NYCPHP Meetup

NYPHP.org

[nycphp-talk] FILE()

Néstor rotsen at gmail.com
Wed Oct 25 10:53:39 EDT 2006 

Daniel thanks for your help.

I can tell you that this is not user input but I was printing
variable to try to debug the problem.

I do not know what typos you are referring to since those lines
of code worked, can you tell me what typos you are talking about.

Putting the quotes around the $form is not necessary but is not ilegal.

The problem I found in calling the "FIle($file)".  $file will include a file
to
check for session information and it will send the page to a login page.
I found the problem as soon as I went home when I was thinking about it
while eating dinner (ha, ha,..)

Thanks for your help,

Néstor :-)

On 10/24/06, Daniel Convissor <danielc at analysisandsolutions.com> wrote:
>
> Hi Nestor:
>
> On Mon, Oct 23, 2006 at 04:58:59PM -0700, N?stor wrote:
> >  $from = $_SERVER['HTTP_REFERER'];
> >  print "refer=|" . $_SERVER['HTTP_REFERER'] . "|<br>\n";
> >  print "from=|" . $from . "|<br>\n";
> > ---
> >  refer=|http://maggie.sdcwa.org/eng/project/view_project.phtml|
> >  form=|http://maggie.sdcwa.org/eng/project/view_project.phtml|
> >
> > The problem is that if I use the code below to read the file then
> > $lines is empty.
> >  $lines = file("$from");
>
> First, let me say this is a VERY VERY VERY bad idea for security
> reasons.  Never use user input for stuff like that.
>
> Second, from the typos you have above, it is clear your example shown
> here is produced by typing rather than not copying and pasting.  So we
> can't diagnose what's really happening.
>
> Third, putting the quotes around $from in that last line is not
> necessary.
>
> Fourth, it seems like it's actually working because the call to file()
> is not throwing an error, right?  [Or are you going to pull one of
> those "Oh, yeah, I forgot to say, the Check Engine light is on"
> situations that happened on "Car Talk" a few weeks ago?]  Thus if
> $lines is empty, the file is empty.
>
> --Dan
>
> --
> T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
>             data intensive web and database programming
>                 http://www.AnalysisAndSolutions.com/
> 4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20061025/b60d388a/attachment.html>

More information about the talk mailing list