php-general Digest 28 Aug 2005 13:50:13 -0000 Issue 3650

Sun, 28 Aug 2005 06:52:17 -0700 

php-general Digest 28 Aug 2005 13:50:13 -0000 Issue 3650

Topics (messages 221476 through 221484):

Re: Image Rendering/Generation Options
        221476 by: Chris
        221477 by: Jasper Bryant-Greene

Re: Need advice or code
        221478 by: Death Gauge
        221479 by: Robbert van Andel

Re: & and mySQL
        221480 by: Richard Lynch

Re: [suspicious - maybe spam] [PHP] [suspicious - maybe spam] Need advice or 
code
        221481 by: Richard Lynch

just a php/mysql logic question
        221482 by: Dave Carrera
        221483 by: Jasper Bryant-Greene

Re: Newbie: Safe function call to a .inc file outside the web folder
        221484 by: Chris Shiflett

Administrivia:

To subscribe to the digest, e-mail:
        [EMAIL PROTECTED]

To unsubscribe from the digest, e-mail:
        [EMAIL PROTECTED]

To post to the list, e-mail:
        php-general@lists.php.net


----------------------------------------------------------------------
--- Begin Message --- Well, you can't output HTML *and* an image in the same request. What you can do is generate HTML in one script, put image tags in the HTML that references a another script, which actually outputs the image. 

So something like:

<img src="/myimage.php?id=4" width="10" height="30" />
Then in myimage.php you would output the correct headers (such as "Content-Type: image/gif" for example) and output the raw binary data that makes up the image.
You can probably glean a lot of useful information from the GD portion of the manual: 

http://www.php.net/gd

Chris

Dan Trainor wrote:


Hello, all -
I've seen a few times, albeit I don't know how, people generate images on a page in different ways, such as maybe using base64 to output the raw image data into a page? Is this correct? 

If so, what does it "look" like?  How would one go about doing this?
If not, what are my options to achieve something like this? What are my alternatives? What kind of performance impact, if any, does this make on both the load on the server and the rendering time for a given image to the client? Last but certainly not least, is this a dumb idea?
What I'm looking to do is to deliver dynamic content to the browser, without writing images to disk. I simply want what would be written to disk, be displayed in a specific area I'm talking about.
I'm sorry if this is a dumb question. Once I get a few more clues here, I'll be able to figure the rest of this out pretty well, I'm quite sure. 

As always, thanks for the time
-dant

--- End Message ---
--- Begin Message --- 
Dan Trainor wrote:
I've seen a few times, albeit I don't know how, people generate images on a page in different ways, such as maybe using base64 to output the raw image data into a page? Is this correct? 

If so, what does it "look" like?  How would one go about doing this?
If not, what are my options to achieve something like this? What are my alternatives? What kind of performance impact, if any, does this make on both the load on the server and the rendering time for a given image to the client? Last but certainly not least, is this a dumb idea?
What I'm looking to do is to deliver dynamic content to the browser, without writing images to disk. I simply want what would be written to disk, be displayed in a specific area I'm talking about.
I'm sorry if this is a dumb question. Once I get a few more clues here, I'll be able to figure the rest of this out pretty well, I'm quite sure.
To output it directly on the page (with base64 or otherwise), you need to make use of the data: URI scheme [1]. This is, unfortunately, not supported by (you guessed it) MSIE, although I believe Gecko-based browsers have support. Not sure about Opera. 

However, the usual way to go about this is to do something like:

<img src="/some_script.php?some_var=some_value" alt="some alt text">

in the HTML, and then in some_script.php put the following code:

header('Content-Type: image/jpeg'); //or whatever image type

and use GD functions [2] to create and output the image.

HTH

Jasper

[1] http://www.faqs.org/rfcs/rfc2396.html
[2] http://www.php.net/gd

--
Jasper Bryant-Greene
Freelance web developer
http://jasper.bryant-greene.name/

If you find my advice useful, please consider donating to a poor
student! You can choose whatever amount you think my advice was
worth to you. http://tinyurl.com/7oa5s

--- End Message ---
--- Begin Message --- I would do that but my preferences don't include XML. Right now I code in just PHP/MySQL/Javascript/Java/C++/ASM and that is it(of course C++ and ASM don't count as web languages heh). 
--Death Gauge
"How do you gauge your death?!"
Maybe try a bit of XmlHTTPRequest and some Javascript. When the first item is selected (and maybe a submit button is pressed) it goes to the XmlHTTPRequest script, gets the data from a php script and echos the output. I'm only a beginner on XmlHTTPRequest, so I can't help you code-wise. Sorry. 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
--- End Message ---
--- Begin Message --- 
You don't need to use XML with XmlHTTPRequest.  The returned data can be a
simple text string.

XmlHTTPRequest is the best javascript technology to come out.  It's done
wonders for the interactivity of my websites.  It's well worth the time to
learn.

-----Original Message-----
From: Death Gauge [mailto:[EMAIL PROTECTED] 
Sent: Saturday, August 27, 2005 8:17 PM
To: php-general@lists.php.net
Subject: RE: [PHP]Re: Need advice or code

I would do that but my preferences don't include XML. Right now I code in 
just PHP/MySQL/Javascript/Java/C++/ASM and that is it(of course C++ and ASM 
don't count as web languages heh).
--Death Gauge
"How do you gauge your death?!"

Maybe try a bit of XmlHTTPRequest and some Javascript. When the first item 
is selected (and maybe a submit button is pressed) it goes to the 
XmlHTTPRequest script, gets the data from a php script and echos the output.

I'm only a beginner on XmlHTTPRequest, so I can't help you code-wise. Sorry.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how to 
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--- End Message ---
--- Begin Message --- 
On Sat, August 27, 2005 2:43 pm, mastershay wrote:
> Hi, I am trying to search mySQL for URLs that include &amp; in them. I
> start
> with a standard URL that uses &, use str_replace to put in &amp;, and
> then
> do a mySQL query. However, nothing is found when I run the search
> through
> PHP. When I do the search directly through phpMyadmin, it works fine.
> Anyone
> know what the problem is?

The problem is you haven't shown us the code you are using, nor the
query you think you are using, much less the query you are actually
using...
:-v

Might as well call up a garage and say "My car won't start; Do you
know what the problem is?"

-- 
Like Music?
http://l-i-e.com/artists.htm

--- End Message ---
--- Begin Message --- 
On Fri, August 26, 2005 11:43 pm, Death Gauge wrote:
> I've made a site with 5 sites in it and has about 6 MySQL/PHP News
> databases. A while back I tried to use drop-down combo boxes to make a
> single page that linked all 6 news scripts so I could pick one from
> the
> drop-down enter the news and hit submit to add it to the site. The
> down side
> is that it didn't work and deactivated the submit button. Is there a
> way to
> make a drop-down combo box so that when I pick the item name it loads
> the
> said page under the combo box and then lets you submit and pick
> another one
> if you need to post to another database. I have 6 scripts that post to
> each
> database. Any help, code, or advice would be greatly appreciated.

First off, it SOUNDS like you want to post the same news item to more
than one site, sometimes.

So why not have six CHECKBOXes, so that you can submit the form ONCE
and be done with it?

Secondly, we really can't guess why your drop-down combo box that did
whatever it did disabled your submit button...  Though odds are really
really really good that your mistake is in JAVASCRIPT, not PHP, since
by the time you choose something from a drop-down in a web-page, PHP
is *long* gone from the picture.

Unless you actually ARE using that XmlHttpRequest stuff...

Personally, I would AVOID using JavaScript for anything that was
crucial to site operation.  It's just STILL too flaky on too many
browsers.

God forbid the browser makers should fix their daft designs/bugs
rather than roll out new features nobody can rely on release after
release. :-v

-- 
Like Music?
http://l-i-e.com/artists.htm

--- End Message ---
--- Begin Message --- 
Hi All,
Just sitting here thing about a php app i am making and an issue i have been aware of but never looked into has made itself apparent to me.
Its to do with my php app and transacting with the mysql table of which my records are kept. 

note: sorry if this goes or is of topic.

I have a table which holds a number of items in stock.
If multiple users hit the php app at the same time how do i ensure that the correct amount of stock is taken from stock so that a users does not accidentally sell from stock which has already been sold.
I have googled but to be honest i dont think i know the correct terminology to use for this kind of issue so hence the post here to the clever people of this great list. 

I thank you in advance for any assistance you may give.

Dave C

--- End Message ---
--- Begin Message --- 
Dave Carrera wrote:
If multiple users hit the php app at the same time how do i ensure that the correct amount of stock is taken from stock so that a users does not accidentally sell from stock which has already been sold.
Even though multiple users may hit the PHP app "at the same time" (even though single processor machines can only actually do one thing at a time anyway), they can't all access the tables at the same time.
MySQL does something called table locking, which means that if you're updating a table then other clients SELECT statements for the same rows will wait until the table has finished being updated (usually not many milliseconds...) 

This means that if you have something like:

UPDATE stock_table SET stock_count=stock_count-1 WHERE id=935882

and someone else hits it at the same timeand asks:

SELECT stock_count FROM stock_table WHERE id=935882
MySQL won't answer until the UPDATE statement has finished. You likely wouldn't even notice the delay though.
In short, don't worry about it unless you're doing more complex things where a bunch of statements need to be either all done at once, or not done at all. In that case you might like to look in to making your tables InnoDB and using the transaction features of MySQL. 

--
Jasper Bryant-Greene
Freelance web developer
http://jasper.bryant-greene.name/

If you find my advice useful, please consider donating to a poor
student! You can choose whatever amount you think my advice was
worth to you. http://tinyurl.com/7oa5s

--- End Message ---
--- Begin Message --- 
Edward Vermillion wrote:

I was under the the impression that the non-'HTTP_*' keys in the
$_SERVER array came from the server itself.
All of that data comes from the server, but it's difficult to determine which data can be influenced by information within the HTTP request. In other words, you get it from Apache, but it doesn't always originate there. 

I blogged about this a while ago:

http://shiflett.org/archive/98

Read the quiz at the very end, then read Geoff Young's comments.


I'm curoius how 'SERVER_NAME' could be manipulated by the client.


Zeev blogged about this:

http://ibm.com/developerworks/blogs/dw_blog_comments.jspa?blog=481&entry=75480

Another one that surprises a lot of people is $_SERVER['PHP_SELF']:

http://blog.phpdoc.info/archives/13-XSS-Woes.html


Is there anything in the $_SERVER array that *can* be considered safe?
Yes, but I've just adopted the habit of considering $_SERVER entirely tainted. It's too hard to safely distinguish between what's tainted and what's not, so I think it's best to play it safe and trust nothing.
If you read the above blog at IBM, you'll see that Rasmus disputes Zeev's claim, and Zeev has to explain further. Regardless of who is right (Zeev is, in this particular case), if one of the top PHP core developers gets it wrong, then what hope is there for me? If I consider all of $_SERVER to be tainted, I don't have to worry about making such a mistake. 

Hope that helps.

Chris

--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/

--- End Message ---

Reply via email to