"Aaron Todd" [EMAIL PROTECTED]> wrote in message
> > $file = "/home/dlr/test/".$_GET['file']."";
> Why would this be a security hole if I do not filter the file
> name before I use it?
http://www.yourdomain.com/yourfile.php?file=../../path/to/any/file/on/machine
---John Holmes...
--
PHP Gene
From: "Jay Blanchard"
> Open http://www.google.com in the browser of your choice
> Type "PHP IDE" in the little box that appears there.
> Click on the links of returned results.
I clicked on all of the links and nothing happened except for some web pages
appearing. Now what?
---John Holmes...
--
From: "Alex Hogan" <[EMAIL PROTECTED]>
> I have a registration page that hasn't changed in several weeks. Today
> it decided to freak-out by throwing an error;
> 'Cannot redeclare myfunctionname() on line 10 of myfunctions.inc'
>
> Nothing has changed in either the calling page, or the function.
From: "Joel Kitching" <[EMAIL PROTECTED]>
> Hello, I'm trying to get the hang of OOP here but can't quite figure
> out how to relate these classes. I've got one for the main project,
> one for the database, and one for a user. Somehow I need to get the
> user access to the database, without cumb
From: "Dan Joseph" <[EMAIL PROTECTED]>
> > Of course, this begs the question of why you're re-implementing what
> > has been done so many times in the past.
> >
> > http://pear.php.net/package/DB
> > http://pear.php.net/package/MDB
> > http://pear.php.net/package/MDB2
> > http://adodb.sourceforge.n
From: "raditha dissanayake" <[EMAIL PROTECTED]>
> What has squirrelmail/horde scalability got to do with PHP?
Is this the mantra of the PHP list, now? Come on... those are both programs
written in PHP and discussing how better one is over the other is perfectly
good traffic for this list. I'd be
From: "Dan Joseph" <[EMAIL PROTECTED]>
> > In order to get all of the data back you are going to have to loop
> > through it and return the array so that it will be available for
> > manipulation.
>
> Hmm.. I suspected this might be the case. I have modified my
> functiona bit:
>
>
From: "Angelo Zanetti" <[EMAIL PROTECTED]>
> Im having a slightly weird problem with my session variables. when on a
> certain page call it "A", I register a session variable and assign it a
> value. I then test if it is registered successfully and has the correct
> value on the same page, that wor
From: "Justin Patrin" <[EMAIL PROTECTED]>
> > eval($script);
> > use_cached_code();
>
> Ick! eval() is evil!
You have benchmarks to back that up or experience?
I did a benchmark between using include(), eval(), smarty, pattemplate, and
a few others and include() and eval() are always the fastest.
From: "charles kline" <[EMAIL PROTECTED]>
> I have never used Smarty, which I understand might be a big help in
> these situations. One concern of mine is that I have a tight budget on
> this project and don't want to spend a lot of time learning a new
> system unless I have to.
Smarty is one sol
From: "adwinwijaya" <[EMAIL PROTECTED]>
> Assume I have array that looks like :
>
> Array(
> 'type'->'Fiction',
> 'notes'->'Fiction books from a-z',
> 'list'-> Array(
> 'list'-> [0]->array(
> 'title'->'xzy',
> 'id'->'1')
>
From: "Sarah Gray" <[EMAIL PROTECTED]>
> Once a sale is completed a record is written to a log file on the
> server.
>
> $filename = $dir. "/". $logType."_".$today.".txt";
> $fp = fopen("$filename", "a+");
> fputs($fp, $logEntryStr);
> fclose($fp);
Consider this:
1. User A completes a transactio
From: "Jason Wong" <[EMAIL PROTECTED]>
> On Friday 06 August 2004 01:47, John W. Holmes wrote:
>
> > Sounds like you just need to write a wrapper for mysql_query() that logs
> > what's going on.
> >
> > function my_mysql_query($query)
> >
From: "John Nichel" <[EMAIL PROTECTED]>:
> > You can use cURL or one of the PEAR classes to have your PHP script fill
> > out the form on the remote computer... will take some work, but it's
> > possible.
> >
> > Actually, you could just simulate a POST / GET request to the file that
> > handles th
From: "CHAN YICK WAI" <[EMAIL PROTECTED]>
> I'm writing an application that requires log every transactions users
done,
> e.g. update which record, delete which record, something like that.
>
> I guess one way is whenever I issue a mysql_query(), I also insert this
> query in whole into another ta
From: "Brian Dunning" <[EMAIL PROTECTED]>
> Developing on a Windows server to be deployed on Linux. I get "SMTP
> server response: 501 Bad address syntax." Here's my code:
>
> $mail_from = 'My Name <[EMAIL PROTECTED]>';
> $mail_server = 'mail.servername.com'; // This is hosted externally
> ini
- Original Message -
From: "Amanda Hemmerich" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, August 05, 2004 12:39 PM
Subject: [PHP] filling out HTML forms
> So, we are trying to design an account management page that allows users
> to manage all of their computer accounts
From: "CHAN YICK WAI" <[EMAIL PROTECTED]>
> How about if this $student is actually a text field, when this html
> generated by php script, it has no value, so the onClick line is
> ...url?student=<$student without value>, when I click, it reads nothing,
how
> should I do?
Javascript.
---John Hol
From: "Daniel Guerrier" <[EMAIL PROTECTED]>
> I am using PHP to dynamically create real audio links.
> The question is I was creating one .ram file for each
> real media file that I wanted to stream. The .ram
> files need to have absolute urls (which I do not
> like). I saw a few sites that use
From: "CHAN YICK WAI" <[EMAIL PROTECTED]>
> in the form, for example, i have
>
> and
> It seems to me not working.
Define "not working" because that's how you do it. Well, actually, you need
to echo $student, unless this whole thing is already in an echo
---John Holmes...
--
PHP General
From: "Jordi Canals" <[EMAIL PROTECTED]>
> John Holmes wrote:
>
> >> $uservar = htmlspecialchars(strip_tags($uservar));
> >
> > You don't need to use strip_tags _and_ htmlspecialchars()... unless you
> > want strip_tags to get rid of such malicious and deadly content such as
> > and . Just use htm
From: "John Nichel" <[EMAIL PROTECTED]>
>>On Thursday 05 August 2004 07:39, Jay offered up the following tid-bit of
>>information :
>> Found the following code in the PHP manual:
>> $text = "http://www.somelink.com";;
>> echo(ereg_replace("[[:alpha:]]+://[^<>[:space:]]+[[:alnum:]/]",
>>
From: "Lester Caine" <[EMAIL PROTECTED]>
> I am using
> $_SERVER["REMOTE_ADDR"]
> to get address of the browser accessing the system and then using
> gethostbyaddr() to get the machine name.
>
> This worked great until I came to a site using M$ Terminal Server to
> provide the terminals. We still n
From: "Dan Phiffer" <[EMAIL PROTECTED]>
> Jason Davidson wrote:
>
> > How about
> > print_r($_REQUEST);
>
> That also fails to reflect posted data. $_GET is working as expected.
There's nothing in PHP that would not let POST values get through. Are you
sure this isn't a web server issue only allow
From: "Robert Sossomon" <[EMAIL PROTECTED]>
> You need to do:
>
>
>
> Keeping the name the same makes them a RADIO button and you will only
> get the last one.
This is a valid solution, but it's really just easier to make them into an
array like many others have suggested. Using this method, yo
From: "Josh Close" <[EMAIL PROTECTED]>
> Very simple question.
>
> When making multiple checkboxes, you put the name the same for a few
> to group them together
>
>
>
>
>
>
> So they are grouped but then submitting them I only get the last
> value check.
>
>
>
> How would I get a
From: "Tom Ray [Lists]" <[EMAIL PROTECTED]>
> $count=mysql_query("SELECT sku, COUNT(*) FROM orders GROUP BY sku");
>
> But my question is how do I use PHP to output the COUNT(*) results? When
> I run the command when I'm logged into mySQL I get the following:
I assume you're fetching associative
From: "John Nichel" <[EMAIL PROTECTED]>
> Steve Douville wrote:
> > Take a look at www.oscommerce.com
>
> Does oscommerce still require register_globals to be on?
>
> http://php.resourceindex.com/Complete_Scripts/Shopping_Carts/
Even if it does, you can't instantly equate that as being a Bad Thing
From: "bruce" <[EMAIL PROTECTED]>
> since pconnect is not supported in php5, i'm wondering if the issue is
that
> mysql no longer supports the underlying functions to implement pconnect,
or
> if the decision to leave it out was based upon other factors.
>
> also, is there anybody i can talk to who
Karl-Heinz Schulz wrote:
I have a simple question (not for me).
Why does this query does not work?
$links_query = mysql_query("select id, inserted, title, information,
international from links WHERE international = y; order by inserted desc
LIMIT 0 , 30");
The information for the "internati
Jason Wong wrote:
> On Sunday 25 July 2004 09:42, Mark wrote:
>>[EMAIL PROTECTED], [EMAIL PROTECTED] is currently
>
> You've got the culprit here. Either lambast him publically (since he
doesn't
> want to receive your private mail). Or do what this says:
The thing is, though, none of these people
Philip Olson wrote:
And quoting integers is not a problem, I even prefer it. IMHO we should
tell people to quote all values so if someone "forgets" to do any sort of
input validation (i.e. make sure it's actually an integer) there won't be
a major problem otherwise problems (including SQL injectio
rush wrote:
"John W. Holmes" <[EMAIL PROTECTED]> wrote in message
Does anyone know of a good windows PHP editor that I can run from a USB
flash drive without installing it?
scite, from the scintilla fame. TemplateTamer would also work fine if you
just copy the whole directory
Does anyone know of a good windows PHP editor that I can run from a USB
flash drive without installing it? A good stand-alone editor. I know how
to use Vi, so I'll even take a copy of that (so long as it's got syntax
hightlighting) so long as installation isn't required.
For everyone else, yes,
C.F. Scheidecker Antunes wrote:
I have a few users that use a different number format, other than the US
one, which is 1.526,23 . That is, the comma is used as a separator for
the fractional part of the number (.23) and the dot is used to separate
thousands. Therefore, I need to convert 1.526,23
PHP Gen wrote:
Hello,
I am a bit confused :-(, this is my server path:
/home/sites/site80/web/articles/myfile.php
from "myfile.php" I want to include "header.php" which
is located in:
/home/sites/site80/web/templates/
include('/home/sites/site80/web/templates/header.php');
Are you looking for a rel
Robb Kerr wrote:
I've got a conditional button that needs to appear/hide on my page
depending upon the contents of a field in my database. The button is an
image and has a long URL and JavaScript for image rotation attached to it.
Needless to say, the href is quite long and includes several "'"
cha
Dennis Gearon wrote:
What I'm trying to achieve is to have the same cookie IDENTIFY a user on
different (or same) applications (on the same server), but require them
to log in for each application, and get a different session.. Basically,
to keep separate 'user trails and in process variables' f
Dennis Gearon wrote:
With get varaibles, it's possible to always have get variables on a
page, even without a form, by simply appending the Get variables to the
end of the URL.
Is there anyway to do the same with Post variables? For instance, a
javascript that onUnload submit, or something?
You
Ulitin S.S. wrote:
I am learning php.
I need to log all actions on my page. (like ip, browser, time, pages etc).
question is: how can i identify a user and when he is on my page(s) to log
all his actions.
Your web server already does all of this, why duplicate it? Just get a
log analyzer.
--
---
Chris Hunt wrote:
anyone know how to configure php's outgoing mail to use a smtp server that
requires authentication?
Can't. Use an SMTP class from phpclasses.org (Manuel will be on here
soon, I'm sure ;) or PEAR.
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|
Tassos T wrote:
i faced a small problem i have a perl script but i want to execute that
in a php script. unfortunately i cannot convert to php.
virtual()
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.c
Five wrote:
"John W. Holmes" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]
>>
If it does not work for you, are you sure you're accepting the session
cookie? How are you sure? Do you have a valid session.save_path? How do
you know? Are you displaying erro
Five wrote:
page1.php
';
echo $_SESSION['favcolor'];
$_SESSION['favcolor'] = 'green';
echo 'page 2';
?>
page2.php
';
echo $_SESSION['favcolor'];
$_SESSION['favcolor'] = 'blue';
echo 'page 1';
?
Chris Shiflett wrote:
--- Five <[EMAIL PROTECTED]> wrote:
That did it! I wonder if there is a way, then, to have it work even if
the variable is initialized after it is echoed.
You see, that makes no sense, and that's why no one else was able to
answer your question. Code is executed in order. Cons
Karl-Heinz Schulz wrote:
The following codes open the links perfect.
print($press[1]." ".strip_tags(html_decode($press[2]))."");
1. Use quotes around your attributes.
target="_blank" href="."
2. Why are you mixing / and \ in your path? Why not send an absolute
path to the file so there's no co
PHP User wrote:
I have managed to get the line breaks to show up on my site no problem, but
I still get one long line when it is sent to my email. I have looked and
looked and have read all the stuff I could find on \r\n, so I'm not sure
where to go from here since it's not working...
Are you viewi
Five wrote:
Is it possible to assign a value to a session variable on say, page1.php:
$_SESSION['favcolor'] = 'blue';
and then on another page, say page2.php reassign the value:
$_SESSION['favcolor'] = 'green'; ?
So far experimentation says no.
PHP says Yes. Crystal ball says to put session_start()
Chris Shiflett wrote:
There is a difference between "works" and "right"
Man... where have I heard that before?!? ;)
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
--
PHP General Mailing List (http:/
msa wrote:
I created a search form with multiple search parameters. It returns nothing
if there is a space after their text entry or if they hit return in the text
area.
$coltitle_rsResults = "0";
if (isset($_GET['Title'])) {
$_GET['title'] = trim($_GET['title']);
$coltitle_rsResults = (get_magi
Karl-Heinz Schulz wrote:
I'm trying to use html_decode with the echo function but failed so far.
What would be the correct syntax?
Huh? I don't see "html_decode" anywhere and the function is
html_entity_decode(), anyhow.
If you want to run the above through the function, then:
Otherwise we'll
Bruno Santos wrote:
Im developing a couple of pages and i need to do some redirecting to
another page depending
on the choice of a user.
The problem is, to go to another page, i need to send some parameters in
the URL that are alredy present, but i need to make the redirecting
independent of the
Dennis Gearon wrote:
Make sure to remove tags via:
$var_that_will_be_displayed = strip_tags(
$var_from_user_input_via_POST_or_GET_or_COOKIE );
if you are going to display or mail it as part of a link(email or URL),
you might do this instead:
$var_that_will_be_part_of_a_link = strip_tags
Dan McCullough wrote:
Anything wrong with
SELECT * FROM story WHERE approved = 1 AND newsId != $newsId AND editionId =
$eid ORDER BY newsSortOrder ASC
Should be fine if I understand your question correctly. You can use !=
or <>; same result.
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/
Dan McCullough wrote:
Haven't done this in a while, but here is my question.
I have 4 stories, and you land on the story page where one story is shown
and on the side there is a listing of the other 3 stories that are active in
that edition.
So what I would like to do in one query is get the three
C.F. Scheidecker Antunes wrote:
I need to filter some strings. They can only contain characters like
a...z or A..Z and 0..9. Some strings have blank spaces, -,./?>,<
characters that must be discarded. I wrote a function to check each and
every character but I guess there must be something else m
Scott Fletcher wrote:
I would like to use the file_exists() or something similar to check for the
existance of any of the xml files regardless of what filename it use. Like
file_exist("*.xml") for example. Anyone know??
Try glob()
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/regist
bruce wrote:
ps.. to you guys who said that the doesn't have a value=''.. it
does...
No, it doesn't. Pleae upgrade your textbooks.
http://www.w3.org/TR/html4/interact/forms.html#h-17.7
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PH
Henri Marc wrote:
I want to make a lottery site (just as an exercise), so I made a page with 6 grids of 50 numbers each (check boxes).
Now, I want to know which numbers have been checked by the player.
I have a :
"input name="Grid1" type="checkbox"
for the first grid. Grid2 for the grid #2...
I
bruce wrote:
Please review your HTML textbook. There is no "value" attribute for a
textarea.
$foo
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
--
PHP General Mailing List (http://www.php.net/)
T
LukÃÅ Moravec - PTV Servis wrote:
is there any function wich can format a "double" or "string" into "money
format".for example: 1526789,99 to 1.526.789,99 or something like that.?
number_format()
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magaz
francesco[AT]automationsoft[DOT]biz wrote:
I know that it is a simple and maybe elementary
question, but there is in PHP a function, like print
or echo, that print only the text of an HTML page on printer?
No. Use CSS.
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
Harlequin wrote:
> if ($_SESSION["Authorised"]="Yes");
You know this will _always_ be true, don't you?
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
--
PHP General Mailing List (http://www.php.net/
Harlequin wrote:
Just wondering if there's a quick and easy way to validate form fields using
PHP.
Not really that concerned with actual content by using REGEX but want to
ensure users have at-least bothered to put something in and if not display
an error with the form field's name maybe.
empty()
-
Michael T. Peterson wrote:
I need to find all lines that begin with the string 'WAZ' after reading from
a url (http://www.atmos.washington.edu/data/zone_report.KSEW.html). While
I've tried every combination of expressions under the sun (using the
functions preg_match(), ereg()), I can not figure ou
Bob Imperial wrote:
Warning: session_start(): open(/tmp\sess_ff8651f382492ae56f436690d81ff124,
O_RDWR) failed: No such file or directory (2) in
c:\inetpub\wwwroot\phptest\listing10.1.php on line 15
You just need to set session.save_path in you php.ini file or use
session_save_path() before you cal
Curt Zirzow wrote:
* Thus wrote gohaku:
Hi everyone,
I have been experimenting with defining functions as constants.
Below is what I am using to test "Function Constants":
define(DBLOGIN,dblogin(LOGIN,PASS,DB));
This is simply not allowed.
see:
http://php.net/define
damn... I had just rewritte
Five wrote:
I've been playing with this for two days and am wondering if there's a way to retrieve
and display the images in a browser using
only php or is it necessary to use a graphics library like GD?
You don't need GD unless you want to modify the image (and even then
there are other options)
C.F. Scheidecker Antunes wrote:
Hello all,
I need some help on the following:
I need to extract a paragraph from a text file that is delimited with a
--start-paragraph-- and --end-paragraph-- However, after
--start-paragraph-- there's a blank line that I need to remove.
The delimiter --start-par
C.F. Scheidecker Antunes wrote:
Hello all,
I need to read lines within a text file that might have a "
value='somevalue' " string the position of "value=" varies from line to
line but there's only one "value=" in each line.
So what I need to do is to parse the file and find the "value=" and put
Ryan Schefke wrote:
Does anyone have a script to upload a directory full of files?
.something like a recursive upload.
Not going to happen with PHP and an HTML interface. If you have PHP
running on two machines and want to do this, then say so.
--
---John Holmes...
Amazon Wishlist: www.amazon.com
Rosen wrote:
I use some numbers from mysql table and other local vars to calculate one
number.
But on one calc I receive thath $value=4.5474735088646E-013;
This must be zero (0) - I see all vars and calc then with calculator. I use
function number_format($value, 2, ".", "" ) and it return me -0.00
Ed Curtis wrote:
On Fri, 16 Jul 2004, Justin Patrin wrote:
This is why he said: "Since you seem to have magic_quotes_gpc enabled,
you can put the value directly into your query."
You shouldn't use htmlentities when putting it into the DB. Use it
when displaying the text.
I tried it both ways and i
Scott Fletcher wrote:
Saw a website about security vulerability and there's no info on php.net
that can describe more about it. So, anyone know?
http://pcworld.co.nz/news.nsf/0/4D6AE0157B37ACDCCC256ED200693BB3?OpenDocument
One more reason to not use strip_tags... like I really needed another,
tho
Ed Curtis wrote:
I'm having some difficulty with quotation marks, both single and double,
input via a textarea in a form.
Here's and example of text.
Trying out the "Special Character" thing.
Page 1 is the form.
Page 2 is the data shown back to the user.
original POST data is not touched. NO strips
Harlequin wrote:
I've managed to develop a query which pulls a finite number of records from
a table based on a query.
What commends do I now use to present these results in a table...?
How would you show a table now with a single record? Start there. Now,
what areas would need repeating with a "f
PHP User wrote:
Something came to mind as soon as I sent my last email, and it seems to
work. Not sure it will work in every circumstance but the few tests I tried
seemed ok. This is what I did. I added the two following lines to my script.
$text=str_replace("\n","",$text);
$text=str_replace("","",
Andrew Wood wrote:
Thanks. When it says 'the last insert' is that just the last insert my
PHP script did, or the last insert on the DB as a whole?
Read the links Daniel just sent out.
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PH
PHP User wrote:
Hi,
I have been trying to format the textarea output and have come across some
code that almost does what I need, but I still have one small problem.
Look at the text below that was input into my textarea:
Now is the time for all young men to come to the aid of the party. Now is
the
Rocky Singh wrote:
how do i select a database under which to create a table...
magic 8-ball says: mysql_select_db()
Four second look at the manual probably would have told you the same. :)
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for
C.F. Scheidecker Antunes wrote:
Can anyone tell me how to test the offset 1 or more in the array
$att[$k]->parameters[1] so that I can avoid this error?
if(isset($att[$k]->parameters[1]))
{ dosomething(); }
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architec
Dennis Gearon wrote:
Why unset the globals?
I plan on implementing filters on all User input to ALL scripts in the
prepend file. And if someone wants to get a variable that was supplied
by a user, they have to specifiy if it's going to be INT, STR(with
options to remove run on spaces, validate em
Vail, Warren wrote:
The function addslashes() will resolve many user input problems where the
user;
Inputs a quoted value in the middle of his string.
Uses & and < and > in text.
Inputs other ASCII control characters like tab and bell (remember that one).
addslashes() does not escape & < > characte
[EMAIL PROTECTED] wrote:
I've just got this mail from my host...
=
Dear customer,
This email is sent to inform you that we'll upgrade the PHP version on
your
server to the latest stable version 4.3.8 within the next hour.
=
Are there any issues that I need to panic about..
Five wrote:
I have php code that takes text input from a webpage and and stores it in a mysql data
base.
I tried uploading small images (jpg) using basically the same syntax but they don't
make it into the data base.
Does anyone know of a simple tutorial that shows how to do this?
although I'm ag
Does anyone know of a program that'll "record" the clicks and requests
as I go through a site? Something that'll watch as I click on links,
fill in forms, etc and then be able to perform the same requests
(duplicating the forms, cookies, etc)?? Maybe a PHP script that can be
dropped into an exi
Ben Ramsey wrote:
Aidan Lister wrote:
"When it's ready"
Hopefully we'll see the stable release in the next 24 hours.
There was a post to the internals@ list yesterday. Andi announced a
test roll of 5.0.0 saying that he would release PHP 5 within the next 24
hours "if all goes well." Keep your
Dennis Gearon wrote:
Isn't $_REQUEST the same as the old GPC variables in global namespace? A
way to get requested variables without paying attention to whether they
came in via cookies, post, or get?
That's been my understanding so I've been using $_GET, $_POST, $_COOKIE
instead, because that
Hull, Douglas D wrote:
But if one enters: w' my word ends up w\'
Run stripslashes() on the entire string before you begin processing it.
If you eventually insert the data into the database, you'll need to run
addslashes() on it though, to prevent errors/sql injection from the
unescaped quotes.
-
Michael Purdy wrote:
I have a script which accepts three POSTed variables from a basic form. Under 4.3.7
the script
runs fine and the variables are successfully passed to the script.
I am testing 5.0 C3 and receive the following error
PHP Notice: Undefined index: searchtype in c:\http\cgi\list7
EE wrote:
Please help. This template thing is driving my nuts. I though maybe when
I read more articles things will clear up; however, things got even
worse. Every article writer has a different idea. Can anyone explain to
me what are Templates for? What are the advantages of using them? If I
use a
bruce wrote:
i have the following:
it doesn't seem to print... which leads me to
> believe that "<" is a reserved char/word...
i tried to do a "\
any idea as to what's going on, and can someone
> point me to a list of the actual php reserved
> chars/words couldn't seem to track them down
Matthew Sims wrote:
Your problem has nothing to do with the Objects (or really even PHP for
that matter). You're not supposed to run mysql_escape_string on an
entire query.
So I ran my $_POST array into array_map before the injection:
$_POST = array_map("mysql_escape_string","$_POST");
And it all w
Jordi Canals wrote:
I usually stripslashes() when I read the info from the database (MySQL).
Because the information was inserted after adding slashes, or the
system has magic_quotes_gpc set to ON.
I remember being taught this lesson long ago. :)
You do not need to strip slashes from the data be
Vail, Warren wrote:
Perhaps this is more about HTML than PHP, but the PHP $_FILES var seems to
be set up to allow a list of files to be uploaded. How does one get the
pop-up window to allow a user to select (ctrl-click or whatever) multiple
files in the same pop-up window? Everything I have tried
Eric Boerner wrote:
Hello all,
I am having trouble setting array data from within a MySQL results
query. I have modified data from the result and wish to enter it into
it's own array ($data). That then is used to generate a graph. The
following code basically gives me an empty array...
I doubt the
Keith Greene wrote:
>> Here is what I tried:
>>
>>
>
textareas do not use the value attribute. instead, the value is placed
between the tags:
Ensure you run $test through htmlentities() or htmlspecialchars() before
placing it in your like this to prevent code injection.
--
---John Holmes..
Sheawh wrote:
how can i retrieve the last day of the month?
like 31 - Jul, 30 - Jun , 28 - Feb
$lastdayofmonth = mktime(12,0,0,$month+1,0,$year);
?>
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
-
Ed Lazor wrote:
I'm going to create a search page that accepts input similar to places like
Yahoo and Google.
[snip]
> Also, I've heard that MySQL's indexing can
support some of this, but I'm not sure how much.
Using a FULLTEXT index and searching in BOOLEAN mode supports the type
of search stri
Philip Olson wrote:
on the contrary:
sql = mysql_query("select * from users where name='".$name."'");
will simply look for a user with a name of "Jim; delete from users;" and
return no results found.
But I can also enter:
jim'; delete from users
You need to catch if there's a quote in the $name too
1 - 100 of 2763 matches
Mail list logo
