php.ini not being read in vista

Jerry Stuckle wrote:
>
> If that's the problem, there is an easy fix. Get he webserver user
> access to the php.ini file. It's pretty easy - at least on W2K and W2K3
> servers.

you'd think it would be easy, yes.

httpd.exe is owned by SYSTEM

SYSTEM supposedly has 'Full control' over C:\php\php.ini

but no go.

(As an aside, I presume you also know that even an admin user is
denied access to some directories in Vista. Go figure. Not
surprisingly, there is a theory out there that M$ has resolved to
throw most resources into Vista's replacement and therefore not
spend much on improving Vista.)


Note to Chuck: yes, my Apache has set--> PHPIniDir "c:/php"

Note to Animesh: this machine is specifically for Flash, and
Photoshop - so I have to have some M$ OS crap on here. Maybe
they'll be a class action soon to give Vista users a free XP.
Hey, it could happen :)

Michael Fesser wrote:
>
> Besides the other responses: Why do you want to turn them on?
> Magic quotes are broken and will be completely removed in PHP 6.
> There's no reason to use them.

well, the shared hosting server had them enabled.

But this morning, I determined how to disable them on the server
and so now I am going with magic_quotes_gpc disabled and using
mysql_real_escape_string() for every INSERT and SELECT to MySQL
(those are all the MySQL that I use.)

So: the PHP manual page on "mysql_real_escape_string" gives the
following example. My question: why are numbers or numeric
strings deliberately not escaped?

// Quote variable to make safe
function quote_smart($value)
{
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote if not a number or a numeric string
if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}


(sorry for the double-post before. The newsserver had told me
that the first posting had timed out.)

..oO(Jerry)

>Michael Fesser wrote:
>>
>> Besides the other responses: Why do you want to turn them on?
>> Magic quotes are broken and will be completely removed in PHP 6.
>> There's no reason to use them.
>
>well, the shared hosting server had them enabled.
>
>But this morning, I determined how to disable them on the server
>and so now I am going with magic_quotes_gpc disabled

Good.

>and using
>mysql_real_escape_string() for every INSERT and SELECT to MySQL
>(those are all the MySQL that I use.)

You should also consider to use PDO and prepared statements instead.
On the long run this will be the much more flexible and powerful way.

>So: the PHP manual page on "mysql_real_escape_string" gives the
>following example. My question: why are numbers or numeric
>strings deliberately not escaped?

If you've checked that the value is a number actually, you don't have to
escape it, simply because a number can't do any harm to the database.
Strings OTOH may contain characters that have a special meaning in an
SQL query. If you want the DB to interpret those chars literarily, you
have to escape them. That's what mysql_real_escape_string() does.

Micha

Jerry wrote:
> I tried to turn on magic_quotes_gpc
>
> behavior shows that it is Off
> phpinfo shows it is Off
> phpinfo shows path to config file as C:\php\php.ini
>
>
> setting:
> magic_quotes_gpc = On
> in C:\php\php.ini does nothing
>
> putting garbage into C:\php\php.ini results in NO error in Apache's
> error.log
>
> renaming C:\php\php.ini has No effect
>
> So it must be using default settings. How do I fix?

Did you restart Apache?


> I hate vista

Doesn't thrill me either.

Tony wrote:

> Did you restart Apache?

yes, thanks. Many times. It would have been nice if Apache gave a
notice that it was using a default ini config.

I am using .htaccess on the server to give a directive to disable
Magic Quotes. I suppose I could also use that approach to enable
them on my local machine, if ever necesary. IIRC there is a
performance hit that comes with using .htaccess (since each
subdirectory must then be searched for the existence of any
overriding .htaccess). But in my case, with low traffic, that
shouldn't matter much at all.

On Feb 28, 6:31 am, Jerry <Je...@nospam.not> wrote:
> Tony wrote:
> > Did you restart Apache?
>
> yes, thanks. Many times. It would have been nice if Apache gave a
> notice that it was using a default ini config.
>
> I am using .htaccess on the server to give a directive to disable
> Magic Quotes. I suppose I could also use that approach to enable
> them on my local machine, if ever necesary. IIRC there is a
> performance hit that comes with using .htaccess (since each
> subdirectory must then be searched for the existence of any
> overriding .htaccess). But in my case, with low traffic, that
> shouldn't matter much at all.

If you installed it using xammp then it will use the php.ini in apache/
bin folder. and not one in other places. Check correctly in phpinfo()
output which php.ini they are using. Then change the php.ini and
restart apache. You may have tried it. Still telling!

Satya wrote:
> On Feb 28, 6:31 am, Jerry <Je...@nospam.not> wrote:
>> Tony wrote:
>>> Did you restart Apache?
>> yes, thanks. Many times. It would have been nice if Apache gave a
>> notice that it was using a default ini config.
>>
>> I am using .htaccess on the server to give a directive to disable
>> Magic Quotes. I suppose I could also use that approach to enable
>> them on my local machine, if ever necesary. IIRC there is a
>> performance hit that comes with using .htaccess (since each
>> subdirectory must then be searched for the existence of any
>> overriding .htaccess). But in my case, with low traffic, that
>> shouldn't matter much at all.
>
> If you installed it using xammp then it will use the php.ini in apache/
> bin folder. and not one in other places. Check correctly in phpinfo()
> output which php.ini they are using. Then change the php.ini and
> restart apache. You may have tried it. Still telling!
>

Did you read his first post?

phpinfo shows path to config file as C:\php\php.ini


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================