> $carpeta = "subidos"; // nombre de la carpeta ya creada. chmool 777
> (todos los permisos)
>
> copy($_FILES['file']['tmp_name'] , $carpeta . '/' . $_FILE
> ['file']['name']);
It's $_FILES not $_FILE (an 's' on the end).
It's always worth using error_reporting(E_ALL) and
ini_set('display_errors', true) when doing development, this would have
triggered a notice or warning (can't remember which).
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
php4 to php5
am 04.04.2008 00:40:23 von John Dillon
I suppose I am behind the time in migrating from php4 to 5. That said,
my main problem is getting variables recognised. I can see how to do it
- you need to identify all the variables that could be sent from the
page and then assign a name, as in $myvar=$_GET['myvar'] and ditto for
POST variables if any. Is there a function to convert all get and post
variables to $_GET and $_POST, or is that a security concern? The
further I have got is this:
however I would like to do this for all variable, I tried iterating
through the $_GET and $_POST arrays but could not get it to work.
Anyway the main reason I am writing is:
- where the web page form uses the POST method, but there are parameters
in the URL after the ? sign, these 'get' parameters seem to stay there
when you submit the form from eg button. So, let's
say the script will add a line if addlines=y, if before you submit the
form you have ?addline=y in the URL you will continue to add lines
according to the script even though there is no hidden variable on the
page called 'addline', because every time you submit the form with POST
you have addline=y in the URL - if the script looks at GET variables
then this will feed into the script. This does not seem to happen with
php4 - if the page does not submit an 'addline' variable from a form
field, it will not feed into the script. So what's the rationale for
that (the URL submitting the variables) and what is the usual solution?
The problem arises on this particular page because of a mix of buttons,
some are javascript and send the addline=y with onClick.
John
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Sounds like you're talking about the register_globals functionality. It's a
php.ini setting that will cause $_POST['foo'] or $_GET['foo'] to be copied
to the global variable $foo. This is somewhat of a security risk, thus
disabled by default.
There's another superglobal array that you might find useful: $_REQUEST.
$_REQUEST consists of variables from $_GET,$_POST,$_COOKIE (in that order, I
believe).
http://us3.php.net/manual/en/ini.core.php#ini.register-globa ls
--GREG
On Thu, Apr 3, 2008 at 6:40 PM, ioannes wrote:
> I suppose I am behind the time in migrating from php4 to 5. That said, my
> main problem is getting variables recognised. I can see how to do it - you
> need to identify all the variables that could be sent from the page and then
> assign a name, as in $myvar=$_GET['myvar'] and ditto for POST variables if
> any. Is there a function to convert all get and post variables to $_GET and
> $_POST, or is that a security concern? The further I have got is this:
>
> function php5($var) {
> if(ISSET($_POST[$var])&&$_POST[$var]<>"") {
> $newvar=$_POST[$var];
> } else {
> $newvar=$_GET[$var];
> }
> return $newvar;
> }
>
> $input_variable=php5('input_variable');
>
> however I would like to do this for all variable, I tried iterating
> through the $_GET and $_POST arrays but could not get it to work.
>
> Anyway the main reason I am writing is:
>
> - where the web page form uses the POST method, but there are parameters
> in the URL after the ? sign, these 'get' parameters seem to stay there when
> you submit the form from eg button. So, let's say the
> script will add a line if addlines=y, if before you submit the form you have
> ?addline=y in the URL you will continue to add lines according to the script
> even though there is no hidden variable on the page called 'addline',
> because every time you submit the form with POST you have addline=y in the
> URL - if the script looks at GET variables then this will feed into the
> script. This does not seem to happen with php4 - if the page does not
> submit an 'addline' variable from a form field, it will not feed into the
> script. So what's the rationale for that (the URL submitting the variables)
> and what is the usual solution? The problem arises on this particular page
> because of a mix of buttons, some are javascript and send the addline=y with
> onClick.
>
> John
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Sounds like you're talking about the register_globals functionality. It's a
php.ini setting that will cause $_POST['foo'] or $_GET['foo'] to be copied
to the global variable $foo. This is somewhat of a security risk, thus
disabled by default.
There's another superglobal array that you might find useful: $_REQUEST.
$_REQUEST consists of variables from $_GET,$_POST,$_COOKIE (in that order, I
believe).
http://us3.php.net/manual/en/ini.core.php#ini.register-globa ls
--GREG
(note:I also posted this to the php-general list as it isn't a db-related
topic.)
------=_Part_4050_19097177.1207263946997--
Re: Re: [PHP-DB] php4 to php5
am 04.04.2008 01:09:53 von List Manager
Greg Bowser wrote:
> Sounds like you're talking about the register_globals functionality. It's a
> php.ini setting that will cause $_POST['foo'] or $_GET['foo'] to be copied
> to the global variable $foo. This is somewhat of a security risk, thus
> disabled by default.
>
> There's another superglobal array that you might find useful: $_REQUEST.
> $_REQUEST consists of variables from $_GET,$_POST,$_COOKIE (in that order, I
> believe).
Here is a snippet from my php.ini file
; This directive describes the order in which PHP registers GET, POST, Cookie,
; Environment and Built-in variables (G, P, C, E & S respectively, often
; referred to as EGPCS or GPC). Registration is done from left to right, newer
; values override older values.
variables_order = "GPCS"
Get -> Post -> Cookie -> Session
With the latter overwriting the previous.
>
> http://us3.php.net/manual/en/reserved.variables.php
>
> http://us3.php.net/manual/en/ini.core.php#ini.register-globa ls
>
> --GREG
>
> On Thu, Apr 3, 2008 at 6:40 PM, ioannes wrote:
>
>> I suppose I am behind the time in migrating from php4 to 5. That said, my
>> main problem is getting variables recognised. I can see how to do it - you
>> need to identify all the variables that could be sent from the page and then
>> assign a name, as in $myvar=$_GET['myvar'] and ditto for POST variables if
>> any. Is there a function to convert all get and post variables to $_GET and
>> $_POST, or is that a security concern? The further I have got is this:
>>
>> function php5($var) {
>> if(ISSET($_POST[$var])&&$_POST[$var]<>"") {
>> $newvar=$_POST[$var];
>> } else {
>> $newvar=$_GET[$var];
>> }
>> return $newvar;
>> }
>>
>> $input_variable=php5('input_variable');
>>
>> however I would like to do this for all variable, I tried iterating
>> through the $_GET and $_POST arrays but could not get it to work.
>>
>> Anyway the main reason I am writing is:
>>
>> - where the web page form uses the POST method, but there are parameters
>> in the URL after the ? sign, these 'get' parameters seem to stay there when
>> you submit the form from eg button. So, let's say the
>> script will add a line if addlines=y, if before you submit the form you have
>> ?addline=y in the URL you will continue to add lines according to the script
>> even though there is no hidden variable on the page called 'addline',
>> because every time you submit the form with POST you have addline=y in the
>> URL - if the script looks at GET variables then this will feed into the
>> script. This does not seem to happen with php4 - if the page does not
>> submit an 'addline' variable from a form field, it will not feed into the
>> script. So what's the rationale for that (the URL submitting the variables)
>> and what is the usual solution? The problem arises on this particular page
>> because of a mix of buttons, some are javascript and send the addline=y with
>> onClick.
>>
>> John
>>
>>
>> --
>> PHP Database Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>
--
Jim Lucas
"Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them."
Twelfth Night, Act II, Scene V
by William Shakespeare
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
$carpeta =3D $_SERVER['DOCUMENT_ROOT']."/subidos"; // nombre de la carpeta =
ya
creada. chmool 777 (todos los permisos)
copy($_FILES['file']['tmp_name'] , $carpeta . $_FILE['file']['name']);
Regards,
Tacio Vilela
2008/4/2 Chris :
>
> $carpeta =3D "subidos"; // nombre de la carpeta ya creada. chmoo=
l
> > 777
> > (todos los permisos)
> >
> > copy($_FILES['file']['tmp_name'] , $carpeta . '/' . $_FILE
> > ['file']['name']);
> >
>
> It's $_FILES not $_FILE (an 's' on the end).
>
> It's always worth using error_reporting(E_ALL) and
> ini_set('display_errors', true) when doing development, this would have
> triggered a notice or warning (can't remember which).
>
> --
> Postgresql & php tutorials
> http://www.designmagick.com/
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>