Re: [PHP] Redirects in PHP
On 2003-06-13 10:54-0600, Kevin Stone wrote: > Carl, you can avoid these issues by using output buffering allowing you to > call header() whever you want in your script. This will not solve the OP's problem; the header will still be output first, and the client will be immediately redirected. I am curious though; why is everyone suggesting to use JavaScript when the following in the section of the HTML document will work just as well? http://example.com/new-page.html"; /> Am I missing something? -Zak -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Redirects in PHP
On 2003-06-13 10:34-0600, Michael wrote: > Search engines frown on using meta refresh because of > abuse problems. Some engines won't index the page > period and all of them penalize you at the very least. > While it will work as you described, you're sacrificing > search engine positioning to use it. How many search engines do you know of that will parse and follow the JavaScript location.href redirection suggested earlier? -Zak -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Patch: No input file specified
I run PHP via a simple-minded webserver which sets up some environment
variables and then calls my php scripts (which begin with a
"#!/usr/local/bin/php" line). My scripts must handle all the headers,
including the HTTP status header. My standard included file contains
"header($_SERVER['SERVER_PROTOCOL'] . ' 200 OK');", and other files may
emit a similar header with a different status code for redirection and
so forth.
Unfortunately, after upgrading to 4.3.2 I encountered two problems.
First, PHP was "helpfully" refusing to emit status headers for which the
status code was 200 even when explicity instructed to by the above
header() call. Second, while my scripts would run correctly at the
command line, when run via a web server I was getting a 404 status and
the error message "No input file specified."
I have created a patch to work around the above problems; it is a hack,
but restores my desired functionality if I also set "cgi.rfc2616_headers
= 1" in php.ini. PHP developers, if you're out there, please consider
backing out rev 1.195 of php4/sapi/cgi/cgi_main.c or adding a
configuration directive to disable its behaviour. I'm not sure what the
correct solution for the "No input file specified" problem is; I'll try
to look into it more if I have some time next week, but this was my
first peek at PHP's source.
-Zak
--- sapi/cgi/cgi_main.c.origMon May 26 19:21:08 2003
+++ sapi/cgi/cgi_main.c Fri Jun 13 13:11:58 2003
@@ -279,7 +279,7 @@
rfc2616_headers = 0;
}
- if (SG(sapi_headers).http_response_code != 200) {
+ /* if (SG(sapi_headers).http_response_code != 200) */ {
int len;
if (rfc2616_headers) {
@@ -959,12 +959,14 @@
#endif
/* Make sure we detect we are a cgi - a bit redundancy here,
but the default case is that we have to check only the first one. */
+ /*
if (getenv("SERVER_SOFTWARE")
|| getenv("SERVER_NAME")
|| getenv("GATEWAY_INTERFACE")
|| getenv("REQUEST_METHOD")) {
cgi = 1;
}
+ */
#if PHP_FASTCGI
}
#endif
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Stumped @ MySql insert query
On 2003-06-13 14:15-0400, Pushpinder Singh Garcha wrote: > I am trying to execute a simple query using $_POST variables, so > that variable poisoning is not possible. note: I have register_globals > ON on my site. I am getting the error shown below . Please advise ... > as I can't seem to figure out why ! $_POST variables are still subject to poisoning; in your case, SQL injection. The error you're getting, however, is because you have not enclosed your quoted variable references with braces. For example: You should be passing each of those variables through mysql_escape_string() before using them in a query. -Zak -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Stumped @ MySql insert query
On 2003-06-13 14:42-0400, Pushpinder Singh Garcha wrote: > How is variable poisoning possible when using $_POST ?? I always felt > that the php compiler should check to see if the variable was part of > the POST Global array. At least this is is what I thought about the > $_POST global array. It will do so only if magic_quotes_gpc is on. I tend not to rely on that, especially when we have mysql_escape_string() easily available. -Zak -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
