PHP :: Security Issues With PHP SSI

Security Issues?
I'm new to PHP but have read enough to know to ask the experts before implementing anything. I want to allow non-registered visitors to submit data via a form. That data would not be immediately viewable on the website (I would review and edit before adding the data to the rotation). The visitor would get a 'thank you' page upon submission (no posted data displayed back to them). Is there any danger to my database in allowing just text to be inserted? In other words, are there malicious things that malicious people could do with a text form? I'm not allowing image or file uploads or anything else.

View Replies !

Security Issues With Php
I'm hoping someone can enlighten me on security aspects to consider when building php websites. My own situation is I created a very simple cms, just a small project to get used to php. It seems that now someone is sending out spam on the server I'm on, and I was worried in case it was my script. There are no mail functions in it, and I used post instead of get as advised, so I'm not sure if could have been used in this way or not. But it got me thinking, and I realise I know absolutely sweet fa about security issues.

View Replies !

Security Issues
I have been told by many that there are security risks in globalizing classes, but have yet to get a straight answer as to why. Is there, and if yes what, security risks are there with globalizing classes in another class.

View Replies !

Two Security Issues
The last two (well not last, but last until it goes live - then more updates will be needed) are security issues. I have an admin section that I need to password protect. I can make a login section based on tutorials I have seen and by just fooling around, but security is the main issue I am worried about with it.

All the tutorials I read said this isn't the most secure way of doing it. I was curious what many people here found to be a secure way of creating a login section. If so, how did you do it? Did you use a tutorial? How about remembering a person, how did you incorporate that feature? Code:

View Replies !

Security Issues From URL Vars
I have a site, mainly only one page that includes different sections into html tables and yes the include var is from the URL! But I am not 100% stupid, I have made some error checking. My first and most important var is the language. I have this code at the top of my page. PHP Code:

View Replies !

Database Security Issues
All is fine and good
except for one problem. Here it is:

In order to provide connectivity to the database, I've created a file called
database.php which is readable only by the Apache web server.

It contained the following:

<?php

function database() {
$db = mysql_connect("localhost", "mtlstats", /* the password */);
mysql_select_db("mtlstats", $db);
return $db;
}

?>

I quickly realized that even though nobody could read the password from the
file, there was nothing preventing the other people with accounts on my web
server, from including this file into one of their own php scripts, and
hijacking the database. I therefore made a change, so that it would only
work when called from a file in the /mtlstats directory.

The file now reads as follows:

<?php

function database() {
if(strpos($PHP_SELF, "/mtlstats/") === 0) {
$db = mysql_connect("localhost", "mtlstats", /* the password */);
mysql_select_db("mtlstats", $db);
return $db;
}
return NULL;
}

?>

Unfortunately, I've discovered that although $PHP_SELF normally returns the
name of the file being processed by the server, when called from within a
function, it returns NULL for some reason. Can anyone suggest an
alternative means of correcting this problem?

View Replies !

Security Issues With File_upload ?
I want to ask my web hosts to allow file uploads with php since it is
currently turned off. I was wondering does this pose a security risk to
the server? What kinds of things should I check in my script when I use
file uploads?

View Replies !

SESSION Security Issues
<?php
if ($_SESSION['LOGGEDIN'] != TRUE){
echo "You are not logged in. Click <a href="../index.php">here</a> to login."; exit;}

?>
I have this at the top of my member page and i wanted to make a session page to i required this again for that page. but for this page this executes... but when i go back to member page i have no problem. :S any ideas?

View Replies !

Understanding Security Issues
I am designing a web site, and for the first time, in PHP. In no case have I ever had to worry about security until now. So I not only have a basic understanding of the need, I have no experience with the functions and storage of encrypted data. When a user logs into a system their password is passed to the server in clear text.

If that is not the case then how does the local system encrypt the password before it is sent to the server if there is no code running on the users computer to do the encryption? Once on the server the PHP code will MD5 or SHA-1 or use some other method to encrypt the password. Did I read correctly that a MD5 result is always 32 bytes? Or was it 32 characters? Sending the password back to the user for whatever reason will require decrypting before it is sent, so once again the password is traveling in clear text.

View Replies !

WAMP Security Issues
Was wondering if anyone knew of any security issues that may be associated with running WAMP as a local development environment. Are the tools that come with the packages (Apache, Mysql, etc.) installed such that the environment is pretty much locked down, or do I have to worry to patch things myself?

View Replies !

Form Security Issues
I recently made a change to our website that was very positive as far as lead generation is concerned. Our quote page hits almost double along with our conversions, but then it all went south. For some reason, even though we're still getting a huge number of hits to our quote page, we aren't getting any leads. Our quote form submissions have dropped off drastically. We run our form through the tectite PHP formmail platform. I've checked everything and it all looks fine, so I just can't figure out what happened. The only event that I can think of is the day that all of this happened we received five spam emails back to back. Is there anyway that our form could have been hijacked or something.

View Replies !

Top Ten PHP Security Issues, A Preliminary List
There's my draft list of the top ten PHP security issues. As you can see,
there's only nine right now. I've ranked them based on how readily the
vulnerability can be exploited. This is the reason why the client-side
scripting vulnerabilities are listed 2, 3, and 4, while SQL injection is
listed 7. Listed as number 1 is the arguably the lamest mistake in all
web-programming: pulling information from the database based on a
primary-key passed through the URL without any kind of access check. Because
even someone with no programming knowledge can take advantage of this hole,
it takes the top spot.

[drum roll]

1. Revealing private information without access check
2. Displaying user-provided text without escaping HTML special
characters
3. Allowing users to supply a URL for an image
4. Processing form data without checking the page referrer
5. Copying an uploaded file into a web-accessible directory
6. Using a GET/POST variable as parameter to include/require
7. Inserting GET/POST variables into SQL statements without validation
8. Using session_register() with sensitive variables
9. Performing restricted operations in the global scope of an include
file

The use of register_globals is not on the list, as the potential problems
are effectively covered by item 6, 7, 8, and 9 (or so I think).

I'll write up a more detailed description for each of these, along with
possible solutions, and post it somewhere on the net. Hopefully it'll be
interesting reading for beginners to the language.

View Replies !

Editable Web Page Security Issues?
Say I have a file called:

index.php

which just display some straight html text.

Now if I access:

index.php?editable=1

the page suddenly turns into a form that lets you edit the content of
the page. What are the security risks I need to be aware of when
programming such a page? How would a malicious visitor know that
index.php is editable AND know they have to type in
index.php?editable=1 to display the editable content?

Should I store the editable content in files with 777 permissions or
something less open?

Perl has taint mode and a lot of good regexes to extract only what you
want from user input. What are the similar things I should be using in
php?

View Replies !

Register_globals On Verses Off --- Security Issues?
I'm assuming, and perhaps you can may correct this assumption, but I'm assuming that when building a website for php and mysql, it is common, if you have a large product database with unique product IDs, to simply call those pages from one generic php page on your website, for example, http ://www.mydomain. com/products.php?prodID=blahblah

And of course, this is assuming that you want to have all your product pages look basically the same, but with different content. So you would call the page with the aforementioned URL, and the prodID would be sent as a variable with blahblah being the value assigned to this variable. And you can then use this variable in your script to query your database appropriately. Code:

View Replies !

Create XML File - Security Issues
I am thinking about how to improve one of my websites - the user has to wait a long time for data to load from the database..... I was thinking - what are the implications of having the data stored in an XML file...

updating is not an issue - as they only update the database once in a while... its mainly for reporting.

How could I protect the files from others viewing other people's files? ie: if you looked at the source code and saw the JS opening a file with "username.xml" they could just type random usernames and get other people's files and therefor data!!

maybe I could randomly name the files? Then store the random number in the db next to the username? the chances of a user guessing someone elses number is fairly small, right?

View Replies !

Security" Issues Posed By Globals ON.
I have a question related to the "security" issues posed by Globals ON.

It is good programming technique IMO to initialise variables, even if it's
just
$foo = 0;
$bar = "";

Surely it would be better to promote better programming than rely on PHP to compensate for lazy programming?

Of does turning RG off have some other benefit of which I am not aware?

View Replies !

Need To Do A 'Post A Video' Site (embed Only.) Security Issues
I am about to start one of those post your favorite youtube/liveleak /... video. It will be vbulletin integrated and I need to make sure that my programmer doesn't forget anything that could cause me to get hacked or whatever.

What things can get overlooked, yet are vital to security? Once again, the videos will be hosted by others.

Would a "Allowed to post from" domain list be smart? They will also be ratings and comments (so I can get as much text as possible.)

View Replies !

Security Issues With Posting Form Contents To Server?
I'm currently reading a php book that attempts to declare the security hazzards of not screening a form's content before allowing it to be posted, whether to a database, text file, or otherwise. Honestly, I still don't get what the problem is.

Lets say magic quotes is turned on. Could someone list the major things I should still be doing to prevent security problems? For example, the book says to use htmlspecialchars(), though how does allowing the user to enter HTML tags compromise anything? The data simply gets posted as is to a database, then output as is Maybe an annoying JavaScript is output, but hardly a security breach to the server itself as far as I can tell.

View Replies !

Saving Variables As Text Files: Any Security Issues?
I've been reading all the posts about permissions but I'd still like some help!
I'm building a site where I have user account folders containing photos and text files.

At this stage I'm not allowing user uploads - I'll do that myself via FTP, but for simplicity I'd like to save the settings and variables for each account in simple text files rather than use mysql.

In order for my scripts to change the values in these text files I need to change the permissions to allow writing - but I'm not sure exactly what secruity issues are involved?

View Replies !

Hand Made Shopping Cart. Merchant Security Issues
I have made my own shopping cart system. It's not the typical type where one adds multiple items into a cart. One simply selects the item they want, and then checks out. So I'm not using ANY session variables at all.

The problem... if there is one... is with my merchant. I collect all the customer data and then send it to the merchant for verification. If the card is accepted, the merchant "tells" me by forwarding to an acceptance page of my choosing and sending me some POST data.

Then on that page I deduct the inventory and ship out the product. What occured to me, is what if someone simply sends bogus POST data to that acceptance page? It seems like an obvious problem.

View Replies !

Security Issues :: $_GET Data Unchecked In An Include Statement
I recently discovered a security hole on my server where one of my clients was using $_GET data unchecked in an include statement. Now I know this is incredibly bad programming technique but I have quite a few sites on this server. Rather than trawling through all my clients code, is there a configuration setting that affects includes and basically disallows any script from including files from outside the server? Does safe_mode do this?

View Replies !

PHP Form Submission <input Type="hidden"> Security Issues?
Someone has said to me that when using a form (method = post), that storing data in "hidden" tags

ie <input type="hidden" name="myField" value="something">
means that the user can set the value to whatever they like

So my questions are:

1. How would they do this
2. How can I stop it
3. Do I have to abandon the hidden values and go with sessions?

View Replies !

PHP Security - Some Common Security Pitfalls That Are Inherent In The Language?
I'm working on developing an application in PHP4/MySQL and I've got very little experience with either. Most of my work is in ASP/Access and compiled programs. The app that I'm developing doesn't need to be perfectly secure, but I want to avoid common pitfalls, and I have no idea where to start.

From your experience, what are some common security pitfalls that are inherent in the language? I shouldn't have any trouble with program logic being an issue, just stuff that may be PHP specific. (Like the User being able to put anything that they'd like in the QueryString and having that show up as a variable in the script).

View Replies !

How Would Php Security Compare To Java Security?
I just want to know how would php security compare to java security? Its because that me and my officemate are developing a site which would handle confidential documents and we just cant decide on whether we should use php or java. Please do post you opinions regarding this and it would even be better if you could also post links to write-ups about php security.

View Replies !

Security - What Security Dangers Should I Be Aware Of?
I am quite new to PHP but I have managed to write a simple page create script. So far the script does not have any user input. It does open/write files and it also accesses my MySQL database. No variables are passed from script to script either.

My question is, what security dangers should I be aware of? My other question is, can you download a php file and view the contents?

View Replies !

Gd Issues
I got an image which i then want to modify using GD. the issue now here is, I cant store the image since the modification is only usable for each diffrent user and i dont want to send out the header allready.....is this even possible?

View Replies !

PDF Issues In IE
im having issue opening pdf's in IE, im basicly outputting a pdf to a browser by reading the file in then printing it out. The headers set are

header('Content-Type: application/pdf');
header('Content-Length: '.$file_size);
header('Content-Disposition: inline; filename="document.pdf"');

now this works fine on the local server in both IE and Firefox, however when i try and put it on the live server IE just asks wether i want to open or save "Adobe Acrobat Control for ActiveX". It works fine in firefox.

the headers sent on the live server show as

HTTP/1.0 200 OK
Date: Fri, 22 Dec 2006 12:11:25 GMT
Server: Apache/1.3.33 (Unix)
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Disposition: inline; filename="document.pdf"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
X-Powered-By: PHP/4.4.4
Content-Length: 229287
Connection: close
Content-Type: application/pdf

has anyone come accross the same problem and possibly a soloution?

View Replies !

Php 4/5 Issues
I'm building a website, and I've been using Php 5 on my computer. I found out, however, that my hosting company still uses php 4. I uploaded my php files anyway, and they don't seem to be working. Does anyone know a good place to find what in my Php files may not be compatible with Php 4?

View Replies !

Legal Issues With Php ?
I made a commercial application using php and mysql database. Now i am interested in legal issues regarding commercial distribution of that software. I intend to sell that php code (distribute my .php files only). As I understand, it is free to me, right ? Meaning php+mysql are free to use, I do not have to pay fees to authors of php and mysql ? Can you direct me to read some more articles on legal issues, or anything I need to know before selling my softweare?

View Replies !

Issues With Mail()
I basically wrote an auto emailer that will send a welcome email to a new user and then update the db to say that the mail had been sent in order to avoid sending a million emails.

The problem is this.. mail() doesn't always return true when an email has been sent successfully... I know this because I tested it on myself a number of times last night. In faact, I am not sure the mail() function has ever returned true after a successful exicution.

Now I really have no idea if the emails are being sent of not since the mail() function returns false all the time and I know that atleast some of the time mail is being sent but I can not be certain that it is always being sent due to mail() returning false.

View Replies !

PHP Paging Issues
I am reposting this becuase i left out some important information.

I am trying to create a "Question and Answer" app with pageing nav system that will take u to the "first" "last" "prev" and "next" question.

I also have it set up to carry over the pageing when you click on the answer link. Now this wher things get weird. Now the "next" link does not show up as a link even though it the IF THEN ELSE statment is satisfied....

View Replies !

SMTP Issues
For some reason my (IIS WinXP SP2) SMTP server doesnt send messages, everything comes through from php alright, the email is generated and so on, then all the mails endup in the: C:InetpubmailrootBadmail folder, ive tried all sorts on this one and it doesnt seem to work. I have had this setup before and worked fine but i belive i was using a bundled package of apache, php and mysql, at present im using standalone installations of the above mentioned.

View Replies !

Db Connection Issues
The pages I have are template driven and they seem to work until I try and connect to the MySql db - then the pages don't want to display properly. I am sure it is some error in the way I am coding it. code:

View Replies !

Having Some Date Issues
I'm creating a "power rankings" page and I have the database set up like this:

rank_id ¦ date ¦ player_id ¦ rank

I list each player and rank with the date (8 in total for each week).

I can get current rankings (or archived rank if viewing old rankings) with no problem. The problem I have is when I try to view the previous rank. I can't get the previous week to the one I'm viewing to work.

this is the code I current have. I need to change the "Get previous power8 date" section so that it gives me the date prior to either the current date, or the date given in the url.

//Get current power8 date
if(!empty($_GET)){
$current_power8 = $_GET['date'];
} else {
$query_current = "SELECT date
FROM power8
GROUP BY date
ORDER BY date DESC
LIMIT 0,1";
$current = mysql_query($query_current, $connectDB) or die(mysql_error());
$row_current = mysql_fetch_assoc($current);
$current_power8 = $row_current['date'];
}

//Get previous power8 date
$query_previous = "SELECT date
FROM power8
GROUP BY date
ORDER BY date DESC
WHERE date < $current_power8
LIMIT 0,1";
$previous = mysql_query($query_previous, $connectDB) or die(mysql_error());
$row_previous = mysql_fetch_assoc($previous);
$previous_power8 = $row_previous['date'];

I get an error with this: "WHERE date < $current_power8"

What can I do differently?

View Replies !

Loop Issues
I am having trouble trying to figure out how I should compose this loop to
give me ALL the results I want.
Below are my queries. I am querying two different databases to pull in
records that match the requested $id. I am then putting the result into a
$variable and also counting the number of rows returned. These queries work...

View Replies !

Upgrade To 4.3.10 Issues?
I got an email from my web host stating that they are going to upgrade
their PHP on the server from 4.3.8 to 4.3.10.

Are there any known problems with this upgrade that need to be addressed
in the PHP scripts I use? I'm sure there will always be some small
glitches in an upgrade like this but I'm looking for any info on the
scale of any "register globals = off" type changes.

View Replies !

Authentication Issues
Well not exactly authentication issues, i am having an issue that is driving me crazy. On my page's index i have three frames. One frame for the top (banners and such), a left frame (for navigation), and a right frame for the body of the site. My problem is that in the left frame I have a php script to determine whether someone's logged in or not (using cookies).

If the person is not logged in, the table displays a login for, but if they are logged it says "welcome <user>". Thus far everything works perfectly. The place where i am having issues is when the user isn't logged in it shows the form, then they proceed to log in. Upon successful authentication i have the login script doing something like this
PHP Code:

View Replies !

Unicode Issues...
I was wondering if anyone could give me some suggestions to an issue that I am having. Basically, I have a simple form posting the field results to a database, and a method of editing the data that is being entered. So, I have a user typing out unicode lets use the trademark symbol (&#8482 -> ™.

The data is Posted to the form processing page and is entered into the database as the actual unicode (as it is typed out). The issue is that when the code is in edit mode, it exists in the page source as unicode (as it was typed into the form), but displays to the user as the symbol, which is also correct. The problem is that when I hit submit and Post the data to the processing page, the symbol is being Posted not the actual code for the symbol, which was originally typed into the input box and which existed in the source code of the edit input box's value.

Is there anyway to escape this, and on what end (the edit form display or the edit form's processing page)? I already played with the utf8_encode/decode fucntions with no results. I would also consider htmlentites(), but haven't tried as of yet.

View Replies !

DOMXML Issues
I've been stabbing at this for the past hour and I figured it out, but
there's some erratic behavior under certain conditions that I think I
should mention...

I used tidy to clean up an html document before reading it into an xml
document via DOMDocument->loadXML(). When I load the page via
loadXML(), the XPath won't return values at all for queries other than
"//" "*" or "." (such as //a, etc)

When I switch to DOMDocument->loadHTML(), it works fine.

I was wondering if anyone could give me a reason for this. It works
now, so I'm not complaining, just there was nothing in TFM to lead me
to believe this behavior would arise.

PHP 5.2.0 with Suhosin-Patch 0.9.6.2 (cli) (built: Nov 30 2006
17:40:17)
Zend Engine v2.2.0, Copyright (c) 1998-2006 Zend Technologies

View Replies !

PHP And SELECT Box Issues
I have an input form for which I've created a "matrix" for user input.
Basically, the user chooses a radio button and then through javascript, a
select box is displayed to define a value for that radio option, like so:

Choice: (Radio1) type: (select box1)
Choice: (Radio1) type: (select box2)
Choice: (Radio1) type: (select box3)
Choice: (Radio1) type: (select box4)
Choice: (Radio1) type: (select box5)

I know, it looks confusing and is ;)

Now the problem is weird:

After a record is stored, I want to also pull out the data and repopulate
this form with it. I've used the "checked" attribute to define the correct
radio button, and the "selected" attribute to define the selected dropdown
value. This works properly and appears in my HTML properly however when I
make a new choice in the drop-down select box, the value designated as
"selected" always takes precedence when the form is posted.

I really need the user to be able to modify the selct box for the radio
button that has been checked, or to pick a new radio button and then choose
options from that associated select box. For the sake of orderly
presentation, this is the easiest method I have found but for PHP, I need
to override the "selected" value if something new has been chosen.

To clarify a bit further, here's an example of the HTML to visualize
things:

<html>
<head>
<title>Select Box problem example.</title><meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1">
<script language="JavaScript" type="text/javascript">
<!--
function hide(id){
if (document.getElementById && document.createTextNode){
spans=document.getElementById
('mainform').getElementsByTagName('span');
m=document.getElementById('mainform');
for (i=0;i<spans.length;i++){
m.getElementsByTagName('span')
[i].style.visibility='hidden'
m.getElementsByTagName('p')
[i].style.background='#eee'
m.getElementsByTagName('p')
[i].style.borderColor='#ccc'
}
if(id!='none'){
m.getElementsByTagName('span')
[id].style.visibility='visible'
m.getElementsByTagName('p')
[id].style.background='#ffc'
m.getElementsByTagName('p')[id].style.borderColor='#
000'
}
}
}

View Replies !

SOAP Issues
I have a "Hello World" web service written in C# running on a win2003 server. From a Linux server I have PHP code which tries to execute the web service. The problem is that when I print the results of the function I get "Object id #2" instead of "Hello World".

But if I inspect the response with _getLastResponse, the Hello World message is inside the XML. What Am I missing? Here is the code and the results afterwards. PHP Code:

View Replies !

Issues With ImageCreateFromJPEG
I'm struggling to get imagecreatefromjpeg to work correctly.

I'm running PHP 4.3.9 with GD bundled (2.0.28 compatible).

If I run this:

$myimage = imagecreatefromjpeg("myfilename");

I get this error message:

Fatal error: Call to undefined function: imagecreatefromjpeg() in....

If I run this:

$myimage = @imagecreatefromjpeg("myfilename");

My program crashes out.

View Replies !

Memory Issues
i have alot of raw data (e.g. x-coords, y-coords) stored in text files,
and i'm reading from those text files so that i can use that data to
create graphs. i'm currently using the image_graph package
(http://pear.php.net/package/Image_Graph/) to create these graphs. the
problem i'm having is that my memory usage just after creating less
than 5 graphs is already at 3.5 megs, and i need to create over 100
graphs. so, memory usage is a big problem. does anyone have any
suggestions on how alleviate this problem?

View Replies !

Zend Issues
does anyone know of a way to decrypt zend files? it just comes up blank when i try to open it because its encrypted. and without decrypting it i can't fix the file.

View Replies !

Session Issues
I'm building a simple login form with a "remember me" checkbox. I've done
this before, just keeping the username and a hash of the password in a
cookie, and changing the expiration of the cookie based on the checkbox, but
this time I want to use sessions instead.

There's another site I was looking at which gives you a session cookie
immediately. When you log in, log out, quit the browser, or anything, the
cookie still contains the same session id, whether or not you checked the
remember me box. So the session hasn't expired, yet they still have the
"remember me" functionality.

How do you do that?

I'm thinking of tricks surrounding saving the time they logged in and
whether they chose the checkbox, but all of them would log a user out
eventually if they sat on the same page for too long.

View Replies !

Compiling Issues
I'm having issues compiling php v4.2.2 on Redhat 9.0. The goal
ultimately is to compile in mcrypt support, but that's a bit down the
road from here. I've chased down the dependencies for the configure
options below (I think), but it still won't configure.

It appears to be choking on MySql (v3.23.54). The error I get is
something like:

/usr/bin/ld : cannot find -lmysqlclient

However, /etc/ls.so.conf appears to point to the correct directory:
/usr/bin/mysql, the contents of which are listed below.

-----------------------------
Configure options:

--host=i386-redhat-linux --build=i386-redhat-linux
--target=i386-redhat-linux-gnu --program-prefix= --prefix=/usr
--exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin
--sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include
--libdir=/usr/lib --libexecdir=/usr/libexec --localstatedir=/var
--sharedstatedir=/usr/com --mandir=/usr/share/man
--infodir=/usr/share/info --cache-file=../config.cache
--with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d
--enable-force-cgi-redirect --disable-debug --enable-pic --disable-rpath
--enable-inline-optimization --with-bz2 --with-db3 --with-curl
--with-dom=/usr --with-exec-dir=/usr/bin --with-freetype-dir=/usr
--with-png-dir=/usr --with-gd --enable-gd-native-ttf --with-ttf
--with-gdbm --with-gettext --with-ncurses --with-gmp --with-iconv
--with-jpeg-dir=/usr --with-openssl --with-png --with-regex=system
--with-xml --with-expat-dir=/usr --with-zlib --with-layout=GNU
--enable-bcmath --enable-exif --enable-ftp --enable-magic-quotes
--enable-safe-mode --enable-sockets --enable-sysvsem --enable-sysvshm
--enable-discard-path --enable-track-vars --enable-trans-sid --enable-yp
--enable-wddx --without-oci8 --with-pear=/usr/share/pear
--with-kerberos=/usr/kerberos --with-ldap=shared --with-mysql=shared,/usr
--------------------------------------------------------

View Replies !

Issues With PHP5
I've used php4 I just created a site and am using php5 server... now some of my commands are broken if(isset($HTTP_POST_VARS) doesnt workand my method of passing a variable through a url doesn't work also... ?id=1 anyone know what the fixes are?

View Replies !

Mysql_num_rows Issues
$item_name = $_POST['item_name'];
$item_author_id = $_SESSION['id'];
$item_location = $_POST['item_location'];
$item_description = $_POST['item_description'];
$item_type = $_POST['item_types'];
$extra_notes = $_POST['item_notes'];
$check_name = mysql_query("SELECT * WHERE item_name = '{$item_name}'");

if (mysql_num_rows($check_name) == 0){...

error Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:WAMPwwwPPitemprogramcreate_item.php on line 14

trying to make it so it will check if that item name has already been used ot not, if not it will do the if and if no it will do the else.

View Replies !

Forum Issues
i am making a forum and on he index its supposed to have a list of forums, i have that but when you clock a forum its supposed to link to a sub forum, the sub forum should show posts in a table forumtutorial_posts that have forumid to the same value as the forum is in. heres my code:

View Replies !

URL Redirect Issues
I currently have a script that redirects the user to another page if a form button is clicked. This redirect works fine right now, but I need it to redirect the user to a different page based on certain conditions. I've tried two things, and both have failed. My problem will no doubt make more sense after I post the code of my two attempts. Code:

View Replies !

PHP Cookies Issues
I am calling an application which needs some cookies to be set to function properly. The appln sets some cookie parameters on login and on furthur calls it require these cookies to follow.

I was successful in storing the cookies as a txt file using CURL. But in the furthur calls , how to pass that?

from curl tutorial i came to know that the cookies are automatically passed to the furthur calls. But how can i check that? If i have one variable Jsessionid in the cookies test, how can i check whether that variable remains the same in the next call?

Also, setting the cookies in the header and calling an url like http://xyz.com?JsessionId=abcd are same or not?

View Replies !

Security Issues With PHP SSI

I was wondering if there are any security issues I should know about with using PHP Server Side Includes.