Hi,I'm Stephen. I do a little PHP, but I am not proficient with it.

I am looking for information on how to implement the following.

I have an HTML form with a 4 fields to upload files. When the person submits the form, I want to be able to take all the files in the file fields and email them to someone.

Is there a code snippet or some place where I can learn more about how I could implement this?

Thanks,Stephen-- ___________________________________________________________Sign-up for Ads Free at Mail.comhttp://promo.mail.com/adsfreejump.htm

Stephen,

Check out http://php.net/features.file-upload for handling file uploads.

A bit of Googling and I found this:

http://phpmailer.sourceforge.net/

Don't have any experience with the PHPMailer but it may be worth a closer look.

Jeff Siegel

Webapprentice . wrote:

> Hi,> I'm Stephen. I do a little PHP, but I am not proficient with it. > > I am looking for information on how to implement the following.> > I have an HTML form with a 4 fields to upload files. When the person submits the form, I want to be able to take all the files in the file fields and email them to someone.> > Is there a code snippet or some place where I can learn more about how I could implement this?> > Thanks,> Stephen

-- Found on the Simpson's Website:"Ooooooh, they have the internet on computers now!"

Nice work Jeff, I haven't done too much with email, but PHPMailer looks like a very powerful tool for any PHP coder.

Dan

Jeff Siegel wrote:> Stephen,> > Check out http://php.net/features.file-upload for handling file uploads.> > A bit of Googling and I found this:> > http://phpmailer.sourceforge.net/> > Don't have any experience with the PHPMailer but it may be worth a > closer look.> > Jeff Siegel> > Webapprentice . wrote:> >> Hi,>> I'm Stephen. I do a little PHP, but I am not proficient with it.>> I am looking for information on how to implement the following.>>>> I have an HTML form with a 4 fields to upload files. When the person >> submits the form, I want to be able to take all the files in the file >> fields and email them to someone.>>>> Is there a code snippet or some place where I can learn more about how >> I could implement this?>>>> Thanks,>> Stephen> >

Thanks for the compliment!

I downloaded that mailer ASAP. It looks pretty good.

Jeff

Dan Cech wrote:

> Nice work Jeff, I haven't done too much with email, but PHPMailer looks > like a very powerful tool for any PHP coder.> > Dan> > Jeff Siegel wrote:> >> Stephen,>>>> Check out http://php.net/features.file-upload for handling file uploads.>>>> A bit of Googling and I found this:>>>> http://phpmailer.sourceforge.net/>>>> Don't have any experience with the PHPMailer but it may be worth a >> closer look.>>>> Jeff Siegel>>>> Webapprentice . wrote:>>>>> Hi,>>> I'm Stephen. I do a little PHP, but I am not proficient with it.>>> I am looking for information on how to implement the following.>>>>>> I have an HTML form with a 4 fields to upload files. When the person >>> submits the form, I want to be able to take all the files in the file >>> fields and email them to someone.>>>>>> Is there a code snippet or some place where I can learn more about >>> how I could implement this?>>>>>> Thanks,>>> Stephen>>>>>>> > _______________________________________________> talk mailing list> talk at lists.nyphp.org> http://lists.nyphp.org/mailman/listinfo/talk>

-- Found on the Simpson's Website:"Ooooooh, they have the internet on computers now!"

Jeff Siegel writes:"The interesting thing, when I try to view the php.ini > file that is > in cgi-bin, I only see a few settings."

If the php.ini is sparse, here are some excerpts from a suggested ini (as a reminder)

; The root of the PHP pages, used only if nonempty.; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root; if you are running php as a CGI under any web server (other than IIS); see documentation for security issues. The alternate is to use the; cgi.force_redirect configuration belowdoc_root =

; cgi.force_redirect is necessary to provide security running PHP as a CGIunder; most web servers. Left undefined, PHP turns this on by default. Youcan; turn it off here AT YOUR OWN RISK; **You CAN safely turn this off for IIS, in fact, you MUST.**; cgi.force_redirect = 1

Maybe it wouldn't hurt to make sure php was compiled withFORCE_REDIRECT and explicitly set cgi.redirect = 1.

T. Gales & Associates'Helping People Connect with Technology'

http://www.tgaconnect.com

Tim,

I thought I'd sift through these (http://cvs.php.net/cvs.php/php-src/php.ini-recommended) to find the optimal setting and making adjustments for version as needed (I'll be using ver. 4.3.2).

Q: Can I simply overwrite the php.ini that's in cgi-bin?

I checked phpinfo() and it was compiled with "--enable-force-cgi-redirect=yes". Thanks for pointing this out. There was a reference to this in http://www.php.net/manual/en/security.cgi-bin.php in the context of Apache config.

Happy New Year!!

Jeff

Tim Gales wrote:

> Jeff Siegel writes:> "The interesting thing, when I try to view the php.ini > >>file that is >>in cgi-bin, I only see a few settings."> > > If the php.ini is sparse, here are some > excerpts from a suggested ini (as a > reminder)> > ; The root of the PHP pages, used only if nonempty.> ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root> ; if you are running php as a CGI under any web server (other than IIS)> ; see documentation for security issues. The alternate is to use the> ; cgi.force_redirect configuration below> doc_root => > ; cgi.force_redirect is necessary to provide security running PHP as a CGI> under> ; most web servers. Left undefined, PHP turns this on by default. You> can> ; turn it off here AT YOUR OWN RISK> ; **You CAN safely turn this off for IIS, in fact, you MUST.**> ; cgi.force_redirect = 1> > Maybe it wouldn't hurt to make sure php was compiled with> FORCE_REDIRECT and explicitly set cgi.redirect = 1.> > > T. Gales & Associates> 'Helping People Connect with Technology'> > http://www.tgaconnect.com> > > > _______________________________________________> talk mailing list> talk at lists.nyphp.org> http://lists.nyphp.org/mailman/listinfo/talk>

-- Found on the Simpson's Website:"Ooooooh, they have the internet on computers now!"

you check for where php is reading its ini file from[e.g. phpinfo -- Configuration File (php.ini) Path ]

If I were doing it, I would make sure I could read and write to that directory, do an ls -l and see the permissions and ownership of the php.ini (and write it down) then rename the php.ini to php.ini.old and then put the new php.ini file in the directory.

I hesitate to tell you everything will be fine -- but if you're certain you could put things back the way they were, then I don't see any major problem.

T. Gales & Associates'Helping People Connect with Technology'

http://www.tgaconnect.com

> -----Original Message-----> From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Jeff Siegel> Sent: Thursday, January 01, 2004 2:46 PM> To: NYPHP Talk> Subject: Re: [nycphp-talk] PHP as CGI Binary> > > Tim,> > I thought I'd sift through these > (http://cvs.php.net/cvs.php/php-src/php.ini-recommended) to find the > optimal setting and making adjustments for version as needed (I'll be > using ver. 4.3.2).> > Q: Can I simply overwrite the php.ini that's in cgi-bin?> > I checked phpinfo() and it was compiled with > "--enable-force-cgi-redirect=yes". Thanks for pointing this > out. There > was a reference to this in > http://www.php.net/manual/en/security.cgi-bin.php in the context of > Apache config.> > Happy New Year!!> > Jeff> > Tim Gales wrote:> > > Jeff Siegel writes:> > "The interesting thing, when I try to view the php.ini> > > >>file that is> >>in cgi-bin, I only see a few settings."> > > > > > If the php.ini is sparse, here are some> > excerpts from a suggested ini (as a > > reminder)> > > > ; The root of the PHP pages, used only if nonempty.> > ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD > set doc_root > > ; if you are running php as a CGI under any web server (other than > > IIS) ; see documentation for security issues. The > alternate is to use > > the ; cgi.force_redirect configuration below doc_root => > > > ; cgi.force_redirect is necessary to provide security > running PHP as a > > CGI under ; most web servers. Left undefined, PHP turns this on by > > default. You can> > ; turn it off here AT YOUR OWN RISK> > ; **You CAN safely turn this off for IIS, in fact, you MUST.**> > ; cgi.force_redirect = 1> > > > Maybe it wouldn't hurt to make sure php was compiled with > > FORCE_REDIRECT and explicitly set cgi.redirect = 1.> > > > > > T. Gales & Associates> > 'Helping People Connect with Technology'> > > > http://www.tgaconnect.com> > > > > > > > _______________________________________________> > talk mailing list> > talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk> > > > -- > Found on the Simpson's Website:> "Ooooooh, they have the internet on computers now!"> > _______________________________________________> talk mailing list> talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk>

Excellent advice. Thanks!

Jeff

Tim Gales wrote:

> you check for where php is reading its ini file from> [e.g. phpinfo -- Configuration File (php.ini) Path ]> > If I were doing it, I would make sure I could read and > write to that directory, do an ls -l and see the > permissions and ownership of the php.ini > (and write it down) then rename the php.ini to > php.ini.old and then put the new php.ini file in the > directory.> > I hesitate to tell you everything will be fine -- > but if you're certain you could put things back the way > they were, then I don't see any major problem.> > T. Gales & Associates> 'Helping People Connect with Technology'> > http://www.tgaconnect.com> > > >>-----Original Message----->>From: talk-bounces at lists.nyphp.org >>[mailto:talk-bounces at lists.nyphp.org] On Behalf Of Jeff Siegel>>Sent: Thursday, January 01, 2004 2:46 PM>>To: NYPHP Talk>>Subject: Re: [nycphp-talk] PHP as CGI Binary>>>>>>Tim,>>>>I thought I'd sift through these >>(http://cvs.php.net/cvs.php/php-src/php.ini-recommended) to find the >>optimal setting and making adjustments for version as needed (I'll be >>using ver. 4.3.2).>>>>Q: Can I simply overwrite the php.ini that's in cgi-bin?>>>>I checked phpinfo() and it was compiled with >>"--enable-force-cgi-redirect=yes". Thanks for pointing this >>out. There >>was a reference to this in >>http://www.php.net/manual/en/security.cgi-bin.php in the context of >>Apache config.>>>>Happy New Year!!>>>>Jeff>>>>Tim Gales wrote:>>>>>>>Jeff Siegel writes:>>>"The interesting thing, when I try to view the php.ini>>>>>>>>>>file that is>>>>in cgi-bin, I only see a few settings.">>>>>>>>>If the php.ini is sparse, here are some>>>excerpts from a suggested ini (as a >>>reminder)>>>>>>; The root of the PHP pages, used only if nonempty.>>>; if PHP was not compiled with FORCE_REDIRECT, you SHOULD >>>>set doc_root >>>>>; if you are running php as a CGI under any web server (other than >>>IIS) ; see documentation for security issues. The >>>>alternate is to use >>>>>the ; cgi.force_redirect configuration below doc_root =>>>>>>; cgi.force_redirect is necessary to provide security >>>>running PHP as a >>>>>CGI under ; most web servers. Left undefined, PHP turns this on by >>>default. You can>>>; turn it off here AT YOUR OWN RISK>>>; **You CAN safely turn this off for IIS, in fact, you MUST.**>>>; cgi.force_redirect = 1>>>>>>Maybe it wouldn't hurt to make sure php was compiled with >>>FORCE_REDIRECT and explicitly set cgi.redirect = 1.>>>>>>>>>T. Gales & Associates>>>'Helping People Connect with Technology'>>>>>>http://www.tgaconnect.com>>>>>> >>>>>>_______________________________________________>>>talk mailing list>>>talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk>>>>>>>-- >>Found on the Simpson's Website:>>"Ooooooh, they have the internet on computers now!">>>>_______________________________________________>>talk mailing list>>talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk>>> > > _______________________________________________> talk mailing list> talk at lists.nyphp.org> http://lists.nyphp.org/mailman/listinfo/talk>

-- Found on the Simpson's Website:"Ooooooh, they have the internet on computers now!"

I've noticed recently that httpd has been eating about 10MB an hour onmy server. I'm not sure whether the problem is in Apache, PHP, someother library, or my own code -- I just know that apachectl restartfrees everything up again.

What are some best practices for tracking this sort of thing down? I'musing ps -uaxm along with mod_status to try and get an idea which PIDsare taking up the most memory and what they're working on, but it's notbeen very enlightening so far.

Apache 1.3.29 / PHP 4.3 / FreeBSD 4.8

Thanks,

csnyder

anyone attending this? id like to since the agenda seems interesting butisn't kinda hard to go over stuff @ a bar?

- jon

----- Original Message -----From: "PHP Meetup" To: Sent: Thursday, January 01, 2004 8:21 PMSubject: PHP Meetup Venues and Agenda Items

> *Please Do Not Reply to This Message -- For Help, See Below*>> Your PHP Meetup is happening in New York City on Thursday, Jan> 8 @ 7PM! RSVP now to join other PHP Developers.>> Your Meetup in New York City is at:> Magnetic Field (Happy Hour Extended!)> 97 Atlantic Ave> Brooklyn, NY 11201> 718-834-0069>> Please RSVP here:>> ** For "YES, I'll be there" go to:> http://php.meetup.com/rsvp/?e=1332419&v=16919>> ** For "NO, I can't make it" go to:> http://php.meetup.com/rsvp/?e=1332419&v=-1>> (You may need to cut & paste the address into your browser.)> NOTE: Meetup will be cancelled if fewer than 5 people say "Yes">> Member Created Agenda> ----------------------------------------------------------------> * Marketing PHP as a skill (for freelancers and full-timers)> * PHP5 and JSR (the Java Specification Request)>> ---------------------------------------------------------------->> Bigger Meetups = Better Meetups> ----------------------------------------------------------------> When more people show up, everyone has a better time. Spread> the word to get more PHP Developers involved -- invite others> here:>> http://php.meetup.com/tellfriends/> ---------------------------------------------------------------->>> Need help? Visit: http://php.meetup.com/help/> Remove yourself or update your account settings at:> http://my.meetup.com/>>

Thanks for the leads.

phpMailer looks like overkill, but I'll have to read more into it. I wish it had more examples, as the ones there are for extracted data from a database.

--Stephen

-------------------------------------Message: 2Date: Thu, 01 Jan 2004 12:59:14 -0500From: Jeff Siegel

Subject: Re: [nycphp-talk] Uploading files through a form and thenemailing themTo: NYPHP Talk

Message-ID:

Content-Type: text/plain; charset=us-ascii; format=flowed

Stephen,

Check out http://php.net/features.file-upload forhandling file uploads.

A bit of Googling and I found this:

http://phpmailer.sourceforge.net/

Don't have any experience with the PHPMailer but it may be worth a closer look.

Jeff Siegel-- ___________________________________________________________Sign-up for Ads Free at Mail.comhttp://promo.mail.com/adsfreejump.htm

> Apache 1.3.29 / PHP 4.3 / FreeBSD 4.8Since you are using pretty stable version of apache I doubt problem iswith that. You should be using php version 4.3.4 but its not clear ifyou are still using 4.3.0 from you post. Are you using most stableversion of php ?

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1

Dear Sirs,Am responsible for dotgeek.org a small albeit promising site about php and open source platforms.

We recently published the results of our first PHP Programming Marathon (which was kindly sponsored by Zend and Suse) athttp://marathon.dotgeek.org

We are planning to open soon a tutorials section. There is an idea of preparing a PHP certification system where in lieu of evaluating the performance on a standard questionnaire, we do evaluate the programmers skills based on 10 code samples or tutorials posted on our site.

I am currently looking for some PHP experts to join the board. This will imply an occasional review of the programmers that posted 10+ tutorials/snippets via an online system.

(To clarify, all certifications will be offered free, the site has no ads and is entirely self financed. I am not doing this as a business or something).

if anyone of your staff or user group is interested, please let me know. You might find below our first draft with the information on the current board members.

Thanks in advance for your time and attention

David

dotGeek PHP Programming Certification

The system allows you to post tutorials in order to earn a certification inPHP. We have a well qualified certification board that will analyze allpostings. The system works as follows:

1) You have the ability to upload tutorials in the system forcertification.You have ability to develop tutorials for any purpose to post to thissite. With that you will submit the purpose or functionality of thattutorial. You may submit as many as you want. Be sure all submittedtutorials only use classes that are inherent in PHP or are submitted withthe tutorial. A user with just PHP 4.? should be able to take your code andrun it without having to load extra packages.2) After you have posted 10 quality tutorials you will have the ability torequest certification.You will select 10 of the tutorials you have posted to be evaluated. Besure these 10 tutorials fit the criteria stated below.3) The certification board will evaluate the tutorials according to thecriteria described below.The certification board will respond within 30 business days as to whetherthe 10 tutorials posted all pass. The names and qualifications of themembers of this board are below.4) If you pass the certification you will have access to an electroniccertificate and receive an email containing the certificate.For submitting 10 quality tutorials, you will be sent an electroniccertification indicating you are a certified PHP developer. This along withyour tutorials can be used to enhance your resume and indicate your skillset to your current or future employers.

The following is the criteria used to determine whether you should becertified as a PHP developer.

1) Tutorial accomplishes its purpose.Attached to the tutorials is a description of the tutorial'sfunctionality. The written tutorial must accomplish all goals set forth bythe programmer. A programmer must be able to understand what they wrote anddescribe it to a fellow programmer or even someone who does not program.2) Cleanliness/Readability of code.Programmers need to make their code easy to hand off to other programmerseither for continued development or to help debug. This is done throughcomments and extra spacing to make statements readable.3) Error handling.This is important for PHP because it is often implemented in web pages andcrashing code can help hackers understand what is in the PHP script. Usershate crashing code (they dislike it more than error messages).

PHP Certification BoardThe PHP Certification Board is made up of people with varying backgroundsin the PHP development industry. They are in charge of looking throughposted tutorials and making sure that they fit the above stated criteria.The following are the members of the current PHP Certification Board:

David CostaJob: Associate Professor at a Swiss private CollegeQualifications: Law School graduate (Law School, University of Northumbria at Newcastle), Stanford Certified Project Manager (School of Engineering, Stanford University) EDP, (Sloan School of Management, Massachusetts Institute of Technology), Software Engineering (University of Oxford)Project Manager at CollegeLinux, PHP Enthusiast

Anthony L. FauldsJob: Software EngineerQualifications: M.S. Aerospace Engineering (Pennsylvania State University) M.A. Mathematics, ?B.S. Aerospace Engineering, B.S. Applied Computational Mathematics (Virginia Polytechnic Institute and State University)

-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.2.3 (Darwin)

iQDRAwUBP/WDdMIS8vYKprrJAQKciwXfeNcJxZ/WJM5JRg4MjvxxyBTVEQEXta8TYjLk/dCNliOXCmf3jiGYpz0YGNvTuDPkUyasnLjaNzozMuc9RJv4AyE7hyO/5+A5vs9c7sv4hzfvHbIymEVjrsmMpy2Zbu2oU5gRBIhBZS1eAVDFgjc8VhnwvCrqSNQdSm72mO61PuBCpDzkVAHeFxpSf3gyXpDWuEhc/LP5rUopmLEpDcGzBZ6lLBa89qbhwo9j4vtvvzR+c5OOsvgjby9oAcA==BKDp-----END PGP SIGNATURE-----

Apache mod_php Module File Descriptor Leakage Vulnerabilityhttp://www.securityfocus.com/bid/9302

BES-CMS Multiple Module File Include Vulnerabilityhttp://www.securityfocus.com/bid/9268

Xoops MyLinks Myheader.php Cross-Site Scripting Vulnerabilit...http://www.securityfocus.com/bid/9269

BN Soft BoastMachine Comment Form HTML Injection Vulnerabili...http://www.securityfocus.com/bid/9270

osCommerce products_id URI Parameter SQL Injection Vulnerabi...http://www.securityfocus.com/bid/9275

osCommerce manufacturers_id Parameter Cross-Site Scripting V...http://www.securityfocus.com/bid/9277

My Little Forum Email.PHP Cross-Site Scripting Vulnerabilityhttp://www.securityfocus.com/bid/9286

Webfroot Shoutbox Viewshoutbox.PHP Cross-Site Scripting Vuln...http://www.securityfocus.com/bid/9289

phpBB Privmsg.PHP Cross-Site Scripting Vulnerabilityhttp://www.securityfocus.com/bid/9290

KnowledgeBuilder Remote File Include Vulnerabilityhttp://www.securityfocus.com/bid/9292

Psychoblogger Multiple Cross-Site Scripting Vulnerabilitieshttp://www.securityfocus.com/bid/9293

Psychoblogger Multiple SQL Injection Vulnerabilitieshttp://www.securityfocus.com/bid/9294

Squirrelmail G/PGP Encryption Plugin Remote Command Executio...http://www.securityfocus.com/bid/9296

OpenBB Index.PHP Remote SQL Injection Vulnerabilityhttp://www.securityfocus.com/bid/9300

-- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409

I notice that is used in several articles and manuals for referring to the current page, but when I use this, I get an empty string

This, however, works:

What does the former not work?

Thanks,Stephen-- ___________________________________________________________Sign-up for Ads Free at Mail.comhttp://promo.mail.com/adsfreejump.htm

Hi,

$PHP_SELF will not work if you have register_global off.

It is safer to use $_SERVER['PHP_SELF']

> -----Original Message-----> From: Webapprentice . [mailto:webapprentice at mail.com] > Sent: Friday, January 02, 2004 1:03 PM> To: talk at lists.nyphp.org> Subject: [nycphp-talk] > > > I notice that is used in several articles > and manuals for referring to the current page, but when I use > this, I get an empty string> > This, however, works:> > > What does the former not work?> > Thanks,> Stephen> -- > ___________________________________________________________> Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm> > _______________________________________________> talk mailing list> talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk> >

A new PHundamentals article entitled "Book Recommendations" has been added to the PHundamentals section of the NYPHP website.

See: http://phundamentals.nyphp.org/

Jeff SiegelPHundamentals Team

Does anyone have any experience with or heard anything (good or bad) about reByte?See: http://www.rebyte.com

It seems to be a dirt cheap Raid 5 solution for SOHOs to make file backups.

Jeff Siegel

Thanks, Felix -- I was still with 4.3.3, somehow the 4.3.4 update slipped through the cracks.

It'll be a few hours before I know about the memory leak, but upgrading has fixed a segfault I just discovered this morning.

felix zaslavskiy wrote:

>>Apache 1.3.29 / PHP 4.3 / FreeBSD 4.8>> >>>Since you are using pretty stable version of apache I doubt problem is>with that. You should be using php version 4.3.4 but its not clear if>you are still using 4.3.0 from you post. Are you using most stable>version of php ?>

Jeff Siegel wrote:> A new PHundamentals article entitled "Book Recommendations" has been > added to the PHundamentals section of the NYPHP website.> > See: http://phundamentals.nyphp.org/>

I'd also consider recommending another of Larry Ullman's books: "PHP and MySQL for Dynamic Web Sites"Unlike his earlier books, this one uses good coding style and it's good for beginners too.

I've also used "Web Database Applications with PHP & MySQL" by Hugh E. Williams and David LaneThis one features a nice case study as its theme, but I would not recommend it for beginners since it's a fairly typical O'Reilly book in that regard.

hth,John

I'm creating a promotional video that will serve as eye candy at out Linuxworld booth, and I need a great many pictures of New York City and the surrounding region, up to and including the city where you live (even if it's in Australia, what the heck).

Contributors will be blessed by Linus Torvalds, or in the absence of Linus, by the next-most-famous-person willing to watch the video. We'll let you know.

If you have cityscapes / landscapes you want to contribute, please contact me off list for uploading info.

csnyder ( @chxo.com )

Thanks for the recommendations.

Jeff

John Lacey wrote:

> > > Jeff Siegel wrote:> >> A new PHundamentals article entitled "Book Recommendations" has been >> added to the PHundamentals section of the NYPHP website.>>>> See: http://phundamentals.nyphp.org/>>> > I'd also consider recommending another of Larry Ullman's books: "PHP and > MySQL for Dynamic Web Sites"> Unlike his earlier books, this one uses good coding style and it's good > for beginners too.> > > I've also used "Web Database Applications with PHP & MySQL" by Hugh E. > Williams and David Lane> This one features a nice case study as its theme, but I would not > recommend it for beginners since it's a fairly typical O'Reilly book in > that regard.> > hth,> John> > > > _______________________________________________> talk mailing list> talk at lists.nyphp.org> http://lists.nyphp.org/mailman/listinfo/talk>

-- Found on the Simpson's Website:"Ooooooh, they have the internet on computers now!"

Off with his head!

---David Mintzhttp://davidmintz.org/

"Anybody else got a problem with Webistics?" -- Sopranos 24:17

Hi,I was trying to use the file uploading aspect of PHP.

When I tried to execute this linemove_uploaded_file($_FILES['userfile']['tmp_name'], $uploadFile)

I get a permission denied error.

$_FILES['userfile']['errors'] is equal to 0, which indicates the file was uploaded to the temp directory of the host, so I think it either couldn't copy it to where I wanted (my user directory) or copy out of the tmp directory. Running phpinfo() in my user directory indicates that file_uploads is ON and safe_mode is OFF on the server.

I don't own the server, so I don't think I can give PHP permission, or can I?

Do I have any way around this?

Thanks,Stephen-- ___________________________________________________________Sign-up for Ads Free at Mail.comhttp://promo.mail.com/adsfreejump.htm

It sounds like you do have a permissions problem.

You will need to make sure that the webserver process (usually www-data for apache) has permissions to write to the directory where you want to put the uploaded file.

A simple test is to create a new directory and set permissions to rwxrwxrwx (chmod 777), then try to move the file there. If it works then you know what your problem is.

As for fixing the permissions, you are going to have to figure out a setting which gives the webserver the access it needs, without causing any security problems. There are several different ways to do it, one method is to set the group of the directory to www-data and use the group permission setting to control the access you want to give to php.

Hope this helps,

Dan

Webapprentice . wrote:> Hi,> I was trying to use the file uploading aspect of PHP.> > When I tried to execute this line> move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadFile)> > I get a permission denied error.> > $_FILES['userfile']['errors'] is equal to 0, which indicates the file was uploaded to the temp directory of the host, so I think it either couldn't copy it to where I wanted (my user directory) or copy out of the tmp directory. Running phpinfo() in my user directory indicates that file_uploads is ON and safe_mode is OFF on the server.> > I don't own the server, so I don't think I can give PHP permission, or can I?> > Do I have any way around this?> > Thanks,> Stephen

> What about setting my own php.ini file? I'd like to turn off > magic_quotes and register_globals (and probably a few other things). > Should I just code around this or can I safely overwrite the > php.ini file that is in cgi-bin?

PHP running as a CGI (or CLI) can specify it's own php.ini for the mostpart.

http://www.php.net/manual/en/configuration.php

> P.S. The interesting thing, when I try to view the php.ini > file that is in cgi-bin, I only see a few settings.

Directives not specified default to their internal PHP setting (as ifthere was no php.ini at all).

H

I changed the permission of the target directory to 777, and the file was able to move successfully. That was the problem.

Good thing I didn't have to contact the host to resolve this.

Thanks, Dan.

>>>>Message: 12Date: Sat, 03 Jan 2004 00:13:43 -0500From: Dan Cech

Subject: Re: [nycphp-talk] File uploading: When PHP doesn't havepermission to

It sounds like you do have a permissions problem.

You will need to make sure that the webserver process (usuallywww-data for apache) has permissions to write to the directory where you wantto put the uploaded file.

A simple test is to create a new directory and set permissions to rwxrwxrwx (chmod 777), then try to move the file there. If it works then you know what your problem is.

As for fixing the permissions, you are going to have to figure out a setting which gives the webserver the access it needs, withoutcausing any security problems.There are several different ways to do it,one method is to set the group of the directory to www-data and use the group permission setting to control the access you want to give tophp.

Hope this helps,

DanShould I just code around this or can I safely overwrite the >>php.ini file that is in cgi-bin?> > > PHP running as a CGI (or CLI) can specify it's own php.ini for the most> part.> > http://www.php.net/manual/en/configuration.php> > >>P.S. The interesting thing, when I try to view the php.ini >>file that is in cgi-bin, I only see a few settings.> > > Directives not specified default to their internal PHP setting (as if> there was no php.ini at all).> > H> > _______________________________________________> talk mailing list> talk at lists.nyphp.org> http://lists.nyphp.org/mailman/listinfo/talk>

-- Found on the Simpson's Website:"Ooooooh, they have the internet on computers now!"

I've been using designs from here a lot: http://www.oswd.org/ It's been ahuge timesaver since I'm not that graphically inclined other than I knowwhat I like when I see it. Anyone know of other sites that are similar troths of free design templates?When I try googling I end up with mostly pay sites or crap. Thanks -Bill-------------- next part --------------An HTML attachment was scrubbed...URL:

Bill Wolf wrote:

> Anyone know of other sites that are similar troths of free design > templates? When I try googling I end up with mostly pay sites or crap.

I assume you know why that's the case. ;-)

Try trolling around the various blogging sites (Blogger, MoveableType, etc) -- very often the designers who create templates for these systems are willing to let you use them elsewhere.

Also, I believe that all of the excellent stylesheets at the CSS Zen Garden are available under a Creative Commons license:http://www.csszengarden.com/

Anyone have experience with easyphp? (http://www.easyphp.org/) Or can suggest an alternative?

I have an old Compaq laptop (500 mhz Armada) running Win98. Family circumstances have forced me to to make a quick emergency trip...so I need PHP, etc., on the laptop to continue my work.

Jeff Siegel

I don't have the answer to the question you asked (no experience with easyphp here, sorry), but I do have another suggestion.

Install linux on the laptop :-]

~c

Jeff Siegel wrote:> Anyone have experience with easyphp? (http://www.easyphp.org/) Or can > suggest an alternative?> > I have an old Compaq laptop (500 mhz Armada) running Win98. Family > circumstances have forced me to to make a quick emergency trip...so I > need PHP, etc., on the laptop to continue my work.> > Jeff Siegel> > > > _______________________________________________> talk mailing list> talk at lists.nyphp.org> http://lists.nyphp.org/mailman/listinfo/talk>

John Lacey wrote:

"I ran across this site a while back that packages an Apache/PHP/MySQL, etc environment ala "phpdev" at firepages.au. They call their packing "XAMPP". They're based in Germany. I also discovered the '7-zip' format here -- it rocks (I'm on a dialup out here in what was previously cow country Colorado :)

http://www.apachefriends.org/index-en.html "

I think the distro will run on win98 --you get everything in one shot

You might want to have a look...

T. Gales & Associates'Helping People Connect with Technology'

http://www.tgaconnect.com

> -----Original Message-----> From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Jeff Siegel> Sent: Saturday, January 03, 2004 4:36 PM> To: NYPHP Talk> Subject: [nycphp-talk] Easyphp> > > Anyone have experience with easyphp? (http://www.easyphp.org/) Or can > suggest an alternative?> > I have an old Compaq laptop (500 mhz Armada) running Win98. Family > circumstances have forced me to to make a quick emergency trip...so I > need PHP, etc., on the laptop to continue my work.> > Jeff Siegel> > > > _______________________________________________> talk mailing list> talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk>

I thought of that. Time is an issue (I'm leaving in a few days) and I know I have to jump through a hoop or two to get it to run on the laptop.

Jeff

charlie derr wrote:

> I don't have the answer to the question you asked (no experience with > easyphp here, sorry), but I do have another suggestion.> > Install linux on the laptop :-]> > ~c> > Jeff Siegel wrote:> >> Anyone have experience with easyphp? (http://www.easyphp.org/) Or can >> suggest an alternative?>>>> I have an old Compaq laptop (500 mhz Armada) running Win98. Family >> circumstances have forced me to to make a quick emergency trip...so I >> need PHP, etc., on the laptop to continue my work.>>>> Jeff Siegel>>>>>>>> _______________________________________________>> talk mailing list>> talk at lists.nyphp.org>> http://lists.nyphp.org/mailman/listinfo/talk>>> > _______________________________________________> talk mailing list> talk at lists.nyphp.org> http://lists.nyphp.org/mailman/listinfo/talk>

-- Found on the Simpson's Website:"Ooooooh, they have the internet on computers now!"

That's the one I was thinking about...just couldn't remember the URL...doing some Googling I found the easyphp.

Jeff

Tim Gales wrote:

> John Lacey wrote:> > "I ran across this site a while back that packages an Apache/PHP/MySQL, > etc environment ala "phpdev" at firepages.au. They call their packing > "XAMPP". They're based in Germany. I also discovered the '7-zip' > format here -- it rocks (I'm on a dialup out here in what was previously > cow country Colorado :)> > http://www.apachefriends.org/index-en.html "> > I think the distro will run on win98 --> you get everything in one shot > > You might want to have a look...> > > T. Gales & Associates> 'Helping People Connect with Technology'> > http://www.tgaconnect.com> > > >>-----Original Message----->>From: talk-bounces at lists.nyphp.org >>[mailto:talk-bounces at lists.nyphp.org] On Behalf Of Jeff Siegel>>Sent: Saturday, January 03, 2004 4:36 PM>>To: NYPHP Talk>>Subject: [nycphp-talk] Easyphp>>>>>>Anyone have experience with easyphp? (http://www.easyphp.org/) Or can >>suggest an alternative?>>>>I have an old Compaq laptop (500 mhz Armada) running Win98. Family >>circumstances have forced me to to make a quick emergency trip...so I >>need PHP, etc., on the laptop to continue my work.>>>>Jeff Siegel>>>>>>>>_______________________________________________>>talk mailing list>>talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk>>> > > _______________________________________________> talk mailing list> talk at lists.nyphp.org> http://lists.nyphp.org/mailman/listinfo/talk>

-- Found on the Simpson's Website:"Ooooooh, they have the internet on computers now!"

try XAMPP

http://www.apachefriends.org/wampp-en.html

Jeff Siegel wrote:> Anyone have experience with easyphp? (http://www.easyphp.org/) Or can > suggest an alternative?> > I have an old Compaq laptop (500 mhz Armada) running Win98. Family > circumstances have forced me to to make a quick emergency trip...so I > need PHP, etc., on the laptop to continue my work.> > Jeff Siegel> > > > _______________________________________________> talk mailing list> talk at lists.nyphp.org> http://lists.nyphp.org/mailman/listinfo/talk>

charlie derr wrote:

> Install linux on the laptop :-]

As long as we're making irrational suggestions for a last-minute trip, go buy an Apple PowerBook. PHP is part of OSX.

But seriously, it's not so difficult to get AMP running on a Win laptop.

Just downloaded it!

Jeff

John Lacey wrote:

> > > try XAMPP> > http://www.apachefriends.org/wampp-en.html> > > > Jeff Siegel wrote:> >> Anyone have experience with easyphp? (http://www.easyphp.org/) Or can >> suggest an alternative?>>>> I have an old Compaq laptop (500 mhz Armada) running Win98. Family >> circumstances have forced me to to make a quick emergency trip...so I >> need PHP, etc., on the laptop to continue my work.>>>> Jeff Siegel>>>>>>>> _______________________________________________>> talk mailing list>> talk at lists.nyphp.org>> http://lists.nyphp.org/mailman/listinfo/talk>>> > > _______________________________________________> talk mailing list> talk at lists.nyphp.org> http://lists.nyphp.org/mailman/listinfo/talk>

-- Found on the Simpson's Website:"Ooooooh, they have the internet on computers now!"

Now you're talkin'! Get a new laptop!

Jeff

Chris Snyder wrote:> charlie derr wrote:> >> Install linux on the laptop :-] > > > As long as we're making irrational suggestions for a last-minute trip, > go buy an Apple PowerBook. PHP is part of OSX.> > But seriously, it's not so difficult to get AMP running on a Win laptop.> > _______________________________________________> talk mailing list> talk at lists.nyphp.org> http://lists.nyphp.org/mailman/listinfo/talk>

-- Found on the Simpson's Website:"Ooooooh, they have the internet on computers now!"

On Wed, 31 Dec 2003, Chris Shiflett wrote:

> --- jon baer wrote:> > Cool ... Id take it will be something coming out @ same time as the> > Security Handbook? Is there any approx. dates?>> I'd bet money that the PHP 5 book will be out before mine. :-)

This will require the PHP 5 book author to get his act inorder. Luckily, there was just a new year and resolutions to go alongwith it.

-adam

-- adam at trachtenberg.comauthor of o'reilly's php cookbookavoid the holiday rush, buy your copy today!

Hello!if you are interested in Linux easy install of Apache,PHP,MySQL, SQLite it might be worth to have a look at Collegelinux:

"CollegeLinux 2.5 (http://linux.college.ch ) codenamed "Obi Wan", is an easy to use Linux distribution based on Slackware.

Obiwan comes ready for php development and is the only linux distribution so far to do this. apache/php/mysql/sqlite/phpmyadmin/sqlitemanger/webmin come preinstalled, with a one-step configuration via our own tool, called CL server robot.

Not content with just providing the server side, the distro also comes with Kdevelop, an IDE that works natively with PHP in a fully functional desktop environment.

After a CollegeLinux installation everything you need for developing in PHP is setup for you: your server will be up and running and you can easily change any of the settings via webmin, a user-friendly graphical control panel."

David Costa,Project ManagerCollegeLinux

Hi!

EasyPHP should work on your laptop. I have "EasyPHP" installedon a 380MHZ AMD K-2 computer running Win98. It works OK. Ifyou know how to tweak "php.ini" for things like timeouts andwarnings you should be OK. It does not run as fast as if it ison an AMD Altheon but it will work OK.

It also installs easily. I run "Moodle" ( http://moodle.org )and "phpNUKE" ( http://phpNUKE.org ).

Make sure you install the program off the "C" directory and notthe "Program Files" directory. So after the install you shouldhave,C:\EasyPHP1-7and notC\:Program Files\EasyPHP1-7

Make sure you read the following install tutorial beforeinstalling the program.Rod's Guide for EasyPHP Install Guide 1.7http://www.canowhoopass.com/guides/easyphp/

WPWebbing Along ;):)

________________________________________________Get your own "800" numberVoicemail, fax, email, and a lot morehttp://www.ureach.com/reg/tag

---- On Sat, 03 Jan 2004, Jeff Siegel (jsiegel1 at optonline.net)wrote:

> Now you're talkin'! Get a new laptop!> > Jeff> > Chris Snyder wrote:> > charlie derr wrote:> > > >> Install linux on the laptop :-] > > > > > > As long as we're making irrational suggestions for alast-minute trip, > > go buy an Apple PowerBook. PHP is part of OSX.> > > > But seriously, it's not so difficult to get AMP running on aWin laptop.> > > > _______________________________________________> > talk mailing list> > talk at lists.nyphp.org> > http://lists.nyphp.org/mailman/listinfo/talk

Don't know how you are getting to your final destination, but maybe doingthe install on the plane would be a good way to pass the time.

Probably the biggest hoop would be getting the ISOs or CDs in time (unlessyou bought a packaged set).

Whenever I've done a linux install, it hasn't taken more than an hour (notincluding disk error checking), if that.

The most common problem I've had with laptops has been with the videodrivers, but that can all be tweaked post-install.

> I thought of that. Time is an issue (I'm leaving in a few days) and I> know I have to jump through a hoop or two to get it to run on the laptop.>>> Install linux on the laptop :-]>>>>> I have an old Compaq laptop (500 mhz Armada) running Win98. Family>>> circumstances have forced me to to make a quick emergency trip...so I>>> need PHP, etc., on the laptop to continue my work.>>>

Now I have a dilemma...I downloaded both easyphp and Xampp.I'll toss a coin to figure out which one to install (once, of course, I find the darned network card dongle!).

Jeff

Web Page wrote:> Hi!> > EasyPHP should work on your laptop. I have "EasyPHP" installed> on a 380MHZ AMD K-2 computer running Win98. It works OK. If> you know how to tweak "php.ini" for things like timeouts and> warnings you should be OK. It does not run as fast as if it is> on an AMD Altheon but it will work OK. > > It also installs easily. I run "Moodle" ( http://moodle.org )> and "phpNUKE" ( http://phpNUKE.org ). > > Make sure you install the program off the "C" directory and not> the "Program Files" directory. So after the install you should> have,> C:\EasyPHP1-7> and not> C\:Program Files\EasyPHP1-7> > Make sure you read the following install tutorial before> installing the program.> Rod's Guide for EasyPHP Install Guide 1.7> http://www.canowhoopass.com/guides/easyphp/> > WP> Webbing Along ;):)> > > ________________________________________________> Get your own "800" number> Voicemail, fax, email, and a lot more> http://www.ureach.com/reg/tag> > > ---- On Sat, 03 Jan 2004, Jeff Siegel (jsiegel1 at optonline.net)> wrote:> > >>Now you're talkin'! Get a new laptop!>>>>Jeff>>>>Chris Snyder wrote:>>>>>charlie derr wrote:>>>>>>>>>>Install linux on the laptop :-] >>>>>>>>>As long as we're making irrational suggestions for a> > last-minute trip, > >>>go buy an Apple PowerBook. PHP is part of OSX.>>>>>>But seriously, it's not so difficult to get AMP running on a> > Win laptop.> >>>_______________________________________________>>>talk mailing list>>>talk at lists.nyphp.org>>>http://lists.nyphp.org/mailman/listinfo/talk> > _______________________________________________> talk mailing list> talk at lists.nyphp.org> http://lists.nyphp.org/mailman/listinfo/talk>

-- Found on the Simpson's Website:"Ooooooh, they have the internet on computers now!"

We're starting off the New Year with a new PHundamentals article entitled "Storing Data Submitted From a Form and Displaying Data from a Database."

See: http://phundamentals.nyphp.org/

Please notify us ASAP if there any errors that need to be addressed.

Jeff Siegel & Michael Southwell-The PHundamentals Team

Jeff Siegel wrote:> We're starting off the New Year with a new PHundamentals article > entitled "Storing Data Submitted From a Form and Displaying Data from a > Database."> > See: http://phundamentals.nyphp.org/>

Here's a file for phpTest I've modified to add SQLite support. It illustrates a way of handling different escape methods depending on whether magic_quotes_gpc is on or off.The next step is to convert it to use ADODB.

you're welcome to post the prep_vars() snippet or whatever

John

-------------- next part --------------An HTML attachment was scrubbed...URL:

Thanks for the code John,

It is really preferable to take care of magic_quotes_gpc at the beginning of the script, rather than at the time of insertion into the database. By doing it that way any validation, redisplay, etc of submitted data can be done without needing to worry about the effects of magic_quotes.

From the looks of your code it should be very easy to convert it into an ADOdb wrapper library.

Dan

John Lacey wrote:> > > Jeff Siegel wrote:> >> We're starting off the New Year with a new PHundamentals article >> entitled "Storing Data Submitted From a Form and Displaying Data from >> a Database.">>>> See: http://phundamentals.nyphp.org/>>> > Here's a file for phpTest I've modified to add SQLite support. It > illustrates a way of handling different escape methods depending on > whether magic_quotes_gpc is on or off.> The next step is to convert it to use ADODB.> > you're welcome to post the prep_vars() snippet or whatever> > John> > > ------------------------------------------------------------------------> > db_host = DB_HOST; $this->db_username = DB_USERNAME; $this->db_password > = DB_PASSWORD; $this->db_use_pconnect = DB_USE_PCONNECT; > $this->default_db = DEFAULT_DB; $this->db_type = DB_TYPE; $this->db_mode > = DB_MODE; // added SQLITE open database file mode $this->debug = FALSE; > $this->logfile = 'db_queries.txt'; if ($this->debug) { $this->fp = > fopen($this->logfile, 'a'); } if ($this->db_use_pconnect) { > $this->pconnect($this->default_db); } else { > $this->connect($this->default_db); } if (($this->db_type != 'mysql') && > ($this->db_type != 'sqlite')) { die("Invalid database type in > config.inc.php"); } } function affected_rows($result) { switch > ($this->db_type) { case 'mysql': return > mysql_affected_rows($this->result); case 'sqlite': return > sqlite_changes($this->link_id); } } function auto_insert($table_name = > '') { switch ($this->db_type) { case 'mysql': $value = 'NULL'; break; > case 'sqlite': $value = 'NULL'; break; } if ($this->debug) echo > "auto_insert is $value> "; return $value; } function connect($db_name) { switch ($this->db_type) > { case 'mysql': $this->link_id = mysql_connect($this->db_host, > $this->db_username, $this->db_password) or $this->sql_error(); > mysql_select_db($db_name, $this->link_id) or $this->sql_error(); break; > case 'sqlite': $this->link_id = sqlite_open($this->default_db, > $this->db_mode, &$this->sqlite_error_msg) or $this->sql_error(); break; > } if ($this->debug) { fwrite($this->fp, $this->format_date() . " --- > Connected to " . $this->db_type . "---\n"); } return; } // this function > only used for escape in uploaded images function escape_data($data, > $size = 0) { switch ($this->db_type) { case 'mysql': $escaped_data = > addslashes($data); break; case 'sqlite': $escaped_data = > sqlite_escape_string($data); break; } return $escaped_data; } function > insert_id() { switch ($this->db_type) { case 'mysql': $insert_id = > mysql_insert_id($this->link_id); break; case 'sqlite': $insert_id = > sqlite_last_insert_rowid($this->link_id); break; } if ($this->debug) { > fwrite($this->fp, $this->format_date() . " Insert ID is " . $insert_id . > "\n"); } return $insert_id; } function fetch_array($result, $row = '0') > { switch ($this->db_type) { case 'mysql': return > mysql_fetch_array($result); case 'sqlite': return > sqlite_fetch_array($result); } } function fetch_object($result, $row = > '0') { switch ($this->db_type) { case 'mysql': return > mysql_fetch_object($result); case 'sqlite': if > (sqlite_has_more($result)) { return (object)sqlite_fetch_array($result, > SQLITE_ASSOC); } else { return FALSE; } } } function fetch_row($result, > $row = '') { switch ($this->db_type) { case 'mysql': return > mysql_fetch_row($result); case 'sqlite': return > sqlite_fetch_array($result, SQLITE_NUM); } } function format_date() { > switch ($this->db_type) { case 'mysql': return date('Y-m-d H:i:s'); // > 2001-12-06 18:00:00 case 'sqlite': return date('Y-m-d H:i:s'); } } // > returns an array with the field names for a given table_name function > list_fields($table_name) { switch ($this->db_type) { case 'mysql': > $fields = mysql_list_fields($this->default_db, $table_name, > $this->link_id); $columns = mysql_num_fields($fields); for ($i = 0; $i < > $columns; $i++) { $field[] = mysql_field_name($fields, $i); } break; > case 'sqlite': // TODO: this function only called from config_views -- > not used break; } // if ($this->debug) echo '> ' . print_r($field) . '> '; sort($field); return $field; } function num_rows($result) { switch > ($this->db_type) { case 'mysql': $numrows = mysql_num_rows($result); > break; case 'sqlite': $numrows = sqlite_num_rows($result); break; } if > ($this->debug) { fwrite($this->fp, $this->format_date() . " Numrows is > $numrows\n"); } return $numrows; } function pconnect($db_name) { switch > ($this->db_type) { case 'mysql': $this->link_id = > mysql_pconnect($this->db_host, $this->db_username, $this->db_password); > if (!$this->link_id) { $this->sql_error(); // database connection failed > } if (!mysql_select_db($db_name)) { $this->sql_error(); // unable to > select database } break; case 'sqlite': $this->link_id = > sqlite_popen($this->default_db, $this->db_mode, > &$this->sqlite_error_msg); if (!$this->link_id) { $this->sql_error(); } > break; } if ($this->debug) { fwrite($this->fp, $this->format_date() . " > --- Connected to " . $this->db_type . "---\n"); } } function prep_vars() > { $num_args = func_num_args(); $vars = array(); $magic_quotes_gpc = > get_magic_quotes_gpc(); switch ($this->db_type) { case 'mysql': if > ($magic_quotes_gpc) { for ($i = 0; $i < $num_args; $i++) { $vars[$i] = > func_get_arg($i); } } else { for ($i = 0; $i < $num_args; $i++) { > $vars[$i] = addslashes(func_get_arg($i)); } } break; case 'sqlite': if > ($magic_quotes_gpc) { for ($i = 0; $i < $num_args; $i++) { $vars[$i] = > sqlite_escape_string(stripslashes(func_get_arg($i))); } } else { for ($i > = 0; $i < $num_args; $i++) { $vars[$i] = > sqlite_escape_string(func_get_arg($i)); } } break; } return $vars; } > function query($sql_query) { if ($this->debug) { fwrite($this->fp, > $this->format_date() . " Query: $sql_query\n"); } switch > ($this->db_type) { case 'mysql': $result = mysql_query($sql_query, > $this->link_id); break; case 'sqlite': $result = > sqlite_query($sql_query, $this->link_id); break; } if (!$result) { > $this->sql_error($sql_query); } return $result; } function > sql_error($query = FALSE) { global $admin_email; switch ($this->db_type) > { case 'mysql': $this->sql_error_number = mysql_errno($this->link_id); > $this->sql_error_name = mysql_error($this->link_id); break; case > 'sqlite': $this->sql_error_name = > sqlite_error_string(sqlite_last_error($this->link_id)); break; } > $admin_blurb = (ADMIN_EMAIL) ? "site administrator " : "site > administrator"; echo "> There was an SQL error. The error message is:> *$this->sql_error_name*" . "> Please notify the $admin_blurb.> "; if ($this->debug) { fwrite($this->fp, $db->format_date() . " Error: > $this->sql_error_name\n"); } if ($query) { echo "The SQL Query that > failed is: *$query*"; } die(); } } ?>> > > ------------------------------------------------------------------------> > _______________________________________________> talk mailing list> talk at lists.nyphp.org> http://lists.nyphp.org/mailman/listinfo/talk

Please drop me an email...

--Daniel Kusnner

Dan Cech wrote:

>> > It is really preferable to take care of magic_quotes_gpc at the > beginning of the script, rather than at the time of insertion into the > database. By doing it that way any validation, redisplay, etc of > submitted data can be done without needing to worry about the effects of > magic_quotes.>

Agree. Since this was an add-on, I wanted to do all the db sensitive stuff in one place. I have an aversion to testing for the type of database in other places. In this case, it seemed the quickest way of dropping in SQLite support without regard to how a sever's php.ini file may be set up.

Ideally, all 'magic' stuff should be "off" as in the php-recommended file

J

FYI:

Open-source databases gaining favor | CNET News.com

http://news.com.com/2100-7344_3-5134836.html?tag=nefd_top

//---------------------------------------ejp at well.comhttp://www.exitart.orghttp://mygoo.typepad.com

Hi there,

I think that there's 3 points that need clarification:

(1) "Best Practice: Do not use the function addslashes but, instead, use afunction that is specific to your database."

Could the tutorial elaborate a little bit more on this? I have been usingaddslashes with Mysql with no problems and the tutorial doesn't convince me whyI should change to mysql_escape_string/mysql_real_escape_string.

(2) htmlentities/htmlspecialchars

I think the tutorial should insist that the best practice is not using thesefunctions on data that you want to *insert* in a database.

(3) "You will notice that two commands - addslashes and stripslashes - areconspicously absent from this article. If you follow our best practicerecommendations, there is no need to use either one of these functions in thesituations that have been examined."

The bit on stripslashes need also some clarification. Every time I insert somevalues in Mysql, I use addslashes, and when I want to get back these values fromthe database, I always use stripslashes on these values but the tutorial makesme realize now how stupid I am and that there's no need in fact to usestripslashes in this case. I don't know where I got this idea, but anyway, I'msure many people felt in this trap.

Anyway, thanks for the tutorial, I learned something :).

PS: My spell checker (Grammarian/OS X) flagged 'conspicously' and wanted'conspicuously' instead.

Cheers-Emmanuel--Emmanuel D?carie / Programmation pour le Web - Programming for the Web - Blog: - AIM: scriptdigital

Last month there was some discussion to the effect of "what was in their [the php developers'] mind when they created 'magic quotes'? "(why does PHP have this feature[?] at all?)

I was doing something else over the weekend, when I ran across the following thread:

Sara Golemon wrote (20 Feb 2003):

"I recall a discussion sometime back about making file_put_contents()(create a file and write the provided contents to it in one command)...Was it decided not to create these..."

http://www.zend.com/lists/php-dev/200302/msg00522.html

Following the thread can give you an insight (of sorts) into the collective mind of people working on PHP.

If this sort of thing interests you at all, I suggest you follow the thread at least to where Sascha Schumann says:

"That must be one of the most useless function proposals I've seen so far. Now, if the function could atomically replace file contents, then it would be something entirely different.

But a simple wrapper for a two-line fopen/fputs? Get real."

But I encourage you to follow the thread to where Rasmus Lerdorf says:

"I do agree with Sascha that file_put_contents() as it is currently proposed is useless"

Then take a look at the following:

http://php.us.themoes.org/manual/en/function.file-put-contents.php

T. Gales & Associates'Helping People Connect with Technology'

http://www.tgaconnect.com

Quotation:"in logic, the set of operators "not" and "or" is described as orthogonal,but the set "nand", "or", and "not" is not (because any one of these canbe expressed in terms of the others)."

from:http://dictionary.reference.com definition of 'orthogonal'

On Mon, 5 Jan 2004, Tim Gales wrote:

> Last month there was some discussion to the effect> of "what was in their [the php developers'] mind> when they created 'magic quotes'? "> (why does PHP have this feature[?] at all?)

FWIW, magic quotes dates back forever, all the way back to January 24,1996. This means it's 8th birthday is later this month! That's version1.99a of PHP. I'm sure it seemed helpful to Rasmus at the time. ;)

> Following the thread can give you an insight (of sorts)> into the collective mind of people working on PHP.

Oddly enough, I would say the majority of people who develop PHPhaven't actually used PHP in years. They used to use PHP, but gotbored writing Web pages and moved onto language development (err... orwriting books.)

This is, IMHO, a serious issue, but I haven't figured out how to fixit. Suggestions are welcome.

-adam

-- adam at trachtenberg.comauthor of o'reilly's php cookbookavoid the holiday rush, buy your copy today!

Hi Emmanuel,

Emmanuel D?carie wrote:> Hi there,> > I think that there's 3 points that need clarification:> > > (1) "Best Practice: Do not use the function addslashes but, instead, use a> function that is specific to your database."> > Could the tutorial elaborate a little bit more on this? I have been using> addslashes with Mysql with no problems and the tutorial doesn't convince me why> I should change to mysql_escape_string/mysql_real_escape_string.

Addslashes will escape " (double quote), ' (single quote) \ (backslash) and NUL (the null byte) with a backslash.

mysql_real_escape_string will take into account the character set of the current connection, and escape characters as appropriate. Both mysql_escape_string and mysql_real_escape_string will also quote instances of other characters which are 'special' in mysql, including:

\0An ASCII 0 (NUL) character.\'A single quote (`'') character.\"A double quote (`"') character.\bA backspace character.\nA newline character.\rA carriage return character.\tA tab character.\zASCII(26) (Control-Z). This character can be encoded to allow you to work around the problem that ASCII(26) stands for END-OF-FILE on Windows. (ASCII(26) will cause problems if you try to use mysql database < filename.)\\A backslash (`\') character.

In addition, they will encode any newlines into their encoded (\n or \r\n) counterpart.

All of the database-specific functions included these kinds of special cases for the particular database, whereas addslashes does not. For simple data it will work, but sooner or later you are going to end up in a situation where addslashes alone will fail.

> (2) htmlentities/htmlspecialchars> > I think the tutorial should insist that the best practice is not using these> functions on data that you want to *insert* in a database.

This is very true, I think that the article makes this fairly clear. This is not a matter of best practice, but something that should (almost) never be done.

> (3) "You will notice that two commands - addslashes and stripslashes - are> conspicously absent from this article. If you follow our best practice> recommendations, there is no need to use either one of these functions in the> situations that have been examined."> > The bit on stripslashes need also some clarification. Every time I insert some> values in Mysql, I use addslashes, and when I want to get back these values from> the database, I always use stripslashes on these values but the tutorial makes> me realize now how stupid I am and that there's no need in fact to use> stripslashes in this case. I don't know where I got this idea, but anyway, I'm> sure many people felt in this trap.> > Anyway, thanks for the tutorial, I learned something :).> > PS: My spell checker (Grammarian/OS X) flagged 'conspicously' and wanted> 'conspicuously' instead.

Conspicuously is correct.

Dan

> Cheers> -Emmanuel> --> Emmanuel D?carie / Programmation pour le Web - Programming for the Web> - Blog: - AIM: scriptdigital

--- Emmanuel D?carie wrote:> (1) "Best Practice: Do not use the function addslashes but, instead,> use a function that is specific to your database."> > Could the tutorial elaborate a little bit more on this?

First of all, this looks to be another great phundamentals article. Ireally like this series (or whatever you want to call it).

I agree with Emmanuel that some elaboration would be useful here. Whenevera best practice is seldom followed, a very clear justification can be agreat thing. Being right and convincing someone else that you're right areoften very different things. :-)

> (2) htmlentities/htmlspecialchars> > I think the tutorial should insist that the best practice is not using> these functions on data that you want to *insert* in a database.

More elaboration in general might be good. I would consider thesefunctions the "least you can do" when you're displaying potentiallytainted data to the user. If you're not displaying data, htmlentities()probably isn't going to offer you the type of protection you seek.

There are also two different opinions on this:

1. Perform htmlentities() prior to storage.2. Perform htmlentities() prior to display.

The first can be better if you must display data in HTML very often.Rather than perform htmlentities() every time, you can just pull straightfrom the database.

The second is usually best if you have other uses for the data besidesdisplaying it in HTML. It is also best if your security model revolvesaround cleaning up data the moment it enters into your application. Thiscan be a good approach in terms of keeping things simple for yourdevelopers.

The best thing to do in general would be to validate your data accordingto exactly what it is supposed to be. I'm not creative enough to think ofa way to inject some XSS that subverts htmlentities(), but it seems likesomething that might be possible. Also, adhering to strong securitypractices is a good idea in general, since such things can potentiallyprotect you from attacks that you're not even aware of.

> PS: My spell checker (Grammarian/OS X) flagged 'conspicously' and> wanted 'conspicuously' instead.

Probably because conspicously is not a word. :-)

Chris

=====Chris Shiflett - http://shiflett.org/

PHP Security Handbook Coming mid-2004HTTP Developer's Handbook http://httphandbook.org/

Adam Trachtenberg wrote:

"Oddly enough, I would say the majority of people who develop PHP haven't actually used PHP in years..."

Nevertheless it would seem that they would still care about the language.

If a proposed function is useless and addsbloat, why put it in PHP 5?

T. Gales & Associates'Helping People Connect with Technology'

http://www.tgaconnect.com

Chris Shiflett wrote:

> There are also two different opinions on this:> > 1. Perform htmlentities() prior to storage.> 2. Perform htmlentities() prior to display.> > The first can be better if you must display data in HTML very often.> Rather than perform htmlentities() every time, you can just pull straight> from the database. >

FWIW, I believe data should be "display-agnostic" for want of a better term. Keeping it "raw" is, in my opinion, the way to handle stored data.

John

--- John Lacey wrote:> > There are also two different opinions on this:> > > > 1. Perform htmlentities() prior to storage.> > 2. Perform htmlentities() prior to display.> > > > The first can be better if you must display data in HTML very often.> > Rather than perform htmlentities() every time, you can just pull> > straight from the database. > > FWIW, I believe data should be "display-agnostic" for want > of a better term. Keeping it "raw" is, in my opinion, the > way to handle stored data.

Yes, and this is why some people argue for case 2. However, believe mewhen I tell you that once you are having to fetch and display this datamillions of times a day, you might find yourself being a bit moreopen-minded. :-)

I think it's best to choose whichever approach is appropriate for thesituation.

Chris

=====Chris Shiflett - http://shiflett.org/

PHP Security Handbook Coming mid-2004HTTP Developer's Handbook http://httphandbook.org/

Chris Shiflett wrote:

> --- John Lacey wrote:> >>>There are also two different opinions on this:>>>>>>1. Perform htmlentities() prior to storage.>>>2. Perform htmlentities() prior to display.>>>>>>The first can be better if you must display data in HTML very often.>>>Rather than perform htmlentities() every time, you can just pull>>>straight from the database. >>>>FWIW, I believe data should be "display-agnostic" for want >>of a better term. Keeping it "raw" is, in my opinion, the >>way to handle stored data.> > > Yes, and this is why some people argue for case 2. However, believe me> when I tell you that once you are having to fetch and display this data> millions of times a day, you might find yourself being a bit more> open-minded. :-)> > I think it's best to choose whichever approach is appropriate for the> situation.

The nice thing about 30+ years in the computer business is that I don't feel I have to be right all the time.

J

Chris Shiflett wrote:

> --- Emmanuel D?carie wrote:> >>(1) "Best Practice: Do not use the function addslashes but, instead,>>use a function that is specific to your database.">>>>Could the tutorial elaborate a little bit more on this?> > First of all, this looks to be another great phundamentals article. I> really like this series (or whatever you want to call it).> > I agree with Emmanuel that some elaboration would be useful here. Whenever> a best practice is seldom followed, a very clear justification can be a> great thing. Being right and convincing someone else that you're right are> often very different things. :-)

See my reply, I am sure jeff is working on a little clarification as I type this...

>>(2) htmlentities/htmlspecialchars>>>>I think the tutorial should insist that the best practice is not using>>these functions on data that you want to *insert* in a database.> > More elaboration in general might be good. I would consider these> functions the "least you can do" when you're displaying potentially> tainted data to the user. If you're not displaying data, htmlentities()> probably isn't going to offer you the type of protection you seek.> > There are also two different opinions on this:> > 1. Perform htmlentities() prior to storage.> 2. Perform htmlentities() prior to display.> > The first can be better if you must display data in HTML very often.> Rather than perform htmlentities() every time, you can just pull straight> from the database.

The only advantage to this method is the speed increase, you still need to use addslashes, it takes up more space in the database, and it is only useful if you will only ever be outputting HTML.

> The second is usually best if you have other uses for the data besides> displaying it in HTML. It is also best if your security model revolves> around cleaning up data the moment it enters into your application. This> can be a good approach in terms of keeping things simple for your> developers.

This is the recommended procedure. For the vast majority of scripts the speed difference is negligible, especially when the added overhead in retrieving the html encoded data from the database is taken into account.

> The best thing to do in general would be to validate your data according> to exactly what it is supposed to be. I'm not creative enough to think of> a way to inject some XSS that subverts htmlentities(), but it seems like> something that might be possible. Also, adhering to strong security> practices is a good idea in general, since such things can potentially> protect you from attacks that you're not even aware of.

htmlentities is designed to prevent ANY characters which have special meaning in HTML from being inserted without conversion. The only way you could 'subvert' it in a document would be to exploit a bug in the function itself (ie a character which it does not convert. I would very much doubt if this is even possible).

You are absolutely correct though that any data submitted by a user should be subject to some form of error checking/cleaning before it it used for any purpose.

Dan

>>PS: My spell checker (Grammarian/OS X) flagged 'conspicously' and>>wanted 'conspicuously' instead.> > Probably because conspicously is not a word. :-)> > Chris> > =====> Chris Shiflett - http://shiflett.org/> > PHP Security Handbook> Coming mid-2004> HTTP Developer's Handbook> http://httphandbook.org/> _______________________________________________> talk mailing list> talk at lists.nyphp.org> http://lists.nyphp.org/mailman/listinfo/talk>

>> Being right and convincing someone else that you're right >> are >> often very different things."

Absolutely right! (No sarcasm intended!)

Just a general clarification to all concerning the "PHundamentals."

First, the general philosophy is to offer what the NYPHP community believes is "best practice." Of course, there are always exceptions to any rule depending on circumstance. However, we're trying to create some rules so that when you *do* have to break a rule...you know what rule you are violating.

Second, each article goes through a "beta phase" (see the note that appears at the bottom of the article) and this type of discussion is exactly what is needed to make sure that the final version addresses the majority of concerns.

Jeff Siegel

Dan Cech wrote:

> Chris Shiflett wrote:> >> --- Emmanuel D?carie wrote:>>>>> (1) "Best Practice: Do not use the function addslashes but, instead,>>> use a function that is specific to your database.">>>>>> Could the tutorial elaborate a little bit more on this?>>>>>> First of all, this looks to be another great phundamentals article. I>> really like this series (or whatever you want to call it).>>>> I agree with Emmanuel that some elaboration would be useful here. >> Whenever>> a best practice is seldom followed, a very clear justification can be a>> great thing. Being right and convincing someone else that you're right >> are>> often very different things. :-)> > > See my reply, I am sure jeff is working on a little clarification as I > type this...> >>> (2) htmlentities/htmlspecialchars>>>>>> I think the tutorial should insist that the best practice is not using>>> these functions on data that you want to *insert* in a database.>>>>>> More elaboration in general might be good. I would consider these>> functions the "least you can do" when you're displaying potentially>> tainted data to the user. If you're not displaying data, htmlentities()>> probably isn't going to offer you the type of protection you seek.>>>> There are also two different opinions on this:>>>> 1. Perform htmlentities() prior to storage.>> 2. Perform htmlentities() prior to display.>>>> The first can be better if you must display data in HTML very often.>> Rather than perform htmlentities() every time, you can just pull straight>> from the database. > > > The only advantage to this method is the speed increase, you still need > to use addslashes, it takes up more space in the database, and it is > only useful if you will only ever be outputting HTML.> >> The second is usually best if you have other uses for the data besides>> displaying it in HTML. It is also best if your security model revolves>> around cleaning up data the moment it enters into your application. This>> can be a good approach in terms of keeping things simple for your>> developers.> > > This is the recommended procedure. For the vast majority of scripts the > speed difference is negligible, especially when the added overhead in > retrieving the html encoded data from the database is taken into account.> >> The best thing to do in general would be to validate your data according>> to exactly what it is supposed to be. I'm not creative enough to think of>> a way to inject some XSS that subverts htmlentities(), but it seems like>> something that might be possible. Also, adhering to strong security>> practices is a good idea in general, since such things can potentially>> protect you from attacks that you're not even aware of.> > > htmlentities is designed to prevent ANY characters which have special > meaning in HTML from being inserted without conversion. The only way > you could 'subvert' it in a document would be to exploit a bug in the > function itself (ie a character which it does not convert. I would very > much doubt if this is even possible).> > You are absolutely correct though that any data submitted by a user > should be subject to some form of error checking/cleaning before it it > used for any purpose.> > Dan> >>> PS: My spell checker (Grammarian/OS X) flagged 'conspicously' and>>> wanted 'conspicuously' instead.>>>>>> Probably because conspicously is not a word. :-)>>>> Chris>>>> =====>> Chris Shiflett - http://shiflett.org/>>>> PHP Security Handbook>> Coming mid-2004>> HTTP Developer's Handbook>> http://httphandbook.org/>> _______________________________________________>> talk mailing list>> talk at lists.nyphp.org>> http://lists.nyphp.org/mailman/listinfo/talk>>> > _______________________________________________> talk mailing list> talk at lists.nyphp.org> http://lists.nyphp.org/mailman/listinfo/talk>

-- Found on the Simpson's Website:"Ooooooh, they have the internet on computers now!"

On Mon, 5 Jan 2004, Tim Gales wrote:

> Nevertheless it would seem that they would still> care about the language.

They do care about the language, it's just their motivations aren'tnecessarily aligned with users of the language. Nor do theynecessarily understand what many users are trying to do with PHP.

> If a proposed function is useless and adds> bloat, why put it in PHP 5?

I can replicate the majority of the functions in PHP using more lowlevel functions and operators, but that doesn't mean those functionsare useless and bloated.

In this case, I think it makes perfect sense to havefile_put_contents() if there's a file_get_contents().

Also, why would you want to subject people to C/Unix's fopen(),fwrite(), and fclose() when all they want to do is save stuff? Thatseems horribly tortured.

-adam

-- adam at trachtenberg.comauthor of o'reilly's php cookbookavoid the holiday rush, buy your copy today!

--- Adam Maccabee Trachtenberg wrote:> I can replicate the majority of the functions in PHP using more low> level functions and operators, but that doesn't mean those functions> are useless and bloated.> > In this case, I think it makes perfect sense to have> file_put_contents() if there's a file_get_contents().> > Also, why would you want to subject people to C/Unix's fopen(),> fwrite(), and fclose() when all they want to do is save stuff? That> seems horribly tortured.

I agree on all points, and I'm a big fan of stuff likefile_get_contents(). In fact, I think there should be amysql_connect_and_then_query_and_then_fetch_array() function. :-)

Chris

=====Chris Shiflett - http://shiflett.org/

PHP Security Handbook Coming mid-2004HTTP Developer's Handbook http://httphandbook.org/

I'm waiting for the generate_billing() function and the what I'm sure to be wildly popular extract_cash_from_deadbeats().

On Jan 5, 2004, at 2:36 PM, Chris Shiflett wrote:

> I agree on all points, and I'm a big fan of stuff like> file_get_contents(). In fact, I think there should be a> mysql_connect_and_then_query_and_then_fetch_array() function. :-)

Jeff Knightjeff not junkmail at lushmedia.com212/213-6558 x 203LUSH media110 W 40th St #1502New York, NY 10018

> I think there should be a > mysql_connect_and_then_query_and_then_fetch_array() function.

Could that be shortened to mysql_kvetch? ;)

Jeff Siegel

Chris Shiflett wrote:

> --- Adam Maccabee Trachtenberg wrote:> >>I can replicate the majority of the functions in PHP using more low>>level functions and operators, but that doesn't mean those functions>>are useless and bloated.>>>>In this case, I think it makes perfect sense to have>>file_put_contents() if there's a file_get_contents().>>>>Also, why would you want to subject people to C/Unix's fopen(),>>fwrite(), and fclose() when all they want to do is save stuff? That>>seems horribly tortured.> > > I agree on all points, and I'm a big fan of stuff like> file_get_contents(). In fact, I think there should be a> mysql_connect_and_then_query_and_then_fetch_array() function. :-)> > Chris> > =====> Chris Shiflett - http://shiflett.org/> > PHP Security Handbook> Coming mid-2004> HTTP Developer's Handbook> http://httphandbook.org/> _______________________________________________> talk mailing list> talk at lists.nyphp.org> http://lists.nyphp.org/mailman/listinfo/talk>

-- Found on the Simpson's Website:"Ooooooh, they have the internet on computers now!"

Adam Trachtenberg wrote:

" I can replicate the majority of the functions in PHP using more low level functions and operators, but that doesn't mean those functions are useless and bloated."

The bloat stuff I was referring to was:" Oh, come on. Put it into a utility library; this does not belong into the core of PHP. Or is your argument "we already have so much bloat, a bit more is ok, too"?

- Sascha "from:http://www.zend.com/lists/php-dev/200302/msg00551.html

Rasmus agreed (at least at one time) as previously noted that the function was useless.

"I do agree with Sascha that file_put_contents() as it is currently proposed is useless. People aren't currently writing inefficient code to emulate this behaviour so we aren't fixing a file/implode fiasco here. We do not need a core function to replace fopen(); fputs(); fclose()."

see:http://www.zend.com/lists/php-dev/200302/msg00559.html

It seemed to me that the function hadn't changed from the way it was proposed.

I don't know maybe they just changed their minds.

T. Gales & Associates'Helping People Connect with Technology'

http://www.tgaconnect.com

Hi,I'm trying to print out the contents of the $errorMessage array in this heredoc, but if I don't put the double quotes around the variable, PHP gives me an error. If I use the double quotes and the variable happens to be empty, I get "" in the page, which is not what I want.

How do I fix this?

Thanks,Stephen

echo > I originally had $errorMessage["username"] and PHP was complaining about that format.> > I presume this is the way it is supposed to work.> > Sorry about that.> > --Stephen

This is not good to keep 777 permission to your images (or any other file)as it is hazardous and can cause severe problem if someone can access yourfile system. Assigning permission 777 to any file may eliminate your problemtemporarily but eventually not suitable to carry on solving your problemswith this permission. Try to assing appropriate permission to your fileswhich is actually required and can keep them safe from being deleted ormisused. Read artilces about securiy and file permission on any good PHPsite or contact your server administrator for more information.

Anirudh Zala

----- Original Message -----From: "Webapprentice ." To: Sent: Saturday, 03 January, 2004 11:51 PMSubject: [nycphp-talk] Re: File Uploading Permission Problem (solved)

> I changed the permission of the target directory to 777, and the file wasable to move successfully. That was the problem.>> Good thing I didn't have to contact the host to resolve this.>> Thanks, Dan.>> >>>>Message: 12> Date: Sat, 03 Jan 2004 00:13:43 -0500> From: Dan Cech >> Subject: Re: [nycphp-talk] File uploading: When PHP doesn't have> permission to>> It sounds like you do have a permissions problem.>> You will need to make sure that the webserver process (usually> www-data> for apache) has permissions to write to the directory where you want> to> put the uploaded file.>> A simple test is to create a new directory and set permissions to> rwxrwxrwx (chmod 777), then try to move the file there. If it works> then you know what your problem is.>> As for fixing the permissions, you are going to have to figure out a> setting which gives the webserver the access it needs, without> causing> any security problems. There are several different ways to do it,> one> method is to set the group of the directory to www-data and use the> group permission setting to control the access you want to give to> php.>> Hope this helps,>> Dan _______________________________________________> talk mailing list> talk at lists.nyphp.org> http://lists.nyphp.org/mailman/listinfo/talk>

A revised version of the PHundamentals article "Functions for Storing Data Submitted From a Form and Displaying Data from a Database" has been posted.

See: http://phundamentals.nyphp.org/PH_storingretrieving.php

Jeff Siegel/Michael Southwell-PHundamentals Team

On Mon, 5 Jan 2004, PUTAMARE wrote:

> I'm waitin