[PHP] Automatic Form Generation with PHP
Hi We are shortly to release the next version of Form Generator Pro (automatic generation of HTML form/PHP processing code) and are looking for some comments on the way in which we intend to make the software available. Due to the fact that we cannot distribute this PHP application without comprising copyright (the Zend Encoder is not an affordable option for us - we are a small start-up business), the current version of Form Generator Pro is only available for use online at the C U Online site which is fine because 1. it only generates mail forms and 2. it's free. However this won't work for version 2 because version 2 automatically generates forms for MySQL databases by querying the database for table information (field lengths, types etc). Opening up connections from our server to other servers to get database info is not an option - for security reasons (and also many MySQL servers are set up to only accept local connections anyway for this reason). To resolve this problem, the software has been split into 2 parts. The part that retrieves the database information sits on the customers server (secured). Field definitions are then extracted and sent to the generator which remains on our site. I will stress here that no actual database data is sent between the 2 servers, nor any MySQL server usernames or passwords - just the field lengths, types etc of the selected table. Access to the generator will then be sold as opposed to selling the actual software (although mail form generation will remain free). This is not an ideal solution but it seems to be the only way to make the software available and at the same time protect copyright. I would be grateful for any thoughts from other businesses/developers on this solution. Regards Debbie Dyer Software Engineer for C U Online
Re: [PHP] Getting a mysql set info
You need to use SHOW COLUMNS FROM table LIKE 'yoursetfieldname'
You can then retrieve the values from the ["Type"] column which will look
like - set('val1','val2'...etc) - you will need to parse this string
Debbie
- Original Message -
From: "Henry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, September 25, 2002 8:57 AM
Subject: [PHP] Getting a mysql set info
> Hi All,
>
> I would like to get at the SET information for a particular field in a
MySQL
> database.
>
> I know how to get the type, length, name and flags alla the manual pages
> but;
>
> If I have a field which is of type SET ('one','two','three','four') how
can
> I get at this information from within PHP in order to generate a
collection
> of checkboxes for setting the field in HTML.
>
> Any Help Much Appreciated
>
> Henry
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Automatic Form Generation with PHP
Hi Henry Well the software generates the code to process the forms as well (eg for an insert form the code to check required fields are not empty, perform any data validation and insert the record into the db) as well as the forms themselves and this code is in PHP. You can choose to generate a sticky form where you would get 1 PHP page (containing a mixture of PHP and HTML) or non-sticky where you would get separate HTML & PHP pages for the forms/processing. Because all this generated processing code is in PHP customers who don't have PHP either wouldn't be interested in the software or if they were interested in the software they would need to install it - both to use the software and also to be able to use the processing code that it generated. Debbie - Original Message - From: "Henry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 25, 2002 10:05 AM Subject: [PHP] Re: Automatic Form Generation with PHP > Hi Debbie, > > What are you going to do about customers who don't have PHP? To run the > field definition extractor part of the system. > > Henry > > > > > "Debbie_dyer" <[EMAIL PROTECTED]> wrote in message > 00a001c26468$80a50530$19153c3e@homepc">news:00a001c26468$80a50530$19153c3e@homepc... > Hi > > We are shortly to release the next version of Form Generator Pro (automatic > generation of HTML form/PHP processing code) and are looking for some > comments on the way in which we intend to make the software available. > > Due to the fact that we cannot distribute this PHP application without > comprising copyright (the Zend Encoder is not an affordable option for us - > we are a small start-up business), the current version of Form Generator Pro > is only available for use online at the C U Online site which is fine > because 1. it only generates mail forms and 2. it's free. However this won't > work for version 2 because version 2 automatically generates forms for MySQL > databases by querying the database for table information (field lengths, > types etc). Opening up connections from our server to other servers to get > database info is not an option - for security reasons (and also many MySQL > servers are set up to only accept local connections anyway for this reason). > > To resolve this problem, the software has been split into 2 parts. The part > that retrieves the database information sits on the customers server > (secured). Field definitions are then extracted and sent to the generator > which remains on our site. I will stress here that no actual database data > is sent between the 2 servers, nor any MySQL server usernames or passwords - > just the field lengths, types etc of the selected table. Access to the > generator will then be sold as opposed to selling the actual software > (although mail form generation will remain free). This is not an ideal > solution but it seems to be the only way to make the software available and > at the same time protect copyright. > > I would be grateful for any thoughts from other businesses/developers on > this solution. > > Regards > Debbie Dyer > Software Engineer for C U Online > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Automatic Form Generation with PHP
Hi Henry On set up of the side of the software that sits on the customers server a table is created for users. Adminstration screens are provided for adding/deleting users and a user can only gain access by logging in and they can only log in if a record exists in this table. The whole thing (on this side) is secured by cookies. After logging in the software attempts to connect to a MySQL database using the host, username, pass & db name specified in a mysqlvars.php file - these vars are never passed across the network. No usernames/passwords either for MySQL or access to the software are stored in the cookie - the cookie is authenticated using a checksum value. The generator side is secured by sessions but again no MySQL vars are sent across nor any access usernames/passwords for the customer software. What is sent between the servers is: 1. the customers email address and password for the generator (encoded and different from their MySQL/customer software username/passwords) and. 2. table structure information which has been retrieved. This information could of course be intercepted but could be of no use to a hacker without a valid username and password for the MySQL database. If you disagree please tell me. It's this aspect of the software (security) that causes most concern as with any application enabling online access to databases. Debbie - Original Message - From: "Henry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 25, 2002 11:14 AM Subject: Re: [PHP] Re: Automatic Form Generation with PHP > Hi Debbie, > > That's fair enough. How are you ensure that only valid servers request > information from the field enquiry part? > > Otherwise people might be able to use this part to gain access to the > database structure if not the actual data. > > Henry. > > "Debbie_dyer" <[EMAIL PROTECTED]> wrote in message > 00f501c26476$49fcd4a0$19153c3e@homepc">news:00f501c26476$49fcd4a0$19153c3e@homepc... > > Hi Henry > > > > Well the software generates the code to process the forms as well (eg for > an > > insert form the code to check required fields are not empty, perform any > > data validation and insert the record into the db) as well as the forms > > themselves and this code is in PHP. You can choose to generate a sticky > form > > where you would get 1 PHP page (containing a mixture of PHP and HTML) or > > non-sticky where you would get separate HTML & PHP pages for the > > forms/processing. Because all this generated processing code is in PHP > > customers who don't have PHP either wouldn't be interested in the software > > or if they were interested in the software they would need to install it - > > both to use the software and also to be able to use the processing code > that > > it generated. > > > > Debbie > > > > - Original Message - > > From: "Henry" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Wednesday, September 25, 2002 10:05 AM > > Subject: [PHP] Re: Automatic Form Generation with PHP > > > > > > > Hi Debbie, > > > > > > What are you going to do about customers who don't have PHP? To run the > > > field definition extractor part of the system. > > > > > > Henry > > > > > > > > > > > > > > > "Debbie_dyer" <[EMAIL PROTECTED]> wrote in message > > > 00a001c26468$80a50530$19153c3e@homepc">news:00a001c26468$80a50530$19153c3e@homepc... > > > Hi > > > > > > We are shortly to release the next version of Form Generator Pro > > (automatic > > > generation of HTML form/PHP processing code) and are looking for some > > > comments on the way in which we intend to make the software available. > > > > > > Due to the fact that we cannot distribute this PHP application without > > > comprising copyright (the Zend Encoder is not an affordable option for > > us - > > > we are a small start-up business), the current version of Form Generator > > Pro > > > is only available for use online at the C U Online site which is fine > > > because 1. it only generates mail forms and 2. it's free. However this > > won't > > > work for version 2 because version 2 automatically generates forms for > > MySQL > > > databases by querying the database for table information (field lengths, > > > types etc). Opening up connections from our server to other servers to > get > > > database info is not an option - for security reasons (and also many > MySQL > > > servers are set up
Re: [PHP] slashes added before '
You probably have magic_quotes_gpc in php.ini off on your Windows platform
and on on your Linux platform
Magic_quotes_gpc automatically applies addslashes to POST, GET and cookie
data if its on.
Use stripslashes to remove it or to write code thats portable - write a
function like:-
function stripData($data) {
return ini_get('magic_quotes_gpc') ? stripslashes($data) : $data;
}
Debbie
- Original Message -
From: "Khalid El-Kary" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, September 25, 2002 1:07 PM
Subject: [PHP] slashes added before '
> this code snippet:
>
> function save($file)
> {
>$my_file=fopen($file,"wb");
>$my_status=fwrite($my_file,$text);
>fclose($my_file);
> }
>
> is intended to overwrite a file or create a file and write to it from a
> string that's already containing text.
>
> the problem is the after the script writes the file i find "\" before all
> single and double qoutes in the whole file
>
> this problem occured on red hat linux but in windows it didn't happen.
>
> can any one help?
>
> khalid
>
>
> _
> Send and receive Hotmail on your mobile device: http://mobile.msn.com
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Displaying full array contents
You could use recursion example:-
function printArray($arr) {
for ($i =0; $i < count($arr); $i++) {
if (!is_array($arr[$i])) {
echo $arr[$i];
}
else {
printArray($arr[$i]);
}
}
}
$arr = array("Orange", "Peach", "Apple");
$arr2 = array("Banana", $arr, "Pear");
$arr3 = array($arr, $arr2);
printArray($arr3);
Debbie
- Original Message -
From: "Brad Harriger" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, September 26, 2002 6:50 PM
Subject: [PHP] Displaying full array contents
> I'm trying to write a function that will display the full contents of an
> array. If one of the keys contains a value that is an array, the full
> array (all indices) should be shown.
>
> As an example, given the following definitions:
>
> $Arr1[1] = "Apple";
> $Arr1[2] = "Banana";
> $Arr1[3] = $Arr2[];
> $Arr2[1] = "Carrot";
> $Arr2[2] = $Arr3[];
> $Arr3[1] = "Orange";
> $Arr3[2] = "Peach";
>
>
> the output should be:
>
> Arr1:1:Apple
> Arr1:2:Banana
> Arr1:3:Arr2[]
> Arr1:3:Arr2:1:Carrot
> Arr1:3:Arr2:2:Arr3[]
> Arr1:3:Arr2:2:Arr3:1:Orange
> Arr1:3:Arr2:2:Arr3:2:Peach
>
> The closest I've come is:
>
> while (current($myArr))
>{
> if(is_array(current($myArr)))
> {
>$arrKey = key(current($myArr));
>echo "Array ";
>echo " = ";
>$baseArray = key($myArr);
>echo key($myArr);
>echo "\n";
>walkArray(current($myArr));
> }
> else
> {
>$arrKey = key($myArr);
>if ($baseArray != "")
>{
> echo $baseArray;
> echo ":";
>}
>echo $arrKey;
>echo " = ";
>echo current($myArr);
>echo "\n";
> }
> next($myArr);
>}
>
> This code only echoes one dimension of a multi-dimension array. I can't
> find a way to reliably store more than that. Any suggestions?
>
> Thanks in advance,
>
> Brad
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Displaying full array contents
Use a static variable in the function? A static var retains its value
between function calls
function printArray($arr) {
static $depth = 0;
for ($i =0; $i < count($arr); $i++) {
if (!is_array($arr[$i])) {
echo "$depth $arr[$i]";
}
else {
$depth++;
printArray($arr[$i]);
$depth--;
}
}
}
$arr = array("Orange", "Peach", "Apple");
$arr2 = array("Banana", $arr, "Pear");
$arr3 = array($arr, $arr2);
printArray($arr3);
Debbie
- Original Message -
From: "Brad Harriger" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, September 26, 2002 8:46 PM
Subject: Re: [PHP] Displaying full array contents
> Debbie,
>
> Yes. I could use recursion, but what's really hanging me up is keeping
> track of how deep into an array I am. It should be fairly simple, but I
> seem to be having a brain freeze.
>
> Brad
>
>
>
> Debbie_dyer wrote:
>
> > You could use recursion example:-
> >
> > function printArray($arr) {
> > for ($i =0; $i < count($arr); $i++) {
> > if (!is_array($arr[$i])) {
> > echo $arr[$i];
> > }
> > else {
> > printArray($arr[$i]);
> > }
> > }
> > }
> >
> > $arr = array("Orange", "Peach", "Apple");
> > $arr2 = array("Banana", $arr, "Pear");
> > $arr3 = array($arr, $arr2);
> >
> > printArray($arr3);
> >
> > Debbie
> >
> > - Original Message -
> > From: "Brad Harriger" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Thursday, September 26, 2002 6:50 PM
> > Subject: [PHP] Displaying full array contents
> >
> >
> >
> >>I'm trying to write a function that will display the full contents of an
> >>array. If one of the keys contains a value that is an array, the full
> >>array (all indices) should be shown.
> >>
> >>As an example, given the following definitions:
> >>
> >>$Arr1[1] = "Apple";
> >>$Arr1[2] = "Banana";
> >>$Arr1[3] = $Arr2[];
> >>$Arr2[1] = "Carrot";
> >>$Arr2[2] = $Arr3[];
> >>$Arr3[1] = "Orange";
> >>$Arr3[2] = "Peach";
> >>
> >>
> >>the output should be:
> >>
> >>Arr1:1:Apple
> >>Arr1:2:Banana
> >>Arr1:3:Arr2[]
> >>Arr1:3:Arr2:1:Carrot
> >>Arr1:3:Arr2:2:Arr3[]
> >>Arr1:3:Arr2:2:Arr3:1:Orange
> >>Arr1:3:Arr2:2:Arr3:2:Peach
> >>
> >>The closest I've come is:
> >>
> >> while (current($myArr))
> >> {
> >> if(is_array(current($myArr)))
> >> {
> >> $arrKey = key(current($myArr));
> >> echo "Array ";
> >> echo " = ";
> >> $baseArray = key($myArr);
> >> echo key($myArr);
> >> echo "\n";
> >> walkArray(current($myArr));
> >> }
> >> else
> >> {
> >> $arrKey = key($myArr);
> >> if ($baseArray != "")
> >> {
> >> echo $baseArray;
> >> echo ":";
> >> }
> >> echo $arrKey;
> >> echo " = ";
> >> echo current($myArr);
> >> echo "\n";
> >> }
> >> next($myArr);
> >> }
> >>
> >>This code only echoes one dimension of a multi-dimension array. I can't
> >>find a way to reliably store more than that. Any suggestions?
> >>
> >>Thanks in advance,
> >>
> >>Brad
> >>
> >>
> >>--
> >>PHP General Mailing List (http://www.php.net/)
> >>To unsubscribe, visit: http://www.php.net/unsub.php
> >>
> >>
> >
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session
PHP is automatically rewriting the URLs for the tags specified in url_rewriter.tags (php.ini) because the session cookie has not been accepted. I found it best to remove these tags and append the SID manually to the URLs that need it for when cookies are off - else SIDs can get appended where you don't want them appended. I think PHP's session system is really good and definitely worth learning. Debbie - Original Message - From: "Bill Farrell" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, September 26, 2002 8:09 PM Subject: [PHP] Session > Hi all, > > Is there a really thorough tutorial on the use of > session variables? Seems like there are a zillion > options to choose from, lots of interdependent > settings, etc, and I'm a bit confused on how to make > it work. > > I try not to use session objects too much in any > language as it makes the code somewhat less portable, > but I did want to experiment with PHP's notion before > launching off on another suite of apps. I'm starting > with a simple fake hit counter that checks session to > see if the counter was already dinged. It works if I > turn on enable_transient_sid, but setting that drives > ht://dig nuts by appending ?PHPSESSIDyaddayadda to the > URL. Really makes a mess of the database :-)~~. > > Obviously, I'm missing something pretty fundamental. > Any suggested reading would be appreciated (yes, I did > read the PHP manual :-). > > Thanks in advance, > B > > > = > Bill Farrell > Multivalue and *nix Support Specialist > > Phone: (828) 667-2245 > Fax: (928) 563-5189 > Web: http://www.jwfarrell.com > > __ > Do you Yahoo!? > New DSL Internet Access from SBC & Yahoo! > http://sbc.yahoo.com > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Displaying full array contents
Easier yes and ok for debug but it doesnt look very nice on a web page does
it nor does it help if you want to do something with the array elements.
Debbie
- Original Message -
From: "Martin W Jørgensen" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, September 26, 2002 9:17 PM
Subject: Re: [PHP] Displaying full array contents
> print_r($array); simply print out the entire array..
> It cant be easier.
>
> "Debbie_dyer" <[EMAIL PROTECTED]> wrote in message
> 01bf01c26598$1d84ec00$0100a8c0@homepc">news:01bf01c26598$1d84ec00$0100a8c0@homepc...
> > Use a static variable in the function? A static var retains its value
> > between function calls
> >
> > function printArray($arr) {
> > static $depth = 0;
> > for ($i =0; $i < count($arr); $i++) {
> > if (!is_array($arr[$i])) {
> > echo "$depth $arr[$i]";
> > }
> > else {
> > $depth++;
> > printArray($arr[$i]);
> > $depth--;
> > }
> > }
> > }
> >
> > $arr = array("Orange", "Peach", "Apple");
> > $arr2 = array("Banana", $arr, "Pear");
> > $arr3 = array($arr, $arr2);
> >
> > printArray($arr3);
> >
> > Debbie
> >
> > - Original Message -
> > From: "Brad Harriger" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Thursday, September 26, 2002 8:46 PM
> > Subject: Re: [PHP] Displaying full array contents
> >
> >
> > > Debbie,
> > >
> > > Yes. I could use recursion, but what's really hanging me up is
keeping
> > > track of how deep into an array I am. It should be fairly simple, but
I
> > > seem to be having a brain freeze.
> > >
> > > Brad
> > >
> > >
> > >
> > > Debbie_dyer wrote:
> > >
> > > > You could use recursion example:-
> > > >
> > > > function printArray($arr) {
> > > > for ($i =0; $i < count($arr); $i++) {
> > > > if (!is_array($arr[$i])) {
> > > > echo $arr[$i];
> > > > }
> > > > else {
> > > > printArray($arr[$i]);
> > > > }
> > > > }
> > > > }
> > > >
> > > > $arr = array("Orange", "Peach", "Apple");
> > > > $arr2 = array("Banana", $arr, "Pear");
> > > > $arr3 = array($arr, $arr2);
> > > >
> > > > printArray($arr3);
> > > >
> > > > Debbie
> > > >
> > > > - Original Message -
> > > > From: "Brad Harriger" <[EMAIL PROTECTED]>
> > > > To: <[EMAIL PROTECTED]>
> > > > Sent: Thursday, September 26, 2002 6:50 PM
> > > > Subject: [PHP] Displaying full array contents
> > > >
> > > >
> > > >
> > > >>I'm trying to write a function that will display the full contents
of
> an
> > > >>array. If one of the keys contains a value that is an array, the
full
> > > >>array (all indices) should be shown.
> > > >>
> > > >>As an example, given the following definitions:
> > > >>
> > > >>$Arr1[1] = "Apple";
> > > >>$Arr1[2] = "Banana";
> > > >>$Arr1[3] = $Arr2[];
> > > >>$Arr2[1] = "Carrot";
> > > >>$Arr2[2] = $Arr3[];
> > > >>$Arr3[1] = "Orange";
> > > >>$Arr3[2] = "Peach";
> > > >>
> > > >>
> > > >>the output should be:
> > > >>
> > > >>Arr1:1:Apple
> > > >>Arr1:2:Banana
> > > >>Arr1:3:Arr2[]
> > > >>Arr1:3:Arr2:1:Carrot
> > > >>Arr1:3:Arr2:2:Arr3[]
> > > >>Arr1:3:Arr2:2:Arr3:1:Orange
> > > >>Arr1:3:Arr2:2:Arr3:2:Peach
> > > >>
> > > >>The closest I've come is:
> > > >>
> > > >> while (current($myArr))
> > > >> {
> > > >> if(is_array(current($myArr)))
> > > >> {
> > > >> $arrKey = key(current($myArr));
> > > >> echo "Array ";
> > > >> echo " = ";
> > > >> $baseArray = key($myArr);
> > > >> echo key($myArr);
> > > >> echo "\n";
> > > >> walkArray(current($myArr));
> > > >> }
> > > >> else
> > > >> {
> > > >> $arrKey = key($myArr);
> > > >> if ($baseArray != "")
> > > >> {
> > > >> echo $baseArray;
> > > >> echo ":";
> > > >> }
> > > >> echo $arrKey;
> > > >> echo " = ";
> > > >> echo current($myArr);
> > > >> echo "\n";
> > > >> }
> > > >> next($myArr);
> > > >> }
> > > >>
> > > >>This code only echoes one dimension of a multi-dimension array. I
> can't
> > > >>find a way to reliably store more than that. Any suggestions?
> > > >>
> > > >>Thanks in advance,
> > > >>
> > > >>Brad
> > > >>
> > > >>
> > > >>--
> > > >>PHP General Mailing List (http://www.php.net/)
> > > >>To unsubscribe, visit: http://www.php.net/unsub.php
> > > >>
> > > >>
> > > >
> > >
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, visit: http://www.php.net/unsub.php
> > >
> >
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Getting part of a string
I'm not an expert on regex but this seems to work:-
ereg("^/[^/]*/([^/]*)/.*$", "/realtor/Remax/Ed/files/", $regs);
if (isset($regs[1])) {
print $regs[1];
}
Debbie
- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, September 27, 2002 4:23 PM
Subject: [PHP] Getting part of a string
>
> I've got a situation where I need to pull a string from a variable but I
> can't seem to get it figured out.
>
> I.e.
>
> value of $a = /realtor/Remax/Ed/files/
>
> I need to get the string between the second and third / (slash)
>
> What I need: Remax
>
> Thanks,
>
> Ed
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Domains in cookie?
Is this because you have domain aliases? Debbie - Original Message - From: "Tony Harrison" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, September 28, 2002 10:25 AM Subject: [PHP] Multiple Domains in cookie? > Is it possible to specify more than 1 domain in a cookie? > - > [EMAIL PROTECTED] > http://www.cool-palace.com > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Posting a value to one form to another
Must be a register globals problem again - php.ini (register_globals) - on for linux off for windows. You should keep it switched off (or at least code for it being off) and use the superglobal arrays $_POST, $_GET etc Debbie - Original Message - From: "Uma Shankari T." <[EMAIL PROTECTED]> To: "PHP" <[EMAIL PROTECTED]> Sent: Saturday, September 28, 2002 9:42 AM Subject: [PHP] Posting a value to one form to another > > Hello , > > border="0"> > > While clicking this link the $hid value get incremented and fetch the value > from the database according to that..the same thing is working in linux > platform and it is not working for the windows platform..the value is not > getting increment..Can anyone please tell me how to go about with this..?? > > Regards, > Uma > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] headers?
It's giving you this error because you are sending the headers after
outputting something (which could be just a blank line) - check in your
functions.php that you dont have any blank lines before the start of or
after the end of your script. ie. before the
Debbie
- Original Message -
From: "cleaner" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, September 28, 2002 3:23 PM
Subject: [PHP] headers?
> Hi all..
>
> Got this script to verify a login against a mysql-databas with several
> checking for type errors etc.
>
> When I wanna login people, I include a file with all my functions
> ('functions.php') and I a function verify is called upon.
>
> the function returns false if user entered wrong user/pass, And if they
> enter correct info I want them to be redirected to another page.. hm. the
> headers cant be added (u heard that before?) cuz my login form already
> started output...
>
> function verify($user,$pass){
> // some sql queries here...
>
> if(count($number)>0){
> return false;
> }else{
>header("Location:admin.php");
>}
>
> }
>
> I would like som help using headers in a correct way, or be able to use
> another way...
>
>
> reg:cleaner
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re[2]: [PHP] counting words in a string
You can get all the terms into an array using preg_match_all:-
$str = "UNAVAILABLE More Info AVAILABLE More Info";
$regExp = "/(?:UN)?AVAILABLE|More Info/";
preg_match_all($regExp, $str, $regs);
$regs[0] will contain the matched terms - you should then be able to use
array functions to do whatever else you need to do - counting, positions,
etc
Debbie
- Original Message -
From: "Justin French" <[EMAIL PROTECTED]>
To: "Richard Kurth" <[EMAIL PROTECTED]>; "php-general"
<[EMAIL PROTECTED]>
Sent: Saturday, September 28, 2002 6:26 PM
Subject: Re: Re[2]: [PHP] counting words in a string
> You need to look at a few options... one is regular expression (not my
> forte), or perhaps winding through the string one character at a time,
> writing a very simple state engine.
>
> Justin French
>
>
> on 28/09/02 4:47 PM, [EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote:
>
> > Hello Justin,
> >
> > That worked perfect but I have one more problem I need to know if one
> > of the word is UNAVAILABLE I need to know if it is the first one or
> > the second one. I don't know if there is any way to do this.
> > 1st 2nd
> > $string ="UNAVAILABLE AVAILABLE More Info";
> > 1st 2nd
> > $string ="AVAILABLE More Info UNAVAILABLE ";
> >
> > Friday, September 27, 2002, 11:22:42 PM, you wrote:
> >
> >
> > JF> if this is your SPECIFIC problem, putting a space at the beginning
of
> > $srch
> > JF> will help, eliminating XAVAILABLE... but this will cause a problem
with
> > the
> > JF> word AVAILABLE appearing at the start of the string, so temporarily
put a
> > JF> space at the start of the string:
> >
> > JF> > JF> // UNTESTED
> > JF> $count = substr_count(' '.strtolower($string), strtolower('
'.$srch));
> > JF> echo $count;
> > ?>>
> >
> > JF> this won't help if there are newlines and other white space instead
of
> > JF> spaces, and won't help (so far) for a different set of
circumstances...
> >
> > JF> it would be nice to extend substr_count() could be extended to have
an
> > JF> option.
> >
> > JF> Justin
> >
> >
> >
> > JF> on 28/09/02 3:41 PM, [EMAIL PROTECTED] ([EMAIL PROTECTED])
wrote:
> >
> >>>
> >>> I need to count how many times the word AVAILABLE appears in a string
> >>> like this
> >>> $string ="AVAILABLE More Info AVAILABLE More Info";
> >>> some time the string looks like this
> >>> $string ="UNAVAILABLE More Info AVAILABLE More Info";
> >>> or
> >>> $string ="AVAILABLE More Info UNAVAILABLE More Info";
> >>> when I use
> >>> $srch="AVAILABLE";
> >>> $count=substr_count(strtolower($string), strtolower($srch));
> >>> echo $count;
> >>> it puts the count a 2 even when one of the words is UNAVAILABLE
> >>> how can I make it only count AVAILABLE and not UNAVAILABLE or visa
> >>> verse
> >
> >
> >
> >
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Member's Area Script
$conn = $main; <- that line is the problem - you cant use global vars
inside functions without declaring them as global
- Original Message -
From: "Stephen Craton" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, September 28, 2002 11:49 PM
Subject: [PHP] Member's Area Script
> Hello again,
>
> I'm trying to write a script that has a member's area in it. So far I've
> been able to successfully validate only one username and only one
> password but now I'm going big and trying to compare it with a table in
> my MySQL database. Everything goes nice and smooth until I actually try
> and enter in my username and password. I type it in, copy and paste,
> whaetever and it tells me the error I wanted it to say "The username and
> password is not a good combo." I've copied and pasted the username and
> password from the database directly yet it still gives me this error.
> Here's my code for the login() function that logs the user in:
>
> function login($username, $password)
> {
> $conn = $main;
> if (!$conn)
> return 0;
>
> $result = mysql_query("select * from user
> where username='$username'
> and passwd = '$password'");
> if (!$result)
> return 0;
>
> if (mysql_num_rows($result)>0)
> return 1;
> else
> return 0;
> }
>
> Here's the code for the part that calls the login() function:
>
> if(login($user, $pass))
> {
> $valid_user = $user;
> session_register("valid_user");
> }
> else
> {
> echo " size='3'>You supplied an invalid username and password combo.
> Try again please.";
> exit;
> }
>
> And here's the part that connects to the database:
>
> # FileName="Connection_php_mysql.htm"
> # Type="MYSQL"
> # HTTP="true"
> $hostname_main = "localhost";
> $database_main = "mom";
> $username_main = "root";
> $password_main = "";
> $main = mysql_pconnect($hostname_main, $username_main, $password_main)
> or die(mysql_error());
> ?>
>
> Does anyone see why it's doing this to me? Please help!!
>
> Thanks,
> Stephen
> http://www.melchior.us
> http://php.melchior.us
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Not Saving?
Are you calling session_start() on the other pages inside the secure area?
- Original Message -
From: "Stephen Craton" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, September 29, 2002 5:23 PM
Subject: [PHP] Session Not Saving?
> I'm having another problem with my member's area script. When someone
> logs in, it's supposed to register their username into a session and it
> displays fine on the first page. But once you navigate to another part
> of the area, it does not tell you you are logged in, instead it gives me
> the error I set it to give "You are not logged in." Here's the code
> that checks to see if the user is valid:
>
> function check_valid()
> {
> global $valid_user;
> if (session_is_registered("valid_user"))
> {
> echo "Welcome $valid_user!";
> }
> else
> {
> echo "You are not logged in.";
> exit;
> }
> }
>
> Here's the code that's supposed to save the session:
>
> include_once("funcs.php");
> session_start();
> if($user && $pass)
> {
> if(login($user, $pass))
> {
> $valid_user = $user;
> session_register("valid_user");
> }
> else
> {
> echo " size='3'>You supplied an invalid username and password combo.
> Try again please.";
> exit;
> }
> }
>
> Please help again!!!
>
> Thanks,
> Stephen
> http://www.melchior.us
> http://php.melchior.us
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] calling session_start()
session_start() has to be called on every page where you want to use the session, before you try referencing it - you also have to call it before outputting anything else (you must be doing it after and this is what is causing your error) - Original Message - From: "Børge Strand" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, September 29, 2002 6:12 PM Subject: [PHP] calling session_start() > > Hi All, > > When does session_start() have to be called? I have the following > setting: > > A bunch of php pages are placed in a frameset. If someone tries to > access one of these pages without the session-id cookie being set, the > page calls a reloading of the frameset. The frameset page itself is > the first to call session_start() > > Am I right to believe that session_start() has to be called before one > can do if (!isset($_SESSION['foo']))? It is this test that determines > whether or not to reload the frameset. > > On my development system this works just fine, but going into > production on a web hotel, I get a lot more warnings. Every page in > the frameset says "Warning: Cannot send session cache limiter - > heaaders already sent..." in response to session_start() in the test I > described above. > > Which setting in php.ini enables this warning? > Do you know how I can test for the presense of a session without > getting this error? > > Regards, > > Børge > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Not Displaying From Vars??
Yeah got to be register_globals and also a tip to save future problems if you are working with forms and u want to redisplay submitted data you will need to learn about stripslashes (if you have magic_quotes_gpc on) and htmlspecialchars. And for the db additions addslashes (for if magic_quotes_gpc is off) - Original Message - From: "Stephen Craton" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, September 29, 2002 7:00 PM Subject: [PHP] Not Displaying From Vars?? > I bet you're getting sick of hearing from me but yet again, I'm having > trouble. I have a form that you type in a number for how many hours an > employee has worked. When they submit the form, it's supposed to > display, again, what they typed in and record them to a database to be > used for a later use. The form, evidently, submits fine but what my > problem is, is that it won't display what they typed in. > > All I'm doing is putting in this: > > > > The input field looks like this: > > size="4" maxlength="3"> > > Does anyone see the problem? I can assign the form method to be GET and > it displays all the field values in the URL just fine, it's just not > displaying in the page itself. > > Thanks, > Stephen > http://www.melchior.us > http://php.melchior.us > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Not Displaying From Vars??
Its a setting in php.ini where PHP creates vars from form data/cookies if its on. If it is on - its a security risk because anyone can change the value of the data in your script by passing values in thru the URL. So you need to keep it switched off (whereby vars will not be created from form data) and use the superglobals $_POST, $_GET, etc to access your data instead. - Original Message - From: "Stephen Craton" <[EMAIL PROTECTED]> To: "'debbie_dyer'" <[EMAIL PROTECTED]> Sent: Sunday, September 29, 2002 7:29 PM Subject: RE: [PHP] Not Displaying From Vars?? > Sorry if I'm acting all noobish but, how do I register_globals? > > I already know about stripslashes and addslashes, I usually use those to > store secured information. > > Thanks, > Stephen > http://www.melchior.us > http://php.melchior.us > > :: -Original Message- > :: From: debbie_dyer [mailto:[EMAIL PROTECTED]] > :: Sent: Sunday, September 29, 2002 1:14 PM > :: To: [EMAIL PROTECTED] > :: Subject: Re: [PHP] Not Displaying From Vars?? > :: > :: > :: Yeah got to be register_globals and also a tip to save > :: future problems if you are working with forms and u want to > :: redisplay submitted data you will need to learn about > :: stripslashes (if you have magic_quotes_gpc on) and htmlspecialchars. > :: > :: And for the db additions addslashes (for if magic_quotes_gpc is off) > :: > :: > :: - Original Message - > :: From: "Stephen Craton" <[EMAIL PROTECTED]> > :: To: <[EMAIL PROTECTED]> > :: Sent: Sunday, September 29, 2002 7:00 PM > :: Subject: [PHP] Not Displaying From Vars?? > :: > :: > :: > I bet you're getting sick of hearing from me but yet > :: again, I'm having > :: > trouble. I have a form that you type in a number for how > :: many hours an > :: > employee has worked. When they submit the form, it's supposed to > :: > display, again, what they typed in and record them to a > :: database to be > :: > used for a later use. The form, evidently, submits fine > :: but what my > :: > problem is, is that it won't display what they typed in. > :: > > :: > All I'm doing is putting in this: > :: > > :: > > :: > > :: > The input field looks like this: > :: > > :: > :: id="sun_reg" size="4" > :: > maxlength="3"> > :: > > :: > Does anyone see the problem? I can assign the form method > :: to be GET > :: > and it displays all the field values in the URL just fine, > :: it's just > :: > not displaying in the page itself. > :: > > :: > Thanks, > :: > Stephen > :: > http://www.melchior.us > :: > http://php.melchior.us > :: > > :: > > :: > > :: > -- > :: > PHP General Mailing List (http://www.php.net/) > :: > To unsubscribe, visit: http://www.php.net/unsub.php > :: > > :: > :: > :: -- > :: PHP General Mailing List (http://www.php.net/) > :: To unsubscribe, visit: http://www.php.net/unsub.php > :: > :: > :: > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] OT-best PDF creation tool
hey! you cant say hey guys these days - there are females in the industry too u know :) - Original Message - From: "Ryan A" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, September 29, 2002 7:40 PM Subject: [PHP] OT-best PDF creation tool Hey guys, I know this is totally off topic on a php list but I have a client who wants a PDF document and since I have never made one before...which is the easiest and best tool (hopefully free) to make a PDF form? I know a lot of you guys make websites yourselfs and most proberly worked on something like this so any comments,suggestions or links are appreciated. Cheers, -Ryan. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] hash function secret
I don't see how it could be randomly generated else how would you be able to use it for authenticating etc but then I'm not a security expert. I use a long character string known only to me and stored outside my web directory. Maybe other ppl do differently I don't know. - Original Message - From: "Pablo Oliva" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, September 29, 2002 7:52 PM Subject: [PHP] hash function secret > I was reading the sept. issue of linux magazine and they discussed > security issues with web apps. > > They mentioned that to generate signatures, you should include a secret > with your hash function: > s = S(m) = H(secret, H(m, secret)) > > What is the secret, just a sort of secret code that you include, like > some sort of random password: " gr8ckret46eme " as an example ??? > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Debbie->Re: [PHP] OT-best PDF creation tool
Ryan LOL ok - no offence taken. And be careful what u promise - tens (hundreds even dont know how many are on this list) of females probably just received it and I am sure you will be well spotted if you break it :) Debbie - Original Message - From: "Ryan A" <[EMAIL PROTECTED]> To: "debbie_dyer" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Sunday, September 29, 2002 7:59 PM Subject: Debbie->Re: [PHP] OT-best PDF creation tool > Hey Debbie, > thanks for writing, > > Sorry, no offense meant but I call all my pals guys. > > Yeah, I know there are females in the industary and i'm sure most of them > work for Microsoft writing the error messages that keep on nagging and that > make absolutely no sense! > > hehhehehe couldnt resist, just kidding. > > But before you decide to sell my soul to the devil I promise I shall try to > amend my ways and will not so selfishly and meanly write to this OR any > other mailing list addressing people with term "guys". :-) > > And in closing...let me say, nice name. > Cheers, > -Ryan. > > > hey! you cant say hey guys these days - there are females in the industry > > too u know :) > > > > - Original Message - > > From: "Ryan A" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Sunday, September 29, 2002 7:40 PM > > Subject: [PHP] OT-best PDF creation tool > > > > > > Hey guys, > > I know this is totally off topic on a php list but I have a client who > wants > > a PDF document and since I have never made one before...which is the > easiest > > and best tool (hopefully free) to make a PDF form? > > I know a lot of you guys make websites yourselfs and most proberly worked > on > > something like this so any comments,suggestions or links are appreciated. > > Cheers, > > -Ryan. > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Not Displaying From Vars??
Wheres the form tag? - Original Message - From: "Stephen Craton" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Sunday, September 29, 2002 8:19 PM Subject: RE: [PHP] Not Displaying From Vars?? > Here's the part that's supposed to display the information. I've only > filled in one area so far: > > > Sunday > $_GET[sung_reg]; ?> > class="line"> > class="line2"> > > > > > > > > > Here's the form for the same area: > > > Sunday > name="sun_reg" type="text" class="hours" id="sun_reg" size="4" > maxlength="3"> > > class="line"> >class="hours" id="sun_over" size="4" maxlength="3"> > > class="line2"> >class="hours" id="sun_vac" size="4" maxlength="3"> > > size="2" face="Arial, Helvetica, sans-serif"> >class="hours" id="sun_hol" size="4" maxlength="3"> > > size="2" face="Arial, Helvetica, sans-serif"> >class="hours" id="sun_sick" size="4" maxlength="3"> > > size="2" face="Arial, Helvetica, sans-serif"> >class="hours" id="sun_funer" size="4" maxlength="3"> > > size="2" face="Arial, Helvetica, sans-serif"> >class="hours" id="sun_edu" size="4" maxlength="3"> > > size="2" face="Arial, Helvetica, sans-serif"> >class="hours" id="sun_per2" size="4" maxlength="3"> > > size="2" face="Arial, Helvetica, sans-serif"> >class="hours" id="sun_other" size="4" maxlength="3"> > > > > Hope that helps! > > Thanks, > Stephen > http://www.melchior.us > http://php.melchior.us > > :: -Original Message- > :: From: John W. Holmes [mailto:[EMAIL PROTECTED]] > :: Sent: Sunday, September 29, 2002 1:33 PM > :: To: 'Stephen Craton'; [EMAIL PROTECTED] > :: Subject: RE: [PHP] Not Displaying From Vars?? > :: > :: > :: Post your code... > :: > :: > -Original Message- > :: > From: Stephen Craton [mailto:[EMAIL PROTECTED]] > :: > Sent: Sunday, September 29, 2002 2:11 PM > :: > To: [EMAIL PROTECTED] > :: > Subject: RE: [PHP] Not Displaying From Vars?? > :: > > :: > I just tried it and it doesn't work either. > :: > > :: > Thanks, > :: > Stephen > :: > http://www.melchior.us > :: > http://php.melchior.us > :: > > :: > :: -Original Message- > :: > :: From: John W. Holmes [mailto:[EMAIL PROTECTED]] > :: > :: Sent: Sunday, September 29, 2002 1:07 PM > :: > :: To: 'Stephen Craton'; [EMAIL PROTECTED] > :: > :: Subject: RE: [PHP] Not Displaying From Vars?? > :: > :: > :: > :: > :: > :: Try $_POST['sun_reg'] or $_GET['sun_reg'], depending on the > :: > :: method of your form. > :: > :: > :: > :: You probably have register globals off, that's why $sun_reg > :: > :: isn't created. That's a good thing. > :: > :: > :: > :: ---John Holmes... > :: > :: > :: > :: > -Original Message- > :: > :: > From: Stephen Craton [mailto:[EMAIL PROTECTED]] > :: > :: > Sent: Sunday, September 29, 2002 2:01 PM > :: > :: > To: [EMAIL PROTECTED] > :: > :: > Subject: [PHP] Not Displaying From Vars?? > :: > :: > > :: > :: > I bet you're getting sick of hearing from me but yet > :: > :: again, I'm having > :: > :: > trouble. I have a form that you type in a number for how > :: > :: many hours an > :: > :: > employee has worked. When they submit the form, it's > :: supposed to > :: > :: > display, again, what they typed in and record them to a > :: > :: database to be > :: > :: > used for a later use. The form, evidently, submits fine > :: > :: but what my > :: > :: > problem is, is that it won't display what they typed in. > :: > :: > > :: > :: > All I'm doing is putting in this: > :: > :: > > :: > :: > > :: > :: > > :: > :: > The input field looks like this: > :: > :: > > :: > :: > :: > :: id="sun_reg" size="4" > :: > :: > maxlength="3"> > :: > :: > > :: > :: > Does anyone see the problem? I can assign the form > :: method to be > :: GET > :: > :: and > :: > :: > it displays all the field values in the URL just fine, > :: > :: it's just not > :: > :: > displaying in the page itself. > :: > :: > > :: > :: > Thanks, > :: > :: > Stephen > :: > :: > http://www.melchior.us >
Re: [PHP] Not Displaying From Vars??
Chris
Yes you are right in what you say but:-
"I would argue that register_globals only presents a security risk to
inexperienced developers."
And how many of these are putting code on the net? - Thousands.
Also, all programmers (even the most experienced) are only human and prone
to error and in my opinion anything that makes it easy to write bad code
cannot be good.
Debbie
- Original Message -
From: "Chris Shiflett" <[EMAIL PROTECTED]>
To: "debbie_dyer" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Sunday, September 29, 2002 8:21 PM
Subject: Re: [PHP] Not Displaying From Vars??
> Your description of register_globals is good, except that the "security
> risk" is a matter of opinion. I would argue that register_globals only
> presents a security risk to inexperienced developers.
>
> The client can submit any data to your application regardless of any
> configuration (and even regardless of language used). PHP's
> register_globals provides a convenient mechanism for receiving data from
> the client. In general, there are two types of data:
>
> 1. Data from the client
> 2. Data residing on the server
>
> Code that allows data from the client to overwrite data residing on the
> server is poorly written code, and this is the scenario that creates
> this misconception of register_globals being a security risk. Data
> residing on the server can be information in a database, session data,
> etc. It is quite trivial to ensure that this data is overwritten. When a
> script begins execution, the client can no longer submit data. It is
> finished and can do no more so to speak. This makes things very easy.
> Thus, consider this:
>
> $logged_in=0;
>
> if (is_valid($password))
> {
> $logged_in=1;
> }
>
> Guess what? The client cannot make $logged_in = 1 unless the password
> they provide passes the is_valid() function (a function you create to
> validate a password - just a hypothetical example). There is no way a
> client can submit any data in between these statements. The problem is
> when people fail to set $logged_in to 0 initially, so that a failed
> password simply avoids the if statement but doesn't explicitly set
> $logged_in to 0. This is poor programming.
>
> For session data, try to override data that is initialized with
> session_register() and see if it works. What you will find is that
> whatever the client sends is overwritten by the data in the session, so
> this scenario is also easy to avoid.
>
> My point is that most risks can be avoided by understanding how the Web
> operates and programming to the transactional nature of it. It is so
> easy to make sure that the client cannot overwrite server data. I think
> register_globals is far too often blamed for misunderstandings.
>
> Chris
>
> debbie_dyer wrote:
>
> >If it is on - its a security risk because anyone can change the
> >value of the data in your script by passing values in thru the URL.
> >
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] mail headers & mail filtering
More and more emails seem to be getting blocked by mail filtering systems looking for spam (but trashing legitimate mail at the same time). Does anyone have any tips for ensuring mails get through these systems (with regard to headers) or do we just have to accept now that email can no longer be relied upon as a means of communication? Debbie
Re: [PHP] mail headers & mail filtering
Hi Tom I did finally get my mails on this account (my personal mailbox) hours later but my main problem is with mails sent by scripts on my site (using the mailserver of my web provider) and other people complaining to me that they dont get mails sent from their websites to their ISP mailboxes (using my scripts). More and more legitimate mails are being trashed as a result of anti-spamming systems - read around the IT news. Whether it is illegal or not I don't know but yesterday I cancelled my account with my ISP because they refuse to answer my questions re if they have a mail filtering policy and if they do what is it. Debbie - Original Message - From: "Tom Rogers" <[EMAIL PROTECTED]> To: "debbie_dyer" <[EMAIL PROTECTED]> Sent: Tuesday, October 01, 2002 2:13 AM Subject: Re: [PHP] mail headers & mail filtering > Hi, > > Tuesday, October 1, 2002, 12:09:06 AM, you wrote: > d> More and more emails seem to be getting blocked by mail filtering systems looking for spam (but trashing legitimate mail at the same time). Does anyone have any tips for ensuring mails get through > d> these systems (with regard to headers) or do we just have to accept now that email can no longer be relied upon as a means of communication? > > d> Debbie > > This one arrived ok to the list. If the isp is interfering with > legitimate mail then they are probably infringing some law or other :) > > -- > regards, > Tom > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
