That's actually a very good article and while I don't agree with some
of it (most notably #6, the I love SQL.. I find a good ORM layer to be
a life saver should you ever need to make database structure changes
without having all your apps collapse all over themselves), I
certainly agree with the ma
On Sun, 2007-09-23 at 18:02 +0100, Colin Guthrie wrote:
> Thought ppl here may be interested in this:
> http://www.oreillynet.com/ruby/blog/2007/09/7_reasons_i_switched_back_to_p_1.html
>
> Originally linked from /.:
> http://developers.slashdot.org/article.pl?sid=07/09/23/1249235
It's funny, eve
At 9:27 PM +0200 6/20/07, Tijnema wrote:
On 6/20/07, tedd <[EMAIL PROTECTED]> wrote:
If you are worried about evil code being in the image, you could
always resample the image (larger or smaller). Not that I have
personal experience, but I would think that any piece of code that is
resampled is
On Wed, 2007-06-20 at 15:12 -0400, Daniel Brown wrote:
> On 6/20/07, tedd <[EMAIL PROTECTED]> wrote:
> > At 12:53 PM -0400 6/20/07, Daniel Brown wrote:
> > >
> > >No, not the upload and execution, per se, but rather using images
> > >to contain processable PHP code.
> > >
> > >--
> > >Daniel P.
On 6/20/07, tedd <[EMAIL PROTECTED]> wrote:
At 2:32 PM -0400 6/20/07, Guillaume Theoret wrote:
>Thanks for the link.
>
>I got worried for a second that my code could be exploited so I did a
>quick check to make sure that mime-types were correct. (I check the
>mime type to make sure it's an image,
At 2:32 PM -0400 6/20/07, Guillaume Theoret wrote:
Thanks for the link.
I got worried for a second that my code could be exploited so I did a
quick check to make sure that mime-types were correct. (I check the
mime type to make sure it's an image, not the file extension.) I
renamed a .jpg file .
On 6/20/07, tedd <[EMAIL PROTECTED]> wrote:
At 12:53 PM -0400 6/20/07, Daniel Brown wrote:
>
>No, not the upload and execution, per se, but rather using images
>to contain processable PHP code.
>
>--
>Daniel P. Brown
Daniel:
Wow! Now that's something I would like to see -- you do have a de
At 12:53 PM -0400 6/20/07, Daniel Brown wrote:
No, not the upload and execution, per se, but rather using images
to contain processable PHP code.
--
Daniel P. Brown
Daniel:
Wow! Now that's something I would like to see -- you do have a demo?
As far as "legitimate reasons", how about ima
Thanks for the link.
I got worried for a second that my code could be exploited so I did a
quick check to make sure that mime-types were correct. (I check the
mime type to make sure it's an image, not the file extension.) I
renamed a .jpg file .jpg.php and uploaded it and got application/x-php
as
On 6/20/07, Jochem Maas <[EMAIL PROTECTED]> wrote:
Daniel Brown wrote:
> On 6/20/07, Tijnema <[EMAIL PROTECTED]> wrote:
>> Hi all,
>>
>> Just received a mail from phpclasses, which pointed to this very
>> interesting article[1]. Seems good to know for starters ;)
>> The experts around here probab
Daniel Brown wrote:
> On 6/20/07, Tijnema <[EMAIL PROTECTED]> wrote:
>> Hi all,
>>
>> Just received a mail from phpclasses, which pointed to this very
>> interesting article[1]. Seems good to know for starters ;)
>> The experts around here probably already know this way of exploits.
>>
>> Tijnema
>
On 6/20/07, Tijnema <[EMAIL PROTECTED]> wrote:
Hi all,
Just received a mail from phpclasses, which pointed to this very
interesting article[1]. Seems good to know for starters ;)
The experts around here probably already know this way of exploits.
Tijnema
[1]
http://www.phpclasses.org/blog/pos
On Wed, 2006-01-18 at 16:20, Mark wrote:
> Robert Cummings wrote:
> >
> > The implementation is slightly more difficult than what I've just
> > described, but simple enough :)
>
> It's truly ugly, don't you think?
Actually I find it quite elegant, but maybe that's just me :)
Cheers,
Rob.
--
.-
On Wed, January 18, 2006 2:36 pm, Mark wrote:
> Here's a point of debate, should this sort of behavior be allowed?
Of course it should be allowed!
It's a standard computer science technique!
There are entire branches of mathematics / science devoted to
recursive graph theory.
Whole *BOOKS* writ
Robert Cummings wrote:
> On Wed, 2006-01-18 at 15:36, Mark wrote:
>>
>> [-- CLIPPED --]
>>
>> Here's a point of debate, should this sort of behavior be allowed? If it
>> is allowable, how does one support it in any sort of serialized
>> methodology? I have a few ideas but none very pretty. I'm pre
On Wed, 2006-01-18 at 15:44, Robert Cummings wrote:
>
> Yes it should be allowed,
Actualy was just thinking about how I didn't allow this in JavaScript...
you might want to make it an option as a second parameter to recurse. I
know in JavaScript any DOM element references the entire DOM tree and
y
On Wed, 2006-01-18 at 15:36, Mark wrote:
>
> [-- CLIPPED --]
>
> Here's a point of debate, should this sort of behavior be allowed? If it is
> allowable, how does one support it in any sort of serialized methodology? I
> have a few ideas but none very pretty. I'm pretty sure it causes problems
> in
Dotan Cohen wrote:
On 8/5/05, Jochem Maas <[EMAIL PROTECTED]> wrote:
he runs php5, you run php4 - is the following set on his server perchance?:
echo $_SERVER['HTTP_REFERER'];
//or
echo getenv("HTTP_REFERER");
note that $HTTP_REFERER is depreciated in php5.
also the freeBSD box may have a fir
On 8/5/05, Jochem Maas <[EMAIL PROTECTED]> wrote:
> he runs php5, you run php4 - is the following set on his server perchance?:
>
> echo $_SERVER['HTTP_REFERER'];
> //or
> echo getenv("HTTP_REFERER");
>
> note that $HTTP_REFERER is depreciated in php5.
> also the freeBSD box may have a firewall t
Dotan Cohen wrote:
I creating a out.php file that will record clicks, and the redirect
the user to the site that he wanted. I am currently using
header("Location: $url"); which works as expected. The only problem
is, that the browser does not send $HTTP_REFERER info to the recieving
site.
Howeve
Jay Blanchard wrote:
Let's say I have a form and the action is thus;
\n";
Note the 'bid' attribute. Now, I have a case statement in which stuff
takes place since the form has called it because of the 'bid' attribute.
Before I break from the case I do this;
unset($_GET['bid']);
SIDEBAR: You should a
Jay Blanchard wrote:
Let's say I have a form and the action is thus;
\n";
Note the 'bid' attribute. Now, I have a case statement in which stuff
takes place since the form has called it because of the 'bid' attribute.
Before I break from the case I do this;
unset($_GET['bid']);
SIDEBAR: You should a
Jay Blanchard wrote:
[snip]
Am I missing something here? It's obvious that the 'bid' parameter will
appear in the query string... That's how the form posts it.
Yes, you can unset it if you like, but the form will still add it to the
URL that it posts to, unless you change the "action" attribute of
[snip]
Am I missing something here? It's obvious that the 'bid' parameter will
appear in the query string... That's how the form posts it.
Yes, you can unset it if you like, but the form will still add it to the
URL that it posts to, unless you change the "action" attribute of the
form tag.
A
But, Jay:
Am I missing something here? It's obvious that the 'bid' parameter will
appear in the query string... That's how the form posts it.
Yes, you can unset it if you like, but the form will still add it to the
URL that it posts to, unless you change the "action" attribute of the
form tag.
Chris Dowell wrote:
I haven't searched through the archives to refresh my memory, but it's
something to bear in mind. I wonder whether error messages are also not
passed to the browser.
I have pointed out some more aspects of this issue:
Error messages and normal output are passed to the browser
it seems that php first ends output buffering and then calls then
destructs the objects. so the output buffering is still ended when the
destructor is calles. one has to unset the object to reverse that
order manually.
aRZed
If I remember correctly, there were a number of posts about this subj
John W. Holmes wrote:
From: "Justin Patrin" <[EMAIL PROTECTED]>
IMHO it's just better to use concatenation and single quotes for your
string. PHP doesn't have to parse your strings for variables that way
and it makes it obvious what parts are variables.
To each his own. Shall we discuss the merits
Ok, print or echo :-)
>>From: "Justin Patrin" <[EMAIL PROTECTED]>
>>
>>> IMHO it's just better to use concatenation and single quotes for your
>>> string. PHP doesn't have to parse your strings for variables that way
>>> and it makes it obvious what parts are variables.
>>
>>To each his own. Shall
* Thus wrote John W. Holmes ([EMAIL PROTECTED]):
> From: "Justin Patrin" <[EMAIL PROTECTED]>
>
> > IMHO it's just better to use concatenation and single quotes for your
> > string. PHP doesn't have to parse your strings for variables that way
> > and it makes it obvious what parts are variables.
>
From: "Justin Patrin" <[EMAIL PROTECTED]>
> IMHO it's just better to use concatenation and single quotes for your
> string. PHP doesn't have to parse your strings for variables that way
> and it makes it obvious what parts are variables.
To each his own. Shall we discuss the merits of print vs. e
Good point Justin !
>>John W. Holmes wrote:
>>
>>> From: Daniel Clark
>>>
>>>
>echo "\"{$search_for_list[$i][0]}\""; will work, btw.
What does the {}around the array mean?
>>>
>>>
>>> It delimits your variable so PHP knows what to interpret as a variable and
>>> what to interpret
John W. Holmes wrote:
From: Daniel Clark
echo "\"{$search_for_list[$i][0]}\""; will work, btw.
What does the {}around the array mean?
It delimits your variable so PHP knows what to interpret as a variable and
what to interpret as a string.
$ar[1] = 'foo';
echo "Value is {$ar[1]}"; // Value is foo
Thank you John, and Michal :-)
>>From: Daniel Clark
>>
echo "\"{$search_for_list[$i][0]}\""; will work, btw.
>>>
>>> What does the {}around the array mean?
>>
>>It delimits your variable so PHP knows what to interpret as a variable and
>>what to interpret as a string.
>>
>>$ar[1] = 'foo';
>>ec
From: Daniel Clark
>>echo "\"{$search_for_list[$i][0]}\""; will work, btw.
>
> What does the {}around the array mean?
It delimits your variable so PHP knows what to interpret as a variable and
what to interpret as a string.
$ar[1] = 'foo';
echo "Value is {$ar[1]}"; // Value is foo
$ar = 'foo';
> What does the { } around the array mean?
http://www.php.net/manual/en/language.types.string.php#language.types.string.parsing.complex
-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.
What does the { } around the array mean?
>>From: "Bob Lockie" <[EMAIL PROTECTED]>
>>
>>> echo "\"" . $search_for_list[$i][0] . "\"" works but
>>> echo "\"$search_for_list[$i][0]\"" prints "Array[0].
>>
>>$search_for_list[$i] is an 'Array' which is followed by the string '[0]' ...
>>how is PHP supp
From: "Bob Lockie" <[EMAIL PROTECTED]>
> echo "\"" . $search_for_list[$i][0] . "\"" works but
> echo "\"$search_for_list[$i][0]\"" prints "Array[0].
$search_for_list[$i] is an 'Array' which is followed by the string '[0]' ...
how is PHP supposed to know you mean
$search_for_list[$i][0]?
echo "\"
* Thus wrote Axel IS Main ([EMAIL PROTECTED]):
> I just upgraded to 4.3.5. I double checked and made sure I put
> everything in the right place. If I run php or php-cli from the command
> line and the script has phpversion() in it, it returns the correct
> string, i.e. 4.3.5. If, however, I pull
Hi Chris, a million thanks for the help there. That's what i thought I'd
have to do.
What I'm doing now is inspect the Range header to pull out the start and
end, and then deduce the length, and then using fopen, fseek and fread to
open the file and read from a certain offset for a certain leng
Dan Goodes <[EMAIL PROTECTED]> wrote:
> Hi folks,
>
> I currently have an interesting dilemma - any help is appreciated (if
> possible, CC directly to [EMAIL PROTECTED] as well as the list).
>
> What Ive got is a PHP wrapper script that performs authetication, and uses
> "readfile()" to return
--- Dan Goodes <[EMAIL PROTECTED]> wrote:
> What I want is for the PHP script to read ALL the headers for the
> request (in particular, RANGE headers), and then return the relevant
> portion of the file. Can this be done fairly simply?
I think you will find all header in the $_SERVER array. It is
This is either bug in the extensions, or you give wrong parameters to a
function or method.
Fatih Üstündağ wrote:
I'm using Command Line php and php-xslt functions ( sablotron 0.96 )
I have got an error such that :
php: output.cpp:1554: Bool OutputterObj::eventAttributeStart(Situation &,
const
Running my code directly from console (/usr/local/bin/php ./code.php)
allows the code to complete properly. It must be an HTTP issue.
Cheers,
Ben
--
Ben Vaughn
Security Analyst
Blackbird Technologies
703-796-1438 W / 703-868-5258 C
[EMAIL PROTECTED]
--
-Original Message-
From:
it's a "bookmark"
basically, it's telling the browser to scroll the page down until it finds
the named bookmark
eg
Top of page
blah...
...
go to top
clicking on that link will scrol the page to "top"
in your case, it's a "no-name" bookmark, and most browsers treat this as
either "don't move" o
Vlad,
Try IMAGE
/bsh/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Hi Yoed,
> mysql_query("SELECT Id, Dep_Date, Return_DateFROM X,Y WHERE Dep_Date LIKE
> '%$SelectDate%' OR Return_Date LIKE '%$SelectDate%' ORDER BY Dep_Date");
> Will give you a ton of errors, and I'm not very fimilar with JOIN and SQL
> and how that works. My idea was to create two querys, but t
It's obviously more effective to do it in MySQL, but you shouldn't have any real
processing problems even if you don't find an appropriate solution using MySQL
exclusively, because you'd have the two arrays ordered by MySQL, so all you'll
have to do would be something like
$myrow1=mysql_fetch_row
From: Balaji Ankem <[EMAIL PROTECTED]>
Date: Thu, Sep 20, 2001 at 01:11:59PM +0500
Message-ID: <[EMAIL PROTECTED]>
Subject: [PHP] interesting warning!!!
> Hi,friend,
>
> i registered login info while login using session_register
>
> session_register("user","pw");
>
> ---
> and duri
You can indeed do this in javascript. You need to put a FORM on the page in
the other frame and then access the data elements in that form with the
syntax
parent.frame[x].formname.elementname.value
or something along those lines.
This gets pretty ugly pretty quickly, IMO. Also, I think you coul
50 matches
Mail list logo
