> From: tedd [mailto:tedd@xxxxxxxxxxxx] > At 10:59 AM -0400 3/26/07, Brad Fuller wrote: > > > >echo '<img src=image.php>'; > > > >This does not "run" or "call" image.php. > > > >This line of code sends this output to the browser. > > Brad: > > Yes, but the browser runs the code by trying to load an image. ... My response was attempting to explain why this: [snip] session_start(); $before = $_SESSION['code']; echo '<img src=image.php>'; $after = $_SESSION['code']; echo $before .' ' . $after; [/snip] prints the same security code twice. If it was an include or RPC or cURL, it would be a different story. But the client (browser) has to request the image for the security code to be updated in the session. The php code assigns the value to the "$after" variable before said request can occur. Therefore it makes sense that the same code appears twice. Once the browser has fully loaded the page that calls the image, the session variable has been changed. But that doesn't happen until all the php code has been run!!! Hope that makes sense. :) > Check this out: > > http://sperling.com/examples/assorted-captcha/index.php > > The first Captcha is the typical type and the image shown is created > by captcha.php via a simple img tag: > > <img src="captcha.php"> > > In this example, the "key" for this is passed via sessions and is not > included in a cookie nor dependant upon the value of the session id. > > Refresh the page and new values are shown because it's the tag that > causes the captcha.php script to run. > > Don't mind the Audio Captcha there, I have a better one. > > Cheers, > > tedd > -- > ------- > http://sperling.com http://ancientstones.com http://earthstones.com > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
