cmccully

Hi All, I am building an input filter and using the white list approach. I am going to allow only the following characters: a-z A-Z 0-9 . - _ @ ' # ~ space I realize that the email specification allows for other characters however I am worried about what a bad guy may be able to do if I allow every character included in the specification. Are there other characters I should allow? Any of these I should exclude? Also, any thoughts on stripping out illegal characters versus rejecting the input? I am a bit concerned about re-displaying the offensive string in the web browser to allow the user a chance of correcting it. Am I being too paranoid? Any help or comments are appreciated. Thanks! cmccully

Hi, I am trying for determine the best way to setup my SSL enabled Aapche2 server. I have the latest version built from source. My question involves the proper use of IP addresses / Domain names. I read that two IP addresses are necessary for SSL. One for the non-secure side and one for the secure side. During the development of my site I am using strait IP addresses. Once the site is completed I will use domain names such as mysite.com and secure.mysite.com. One of the problems I am encountering is that when I move the user over to the secure side of the site I lose the php session variables. I believe this is because I am changing to a new domain. This makes me think that my hole approach to SSL may be incorrect. Can anyone point me to documentation on the best practices to setting up an SSL Server and how best to switch the user over to the secure side? Thanks. Curtis L. McCully

If you are willing to spend some money the book: Creating Interactive Websites with PHP and Web Services by: Eric Rosebrock is excellent. You can skim it and learn the basics or dig in and really learn PHP with this book.

Well, I have always liked salt in my food, now I think I like salt in my password code as well. Thanks for the tip Corbin.

Thanks for the info! cmccully

Hi, I am unclear as to what you are asking. Do you need help with the queries to pull the data from the tables or help with displaying the info to the web page? Curtis

Hi, I use PHP for my web site and am concerned with the security implications of this language. The recent month of PHP bugs has illustrated some of the problems with this language. However, what I am wondering is how PHP stacks up against other server side languages such as Perl and Python. I rarely hear about problems with these languages and I’m wondering if this is because they are becoming less prevalent or if they are inherently more secure, or am I simply oblivious. Obviously, how a language is used, such as not validating input can create serious security problems so we all need to be careful. I guess the question I have is: how much does security depend on the language in use and how much does it depend on us the programmer? cmccully

Hi, I am looking for some help with styling an evaluation form. I would like to convert over from table based to CSS. The form I have uses a series of tables to format the evaluation form and looks like this: <table border="0" align="left" width="100%"> <tr> <td colspan="6"><p>The objectives for this course were clearly stated!</p></td> </tr> <tr> <td> <div align="center"> <input name="eval_q1" type="radio" value="1" /> </div> </td> <td> <div align="center"> <input name="eval_q1" type="radio" value="2" /> </div> </td> <td> <div align="center"> <input name="eval_q1" type="radio" value="3" /> </div> </td> <td> <div align="center"> <input name="eval_q1" type="radio" value="4" /> </div> </td> <td> <div align="center"> <input name="eval_q1" type="radio" value="5" /> </div> </td> <td> <div align="center"> <input name="eval_q1" type="radio" value="6" /> </div> </td> </tr> <tr> <td width="80"><div align="center" class="rev_resp">Strongly Agree</div></td> <td width="80"><div align="center" class="rev_resp">Somewhat Agree</div></td> <td width="80"><div align="center" class="rev_resp">Neutral</div></td> <td width="80"><div align="center" class="rev_resp">Somewhat Disagree</div></td> <td width="80"><div align="center" class="rev_resp">Strongly Disagree</div></td> <td width="80"><div align="center" class="rev_resp">Not Applicable</div></td> </tr> </table> </div> <p> </p> <table border="0" align="left" width="100%"> <tr> <td colspan="6"><p>The course content met the stated objectives!</p></td> </tr> <tr> <td> <div align="center"> <input name="eval_q2" type="radio" value="1" /> </div> </td> <td> <div align="center"> <input name="eval_q2" type="radio" value="2" /> </div> </td> <td> <div align="center"> <input name="eval_q2" type="radio" value="3" /> </div> </td> <td> <div align="center"> <input name="eval_q2" type="radio" value="4" /> </div> </td> <td> <div align="center"> <input name="eval_q2" type="radio" value="5" /> </div> </td> <td> <div align="center"> <input name="eval_q2" type="radio" value="6" /> </div> </td> </tr> <tr> <td width="80"><div align="center" class="rev_resp">Strongly Agree</div></td> <td width="80"><div align="center" class="rev_resp">Somewhat Agree</div></td> <td width="80"><div align="center" class="rev_resp">Neutral</div></td> <td width="80"><div align="center" class="rev_resp">Somewhat Disagree</div></td> <td width="80"><div align="center" class="rev_resp">Strongly Disagree</div></td> <td width="80"><div align="center" class="rev_resp">Not Applicable</div></td> </tr> </table> All of this is of course stuck in a <form> tag. Any sugestions are appreciated. Curtis

Here is a link to a page that demonstrates what I am talking about [url=http://66.245.241.43/test]http://66.245.241.43/test[/url] Attached are images of this page that have been printed [attachment deleted by admin]

Hi,   I have a page with gif images that have a transparent background. This page displays correctly with both Firefox and IE. However, when I print this page to paper Firefox ignores the transparency in the gifs. Anyone run accross this? The page will display and print properly in Firefox if I use png images instead. However, IE will not dispaly them. I could have 2 different versions of the page and display according to the browser used but I am hopeing for an easyer solution. cmccully

Hi,   What are the problems, if any of running raid and particularly software raid on the root folder. Also, I have setup a test system with software RAID 1 on SUSE 9. The system takes way, way, too long to copy files. About an hour to copy 5 gig from one folder to another. I would expect longer write times but this is excessive. Any ideas?   By the way, I found something interesting when setting this up. The drives are 80 gig and the bios for this old system will not regognise them. So, I set the jumbers on the drives to clip them at 32 gig. System boots normally but Linux sees them as the full 80 gigs. You just have to love this operating system :). cmccully

Try using javacript. use the on_click or on change property. You can have this function call your php function or the same page. Hope this helps. cmccully

What about using the same page and recursively calling it to perform the functions required by each page? have the page submit a hidden field then read the vallue of the field and use a swith statement to perform the function needed. Use the default case to perform the functions that page A would perform. That page sets the field value to something like 'page_b', then your case for 'page_b' would do its business then set the field to 'page_c'.  Because you have not really left the page all your variables will still be available. I use this approach all the time when I have a form that needs to be filled in. The initial load of the page displays a blank form. When the form is submitted I check that all the fields have been entered and the data is appropriate. If anything is wrong, I display the form again. I embed php in the form elements to echo the values that were entered the last time. It looks something like this: [quote]<?php echo"<form name='form1' method='post' action='login.php'>   <p> <label> Username: <input name='username' type='text' id='username' value='$username'> </label>   </p>   <p> <label> Password: <input name='password' type='password' id='password' value='$password'> </label> <input name='req' type='hidden' id='req' value='process'>   </p>   <p> <label> <input type='submit' name='Submit' value='Submit'> </label>   </p>   <p>&nbsp;</p> </form>"; // Determin if form has been submitted. $req = (!isset($_REQUEST['req'])) ?'default' : $_REQUEST['req']; switch($req) { case "process"; // Form HAS been submitted. // Do what you want here..... break; default: // HTML has not been accessed yet so load page. echo"<form name='form1' method='post' action='login.php'>   <p> <label> Username: <input name='username' type='text' id='username' value='$username'> </label>   </p>   <p> <label> Password: <input name='password' type='password' id='password' value='$password'> </label> <input name='req' type='hidden' id='req' value='process'>   </p>   <p> <label> <input type='submit' name='Submit' value='Submit'> </label>   </p>   <p>&nbsp;</p> </form>"; break; ?> [/quote] The above code is not complete but shows what I am talking about, hope this helps. cmccully

Thanks cmccully

Hi jspringfield,   If the information you want to make available to other pages is not sensitive then you can use sessions, like so. // start the session then give it a name. session_start(); session_name('any_name_you_want'); // create session variable like this- $_SESSION['variable_name'] = "This is a test of PHP sessions"; // use them like this- echo "session variable show your secrets now: " . $_SESSION['variable_name']; These session variables will be unique to each user and follow them throughout your site. They will be active as long as the user has their browser open unless you set them to expire after a specified time. cmccully