|
BobJanova wrote: if you want a client/server non-HTTP chat, you don't want to be using PHP to write it.
I hope you'll find the above added emphasis clears your doubt.
|
|
|
|
|
|
Hello guys;
I am from .NET background where I write data access code to any database platform using the DbFactory and the like.
I need a sample code that can connect to any database that all i need to supply is the database provider name, database name, user name, password, etc.
Thank you for your understanding and support.
|
|
|
|
|
PHP Manual
>> Function Reference
>> >> Database Extensions
>> >> >> Abstraction Layers
Peter
Software rusts. Simon Stephenson, ca 1994. So does this signature. me, 2012
|
|
|
|
|
|
hi ,
if you want to connect to the Mysql database you can use the below code to connect and select your database
<?php
mysql_connect("localhost", "admin", "1admin") or die(mysql_error());
echo "Connected to MySQL<br />";
mysql_select_db("test") or die(mysql_error());
echo "Connected to Database";
?>
|
|
|
|
|
I truly appreciate your response.
|
|
|
|
|
Ah the joys, 9 million pieces of advice, guidance and code and not one agrees with another.
So I spent some time reading around and checking out the source for PEAR Mail and PHP Mailer and this is what I've managed to surmise - bearing in mind I am a beginner in most things and definitely in PHP, regex etc. (and essentially at zero when it comes to RFC822, SMTP etc. etc.)
What I really want to understand (rather than simply solve) is how to best protect a web contact form from being used maliciously.
Based on my limited understanding, one approach might be this - so, is it good, bad, misleading, wrong or (and this would be a surprise) not half bad?
1/ First use filter_var twice, once with FILTER_SANITIZE_EMAIL and then FILTER_VALIDATE_EMAIL on the from address only (since we supply the to address)
2/ Optionally use the PHP Mailer regex as belt and braces, again on the from address only ->
return preg_match('/^(?:[\w\!\#\$\%\&\'\*\+\-\/\=\?\^\`\{\|\}\~]+\.)*[\w\!\#\$\%\&\'\*\+\-\/\=\?\^\`\{\|\}\~]+@(?:(?:(?:[a-zA-Z0-9_](?:[a-zA-Z0-9_\-](?!\.)){0,61}[a-zA-Z0-9_-]?\.)+[a-zA-Z0-9_](?:[a-zA-Z0-9_\-](?!$)){0,61}[a-zA-Z0-9_]?)|(?:\[(?:(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.){3}(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\]))$/', $address);
3/ Optionally test user data such as subject, name etc. (anything that goes in the header) with the regex from phundamentals ->
function safe( $name ) {return( str_ireplace(array( "\r", "\n", "%0a", "%0d", "Content-Type:", "bcc:","to:","cc:" ), "", $name ) );}
4/ Then build the headers array and use string replacement or preg_replace to remove line endings
5/ This could be as simple as the PHP Mailer string replace -> ("\r", "\n") or the more 'complex' PEAR Mail preg_replace ->
=((<CR>|<LF>|0x0A/%0A|0x0D/%0D|\\n|\\r)\S).*=i which appears to define extra descriptions of an EOL - for PHP v5+, could use str_ireplace instead of preg_replace
For reference here are the notes I made that led to my uninformed and speculative ideas above:
function safe( $name ) {return( str_ireplace(array( "\r", "\n", "%0a", "%0d", "Content-Type:", "bcc:","to:","cc:" ), "", $name ) );}
$reply_to = filter_var($reply_to, FILTER_VALIDATE_EMAIL); if(!$reply_to) {...}
function sanitize(&$array) { foreach($array as &$data) $data = str_replace(array("\r", "\n", "%0a", "%0d"), '', stripslashes($data)); } }
if (function_exists('filter_var')) {
if(filter_var($address, FILTER_VALIDATE_EMAIL) === FALSE) {
return false;
} else {
return true;
}
} else {
return preg_match('/^(?:[\w\!\#\$\%\&\'\*\+\-\/\=\?\^\`\{\|\}\~]+\.)*[\w\!\#\$\%\&\'\*\+\-\/\=\?\^\`\{\|\}\~]+@(?:(?:(?:[a-zA-Z0-9_](?:[a-zA-Z0-9_\-](?!\.)){0,61}[a-zA-Z0-9_-]?\.)+[a-zA-Z0-9_](?:[a-zA-Z0-9_\-](?!$)){0,61}[a-zA-Z0-9_]?)|(?:\[(?:(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.){3}(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\]))$/', $address);
}
public function SecureHeader($str) { return trim(str_replace(array("\r", "\n"), '', $str)); }
function _sanitizeHeaders(&$headers)
{
foreach ($headers as $key => $value) {
$headers[$key] = preg_replace('=((<CR>|<LF>|0x0A/%0A|0x0D/%0D|\\n|\\r)\S).*=i', null, $value);
}
}
Mike
|
|
|
|
|
SMTP is a text format with CRLFs (line breaks) used in the header section. So make sure nothing which the user enters for the header section (probably just an email address) contains a line break.
Then, if you're using simple text format, the message is ended by a dot on a line on its own. So make sure the message doesn't contain that, or use a multipart format where you set the boundary (and, obviously, pick something which doesn't occur in the text).
|
|
|
|
|
Thanks for the reply.
That recommendation is in quite a few places but if it's so simple why do PHP Mailer and PEAR Mail (for example) do far more than just that?
I'm assuming the developers aren't dim so there must be a reason for it - that's what I'm trying to understand.
Mike
|
|
|
|
|
In short they are sanity checking for valid input (i.e. trying to determine that an email address is valid), not just protecting you from service abuse (i.e. using features of the protocol to make the system do something unexpected).
|
|
|
|
|
Thanks for sticking with me (and the long delays between replies).
So, given that this is an age old problem, how come they both take different strategies to sanity checking and injection prevention? You'd have thought that for such a well known issue there's almost be an industry 'standard' approach for both issues and which is optimised in every which way, well tested and verified etc. For two of the major OS projects delivering this functionality to be taking different approaches / models seems kinda odd - you know, learn what is best from each other and slowly but surely they coalesce onto the exact same code.
Also interested to know if you add the 'correct' rules to Quickform2 then do you get the same / better / worse sanity / injection checking that PHP Mailer and PEAR Mail provide?
Thanks again,
Mike
|
|
|
|
|
please help!
this is the errors
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/content/12/8488612/html/users/1000.php:2) in /home/content/12/8488612/html/users/1000.php on line 3
Warning: Cannot modify header information - headers already sent by (output started at /home/content/12/8488612/html/users/1000.php:2) in /home/content/12/8488612/html/users/1000.php on line 20
modified 6-Jul-12 13:39pm.
|
|
|
|
|
A number of operations can not be performed once the HTML header has been opened; session_start() should be called well before anything else that generates HTML code, such as a simple echo "Hello".
As a test, comment out session_start() and see what gets emitted, that is likely to tell you where you went wrong.
And why was your message type "General", rather than "Question"?
|
|
|
|
|
Are you including this PHP file inside another file? if so make sure that include statement is the first statement in that file
Niranga De Silva
Software Engineer @ 99X Technology
|
|
|
|
|
Perhaps you have used Unicode for designing your webpage,
beside that "session_start()" must be the first line of your web page . so some times one code has been added to the page for encoding purpose. it's better to use standard PHP editor like "Zend Studio" to see and remove this code before session_start()
|
|
|
|
|
Hi
I am new to linux and was supposed to use Database.
I don't no much about that.
Can anyone please tell me how can I create, insert, update and delete data from a database.
Thanks in advance
-- modified 6-Jul-12 7:16am.
|
|
|
|
|
There is no way we can provide an answer to a question like this. The first thing you need to do is to decide what data you need to keep in your database, and then start thinking about what to put in your tables and how the information may need to be linked. However, if you have no experience of databases you may need to do some studying in advance - some of these links[^] may be useful to help you get started.
|
|
|
|
|
Can anyone find an error in this query ?
try {
$dbh = new PDO(' ….. ');
$stmt = $dbh->prepare('INSERT into customer (name) values (:name)');
$stmt->bindParam(':name', 'lilly');
$stmt->execute();
$dbh = null;
} catch (PDOException $e) {
print "Error!: " . $e->getMessage() . "<br/>";
die();
}
It doesn't display any error and neither does it perform the insert??
Thanks
|
|
|
|
|
Strange, when I run the code I get this error message:
Fatal error: Cannot pass parameter 2 by reference in ...
If you look at the PDOStatement::bindParam() documentation, the second argument is passed by reference, so I guess you can't pass a literal value by reference.
|
|
|
|
|
hi,
How to implement amazon product advertise api to my website search field ?
any one help to me
Thank u
|
|
|
|
|
|
hi,
i have a html data(more than window size) as php variable .
i want to load that data on scrolling down .
any one can help to me....
thank u.
|
|
|
|
|
Why not just output it all and let the browser take care of the scrolling? All browsers do an excellent job of scrolling if they need to do so.
Peter
Software rusts. Simon Stephenson, ca 1994. So does this signature. me, 2012
|
|
|
|
|
Thank u for your reply
total data is loaded at a time not like that for reference www.gobuy.co.uk check that after search.
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
