, and couldn't find anything related. I'm using PHP 4.2.3 on a Redhat Linux server. Thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Garbage at beginning of uploaded Text File
> Are you using Apache2? IIRC, there was a bug where data would get added > to the POST data, or something along those lines... > > What if you just look at the file with a regular text editor? Do you see > that data there after it's uploaded and written to the server, or does > it just appear into the data when it's fread()? > > ---John W. Holmes... John, when I open the file in a text editor I don't see the garbage, just the text. I have Apache 1.3.22 on my server. I'm not writing the contents to a file once uploaded to the server because I want to store it in a database field. The garbage is added to the DB just as it appears when I echo the variable to the screen after the file has been uploaded. Also, I'm doing the fread() on the tmp_name after the file is uploaded, because I don't need the file once I read the contents into a variable. I was wondering if changing the "enctype" parameter in the tag would make a difference (but I don't know what to change it to). Currently it's set to "multipart/form-data". Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] All Code Executing Even After header() Redirect
At the top of every page in my site I have a snippet of code that
authenticates the user by checking for valid SESSION vars and their
contents. If they don't, they are redirected with a header() statement to a
log-in page like this:
include_once("function_library.php");
session_start();
if (!LoggedIn()) { // If not logged in, take to Login page.
header("Location: /login.php");
}
LogAccess($_SESSION['user']); // This function logs user's access.
I noticed that the LogAccess() function I have after the header() redirect
is executing, even if the user is not logged in and is redirected to the
Log-In page. I did confirm that the LoggedIn() custom function is working
properly and returning the right value.
I thought the code below the header() redirect would not actually be
executed unless the user was logged in and allowed to proceed. Is this how
PHP is supposed to work? Is there any way to prevent the script from
executing below a certain point if the user is not logged in?
Thanks,
Monty
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Run db query with db query?
What is the code for the inner query? Hard to advise you based on the small
bit of code you posted.
Are you using the same $result var for both queries? If so, that's why. Just
run two separate queries stored in to different result vars. I do this all
the time with no problems.
> From: [EMAIL PROTECTED] (Cf High)
> Newsgroups: php.general
> Date: Mon, 3 Mar 2003 16:45:52 -0800
> To: [EMAIL PROTECTED]
> Subject: Run db query with db query?
>
> Hey all.
>
> Got a problem here:
>
> 1) I have a page that queries our db for info
>
> 2) Based on the # of rows returned I loop through to create a set of
> formfields for each customer
>
> 3) Within this loop I run another query to retrieve option elements for
> a particular category
>
> The problem is that the inner query is overwriting the result resource for
> the outer query. So:
>
> while ($q = mysql_fetch_row($result)) {
>
> build form tables for each client and run inner query
>
> html stuff
>
> /* Calls db query to populate particular option category */
> write_select_options($tables,$form_fields,$where_clause);
>
> }
>
> What's the conventional method for running queries within queries?
>
> Any leads most appreciated,
>
> --Noah
>
> --
>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: functions and
You can't call a PHP function directly from an HTML tag. You'll instead need
to do something like this:
Then create a logout.php file that has your logout code.
> From: [EMAIL PROTECTED] (Martin Johansson)
> Newsgroups: php.general
> Date: Mon, 3 Mar 2003 23:32:16 +0100
> To: [EMAIL PROTECTED]
> Subject: Re: functions and
>
> Ok to make it simplier, this is what I wanna do!
>
>
> echo "Logout";
>
> function logout()
> {
> .
> }
>
> ?>
>
> How do I do it!!!
>
> /M
>
>> Hi
>> I want to call a function logout() inside an statement:
>>
>> \">logout
>>
>> > function logout()
>> {
>>
>> }
>> ?>
>>
>> but this doesnt work.. how shall I do it
>> /M
>>
>>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Regex for Browser Versions
Maybe it might be easier to just use the get_browser() function:
http://www.php.net/manual/en/function.get-browser.php
Monty
> From: [EMAIL PROTECTED] (Gerard Samuel)
> Newsgroups: php.general
> Date: Thu, 05 Jun 2003 14:00:23 -0400
> To: [EMAIL PROTECTED]
> Subject: Regex for Browser Versions
>
> Im trying to pull the Mozilla version and *possibly* the MSIE x.xx
> string out $_SERVER['HTTP_USER_AGENT']
> If I did this correctly, (MSIE\s\d\.\d{1,2})? should mean that if its
> there pull it out, else move on, since its not there.
> When viewing this script via a windows browser, it doesn't match the
> MSIE section. If I take out the trailing ?, it will match successfully.
> But when viewing it with a mozilla browser, the regex fails as there is
> not MSIE string in there.
> Any help with this would be appreciated.
> Thanks
>
>
> var_dump($_SERVER['HTTP_USER_AGENT']);
> echo '';
> preg_match('/^(Mozilla\/\d\.\d{1,2}|Opera\/\d\.\d{1,2})\s\(.*?(MSIE\s\d\.\d{1,
> 2})?.*?\)(\sOpera)?/',
> $_SERVER['HTTP_USER_AGENT'], $foo);
>
> var_dump($foo);
>
> ?>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Where to start?
Knowing any kind of programming language will help in learning PHP. If you understand variables, arrays, if/else structures, etc., it allows you to skim over some of the basics quickly. I had very little programming experience, but, learned a lot from the book "PHP and MySQL Web Development" by Luke Wellington and Laura Thomson. This was a about 2 years ago, though, and if they haven't come out with an update, then it's probably a little too outdated by now. Also, I learned LOTS from a number of guys on this newsgroup who generously offer their advice and wisdom. The sites that a few others mentioned are also helpful. Once you start programming, ALWAYS check out the online PHP help on php.net. It's really excellent and is chock full of input from users who offer sample scripts and solutions for all kinds of things. It's the best resource anywhere. I also get PHP Architect (phparch.com), a PDF publication that has some good and helpful stuff in it. As you can see, there are lots of online resources for PHP and MySQL. Monty > From: [EMAIL PROTECTED] (Simon Thurtle) > Organization: Mainlink > Reply-To: "Simon Thurtle" <[EMAIL PROTECTED]> > Newsgroups: php.general > Date: Thu, 5 Jun 2003 13:36:14 +0100 > To: [EMAIL PROTECTED] > Subject: Where to start? > > Hi all, > I am looking into learning PHP, I have a good understanding of HTML, JS and > I know a little Perl. Firstly I know PHP is all server side and so a damn > sight different from the above, but will they help me at all? > Secondly where do I start? Are there any good on-line resources and or books > that anyone knows? I am plannig to develop an E-comm solution us Oscommerce, > does anyone know if this is any good or is naff? > Any hints, tips or pointers would be greatly appreciated. > > Thanks, > > Simon > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Gracefully dealing with Cookies OFF
> both the cookie and URL based session passed over without SSL is insecure. > i'd love to know who told you otherwise. I can't remember the exact sites now, but, the issue was about how much easier it is to spoof Sessions when IDs are passed via the URL as opposed to being stored in a cookie. > perhaps now is the time to re-think all this stuff, decide if you are going > to support everyone (which i would for any paying client with a wide target > market), or skip over those who don't meet your definition of a web visitor. After your indepth response, I've re-thought my re-thinking and have gone back to wanting to support all users whether or not they have cookies turned on. And, miraculously, I've already got it working, so, thanks for your detailed reply. But going back to the first point, if I'm passing Session IDs via the URL, shouldn't I be doing something more to make the site a little more secure? I don't store sensitive data in sessions vars, but, if it allows a non-paying member to hijack a paying member's session, then this is going to be a problem. But I'm not sure what more I can do to make the session a little more secure and less likely that someone will hijack it. SSL is a little overkill for this, as this isn't a bank or financial institution, it's just a little community website. The log-in for the site is fairly simple: After verifying the username and password against what's stored in the DB, it sets up a few session vars with that member's access level and a few other preferences. This is so I don't have to continually query the DB for this info on every page. Is there anything more I can do to make it harder to spoof sessions? > just to throw another spanner into it all, what happens if I have JS off? > will I still be able to access the content of the pop-ups? i bet not :) Well, I have to draw the line somewhere. Javascript is used throughout this site for simple things like resizable popups. I'm not willing to dumb it down that much. Thanks! Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: session_start questions.
Sessions seem like voodoo at first, but, once you understand what's really going on, it's actually not that complicated. Here are some links to check out: http://www.zend.com/zend/spotlight/sessionauth7may.php http://www.free2code.net/tutorials/programming/php/4/sessions.php http://www.devshed.com/Server_Side/PHP/Sessions http://www.phpbuilder.com/columns/index.php3?cat=6&subcat=36 Sessions are tracked by your server in little text files with names like sess-ac765JB84Ept932KCc9w0L9374. Each user to your site has a custom session set up for them when you issue a session_start() in PHP. The name of this session file is either stored in a Cookie (if the user has cookies enabled) or is passed from page to page on the URL (which makes the URLS long and ugly). Using PHP's built in session functions, you can store data in those server session files just by setting variables within the $_SESSION[] array, like this: session_start(); $_SESSION['username'] = 'Bob'; $_SESSION['accesslevel'] = 2; Because the session file follows the user around from page to page, you can access the above data within your PHP scripts at any time... session_start(); echo "Hi there ".$_SESSION['username'].", welcome back!"; That's a very brief overview. The above links provide better explanations. Monty > From: [EMAIL PROTECTED] (Daniel J. Rychlik) > Newsgroups: php.general > Date: Thu, 5 Jun 2003 16:19:04 -0500 > To: <[EMAIL PROTECTED]> > Subject: session_start questions. > > Questions, Questions, Questions. > > Where do I start in understanding how this function works. Ive read the > document multiple times, and I am having a bit of trouble figuring out how > this function works. I know that you can take session data and hold it > somewhere for a user and use that data throughout php web pages. I am > wandering, where is this data held and how to do you reference it ? Is their > a more detailed explanantion of session's ? If their is not, once I get this, > I will write one for people like me. You know, "Sessions for Dummies" > ;o) > > Never the less, how do you set a session name for a specific user and hold > that data for processing? Is this magic from somewhere or do you specifically > name a session for every user ? What about security implications ? I will be > running all my forms through secured protocol so hopefully their wont be any > hijacking going on... > > Sorry for being a pain. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: using a for loop but it is not working how come
> I am having a problem with this script It pulls a list of numbers from
> one field in the database (the numbers are in this format
> (275,277,278,276) It needs to pull each number and run it through the
> function dofunction and then move on to the next one in tell there are
> no more to process. What am I doing wrong or is there a better way to
> do this.
>
> sql="Select Numbers from dom where name = '$name'";
> $results=safe_query($sql);
> $DBRow = mysql_fetch_array($results);
> $numbers = $DBRow["Numbers"];
> $numbers = array($numbers);
> for($i = 0; $i < count($numbers); $i++) {
> $number = $numbers[$i];
> dofunction($number);
> }
You have a few problems in your code. This hasn't been tested, but, is a
start...
sql="Select Numbers from dom where name = '$name'";
$results=safe_query($sql);
$DBRow = mysql_fetch_array($results);
$number_array = explode(",", $DBRow["Numbers"]);
// above splits number list into array using comma as delimiter
foreach($number_array as $digit) {
dofunction($digit);
}
Above foreach() construct loops through the array and assigns the value of
each element to $digit, and continues doing this until it reaches the end of
the array.
http://www.php.net/manual/en/control-structures.foreach.php
http://www.php.net/manual/en/function.explode.php
Monty
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Best Approach for defining User Access Levels
Hi. I've set up a membership site that has different levels of users. Each member's DB record has a "user_status" field that has a number from 1-9, 9 being the highest (Admin) level of access. This has worked okay, but, I'm finding this system of granting access too limiting, and need finer control over who has access to what. Does anyone know of a better system for granting access to groups of users that isn't too complicated but is flexible enough to add or remove access to whole groups of users? I'm trying to not reinvent the wheel here if possible. Thanks for any suggestions! Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Opening a Dynamic Pop Up Window
This should be fairly easy. It sounds like the script you are using is opening only the image in a new window, and not a page that loads the image in a new window. Just add some Javascript to the links around your thumbnails, like this: Then you need to create a script called show_photo.php that takes the "img" var passed by the Javascript above and loads that image onto the page. $image = $_GET['img']; echo ""; Hope that helps. Monty > From: [EMAIL PROTECTED] (Jeffrey L. Fitzgerald) > Newsgroups: php.general > Date: Thu, 29 May 2003 14:28:11 -0400 > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Opening a Dynamic Pop Up Window > > > Help! :-) > > Have a need for a pop up window to show images when the thumbnail is > clicked. But the script I found only shows the image and no background, > etc. I want to be able to have the pop up open and then send it a php > created dynamic page with the proper html and image. > > In perl I know how to do this, by calling a perl script, sending the > filename variable and returning with a generated page. But I am not as > familiar with PHP. Here is the script I found: > > http://www.ciarasprettygoodpictures.com/gallery.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Using Cookies Securely
I see some posts here that say storing a username or encrypted password in a cookie is not secure. If so, then what's a more secure way to allow users to be "remembered" using a cookie so that they don't have to log in every time they come to the site? What do you store in the cookie to authenticate against? Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: 3 entries going into 1 field
I'll add to what the others have already said. As was already mentioned, you need to create three dropdown fields for the birthdate: year, month and day. I do this by setting up arrays for each field that offers valid date choices. $year[2000] = 2000; $year[2001] = 2001; $year[2002] = 2002; etc... $month['January'] = 01; $month['February'] = 02; $month['March'] = 03; etc... $day[1] = 01; $day[2] = 02; $day[3] = 03; etc... I use these arrays with a simple function to set up the dropdown form elements that stores the selected results in another array: $realdate. When the form is submitted, I simply stitch the date together into a valid MySQL DateTime format of -MM-DD using the values stored in the $realdate variable... $realdate['year']."-".$realdate['month']."-".$realdate['day']; This would insert the date as: 2003-05-21 Monty > From: [EMAIL PROTECTED] (Vicky) > Newsgroups: php.general > Date: Sat, 31 May 2003 15:05:43 +0100 > To: "PHP List" <[EMAIL PROTECTED]> > Subject: 3 entries going into 1 field > > Hi, > > I have a registration form, but I would like to add a Date of Birth section. > Now, because of the different formats of writing it I want to have 3 seperate > drop down boxes, Date, Month and Year. > > However, I then want those 3 dropdowns to go into one field in a mySQL > database, in DD/MM/ format. > > How can I acheive this, in simple language as I'm a newbie to this stuff ^_~ > > Thanks! > Vicky -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Cookies and Sessions: What's the Best Recipe?
I have a member site that uses sessions. People who have their browser cookies turned off, however, cannot use our site. I read somewhere that to avoid this, I'd have to manually append the PHPSESSID var to every URL when redirecting in a script. Is this really the best or only way to avoid this problem? Or, is it simply unavoidable? Right now, I tell users that the site will only work with browsers that have cookies turned on, but, I'd rather the site was accessible to all. However, I also don't like passing session IDs via the URL because of the security risk. Any suggestions?? Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: regex problem
I don't understand what it is you're trying to accomplish, so, it's hard to
offer a solution. If you just want to verify whether or not a variable
contains numeric data, why not just use the is_numeric() function:
http://us4.php.net/manual/en/function.is-numeric.php
preg_match() will return TRUE if it finds the pattern ANYWHERE in the
string, so, that's why "asdf789" passes the test because it contains digits,
whereas 'asdf' won't pass the test because the numbers 0-9 can't be found
anywhere in that string.
If you want the entire string to be tested for digits, you need to add the
length of the string to the regex pattern:
$length = strlen($data);
preg_match("[0-9]{$length}", $data);
Monty
> From: [EMAIL PROTECTED] (Daniel J. Rychlik)
> Newsgroups: php.general
> Date: Sat, 31 May 2003 13:46:44 -0500
> To: <[EMAIL PROTECTED]>
> Subject: regex problem
>
> Hello,,
>
> I have a preg_match issue matching numbers. I am currently using
>
> !preg_match ('/([0-9\-\.\#:])/', $_POST['nums1']
> throw error[]
>
> This fails if you use something like ' asdf ' but if you use ' asdf789 ' it
> passes false and does not throw an error.
> This is not the obvious solution I know its a problem in my regular
> expression. Should I ONLY be using
>
> ' /([0-9])/ ' , ?
>
> Thanks in advance.
> Daniel
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cookies and Sessions: What's the Best Recipe?
>> I have a member site that uses sessions. People who have their browser
>> cookies turned off, however, cannot use our site. I read somewhere that to
>> avoid this, I'd have to manually append the PHPSESSID var to every URL when
>> redirecting in a script.
>
> One way around this would be to write a simple wrapper function which does
> this for you automatically:
>
> // UNTESTED
> function redirectWithSession($location)
> {
> $sid = session_id();
> $sname = session_name();
> header("Location: {$location}?{$sname}={$sid}");
> }
> ?>
>
> Then (after testing the above code thoroughly) you just need to do a batch
> search and replace on your whole site source for 'header("Location: ' with
> 'redirectWithSession(', and everything should be cool I think. Please
> test all thoroughly :)
Justin, I took your suggestion and tried out the above on some test files. I
made some slight mods, but, it works perfectly. The only thing I don't like
about this solution is that the session ID is appended to the end of the URL
for everyone, even if they have cookies enabled. (I have trans-sid enabled).
Is there any reliable way to avoid this, or is this just a small side-effect
of making the site accessible to all?
Thanks!
Monty
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] How to remove empty Session Var from URL
I noticed that for users with cookies turned off, once they log out (in which I unset and destroy all session vars) and are returned to the Log-in page, all of my links have an empty PHPSESSID= tag at the end like this: This prevents someone from logging in again immediately unless they first leave the site then come back to clear the empty PHPSESSID var from all the URLS. How can I make this stop? Thanks Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cookies and Sessions: What's the Best Recipe?
> Guys, that's exactly what the SID predefined constant is for -- it's defined
> only when a session is active, and it has the value
> = (e.g. PHPSESSID=1afd764ecb938274) if and only if
> the session id was passed in the URL -- otherwise it contains the empty
> string. So you can safely do:
>
> header("Location: {$location}?".SID);
The SID constant var is a good idea! I didn't realize this existed. Taking
what Justin originally suggested, I've now modified the myHeader() function
to only append the SID if it exists (else, it returns the $location var as
it was passed). It also checks to see whether there is a ? in the $location
var. If so, it will append the SID using a &, otherwise it will append the
SID with a ?.
I haven't tested this yet, but, if anyone has any other suggestions or
recommendations, please post them.
function myHeader($location) {
if (SID) {
if (strstr($location, '?')) {
header("Location: {$location}&".SID);
} else {
header("Location: {$location}?".SID);
}
} else {
return $location;
}
return;
}
Monty
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: determine action of a form dynamically?
> Hi, > I want action of a form to be PHP_SELF untill user presses "continue" > button. If continue button is pressed than "next.php" should be the action of > the form. how to do this? Thanks in advance, Mukta I'm not sure why it's necessary to do this, but, not sure it can be done. Maybe with Javascript and an onClick= command inside the tag or an onSubmit= inside the tag. Do you simply want to hide the name of the file that the form will go to once a button is clicked? If so, you need an "in-between" script that the form uses to determine where to send the user. So instead of sending them to PHP_SELF or next.php, use something like goto.php, which can determine where to send the user next, and then redirects the user using the header() function. Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Migration from register_globals=on to register_globals=off
If you're getting errors for undefined variables, you can reduce the level
of error reporting in PHP.ini so it only does so for more serious errors. I
had a similar problem and this cleared things up. See the PHP manual...
http://www.php.net/manual/en/ref.errorfunc.php#ini.error-reporting
Also, I don't recommend using the extract($_POST) command as a way around
register_globals being off, it kind of defeats the purpose. Better to grab
only those variables you need like this:
$formvals = $_POST['my_formvals'];
I put all form values into an array so I only have to grab one POST
variable. It makes it a little easier. Also be sure to clean the data with
some kind of function that uses strip_tags() and similar functions.
Monty
> From: [EMAIL PROTECTED] (ØYstein HåLand)
> Newsgroups: php.general
> Date: Tue, 3 Jun 2003 18:44:30 +0200
> To: [EMAIL PROTECTED]
> Subject: Re: Migration from register_globals=on to register_globals=off
>
> I tried changing my code to (since the variable $printout in this case is
> sent with GET)
> ($_GET['printout'] != "yeah") { include("header.php"); }
> and got the following error:
> Undefined index: printout
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Gracefully dealing with Cookies OFF
I've decided to require that members for a site need to have cookies enabled in their browsers to sign-up and use the site. Is there a graceful way to deal with this when users who have cookies off try to sign-up or log-in to the site? Thanks, Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Gracefully dealing with Cookies OFF
Hi Justin, I hear what you're saying about refusing people without cookies turned off, and I really tried to make it work on my site, but, keep running into lots of problems. I do have enable-trans-sid turned on, but, get inconsistent results. For example, when someone logs out I return them to the log-in page. Even though I've deleted all sessions vars and destroyed the session before redirecting them, I noticed that the login page is full of PHPSESSID= tags that are sometimes empty and sometimes filled with a session ID. This happens whether or not I use session_start() at the beginning of my login script. As a result, it totally screws up the log-in process. I was seeing instances where it was appending two different PHPSESSIDs to the URL! And then there are things like header redirects (which you had a good solution for) and javascript popups. Those are ignored by enable-trans-sid, so, it means I have to go through all my scripts (there are many) and tweak them to pass the SID to every URL. The reason I decided against doing all this tweaking was because while researching this online, I read many statements by developers saying that passing Session IDs via the URL is more of a security risk than allowing this to be done via cookies. As the site I'm working on will be a pay membership site, it seems like a good idea to require cookies. I realize I may be turning people away, which would also be the case for those using ancient browsers. But, I don't have the level of programming expertise or resources of companies like Amazon and MSN who probably have very robust security systems in place even though they are passing sessions via the URL. I do appreciate your comments and insight on this, it makes me keep thinking: should I? could I? I'd be interested in hearing how others have dealt with requiring users to have cookies turned on for sessions, or not. Monty > From: [EMAIL PROTECTED] (Justin French) > Newsgroups: php.general > Date: Wed, 04 Jun 2003 19:23:11 +1100 > To: Monty <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> > Subject: Re: [PHP] Gracefully dealing with Cookies OFF > > Why on earth would you refuse users without cookies?? Take a look at all > the major websites (amazon & msn for starters). > > Do they require cookies? No. > Do they require JavaScript? No. > Do they require anything else special on the site? No. > > They take advantage of technology where available (DHTML and CSS for > example), but the basic guts of the site can function without any of it, to > the best of my knowledge. > > Instead, you choose to defy what every major site is doing, and require > cookies. > > Cookies are not available to a wide number of users: > > - those in corporations where the IT dept. has disabled them > - those accessing the 'net from any public computer: > - libraries > - airports > - internet cafe's > - those who choose to have a more secure, private web experience > - those who don't understand the technology > > > Doesn't make sense to me at all, but as long as you properly inform the > client of your choice to ignore a large portion of users, then I guess it's > your (and their) choice. > > > PHP actually has a nice degradation of sessions built in. If you compile > PHP with enable-trans-sid (compiled by default on PHP >= 4.3 I *think*), PHP > will: > > 1. use cookies wherever possible, OR > > 2. rewrite* all relative URLs/links in your pages to include the session > id, where cookies are not available > > * in practice, it doesn't handle javascript or other client side scripting > that well from memory. > > > Even with enable-trans-sid not compiled, you can manually append the session > id to all your URLs with the pre defined constant SID. > > > This is just my point of view, but I don't believe you have any excuse for > not allowing non-cookie users to join in the fun, and CERTAINLY not without > informing the client of your decision. > > > To manually test for cookies, know that you're testing, then let the user > know that you don't want their business/traffic is more work than just > letting PHP handle it with enable-trans-sid. > > > Justin French > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Password Generator Script
Can anyone recommend where I could find a decent script that automatically generates passwords? I don't care if they are readable or just random letters, numbers. Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: timestamp triggered only on update?
I believe MySQL will only automatically update one TIMESTAMP field per record, according to their online docs. It will update if you don't specify a value when inserting a new record. You can also use the DATETIME field type which stores data as -MM-DD HH:MM:SS. This is what I use because it's easier to read by humans. Date and time are inserted into all DATETIME fields in a record automatically when set to allow NULL. You can then easily convert this to a Unix timestamp easily using the MySQL UNIX_TIMESTAMP() function when doing a query. PHP also has similar date/time conversion commands. I'm not a MySQL expert, so, the above my not be totally accurate, it's based on my own experience. Monty > From: [EMAIL PROTECTED] (Ragnar) > Organization: na > Reply-To: "Ragnar" <[EMAIL PROTECTED]> > Newsgroups: php.general > Date: Fri, 26 Jul 2002 00:19:02 +0200 > To: [EMAIL PROTECTED] > Subject: timestamp triggered only on update? > > Maybe the wrong forum, but im giving it a try. > > Im used to for instance 2 columns in each table indicating when it was > created and when it was last updated: > > Changed_date > Registered_date > > In mysql it seems it is only possible to define a column as a timestamp, and > this will trigger both on insert and delete. Is it possible to define > changed_date to trigger only on update in mysql or do i have do give the > correct timestamp "manually" from php? > > Thanx > > -R > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] How to UPDATE two MySQL Tables
I have two tables: member_basic and member_detail. When a member edits their record, they can edit or add data for either table, but, the data stored in member_detail isn't required, so, they can possibly leave these fields blank. By the way, both tables would be linked by a member id. Here's my dilemma: If they do fill in any fields associated with member_detail, I have to first see whether or not there's an entry in the member_detail table already for that user (based on member id number). If not, I then have to check ALL the form fields associated with this table to see if any data was actually entered so I know whether or not to create a new record for the member in member_detail. If there is already an entry for that member in member_detail, then I can just do a standard UPDATE. Now maybe this is how it has to be done, but, I was hoping there might be an easier way to do this. It appears it's not possible to UPDATE a JOINed table during a query, which is what I was hoping. I am trying to keep the DB efficient by keeping optional data that may be left empty in another table, but, it's only making my life difficult, so, unless there's an easier way, I may just combine all the fields into one table and be done with it. Sorry for the long-winded explanation. Any suggestion are greatly appreciated! Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] POSTing Form Vars as Array ??
Is it possible to pass variables from a form as an array to another PHP file? For example, I have this: When the form re-loads after being submitted (it calls itself when SUBMIT is pressed), the var $db['email'] doesn't exist anymore. Is it only possible to POST variables to a page if they are not in an array? Thanks! Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP Meetup, how many of you have signed up?
> so with Guinness and bread, who needs to buy a meal? :-) Ooof. I feel bloated just reading that. :) Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Quotes getting screwed up in form fields
If someone enters this into a field... New York "City" and I need to re-display it in the field (if an error occurred, for example), this is what's in the field... New York \ I have another multi-line text field that I used quotes in and this doesn't happen with that field, even though they are both being treated in the same manner. What am I missing? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] RTRIM() - Won't accept 2nd Param
When I issue this command to remove any commas at end of string: $query = rtrim($query, ","); PHP give me an error saying "Wrong parameter count for rtrim()". How can this be? The online manual shows rtrim can accept two parameters. Shouldn't this work? I have PHP 4.0.6 installed on the server. Thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Encrypting Passwords - Is it really necessary??
Is it really necessary to store passwords encrypted in a mySQL DB for a membership site if you're not storing sensitive info such as credit card numbers? How much security does that offer, really, and for whom? The reason I ask is because I'm trying to implement a "forgot password" feature on a membership site. But if I store passwords encrypted, I can't just send the password to their e-mail address, I have to generate a new one before sending it, which essentially locks that member out of the site until they get their new password. This has the potential to be abused by a vindictive person. All they need to know is the member's username or e-mail address and they can keep re-generating new passwords (locking the member out of their own account) for a member to annoy them. If the password wasn't encrypted, I could just e-mail their existing password. The only annoyance then would be someone sending this password over and over to another user, but, at least they won't get 20 new passwords and be locked out of their account as a result. If anyone else has dealt with this issue, I'd appreciate your insight. Thanks! Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Vars passed via URL disappearing
I just upgraded to PHP 4.2.2 and am trying to make my sites work with
register_globals turned OFF. I notice, however, that with register_globals
turned off any variables I pass via the URL don't seem to be recognized by
the script it was passed to.
So, if I pass "http://my.site.com/page.php?id=2002";, the variable "id" is
empty when I try to access it in page.php ...
if (!empty($id)) { do stuff...}
else { echo "error"; }
With register_globals OFF, the above produces the error message. With
register_globals ON, it works fine.
I thought register_globals only affected session, cookie and get type
variables? Why is PHP ignoring the variables passed via the URL?
Thanks.
Monty
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP and MySQL
Indexes Putting strings in single quotes instead of double (WHERE id = 'something') Normalized database design. - Monty > From: [EMAIL PROTECTED] (Erich Kolb) > Organization: R&B Receivables Management, Inc. > Reply-To: "Erich Kolb" <[EMAIL PROTECTED]> > Newsgroups: php.general > Date: Fri, 2 Aug 2002 15:13:24 -0500 > To: [EMAIL PROTECTED] > Subject: PHP and MySQL > > Is there any way to speed up MySQL queries? > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Vars passed via URL disappearing
Thanks, Steve. So, does this mean I now have to re-declare all vars passed via the URL or a form POST in every script that uses them? Or is there a quicker, easier way to make use of these vars with register_globals off in a script? Thanks! > From: [EMAIL PROTECTED] (Steve Edberg) > Newsgroups: php.general > Date: Fri, 2 Aug 2002 12:45:41 -0700 > To: Monty <[EMAIL PROTECTED]>, [EMAIL PROTECTED] > Subject: Re: [PHP] Vars passed via URL disappearing > > 'variables passed via the URL' = 'GET variables' > > -steve > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Need Help with register_globals OFF
I'm trying to use the more secure "register_globals=Off" setting for some simple scripts that do authentication and use sessions. But I'm ready to rip all my hair out! Can someone recommend a good article online that clearly discusses what's different when you have register_globals=Off? I've spent hours looking through the PHP site but I'm just as confused as I was before I started. I thought this setting only affected global variables, but, there are all kinds of things not working properly, like the header() function. It just won't work at all with register_globals=Off, but works just fine when I switch it back on! Thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Need Help with register_globals OFF
Well, to answer my own question, I found a decent tutorial on using sessions with the new register_globals off here: http://www.wdvl.com/Authoring/Languages/PHP/Maintaining_state/session_variab les.html Anyone want to share any tips on how to deal with form vars passed to a script with register_globals turned off? Do you simply refer to them directly with $_GET['var'] or do you initialize vars locally that contain all the $_GET vars? Thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Need Help with register_globals OFF
Thanks for the tips, Justin. Sounds like a good idea.
Do you, or anyone, know if the $_POST vars stay defined even after moving on
to another page? Do I also need to unset $_POST after passing the vars each
time?
> From: [EMAIL PROTECTED] (Justin French)
> Newsgroups: php.general
> Date: Sat, 03 Aug 2002 15:46:57 +1000
> To: Monty <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> Subject: Re: [PHP] Re: Need Help with register_globals OFF
>>
>> Anyone want to share any tips on how to deal with form vars passed to a
>> script with register_globals turned off? Do you simply refer to them
>> directly with $_GET['var'] or do you initialize vars locally that contain
>> all the $_GET vars?
>
> Well I usually choose to POST forms, not GET them, but yeah, I just deal
> with the vars as $_POST['var'].
>
> If I'm referencing the vars a LOT, I make regular $vars out of each element
> in the POST array:
>
> $myvar = $_POST['myvar'];
>
>
> If there's a lot of them, I do it with a foreach loop... something like:
>
> foreach($_POST as $key => $value)
> {
> $$key = $value;
> }
> ?>
>
> ...will do the trick. It achieves the same as register_globals, but only
> from one source, the POST array.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: User Authentication Problem
You might get some help if you post only the code relevant to the problem with a clear explanation of the exact problem. Otherwise, I doubt anyone will bother looking through all that code you posted links to. > From: [EMAIL PROTECTED] (Tony Harrison) > Newsgroups: php.general > Date: Sat, 3 Aug 2002 20:31:54 +0100 > To: [EMAIL PROTECTED] > Subject: User Authentication Problem > > Hi, I need to authenticate users on an included page on my website, but the > problem is, I cant get it to work. > view it included at http://members.lycos.co.uk/ajohnh/ (Source at > http://members.lycos.co.uk/ajohnh/source/index.txt) > the actual file: > http://members.lycos.co.uk/ajohnh/templates/twoShea/head.php (source at > http://members.lycos.co.uk/ajohnh/source/head.txt) > the location of the script that sets the cookie (I hard-coded the user and > password combo for user ramonezrule into it): > http://members.lycos.co.uk/ajohnh/templates/twoShea/setcookie.php (source > at: http://members.lycos.co.uk/ajohnh/source/setcookie.txt) > > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Need Help with register_globals OFF
Well, I just "upgraded" a number of PHP scripts to function with register_globals turned off, and now better understand what's required to work with variables more securely. I wanted to share that the extract() command turned out to be a big help. Using it meant I didn't have to put $_POST[' '] around every variable passed by a form. Instead, I put one or both of these lines of code at the beginning of scripts that use forms or receive vars passed via the URL: extract($_POST); extract($_GET); extract() creates local variables using the 'key' and 'value' from the $_POST or $_GET arrays. I even discovered it works with multidimensional arrays that may be passed by forms. In that case, if I have an array named "formvar" that collects all data from the form (i.e., $formvar['name'], $formvar['address'], etc.), then I use extract this way: extract($_POST['formvar']); This will create local variables named $name and $address that contain the values passed from the form. Here's where you can find more about this function: http://www.php.net/manual/en/function.extract.php One thing to remember is that if you put extract() in a custom function (which I did initially), it won't really work because the variables are created only within the scope of the function, so, as soon as it returns to the script, the vars it created are released. Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] register_argc_argv
What does this parameter do in PHP.ini, and what would happen if I turned it off? From reading the PHP site, it appears this is only useful if you use PHP from the command line, is that right? Thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Checking Session Vars in Functions
I have PHP 4.2.2 with register_globals=off.
It seems like session vars stored in $_SESSION[] aren't visible to
functions. For example, this won't work for me:
$status = user_access();
function user_access() {
if ( isset($_SESSION['user']) ) { return 1; }
else { return 0; }
}
Result is that $status = 0 even though I know those session vars are set.
if ( isset($_SESSION['user']) ) {
echo "Logged In";
} else {
echo "Not Logged In";
}
Result for the above is "Logged In" even though I'm checking the same
session var. My script does include session_start(); as well.
So, is there a way I access session vars stores in $_SESSION[] from a custom
function? Thanks!
Monty
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Name of Include File breaking a Function - Strange!
I have an include file named functions.inc.php that I include in nearly
every script. For some bizarre reason, the following function inside this
file does not always work:
function user_acess() {
if ( isset($_SESSION['valid_user']) ) {
return 1;
}
return 0;
}
Most of the time it returns 0 (zero) even though I know the session variable
is set. However, if I rename the functions.inc.php file to functions.php and
make NO changes at all to the code, it suddenly works!? In fact, it seems
that if I rename the include file to anything but functions.inc.php, the
above function works as expected, returning 1 instead of 0. I tried
functions2.inc.php, funct.inc.php ... they all worked.
What the hell is going on here? How could the name of the include file
affect whether or not a function inside it will work?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Name of Include File breaking a Function - Strange!
Dan, you were right and I feel so retarded now! I found another include file of the same name in the folder with the script that wasn't working. It was driving me crazy but I didn't even think to check that. Thank you for replying! Monty. > Perhaps, somewhere in your include path is another file named > functions.inc.php? > > Perhpas another file you're mistakenly including has a function already > named user_acess()? > > In your test script, use the function_exists() function before you define > the user_acess() function to see what's going on. > > --Dan > > -- > PHP classes that make web design easier > SQL Solution | Layout Solution | Form Solution > sqlsolution.info | layoutsolution.info | formsolution.info > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > 4015 7 Av #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Getting information of a client
Try this: $_POST['var_name'] Monty > From: [EMAIL PROTECTED] (Radio X) > Newsgroups: php.general > Date: Fri, 9 Aug 2002 23:38:42 -0700 > To: <[EMAIL PROTECTED]> > Subject: Re: [PHP] Re: Getting information of a client > > how can i get a variable posted from a form by a user whitout having > register_globals set On? > > Nick > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] How do I upgrade my version of PHP?
I've downloaded the patch file for 4.2.2 to 4.2.3 from the PHP website, but, not sure what to do with this file. I have a Linux 7.x server. Can anyone tell me how to patch my version of PHP or point me to a source that explains how this is done? Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: How do I upgrade my version of PHP?
Could you explain what "man patch" does or is? I haven't updated using a patch before. Thanks. > From: [EMAIL PROTECTED] > Newsgroups: php.general > Date: Wed, 11 Sep 2002 23:14:55 +0200 > To: [EMAIL PROTECTED] > Subject: Re: How do I upgrade my version of PHP? > > You should use the patch command, feel free to "man patch". > > -- > > Nicos - CHAILLAN Nicolas > [EMAIL PROTECTED] > www.WorldAKT.com - Hébergement de sites Internet > > "Monty" <[EMAIL PROTECTED]> a écrit dans le message de news: > [EMAIL PROTECTED] >> I've downloaded the patch file for 4.2.2 to 4.2.3 from the PHP website, > but, >> not sure what to do with this file. I have a Linux 7.x server. Can anyone >> tell me how to patch my version of PHP or point me to a source that > explains >> how this is done? >> >> Thanks! >> > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] All Queries TRUE even when they should be FALSE
Even though I have no record in my MySQL DB with that has "005" in the ID
field, the following statement always reverts to Record Found, or True, no
matter what ID I use. What's wrong? I'm using PHP 4.2.2. Has something
changed that makes this work differently? Thanks.
$query = "SELECT id FROM member WHERE id = 005";
$connect = mysql_pconnect("localhost", "dbname", "password");
$result = mysql_query( $query, $connect ); // Query DB.
if ( !empty($result) ) {
echo "RECORD FOUND";
} else {
echo "RECORD NOT FOUND";
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Launching a Browser Win with PHP - Is it possible?
For a form that allows people to upload image files to the server, I'd like to pop open a small browser window with an "Uploading..." message once someone clicks on Submit button. Then I'd like the window to automatically close once the process is done and the main browser window refreshes. Can this be done with PHP or should I be using Javascript? If there are any examples of how to do this online, I'd appreciate the URL. Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Checking File Size BEFORE Uploading
If someone uploads a file via an HTML form, is there a way to check the file size before it's uploaded to the server? Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re-populating File field in form - won't work??
I have a few File input fields in a form so people can upload images. If there's an error with the form, I want to re-populate the fields with the values the user filled in. This works for all the fields except the File fields. When I check the HTML output to the browser, I do see that the value parameter (value="filename.jpg") is set for the File field, however, when viewing the form the field appears blank. Also, if you leave it blank and click Submit, I get an error stating it was empty, so, clearly the File field is blank and not showing the default value that has been set. Is this my browser (IE 5.5 on Mac) or does a File field not accept default values?? Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Pass vars in URL
There are two ways to do this. The easy way is to simply load any vars
passed via the URL or from a form as local vars in each script. So, I have
the following at the beginning of every script:
extract($_GET); // load vars passed via URL into local vars.
extract($_POST); // load vars passed via Forms into local vars.
If I pass ...?param=1 via the URL, then the extract($_GET) function will
automatically create a local var of the same name: $param
Or, you can access each variable directly. Say you pass the following via
the url:
www.site.com/page.html?param=1
In your script you can access the "param" var this way:
$_GET('param')
It's a pain to rejig all your scripts to work this new way, but, the
security benefits are worth it. Have a look here for more details...
http://www.php.net/manual/en/language.variables.predefined.php
http://www.php.net/manual/en/function.extract.php
Monty
> From: [EMAIL PROTECTED] (Gary)
> Newsgroups: php.general
> Date: Mon, 14 Oct 2002 15:07:21 -0400
> To: [EMAIL PROTECTED]
> Subject: Pass vars in URL
>
> Hello,
> My host has upgraded to 4.2 but still uses the old ini setting. I am
> trying to rewrite my scripts so when the day comes for my host to make
> the change I will be ready. Everything has been going well till now. I
> have been passing an id through a url string. Now when I try to pass the
> id it show up in the url but does nothing. If i check if it is
> set, it is not. IT is supposed to pass the id number to mysql on the
> linked page. I there something I am missing some new way or do I need to
> turn on something in the ini?
>
> TIA
> gary
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Checking File Size BEFORE Uploading
Hi John, yes, unfortunately setting the MAX_FILE_SIZE field only works once the files have been uploaded. Thanks for the reply! > From: [EMAIL PROTECTED] (John W. Holmes) > Organization: U.S. Army > Reply-To: <[EMAIL PROTECTED]> > Newsgroups: php.general > Date: Mon, 14 Oct 2002 16:10:48 -0400 > To: "'Monty'" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> > Subject: RE: [PHP] Checking File Size BEFORE Uploading > > You can set the MAX_FILE_SIZE in the hidden element of your form, but I > don't think that stops the form from being submitted if the file size is > too large. Basically, the file has to be uploaded before you can tell > what size it is. > > ---John Holmes... > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Checking File Size BEFORE Uploading
Nicos, the problem is that MAX_FILE_SIZE doesn't check the file size before it's uploaded to the server, it only works afterwards. So, you have to first wait for the file to upload before you know whether or not it's too large. Thanks. > Hi, > > The way is : > > > Send this file: > > > See the MAX_FILE_SIZE hidden BEFORE the userfile's type. > See also: http://www.php.net/manual/sk/features.file-upload.php > > -- > > Nicos - CHAILLAN Nicolas > [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] How many is too many?
This is a more general server question: I know that having a large number of files in one folder can slow down a web server, but, how many would it take for this to be a problem? Wondering if I should store all articles for a content site in one big 'articles' folder with each article having it's own folder within (/articles/article_id/), or if I should organize them by year then article name (/articles/2002/article_id). The site will only produce a few hundred articles a year. I'd like the keep the file structure shallow and simple if possible, but, if it could potentially slow the server down by putting so many folder in one I'll split them up more. Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] extract($_POST)
I'm devastated to hear that extract($_POST) or extract($_GET) are security
risks because that's the method I went with for a bunch of scripts I'm
writing now. But I don't understand how this...
$admin = $_POST['admin'];
... is more secure? Isn't the security risk that they can hijack your var
data? If so, I don't see how the above would make it possible to know
whether the data in $_POST isn't coming from your own scripts. Especially
for forms where it's not really efficient to validate every possibility for
a field, such as a Country field.
But maybe I'm missing the point, and if so I'd like to understand so I can
make my scripts more secure when passing data. It seems like I will need to
basically re-define every form field and GET variable at the beginning of
each script literally.
Monty
> From: [EMAIL PROTECTED] (Mike Ford)
> Newsgroups: php.general
> Date: Thu, 24 Oct 2002 18:41:04 +0100
> To: "'1LT John W. Holmes'" <[EMAIL PROTECTED]>, Rick Emery
> <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> Subject: RE: [PHP] extract($_POST)
>
>> -Original Message-
>> From: 1LT John W. Holmes [mailto:holmes072000@;charter.net]
>> Sent: 23 October 2002 19:51
>>
>> Say you have something like this:
>>
>> if($_POST['name'] == "John")
>> { $admin = TRUE; }
>>
>> if($admin)
>> { show_sensitive_data(); }
>>
>> Now, if you're using extract(), I can send $admin through the
>> post data and
>> you'll extract it into your script. That's where the security
>> flaw lies, but
>> the flaw is in the programming, not PHP.
>>
>> You can have a secure example by doing this:
>>
>> $admin = FALSE;
>> if($_POST['name'] == "John")
>> { $admin = TRUE; }
>
> Or just $admin = $_POST['name']=="John";
>
> Actually, I'd also collapse this into the subsequent if, and write it like
> this:
>
> if ($admin = $_POST['name']=="John"):
> show_sensitive_data();
> endif;
>
> I love languages where assignments are expressions!
>
> Cheers!
>
> Mike
>
> -
> Mike Ford, Electronic Information Services Adviser,
> Learning Support Services, Learning & Information Services,
> JG125, James Graham Building, Leeds Metropolitan University,
> Beckett Park, LEEDS, LS6 3QS, United Kingdom
> Email: [EMAIL PROTECTED]
> Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How many is too many?
I'm storing the article text and details in a database, but, all the assets (these articles have lots of photos) need to be organized into folders. So logically I want to create a folder for each article using the article ID number. But I want to be sure if I have within the Article folder about 700 other folders that contain all the assets for every article that that won't slow down the server. This site will not be visited by millions necessarily, but, I still want to be sure I'm setting up the file system as efficiently as possible. Thanks! > From: [EMAIL PROTECTED] (Leif K-Brooks) > Newsgroups: php.general > Date: Fri, 25 Oct 2002 00:55:48 -0400 > To: Monty <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED] > Subject: Re: [PHP] How many is too many? > > Why not store them in a database with one php script selecting them? > > Monty wrote: > >> This is a more general server question: I know that having a large number of >> files in one folder can slow down a web server, but, how many would it take >> for this to be a problem? Wondering if I should store all articles for a >> content site in one big 'articles' folder with each article having it's own >> folder within (/articles/article_id/), or if I should organize them by year >> then article name (/articles/2002/article_id). The site will only produce a >> few hundred articles a year. I'd like the keep the file structure shallow >> and simple if possible, but, if it could potentially slow the server down by >> putting so many folder in one I'll split them up more. >> >> Thanks! >> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mkdir and directory permissions
Hi Jason, I have a follow-up question about mkdir. If the files created by mkdir are owned by 'nobody', does that create a security risk for those files? If so, how does one get around accepting files via an upload form that are assigned to a user other than 'nobody'? Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] extract($_POST)
Okay, I really want to understand how to make $_GET and $_POST more secure because it means changing a fundamental way my scripts are now working. So, it sounds like what I need to do in order to make form data more secure is something like this... $isAdmin = $_POST['isAdmin']; $myName = $_POST['myName']; $myPrefs = $_GET['myPrefs']; Instead of this... extract($_POST); extract($_GET); Is this correct?? Now, I can see how this will prevent a cracker from flooding a script with invalid variables that are all extracted into local vars, but, I don't see how this will prevent someone from hijacking the vars and inserting their own data. Validating that kind of attack seems almost impossible to do especially for things like forms that collect contact info. I really don't want to have to validate every field for every legal possibility (especially fields like Country). I've read here that HTTP_REFERER is unreliable and can be easily spoofed, but, is there a more reliable way to know where the $_POST and $_GET data is coming from? Perhaps by IP of my server, or using $_SERVER['SERVER_NAME']? Is there any superglobal variable that would be unique to my web server that CANNOT be spoofed or easily changed by a cracker that I can use as a check to be sure the data is being submitted from a form on my site on not from someone else's site? Thanks a lot, guys! Monty > From: [EMAIL PROTECTED] (Paul Nicholson) > Organization: WebPower Design > Newsgroups: php.general > Date: Fri, 25 Oct 2002 13:06:10 -0400 > To: "Johnson, Kirk" <[EMAIL PROTECTED]>, PHP General > <[EMAIL PROTECTED]> > Subject: Re: [PHP] extract($_POST) > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Friday 25 October 2002 11:23 am, Johnson, Kirk wrote: >>> And what should these precautions be? If a malicious user can submit >>> his own form and you are looking for a POST variable, how can you >>> ensure that $admin came from your form and not that user's? >> >> The problem is when a cracker uses form variables in an attempt to set the >> values of "flag" variables kept only in the session, for example, $isAdmin. >> As far as the form variables *you* put in your form, it doesn't matter >> whether the user submits your form or a form they made themselves. Those >> form variables are just data you are trying to collect. >> >> With register_globals on, PHP takes *all* variables (GET, POST, COOKIE) >> received from the client and assigns them to global variables. So if the >> user posts a value for $isAdmin, she can give herself admin privileges. >> >> The key is to retrieve *only* the form variables *you* put in the form from >> the the $_POST array. So don't write a loop and grab *everything* from that >> array. >> >> Kirk > > Exactly! Not only should you retrieve *only* the vars you need from POST, > you should also filter them to make sure they contain what you're looking > for.is_alpha($_POST['name']). And no, php doesn't have an 'is_alpha' > functionI created that as part of a filtering class. > > ~Paul > > > - -- > ~Paul Nicholson > Design Specialist @ WebPower Design > "The webthe way you want it!" > [EMAIL PROTECTED] > > "It said uses Windows 98 or better, so I loaded Linux!" > Registered Linux User #183202 using Register Linux System # 81891 > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.0.6 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iD8DBQE9uXoKDyXNIUN3+UQRAkugAJ0aftPjxhmV0tSk125UZSTCuWp47QCfaKJ7 > z5+ja1P4NtWUwVMCMsFVt2M= > =UG2o > -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: mysql_fetch_row options
I use the following function to do this...
function countRecords($query, $dbcon=0) {
if ($dbcon==0) { $ dbcon = connDbase(); }
$query = "SELECT COUNT(*) ".$query;
$res = mysql_query($query, $ dbcon); // Query DB.
return mysql_result($res, 0, "count(*)");
}
Here's how it's used:
$count = countRecords("FROM mydb WHERE id = 1001");
All I have to do is provide the query starting with FROM as the function
creates the SELECT COUNT(*) part. Also, the optional second parameter is to
pass the database connection resource ID to the function if I've already
established one before calling this function. This prevents the function
from having to establish a second DB connection for the count. If the second
param is left empty then a DB connection will be made using another
function: connDbase().
$count will contain the number of records that match the query and only
requires me to type one line of code.
Monty
> From: [EMAIL PROTECTED] (James Taylor)
> Newsgroups: php.general
> Date: Sat, 26 Oct 2002 03:23:23 -0700
> To: <[EMAIL PROTECTED]>
> Subject: mysql_fetch_row options
>
> There's got to be a better way to go about this: I am constantly doing mysql
> queries where I am doing
> a count(), so a sample query would be like this: "select count(*) from
> database". I'm expecting only
> ONE value back exactly, and that's the count results. However, to get this
> data into a variable, i'm
> having to write code like this:
>
> $result = mysql_query("select count(*) from database", $db);
> $myrow = mysql_fetch_row($result);
> $staticvar += $myrow[0];
>
> $staticvar will never be an array, it's just a simple variable storing a
> number. I *could* do it like this:
>
> $result = mysql_query("select * from database", $db);
> $staticvar += mysql_num_rows($result);
>
> However, the mysql query will be much, much slower if I do it like this.
>
> Basically, what I'm asking, is how to do something like:
>
> $staticvar += mysql_fetch_row($result);
>
> I want to eliminate step two, and I don't want to involve any temporary
> arrays when there's always just one
> value. Any suggestions? Thanks a bunch!
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: parsing conundrum
I'm not attempting to solve this puzzle, but, regarding the output from
print_r(), try this for nicely formatted output:
echo "";
print_r($myarray);
echo "";
Looks much better.
Monty
> From: [EMAIL PROTECTED] (Peter Harkins)
> Newsgroups: php.general
> Date: Sat, 26 Oct 2002 02:37:51 -0700
> To: [EMAIL PROTECTED]
> Subject: parsing conundrum
>
> If you know what recursion is and like a challege, here's a puzzle
> to keep you up nights. If not, you'll probably just want to mutter to
> yourself "what a poor, unlucky bastard" and pass on by.
>
> I'm parsing some data files into a PHP array and am stumped. I'm at
> a loss for how to do this without grinding through character by character.
> That would work, but my subconcious is nagging at me that there's got to be
> a more elegant way to do it that I'm just not seeing, so I'm going to
> describe the problem and ask for help before I start grinding.
>
> The app I'm getting this from has 4 data types: int, string, array
> and mapping (associative array).
>
> Ints and strings are pretty straightforward, but there's no way to
> tell 0 from null int or null string. This is an annoying limitation of the
> app that just has to be ignored and dealt with by whatever gets this data
> from us. This (among other reasons) make me glad PHP is weakly-typed.
>
> Arrays are indexed from 0 and values can mix ints and strings
> freely.
>
> To start, mappings are arrays indexed by ints or strings. Mappings
> aren't just arrays, though, they have a "width" (which is really a nested
> array that I'm pretty certain is an ugly historical artifact.) Width allows
> multiple values for one key and must be the same for all values in a
> mapping, though the values (both of keys and their values) don't have to be
> of the same type. Mappings can also mix ints and strings.
>
> The tough part is that arrays and mappings can nest inside of each
> other and the only characters quoted in strings are \, " and \n. This means
> recursion must be used, but I just can't figure out a way to find the
> boundaries of each element. Anyone with a clean way to do this (probably
> with some kind of crazy regexp) will recieve my awe and gratitude.
>
> Here's an example file[1]:
>
> null_string 0
> some_string "Fourscore and seven years ago..."
> unset_int 0
> an_int 42
> negative_int -12
> null_array ({ })
> null_mapping ([ ])
> easy_array ({9,22,"test",})
> easy_mapping (["string":3,"foo":"bar",[12]:"I am not a crook!",])
> medium_array ({"a string, containing a comma and a \"",23,})
> medium_mapping (["str\"ing":3;5;7, 9:"Read my lips.";11;13;,])
> hard_array ({"comma, string",({3,4,5,}),({"'\"str'",4,({3,4,({ }),}),}),})
> hard_mapping ([17:"str";15,"foo":([ ]);17,"b'l\\a\nh":19;([21:23,]),"tour de
> force":({29,31});({([ ])}),])
>
> You may notice the last one is pathological[2]. Yes, PHP will really
> let you use " and \n in array keys. The real data do sometimes get about
> this complex; consider this a compressed version. As a fun fact, I've
> learned vim's % command doesn't work when there's an odd number of double
> quotes between your parens/braces.
>
> Calling print_r on the array this generates would return:
>
> Array
> (
> [null_string] => 0
> [some_string] => "Fourscore and seven years ago..."
> [unset_int] => 0
> [an_int] => 42
> [negative_int] => -12
> [null_array] => Array
> (
> )
>
> [null_mapping] => Array
> (
> )
>
> [easy_array] => Array
> (
> [0] => 9
> [1] => 22
> [0] => test
> )
>
> [easy_mapping] => Array
> (
> [string] => 3
> [foo] => "bar"
> [12] => "I am not a crook!"
> )
>
> [medium_array] => Array
> (
> [0] => a string, containing a comma and a "
> [1] => 23
> )
>
> [medium_mapping] => Array
> (
> [string] => Array
> (
> [0] => 3
> [1] => 5
> [2] => 7
> )
>
> [9] => Array
> (
> [0] => Read my lips.
> [1] => 11
> [2] => 13
> )
>
> )
>
> [hard_array] => Array
> (
> [0] => comma, string
> [1] => Array
> (
> [0] => 3
> [1] => 4
> [2] => 5
> )
>
> [2] => Array
> (
> [0] => '"str'
> [1] => 4
> [2] => Array
> (
> [0] => 3
> [1] => 4
> [2] => Array
> (
> )
>
Re: [PHP] extract($_POST)
> Well, one way you can avoid similar things to happen is, you can do > something like, say, create a user that can only SELECT. If the user can > only SELECT then it cannot DELETE. This is a great suggestion from Rick. I already use this method. I have several MySQL users set up for various functions: one that can only SELECT, which is the one I use the most, another that can SELECT, UPDATE and INSERT, and another that can do all of the following plus DELETE. Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] extract($_POST)
Rick Emery wrote: > You can still use extract($_POST). > It is as safe/vulernable as $_POST['isAdmin']. > > In either case, use only variables that you know are yours and be certain > these contain values which you believe to be safe. For instance, if you expect > a variable called $firstname to contain a name to be stored in a SQL database, > be certain it does not contain SQL commands which can damage your database. > Okay, I know I can use strip_tags() and/or htmlspecialchars() to strip out or modify HTML and PHP code in a string, but, how does one do the same with MySQL code in a string to prevent tampering? Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Mail Delivery errors when posting here ???
For some reason I get the following e-mail every time I make a post here recently and not sure why: --- This message was created automatically by mail delivery software (Exim). A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: [EMAIL PROTECTED] SMTP error from remote mailer after MAIL FROM: <[EMAIL PROTECTED]> SIZE=6478: host yun.yagibdah.de [192.168.0.1]: 550 rejected: administrative prohibition --- This is followed by a copy of my posting to the newsgroup which does get posted. Not sure why it's being rejected and where this is coming from. Any clues?? Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Getting the "From: admin@site.com" to work
Andre Dubuc wrote: > Perhaps some kind guru can spare me some time. I've tried to get the "From: > " field pre-filled for a registration/confirmation email that I send out. To add to John's reply, here's how to do a multi-parameter Header. Also note the \r\n at the end of each of these lines. If you don't do this, the header won't be formatted properly. It took me some time to eventually figure this out when I first did this because I was using just \n which doesn't work in the header, but, does work in the body. $headers = "From: [EMAIL PROTECTED]\r\n" ."Reply-To: [EMAIL PROTECTED]\r\n" ."X-Mailer: PHP/4.0.2"; You can also add other mail headers such as 'Importance: High' to the headers list. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] extract($_POST)
John W. Holmes wrote: > Then make sure $name has all single quotes escaped within it. If all of > them are escaped, then it's just a string and can't do any harm. If they > aren't escaped, then the user can break out of your own SQL and put > their own. I'm confused about when I should escape single or double quotes. Should all quotes be stored as \" or \' in a database as well? Regarding your suggestion above, is this what I should do? ... $name = "John AND fname = 'Mary'"; $name = addslashes($name); // $name now holds: "John AND fname = \'Mary\'" This forces MySQL to read \' as a character rather than as the beginning of a variable value. So, in essence, this would produce a mySQL error instead of executing the query, is that correct? Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] extract($_POST)
John W. Holmes wrote:
> Then make sure $id is a number. You can use is_int, or (int), or whatever.
It appears that any numeric values passed via the URL (..?param=10001) are
automatically treated as strings. If I pass ?param=1001 to the following
script...
$type = '';
if (is_string($param)) { $type = 'string'; }
if (is_int($param)) { $type = 'integer'; }
echo 'Type: '.$type;
... I get the following result:
Type: string
But, it should be integer because 10001 is meant to be a number. How does
this work for $_GET values?
Monty
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Referral Site...
Ken Kirtley wrote: > I'm new to PHP and so this may be something of a newbie question. My bad if > it is. I've spent a week now looking for information on capturing the > referral site with php so that I can store it with some session information. > If any of you have any idea how to accomplish this I would greatly > appreciate any information. You want the $_SERVER superglobal. Here's more info... http://www.php.net/manual/en/reserved.variables.php#reserved.variables.serve r -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] extract($_POST)
John W. Holmes wrote: > > Bottom line is that you want to use addslashes() or magic_quotes_gpc() > on any variable you're going to insert into a query string. If you're > inserting a variable that should be a number, make sure it is one. If I have magic quotes turned on, do I still need to worry about using addslashes? Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Best way to store Votes for Survey app
I'm writing a survey app in PHP (4.2.2) that will allow people to view a set of photos and then rate each photo from 1-5 using a little dropdown under each photo. When they are done choosing their ratings, they click on SUBMIT to register all their votes at once. I thought the best way to record votes was to create a record for each member and each photo they voted on in MySQL. So, for example, if someone rates 9 photos, there will be 9 records created in the voting DB structured something like this: item_id // ID number of the photo being rated. member_id // ID of the member making the vote. date// Date vote made. rating // 1-5 While this system offers a lot of flexibility in calculating votes, I'm worried that the DB will become full fast with records because of the number of records created for each member when they vote. If there are 10 photos and 2,000 people rate those photos, that will create 20,000 new records in the DB for that one poll alone. So, I'm wondering if anyone has any suggestions for better ways to store votes like this without created so many DB records. I want to be able to calculate total votes for each photo as well as prevent members that have already voted from voting again. Any suggestions would be appreciated! Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Rearranging Order of Photos
Hi, I need to write a script that re-organizes the order of photos that appear in an online photo gallery. I'm not sure if I can do this completely with PHP or if I need to incorporate Javascript as well, but, I was hoping someone here might have or know of a site that has some sample scripts that allow someone to re-order photos displayed in a thumbnail gallery. I'm having a hard to figuring out the best fool-proof way to accomplish this with PHP alone. Thanks! Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Control Point of Access for certain pages.
On a site that uses a popup window to display images, I want to prevent people from hotlinking directly to the popup page because it just looks like crap if not sized properly with controls removed. But I'm not sure how I can prevent someone from doing this. It appears the HTTP_REFERER isn't always a reliable way to see if they are entering the page from another page on your own site. And I'm not using sessions for this site (it's not necessary). So, I'm a little stuck on how I can allow access to a page only from certain other pages. Has anyone done this with PHP? Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Handling Errors Gracefully
Is there any way to gracefully handle errors that happen after output to the screen has begun (the point where header(Location:) doesn't work) without using ob_ functions? I have a separate PHP page I'd like to display with the error if one happens using the error_handler() and trigger_error() functions. But, I can't make it work because if the error happens after output starts, I just get an error stating header() won't work. I'm also not sure of the best way to pass all the error data to the error page. Its too much for a $_GET. Anyone have any suggestions or links to articles that explain how this can be done?? Thanks a lot. Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] set_error_handler() Keeps Triggering Errors
When I use set_error_handler('error_function') in my scripts, errors are
constantly being triggered that I've never seen before. If I comment the
handler function out, the errors go away. I have the error reporting set
very loosely: error_reporting (E_ERROR | E_USER_ERROR) - so not sure why it
keeps triggering an error, because the error I keep getting is:
Undefined variable: target
This is the same error message no matter what script I run. I don't even use
a variable named $target anywhere in any of my scripts, so, this is
baffling. And this seems like an E_NOTICE error message, but, I'm only
asking for E_ERROR and E_USER_ERROR notices.
My error handling function is fairly simple. It just loads the error info in
a session var then sends the user to the error page, which reads the error
info from the session vars and displays it.
function show_error($type, $msg, $file, $line, $context) {
// Setup error message in Session var...
$_SESSION['error']['type'] = $type;
$_SESSION['error']['msg'] = $msg;
$_SESSION['error']['file'] = $file;
$_SESSION['error']['line'] = $line;
header("Location:./error_page.php");
}
Anyone have any clues why when I set_error_handler to the above function
errors are being triggered for every page?
Monty
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] set_error_handler() Keeps Triggering Errors
Hi Earnest. I found these user notes in the PHP manual, but, it's confusing
and seems to be a bit contradictory:
-[snip]-
error_reporting() has no effect if you have defined your own error handler
with set_error_handler()
[Editor's Note: This is not quite accurate.
E_ERROR, E_PARSE, E_CORE_ERROR, E_CORE_WARNING, E_COMPILE_ERROR and
E_COMPILE_WARNING error levels will be handled as per the error_reporting
settings.
All other levels of errors will be passed to the custom error handler
defined by set_error_handler().
-[/snip]-
PHP's error-handling seems to need to re-working. I just can't get this to
work after having tried some other things I found online. All I want is for
PHP to NOT report E_NOTICE errors, but, there seems to be no way to do this,
even if I re-define the E_NOTICE constant vars.
Thanks.
> From: [EMAIL PROTECTED] (Ernest E Vogelsinger)
> Newsgroups: php.general
> Date: Sun, 10 Nov 2002 10:42:05 +0100
> To: Monty <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED]
> Subject: Re: [PHP] set_error_handler() Keeps Triggering Errors
>
> At 06:34 10.11.2002, Monty said:
> [snip]
>> When I use set_error_handler('error_function') in my scripts, errors are
>> constantly being triggered that I've never seen before. If I comment the
>> handler function out, the errors go away. I have the error reporting set
>> very loosely: error_reporting (E_ERROR | E_USER_ERROR) - so not sure why it
>
> It's somewhere in the docs - can't remember where just now, I believe
> isomewhere in the user comments for error_handler:
>
> your error_handler gets _all_ type of error,warning,notice, regardless of
> the actual setting of error_reporting (which only decides if the
> error/warning/notice gets sent to the client or not).
>
>> keeps triggering an error, because the error I keep getting is:
>>
>> Undefined variable: target
>>
>> This is the same error message no matter what script I run. I don't even use
>> a variable named $target anywhere in any of my scripts, so, this is
>> baffling. And this seems like an E_NOTICE error message, but, I'm only
>> asking for E_ERROR and E_USER_ERROR notices.
> [snip]
>
> Might point to a dynamic variable named target:
>
> error_reporting(E_ALL);
> $varname = 'target';
> if ($$varname) {
> ;
> }
> ?>
>
>
> gets me
> Notice: Undefined variable: target in /www/test/test.php on line 4
>
> Do a grep for "target" on your source files.
>
>
> --
>> O Ernest E. Vogelsinger
> (\)ICQ #13394035
> ^ http://www.vogelsinger.at/
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Unsetting Array Element
Does unsetting an array element make the array smaller? For example, if I
have two elements in an array...
$array = ("title" => "Title of Document",
"content" => "Ten paragraphs of text in here..." );
...then issue this command...
unset ($array['content']);
...will this make $array smaller and more efficient if I then pass it on to
a function for processing?
Thanks!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Writing a Polling App - Need Some Advice
I'm writing a little polling app for a website, they want to run them each week. They will be the simple "choose your favorite" kind of multiple-choice polls. If anyone has ever written one of these, what is the best way to set up the poll questions? Do I store each question in a separate table and link them to a central "Poll" record? Or do you store the questions all in one record? Or is there an even better way to do this? Any suggestions or pointers would be appreciated! Thanks. Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Best Content Management METHOD...
I'm setting up a simple content-management system for a webzine. I'm not sure which method would be the most efficient: 1) Put all content in a database and dynamically flow content into a few different "article" template files. Or... 2) Build the content as actual pages with dynamic elements for menus, and store only basic info about each article in CMS database (such as title, publish date, writer, keywords, etc.). Option 1 would make it very easy to modify the look of all articles, but, I'm concerned that using just a few templates for all articles would slow down the site if lots of people are simultaneously accessing articles. The site gets about 750,000 page views per month, so, while it's no Yahoo, it does get a decent amount of traffic. Option 2, on the other hand, would remove the load from just a few templates by setting up actual pages for each article, but, it won't be as easy to make site-wide design changes this way, and I won't be able to do some things like automatically paginating longer articles over several pages. Anyone have any input or words of wisdom they can offer on the best method for setting up a content management system? Thanks! Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Breaking Dynamic Content into Pages...
I'm trying to determine the best way to break dynamic content into pages before flowing into a template (with "1|2|3" type paging icons at the bottom of the page). I considered using a user-defined type code like "[pagebreak]" that would allow content contributors to determine the page breaks themselves when entering the article into the database. A parsing function would grab the chunk of text/html between the appropriate [pagebreak] codes for each page. But this just doesn't seem a very elegant solution. Anyone know of a better way to do this? Thanks! Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Loading dynamic pages based on URL
Articles for an online magazine will use one template and load content dynamically from a MySQL database. Assets and images for each article will be stored in their own folder: e.g., www.mysite.com/topic/article Even though a physical HTML page will not exist at www.mysite.com/topic/article, is there a way to load the appropriate articles in the template without actually specifying a physical page name if soemone types that URL into their browser? I'd prefer to send people to www.mysite.com/topic/article instead of www.mysite.com/topic/article/template.php?id=39403848 I realize this may be more of an Apache issue than PHP, but, thought I'd see if anyone here has dealt with something similar. Thanks! Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] RegExp Help: [:cntrl:] not working
I'm trying to preg_split() text between "". I used the following but can't get the regular expression to work: $content = "blah blah blah blah blah"; $paged = preg_split( "[[:cntrl:]*][[:cntrl:]*]", $content ); I also tried the following... $content = "blah blah blah blah blah"; $paged = preg_split( "[:cntrl:][:cntrl:]", $content ); ...and... $content = "blah blah blah blah blah"; $paged = preg_split( "[[:cntrl:]][[:cntrl:]]", $content ); But none of these work. Can someone tell me what's wrong? I just want to split the text on "" and include any line feeds that may have been put in before or after the "" text. Thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] RegExp Help: [:cntrl:] not working
> The * needs to be after the character class, ie [[:cntrl:]]*. > > --Dan Thanks Dan. But, removing the asterisk or putting it after the character class doesn't work either for some reason. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] RegExp Help: [:cntrl:] not working
> Have you tried [[:space:]]* instead? That'll pull in line breaks, tabs
> and spaces.
>
> --Dan
I just tried it, but, still can't make this work. Also, I'm getting
different results between explode() and preg_split(), is that normal? Here's
what I'm trying:
$content = "blah blah page_break blah blah blah blah";
$contentpage = preg_split("[[:space:]]*page_break[[:space:]]*", $content);
But I just get a PHP error: Warning: Unknown modifier '*' in testme.php
If I try this:
$content = "blah blah page_break blah blah blah blah";
$contentpage = preg_split("[[:space:]]page_break[[:space:]]", $content);
I get this PHP error: Warning: Unknown modifier 'p' in testme.php
I'm not sure what I'm doing wrong with the reg exp, but, it won't even
parse. Both expressions above used with explode() only produce empty array
variables, as though it's stripping out everything.
What am I doing wrong?
Monty
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] RegExp Help: [:cntrl:] not working
Yes! That was it! Thank you so much. I actually thought preg and ereg were interchangeable, so, I'm glad you pointed out the difference for reg expressions. Can you tell me what the open and closing slashes / are for inside the quotes? Is it equivalent to [ and ] for ereg? Monty > DOH! It's preg!!! [[:space:]] is for ereg. Use \s. I don't know why I > didn't notice sooner. Do this: > > '/\s*page_break\s*/' > > --Dan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP/MySQL -- Date/Time Confusion
Which method is the best way to store date/time in MySQL and then which PHP command is the best to use to convert that date to something useful? I'm having a difficult time figuring out how to reconcile the date in MySQL so it works with PHP's various date commands, like getdate(). Any suggestions? I'll mostly need to compared dates/times of different records and then extract parts of the date for displaying on the screen. Thanks! Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Preventing Multiple Log-Ins after Authentication
Is there a standard method in PHP for preventing multiple people from using the same log-in username/password simultaneously on a membership site? Any suggestions are greatly appreciated. Thanks! Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Newbie Question on Efficiency
If you have have a large number of functions, it might be better to separate them into a few files that you can include as needed. I use one file that contains functions needed by every page. I have a few other files that contain functions that aren't needed by every page, so, I include them only on pages that need them. But most functions go in the main include file used on every page. Separating them will also minimize some overhead if you have a lot of functions. Otherwise, if your include files aren't War & Peace in length, one include file is fine. [EMAIL PROTECTED] 07/16/02 04:59PM >>> > Hello everyone, I'm a newbie and have a question on style that I've not > seen addressed anywhere. I have a large number of frequently used > functions that I'm trying to find a good way to organize. The method > I'm thinking of using is to simply create a .php file called, for > example, functions.php. Then, just include the file at the top of each > page that needs any of the functions, and just call them as needed. My > question is this- if that file gets very large with tons of different > functions, is that an inefficient method? I'm not entirely clear on how > PHP is parsed and passed to the client. I assume it would be best to > divide up the functions into multiple files (ex. dbfunctions.php, etc.), > but is that still the best method? Basically, I'm just curious on how > you guys handle things like this. > > Thanks in advance. > Michael Kennedy > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Includes vs. Functions
I generally prefer to include various blocks of code in templates using include_once() rather than load a functions library and make calls to those functions within the script. Is there a big difference in efficiency and speed of includes vs. custom functions? I like includes because it's easier to drop blocks of code in a page design without disrupting the design of the page very much. Thanks, Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: sorting and searching an Array
This would be MUCH MUCH easier to do if this data were in a database instead of a flat file. But, to accomplish this you need to write some code using the various array functions in PHP, such as asort() and explode(), and structures such as for() and each() to eliminate the array rows that don't match your criteria. "PHP and MySQL Web Development" by Luke Welling and Laura Thomson is a great book for learning PHP (it's what I used). There's not a whole chapter on file functions in PHP, but, there is enough info in there to do all the basic functions you would need to accomplish this task. Monty > From: [EMAIL PROTECTED] > Reply-To: Richard Kurth <[EMAIL PROTECTED]> > Newsgroups: php.general > Date: Wed, 17 Jul 2002 12:52:00 -0700 > To: php-general <[EMAIL PROTECTED]> > Subject: sorting and searching an Array > > After I read this file into an array (small sample of file below) I need to > sorted it by the name at > the end of each line and then echo out only the ones that the name > equals the name in a search variable. > > Also could somebody recommend a PHP book that covers a lot of info on > working with text files. It seams to be very little info in any of the > boos I have now. It is sort of skipped over a lot > > [EMAIL PROTECTED] mrgouldian > [EMAIL PROTECTED] myname > [EMAIL PROTECTED] mrgouldian > [EMAIL PROTECTED] mrgouldian > [EMAIL PROTECTED] myname > [EMAIL PROTECTED] mrgouldian > [EMAIL PROTECTED] myname > [EMAIL PROTECTED] myname > [EMAIL PROTECTED] mrgouldian > [EMAIL PROTECTED] myname > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Includes vs. Functions
Chris, thanks for describing your method. The reason I really dislike
Functions in PHP is because you have to pass every variable needed by a
function, even if that variable is global in the main script, which is a
pain in the ass when a function needs a long string of variables. It makes
it easier to forget a variable in the list and can make the code look messy.
So, that's why I prefer includes, because the code is operating on the same
level as the main script and can easily use variables set locally without
making them global.
I'll use a function if it only needs one or two variables passed to it, but,
I find myself using more Includes than Functions because of the variable
passing necessary.
Tom
> From: [EMAIL PROTECTED] (Chris Crane)
> Organization: Inxdesign.com
> Reply-To: "Chris Crane" <[EMAIL PROTECTED]>
> Newsgroups: php.general
> Date: Wed, 17 Jul 2002 17:05:59 -0400
> To: [EMAIL PROTECTED]
> Subject: Re: Includes vs. Functions
>
> I am not sure about efficiency, myself and I often ask this without much if
> anything at all for a response. However, I am the opposite of you, in that I
> prefer to create a library file containing all the functions. To make
> developing the page in something like Dreamweaver or Frontpage easier, I
> global all the variables of a given function, like say Function
> StockQuote($sym) { }. They I include the library file in my PHP
> webpage.Something like this...
>
>
>
> ~blah
>
>
>
>
> various html
> ~blah
> ~blah
>
>
> ~blah
> ~blah
>
>
>
> In the library file, I global the variables;
>
> function StockQuote($sym) {
>
> global $Stock_LastPrice, $Stock_Position;
> get the data...
> do something with the data...
> $Stock_LastPrice = This minus that blah blah;
> }
>
> I can use this variable anywhere I would like and it is very WYSIWYG
> friendly.
>
> I am not sure how efficient it is though as I mentioned above.
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Loading a File into Variable - How??
I thought this would be fairly easy, but, I can't figure out how to load the
contents of a file into a variable so I can output it later.
The file to be loaded is in my include_path on the server and does contain
some HTML.
file_get_contents() is exactly what I need, but, it only works on a CVS
version of PHP, whatever that is.
I also tried the following function:
function file_get_contents($filename) {
$fd = fopen ($filename, "r", 1);
$contents = fread($fd, filesize($filename));
fclose($fd);
return $contents;
}
But it returns nothing. If I use readfile() the file contents is displayed,
but, what I really want to do is store it in a string variable, not output
it directly. How can I do this?
Thanks,
Monty
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Loading a File into Variable - How??
> Look 4 implode() in the function list Implode isn't really what I need, I just want to load an entire file into a single string variable. However, I figured out the problem shortly after posting that first message (of course). Because the file being opened is in the include_path, it seems filesize() doesn't see those files. So, if I replace the filesize($filename) command with a hard-coded number, it works. Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
