SitePoint Sponsor

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 25 of 34

Thread: php.in file

  1. #1
    SitePoint Member
    Join Date
    Aug 2010
    Location
    London
    Posts
    24
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    php.in file

    Hi all,

    I'm new to PHP, I got a problem with my php.ini file. My web hosting does not create one, I have to create it myself, but have no idea how. Any ideas how is it done? What setting in that file mean what? Any links to more info would appreciated.

    Thanks a lot.

  2. #2
    SitePoint Evangelist smftre's Avatar
    Join Date
    Dec 2008
    Location
    London
    Posts
    436
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You say you have a problem with your php.ini file and then you say you dont have one, which one is it?
    Are you on a shared or dedicated hosting package? Are you trying to overrite php server values?
    Statvoo.com The Website Traffic Monitor
    The best way to monitor traffic to your sites for free!


    Web Development London UK We make web 3.0 applications

  3. #3
    SitePoint Member
    Join Date
    Aug 2010
    Location
    London
    Posts
    24
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    There was no php.ini on a server. I found one on the net, but not sure if it worked on my shared web hosting. It's this one: http://www.reallylinux.com/docs/php.ini
    I know I can change email values, but does it have anything to do with MySql database?

  4. #4
    SitePoint Evangelist smftre's Avatar
    Join Date
    Dec 2008
    Location
    London
    Posts
    436
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you have shared hosting then there is one, in order for PHP to run, it requires one, but it wont be in your local path, so you can either create a small one with just the values you need or create a .htaccess and do it in there.

    ..and dont put that file above in your root....
    Statvoo.com The Website Traffic Monitor
    The best way to monitor traffic to your sites for free!


    Web Development London UK We make web 3.0 applications

  5. #5
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    It is seen by most as being a critical, but time-consuming, task as a learner to read and study all those comments inside your php ini file when starting out.

    You do not need to fully understand what all of it means when starting out, but you must appreciate the impact it has on PHP applications which start running on those directives.

    It tells PHP which key components to load up when the server is started/restarted, for example (you asked about databases).

    Now, many of those directives can be adjusted at the page level or at the directory level - with apache .htaccess files and so on.

    The danger is that your provider will have by necessity screwed down tightly (you hope!) many of the security features for very good reasons, and will not look kindly to you overriding them.

    So know what you are doing.

    That said, there must be a specific reason you want to add a php.ini file? If you told us that we might be able to show you another way to alter the directive you think needs adding/adjusting.

    http://www.php.net/manual/en/ini.list.php - see especially the column marked changeable

  6. #6
    SitePoint Member
    Join Date
    Aug 2010
    Location
    London
    Posts
    24
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've got .htaccess file in my root folder, but there's nothing in there, it's blank. I guess I should write something in there, but not sure what.

    It say here (http://help.justhost.com/questions/7...ni+settings%3F), that I have to create php.ini file, it's not included in current phpSuExec installation.

  7. #7
    SitePoint Evangelist smftre's Avatar
    Join Date
    Dec 2008
    Location
    London
    Posts
    436
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What are you trying to achieve? Maybe knowing that will help us tell you what to type in there?!
    Statvoo.com The Website Traffic Monitor
    The best way to monitor traffic to your sites for free!


    Web Development London UK We make web 3.0 applications

  8. #8
    SitePoint Member
    Join Date
    Aug 2010
    Location
    London
    Posts
    24
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I know the basic of php.ini, but I don't know how do I change values and I don't know if it depends on what hosting is it. I've got cPanel, maybe some other panels need some different values in php.ini- have no idea.

    What I want to do is- to have a contact form on my site and when user fills it out and sends- I receive an email. Sounds simple, but it's not

    Thanks for link, I will check it out gradually, it takes some time to digest all that

  9. #9
    SitePoint Member
    Join Date
    Aug 2010
    Location
    London
    Posts
    24
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What I want to do is- to have a contact form on my site and when user fills it out and sends- I receive an email. Sounds simple, but it's not

  10. #10
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    Did you try the mail() function, hardcode your own email address in the $to argument, no need to always have your email address in the ini file.

    http://php.net/manual/en/function.mail.php

  11. #11
    SitePoint Evangelist smftre's Avatar
    Join Date
    Dec 2008
    Location
    London
    Posts
    436
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So you want to make sure sendmail is emailed or are you using PHPMailer class or something else?
    Statvoo.com The Website Traffic Monitor
    The best way to monitor traffic to your sites for free!


    Web Development London UK We make web 3.0 applications

  12. #12
    SitePoint Member
    Join Date
    Aug 2010
    Location
    London
    Posts
    24
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks Cups- another good link No, I haven't tried mail() function, nor PHPMailer- I don't know what that is..
    I had XHTML, CSS and JS in the uni, but PHP is quite difficult to me.
    Any good tutorial how do I create that a contact from in sort of step-by-step way?

  13. #13
    SitePoint Evangelist smftre's Avatar
    Join Date
    Dec 2008
    Location
    London
    Posts
    436
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sounds like you dont need php.ini at all! All you need is to learn how to add variables into mail() (php.net/mail)
    Statvoo.com The Website Traffic Monitor
    The best way to monitor traffic to your sites for free!


    Web Development London UK We make web 3.0 applications

  14. #14
    SitePoint Member
    Join Date
    Aug 2010
    Location
    London
    Posts
    24
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Good news I'm off now, will try mail() later, will let you know of outcome.
    Thanks a lot!

  15. #15
    SitePoint Member
    Join Date
    Aug 2010
    Location
    London
    Posts
    24
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I managed to finish my form with mail() and it works! Now I have to do a form validation. If I did validation with JS or jQuery, how would PHP know that it passed that validation?

  16. #16
    SitePoint Zealot
    Join Date
    Feb 2011
    Posts
    101
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Rolandas View Post
    I managed to finish my form with mail() and it works! Now I have to do a form validation. If I did validation with JS or jQuery, how would PHP know that it passed that validation?
    There are 2 types of valiation, Client-side and Server-side validation, jquery, and javascript etc, is running client-side - That means, the validation happens on the client's computer, if the user 'fails' the validation, jquery/javascript will take care of that.. 1 problem can be, if the user disable javascript in their browser - Then it will just get passed anyway, because the validation can't run.

    So you need to make server-side validation too, using regex and so.. I'm not very good at it myself, but etc, to check if an field is empty or not you can do:

    PHP Code:
    if(isset($_POST['submit'])) {
       if(!empty(
    $_POST['field'] || !empty($_POST['anotherfield'])) {
          
    mail();
       } else {
          echo 
    "You need to fill out the form";
       }


  17. #17
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    Good reply from zerpas which clears up the part that js plays in security - that is - none at all.

    Whatever comes from the internet must be treated as highly suspicious as it could contain code which could damage your system, or cause damage to (in this case) whoever opens your emails. Not what you want.

    The basic premise is this: Filter Input, Escape Output (FIEO) with that you can do more searching and familiarise yourself with these two principles.

    eg

    you have a box for a phone number call it $tel, so if $tel contains anything other than digits, spaces and say a dash - then you either:

    a) abort or b) tell the user they got it wrong, try again.

    You could say that b) can be done in JS - the user cannot submit the form unless the pattern they enter matches - and that would be a good example of PHP working in tandem with JS.

    So if you take the trouble to explain to your users that $tel should only be digits, spaces and a dash - and you enforce that in JS and something other than that arrives - you have to make a decision, do you try and clean the data up and carry on, or just quit.

    I invariably just do a) and quit.

    So that is an example of Filtering Input against expectations.

    If you are storing data from the internet into your database you have to Escape it in order to protect your database from sql injection (see Little Bobby Tables to see a humorous take what that could mean).

    If you are sending an email you need to likewise escape the data to make sure you did not miss something in your Filtering in order to protect the user from XSS attacks.

    So you Escape the data in order to protect the next environment that data is headed for...

    One way to think about this is that PHP is the man in the middle.

    In the left hand arrives data, is it what I expected? If yes, pass it to the right hand and decide what, if anything will I do with that data? Escape it to protect that next environment.

    PHP has pretty much all of the functions you need to handle this work.

    http://php.net/manual/en/book.filter.php

    is a good place to start, though there are many other tricks you can employ.

    htmlentities
    htmlspecialchars
    et al

    mysql_real_escape_string

    Although for databases most common wisdom since the advent of PHP5 has been to favour using prepared statements with mysqli or PDO.

  18. #18
    SitePoint Member
    Join Date
    Aug 2010
    Location
    London
    Posts
    24
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for code
    One question though..
    If I validate my form with JS (for example), fields are not filled correctly- the JS would display an error message, so the PHP. Would I get two error messages- one from JS and another from PHP?

  19. #19
    SitePoint Member
    Join Date
    Aug 2010
    Location
    London
    Posts
    24
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I don't use MySql yet for forms, but surely will some day, it's a very good info you posted, thanks Cups.

    Maybe the best practise for now would be to use JS with regular expression to validate form, once the fields are filled correctly- use PHP just to check if the fields are not left blank.

    Another thing I just got in my mind.. When user clicks on 'Submit' button- JS runs first and then PHP. Or do they run at the same time? Sorry, I have to get a logic of this process into my head first.

    And thanks for links!

  20. #20
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    For a normal user the JS code would ideally stop the form from being submitted - so PHP should never see $tel with a bracket (<) or a letter in it.

    If PHP DOES detect something other than digit, space, dash - it means either:

    a) Someone with JS turned off made an error (despite your clear warnings on the GUI?)
    b) Someone intentionally turned JS off and submitted some data to probe you
    c) A bot hit your page and filled in the form automatically with something nasty like spam or worse

    In any of those cases, they did not see the JS warning.

    To fully understand it, you need to make a simple form with one text element, on the JS side you build that so the form cannot submit if the text area is empty.

    The only way to post back the form (as a normal browser-based user) with the text box empty - is to turn JS off.

    The edge case we all have to deal with is this one, what if the user is visually disabled, is browsing with JS turned off ... are your warnings on the GUI ("Please only enter numbers and a space") sufficient **? Or do you really have to feed back bold red text saying "numbers only please"?

    The answer is "it depends", some criteria are:

    How much you value the user
    The amount of time the user is likely to have invested in your form
    whether they have an account and are logged in

    ** Then your client thinks that text looks ugly and says "can we just do away with it?". Harrumphhhh...

  21. #21
    SitePoint Member
    Join Date
    Aug 2010
    Location
    London
    Posts
    24
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok, will try one simple form, maybe that will clear things out.

    As I understand- you're saying that PHP should check form fields not only if they are blank, but also check a format entered (for example email field should be 'myemail@domain.com')? Does PHP use RegEx?

  22. #22
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    Exactly! Fall back to Regex if you really have to.

    PHP has evolved to hide many regexes behind the Filter classes I mentioned before. See :

    http://www.php.net/manual/en/filter....s.validate.php - validate email - yes/no
    http://www.php.net/manual/en/filter....s.sanitize.php - sanitize email - clean up and carry on

  23. #23
    SitePoint Member
    Join Date
    Aug 2010
    Location
    London
    Posts
    24
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks a lot! That is cool

    Will be back later with results and more questions

  24. #24
    SitePoint Member
    Join Date
    Aug 2010
    Location
    London
    Posts
    24
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi
    I managed to validate my form with jQuery, form sends email, but when clicked on 'Send'- it opens another page, where my mail() is. I would like it not to be directed to .php file, how can I do that?

  25. #25
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    Once the email has been successfully sent, use PHP to redirect the user to a destination of your choice, does not have to be a PHP file...

    PHP Code:
    if ($mailsent === true){

    header("Location: /thankyou.htm");
    exit();  
    // important!

    Could even be to a PHP page with a flag that shows different messages:
    PHP Code:
    {
    header("Location: /thankyou.php?msg=23");
    exit(); 
    // !

    thankyou.php
    PHP Code:
    <?php

    $wily_coyote_messages 
    = array(
    0=>"Funny? That should not happen ...",
    1=>"Welcome, now please proceed under this huge rock.",
    ...
    23="Your email is sent! Thanks for your interest in Acme Rocket Skates",
    );

    if( isset(
    $_GET['msg'])){
    echo 
    "<p>" $wily_coyote_messages [(int)$_GET['msg']] . "</p>";
    }


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •