I would like to give a few comments on your script:
1) it looks like that
http://www.sperling.com/examples/captcha/tmp/access.mp3, without a
code, always returns the same value :) 284
2) About the timeout, you should set it at least less then 24 hrs, i
should do about 6 hrs, that's enough for
2007. 03. 29, csütörtök keltezéssel 22.00-kor Tijnema ! ezt írta:
> On 3/29/07, Zoltán Németh <[EMAIL PROTECTED]> wrote:
> > 2007. 03. 29, csütörtök keltezéssel 21.52-kor Tijnema ! ezt írta:
> > > On 3/29/07, Zoltán Németh <[EMAIL PROTECTED]> wrote:
> > > > works fine on XP/IE7
> > > > but still te
Manuel Lemos wrote:
Hello,
on 03/30/2007 12:38 AM Chris said the following:
I get a 500 Internal server error, not sure why as this page being
called just inserts a word into a database. Could the cause be something
else network related? What else can I troubleshoot? or is my code
incorrect?
I
Hello,
on 03/30/2007 12:38 AM Chris said the following:
>>> I get a 500 Internal server error, not sure why as this page being
>>> called just inserts a word into a database. Could the cause be something
>>> else network related? What else can I troubleshoot? or is my code
>>> incorrect?
>>
>> It
Manuel Lemos wrote:
Hello,
on 03/29/2007 01:15 PM Angelo Zanetti said the following:
I have a script on a server that does some processing, now I want to
execute that script using cURL. This is a basic scenario and I assume
its possible but its not working.
The script is as follows:
$url =
Hello,
I have a Linux shared hosting environment with PHP running over CGI. With
CGI I can't use httpd.conf or .htaccess files for PHP related parameters,
so all the parameters should be given in one central php.ini file, AFAIK.
So how can I give parameters, in effect, like the ones below?
error_
Hello,
on 03/29/2007 01:15 PM Angelo Zanetti said the following:
> I have a script on a server that does some processing, now I want to
> execute that script using cURL. This is a basic scenario and I assume
> its possible but its not working.
>
> The script is as follows:
>
>$url = "http://
I was reading the current tread on CAPTCHA and possible cracks and I
thought maybe I'd throw this out to the group to see what you think.
Recently I saw a forum where in order to post you first had to click on
a div that was placed at a random location on the page, it read
something like, "Cli
On Thu, March 29, 2007 4:50 pm, tedd wrote:
>>2. What you've created is a relatively simplistic audio captcha that
>>HAS to be really succeptible to speech recognition. Spammers have
>>gotten used to visual CAPTHCA so maybe they're not going to focus
>>too much on detecting and breaking audio CAPT
Angelo Zanetti wrote:
y
Erik Jones wrote:
On Mar 29, 2007, at 11:15 AM, Angelo Zanetti wrote:
Hi all.
I have a script on a server that does some processing, now I want to
execute that script using cURL. This is a basic scenario and I assume
its possible but its not working.
The script i
On Thu, March 29, 2007 3:45 pm, Tijnema ! wrote:
> You're maybe on the right path, adding images as the background makes
> it really hard to read the code from the image. You could for example
> use random images as background.
Some of the CAPTCHA methods listed as being difficult for the PWNtcha
Rahul Sitaram Johari wrote:
My Apologies Everyone! I gave you all the wrong code Twice!! A pox on me - I
tell you!
This is the ACTUAL code that I'm working with - and it's not working:
$WHEN, $WHAT, $WHO";
$sql = "INSERT INTO tbl (WHEN, WHAT, WHO) VALUES
('$WHEN','
Sady Marcos wrote:
Change permissions...
How is that related to permissions?
It was simply php trying to load up extensions that didn't exist.
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.ne
Just going out on a limb here, but did you mis-type it in the script
also?
>
> I then stumbled upon gnomevfs-info that provided the information I
^
> exec, etc). I used the full path (/usr/bin/gnamevfs-info) so I
don't
Jason Pruim wrote:
Hi Everyone,
First off, I'm using PHP 5.2.0 and apache 1.3.33
I am trying to figure out what format a string is in in a database. It's
a timecard system that I have found on-line and I am attempting to
figure out how to write a script that would give me everyones timecard
Roberto Mansfield wrote:
Jason Pruim wrote:
Thanks everyone for your suggestions, it turns out it was a unix time
stamp and I can get it to parse out a normal date now.
Now... on to the harder part
What I am trying to do is learn... This is kind of just a pet project
for me to figure out h
Ave,
You've actually raised pretty valid security issues.
The files in that particular mounted share can be publicly accessible so I'm
not worried about that. But I'll certainly validate phone number before
executing the find command.
Thanks!
~~~
Rahul Sitaram
Ave,
I think I did it! I created a sharepoint within my web server (inside my
website) and mounted the share on that sharepoint. Once I did that, I
specified correct paths and my downloads are now working. I created a ³jump
menu² select list and this is what I¹ve come up with:
function o
Only do this if all the files should be publicly accessible. Otherwise,
you'll need to create a php wrapper to do authorization before sending
the file.
-Roberto
Rahul Sitaram Johari wrote:
> Ave,
>
> I¹m going to try creating the sharepoint within my webserver, as suggested
> by you and tijnem
Also, you should validate the phone number (make sure it contains only
numerical digits) before using it on the command line. I wouldn't trust
the data to build a command line.
-Roberto
Rahul Sitaram Johari wrote:
> ;)
>
> Point taken!
>
> exec("find /Users/rjohari/Documents/XFER/espi
Jason Pruim wrote:
> Thanks everyone for your suggestions, it turns out it was a unix time
> stamp and I can get it to parse out a normal date now.
>
> Now... on to the harder part
>
> What I am trying to do is learn... This is kind of just a pet project
> for me to figure out how I can do it
At 7:32 PM +0200 3/29/07, Tijnema ! wrote:
Yes, it's nice made, i see you didn't stored anything in sessions
except PHPSESSID, which you probably use to verify the code entered.
Atleast, that's what i think, i hope you didn't use IP ;)
No, it's just uses sessions to keep track of the visitor. H
Ave,
I¹m going to try creating the sharepoint within my webserver, as suggested
by you and tijnema. I think that¹s probably the easiest and quickest
solution to this. I¹ll report back!
Thanks!
On 3/29/07 4:48 PM, "Daniel Brown" <[EMAIL PROTECTED]> wrote:
>
> Rahul,
>
> Your best bet
Good call :-)
Yes, safe mode is turned off.
On 3/29/07, Tijnema ! <[EMAIL PROTECTED]> wrote:
On 3/29/07, Nathan Ziarek <[EMAIL PROTECTED]> wrote:
> /etc/php5/apache2/php.ini has the uncommented line "safe_mode = Off"
>
> Assuming there isn't another file that can override that setting, my
> saf
At 9:45 PM +0200 3/29/07, Tijnema ! wrote:
For example, i would go to the page and save the number that the
CAPTCHA passed to my session. Then i would write down the code that i
need to enter. So, next time i need to pass, i set the session value
to the one i got first time, and i enter same code
2007. 03. 29, csütörtök keltezéssel 22.46-kor Tijnema ! ezt írta:
> On 3/29/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote:
> > Ave,
> >
> > This is actually a continuation of my previous ³Show files using Wildcards²
> > thread, but a different problem.
> >
> > Code:
> >
> > >exec("find
2007. 03. 29, csütörtök keltezéssel 16.38-kor Jason Pruim ezt írta:
> Thanks everyone for your suggestions, it turns out it was a unix time
> stamp and I can get it to parse out a normal date now.
>
> Now... on to the harder part
>
> What I am trying to do is learn... This is kind of just a
tg:
At 2:36 PM -0400 3/29/07, <[EMAIL PROTECTED]> wrote:
1. My biggest fear when relying on an audio CAPTCHA system is if the
users doesn't have sound. No speakers, or can't play stuff at the
office or something like that. I keep my system muted at work
unless I'm playing music because some
On 3/29/07, Nathan Ziarek <[EMAIL PROTECTED]> wrote:
/etc/php5/apache2/php.ini has the uncommented line "safe_mode = Off"
Assuming there isn't another file that can override that setting, my
safe mode is off.
Thanks,
Nate
better check this using phpinfo:
Tijnema
On 3/29/07, Peter Lauri <
On 3/29/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote:
Ave,
This is actually a continuation of my previous ³Show files using Wildcards²
thread, but a different problem.
Code:
".basenam
e($value)."";
}
?>
The files I¹m linking to, in order to let the User download them, reside on
Correction, please disregard previous post:
Ave,
This is actually a continuation of my previous ³Show files using Wildcards²
thread, but a different problem.
Code:
".basenam
e($value)."";
}
?>
The files I¹m linking to, in order to let the User download them, reside on
a mounted sh
/etc/php5/apache2/php.ini has the uncommented line "safe_mode = Off"
Assuming there isn't another file that can override that setting, my
safe mode is off.
Thanks,
Nate
On 3/29/07, Peter Lauri <[EMAIL PROTECTED]> wrote:
Is php safe mode on or off?
Best regards,
Peter Lauri
www.dwsasia.com -
Ave,
This is actually a continuation of my previous ³Show files using Wildcards²
thread, but a different problem.
Code:
".basenam
e($value)."";
}
?>
The files I¹m linking to, in order to let the User download them, reside on
a mounted share on my system. They are on in the Apache We
Thanks everyone for your suggestions, it turns out it was a unix time
stamp and I can get it to parse out a normal date now.
Now... on to the harder part
What I am trying to do is learn... This is kind of just a pet project
for me to figure out how I can do it. here is how the database i
Matt Carlson wrote:
I don't know how much of it I have left. I know that I hacked it up quite a
bit when I created an irc bot with the php reference manual. Unfortunately,
there really isn't an easy way to get function information as such from inside
of php, without parsing php's website.
T
;)
Point taken!
";
}
?>
:)
Thanks
~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.
W: http://www.rahulsjohari.com
E: [EMAIL PROTECTED]
³I morti non sono piu soli ... The dead are no longer lonely²
On 3/29/07 4:58 PM, "Peter Lauri"
I don't know how much of it I have left. I know that I hacked it up quite a
bit when I created an irc bot with the php reference manual. Unfortunately,
there really isn't an easy way to get function information as such from inside
of php, without parsing php's website.
The phpdoc stuff wasn't
Agreed! And definitely modified my code to use basename()
";
}
?>
Thanks!
On 3/29/07 3:58 PM, "Tijnema !" <[EMAIL PROTECTED]> wrote:
> On 3/29/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote:
>> Ave,
>>
>> This Works!!
>>
>>>exec("find /Users/rjohari/Documents/XFER/es
On 3/29/07, Zoltán Németh <[EMAIL PROTECTED]> wrote:
2007. 03. 29, csütörtök keltezéssel 21.52-kor Tijnema ! ezt írta:
> On 3/29/07, Zoltán Németh <[EMAIL PROTECTED]> wrote:
> > works fine on XP/IE7
> > but still tells me to install some unknown plugin on ubuntu/firefox
> >
> > greets
> > Zoltán
Awesome!! This Works!!
";
}
?>
THANKS!
~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.
W: http://www.rahulsjohari.com
E: [EMAIL PROTECTED]
“I morti non sono piu soli ... The dead are no longer lonely”
On 3/29/07 3:52 PM, "Ben Robe
DON'T commit suicide mate :)
What if you one day move the path? ;)
> -Original Message-
> From: Rahul Sitaram Johari [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 29, 2007 9:54 PM
> To: Peter Lauri; PHP
> Subject: Re: [PHP] Show Filename using Wildcards
>
> Ave,
>
> This Works!!
>
On 3/29/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote:
Ave,
This Works!!
";
}
?>
THANKS!
I recommend using basename($value) instead of substr($value,35)
If the directory changes, the basename would still return valid
values, while substr wouldn't
Tijnema
2007. 03. 29, csütörtök keltezéssel 21.52-kor Tijnema ! ezt írta:
> On 3/29/07, Zoltán Németh <[EMAIL PROTECTED]> wrote:
> > works fine on XP/IE7
> > but still tells me to install some unknown plugin on ubuntu/firefox
> >
> > greets
> > Zoltán Németh
>
> That unknown plugin would probably some aud
Just do something like:
$fileswithoutdir = array();
foreach($files AS $file) {
$fileswithoutdir[] = basename($file);
}
Voila...
Or you could do it more complicated in the foreach loop (but not
recommended):
$fileswithoutdir[] = preg_replace("/^.*\/(\d+\.vox)$/", "$1",
$file);
/P
Ave,
This Works!!
";
}
?>
THANKS!
~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.
W: http://www.rahulsjohari.com
E: [EMAIL PROTECTED]
³I morti non sono piu soli ... The dead are no longer lonely²
On 3/29/07 4:31 PM, "Peter Lauri"
Rahul Sitaram Johari wrote:
So I have to accomplish two things:
1. I have to eliminate the filepath from the result
2. I need to specify the variable that holds the phone number, (like
$row[ŒPHONE¹]) instead of the actual phone number in the ³exec² command.
Thanks!! Much Appreciated!
To get
On 3/29/07, Zoltán Németh <[EMAIL PROTECTED]> wrote:
works fine on XP/IE7
but still tells me to install some unknown plugin on ubuntu/firefox
greets
Zoltán Németh
That unknown plugin would probably some audio player.
Tijnema
2007. 03. 29, csütörtök keltezéssel 12.41-kor tedd ezt írta:
> Hi
works fine on XP/IE7
but still tells me to install some unknown plugin on ubuntu/firefox
greets
Zoltán Németh
2007. 03. 29, csütörtök keltezéssel 12.41-kor tedd ezt írta:
> Hi gang:
>
> If you people would be so kind as to review this:
>
> http://sperling.com/examples/captcha/
>
> and tell me
Peter,
Believe it or not, but this is actually working. I'm on a Mac OS X, which is
linux underneath, so I was hopeful about the command you provided. I ran
this code:
exec("find /Users/rjohari/Documents/XFER/espi/ -type f -name
33*.vox", $files);
foreach ($files as $value) {
On 3/29/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Not bad. Seems to work nicely. No "OMGWTF!" obvious slips like naming the MP3
with the digits the user needs to enter.
Worked fine in Firefox 1.5 too. Sometimes when audio is embedded in a page, it
tries to load Windows Media Player or
At 2:02 PM -0400 3/29/07, Jason Pruim wrote:
Just a really quick check right now is all I have time for, but it
looks good. The one thing you could do (And this is personal
preference) Mark on it that they can replay the code if they didn't
hear it the first time. I am in a loud environment at
Rahul Sitaram Johari wrote:
Ave,
Yes well, I did kind of figure out that I have to scan through contents of a
directory, pull up a file list, and then do some kind of pattern matching to
narrow down to the files I need. But at this moment I'm kinda struggling
with the directory & file functions
Is php safe mode on or off?
Best regards,
Peter Lauri
www.dwsasia.com - company web site
www.lauri.se - personal web site
www.carbonfree.org.uk - become Carbon Free
> -Original Message-
> From: Nathan Ziarek [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 29, 2007 9:30 PM
> To: php-ge
Ave,
Yes well, I did kind of figure out that I have to scan through contents of a
directory, pull up a file list, and then do some kind of pattern matching to
narrow down to the files I need. But at this moment I'm kinda struggling
with the directory & file functions - haven't really dwelled into
> -Original Message-
> From: Rahul Sitaram Johari [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 29, 2007 9:12 PM
> To: PHP
> Subject: [PHP] Show Filename using Wildcards
>
> Ave,
>
> I have a script where I have to provide a Download Link to a file
> associated
> with a record. The co
I'm having a hard time getting solid MIME Types of various files.
On my Ubuntu/Apache2/PHP5 system, I first attempted to install
fileInfo. That didn't go so well (on Safari even running "$finfo =
finfo_open(FILEINFO_MIME);" causes it to complain that it lost the
network connection; Firefox prompt
Rahul Sitaram Johari wrote:
Ave,
I have a script where I have to provide a Download Link to a file associated
with a record. The common thing between the record & filename is the phone
number. But the filenames have dates & other symbols besides the phone
number as well. They all do begin with a
Ave,
I have a script where I have to provide a Download Link to a file associated
with a record. The common thing between the record & filename is the phone
number. But the filenames have dates & other symbols besides the phone
number as well. They all do begin with a phone number though.
How can
No, it replayed just fine. It just didn't seem to me to be obvious
that hitting the "speak" button would replay the same code that I may
have missed a digit out of.
But then again, I've been trying to figure out how to do math with
PHP and MySql all day so my brain is totally fried :P
On
Ben Roberts wrote:
I'm trying to download the phpm command line PHP documentation widget -
all sources I can find point me to http://eide.org/?epc=php but there's
nothing available here.
Does anyone know where I can find phpm please ?
Thanks
Ben
Any takers? Has anyone got a copy of phpm
Not bad. Seems to work nicely. No "OMGWTF!" obvious slips like naming the MP3
with the digits the user needs to enter.
Worked fine in Firefox 1.5 too. Sometimes when audio is embedded in a page, it
tries to load Windows Media Player or something which doesn't always work well
in Firefox withou
It played the same sequence for me when I re-clicked the Play button.. until I
went away for a min or two and my session probably timed out. Did it not play
the same sequence for you?
-TG
= = = Original message = = =
Just a really quick check right now is all I have time for, but it
looks g
use scope_identity() if you're using MS SQL Server 2000 or newer.
scope_identity slects the last id within your current scope (The last record
you entered in your current session)
On 3/29/07, Sady Marcos <[EMAIL PROTECTED]> wrote:
hey..
I am not obtaining use the function pdo::lastInsertId()
Just a really quick check right now is all I have time for, but it
looks good. The one thing you could do (And this is personal
preference) Mark on it that they can replay the code if they didn't
hear it the first time. I am in a loud environment at times and can't
always hear things the fi
hey..
I am not obtaining use the function pdo::lastInsertId() with sql
My code:
$db = new PDO("mssql:host=host;dbname=database","user","password");
$sql = "INSERT INTO users(name,status) VALUES('username','1)";
$db->query($sql);
$db->lastInsertId();
Error:
SQLSTATE[IM001]: Driver does not suppo
> -Original Message-
> From: Brad Fuller [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 29, 2007 1:24 PM
> To: 'Tana'; php-general@lists.php.net
> Subject: RE: [PHP] link on user uploaded pic
>
> > -Original Message-
> > From: Tana [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, M
It worked for you, Tij?
My guess, then, since it's timing out, is it must be our corporate firewall
blocking
MP3s on my end. In which case, disregard my reponses with extreme prejudice.
Yes it worked for me, it probably is a firewall, because it works for Jake too.
On 3/29/07, Jake McHenr
> -Original Message-
> From: Tana [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 29, 2007 1:02 PM
> To: php-general@lists.php.net
> Subject: [PHP] link on user uploaded pic
>
> Hi
>
> which is the best way to change this code
>
>
>
> to
>
>src="images/user_upload/akarmi.jpg">
Looks good to me... Had to use my laptop since none of my office sets have
speakers, tested it, tried bunch of stuff and it only let me in when I typed
in the code... So seems good :)
Jake
> -Original Message-
> From: tedd [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 29, 2007 12:4
Not quite sure what you mean, what you posted is what you need to do to make
the image a link... And that's what you wanted... So.. What are you asking?
Jake
> -Original Message-
> From: Tana [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 29, 2007 1:02 PM
> To: php-general@lists.php
Tijnema ! wrote:
> On 3/29/07, Man-wai Chang <[EMAIL PROTECTED]> wrote:
>> Anyone knew how to insert this value into a char(2) column?
>
> Ok, what are you trying to do? you post a message with a single line,
> and we need to help you?
> I don't even think this is PHP related. You are trying to ins
y
Erik Jones wrote:
On Mar 29, 2007, at 11:15 AM, Angelo Zanetti wrote:
Hi all.
I have a script on a server that does some processing, now I want to
execute that script using cURL. This is a basic scenario and I assume
its possible but its not working.
The script is as follows:
$url
On Mar 29, 2007, at 11:15 AM, Angelo Zanetti wrote:
Hi all.
I have a script on a server that does some processing, now I want
to execute that script using cURL. This is a basic scenario and I
assume its possible but its not working.
The script is as follows:
$url = "http://www/te
On 3/29/07, Angelo Zanetti <[EMAIL PROTECTED]> wrote:
Hi all.
I have a script on a server that does some processing, now I want to
execute that script using cURL. This is a basic scenario and I assume
its possible but its not working.
The script is as follows:
$url = "http://www/test.ph
On 3/29/07, tedd <[EMAIL PROTECTED]> wrote:
Hi gang:
If you people would be so kind as to review this:
http://sperling.com/examples/captcha/
and tell me what you think (ease of use, if it works, security,
etc.), I would appreciate it.
The point is to be able to get to the "Congratulations" pa
Maybe you know of friends in the New Jersey or New York area that are
looking :)
Non-Financial Java Developer (HIBERNATE / SPRING) MUST HAVE: 8-10
years experience. Java/JSP/JavaScript, XML, and Oracle 10g (10g is
strongly preferred), Hibernate, Spring. These are straight coder
positions. The
Hi gang:
If you people would be so kind as to review this:
http://sperling.com/examples/captcha/
and tell me what you think (ease of use, if it works, security,
etc.), I would appreciate it.
The point is to be able to get to the "Congratulations" page by
hearing and entering the key. If you
At 5:18 PM +0200 3/29/07, Tijnema ! wrote:
I've discussed the problems with using image code (CAPTCHA) in another
post on this list. So then you would create a script of 100+ lines to
do it :)
And even then, some smart programmers are probably going to find a way
to read your image code :)
I'
Daniel Brown escreveu:
Does anyone have any recommendations for existing open source PHP
scripts that use IP Geolocation? I was looking into creating a hook to use
hostip.info's API, but it's still too new, and I've already had to add
three
IP address and a netblock.
I use the GeoIP
> -Original Message-
> From: Daniel Brown [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 29, 2007 12:08 PM
> To: php-general@lists.php.net
> Subject: [PHP] IP Geolocation Scripts
>
> Does anyone have any recommendations for existing open source PHP
> scripts that use IP Geolocation?
Hi all.
I have a script on a server that does some processing, now I want to
execute that script using cURL. This is a basic scenario and I assume
its possible but its not working.
The script is as follows:
$url = "http://www/test.php";;
$ch = curl_init();
curl_s
Does anyone have any recommendations for existing open source PHP
scripts that use IP Geolocation? I was looking into creating a hook to use
hostip.info's API, but it's still too new, and I've already had to add three
IP address and a netblock.
--
Daniel P. Brown
[office] (570-) 587-7080 Ext.
You can pass session ID data via the URL. Ugly as it is, that's a viable
option (that I see used a lot actually.. kinda drives me nuts but I understand
it) for when you don't have people logging in and/or can't guarentee that
cookies will be available.
As was mentioned a few times, CAPTCHA met
Good topic. It's touched on here and there in other questions, but always good
to hit it head-on from time to time too.
First, mysql_real_escape_string() for inserting into MySQL and whatever equiv
you can find for whatever other database you may be using. addslashes() isn't
so hot for databa
>
> And even then, some smart programmers are probably going to find a way
> to read your image code :)
>
that, of course, if your app will be an interface to client`s bank
account, with online management. :)
cajb.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http:
On 3/29/07, cajbecu <[EMAIL PROTECTED]> wrote:
>
> if($_POST && eregi(getenv("SERVER_NAME"),getenv("HTTP_REFERER"))) {
>// This is a safe POST
>} elseif(!eregi(getenv("SERVER_NAME"),getenv("HTTP_REFERER"))) {
>die("Illegal access. Your IP has been logged.\n");
>}
> ?>
Many legitimate users will have their referrer blocked by proxies or by
browser preference so you'll also have false negatives.
Arpad
cajbecu wrote:
it is not safe. i can use curl (www.php.net/curl) and modify the referer
of my script to pass this security check. i advise you to add i
>
> if($_POST && eregi(getenv("SERVER_NAME"),getenv("HTTP_REFERER"))) {
>// This is a safe POST
>} elseif(!eregi(getenv("SERVER_NAME"),getenv("HTTP_REFERER"))) {
>die("Illegal access. Your IP has been logged.\n");
>}
> ?>
>
it is not safe. i can use curl (www.php.net
Just wondering how many of you actually use any type of secure coding
when doing form processing. I'm guilty of not doing it all the time myself,
but I'm trying to get into the habit of doing so. For example, I don't want
someone else modifying a form to auto-post values to my handler, so I w
Agreed, if there are multiple forms, I will definitely have to use either
Submit name or some form of identifier.
Thanks!
On 3/29/07 10:47 AM, "Zoltán Németh" <[EMAIL PROTECTED]> wrote:
> 2007. 03. 29, csütörtök keltezéssel 10.38-kor Rahul Sitaram Johari ezt
> írta:
>> Daniel I like your code
2007. 03. 29, csütörtök keltezéssel 10.38-kor Rahul Sitaram Johari ezt
írta:
> Daniel I like your code it¹s definitely cleaner and compact.
> I have a question for you I have never used ³if($_POST) {³, instead,
> always felt I needed to specify the $Submit variable to check if form is
> submitt
Awesome! This helps. I¹ll start using this method from now on certainly
seems a lot more compliant and also actually helps eliminating the ³Submit²
button name confusion.
Thanks! Appreciated.
~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.
W: ht
On 3/29/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote:
BY THOR! That worked! "WHEN" Is a reserved word and that is what was causing
the problem. Changed it to "THETIME" and query went through fine!!
Can't thank you enough! This was driving me crazy! Look how many mistakes I
made in just ma
On 3/29/07, Man-wai Chang <[EMAIL PROTECTED]> wrote:
Anyone knew how to insert this value into a char(2) column?
Ok, what are you trying to do? you post a message with a single line,
and we need to help you?
I don't even think this is PHP related. You are trying to insert it
into a database?
My
Daniel I like your code it¹s definitely cleaner and compact.
I have a question for you I have never used ³if($_POST) {³, instead,
always felt I needed to specify the $Submit variable to check if form is
submitted. So basically if I use ³if($_POST) {³, would it automatically mean
it¹s checking
BY THOR! That worked! "WHEN" Is a reserved word and that is what was causing
the problem. Changed it to "THETIME" and query went through fine!!
Can't thank you enough! This was driving me crazy! Look how many mistakes I
made in just making this post in this mailing list!
Honorable *bow*
Thanks!
On 3/29/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote:
Ave,
For total clarity, I¹m starting this post again. I messed up big time with
my posts.
So here¹s my actual code:
$WHEN, $WHAT, $WHO";
$sql = "INSERT INTO tbl (WHEN, WHAT, WHO) VALUES
('$WHEN','$WHAT','$WHO')";
$result = m
On 3/29/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote:
My Apologies Everyone! I gave you all the wrong code Twice!! A pox on me - I
tell you!
This is the ACTUAL code that I'm working with - and it's not working:
$WHEN, $WHAT, $WHO";
$sql = "INSERT INTO tbl (WHEN, WHAT, WHO) VALUES
Ave,
For total clarity, I¹m starting this post again. I messed up big time with
my posts.
So here¹s my actual code:
$WHEN, $WHAT, $WHO";
$sql = "INSERT INTO tbl (WHEN, WHAT, WHO) VALUES
('$WHEN','$WHAT','$WHO')";
$result = mysql_query($sql) or die("Fatal Error :".
On 3/29/07 10:18 AM, "cajbecu" <[EMAIL PROTECTED]> wrote:
> are you sure $_POST['Submit'] is set? i mean, do you have an input named
> "Submit" that is set in your form?
The Submit button in my form is named "Submit".
The thing is, if the form is not submitted, this code is not executed (the
e
1 - 100 of 119 matches
Mail list logo
