Re: [PHP] Re: Unique ID on 5.0.4 (Windows)

Chris wrote: David Robley wrote: Chris wrote: Pretty soon I'm going to be needing to generate a unique identifier in a script. I'm looking into how to go about doing it now. Have you looked at uniqid() ? http://php.net/uniqid If two requests generate and ID at the same microsecond then t

Re: [PHP] Unique ID on 5.0.4 (Windows)

Dragan Stanojevic - Nevidljivi wrote: Hi Chris, Chris wrote: Pretty soon I'm going to be needing to generate a unique identifier in a script. I'm looking into how to go about doing it now. It has to work on Apache 2 / PHP 5.0.4 (Module) / Windows 2000 Server. Any suggestions on how I might

Re: [PHP] Problems with headers

Graham Anderson wrote: > I checked that too :( > No spaces in the I am running PHP Version 4.4.0 > > Out of curiosity, I removed the line: > $xml .= ''."\n"; > and got the same error message > > Is this one of those situations for ob_start ? > Kind of bizarre to my Newbie mind > > $quote = "\

Re: [PHP] Re: Unique ID on 5.0.4 (Windows)

David Robley wrote: Chris wrote: Hi, Pretty soon I'm going to be needing to generate a unique identifier in a script. I'm looking into how to go about doing it now. It has to work on Apache 2 / PHP 5.0.4 (Module) / Windows 2000 Server. Any suggestions on how I might be able to do it? I'

Re: [PHP] Problems with headers

Graham Anderson wrote: > No spaces in the Warning: Cannot modify header information - headers > already sent by (output started at > /home/www/siren/siren/fonovisa/skintest/Library/php/ > fonovisa_simple.php:1) in > /home/www/siren/siren/fonovisa/skintest/Library/php/ > fonovisa_simple.php on li

Re: [PHP] Problems with headers

I checked that too :( No spaces in the '."\n"; and got the same error message Is this one of those situations for ob_start ? Kind of bizarre to my Newbie mind '."\n"; $xml .= ''."\n"; $xml .= ''."\n"; $xml .= ''."\n"; $xml .= ''."\n"; $xml .= ''."\n"; $xml .= ''; header('Content-Type: video/qui

Re: [PHP] Re: Suggestions for class design

Hello, on 09/20/2005 10:04 AM Michael Sims said the following: This is not to trivialize your Metastorage project (or, to be more accurate, I know nothing about it, so it's not my place to trivialize it or otherwise), but to point out that 'out-of-the-box' solutions to fundamental coding develop

Re: [PHP] Re: email validation (no regex)

J B wrote: On 9/21/05, Michael Sims <[EMAIL PROTECTED]> wrote: Additionally, some mail servers unconditionally accept mail addressed to ANY username at their domain, whether that user actually exists or not. This is very bad practice, because it usually means the accepting MTA is a "dumb" hos

Re: [PHP] Re: email validation (no regex)

On 9/21/05, Michael Sims <[EMAIL PROTECTED]> wrote: > Additionally, some mail servers unconditionally accept mail addressed to ANY > username at their domain, whether that user actually exists or not. This is > very > bad practice, because it usually means the accepting MTA is a "dumb" host > th

Re: [PHP] email validation (no regex)

As an admin I would assume this as spammers trying to get some emails and I would block this on the firewall. - Original Message - From: "Michael Sims" <[EMAIL PROTECTED]> To: Sent: Wednesday, September 21, 2005 4:22 PM Subject: RE: [PHP] email validation (no regex) Jim Moseby w

Re: [PHP] Problems with headers

On Wednesday 21 September 2005 09:34 pm, Graham Anderson wrote: it doesn't look like there is anything wrong with your code. what you might check however is, is there a space or a newline before thanks Chris :) > > I changed the spaces but am still getting the same output errors: > Warning: Cann

Re: [PHP] Problems with headers

thanks Chris :) I changed the spaces but am still getting the same output errors: Warning: Cannot modify header information - headers already sent by (output started at /home/www/siren/siren/fonovisa/skintest/Library/php/ fonovisa_simple.php:1) in /home/www/siren/siren/fonovisa/skintest/L

Re: [PHP] security/sql issues with php

On Wednesday 21 September 2005 07:45 pm, bruce wrote: > i agree with what you're saying... > > my primary concern was to make sure that there wasn't/isn't something going > on that i haven't seen... up to know, i'm ok with what you're saying. > > however, i still don't have a good answer to my ques

Re: [PHP] Problems with headers

Graham Anderson wrote: Even though I am defining Content-type as 'video/quicktime', the output is still text/html Also, Content-Length is not outputting properly either :( [snip] header('Content-Type: video/quicktime'); header ("Content-Length:".strlen($xml)); You have a superfluous space

Re: [PHP] losing session data with cross-site scripting

Steve Lefevre wrote: Can you explain what cross-site scripting is, then? This article is quite old (a few years), and there are a few inconsistencies I would like to correct, but I think it does a better job of explaining than I can in an email: http://shiflett.org/articles/foiling-cross-si

Re: [PHP] colleges/schools that offer php/web development courses

can you guys give the names of any schools/colleges that have formal programs to teach web development/security applications. I was teaching one online through the University of California at Berkeley. I'm no longer teaching it but my understanding is that they'll be hiring a replacement and

Re: [PHP] security/sql issues with php

bruce wrote: since i assume the '%x' chars traslate into something other than straight text, i assume that the html function you mention strips out these chars, or it returns a true/false if the data is valid. is this in essence what you're talking about? The %XX characters are URL encoded. The

Re: [PHP] security/sql issues with php

bruce wrote: however, i still don't have a good answer to my question regarding how easy (or hard) it is to detect if a query that should have originated with your app's form is coming from a 3rd party/external site? am i missing something here? Possibly. I think you're missing the fact that e

[PHP] Problems with headers

I am trying to get headers to output properly Even though I am defining Content-type as 'video/quicktime' , the output is still text/html Also, Content-Length is not outputting properly either :( On the positive side, It appears to be outputting the $xml string correctly, but screws up o

Re: [PHP] Unique ID on 5.0.4 (Windows)

Hi Chris, Chris wrote: Pretty soon I'm going to be needing to generate a unique identifier in a script. I'm looking into how to go about doing it now. It has to work on Apache 2 / PHP 5.0.4 (Module) / Windows 2000 Server. Any suggestions on how I might be able to do it? I'd appreciate any he

[PHP] Re: Unique ID on 5.0.4 (Windows)

Chris wrote: > Hi, > > Pretty soon I'm going to be needing to generate a unique identifier in a > script. I'm looking into how to go about doing it now. > > It has to work on Apache 2 / PHP 5.0.4 (Module) / Windows 2000 Server. > > Any suggestions on how I might be able to do it? > > I've noti

RE: [PHP] security/sql issues with php

bruce on Wednesday, September 21, 2005 6:03 PM said: > since i > assume the '%x' chars traslate into something other than straight > text, i assume that the html function you mention strips out these > chars, or it returns a true/false if the data is valid. Those ch

[PHP] Unique ID on 5.0.4 (Windows)

Hi, Pretty soon I'm going to be needing to generate a unique identifier in a script. I'm looking into how to go about doing it now. It has to work on Apache 2 / PHP 5.0.4 (Module) / Windows 2000 Server. Any suggestions on how I might be able to do it? I've noticed the uuid PECL package, whic

Re: [PHP] losing session data with cross-site scripting

Chris Shiflett wrote: Steve Lefevre wrote: In this case, a user's session is stagnant for the duration of their trip to the other server. I'm guessing that users are typically only there for a brief moment, but this is something to keep in mind. Is there a way that some of your users might s

[PHP] scanning software...

since we've long had software to scan C/C++ code for errors, are there similar 'open source' software apps for scanning web applications? more to the point, are there any good 'open source' testing apps for web sites? not just apps that test the usage load of a site, but apps that can be used to m

RE: [PHP] security/sql issues with php

right... but here again, you're talking about the server app, getting the query, and validating the information within the query. since i assume the '%x' chars traslate into something other than straight text, i assume that the html function you mention strips out these chars, or it returns a t

[PHP] colleges/schools that offer php/web development courses

followup... surprisingly, google doesn't really list alot based on my searches... thanks hey... can you guys give the names of any schools/colleges that have formal programs to teach web development/security applications. thanks -bruce [EMAIL PROTECTED] -- PHP General Mailing List (http://

[PHP] colleges/schools that offer php/web development courses

hey... can you guys give the names of any schools/colleges that have formal programs to teach web development/security applications. thanks -bruce [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] security/sql issues with php

i agree with what you're saying... my primary concern was to make sure that there wasn't/isn't something going on that i haven't seen... up to know, i'm ok with what you're saying. however, i still don't have a good answer to my question regarding how easy (or hard) it is to detect if a query tha

Re: [PHP] security/sql issues with php

On Wed, 2005-09-21 at 20:18, Chris Shiflett wrote: > Robert Cummings wrote: > > Not if it's a float. > > True. :-) > > The point remains - checking data type is often misleading. Yep, I wasn't trying to remove the point, just don't want noobs getting mixed up on type juggling :) Cheers, Rob. --

Re: [PHP] security/sql issues with php

bruce wrote: > but in all honesty, if you're going to write an app, and you're going > to do something with the data, it makes sense to me that you > 'know'/ensure that you're dealing with the correct kind of data. as i > see it, this allows you another way (low entropy) to determine that > the in

Re: [PHP] security/sql issues with php

Robert Cummings wrote: Not if it's a float. True. :-) The point remains - checking data type is often misleading. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.p

RE: [PHP] security/sql issues with php

bruce on Wednesday, September 21, 2005 5:10 PM said: > but in all honesty thanks for being honest. > , if you're going to write an app, and you're going > to do something with the data, it makes sense to me that you > 'know'/ensure that you're dealing with the corr

Re: [PHP] security/sql issues with php

Jasper Bryant-Greene wrote: Anyone else could link to your page with that URL and have the script executed on your page. You can't stop this, so you have to escape and validate the data coming in. Sorry to reply to my own message, but to clarify, I meant you can't stop others linking to your

Re: [PHP] security/sql issues with php

bruce wrote: thanks for the replies... i think i understand what you're stating.. but i'm still confused as to why my app/server would allow a GET/POST piece of data that would/should be originating from a form on my site to come from a 3rd party/external site/app? i would have assumed that there

RE: [PHP] security/sql issues with php

recognized that... but in all honesty, if you're going to write an app, and you're going to do something with the data, it makes sense to me that you 'know'/ensure that you're dealing with the correct kind of data. as i see it, this allows you another way (low entropy) to determine that the inform

RE: [PHP] security/sql issues with php

On Wed, 2005-09-21 at 19:54, bruce wrote: > but now that you're talking about ints/strings/floats, aren't you now > getting into data typing issues... which gets into the correct/appropriate > archistecture of your app, variable namespace issues, etc... Nope, just showing that adding 0 to data ret

RE: [PHP] security/sql issues with php

followup... for the short term, i'm going to rip apart a few of the open source web apps that have received funding, to get a feel for what/how these apps have decided to handle their security issues... the assumption/hope is that these guys have put $$$ into doing a serious security audit on the

RE: [PHP] security/sql issues with php

but now that you're talking about ints/strings/floats, aren't you now getting into data typing issues... which gets into the correct/appropriate archistecture of your app, variable namespace issues, etc... -bruce -Original Message- From: Robert Cummings [mailto:[EMAIL PROTECTED] Sent: W

Re: [PHP] security/sql issues with php

On Wed, 2005-09-21 at 19:21, Chris Shiflett wrote: > Mikey wrote: > > I have found that adding 0 and then running is_int() usually works. > > You mean always works. :-) Casting something to an integer and then > checking to see if it's an integer doesn't tell you anything useful: > > > $int =

RE: [PHP] security/sql issues with php

chris.. thanks for the replies... i think i understand what you're stating.. but i'm still confused as to why my app/server would allow a GET/POST piece of data that would/should be originating from a form on my site to come from a 3rd party/external site/app? i would have assumed that there ar

RE: [PHP] security/sql issues with php

chris.. i'm still confused... w/r to your example, what's wrong with using the $_GET['username'] that you present. unless you're saying it should be checked/validated before using it.. in which case the app could do something like $_GET['username'] = reg_check($_GET['username'])... is this wha

Re: [PHP] security/sql issues with php

Mikey wrote: I have found that adding 0 and then running is_int() usually works. You mean always works. :-) Casting something to an integer and then checking to see if it's an integer doesn't tell you anything useful: You're always going to see "$int is an integer" on the screen, even when

Re: [PHP] security/sql issues with php

bruce wrote: i just read an article that described how someone could have a url of 'http://foo.com/' and have the URL in an in their website. the website could be cat.com. the article implied that if a user would select the img, the link to the foo.com would be initiated, thereby fooling the

Re: [PHP] security/sql issues with php

Checking data types can be very misleading. I've seen many examples (even recently in a book) that use is_int() to check to see whether something in $_GET or $_POST is an integer. Because everything in $_GET and $_POST is a string, this check always fails. Chris I have found that adding 0

Re: [PHP] security/sql issues with php

bruce wrote: i'm confused regarding XSS. Cross-Site Scripting appears to be due to somehow allowing a user to insert 'html'/data/etc into the URL that you as the app are expecting? is this correct? A XSS vulnerability exists whenever you output tainted data. For example, if a user can subm

Re: [PHP] security/sql issues with php

Jasper Bryant-Greene wrote: Before outputting anything user-sourced to the browser, htmlspecialchars() it, preferably with the ENT_QUOTES option. If you want to allow some HTML, only then parse the string to un-escape certain HTML tags. Jasper++ Check the types if it's a problem for you (usi

Re: [PHP] losing session data with cross-site scripting

Steve Lefevre wrote: No, it's not. They're totally separate machines at different ISPs. In this case, a user's session is stagnant for the duration of their trip to the other server. I'm guessing that users are typically only there for a brief moment, but this is something to keep in mind. Is

Re: [PHP] Re: Retrieving variable name?

oh well, thanks for the help. Jeffrey Sambells Director of Research and Development We-Create Inc. 519.897.2552 cell 519.745.7374 office 888.615.7374 toll free http://www.wecreate.com On 21-Sep-05, at 6:02 PM, Jake Gardner wrote: Maybe something fancy with references? http://us2.php.net/manu

[PHP] Re: Retrieving variable name?

Maybe something fancy with references? http://us2.php.net/manual/en/language.references.php On 9/21/05, Thorsten Suckow-Homberg <[EMAIL PROTECTED]> wrote: > > Short Answer : No > > Longer Answer : Maybe, if you have knowledge of PHP internals and a > > willingness to write an extension. Even then

RE: [PHP] security/sql issues with php

followup... i just read an article that described how someone could have a url of 'http://foo.com/' and have the URL in an in their website. the website could be cat.com. the article implied that if a user would select the img, the link to the foo.com would be initiated, thereby fooling th

Re: [PHP] Retrieving variable name?

> is it possible to retrieve the name of a variable passed into a > function from within the function? Sure. Use debug_backtrace to figure out what line and what file the caller is in, then read that file, find that line, find the function call within that line, and read what ever is between the

RE: [PHP] security/sql issues with php

ok... i'm confused regarding XSS. Cross-Site Scripting appears to be due to somehow allowing a user to insert 'html'/data/etc into the URL that you as the app are expecting? is this correct? wouldn't this be easy enough to solve in most cases, if the app did the proper validation/data check

Re: [PHP] Re: Retrieving variable name?

Short Answer : No Longer Answer : Maybe, if you have knowledge of PHP internals and a willingness to write an extension. Even then it may not work.. Well, PHP5's magic methods __get()/ __set() could be used to resolve the variable's name... -- PHP General Mailing List (http://www.php.net/)

Re: [PHP] security/sql issues with php

bruce wrote: two questions: 1) css scripting. how can it be prevented?? what are some of the methods that you guys use? Before outputting anything user-sourced to the browser, htmlspecialchars() it, preferably with the ENT_QUOTES option. If you want to allow some HTML, only then parse the st

[PHP] Re: Retrieving variable name?

"Jeffrey Sambells" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > is it possible to retrieve the name of a variable passed into a function > from within the function? Short Answer : No Longer Answer : Maybe, if you have knowledge of PHP internals and a willingness to write an ext

Re: [PHP] losing session data with cross-site scripting

Chris Shiflett wrote: Steve Lefevre wrote: I have a php site on a production server. The production server doesn't have the spell libraries, and rather than migrate the site, we setup spell checking functions on the development site, and shuttled the users back and forth with specially crafted

RE: [PHP] Re: email validation (no regex)

> -Original Message- > From: Jim Moseby [mailto:[EMAIL PROTECTED] > Sent: Wednesday, September 21, 2005 12:21 PM > To: php-general@lists.php.net > Subject: RE: [PHP] Re: email validation (no regex) > > > > > > btw simply checking for a single '@' with a domain doesn't do > > it... what i

RE: [PHP] Re: email validation (no regex)

Philip Hallstrom wrote: >>> but you could do what you want to do. however, it's going to be >>> painful if you want it to match the rfc spec... >> >> Really? Why does it need to be painful? I just need to do a >> 'EHLO', 'Mail From:' and 'RCPT to:' and 'QUIT'. It's not going to >> actually send a

Re: [PHP] why memory limit is still being complained about?

Not sure about Gallery or Apache 2 but Apache 1 uses different php.ini files for cli, cgi and mod_php. It could be that gallery checks using the command line version of php which has a different setting for memory limit? Seems silly but it's a thought. Jeff Jeffrey Sambells Director of Resear

RE: [PHP] Re: email validation (no regex)

but you could do what you want to do. however, it's going to be painful if you want it to match the rfc spec... Really? Why does it need to be painful? I just need to do a 'EHLO', 'Mail From:' and 'RCPT to:' and 'QUIT'. It's not going to actually send an email. Seems simple to me. Maybe there

RE: [PHP] email validation (no regex)

Jim Moseby wrote: >> There's no requirement for an MX-record, so you'd need to check the >> A-record ($domain) too. > > Excellent answer. No requirement for MX record? > > [showing my ignorance] > How does email routing happen if there is no mail exchanger in the > zonefile for a particular domain

RE: [PHP] Re: email validation (no regex)

> > because you should want/need to validate that the address is correct > prior > > to determining if the email server is up running... > > > > the regex function simply allows you to quickly determine if the address > > is > > valid... doens't mean that it's going to go to an actual live user...!

RE: [PHP] Re: email validation (no regex)

> > btw simply checking for a single '@' with a domain doesn't do > it... what if > the user has '[EMAIL PROTECTED]' or '[EMAIL PROTECTED]'. will your > regex accept/deny > this??? My function will quickly deny those because the DNS lookup for them will immediately fail. Will your regex deny '[

RE: [PHP] Re: email validation (no regex)

> because you should want/need to validate that the address is correct prior > to determining if the email server is up running... > > the regex function simply allows you to quickly determine if the address > is > valid... doens't mean that it's going to go to an actual live user...!! > > btw si

RE: [PHP] Re: email validation (no regex)

because you should want/need to validate that the address is correct prior to determining if the email server is up running... the regex function simply allows you to quickly determine if the address is valid... doens't mean that it's going to go to an actual live user...!! btw simply checking fo

FW: [PHP] email validation (no regex)

(private email forwarded to list) -Original Message- From: [EMAIL PROTECTED] Sent: Wednesday, September 21, 2005 2:19 PM To: Jim Moseby Subject: Re: [PHP] email validation (no regex) There's no requirement for an MX-record, so you'd need to check the A-record ($domain) too. This approac

RE: [PHP] Re: email validation (no regex)

> > What you have is virtually impossible to determine if all legitimate > possibilities are covered. > > email validation using regex is a very heavily analyzed subject > > Google "regex email validate" and you'll find loads of expressions. > Look at the Zend article, it provides some insigh

FW: [PHP] Re: email validation (no regex)

(Forwarding private reply to the list) -Original Message- From: Al Rider Sent: Wednesday, September 21, 2005 2:19 PM To: Jim Moseby Subject: Re: [PHP] Re: email validation (no regex) > What you have is virtually impossible to determine if all legitimate possibilities are covered. >

Re: [PHP] exec command fails in php, works in the command line

yeah, if you look at the thread you will see that I've already done this. On Wed, 21 Sep 2005, adriano ghezzi wrote: did you tried to run the script from the shell as www-data user ? (if not su www-data) an then run the script may be something regarding permission hth 2005/9/21, John Nichel

[PHP] Re: email validation (no regex)

Hello, on 09/21/2005 02:49 PM Jim Moseby said the following: > I threw together this totally untested and unreliable code to solicit > comments on whether or not this is a good way to validate emails. Consider > the following: > So, what is the general thought about validating email addresses

Re: [PHP] exec command fails in php, works in the command line

did you tried to run the script from the shell as www-data user ? (if not su www-data) an then run the script may be something regarding permission hth 2005/9/21, John Nichel <[EMAIL PROTECTED]>: > [EMAIL PROTECTED] wrote: > > I have two programs on two servers, and they both have similar proble

[PHP] Retrieving variable name?

is it possible to retrieve the name of a variable passed into a function from within the function? //for example here can I determine that $input came from $a in the previous scope? } example($a); ?> Jeffrey Sambells Director of Research and Development We-Create Inc. 519.897.2552 cell 51

RE: [PHP] Re: email validation (no regex)

> jim... > > validating email means different things to different people... True, but for the most part people just want to know whether a user has entered a real working email address into their forms. What better test than to try to send an email to it? > > but there's no way you're going

Re: [PHP] Re: email validation (no regex)

Jim Moseby said the following on 09/21/05 11:00: >>>So, what is the general thought about validating email >> >>addresses in this >> >>>manner? >>> >>>JM >> >>Thre is a good reason why virtually everyone uses regex >>patterns for email validating. > > > Excellent start! And that good reason is

RE: [PHP] Re: email validation (no regex)

jim... validating email means different things to different people... but there's no way you're going to be able to 'throw' together something in 2-3 days that others have taken years to create/refine... if you only want to determine if an email address is valid, what does that mean to you? are

RE: [PHP] Re: email validation (no regex)

> > So, what is the general thought about validating email > addresses in this > > manner? > > > > JM > Thre is a good reason why virtually everyone uses regex > patterns for email validating. Excellent start! And that good reason is...? How can regex ensure that the email address that is su

[PHP] Re: email validation (no regex)

Jim Moseby wrote: I threw together this totally untested and unreliable code to solicit comments on whether or not this is a good way to validate emails. Consider the following: function validate_email($email){ if (str_word_count($email,'@')!=1){return('Not a proper email address');} $par

[PHP] email validation (no regex)

I threw together this totally untested and unreliable code to solicit comments on whether or not this is a good way to validate emails. Consider the following: function validate_email($email){ if (str_word_count($email,'@')!=1){return('Not a proper email address');} $parts=explode('@',$emai

Re: [PHP] exec command fails in php, works in the command line

php places uploaded files in the /tmp directory with a unique name, and when I copy them to my directory, I also guarantee a unique name for them. I have verified that this is all working. I've patched this with a cron job that runs every minute, but it really should happen in php, so that the

Re: [PHP] exec command fails in php, works in the command line

I am assuming that you get hold of the file through uploading it, correct? So, when it fails maybe another upload (i.e. script invocation) is happening and the previous file gets lost/corrupted/whatever. Try to move the file to another dir (maybe /tmp) with a random name and see what happens. An

Re: [PHP] exec command fails in php, works in the command line

Yes, but that's been done. Since these are shared servers, on one I am logged in as the user the web server is running as, on the other I can't su to nobody, but were there permissions errors, I would have been able to capture them. If permissions caused this, it would fail every time, since

Re: [PHP] Bytecode

Andy Pieters wrote: I came across some text that sais PHP compiles the script to bytecode prior to running it. Is this true, and is it possible to instead of .php source files, use those bytecodes files in distribution? It sounds like you're looking for APC: http://php.net/apc Hope that help

Re: [PHP] exec command fails in php, works in the command line

[EMAIL PROTECTED] wrote: > You're telling me. That's why I think php or apache kills it. I didn't really follow this, but typically you can debug exec problems from the command line by switching to the web server user id and running the exact same command. -Rasmus -- PHP General Mailing List (

Re: [PHP] losing session data with cross-site scripting

Steve Lefevre wrote: I have a php site on a production server. The production server doesn't have the spell libraries, and rather than migrate the site, we setup spell checking functions on the development site, and shuttled the users back and forth with specially crafted get links and forms. T

Re: [PHP] exec command fails in php, works in the command line

You're telling me. That's why I think php or apache kills it. On Wed, 21 Sep 2005, John Nichel wrote: [EMAIL PROTECTED] wrote: convert doesn't produce any output regardless of whether it works or not. Ecasound produces output when it works, but when it doesn't, it produces no output. Using

[PHP] Local session.gc_maxlifetime not always being respected

Hi, I have a rather peculiar problem with session.gc_maxlifetime local settings not being respected under certain circumstances. In order to ensure that sessions created for our application would have a max lifetime longer than the default 24 minutes, we cranked session.gc_maxlifetime in an .hta

Re: [PHP] exec command fails in php, works in the command line

[EMAIL PROTECTED] wrote: convert doesn't produce any output regardless of whether it works or not. Ecasound produces output when it works, but when it doesn't, it produces no output. Using php tricks to capture standard error also produces no output. Hopefully somebody else on the list can h

Re: [PHP] security/sql issues with php

bruce wrote: i've been searching/researching the areas of security regarding url input, form input, as well as database input (mysql). while there are plenty of articles that touch on the topic, i'm looking for a given site/package/lib (open source) that is pretty much the standard that i could u

RE: [PHP] security/sql issues with php

got it!! if i could find docs/methods/etc.. i'd gladly share... two questions: 1) css scripting. how can it be prevented?? what are some of the methods that you guys use? 2) what are some of the actual code methods used in real sites to deal with URL/Query (GET/POST) parsing? what do you guys

[PHP] Local session.gc_maxlifetime not always being respected

Hi, I have a rather peculiar problem with session.gc_maxlifetime local settings not being respected under certain circumstances. In order to ensure that sessions created for our application would have a max lifetime longer than the default 24 minutes, we cranked session.gc_maxlifetime in an

Re: [PHP] exec command fails in php, works in the command line

convert doesn't produce any output regardless of whether it works or not. Ecasound produces output when it works, but when it doesn't, it produces no output. Using php tricks to capture standard error also produces no output. On Wed, 21 Sep 2005, John Nichel wrote: [EMAIL PROTECTED] wrot

Re: [PHP] exec command fails in php, works in the command line

[EMAIL PROTECTED] wrote: as I said, the default timout is 300 seconds, a lot longer than my program takes to run, and I am pretty certain that if timeout were triggered, I'd see it in the client. Yeah, I'm using a browser on the php page, and everything seems to function fine from the browser

[PHP] why memory limit is still being complained about?

Hi, I'm installing and configuring Gallery 2.0. One system check is check memory limit. The warning is: Warning: Your PHP is configured to limit the memory to 8Mb (memory_limit parameter in php.ini). You should raise this limit to at least 16MB for proper Gallery operation.

Re: [PHP] exec command fails in php, works in the command line

as I said, the default timout is 300 seconds, a lot longer than my program takes to run, and I am pretty certain that if timeout were triggered, I'd see it in the client. Yeah, I'm using a browser on the php page, and everything seems to function fine from the browser to the server, it's after

Re: [PHP] exec command fails in php, works in the command line

[EMAIL PROTECTED] wrote: timeout isn't being used on either of these machines, and as far as I read it, the timeout directive would make the web server fail, producing an apache error or some strange behaviour on the client end. Neither of How is timeout _not_ being used? It's a core directi

Re: [PHP] exec command fails in php, works in the command line

timeout isn't being used on either of these machines, and as far as I read it, the timeout directive would make the web server fail, producing an apache error or some strange behaviour on the client end. Neither of these happens, the php script completes normally, but the exec command (and onl

Re: [PHP] exec command fails in php, works in the command line

[EMAIL PROTECTED] wrote: the logs say things like: /kunden/homepages/12/d117065027/htdocs/software/ImageMagick-6.2.3/utilities/convert ib_images/Other_Spices_Basic_004.jpg -resize 180x120 ib_images/Other_Spices_Basic_004_thumb.jpg this is a command I'm trying to get php to run. I then cut an

Re: [PHP] exec command fails in php, works in the command line

the logs say things like: /kunden/homepages/12/d117065027/htdocs/software/ImageMagick-6.2.3/utilities/convert ib_images/Other_Spices_Basic_004.jpg -resize 180x120 ib_images/Other_Spices_Basic_004_thumb.jpg this is a command I'm trying to get php to run. I then cut and paste it to the command

Re: [PHP] exec command fails in php, works in the command line

[EMAIL PROTECTED] wrote: If the web server didn't have permission to execute the app, it would NEVER execute the app, not execute it some of the time. In fact, it ALWAYS executes the app, it just doesn't always allow it to finish. I log all attempts to run these apps in order to debug, so I k

  1   2   >