I've heard some concern expressed that PHP might be more insecure
then other methods of developing website where security was of prime
importance. Now, I personally do not believe this, but it would help
me to convince others if I could point to major sites, where security
(mostly with resp
On Feb 1, 2007, at 9:47 AM, Jochem Maas wrote:
Eric Gorr wrote:
I've heard some concern expressed that PHP might be more insecure
then
other methods of developing website where security was of prime
importance. Now, I personally do not believe this, but it would
help me
to con
On Feb 1, 2007, at 9:50 AM, Jay Blanchard wrote:
Also, check out
http://www.shiflett.org as Chris is one of if not the leading
expert in
security with PHP.
Great site. thank you.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Feb 1, 2007, at 10:06 AM, Jochem Maas wrote:
Eric Gorr wrote:
On Feb 1, 2007, at 9:47 AM, Jochem Maas wrote:
Eric Gorr wrote:
I've heard some concern expressed that PHP might be more
insecure then
other methods of developing website where security was of prime
importance. N
I haven't tracked this particular issue, but I know when PHP5 was
first released is wasn't recommended in a commercial/production
environment. However, a lot of time has passed and we're at v5.2
now...have things changed? Have Google&Yahoo, for example, moved to
PHP5? Or is PHP4 still the r
I wanted to setup a good 'contact me' page on my website. I do not want
to reveal my e-mail address, so I was going to use a form.
The PHP script with the actual mail() function would define the To and
Subject parameters, so these could not be faked.
I also plan to use a captcha.
The only conce
would seem that addslashes would just make the body text look messy
for no reason.
www.php.net/htmlentities
It seems as if strip_tags strip out everything that htmlentities would
change and would therefore be unnecessary.
--
== Eric Gorr === http://www.ericgorr.net ===
Chris W. Parker wrote:
It seems as if strip_tags strip out everything that htmlentities would
change and would therefore be unnecessary.
strip_tags() and htmlentities() both perform seperate functions (hence
they have different names). htmlentities() encodes special characters,
strip_tags() strips
Josip Dzolonga wrote:
Eric Gorr wrote:
Any other suggestions?
Well see this example :
function clean_body($body_text) {
if(ini_get('magic_quotes_gpc')) $body_text =
stripslashes($body_text); // If magic_quotes are on, strip the
extra-added slashes
return htmlentities(
Chris W. Parker wrote:
> Or in a less extreme case, your
computer get hijacked and used to send spam because you used
htmlentities() instead of strip_tags().
Well, this is why I asked the question to begin with. I am concerned (as
everyone _should_ be) about such things and desire to do my best to
Anthony Tippett wrote:
http://www.devshed.com/c/a/PHP/PHP-Security-Mistakes/
thank you for the suggestion.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Anthony Tippett wrote:
http://www.devshed.com/c/a/PHP/PHP-Security-Mistakes/
Actually, I am familiar with everything this document mentions.
Unfortunately, this document does not discuss what one might need to be
concerned about when passing text to the body parameter of the mail()
function.
If
Richard Lynch wrote:
On Mon, April 4, 2005 2:00 pm, Eric Gorr said:
I wanted to setup a good 'contact me' page on my website. I do not want
to reveal my e-mail address, so I was going to use a form.
The PHP script with the actual mail() function would define the To and
Subject parameters
Charles Hamel wrote:
Hi
I am bulding a secure intranet.(php, mysql, apache)
I am using a session and Mysql to handel the user accounts. Everythying
works fine with that.
The client now needs to share word/pdf document with the registered user. I
created a secure directory using .htaccess for thi
Duncan Hill wrote:
On Wednesday 06 April 2005 16:32, Eric Gorr typed:
Perhaps, https?
HTTPS is a transport security layer, not an authentication or access control
layer.
I understand that. However, some pages can only be accessed if a user
uses https. I though this might be the case here, but
"Duncan Hill" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
IE dropped support (or severely neutered it) for username:password in URLs
a
while back.
If anyone is interested, I found this document which appears to provide
more details...
http://support.microsoft.com/kb/834489
--
PH
Richard Lynch wrote:
On Wed, April 6, 2005 9:14 am, Eric Gorr said:
"Duncan Hill" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
IE dropped support (or severely neutered it) for username:password in
URLs a while back.
If anyone is interested, I found this document
I am attempting to compile PHP 5.2.3 and am having trouble with the
configuration step:
configure: error: utf8_mime2text() has new signature, but
U8T_CANONICAL is missing. This should not happen. Check config.log
for additional information.
I cannot figure this one out. Any help would be
pack.phpt]
=
Are these failures expected?
On Aug 30, 2007, at 2:43 PM, Eric Gorr wrote:
I am attempting to compile PHP 5.2.3 and am having trouble with the
configuration step:
configure: error: utf8_mime2text() has new signature, but
U8T_CANONICAL is missing. Th
I would suggest taking a look at Zend Studio.
http://www.zend.com/products/zend_studio
On Sep 4, 2007, at 5:28 PM, shiplu wrote:
Hello,
i need a good php debugger. It should provide the facility of step
by step
execution in real time.
Is there any?
Do any of you know about this?
I am hav
In C, etc. one can place #if's around code to determine whether or not
the compiler should pay any attention to the code.
Is there a similar technique for PHP?
I've not seen anything like this before and a brief search hasn't
turned up anything either...just thought I would ask to make sure.
have to assume that PHP does not current
provide such a technique...as I suspected.
On Mar 14, 2008, at 2:22 PM, Børge Holen wrote:
On Friday 14 March 2008 19:19:30 Eric Gorr wrote:
In C, etc. one can place #if's around code to determine whether or
not
the compiler should pay any at
compiled and PHP is
interpreted.
On Fri, Mar 14, 2008 at 6:34 PM, Eric Gorr <[EMAIL PROTECTED]>
wrote:
If you are talking about simply commenting code out, yes, I am aware
of this...however, the #if technique is far more capable in certain
situations.
There are reasons why C, et
On Mar 14, 2008, at 3:10 PM, Stut wrote:
On 14 Mar 2008, at 19:03, Eric Gorr wrote:
Unfortunately, such things cannot be used to wrap functions.
Erm, yes they can. Try it.
Gives:
Parse error: syntax error, unexpected T_STRING in /Users/Eric/Sites/
ifWrapping.php on line 3
--
PHP
On Mar 14, 2008, at 3:15 PM, Eric Gorr wrote:
On Mar 14, 2008, at 3:10 PM, Stut wrote:
On 14 Mar 2008, at 19:03, Eric Gorr wrote:
Unfortunately, such things cannot be used to wrap functions.
Erm, yes they can. Try it.
Gives:
Parse error: syntax error, unexpected T_STRING in /Users
Looks like I will be unable to use PHP5 to do a SOAP server. I believe
it was possible to do such a thing in PHP4, but perhaps not as
cleanly. Unfortunately, I am unable to locate the appropriate
documentation on php.net for some reason...perhaps I am just blind.
Can anyone point me to it?
> > Looks like I will be unable to use PHP5 to do a SOAP server. I
believe
> > it was possible to do such a thing in PHP4, but perhaps not as
> > cleanly.
>
>
> is this because you arent able to use php5 in your current situation,
Yes.
> because php can do soap servers in php5.
I know...I hav
On May 5, 2008, at 12:29 PM, Todd Cary wrote:
I would like a book on implementing SOAP geared for someone with no
SOAP experience.
A book I like is:
Pro PHP XML and Web Services
# ISBN-10: 1590596331
# ISBN-13: 978-1590596333
This book requires PHP 5.
Hopefully SOAP can be used with PHP 4
Hopefully this will be clear.
I've got a unix command-line app which I will be exec'ing (or some
other similar command) from a php script.
The special property of this unix app is that while it executes and
terminates quickly, only a single instance can be running at any one
time.
Howev
On Jun 27, 2008, at 3:18 PM, Daniel Brown wrote:
On Fri, Jun 27, 2008 at 3:12 PM, Eric Gorr <[EMAIL PROTECTED]>
wrote:
Now, one possible solution to this problem is that the php script
adds it's
request to run the unix app to a queue and their is some other code
which
pulls a
On Aug 29, 2008, at 10:30 AM, tedd wrote:
No matter how many times you cut this rope, it's still too short.
So, I'm curious, what do you suggest?
As near as I can tell, even with all of the problems (many of which
can be mitigated with enough effort) associated with the use of
Captcha's,
On Aug 29, 2008, at 11:33 AM, tedd wrote:
I understand there are different reasons behind the use of
CAPTCHA's, but in the end they still present accessibility problems.
And their use is a trade-off that you accept.
Nonsense. There is no reason why the usage of Captcha's would need to
pr
On Aug 29, 2008, at 2:42 PM, Richard Heyes wrote:
I understand there are different reasons behind the use of
CAPTCHA's, but
in the end they still present accessibility problems. And their
use is a
trade-off that you accept.
Nonsense. There is no reason why the usage of Captcha's would nee
On Aug 29, 2008, at 1:56 PM, tedd wrote:
At 12:17 PM -0400 8/29/08, Eric Gorr wrote:
On Aug 29, 2008, at 11:33 AM, tedd wrote:
I understand there are different reasons behind the use of
CAPTCHA's, but in the end they still present accessibility
problems. And their use is a trade-off
On Aug 29, 2008, at 3:11 PM, tedd wrote:
At 2:48 PM -0400 8/29/08, Eric Gorr wrote:
On Aug 29, 2008, at 2:42 PM, Richard Heyes wrote:
I understand there are different reasons behind the use of
CAPTCHA's, but
in the end they still present accessibility problems. And their
use is a
On Aug 29, 2008, at 3:15 PM, tedd wrote:
At 2:51 PM -0400 8/29/08, Eric Gorr wrote:
On Aug 29, 2008, at 1:56 PM, tedd wrote:
At 12:17 PM -0400 8/29/08, Eric Gorr wrote:
On Aug 29, 2008, at 11:33 AM, tedd wrote:
I understand there are different reasons behind the use of
CAPTCHA's, b
On Aug 29, 2008, at 3:41 PM, Stut wrote:
I completely agree, but as far as I know it's only (and I use that
word carefully) people with both visual and audio impairments that
you cannot cater for.
I cannot see any reason why a person with both visual and audio
impairments could not be p
On Aug 29, 2008, at 4:09 PM, Robert Cummings wrote:
On Fri, 2008-08-29 at 15:52 -0400, Eric Gorr wrote:
On Aug 29, 2008, at 3:41 PM, Stut wrote:
I completely agree, but as far as I know it's only (and I use that
word carefully) people with both visual and audio impairments that
you c
On Aug 29, 2008, at 4:21 PM, tedd wrote:
At 3:27 PM -0400 8/29/08, Eric Gorr wrote:
On Aug 29, 2008, at 3:15 PM, tedd wrote:
Why should I have to explain something that is widely known and
easy to find?
So, I'm curious, what prevents a website from providing a good
implementati
On Aug 29, 2008, at 5:19 PM, tedd wrote:
At 4:37 PM -0400 8/29/08, Eric Gorr wrote:
On Aug 29, 2008, at 4:21 PM, tedd wrote:
At 3:27 PM -0400 8/29/08, Eric Gorr wrote:
On Aug 29, 2008, at 3:15 PM, tedd wrote:
Why should I have to explain something that is widely known and
easy to find
On Aug 29, 2008, at 6:56 PM, Stut wrote:
On 29 Aug 2008, at 22:39, Jochem Maas wrote:
in the mean time, here's wishing more clean water and internet access
for everyone (and less bombs).
Hear hear, except that I'd put food above internet access.
Indeed. Although, I might include shelter, c
On Aug 30, 2008, at 8:17 PM, Shiplu wrote:
I wanna know how to write good code in php.
Not oop stuff. I wanna know how to write a good php code file.
documentation, comments. indentation etc.
what are the good practices??
Studying design patterns are a great start to learning how to write
g
Not a direct answer to your question (don't worry, I hate it when
people do this to me too), but one thought I had was to have all of
the products ordered as their own array.
[0] => array(15) {
["order_date"] => string(8) "09-01-08"
["order_products"] => array(2) {
[0] => string(5
On Sep 8, 2008, at 5:06 PM, Tom Shaw wrote:
Actually that won't work I tried it. For some reason the .00 shows
up when I
try to manually add a .00. I know weird.
Did you mean to say that it .00 _doesn't_ show up when you try to
manually add a .00?
The value is in the array or string
be
("Content-type: application/vnd.ms-excel");
header("Content-Disposition: attachment;
filename=inventory_report.csv");
print $out; This prints wrong.
-Original Message-
From: Eric Gorr [mailto:[EMAIL PROTECTED]
Sent: Monday, September 08, 2008 4:21 PM
To: PHP General
Subject: Re: [PH
On Sep 12, 2008, at 11:39 AM, Andrew Ballard wrote:
On Fri, Sep 12, 2008 at 9:52 AM, Jochem Maas <[EMAIL PROTECTED]>
wrote:
Luke schreef:
I wonder if this is a shared trait between C and PHP (since I
understand
PHP
is written in C) that the break; and the default: are placed for
good
On Sep 12, 2008, at 2:14 PM, Robert Cummings wrote:
On Fri, 2008-09-12 at 11:47 -0400, Eric Gorr wrote:
On Sep 12, 2008, at 11:39 AM, Andrew Ballard wrote:
On Fri, Sep 12, 2008 at 9:52 AM, Jochem Maas <[EMAIL PROTECTED]>
wrote:
Luke schreef:
I wonder if this is a shared trait bet
On Sep 12, 2008, at 2:51 PM, Robert Cummings wrote:
On Fri, 2008-09-12 at 14:33 -0400, Eric Gorr wrote:
On Sep 12, 2008, at 2:14 PM, Robert Cummings wrote:
On Fri, 2008-09-12 at 11:47 -0400, Eric Gorr wrote:
On Sep 12, 2008, at 11:39 AM, Andrew Ballard wrote:
On Fri, Sep 12, 2008 at 9:52
On Sep 12, 2008, at 3:44 PM, Robert Cummings wrote:
I don't see how that in any way makes an argument for or against. Once
still must spend client's money wasting time on code that has
questionable merit. Yes, some debugging code is a great boon in any
application, but littered everywhere to fu
On Sep 12, 2008, at 4:27 PM, Robert Cummings wrote:
On Fri, 2008-09-12 at 16:11 -0400, Eric Gorr wrote:
On Sep 12, 2008, at 3:44 PM, Robert Cummings wrote:
I don't see how that in any way makes an argument for or against.
Once
still must spend client's money wasting time on cod
On Sep 12, 2008, at 5:13 PM, Robert Cummings wrote:
On Fri, 2008-09-12 at 16:51 -0400, Eric Gorr wrote:
On Sep 12, 2008, at 4:27 PM, Robert Cummings wrote:
On Fri, 2008-09-12 at 16:11 -0400, Eric Gorr wrote:
On Sep 12, 2008, at 3:44 PM, Robert Cummings wrote:
I don't see how that i
On Sep 13, 2008, at 12:12 PM, Robert Cummings wrote:
On Sat, 2008-09-13 at 10:09 -0400, Eric Gorr wrote:
On Sep 12, 2008, at 5:13 PM, Robert Cummings wrote:
On Fri, 2008-09-12 at 16:51 -0400, Eric Gorr wrote:
On Sep 12, 2008, at 4:27 PM, Robert Cummings wrote:
On Fri, 2008-09-12 at 16:11
On Sep 17, 2008, at 8:54 AM, Hunt Jon wrote:
Hi, I'm new to PHP. I have an array that I would like to convert
into a string.
For example, I have
array(
0 => "Good morning",
1 => "Good afternoon",
2 => "Good evening",
3 => "Good night"
);
Now I would like to convert the array to something l
On Sep 17, 2008, at 10:54 AM, Nathan Rixham wrote:
Eric Gorr wrote:
On Sep 17, 2008, at 8:54 AM, Hunt Jon wrote:
Hi, I'm new to PHP. I have an array that I would like to convert
into a string.
For example, I have
array(
0 => "Good morning",
1 => "Good afternoo
On Sep 18, 2008, at 5:52 PM, Terry J Daichendt wrote:
I'm pasting this code from the example at php.net and getting these
errors. Can anyone determine what I'm doing wrong?
page 2';
// Or maybe pass along the session id, if needed
echo 'page 2';
?>
Well, this is weird. When I copied your t
I believe what you are looking is:
http://us2.php.net/manual/en/function.pow.php
number pow ( number $base , number $exp )
Returns base raised to the power of exp
On Sep 19, 2008, at 3:34 PM, Stephen Johnson wrote:
OK.. Math is NOT my forte ...
I am converting a site from ASP to PHP ...
that is producing even funkier results...
doing pow( (1-(1+$nMonthlyInterest)) , ($iMonths*-1) ) ;
Gives me :
4.2502451372964E-35 = 25000 * (0.00104167 / 6.1270975733019E
+35);
From: Eric Gorr <[EMAIL PROTECTED]>
I believe what you are looking is:
http://us2.php.net/man
On Oct 15, 2008, at 1:21 PM, Yeti wrote:
You encrypt stuff with a string that you keep secret. That string
is needed to decrypt the string.
I recommend you change that string once in a while.
Also, picking up a copy of:
Essential PHP Security
by Chris Shiflett
# ISBN-10: 059600656X
# ISBN-
I've got a directory structure similar to this:
SiteRootDir
index.php
dirA
index.php
dirB
funcs.php
otherfuncs.php
In the SiteRootDir/index.php, I've got:
require_once( dirB/funcs.php );
in funcs.php, I've got:
require_once( otherfuncs.php );
which works because SiteRoot
For some great information on how to internationalize a PHP
application, I would suggest checking out:
http://us3.php.net/manual/en/ref.gettext.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
At 11:41 AM -0800 2/6/04, Paul Furman wrote:
while ($file = readdir($dh)){
if (strstr ($file, '.jpg')){
$pictures[] = $file;
}
Spotted this problem when staring at your code.
Number of open braces: 2
Number of close braces: 1
You need to close off your while loop.
Should I set
At 1:32 PM -0500 2/24/04, Matt Palermo wrote:
Is there a way to check a folder on the server to make sure a specified
folder has write permissions? I'm writing an upload script, but I need to
make sure the user gave the destination directory write permissions before I
can copy the files to the new
At 6:06 PM +0100 3/15/04, Ryan A wrote:
I know this is pretty easy to do but I am horrorable at working with regular
expressions and was wondering if anybody might take a min to help please.
I will have a variable: $the_extention
which will have a value like:98797-234234--2c-something-2c
How
I thought I had a pretty good handle on sessions, but I can't figure
out what could possibly be going wrong in this case. I've stripped my
code down to basically the bear minimum which still reproduces the
problem, which I included below.
When I visit test1.php with the url:
http://domain&path/
Khalid Judeh wrote:
hello all,
i am new to php, i am trying to call the date function this way:
and the result i get is: object18/03/04
any help would be appreciated
hummm...very odd. I did the same thing and got:
19/03/04
Can you provide any more details? What version of PHP is being used?
(
At 1:58 PM -0500 3/19/04, John W. Holmes wrote:
From: "Eric Gorr" <[EMAIL PROTECTED]>
When I visit test1.php with the url:
http://domain&path/test1.php?name=bill&pwd=henry
I see the output:
user = 'bill'
ID= 41699d4461e8fe3a71243bb3cb1c2298'
You were
Ah HA! I knew I wasn't crazy...well, pretty sure... ;-)
I figured out why my sessions were behaving so oddly.
I was accessing test1.php via:
http://ericgorr.net/...
In test1.php, I was then redirecting to test2.php via
http://www.ericgorr.net/...
Apparently, with Mozilla and Safari, php s
interested in possible alternative solutions, I
would like to know how to accomplish this task even if it does not end
up being the solution I use.
--
== Eric Gorr === http://www.ericgorr.net ===
"Those who would sacrifice a little freedom for temporal safety
tring, etc...basically things that streams tend to handle well.
There are probably better functions for dealing with a
string than the ones you have mentioned (fseek is a file pointer).
'like fscanf, fseek'
--
== Eric Gorr === http://www.ericgorr.net
, open the file with fopen and then use fscanf,
fseek, etc. to process the text.
However, I am assuming there is an easier way (i.e. a method without the
file io overhead) to be able to treat the string as a stream.
--
== Eric Gorr === http://www.ericgorr.net ===
Jay Blanchard wrote:
What, exactly, do you want to accomplish?
I want to be able to treat a string as a stream.
For example, the C++ STL contains istringstream, which allows one to
treat strings as streams.
(http://www.cplusplus.com/ref/iostream/istringstream/)
If you are truly wondering w
Jay Blanchard wrote:
However, if I
know what you want to do with the string more specifically (I asked for
examples, which you have not given) I can get you to the right PHP
functions.
I am familiar with all of the PHP string functions.
PHP does not have a class or function similar to
isstri
with isstringstream.
Looks like it wouldn't be terribly difficult to get something like this
up and running.
I was just taking a look at:
http://us3.php.net/manual/en/function.stream-wrapper-register.php
I'm kinda surprised no one has written a wrapper for strings yet...
And there are good reasons why other very intelligent people thought
that including such functionality directly in the C++ STL and many other
libraries was a good idea too.
--
== Eric Gorr === http://www.ericgorr.net ===
"I believe each individual is naturally ent
Jochem Maas wrote:
Eric Gorr wrote:
Jochem Maas wrote:
> http://php.net/manual/en/function.stream-wrapper-register.php is as
close as it gets
I think. - total overkill for manipulating strings IMHO - (me thinks
there is atleast
one other in agreement) - there is a reason php has all th
ut this did not work either.
--
== Eric Gorr === http://www.ericgorr.net ===
"I believe each individual is naturally entitled to do as he pleases
with himself and the fruits of his labor, so far as it in no way
interferes with any other man's rights."
Paul Waring wrote:
On Mon, Aug 08, 2005 at 04:37:12PM -0400, Eric Gorr wrote:
Should it? Is it possible to write a doesexists.php script which would
cause the 404 directive to be triggered?
I also tried: header("Status: 404 Not Found"); but this did not work either.
Try sea
The code is doing exactly what you told it to do.
To make it do what you what you seem to want it to do, get rid of the
nested IFs and place all three tests within a single IF.
--
== Eric Gorr === http://www.ericgorr.net ===
"Government is not reason, it is not e
Quoting Torgny Bjers <[EMAIL PROTECTED]>:
I recommend Zend Studio if you can afford it since it has a GUI for
both Windows and Linux
And for those interested in using a real computer, it's
GUI also runs under MacOSX.
http://zend.com/store/products/zend-studio/requirements.php
--
PHP General
On 6 Dec 2005, at 19:24, Jay Blanchard wrote:
[snip]
And for those interested in using a real computer,
it's
GUI also runs under MacOSX.
[/snip]
If they are "real" why aren't there more of them?
Far to many people have fallen victim to the deception field emanating from
Microsoft. The only kn
Jason Petersen wrote:
Vim is my editor of preference. If I have to use Windows, I usually go with
Homesite (because I already have a licensed copy) or Textpad (because it's
better than Notepad).
IDEs? Who needs 'em ;)
Who? Anyone who understands just how useful a debugger can be in incre
Quoting Roman Ivanov <[EMAIL PROTECTED]>:
Output text should be correctly formatted without using lots of br's
and 's. Doing so manually is not a problem, I would just use
for web paragraphs, and for book paragraphs.
However, formatting such text with a scrip is very difficult. Does
anyone
Quoting Roman Ivanov <[EMAIL PROTECTED]>:
Eric Gorr wrote:
Quoting Roman Ivanov <[EMAIL PROTECTED]>:
Output text should be correctly formatted without using lots of
br's and 's. Doing so manually is not a problem, I would just
use for web paragraphs, and for boo
83 matches
Mail list logo
