Travis Doherty wrote:
> Why is this so bad?
>
> // blindly run everything in _REQUEST through htmlentities
1. That's escaping, not filtering.
2. http://shiflett.org/archive/178
3. Using $_REQUEST is sloppy and makes CSRF attacks easier.
Maybe more? This is bad for all the reasons magic_quotes_g
here's my opinion on the matter.
it is not adviced to do filtering on _REQUEST getting data in general from
it actually. It is much better to specify where your data is coming from (
e.g. _POST or _GET). This is because variable _REQUST contains all the data
from the cookies, get and post. and if
On Mon, 2007-02-12 at 21:20 -0500, Travis Doherty wrote:
> Hello.
>
> Came across some code that startled me. Mostly because it goes against
> the generally accepted idea of detecting and rejecting bad input instead
> of trying to escape it, secondly because "it just feels wrong."
>
> The only t
Hello.
Came across some code that startled me. Mostly because it goes against
the generally accepted idea of detecting and rejecting bad input instead
of trying to escape it, secondly because "it just feels wrong."
The only technical case I have so far is for inserting a double/single
quote into
http://www.amazon.com/Scalable-Internet-Architectures-Developers-Library
/dp/067232699X
Respectfully,
Ligaya Turmelle
Systems Analyst
Guamcell Communications
Phone: (671)689-2377
-Original Message-
From: Jochem Maas [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 10, 2007 5:22 AM
To:
# [EMAIL PROTECTED] / 2007-02-12 23:34:21 +0100:
> Why is this happening? Can you confirm this? What has to be done different?
> If you don't get these results (sef faults (I still want to get 2,3,4,5,6)
> would you mind
> telling me which version of php you are using?
>
> The file is t.php and
On Mon, 12 Feb 2007 20:33:08 +0100, Jochem Maas <[EMAIL PROTECTED]>
wrote:
how should we know with out seeing the iterator_to_array() definition?
iterator_to_array() function is from php.
See http://de2.php.net/manual/en/function.iterator-to-array.php
Here is another testcase.
Why is this
Jim Lucas wrote:
Marc Weber wrote:
Does this script cause a segmentation fault running on your php
interpreter, too?
= ===
= ===
My version:
[EMAIL PROTECTED] ~ $
Jim Lucas wrote:
> Jochem Maas wrote:
>> Marc Weber wrote:
>>> Does this script cause a segmentation fault running on your php
>>> interpreter, too?
>>>
>>> = ===
>>> >>
>>> function fa()
>>> {
>>> $res = array();
>>> foreach(func
Jim Lucas wrote:
Jochem Maas wrote:
Marc Weber wrote:
Does this script cause a segmentation fault running on your php
interpreter, too?
= ===
you can't use the return value of func_get_args() directly in this way.
you must do t
Jochem Maas wrote:
Marc Weber wrote:
Does this script cause a segmentation fault running on your php
interpreter, too?
= ===
you can't use the return value of func_get_args() directly in this way.
you must do this instead:
$arg
Marc Weber wrote:
Does this script cause a segmentation fault running on your php
interpreter, too?
= ===
= ===
My version:
[EMAIL PROTECTED] ~ $ php -v
PHP 5.1.6-p
Marc Weber wrote:
>
>
> function A()
> {
> return new RecursiveArrayIterator(array(func_get_args()));
> }
> $a=iterator_to_array(new RecursiveIteratorIterator( A (A(2) , A (3,4),
> A(5,6;
> var_dump($a);
>
> ?>
>
> I'd expect this to output an array containing 2,3,4,5,6.
> But the result
Jochem Maas wrote:
Marc Weber wrote:
Does this script cause a segmentation fault running on your php
interpreter, too?
= ===
you can't use the return value of func_get_args() directly in this way.
you must do this instea
Marc Weber wrote:
> Does this script cause a segmentation fault running on your php
> interpreter, too?
>
> = ===
>
> function fa()
> {
> $res = array();
> foreach(func_get_args() as $a)
you can't use the return value of func_
On Mon, 12 Feb 2007 18:02:41 +0100, <[EMAIL PROTECTED]> wrote:
Is there an easy way in php to round to the nearest 500?
Yeah
$rouned = round($val/500) * 500;
Marc
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
$a=iterator_to_array(new RecursiveIteratorIterator( A (A(2) , A (3,4),
A(5,6;
var_dump($a);
?>
I'd expect this to output an array containing 2,3,4,5,6.
But the result is:
array(2) {
[0]=>
int(5)
[1]=>
int(6)
}
What did I miss here?
Marc
--
PHP General Mailing List (http://www
Does this script cause a segmentation fault running on your php
interpreter, too?
= ===
= ===
My version:
[EMAIL PROTECTED] ~ $ php -v
PHP 5.1.6-pl6-gentoo (cli) (bui
Steven Macintyre wrote:
Heya,
Thanks for the reply ...
$articles = split("Section break", $mystring);
foreach ($articles as $value) {
$newsarray[] = split("", $value);
}
print_r($newsarray);
foreach ($newsarray as $value1) {
echo "".$value1[0]."";
echo "";
ech
> -Message d'origine-
> De : Robert Cummings [mailto:[EMAIL PROTECTED]
> Envoyé : lundi 12 février 2007 18:00
> À : blackwater dev
> Cc : php-general@lists.php.net
> Objet : Re: [PHP] round to nearest 500?
>
> On Mon, 2007-02-12 at 11:52 -0500, blackwater dev wrote:
> > Is there an easy
On Mon, 2007-02-12 at 11:59 -0500, Jon Anderson wrote:
> blackwater dev wrote:
> > Is there an easy way in php to round to the nearest 500?
> >
> > So if I have 600, I 500 and if I have 800 I want 1000?
> Multiply by 2, round to 1000, divide by 2. Maybe there's an easier way,
> but that's what I
$num = "749";
$rounded = round($num * 2, -3) / 2;
echo $rounded;
-TG
= = = Original message = = =
Is there an easy way in php to round to the nearest 500?
So if I have 600, I 500 and if I have 800 I want 1000?
Thanks!
___
Sent by eProm
On Mon, 2007-02-12 at 11:52 -0500, blackwater dev wrote:
> Is there an easy way in php to round to the nearest 500?
>
> So if I have 600, I 500 and if I have 800 I want 1000?
This should work:
Cheers,
Rob.
--
..
| InterJinn Applicati
blackwater dev wrote:
Is there an easy way in php to round to the nearest 500?
So if I have 600, I 500 and if I have 800 I want 1000?
Multiply by 2, round to 1000, divide by 2. Maybe there's an easier way,
but that's what I use.
600*2 = 1200, round(1200,-3) = 1000, 1000/2 = 500
800*2 = 1600,
Is there an easy way in php to round to the nearest 500?
So if I have 600, I 500 and if I have 800 I want 1000?
Thanks!
Hi,
If I understood your questions here my solution.
Tip: Do not use " in html files...
externalFile.php
".$arrData[$i]['foo']." ".$arrData[$i]['bar']." ".$arrData[$i]
['baz']."\n";
}
?>
mailFile.php
Some
Header\n";
$strSubject = "This Is subject";
$strBody =
"
".$strFirsRow."
".$strExterna
Nice work Rob!
You were totally correct as I needed to write the header, mail body and
footer before I dumped the whole thing using OB contents.
Ross
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
$post = file_get_contents('php://input');
Or for older versions of PHP, just use $HTTP_RAW_POST_DATA.
Arpad
Nicholas Yim wrote:
> Hello EveryOne,
>
> like parse the soap request body
>
> not through $_POST nor $_FILE
>
> Best regards,
>
> Nicholas Yim
> [EMAIL PROTECTED]
> 2007-02-12
Matthias S. wrote:
> hi jochem,
>
> thanks. i've tripplechecked on the names, but just in case I miss something
don't just read the code - run it with suitable var_dump() statements and
view the output to determine what is *really* happening.
2 possiblities/probabilities:
1. your misspelling th
> > Age Alter:
> >
> >
Sorry - I was a bit too hasty with the send button. I've just seen that
you've also changed the name in the script too.
I also see that you have a semi-colon outside the style attribute. I don't
think this will help matters. Get your HTML to validate and that will
probably
On h, 2007-02-12 at 14:09 +, Edward Kay wrote:
> > Age Alter:
> >
> >
>
> There's your problem: name="txtAge". For your PHP script to work you need
> name="_txtAge".
in his last email the OP has the name "txtAge" in his php script also...
greets
Zoltán Németh
>
> PS: You should also have
> Age Alter:
>
>
There's your problem: name="txtAge". For your PHP script to work you need
name="_txtAge".
PS: You should also have quotes around the 50 in the maxlength attribute.
Edward
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On h, 2007-02-12 at 14:54 +0100, Matthias S. wrote:
> hi jochem,
>
> thanks. i've tripplechecked on the names, but just in case I miss something
> obvious, I'll post the entire snippets.
>
> +++ HTML form +++
>
>
>
> Name Name:
>
>
> Email-Address E-Mail
> Adresse:
>
>
> Age Alter:
>
I'm
On Mon, 2007-02-12 at 15:20 +0200, clive wrote:
> Robert Cummings wrote:
> > On Mon, 2007-02-12 at 14:52 +0200, clive wrote:
> >>> >>>
> >>> ob_start();
> >>> include( 'someFile.php' );
> >>> $content = ob_get_contents();
> >>> ob_end_clean();
> >>>
> >>> ?>
> >> no I think he need
hi jochem,
thanks. i've tripplechecked on the names, but just in case I miss something
obvious, I'll post the entire snippets.
+++ HTML form +++
Name Name:
Email-Address E-Mail
Adresse:
Age Alter:
Gender Geschlecht:
female | weiblich
male | mÃnnlich
Anything more to say? Noch
ein Komm
On Mon, 2007-02-12 at 13:20 +, Edward Kay wrote:
> > > > I am using phpmailer for a rich html mailer and I have been using
> > > > lines like
> > > > this to build up the mailbody
> > > >
> > > > $mail_body .= " > > > src=\"http://www.myurl.org/mylogo.gif\";;
> > > >
> > > > Is there a build i
On h, 2007-02-12 at 14:16 +0100, Matthias S. wrote:
> hi zoltan,
>
> thanks for your reply. i've tried the -f switch but the only effect it has
> is an error message ;)
>
> Warning: mail() [function.mail]: SAFE MODE Restriction in effect. The fifth
> parameter is disabled in SAFE MODE.
ehh, sorr
Matthias S. wrote:
> hi zoltan,
>
> thanks for your reply. i've tried the -f switch but the only effect it has
> is an error message ;)
>
> Warning: mail() [function.mail]: SAFE MODE Restriction in effect. The fifth
> parameter is disabled in SAFE MODE.
which another way of saying 'my hosting en
Robert Cummings wrote:
On Mon, 2007-02-12 at 14:52 +0200, clive wrote:
no I think he needs file_get_contents();
While that will certainly read PHP into a variable, it won't evaluate
the contents. Then you're stuck with eval. This has the undesirable
effect of not being able to take advantage
> > > I am using phpmailer for a rich html mailer and I have been using
> > > lines like
> > > this to build up the mailbody
> > >
> > > $mail_body .= " > > src=\"http://www.myurl.org/mylogo.gif\";;
> > >
> > > Is there a build in function to assign html code to a php
> > > variable and then
> > >
hi zoltan,
thanks for your reply. i've tried the -f switch but the only effect it has
is an error message ;)
Warning: mail() [function.mail]: SAFE MODE Restriction in effect. The fifth
parameter is disabled in SAFE MODE.
as for the age value:
it is simply incorrect because it is always empty...
On Mon, 2007-02-12 at 14:52 +0200, clive wrote:
> > >
> > ob_start();
> > include( 'someFile.php' );
> > $content = ob_get_contents();
> > ob_end_clean();
> >
> > ?>
>
> no I think he needs file_get_contents();
While that will certainly read PHP into a variable, it won't evalua
no I think he needs file_get_contents();
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Mon, 2007-02-12 at 12:27 +, Edward Kay wrote:
> > I am using phpmailer for a rich html mailer and I have been using
> > lines like
> > this to build up the mailbody
> >
> > $mail_body .= " > src=\"http://www.myurl.org/mylogo.gif\";;
> >
> > Is there a build in function to assign html code t
> I am using phpmailer for a rich html mailer and I have been using
> lines like
> this to build up the mailbody
>
> $mail_body .= " src=\"http://www.myurl.org/mylogo.gif\";;
>
> Is there a build in function to assign html code to a php
> variable and then
> output them? Or can I read an external
On h, 2007-02-12 at 11:13 +0100, Matthias S. wrote:
> Hi there,
>
> I've got two bloody beginner questions: I've created a form with various
> text input fields. One is to hold a numeric value (age). Upon submission, I
> try to retrieve the value of this field like this:
>
> $age = $_POST['_txtAg
Hi there,
I've got two bloody beginner questions: I've created a form with various
text input fields. One is to hold a numeric value (age). Upon submission, I
try to retrieve the value of this field like this:
$age = $_POST['_txtAge'];
later, I use the $age variable to create a message...
$mess
Hello,
on 02/12/2007 03:03 AM Manish Marathe said the following:
> > I have seen some implementations of Server in php implementing
> HTTP Digest
> > Authentication but I have not seen any guidelines on HTTP Client
> connecting
> > to a specific host, and using the "realm", the
On h, 2007-02-12 at 21:04 +1100, Chris Henderson wrote:
> My HTML form submits data to a php form and the php form displays it.
> I was wondering if I could "save" the data in the php form so whoever
> opens it can see the data. At the moment, if I open "action.php" from
> a different computer or b
My HTML form submits data to a php form and the php form displays it.
I was wondering if I could "save" the data in the php form so whoever
opens it can see the data. At the moment, if I open "action.php" from
a different computer or browser I see "hi you are 0 years old"
Here's my HTML & PHP for
50 matches
Mail list logo
