Re: works in 4.4.2 - breaks in 5.2.1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thanks, sorry to expose my extreme ignorance. Glad I could provide some comic relief, though :-) 
I appreciate the advice, will study php interfacing with mysql and set it up better. Will also study on pr0n spam and race conditions so I don't contribute to more bad code. You are probably right about the HTTP_RAW_POST_DATA being at the source of it. My studies on php.net found http_post_data, but not http_raw_post_data.
I'll keep studying.
jimbo

*********** REPLY SEPARATOR  ***********

On 6/5/2007 at 7:52 PM Jochem Maas wrote:

>Jim Berkey wrote:
>> I'm familiar with actionscript, but pretty new to php . . .I have a
>guestbook script that worked fine until my host upgraded to php 5.2.1 -
>can anyone tell me what part of my if statement or variable is breaking in
>5.2.1? I send the new data with Flash using xml.sendAndLoad, to the xml
>file via standalone php file shown below. 
>> tia,
>> jimbo
>
>aside from the fact that this script has a big fat race condition waiting
>to happen,
>and you should probably be using a database for storage, and that it seems
>to be possible
>to inject just about *anything* into the guestbook.xml file (pr0n spam
>anyone?) ...
>what exactly is going wrong?
>
>at a guess $HTTP_RAW_POST_DATA is not set so nothing is being written, you
>should use something like the following to get the data instead
>(the comment is optional ;-):
>
>	// $xmlString is completely unvalidated/unsantized and could contain all
>sorts of crap!
>	$xmlString = file_get_contents('php://input');
>
>also STFW, there is plenty out there regarding your problem, (including
>stuff
>related specifically to flash), e.g.:
>
>http://www.phpbuilder.com/board/showthread.php?t=10304087
>
>> 
>> <?php
>> $file = fopen("guestbook.xml", "w+") or die("Can't open XML file");
>> $xmlString = $HTTP_RAW_POST_DATA; 
>> if(!fwrite($file, $xmlString)){
>>     print "Error writing to XML-file";
>> }
>> print $xmlString."\n\n";
>> fclose($file);
>> 
>> exit;
>> ?>
>> 
>> 
>
>-- 
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php

i

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux