Dear All,
There doesn't seem to be much discussion of the disadvantages and long
term dangers of using php "sessions". So let's redress the balance:
1. Heterogeneous Code Environments
php session data is not easily accessible from non-php code e.g.
Perl/C/ASP etc. In contrast, either client-s
Bk wrote:
Hi
I've to set up a shared shopping cart to buy items
from four different sites and pay them at once
passing trough a single checkout.
Provided that these sites are hosted on the same
server (actually in the same directory), but have
different names, is it possible to share php
session
Daniel,
Switch register_globals back on, and everything works as it always did.
So do it!
All this fuss about register_globals being insecure is a complete load
of rubbish. This issue really bores me, but it seems programmers are
wasting a lot of time on it, so I guess I'd better run through
Why not get MySQL to compare your date with today?
e.g.
select if(Booking_Date = curdate(),'booked','free') as Todays_Status ...
$Todays_Status = mysql_result($result,$i, Todays_Status);
echo "you are $Todays_Status today";
I find it is much, much safer to only use the database for finding ou
Drew wrote:
> When I run the following script it returns String Okay! when it should say
> Invalid Characters Found. I've tried the script substituting $ for other
> characters, such as j, and it works just fine. What do I need to do?
>
>
> $input = "johnon@company.$com";
>
> if (ereg("[$]", $in
Riaan Stander wrote:
> Hi there
>
> I know this is not a php specific question, but I don't know where else to
> ask.
>
> I've got the following situation. The website I'm currently working on has
> got a administration page where the administration user must be able to
> login as all the users a
Frank Miller wrote:
> I'm working on a project here at our university and need a little. We
>installed a wireless network and bought 5 ipaq's to use and experiment with. I wrote
>a work order system that we are still using. Basically the tech guys want to be able
>to check WO from t
John Holmes wrote:
> The best way to do this is server side with strlen(). You can use
> javascript or maxlength, but if a user wants to get around it, they can.
>
> ---John Holmes...
>
John,
The best way to do this is with both. maxlength/Javascript as a courtesy,
strlen for security.
As yo
Otteneder Hermann wrote:
> hi everybody,
>
> i have a short problem:
> i have two drop down menues in a form. the content of the second dropdown is
> dependent from the selection in the first dropdown menue. now i want write a
> short javascript which runs on the onSelect - event of the first dro
Phil Schwarzmann wrote:
> I want to round a number to the nearest decimal place...
>
> if the number is 4.623, I want it to display 4.6
> if the number is 2.36, I want it to display 2.7
>
> Is there a function that does this? round(), ceil(), floor() don't do
> this and I've checked through all
Jason Wong wrote:
> On Monday 24 June 2002 11:34, Phil Schwarzmann wrote:
> > I want to round a number to the nearest decimal place...
> >
> > if the number is 4.623, I want it to display 4.6
> > if the number is 2.36, I want it to display 2.7
>
> You don't really mean 2.36 --> 2.7 ??
>
> > Is th
Mike wrote:
> Erik,
>
> thaks for the reply. I conducted a simple/rough benchmark to which is more
> expensive. I tested on a Intel PIII (450MHz 384MB ram) box running Win Xp,
> Apache 1.3.26 and PHP 4.2.1, and mysql 3.23.49 and freeBSD of similar stats
> (1000MHz, 1G ram). I used the adodb d
> Repeat of previous message in thread without the extra ugly wrapping, (sorry!!!)
Matthew Clark wrote:
Seeing as the mathematically correct way to round numbers is to round down
to n for n-1<=m<=n.5 and up to n+1 for n.5= 0.0)
return_val = floor(pow(10.0,places - DBL_DIG)) + 0.5 + re
Matthew Clark wrote:
> Seeing as the mathematically correct way to round numbers is to round down
> to n for n-1<=m<=n.5 and up to n+1 for n.5 round() function couldn't include a little 'fuzz' to handle the rounding
> problems we encounter due to floating point representation in the hardware?
>
César aracena wrote:
> I like very much the idea of using a "short" way. Actually, I did and
> here's how:
>
> // After I queried the DB for a username & password match:
> if (mysql_num_rows($result) > 0)
> {
> $row = mysql_fetch_array($result);
> i
tting them to keep up to date is that Debian's php
package lags so far
behind, and they really don't like upgrading unless Debian have rubber stamped
it).
Kind regards,
George
>
> - Original Message -
> From: "George Whiffen" <[EMAIL PROTECTED]>
>
Ummm,
This output compression sounded cool to me when I came across it,
but I wasn't sure it really helped or was appropriate for us to use:
1. My biggest concern is the slowest user i.e. at the end of a modem
on the other side of the planet. I thought they would almost certainly
have modem com
Hi,
I want to know if the user is connected on a secure socket and have two
problems:
1. My Apache (Stronghold), variables are not turning up in $_SERVER or
$HTTP_SERVER_VARS
although they are in $GLOBALS e.g. I have $GLOBALS[SERVER_PORT] but not
$_SERVER[SERVER_PORT].
This is with track vars a
William,
You need a mathematician not a computer programmer.
This is classic number theory which must have been very well
explored. I have a very vague recollection that there may be
partial proofs that there are no primes between x and y or no
more than n primes between w and z for low ranges
David Johansen wrote:
> I'm new to this php thing and I would like to set up a web page were the
> users can login and edit their preferences and all that stuff. I have the
> basic login stuff worked out and I was passing the username and password as
> a hidden input in the form, but then the p
Filippo Veneri wrote:
> When uploading image files to my powerpc linux box (derived
> from redhat 7.1) running apache + php4.0.4pl1 something
> wierd happen.
> Images get corrupted by (IMHO) php itself. It adds the
> following 2 lines at the top of the file:
>
> Content-Type: image/jpeg^M
> ^M
Here's a mini-checklist on tricky bits, some of which are as much about
payment as
much as cart:
1. Delivery & Packing especially pricing on composite loads, destination,
different speeds.
2. Sales taxes.
3. Quantity discounts, discount vouchers, reusable vouchers, loyalty cards.
4. Affiliate
The simplest "way to do the connection thing" is, as is often the case in php,
to do nothing i.e. forget it.
If you don't specify a connect id MySQL happily uses the last one opened, so
the only thing you need do with the return from mysql_connect is check it for
errors i.e.
if (!mysql_connect("
I had this kind of old/new page problem because of proxy cacheing. The failsafe
is to send out the full set of don't cache headers e.g.
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . "GMT");
header("Cache-Control: no-cache,must-revalidate"
Terry Kearns wrote:
> I'm not sure I understand you 100% but it sounds like you want to get the
> static HTML results of your dynamic PHP script and and do something with it.
> Happily, PHP is one of the few languages that can do this with ease :-)
>
> The feature you want is "output buffering"
Erik Price wrote:
> I haven't seen yet a tutorial that teaches coding from the perspective
> of using register_globals off, which I think is pretty important
> (personal opinion). It's not that hard to pick up, though, once you've
> gotten started. Still, I think it makes alot more sense to
Neil Kimber wrote:
> We have an application framework that tidies up application session
> variables as you traverse from page to page. It works really nicely - until
> a user opens up 2 instances of a browser. Our code cannot distinguish
> between different browser instances, so browser instan
ÁC¬P wrote:
> How can I set a time limit for a form made by PHP (i.e.the value will auto
> transfer after a certain time)
> --
> Ác¬P¤u§@«Ç
> http://fansing.hk.st/
> ACG¤¬°Ê°Ï°ì(¤j®a¦h¨Ç¨Ó¶K¹Ï§a!)
> http://acgzone.hk.st/
HTML forms execute in the client's browser, which does not care at all wh
Yeah,
>From php, I've called paybox (http://www.paybox.de), which is a mobile phone
based payment service. You exchange transactions with them via xml.
They have their own "cartridge" for php, but it's just a perl rewrite and not
very wonderful, so I rewrote most of it.
The basic approach is s
Jason,
You didn't mention Javascript checks.
Personally I really dislike having to wati for a page to reload before finding
out that I've just failed to fill in a field. The Javascript to do basic
on-page checks is all pretty simple stuff.
Of course this doesn't mean we can skip checking the d
Mëòv îçîÎ òsyïn wrote:
> Is it posible to get values from javascript to PHP? Without having to post
> the variables..
>
> Thanks //Mårten
>
> _
> Chatta med vänner online, prova MSN Messenger: http://messenger.msn.se
I'm not quit
Navid,
$SCRIPT_NAME is sometimes a safer alternative than $PHP_SELF.
The difference is that $PHP_SELF includes $PATH_INFO while $SCRIPT_NAME is
just the name of the actual script running.
http://www.php.net/manual/en/language.variables.predefined.php
This becomes particularly important if you u
Jim Winstead wrote:
> Andy <[EMAIL PROTECTED]> wrote:
>> Is there a way to redirect imediatelly to a waiting page? I tryed to
>> redirect, but somehow the server is first uploading the file before
>> something else happens.
>
> unfortunately, no. one thing you can do is use javascript to pop up
Zeev,
If you find that GUI tools are not overwhelmingly better for C++, Java product
development, that does weaken the case for php studios even more. Why so?
1. Conciseness of php
php is a high level application development tool so the code is, or at least,
should mostly consist of highly spe
h-engine safe) urls..." below. Can you give me a couple of examples
> of how I might do this? I always hated the GET strings at the end of the
> url. Sometimes I redirect a user to the same page two times just to get
> rid of the trailing GET string. I know that's a bad way of do
Hi,
Apologies if this is more of an Apache question than a php one, but as it's about the
relationship
between them, I thought it was safe to bring it up here ;)
While investigating a possible performance issue, I discovered that (according to
microtime()), my
script runs 5 times faster for a
What a scary day, and it just gets worse
1. A user finds their account balance is displayed incorrectly on one of my live
e-commerce sites.
2. I discover that "floor()" intermittently gives the wrong answer i.e.
print floor(10*(8.20 - 0.20));
Answer : 79
print floor(10*(8.10 - 0.10));
A
Py wrote:
>
> Hello,
>
> I have an application wich I maintained on my servers (PHP, Apache, MySQL).
> I have a client that is already using the application trought a secure link
> directly from his web site.
> But he would like to have my application update a database directly on his
> server (
Sorry if I'm off-topic, but I've always wondered what people use sessions for.
I seem to be either dealing with "logged-in" users who I pick up via
http-authentication and
maintain any details I need in a user data structure, or casual users, for whom the
odd hidden input
field or occasional co
s. It sounds like you can't
afford more
than a couple of minutes per form while I have the luxury of half an hour or so.
Good luck,
George
Brandon Lamb wrote:
>
> The point of keeping it easier is what if i want to give my script to a
> friend, do you REALLY want to explain to a no
could simply add the field to the array?
>
> And actually you only have to change the name in 2 places.
> 1. you define the variable as an input from a form
> 2. in the required fields array
>
> - Original Message -
> From: "George Whiffen" <[EMAIL PROTEC
Mindhunter wrote:
>
> Hi,
>
> I am reading a date from an input in format 'DD-MM-' ex. 10-11-2001.
> Now I want to add 3 months to the date. I have tested mktime and strftime
> etc and no matter what I do I get the year as 1970. (Systemdate works
> fine). How would I go about adding 3 mon
Feroze Md. Arif wrote:
>
> Hi,
>
> First of all, my apologies if this question has been asked earlier. I am in
> a hurry and I haven't checked the archives (Actually, I am in the process of
> doing it but am trying to cover all the bases).
>
> I know that PHP has functions which will allow Use
Arvydas V. wrote:
>
> Hello,
> I have to solve one problem - my script searches simply text document, so - if this
>document is big enought - i have to "replace" timeout of my script, besides - i have
>to make, that then this proceeds some kind of process bar must scroll until script
>finishes
> So I would have to write a seperate if condition for each form input field i wanted
>to require? that doesn't make for a very dynamic script...
>
> > if(!(isset($name) && isset($address) && isset($phone)) {
> > echo "You left one empty.";
> > }
Reality Check: We write code to solve real
Dear All,
I had always thought of concatenating assignment and concatenation + assignment to the
same variable
as really just syntatical variations i.e. I thought that
$data = $data . ;
and
$data .= ;
were just alternate syntaxes for the same operation. I've always tended to use the
long f
Pat Hanna wrote:
>
> I'm doing my senior exit project on database languages online. I'm asking
> for help from anyone who can provide any information on the comparison
> between the different languages. I'm comparing languages such as PHP, ASP,
> ColdFussion, perl and any others that I might not
Peter Frlicka wrote:
>
> Hello.
>
> What does apache + php do if the user refreshes a page 10 times in a while
> before the scripts finishes? do all 10 .php scripts finish or do the first 9
> get aborted? how can i solve the problem that when someone clicks a lot on a
> link (always the same lin
Nate Carlson wrote:
>
> I'm trying to create a form that supports multiple uploads (of up to 4
> files), but does not require each of them. I've tried all the code
> examples in the PHP documentation, and they don't appear to work with PHP
> 4.0.6. Basically, I get the file names returned in the
Joe,
One approach that works for me is to have a separate IMAGE table with an automatically
generated
primary key image_id (auto_increment with MySQL). I don't use this store the image,
but just to
give me the unique name for the image file. I also use the IMAGE table to store away
the origi
Henrik,
I think your problem is jsimply that you are not getting variable substitution
of $HTTP_GET_VARS["whatever"] inside double quotes.
print "whatever is $HTTP_GET_VARS["whatever"]";
is not safe.
You need
print "whatever is {$HTTP_GET_VARS["whatever"]}";
or, (IMHO better),
print '
I'm confused. Is your problem serving up the images in your database to the web or
writing them out
to files on the server?
If it's serving images, I would expect you to have:
select myimage from db
Header("Content-type: image/jpeg");
echo $myrow[myimage];
exit();
etc.
If it's writing from t
I always get strpos wrong.
So typically in this case I would do something like:
list($file,$ext) = explode('.',$yourimage);
if ($ext != 'jpg' or $ext != 'jpeg')
{
error...
}
(More properly we should make sure jpg or jpeg are at the very end of the filename
i.e. you probably
don't like myfi
Look at the output buffer handling functions:
ob_handler etc.
These let you take the final (or intermediate) output of the script and do whatever
you want with it
e.g. save it, or in your case save it and empty it. In that case your user could have
a simple SAVE
button which ran the entire sc
Yeah,
It seems to be a black art to get the browsers to behave properly.
I don't know if it's relevant but I use Content-disposition and Content-type
rather than Content-Disposition and Content-Type and it seems to work for
me for "inline;". I haven't tried "inside;".
If you really can't get
Well you have an interestingly different approach!
Personally I kind of like either having the SQL statements in-line with the rest
of the code or functions that retrieve data for that particular query e.g.
function get_students($class) {
Anyway based on your approach:
1. You could still s
I kind of like Leech FTP,
http://stud.fh-heilbronn.de/~jdebis/leechftp/downloads.html
George
Rudi Ahlers wrote:
>
> Sorry for the totally OT question, but can anyone recommend a good, FREE,
> FTP client for windows? I now have to pay for AceFTP aswell, which used to
> be free.
> Thank you
>
For the record:
You can control the order of precedence of variable reading
through a php.ini setting, variable_order, (replaces gpc_order).
I believe the default is EGPCS i.e. environment, get, post, cookie, session.
The last in the list takes precedence, i.e. session variables normally have p
Rodrigo,
I don't quite understand your problem, it might help to see some of the
php or form html. It might also help if I explain how I usually handle updates.
I have a single php page with the form on it which is also the target
of the form.
Typically users get to the form via a link which i
There's also a potential problem with:
"Her har du ditt passord: $myrow["id"] \n God appetitt! Hilsen Subway"
You are using double quotes for the array index,("id") within a double
quoted string. I'm amazed php accepts this, you might expect it to
parse that as "Her har du ditt passord: $myrow[
Jean-Arthur,
Your set_time_limit/shutdown function solution looks like a clever
trick. If you can come up with that you might just as well do the
proper job with an fsockopen and socket_set_timeout.
The manual pages on fsockopen, socket_set_timeout plus the user comments
have plenty of useful e
Zend encoder is probably your best option.
But why do you want to hide your php code from your Server Admin?
1. If you can't trust your Server Administrator you've got big
problems. Change your hosting!
2. Are you sure your code is so valuable? Developers always
seem to greatly overestimate
I'm feeling dumb!
The Basic Problem
=
Basically all I want to do is to output each day in turn from 1900 i.e.
01-Jan-1900
02-Jan-1900
03-Jan-1900
etc.
But date() won't accept dates pre 13-Dec-1901
and mktime doesn't like anything pre 01-Jan-1970.
I know I can get mysql to do t
Coenraad,
Here are some links to relevant sections of the php manual. What you want
to do is not too hard at all.
I'm assuming that you want to "upload" the csv file via a web page. This
is much less trouble for the user than fooling around with ftp. They
get to browse their computer for the
o be reprompted next time
cookie("reprompt","Yes");
session_start();
}
Sorry,
George
George Whiffen wrote:
>
> Jeremy,
>
> I don't think it's possible to do what you want, and I have tried finding
> a way.
>
> With your "header " yo
Jeremy,
I don't think it's possible to do what you want, and I have tried finding
a way.
With your "header " you are requestion an http authentication which means
the browser has to store the username and password and send them with EVERY page.
Those are the rules.
The only way to tell the b
ok into the s modifier...it makes a dot match a newline as well, where
> normally it wouldn't
>
> jack
>
> -Original Message-
> From: George Whiffen [mailto:[EMAIL PROTECTED]]
> Sent: Friday, September 07, 2001 1:09 PM
> To: [EMAIL PROTECTED]
> Subject:
Hi,
I've got a problem with regular expression syntax with ereg_replace:
ereg_replace(':start:(.*):end:','this is \\1',':start: first :end: middle :start: last
:end:');
returns - this is first :end: middle :start: last
but I want - this is first middle this is last
The problem seems t
ets some credit on the sites!
Anyway, it's been very interesting to hear your ideas, and don't be surprised if I
give up and
switch to FastTemplate!
George
Robert V. Zwink wrote:
>
> George Whiffen,
>
> a) Nested Loops
> One problem that I see is that if I
Tom,
Every man and his dog seems to have an Access database they want to view
on the web.
What I usually do for them is :
a) Tell them to save the data from Access as a text file, comma separated. (It's
a standard Access option).
b) Give them a web page where they can upload it, (From the cust
A cheap and cheerful rule is to insist on at least one numeric.
Then you don't have to bother with a dictionary check!
The php to force only alphas and numerics (upper or lower case) and at least
one numeric is something like : -
if (!ereg("^[a-zA-Z0-9]*[0-9][a-zA-Z0-9]*$",$password))
{
$
sing the page, not just bits of it.
>
> Robert V. Zwink wrote:
> >
> > I dont' think you can do this, or that you would want to do this. Library
> > items in Dreamweaver (as I understand it) are snippets of HTML that
> > Dreamweaver marks as updatable a
gt; http://www.phpbuilder.com/columns/sascha19990316.php3
> for more information.
>
> I hope this helps.
>
> Robert Zwink
> http://www.zwink.net/daid.php
>
> -Original Message-
> From: George Whiffen [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 0
Hi,
Has anyone experience of using Dreamweaver library item files (.lbi)s as
php includes?
We've got a standard header and footer to go across all pages on a site with
the navigation etc. We want both the designers, (using Dreamweaver), and the
php programmers to have access to these includes,
James Bartlett wrote:
>
> Hi,
>
> Is there some way that I can check to see if a variable is present?
>
> e.g.
>
> if (variable is not present)
> {
> set variable to 0;
> }
> else
> {
> some code that uses variable;
> }
>
> Thanks for any advice.
>
> James
isset function
variable is alread
Mark Lo wrote:
>
> Hi,
>
> Is there any php download function for php. I am asking is the one like
> downloading the file from the server when people click the link. Like
> downloading php sources tar file.
>
> Thank you
>
> Mark
No download function that I know of, but it isn't hard to
mysql client will read from standard input, so you can just
pipe in the sql
e.g.
echo "insert into . ;" | mysql -p -u root test
or from a shell script you can use "here is" syntax e.g.
mysql -p -u root test <
> If i want to add something into a table with just the mysql command.
> Is th
Romeo Manzur wrote:
>
> hi, I want to know how could I save a javascript variable on a php
> variable???
> Thanks...
It depends how the user will get to the php page:
1. Form
If the user is about to submit a form and you want some
Javascript variable from
your page to end up as a php variable
To check if a type checkbox variable has been set use
isset() i.e.
if (
isset($interest)
or isset($interest2)
or isset($interest3)
or isset($interest4)
or isset($interest1)
)
{
// Everthing is ok
} else {
$error = .
)
This should do exactly what you want, and a
Derick,
If you're seriously looking at thousands of concurent users
(let alone
millions) and the kind of budget on hardware and comms that
implies,
then I'd suggest you seriously look at your own session
solution with MySQL or
whatever.
You can perfectly easily just use your own authentication
Manisha,
For the Sybase network connections, you are probably best
off contacting Sybase
specialists. php via the sybase_connect function is likely
to look like any other Sybase
client on a remote box, so the question is mostly about how
do you get any Sybase client
on your web server to commu
And what about the third option using single quotes on the
outside i.e.
print '
20){print '40';} else {print
'20';}?>
VALUE=
etc..
rather than my normal style which would be :
print '
> im here to start a flamewar.
>
> dont use " then. why not use ' ?
>
> echo "
>
>
82 matches
Mail list logo
