php-windows Digest 17 Apr 2002 08:36:51 -0000 Issue 1097
Topics (messages 13129 through 13133):
Re: Security Alert! PHP CGI cannot be accessed directly.
13129 by: Faisal Ashraf
13132 by: Steve Yates
Re: Outputting a string from mysql database
13130 by: Nicole Amashta
Re: COM and ADODB access
13131 by: Alan Popow
apache2 and AcceptPathInfo
13133 by: firepages
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
101% sure I done the same but now I have rectifyed the problem by
installing php from php installer cuz manualy thing was giving me that
error.
Thank you
Faisal
This e-mail is confidential and may also be privileged. If you are not
the intended recipient, please notify us and delete the email from your
computer immediately; you should not copy or use it for any purpose, nor
disclose its contents to any other person.
-----Original Message-----
From: Shane Caraveo [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 16, 2002 9:54 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP-WIN] Security Alert! PHP CGI cannot be accessed
directly.
Are you sure you changed the correct ini file or didn't misspell it? I
use this all the time, no problem.
Faisal Ashraf wrote:
>
> Hi All,
>
> I have installed new version of php on my xp box I am running iis for
> my web's now I am getting this error even I have modified the php.ini
> file value cgi.force_redirect=0 but I am still getting the same
> problem any one could tell me how to remove this error ?
>
> Thank You
>
> Faisal Ashraf
> Manager Customer Care
> Gem Net
> www.gem.net.pk
>
>
> Security Alert! PHP CGI cannot be accessed directly.
>
> This PHP CGI binary was compiled with force-cgi-redirect enabled. This
> means that a page will only be served up if the REDIRECT_STATUS CGI
> variable is set. This variable is set, for example, by Apache's Action
> directive redirect.
>
>
> You may disable this restriction by recompiling the PHP binary with
> the --disable-force-cgi-redirect switch. If you do this and you have
> your PHP CGI binary accessible somewhere in your web tree, people will
> be able to circumvent .htaccess security by loading files through the
> PHP parser. A good way around this is to define doc_root in your
> php.ini file to something other than your top-level DOCUMENT_ROOT.
> This way you can separate the part of your web space which uses PHP
> from the normal part using .htaccess security. If you do not have any
> .htaccess restrictions anywhere on your site you can leave doc_root
> undefined. If you are running IIS, you may safely set
> cgi.force_redirect=0 in php.ini.
>
>
>
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
"Faisal Ashraf" <[EMAIL PROTECTED]> wrote in message
000501c1e534$57f88750$648505ca@faisal">news:000501c1e534$57f88750$648505ca@faisal...
> one could tell me how to remove this error ?
> If
> you are running IIS, you may safely set cgi.force_redirect=0 in php.ini.
Read just a bit further. :)
- Steve Yates
- Love is grand. Divorce is around twenty grand.
/ Taglines by Taglinator - www.srtware.com /
--- End Message ---
--- Begin Message ---
Depending on how the data was inserted. If the data was inserted via a php
script, then trying to insert data with a single quote ( ' ) in it would
throw an error and the query wouldn't complete. The entire query would fail.
If you want to insert ' in a database, either use escape the ' with a \' ..
which, if the data was submitted through a form via php, the ' are escaped
with slashes by default. So, when you bring up that data from the database
to display, you can use the php function stripSlashes() to remove that
backslash. You could use the addSlash() funciton if you are adding data that
wasn't necessary submittted through a form to escape that single quote. You
can also replace the ' (and double) quotes with their ascii equivalents.
Just some tips I thought I might share.
Good luck,
--
-----
Nicole Amashta
Web Application Developer
www.aeontrek.com
"Mike Flynn" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Are you sure that that last field truly contains "J B's Supermarket" in
the
> database? Are you sure the error wasn't produced while INSERTING the data
> into the database, thus resulting in only "J B" being put into the
> database? You should view your database data directly, like by using a
> webmin utility. If you do $row_info = mysql_fetch_row($result), and then
> show the row with the company name, a single quote (') shouldn't mess it
> up. But single quotes can mess up a query. Because if you think about
> your query, if you do it like this:
> INSERT INTO table (Name) VALUES ('J B's Supermarket')
> you can see how the single quote in the Name is messing up the query for
> MySQL -- it's making MySQL think it's the end of the value for Name. You
> need to escape single quotes when inserting them into a MySQL database.
If
> you do it via a form and have magicquotes turned on in your PHP.INI, then
> it's done automatically. Otherwise, you have to do it yourself.
>
> At 05:15 AM 4/16/2002 -0400, q wrote:
> >I have a field in a mysql table called table which is called names.
> >Examples of the information in this column :
> >
> >
> > Name
> >
> >Lottery Company
> >Mark MiniMark
> >J B's Supermarket
> >
> >
> >I connect to the datbase successful and I use the following php line to
> >get the information from the row: $row_info=mysql_fetch_row($result)
> >
> >Howevere when I try to output J B's Supermarket to the web page all I get
> >is J B. How can I get the entire display on the screen including the ' in
> >the name?
> >quincy
>
>
> Mike Flynn - Burlington, VT
> http://www.mikeflynn.net/ - [EMAIL PROTECTED]
> home=>work=>home=>store=>home [repeat daily]
>
--- End Message ---
--- Begin Message ---
On Tue, 16 Apr 2002 09:26:35 -0500, you wrote:
>It may be the ADO connection with Access. I am not sure. DB_adodb is a DB
>class I am writing for the Pear_DB abstraction layer.
>
>I am attaching it to this email so everyone can look at it. At this point it is
>kind of a hack. There is no capability in ADO to count the number of records
>that a query produced, unless you count each record yourself which would take
>too long.
It depends on what kind of recordset cursor you are returning. You're
correct on a 'forward ony' recordset, incorrect, for instance, for a static
recordset, and possibly correct (or not) for a dynamic recordset. Check the
RecordCount property. In some cases, you may have to do a 'movelast' in
order to get an accurate count.
ADO has the capability; it just doesn't work in all instances.
Alan
--- End Message ---
--- Begin Message ---
Hi, I have some search engine friendly scripts i.e.
whatever.com/this.htm/var1/var2/etc/
which under apache 1.2.*+ 'looked-back' to this.htm and gave me var1 var2
etc in the PATH_INFO array
under apache 2 you are supposed to use AcceptPathInfo ON - but no matter
where I put this - in httpd.conf or htaccess the instruction is ignored ???
any ideas? (I mean about getting it to work - using mod_rewrite/converting
to ....this.htm?this/etc/ are not options
Regards,
Simon Wheeler
--- End Message ---
