Cesar Cordovez wrote:
> Chris Shiflett wrote:
>> Some Web sites I have visited think it is helpful to use some
>> client-side scripting to move the focus from the first text field to
>> the second after three numbers have been entered.
>
> I think this is the worst thing to do. If they are going
> when should i use echo ' '; vs. print ' ';
Here's a link listed in the manual at
http://www.php.net/manual/en/function.print.php
http://www.faqts.com/knowledge_base/view.phtml/aid/1/fid/40
Kirk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.
> I'm running php 4.3.4 and do not see any mention of HTTP_REFERRER. I
> tried $_SERVER['HTTP_REFERRER'] which is what I thought it
> was but to no
> avail.
>
> Any comments on the location/status of this?
You spell too well, try "HTTP_REFERER", without the double "R" ;)
Kirk
--
PHP General
> this could really kill my bandwidth. is there a way to check
> the file size
> without fully uploading the file?
Although it has been called an "urban legend" :), you could try the old
MAX_FILE_SIZE trick. For this, add a hidden tag before the tag:
This is an instruction to the browser to r
> It seems that once a session is started and variables set, I
> can access the
> variables on the page on which they are set, but on
> subsequent pages via
> link or Header redirect the session variables are not set and
> cannot be
> accesses.
Be sure you have session_start() at the top of *al
> I've been working on a database wrapper class for a while
> now, MySQL to
> be specific. Until now, I've simply had a fetch function
> that returned
> an array of all the rows that the database returned, only
> because I have
> gotten so tired of always writing the same while loop to
> it
> If I have a form that POSTS a textarea that contains PHP
> code. Say some
> code that contains legitimate escapes \ like:
>
> echo "http://somewhere.com\";>Click";
>
> When the data is posted and received in the destination
> script, additional
> escapes \ are added. So how do I get to the
> > No doubt, Apache is a good web server, everyone use it. ;-)
>
> What the heck?
Is this thread headed somewhere?
Kirk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
> -Original Message-
> From: Dave Restall - System Administrator [mailto:[EMAIL PROTECTED]
> how long it will be before PHP/Apache 2 is considered stable
> enough to be
> used in a production environment ?.
Below is how Rasmus answered this question back on 7/4/03.
Kirk
>>
Apache2 has
> On Mon, 18 Aug 2003 08:03:25 -0400, you wrote:
>
> >How do I remove empty array values?
This will remove the empty values and re-index the array so there are no
"holes".
$new_array = array_values($old_array);
Kirk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http
Under 4.3.2, and register_globals on, $foo and $_SESSION["foo"] both contain
a reference that points to the same memory location. So, assigning to either
one effectively causes the same assignment in the other.
If you can't turn register_globals off, consider making a copy of $_SESSION
at the top
>
> session_start();
>
> // lets say this equals "bar" and it was set on a previous page
> $_SESSION["foo"];
>
> $foo = "rab";
>
>
> echo $_SESSION["foo"];
>
> ?>
>
> The problem is, when I set the global variable $foo="rab",
> when I echo the
> session variable $_SESSION["foo"], it output
df shows the file
> system only
> 70% full...
>
> At 08:38 AM 7/28/2003, Johnson, Kirk wrote:
> >Anything in the Apache or PHP error logs? Permissions are
> OK, there is space
> >on the drive?
> >
> >Kirk
>
>
> --
> Lee Stewart, Senior
Anything in the Apache or PHP error logs? Permissions are OK, there is space
on the drive?
Kirk
> -Original Message-
> From: Lee Stewart [mailto:[EMAIL PROTECTED]
> Sent: Friday, July 25, 2003 6:00 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [PHP] Debugging a Session Problem
>
>
> Using t
Sorry, I am stumped. I don't see any problems in the .ini file. Have you
tried some simple code in "register_globals off" style?
";
?>
Kirk
> -Original Message-
> From: Lee Stewart [mailto:[EMAIL PROTECTED]
> Sent: Friday, July 25, 2003 4:27 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [
Your original code works for me, so it is a config issue somewhere.
Add this code to each file, to verify that the session ID is being correctly
passed:
echo "session id is " . session_id() . "";
Also, is your php.ini in /usr/local/lib? If PHP can't find it, it will use
its built-in defaults, wh
> I'm moving an application that I'm in the trying to move to a new
> platform. It was running fine on an older Linux platform with PHP
> 4.0.3 and Apache 1.3.14. The new platform is also Linux,
> with PHP 4.2.2
> and Apache 1.2.26 -- with register_globals on. (I just
> upgraded it from
>
> After creating a new session with session_start() and
> inserting a few values
> e.g $HTTP_SESSION_VARS['foo'] = 'bar'; a file
> /tmp/sess_{session_id} is
> created.
> The problem is that this file is empty! 0 bytes. no data is stored.
> I'm using php 4.0.6 on linux with apache 1.3 something.
> This works fine on my development PC, (PHP v 4.3.1) and on
> my primary test
> site (PHP v4.2.2).
> However when I try it on the target site (PHP v4.1.2) then I find that
> immediately after starting the session everything works fine,
> however when I
> move to any other page the session infor
Set register_globals to "On" in php.ini.
Kirk
> -Original Message-
> From: Sid [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 23, 2003 3:52 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] Problem with GET variables
>
>
> Hello,
>
> I just updated PHP on my local computer from PHP 4.0.2 to
> So what is the diffirent between :
> session_start ();
> $_SESSION['eventid'] = 'arma2';
> and
> session_start ();
> session_register('arama2');
Use the first method to create session variables when register_globals is
"off" in the php.ini file. Use the second method when it is "On".
http://
> Hi,
> Is there any way, doc, article, example, idea, suggestion to how to
> prevent sql injection on php sites...
http://www.nextgenss.com/papers/advanced_sql_injection.pdf
http://www.nextgenss.com/papers/more_advanced_sql_injection.pdf
Kirk
--
PHP General Mailing List (http://www.php.net/)
> -Original Message-
> From: Ford, Mike [LSS] [mailto:[EMAIL PROTECTED]
> Sent: Friday, June 20, 2003 2:57 AM
> To: Johnson, Kirk; [EMAIL PROTECTED]
> Subject: RE: [PHP] Migrating pre-4.1 code to a post-4.1 server with
> regist er_globals on
>
>
> > -
A heads-up to those who are moving old code with register_globals "on" to a
server with a newer PHP version and register_globals still "on":
In the old days, the rule was simple. For a session variable, whatever value
was in the global variable at the end of the script was what was saved to
the se
> -Original Message-
> From: Jay Blanchard [mailto:[EMAIL PROTECTED]
> In the corporate environment with multiple developers we have to
> initialize every variable (it's a rule). We even scan code once a day
> for variables that have not been declared. It's part of our
> documentation.
J
Set your error reporting to E_ALL, to see if anything else is going on.
Add this line right after session_start() in both files, to make sure the
session ID is getting passed correctly. The same ID should be displayed in
both files:
echo "ID = " . session_id() . "";
> -Original Message-
> Thanks. I'm using PHP-4.3.1.
>
> The problem is not with $_SESSION. I used
> session_is_registered("sess_var");
> to check from the second script and cannot see the
> variable("sess_var"). Can
> anyone tell me why?
Your code should work for register_globals "on". Check that:
- php.ini is whe
> One thing I'd like to abundantly point out is that NOT
> EVERYTHING BELONGS IN
> OOP! For instance, if you're building classes that output
> HTML - you've
> skipped a few chapters in your OOP design books.
Joe,
I am curious about this opinion, could you elaborate a bit, please? I am not
an OO
> SInce register_globals() is ON on my server, I need to be able to
> figure out a way to ensure session security.
The single most important thing to do is initialize all your variables. The
way to ensure that you have done that is to set the error reporting level to
"E_ALL" (which is max). The
You could replace the longer one, "Blueberry", first. Then, the only
remaining occurrences of "Blue" will be ones that you really want.
Kirk
> I am performing a str_replace() on a large string, and
> everything works
> fine, except that two of the elements I'm searching for (and
> replacing)
http://www.php.net/manual/en/function.strlen.php
Kirk
> I would like to check that a string as more than 20
> charactors in it. Can
> someone point me in the right direction.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
I think you either want to use no quotes or double quotes, but not single
quotes. Double quotes will interpolate the variable, single quotes will not,
i.e. $key becomes a string literal rather than a variable. No quotes will
work, although the docs seem to indicate it is deprecated syntax. Not
ever
> Hi I'm trying to make a script that first figures out if a
> cookie is set, if
> not,do this, if so, do that.
>
> Can I use:
>
> Isset($HTTP_COOKIE_VARS['nick'] or what should I use?
Yes. If you have PHP 4.1.0 or higher, you can also use the recommended
$_COOKIES['nick'].
Kirk
--
PHP Gener
Comparing a float with an integer can have problems. You could try something
like:
if(abs($i - $target) < .1) {
//then they are essentially equal
}
Kirk
> -Original Message-
> From: James E Hicks III [mailto:[EMAIL PROTECTED]
> Sent: Friday, March 14, 2003 11:22 AM
> To: [EMAIL PRO
> But how can I
> set up an inactivity timeout that will logout a person after
> let's say 20
> minutes of inactivity?
You could put a refresh on the page, that redirects to an
"inactivity" page. Set the refresh time to the timeout value. Put some
logout code on the "inactivity" page.
Otherwi
>How do I delete a specific time out of the array or
> how do I delete
> a range of times out of the array? I would like to be able to delete
> 12:05:00 but if I want, delete a range like 12:05:00 to
> 12:10:00.
Here's some code.
Kirk
function remove_array_values($valuesToRemove, $array)
{
That Caution message is not the full story, read some more on
"register_globals".
If register_globals is "On" in php.ini, then do the following:
- use session_register() to create your session variables;
- use the global variable to access the variable, not the $HTTP_SESSION_VARS
array.
Example:
In the first file, replace this line:
$HTTP_SESSION_VARS['variable']="the variables value";
with these two lines:
$variable = "the variables value";
session_register('variable');
This is because 'register_globals' is enabled in the php.ini file.
Kirk
> -Original Message-
> From: Henry
> Is there a way (PHP code if possible please) to verify
> if session
> cookies are enabled in the user's browser?
On the *second* request, check if $_COOKIES['PHPSESSID'] is set.
On the initial request, PHP sends the 'PHPSESSID' cookie as part of the
response. The browser then returns that co
I need a better understanding of when garbage collection is initiated under
PHP's default session handling. It is not clear to me if the gc_probability
is based on:
- each *request* to the server, or,
- each time a *new session file is created*, or,
- each time a request causes a *session file to
http://www.php.net/manual/en/language.variables.variable.php
Kirk
> -Original Message-
> From: Bob Irwin [mailto:[EMAIL PROTECTED]
> Sent: Monday, February 24, 2003 3:28 PM
> To: php-general
> Subject: Re: [PHP] array question
>
>
> Hi Guys,
>
> This might be a bit of a newbie questio
The field name in the is "user_name", and the echo is for "name". Are
you copying the value from $user_name to $name at some point?
Kirk
> -Original Message-
> From: ML [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, February 20, 2003 2:04 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] missing
> -Original Message-
> An alternative...
>
> 1. register_globals off
>
> use the command
> import_request_variables("PC","_p");
> now you can get the variables like user as $p_user.
> The get variables will be ignored!
>
> Still, If a user developes a special browser, exclusively to
>
> Is there any to redirect in php with using header()
> and without the use of javascript?
You can use an html meta tag with http-equiv="refresh".
Kirk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
> I'm thinking of running a shopping cart package (osCommerce)
> that requires
> register_globals to be enabled. With all the warnings about
> security with
> register_globals enabled I'm worried.
>
> How dangerous is it?
The key defensive step is to initialize all of your session variables at
> % The benefit of checking in javascript(which I suspect is
> enabled in most
>
> Not me! Not me! Not me!
>
> It is by no means ubiquitous. Anyone who even moderately considers
> security will have it turned off.
The latest survey I've seen indicates that about 11% of browsers have JS
d
> -Original Message-
> From: Gareth Mulholland [mailto:[EMAIL PROTECTED]]
>
> I'm having problems with mktime and Midnight on 30th March 2003.
>
> The code I'm using is:
>
> echo mktime(0,0,1,'03','29','2003');
> echo mktime(0,0,1,'03','30','2003');
> echo mktime(0,0,1,'03',
> -Original Message-
> From: Scott Fletcher [mailto:[EMAIL PROTECTED]]
>
> Found a PHP bug, I'm using PHP version 4.2.3. I have been
> struggling with
> why PHP code failed to work with the month is August or
> September
I stumbled into this one a short while ago myself. It is not a b
> -Original Message-
>
>However, my mind apparently works different and I keep trying to relate the
OOP structure to
> what I already know which equates an object to a function. I am resolving
> to purchase a book dedicated to instruction in the inns and outs of OOP.
> Specifically
The month behaves the same: both '08' and '09' are treated as zero by
mktime().
Kirk
> -Original Message-
> From: Paul Roberts [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, January 02, 2003 4:24 PM
> To: Johnson, Kirk
> Cc: [EMAIL PROTECTED]
> Subject
OK, I am mktime() challenged. Can someone please explain these results to
me?
I have some test dates in October of 1998. For the days numbered 1-7,
mktime() does not care whether I have a leading zero on the day or not, I
get the same timestamp regardless, e.g., both a '7' and a '07' for the day
Thanks for your reply, Davy. We are running *nix boxes, so I don't have any
thoughts on XP and Apache.
Kirk
> -Original Message-
> From: Davy Obdam [mailto:info@;davyobdam.com]
> Sent: Thursday, November 07, 2002 3:29 PM
> To: Johnson, Kirk; [EMAIL PROTECTED]
> Subje
Last I heard, PHP and Apache 2 were not yet ready for production
environments. Are there any further updates?
What is the best way to keep up on the status of this? Any good sites in
particular?
TIA
Kirk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.n
> And what should these precautions be? If a malicious user can submit
> his own form and you are looking for a POST variable, how can you
> ensure that $admin came from your form and not that user's?
The problem is when a cracker uses form variables in an attempt to set the
values of "flag" v
";
}
function test2() {
echo "foo is {$GLOBALS['foo']}";
}
?>
Kirk
> Some have eluded to this but I haven't seen a working
> example. I would like
> to declare globals in my main script and then inside
> functions that need
> these globals just somehow use the $GLOBALS or something to
>
register_globals() adds a variable to the *session*. The global statement
brings a global variable into the *scope* of a function.
Kirk
> What is the difference?
> > > variable. I read that "register globals" has some security
> > issues. Are
> > > these the same, or is setting a variable as
Indeed, it is a negated something or other.
> -Original Message-
> From: David Buerer [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 12, 2002 11:23 AM
> To: '[EMAIL PROTECTED]'
> Subject: RE: [PHP] Re: unless something...
>
>
> True, but isn't unless just a negated while?
--
P
There is no 'unless' in PHP, so you just have to grind it out. If you are
searching for known strings, rather than string *patterns*, use the strstr()
function here: http://www.php.net/manual/en/function.strstr.php.
So, something like:
if(!strstr($c,$a) && !strstr($c,$b)) {
bla;
exit;
}
Com
> Things I want to do:
>
> - convert this site into a dynamic one, where I can very easily
> change the layout of things whenever it comes time to revamp
> the site into a new design.
I have not worked with any of the templating systems, but here is a
home-grown one. Separate
> Kondwani Spike Mkandawire wrote:
> > Am I mistaken to assume that a Session is automatically
> > destroyed if a Window Browser is closed?
*Eventually* it is destroyed, but not at the instant the browser is closed.
See the session.gc_maxlifetime and session.gc_probability settings in
php.ini. If
> Anyone got any handy hints on how to convert scripts running
> on PHP3 and
> PHPlib?
1. Roughly speaking, page_open() goes to session_start():
Old:
page_open(array("sess" => "my_web_Session"));
New:
session_start();
2. page_close() goes away; if you don't have time to remove all those calls
If you made an array for your buttons, then you could use PHP's looping
constructs to process the array. Write the input tag like this:
Chicago
The processing code will then have access to the array $Game indexed by the
game number, e.g., $Game[1].
Good luck!
Kirk
> -Original Message
Nathan, this is a new idea to me and very interesting. Do you know what
happens here if the error reporting is set to max? Are a bunch of
"unitialized variables" warnings issued?
Thanks for contributing this to the list.
Kirk
> -Original Message-
> From: Nathan Cook [mailto:[EMAIL PROTE
> What I'm looking to do is when a user logs in, I start up the
> session.. I
> then have the registered session var to verify they are
> authenticated as
> they move throughout the site.
>
> Now, when they close the browser and come back, I want them
> to still be authenticated.
I don't thi
> On Tue, 2 Jul 2002, Johnson, Kirk wrote:
> > Is the number of requests (used for garbage collection), tallied on a
per
> > server basis, or on a per domain basis?
> Pretty fair bet it's a per-server basis.
>
> miguel
Thanks, miguel. That would be my guess, t
> Now, I still can not understand why the 2nd page show the $_SESSION as
> blank. It is suppose to contain datas. The php.net stated
> that $_SESSION
> is global. Any comments?
register_globals on
---
Page 1
Page 2:
register_globals off
Page 1:
Pag
Is the number of requests (used for garbage collection), tallied on a per
server basis, or on a per domain basis? What about in a load-balanced
environment?
TIA
Kirk
"0, as a number, is just as important as any other number."
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, v
With register_globals on:
1. Put session_start() at the top of each page.
2. Initialize the variable, then call session_register():
$foo = 'bar';
session_register('foo');
3. Do all assignments to $foo, not $HTTP_SESSION_VAR['foo'], since $foo gets
written to $HTTP_SESSION_VAR['foo
I thought this syntax, an unquoted key name, was deprecated ;)
>From the manual at http://www.php.net/manual/en/language.types.array.php:
"You should always use quotes around an associative array index."
Kirk
> Nope, use:
>
> echo "This script is called $_SERVER[PHP_SELF]";
--
PHP General M
> Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting
T_STRING or T_VARIABLE or T_NUM_STRING in
C:\inetpub\wwwroot\PHP\cat_proto3.php on line 46
> Line 46 corresponds to the form tag, as follows:
>
>
When you echo out an array element, the name needs to be enclosed in
c
You could look at $HTTP_SERVER_VARS['SCRIPT_NAME'] in the included file, for
one.
Kirk
> Hi, is there any way to know in the included file the filename of the
> parent file?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Foul! Top-post ;)
*gives Ed a noogie*
> Concise is also good ;)
>
> *gives Erik a noogie*
>
> Erik wrote:
> > I was going to stay out of the thread, because people have
> > ways of doing
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[EMAIL PROTECTED]]
> Sent: Tuesday, June 18, 2002 3:30 PM
> To: Johnson, Kirk
> Cc: [EMAIL PROTECTED]
> Subject: RE: [PHP] sessions trouble
>
>
>
> I am using PHP 4.1.2, which I assume supports the $_SESSION
> global array.
> I've tried ...sigh... using
Is your version of PHP new enough to support the new $_SESSION[] array? If
it is not, use $HTTP_SESSION_VARS[].
> -Original Message-
> From: Leston Drake [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, June 18, 2002 12:29 PM
> To: Johnson, Kirk
> Cc: [EMAIL PROTECTED]
>
Check the register_globals setting in php.ini. It looks like it is "on" on
the problem server. If so, then you have two choices:
1. Turn it "off"
2. Change your code to this style:
session_start();
$node = 10.2;
session_register('node');
echo $node;
Kirk
> -Original Message-
> From: Les
OK, I have questions.
A session *file* is created, but it is empty. I know of only one way to get
data into it, that is through a session variable. Session variables are
controlled by the programmer, so unless the programmer is careless with
their validation or register_globals setting, I don't s
parse the code
> as text. That's
> >what it does anyway so why catch commented code at all?
> >
> >- Original Message -
> >From: "Johnson, Kirk" <[EMAIL PROTECTED]>
> >To: <[EMAIL PROTECTED]>
> >Sent: Tuesday, May 28, 2002 2:55 P
Which begs the question, why does PHP see a '?>' in a '//' comment line, but
not in a multi-line comment, e.g., /* ?> */ ?
> -Original Message-
> From: Ed Gorski [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, May 28, 2002 2:46 PM
> To: Leotta Natalie (N
I have wondered for some time if this is a bug or just an interesting design
choice ;) I agree with you, I was surprised when I first encountered this.
But it is what it is, so code accordingly.
Kirk
> -Original Message-
> From: Thalis A. Kalfigopoulos [mailto:[EMAIL PROTECTED]]
> Sent:
Unless you are using PHP version 4.2 or higher, the first argument can't be
an array.
Kirk
> -Original Message-
> From: Jas [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, May 21, 2002 11:46 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP] in_array problems (another pair of eyes?)
>
>
> I don't
The coding style needs to match the register_globals setting in php.ini.
register_globals on:
$accountsession = $session;
$accountemail = $email;
session_register("accountsession");
session_register("accountemail");
register_globals off:
Do just like you have it below, except remove the calls
See session.gc_maxlifetime in php.ini. The session timer is based on the
session file access (or modified?) timestamp. It gets reset every time the
session data is accessed, which is every time a page using that session is
requested.
Kirk
> -Original Message-
> From: Smileyq [mailto:[EMA
> I'm just curious what other constants in php are defined.
> any hints where or how to find a list?
http://www.php.net/manual/en/reserved.constants.php
Kirk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
ple of error handler function provided in the
> documentation.
>
> Note that if I don't set my own error_handler everything
> works and parse
> error messages are displayed as usual.
>
> More ideas ?
>
> Pedro.
>
>
> "Johnson, Kirk" escribió:
> &
Try setting error_reporting = E_ALL & ~E_NOTICE, or just E_ALL, in php.ini.
Kirk
> -Original Message-
> From: Pedro Garre [mailto:[EMAIL PROTECTED]]
> Sent: Friday, April 19, 2002 11:25 AM
> To: php-general
> Subject: [PHP] parse error=> doc contains no data
>
>
> I set my own error ha
Garbage collection is launched according to the gc_probablility. If it finds
a session file that has not been modified for a longer time than
gc_maxlifetime, it deletes it. So, whenever a user requests a page, they
essentially reset the session timer to zero for that particular session,
since the
With register_globals off, try this:
Kirk
> -Original Message-
> From: Norman Zhang [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, April 16, 2002 12:15 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [PHP] session_is_registered
>
>
> Sorry. I'm still getting empty output. Are there some glo
Are you absolutely positive register_globals is off? Is there an .htaccess
file laying around someplace that overrides php.ini and turns it on?
Sorry, I don't have any other ideas.
Kirk
> -Original Message-
> From: Patrick Aland [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, April 16, 2002
Sure, just give it a try!
Kirk
> -Original Message-
> From: andy [mailto:[EMAIL PROTECTED]]
> Sent: Monday, April 15, 2002 5:13 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP] placing data outside the server root
>
>
> Hi there,
>
> is it possible to place data like images outside the s
In the $HTTP_SERVER_VARS array there is an element named REQUEST_METHOD
which has this information. So use $HTTP_SERVER_VARS['REQUEST_METHOD'].
Kirk
> -Original Message-
> From: José León Serna [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, April 11, 2002 3:41 AM
> To: [EMAIL PROTECTED]
>
Try putting a hidden field like below in your form. Set the value (bytes) to
the size you want to be able to upload:
Kirk
> -Original Message-
> From: Frédéric Mériot [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, April 11, 2002 1:48 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP] Upload pro
I get '4', as expected, on v.4.0.6.
Kirk
> -Original Message-
> From: Valdas Andrulis [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, April 10, 2002 3:43 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP] session variables and unset
>
>
> Hello,
>
> I have 3 scripts:
>
> ## i2.php
> session_
Good starters. I would add one more starter item: don't blindly grab
everything out of the $_POST[] array. Instead, only grab the variables that
*you* put on the form page. A cracker might send you a name/value pair like
"$admin=1", trying to guess what flag you are using for "admin" users.
Kirk
I believe the escaping only occurs at the time GET/POST/COOKIE data is
brought into the PHP namespace from the server. I recommend you don't
removing escapes from a security standpoint. Do a search on "SQL injection"
to find info on how crackers can mess with you when data from the client is
not e
Do you have a call to session_start() in the second file? You need this to
access the session variables on the second page.
Kirk
> -Original Message-
> From: N.D. Andini [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, April 02, 2002 3:20 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP] Can not ge
http://www.zend.com/zend/spotlight/mimocsumissions.php#Heading6
http://marc.theaimsgroup.com/?l=php-general&m=92353052714384&w=2
Kirk
> -Original Message-
> From: Devin Atencio [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, March 28, 2002 12:14 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] E
You can catch typos by setting the error reporting level to E_ALL (in
php.ini). PHP will then give you a warning whenever a variable is used
before it has been assigned a value.
Kirk
> That's too bad,
> I used to do some ASP which is weakly typed too but I still
> could use "Option Explicit" t
Close!
$message .= "Some text here";
Kirk
> -Original Message-
> From: David Johansen [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, March 27, 2002 12:03 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] Adding stuff to the end of strings
>
>
> I was just wondering if there was a way to add
> I am probably wrong about this, but I thought that you could register
> session variables using this technique only if you are using
> PHP 4.1.x
> and you use the format:
>
> $_SESSION['v_s'] = 500;
The key point is the register_globals setting in php.ini. If it is set to
on, then register
With register_globals on, $a and $b need to be registered using
session_register(). Don't assign them to $_SESSION, PHP does that for you
with register_globals on.
1.php
-
session_start();
$a = 'some_value';
$b = 'nuther_value';
session_register('a','b');
header("location: 2.php");
2.php
---
1 - 100 of 356 matches
Mail list logo
