Re: Accessing function file on another domanin

From: Mike Harvey (spam_at_spam.com)
Date: 10/29/04 

Date: Fri, 29 Oct 2004 21:56:29 GMT

On Fri, 29 Oct 2004 15:46:28 +0200, Brommer <brommer@gmail.com> wrote:
>First, like I said, you are assigning the result of the include to $x
>...this is always 1 (succes) or 0 (failed) ..not the file you try to
>include.
>

But... according to the PHP manual, it is supposed to work. Perhaps
I'm reading it wrong?

>Second, the return statement here is meaningless since there is nothing
>to return from. You are trying to include a file as if it was on your
>local filesystem but it is not..file 'A' accesses file 'B' in exactly
>the same way as you would with your webbrowser as others have pointed out.
>

According to the manual, $y cotains the result of function $_GET[f]()
and putting the return $y; in there is supposed to give the calling
file the contents of $y via the include() instead of a 1. See
http://us2.php.net/manual/en/function.include.php in the grey box just
above the User Contributed Notes.

>Third, calling functions like that directly from the querystring
>($_GET['f']() ) is extremely dangerous. Anybody with access to your
>webserver (ie if it is on the Internet anyone with Internet access) can
>execute any PHP function they want in your script.
>

Good point.... After thinking on this for a moment I'm thinking it
wouldn't be hard to restrict the $_GET[f]() line"f" to an allowable
list with an if() or switch() statement. That would allow only
intended functions to run and no other.

>In your second example script A calls script B, script B echoes the
>value of $y and then exits. Script A just includes these results nothing
>more, you cannot magically call functions between hosts like that.
>

Bummer!

>Maybe if you told us what you are trying to accomplish someone would
>have some better sugestions for you.
>

Probably would help. Here's the plan: I have been coding with PHP &
MySQL for over 7 years now. I have accumulated quite a collection of
functions that I use repeatedly in all my programs. I was thinking
other people could use these too but I would like to charge for their
use. I know that's not in line with the open scource spirit, but a guy
has to make a living some how. My server would be acting as an ASP.
Just like Janwillem Borleffs said earlier in this thread:

   "Another way is when the remote file accepts a parameter, parses
    it and returns the parsed result. This is the principle of an API,
    which is an interface to the actual program."

Does this help?

        Mike H.

Relevant Pages

  • Re: [PHP] PHP console script vs C/C++/C#
    ... My script is taking a longer time to execute than I want. ... I prefer to write in PHP because that is what I know best. ... This is why I am thinking about rewriting my whole script in a C language. ... Perhaps there are different methods I could be using to speed up execution. ...
    (php.general)
  • Re: How to Add a Feeback Form
    ... I saw nothing in that script that indicates where the form is e-mailed to so ... Greg Maxey/Word MVP ... PHP or not. ... have the support available yet. ...
    (microsoft.public.frontpage.programming)
  • How best to show PHP source? (was: One page, multiple submit buttons)
    ... script to add to the top of a PHP script to enable showing its ... Maybe anybody submitting their own PHP code for critique here ... Anything posted to a newsgroup is a "snapshot" of what the ... there ought to be a FAQ for this ...
    (comp.lang.php)
  • Re: [PHP] PHP console script vs C/C++/C#
    ... My script is taking a longer time to execute than I want. ... I prefer to write in PHP because that is what I know best. ... thinking about rewriting my whole script in a C language. ... execution of the code. ...
    (php.general)
  • Email form script
    ... I have a web form that posts to a .php ... who cannot run .php on their server. ... Or does anyone have a .asp script that will ... Thank you for choosing FormToEmail by FormToEmail.com ...
    (microsoft.public.scripting.jscript)