I know I can write a php script and save it with an image ext. by adding the following to my .htaccess
AddType application/x-httpd-php .gif
But what if I only want files in a certain directory to be treated as such? How would I do that? I'm thinking about making a a footer for my email account, I would like to gather some basic non-intrusive data with it. Would this even work (assuming the client doesn't have images turned off)?
<Files "/thisdirectory">
AddType application/x-httpd-php .gif
</Files>
See here for Apache 2.4 docs.
http://httpd.apache.org/docs/current/mod/core.html
Related
I'm using PhpStorm 2016 with php language level 5.6 and the interpeter is PHP 5(5.6.24) and xampp version 3.2.2 .
I'm trying to add some php code in html page,
I created a file .htaccess in the same folder where my html file located, and put AddType application/x-httpd-php5 .html .htm inside it, added <?php echo "example" ?> but it doesn't show up.
I even tried <FilesMatch "\.html$">
ForceType application/x-httpd-php
</FilesMatch>, AddHandler application/x-httpd-php5 .html .htm and AddType application/x-httpd-php .html .htm but nothing work, don't know what eles to do.
Hope you can help me with any idea.
Thank you.
You may need to edit the Apache config file, and check if AllowOverride is set to none. If AllowOverride is set to None, .htaccess files are completely ignored.
See httpd.apache.org/docs/2.4/mod/core.html#allowoverride
To allow only the ForceType directive it would be
AllowOverride FileInfo
or if you want all entries in your .htaccess to be honored, then
AllowOverride All
In order to get xampp to interpret the file as PHP, you will need to set the Apache Server web-root to the base of your project (where the html files are) and access the webserver via the server (HTTP in a web-browser).
It sounds like you're trying to access the file directly with the browser (skipping the PHP processor).
What I'm trying to do is get my html/php code to display data from my MySQL in a table.
It connects just find to the database, but I think I'm getting an error at: $resultt=$con->query("SELECT DisplayName, Kills, Deaths, Wins, Lost FROM TTPlayer"); for it always shows that code as text on the webpage when I execute it. Also in the tables it shows each of the row methods and their variable Thanks in advance for any help!
Code:
http://pastebin.com/j1EDux5y
Executed webpage:
http://pasteboard.co/2pzqESnw.png
"It is a .html file, I will check on php5_module – ZachtheBoB 2 mins ago"
.html file extensions will not parse PHP directives.
A .php extension is required to do this, plus making sure a webserver and PHP are installed and properly configured.
If on a local machine, you will need to access it like http://localhost/file.php and not file:///file.php
You can however, instruct Apache to treat .html files as PHP through .htaccess if that is your preference.
AddType application/x-httpd-php .html
If you only plan on including the PHP on one page, it is better to setup this way:
<Files yourpage.html>
AddType application/x-httpd-php .html
</Files>
If you are running PHP as CGI
AddHandler application/x-httpd-php .html
If on GoDaddy
Options +ExecCGI
AddType application/x-httpd-php .php .html
AddHandler x-httpd-php5 .php .html
I want to upload a PHP file to a server under a PNG extension, while still being able to view it in my browser as a PHP file. How can I do that? Thanks.
Use the following in your .htaccess file in the directories where your files are:
<FilesMatch "\.png$">
SetHandler application/x-httpd-php
</FilesMAtch>
http://httpd.apache.org/docs/2.2/mod/mod_mime.html
http://bytes.com/topic/php/answers/745293-force-apache-parse-html-files-php
Note that ALL files with .png will be handled by PHP with this.
You can add AddType application/x-httpd-php .png to an .htaccess file (assuming your host allows you to use .htaccess files), and Apache will send those file off to be parsed by PHP.
Why not use URL Rewriting for this?
You cannot. PHP is server-side code and is not rendered in the browser.
I'd like to accept other type of files that contains PHP code. For example, it would be nice to read an .aspx file by PHP as if it were .php.
Add this to your .htaccess file in Apache to make html parse as PHP:
AddType application/x-httpd-php .html
You can extrapolate what you need to do from there. :-)
Use this htaccess rule:
AddType application/x-httpd-php .php .aspx
Yes, this is done in your Apache configuration. You tell apache what kind of files you want it to send to the PHP engine. You can do this configuration the same way you do other apache configuration - in the main config file, per site, or in .htaccess files.
Let's say i have an image uploader script, i want to prevent the upload directory from executing Php or even html by only showing it as plain text, i've seen this trick in many websites but i don't know how they do it.
Briefly, if i upload evil.php to that directory, and i try to access it i will only see a plain text source , No html or php is executed. ( but i still want the images to appear normally ofcourse)
I know i can do like that by header("content-type:text/plain"); but that's will not be helpful, because what i want, is to set the content-type:text/plain automatically by the server for every thing outputed from the upload directory except images.
Note: i'm running php 5.3.2/Cent OS and the latest cPanel.
Thanks
At the very least, you'll want to put the following in your .htaccess file for the upload directory:
Options -Indexes
Options -ExecCGI
AddHandler cgi-script .php .php3 .php4 .phtml .pl .py .jsp .asp .htm .shtml .sh .cgi
The problem with an .htaccess file is if your upload does not block the upload, your .htaccess can be overwritten. An alternative solution is using an Apache directive (if you are using Apache) shown here, Disable PHP in directory (including all sub-directories) with .htaccess
Put a .htaccess in the upload directory.
AddType 'text/plain' .php .html
or
ForceType 'text/plain'
#...
Do a Google search for "disable script execution for directory" to turn up a number of options. This one is my favorite:
AddType text/plain .html .htm .shtml .php .php3 .phtml .phtm .pl .py .cgi .js
The only downside is that you have to explicitly name the extensions not to run, but it may be possible (just a hunch) to use some sort of wild card so that all file extensions are considered plain text, and then manually add the Mime Type for your standard image extensions.
Since you're talking about an image uploader, you don't want to display images as plain/text. How would you separate images from malicious files? During that task, just block saving the particular file.