php-general Digest 16 Sep 2005 07:33:37 -0000 Issue 3685
Topics (messages 222481 through 222503):
basic validation wuestion for username/emails...
222481 by: bruce
222491 by: Manuel Lemos
Re: Output of html without using functions?
222482 by: Gustav Wiberg
html forms in php
222483 by: Philippe Reynolds
222486 by: Jay Blanchard
222487 by: bruce
222489 by: Murray . PlanetThoughtful
222490 by: Alan Fullmer
222492 by: D A GERM
Re: trying to figure out the best/efficient way to tell who is logged into a
site..
222484 by: Gustav Wiberg
Re: Webservices and PHP?
222485 by: Gustav Wiberg
Re: Problems with strings being handled like numbers
222488 by: J B
Re: Quick Poll: PHP 4 / 5
222493 by: Pooly
222494 by: Robert Cummings
222496 by: Oliver Grätz
adding string...
222495 by: Gustav Wiberg
222497 by: Oliver Grätz
222498 by: Gustav Wiberg
curl support for php 5.0.5
222499 by: Ey-Chih Chow
222500 by: Ey-Chih Chow
222501 by: Ey-Chih Chow
Re: PHP combined with JAVA
222502 by: Oliver Grätz
Re: passing values from dynamic form to another php page?
222503 by: hope
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
hi..
rather than recreate the wheel.. i'm looking for samples of
good/solid/comprehensive validation functions for user/form inputs.
specifically, i'm looking for ways to validate/verify that the user has
entered valid username/email. as i go forth, i'll be looking for
address/zip/phone/etc... as well.
doe you guys have any solid functions that you've created, or any particular
libraries that you use (open source) that handle form input validation
issues??
i've seen various sites/srticles on google, but i figured i'd ask here as
well.
thanks
bruce
[EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
Hello,
on 09/15/2005 03:11 PM bruce said the following:
rather than recreate the wheel.. i'm looking for samples of
good/solid/comprehensive validation functions for user/form inputs.
specifically, i'm looking for ways to validate/verify that the user has
entered valid username/email. as i go forth, i'll be looking for
address/zip/phone/etc... as well.
doe you guys have any solid functions that you've created, or any particular
libraries that you use (open source) that handle form input validation
issues??
You may want to take a look at this popular Open Source class for forms
generation and validation that does what you are asking:
http://www.phpclasses.org/formsgeneration
--
Regards,
Manuel Lemos
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
PHP Reviews - Reviews of PHP books and other products
http://www.phpclasses.org/reviews/
Metastorage - Data object relational mapping layer generator
http://www.meta-language.net/metastorage.html
--- End Message ---
--- Begin Message ---
Hi there!
With that codeline I get... (I have B-one as webhost)
Warning: file_get_contents(): URL file-access is disabled in the server
configuration in /customers/varupiraten.se/varupiraten.se/httpd.www/test.php
on line 2
Warning: file_get_contents(http://php.net): failed to open stream: no
suitable wrapper could be found in
/customers/varupiraten.se/varupiraten.se/httpd.www/test.php on line 2
/G
http://www.varupiraten.se/
----- Original Message -----
From: "Richard Lynch" <[EMAIL PROTECTED]>
To: "Gustav Wiberg" <[EMAIL PROTECTED]>
Sent: Thursday, September 15, 2005 12:59 AM
Subject: Re: [PHP] Output of html without using functions?
<?php
echo htmlentities(file_get_contents('http://php.net'));
?>
On Wed, September 14, 2005 3:31 am, Gustav Wiberg wrote:
Hi there!
Ok.. Thanx!
Yes, I must be able to get info from his site, BUT i can't install
anything
(Not Curl either) on the server because the server belongs to
b-one.net and
not me.
Is it impossible then?
/G
http://www.varupiraten.se/
----- Original Message -----
From: "George Pitcher" <[EMAIL PROTECTED]>
To: "Gustav Wiberg" <[EMAIL PROTECTED]>
Sent: Wednesday, September 14, 2005 10:08 AM
Subject: RE: [PHP] Output of html without using functions?
Gustav,
If I write a function in PHP.
Main question:
Would the partner be able to get the value from a function written
in PHP
across the Internet?
Two issues here.
1. Do you need to be able to get data from his site? If so you need
to
look
at curl functions - not used them myself.
2. Does he need to get info from your site? That's his problem - not
yours.
If you both decide that you won't converge to a single strategy then
you
will both have to build code to extract results from the other site.
It
wouldn't matter what the 'other' site was written in as long as it
was
generating the result in html (or soap, or xml etc).
Hope this helps the thinking.
George
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Like Music?
http://l-i-e.com/artists.htm
--- End Message ---
--- Begin Message ---
Good day all,
I have a problem for you all..
I have a form that has has the ability to delete a lot of information from
my MySQL database.
I would like to create a bit of security, in case the user hits the button
by accident.
I would like to create an additionnal window that would appear that would
ask:
"Are you sure?" and then a "yes" and "no" buttons to confirm the deletion or
to cancel the command.
Any thougts??
Thanks for the assistance
Phil
--- End Message ---
--- Begin Message ---
[snip]
"Are you sure?" and then a "yes" and "no" buttons to confirm the deletion or
to cancel the command.
Any thougts??
[/snip]
You can use JavaScript for this.
--- End Message ---
--- Begin Message ---
philippe,
you can accomplish this by using a piece of javascript that fires off an
alert, asking the user 'yes/no'. if the user selected yes, the app would do
a submit to the page that would then take care of the mysql/db
interaction...
search on google for 'php onsubmit alert' etc...
-bruce
-----Original Message-----
From: Philippe Reynolds [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 15, 2005 11:14 AM
To: [email protected]
Subject: [PHP] html forms in php
Good day all,
I have a problem for you all..
I have a form that has has the ability to delete a lot of information from
my MySQL database.
I would like to create a bit of security, in case the user hits the button
by accident.
I would like to create an additionnal window that would appear that would
ask:
"Are you sure?" and then a "yes" and "no" buttons to confirm the deletion or
to cancel the command.
Any thougts??
Thanks for the assistance
Phil
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
> Good day all,
>
> I have a problem for you all..
> I have a form that has has the ability to delete a lot of information from
> my MySQL database.
>
> I would like to create a bit of security, in case the user hits the button
> by accident.
> I would like to create an additionnal window that would appear that would
> ask:
> "Are you sure?" and then a "yes" and "no" buttons to confirm the deletion
> or
> to cancel the command.
>
> Any thougts??
Hi Phil,
You can achieve this in several ways. One would be to use a JavaScript
onClick event on the 'dangerous' button to pop up a dialog with your 'Are
you sure?' prompt and the yes/no buttons. If the user clicks on the 'no'
button, you use JavaScript to cancel the page submission. If they click on
the 'yes' button, the page submits. This approach would mean assuming that
your users have JavaScript enabled.
A second approach would be to have an intermediary page between the page
with the button, and the page that performs the actual delete. The
intermediary page would be little more than another form with the yes/no
buttons.
Much warmth,
Murray
---
"Lost in thought..."
http://www.planetthoughtful.org
--- End Message ---
--- Begin Message ---
This might help you.
<input type="submit" name="DELETE" onclick="return confirmDelete()">
<script>
function confirmDelete()
{
var agree=confirm("WARNING! This will blah blah delete etc yada yada
\n\rPress Cancel to go back, or OK to Continue.");
if (agree)
return true ;
else
return false ;
}
</script>
-----Original Message-----
From: Murray @ PlanetThoughtful [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 15, 2005 12:32 PM
To: 'Philippe Reynolds'; [email protected]
Subject: RE: [PHP] html forms in php
> Good day all,
>
> I have a problem for you all..
> I have a form that has has the ability to delete a lot of information from
> my MySQL database.
>
> I would like to create a bit of security, in case the user hits the button
> by accident.
> I would like to create an additionnal window that would appear that would
> ask:
> "Are you sure?" and then a "yes" and "no" buttons to confirm the deletion
> or
> to cancel the command.
>
> Any thougts??
Hi Phil,
You can achieve this in several ways. One would be to use a JavaScript
onClick event on the 'dangerous' button to pop up a dialog with your 'Are
you sure?' prompt and the yes/no buttons. If the user clicks on the 'no'
button, you use JavaScript to cancel the page submission. If they click on
the 'yes' button, the page submits. This approach would mean assuming that
your users have JavaScript enabled.
A second approach would be to have an intermediary page between the page
with the button, and the page that performs the actual delete. The
intermediary page would be little more than another form with the yes/no
buttons.
Much warmth,
Murray
---
"Lost in thought..."
http://www.planetthoughtful.org
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Here's some javascript I use for such instances:
[CODE]
if (myForm.hidWhich.value == "delete")
{
var verify = prompt("You are about to delete this entry \n" +
"------------------------------------ \n \n" +
"To delete this entry you must type this phrase in the prompt
and click OK: \n \n" +
"--> KILL ENTRY!");
if (verify == "KILL ENTRY!")
{
myForm.submit();
return(true);
}
else
{
alert("Error: Could not delete entry becuase you either canceled
out or entered the wrong phrase! \n " +
"Your entry WAS NOT deleted.");
return(false);
}
}
[/CODE]
The user must click a button to delete the entry. This button calls as
function onClick; within that function is the above code. It requires
the user to enter an exact phrase. If the exact phrase is not entered,
it is returned false and the form never submits. If the correct phrase
is entered, it sumbits the form and I remove the entry from Postgresql.
So far I have not had any users accidentally delete anything.
The only problem is IE does not like the prompt() function -works
perfect in FireFox. In IE it doesn't display the text in the prompt
window, but if the correct phrase is entered it still works
Philippe Reynolds wrote:
Good day all,
I have a problem for you all..
I have a form that has has the ability to delete a lot of information
from my MySQL database.
I would like to create a bit of security, in case the user hits the
button by accident.
I would like to create an additionnal window that would appear that
would ask:
"Are you sure?" and then a "yes" and "no" buttons to confirm the
deletion or to cancel the command.
Any thougts??
Thanks for the assistance
Phil
--
D. Aaron Germ
Scarborough Library, Shepherd University
(304) 876-5423
"Well then what am I supposed to do with all my creative ideas- take a bath and wash
myself with them? 'Cause that is what soap is for" (Peter, Family Guy)
--- End Message ---
--- Begin Message ---
----- Original Message -----
From: "Ben" <[EMAIL PROTECTED]>
Newsgroups: php.general
To: "Gustav Wiberg" <[EMAIL PROTECTED]>
Sent: Wednesday, September 14, 2005 7:35 PM
Subject: Re: [PHP] trying to figure out the best/efficient way to tell who
is logged into a site..
Gustav Wiberg wrote:
All you guys, please comment if the code is well or bad written and
why... :-)
Since you asked, a few things popped out from a security perspective,
though I didn't read through your code very thoroughly....
<?php
function chkIfPasswordTrue($un, $pw, $typeUser) {
//Make username and password in-casesensitive
//
$un = strtolower($un);
$pw = strtolower($pw);
Why limit your usernames/passwords to lower case? You've just made them
significantly easier to brute force.
That's a good point. The reason is that our targetgroup users is users with
a little knowledge of computers and therefore it might be easy to miss that
caps-lock is pushed in, and out... and the combination of small and big
letters... But you're right... Probably I'll change this. Thanx!
$sql = $sql . "SELECT IDAnvandare FROM tbanvandare WHERE";
$sql = $sql . " Anvandarnamn=" . safeQuote($un) . " AND";
$sql = $sql . " Losenord=" . safeQuote($pw) . " AND";
Where is your safeQuote() function coming from? From what I can see of
your code you aren't doing any testing against the username and password
before they are used as part of your SQL query. Sure would suck to have
an unauthenticated user drop or otherwise muck with your db!
Hm. The safeQuote() function is always called before these functions are
called and is
<?php
function safeQuote($value)
{
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote if not integer
if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}
?>
if (isset($_REQUEST["frmUsername"])) {
$un = $_REQUEST["frmUsername"];
If you're going to use $_REQUEST you might as well just turn on register
globals (no, don't!).
*hehe*
If you're expecting a post look for a $_POST, if you're expecting a get
look for a $_GET. Ditto with cookies. You really need to know where your
variables are coming from if you want a measure of security.
Yes, you're right. I wrote this code before I came in contact with $_POST
and $_GET. Thanx again! It's appreciated! :-)
/G
http://www.varupiraten.se/
--- End Message ---
--- Begin Message ---
Hi there!
Thanx!
/G
----- Original Message -----
From: "Clive Zagno" <[EMAIL PROTECTED]>
To: "Gustav Wiberg" <[EMAIL PROTECTED]>
Sent: Wednesday, September 14, 2005 1:59 PM
Subject: Re: [PHP] Webservices and PHP?
I presume by web service you mean SOAP and WSDL etc
Have a look at something called nusoap, its a wrapper class, very easy
to use.
clive
Gustav Wiberg wrote:
Hi there!
I want to learn about creating webservices with PHP? (Is it possible
with PHP 4.3.11?)
and calling webservices against ASP.Net.
Anyone has suggestion where I should start looking?
/G
http://www.varupiraten.se/
--- End Message ---
--- Begin Message ---
On 9/14/05, Richard Lynch <[EMAIL PROTECTED]> wrote:
> mssql_* and PHP "know" that the data is supposed to be "integer"
>
> But the largest integer that PHP can store is 0xFFFFFFFF.
>
> So when PHP tries to accept the "integer" from mssql_fetch_row, it's
> got no room to store it as integer, and HAS to convert it to float.
Ah, OK. I was beginning to suspect it might be that; thanks for confirming.
If you JUST want to display it, and not manipulate it in PHP, you can
> ignore that bit about BC_MATH and the other extension.
Yes, these serial numbers have no mathematical significance. In fact, I'm
not even sure why they're stored as numbers in the database at all...maybe
for performance reasons, my database design knowledge is still pretty
minimal so I can't comment on that (I didn't create the database).
You'll need to use the typecast to char in MSSQL no matter what, cuz
> ain't no way PHP is gonna store an integer bigger than 0xFFFFFFFF as
> an integer.
>
OK...knowing that, doing the typecast in the SQL query doesn't seem
inelegant any more. Thanks for the info!
--- End Message ---
--- Begin Message ---
2005/9/13, Ryan A <[EMAIL PROTECTED]>:
> Hi,
> I work for a company that makes websites and does custom programming for
> private indviduals and
> companies, I also freelance (like many on this list)
>
> I'm a bit curious, so far I have had no need to upgrade my skills or use the
> slightly different format /
> functions of PHP 5.x.....infact I have not seen all that many hosts actually
> having support for it, so I
> thought of this little poll :-)
>
> Simply cross all the boxes that applies and reply to the list (along with
> your name on top)
> eg:
> [x] blah blah
>
>
> [] I am still working on PHP 4
> [] I never work with PHP 4 anymore, all my work is with PHP 5
> [] Oops, call me old fashioned but i am still with 3!
>
> [] I have no problems finding a host with PHP 5 support
> [] I can handle PHP 5, but I only work with PHP 4
> [] Nah, will wait till PHP 6 is out, theres not much diff between 4 and 5
> [] PHP 5 sounds / looks too hard to learn
>
[x] I use a layer above PHP which is independant of whether it's PHP4
or PHP 5, which is running.... Migration from 4.x to 5.0.3 was as
simple as changing a DNS record :-)
http://templeet.org/
--
Pooly
Webzine Rock : http://www.w-fenec.org/
--- End Message ---
--- Begin Message ---
On Thu, 2005-09-15 at 16:25, Pooly wrote:
> 2005/9/13, Ryan A <[EMAIL PROTECTED]>:
> > Hi,
> > I work for a company that makes websites and does custom programming for
> > private indviduals and
> > companies, I also freelance (like many on this list)
> >
> > I'm a bit curious, so far I have had no need to upgrade my skills or use the
> > slightly different format /
> > functions of PHP 5.x.....infact I have not seen all that many hosts actually
> > having support for it, so I
> > thought of this little poll :-)
> >
> > Simply cross all the boxes that applies and reply to the list (along with
> > your name on top)
> > eg:
> > [x] blah blah
> >
> >
> > [] I am still working on PHP 4
> > [] I never work with PHP 4 anymore, all my work is with PHP 5
> > [] Oops, call me old fashioned but i am still with 3!
> >
> > [] I have no problems finding a host with PHP 5 support
> > [] I can handle PHP 5, but I only work with PHP 4
> > [] Nah, will wait till PHP 6 is out, theres not much diff between 4 and 5
> > [] PHP 5 sounds / looks too hard to learn
> >
>
> [x] I use a layer above PHP which is independant of whether it's PHP4
> or PHP 5, which is running.... Migration from 4.x to 5.0.3 was as
> simple as changing a DNS record :-)
> http://templeet.org/
A layer above suggests you never touch PHP syntax. I doubt that's a true
claim. Otherwise you're just as prone to the difference between PHP4 and
PHP5 as soon as you start writing PHP syntax.
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
--- End Message ---
--- Begin Message ---
Pooly schrieb:
> [x] I use a layer above PHP which is independant of whether it's PHP4
> or PHP 5, which is running.... Migration from 4.x to 5.0.3 was as
> simple as changing a DNS record :-)
> http://templeet.org/
A layer above PHP would mean this thing generates code specific to the
underlying PHP version or features PHP-version-based code switching. I
doubt that. It surely is a PHP application in itself and therefore
subject to problems depending on the PHP version used underneath.
AllOLLi
____________
Hostage: "You son of a bitch."
Soong: "Actually mother was a chemist."
[Enterprise 405]
--- End Message ---
--- Begin Message ---
Hi guys!
Is there any difference in performance in these two ways?
$sql = $sql .
OR
$sql .=
/G
http://www.varupiraten.se/
--- End Message ---
--- Begin Message ---
Gustav Wiberg schrieb:
> Hi guys!
>
> Is there any difference in performance in these two ways?
>
>
> $sql = $sql .
>
> OR
>
> $sql .=
No difference. Even if there was any difference it would be totally
negligible.
AllOLLi
____________
Byers: "What proof do you have?"
Bond: "I got this!"
Byers: "You're on the phone, Jimmy!"
[Lone Gunmen 09]
--- End Message ---
--- Begin Message ---
----- Original Message -----
From: "Oliver Grätz" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Friday, September 16, 2005 1:34 AM
Subject: [PHP] Re: adding string...
Gustav Wiberg schrieb:
Hi guys!
Is there any difference in performance in these two ways?
$sql = $sql .
OR
$sql .=
No difference. Even if there was any difference it would be totally
negligible.
AllOLLi
____________
Byers: "What proof do you have?"
Bond: "I got this!"
Byers: "You're on the phone, Jimmy!"
[Lone Gunmen 09]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Ok, thanx!
/G
--- End Message ---
--- Begin Message ---
I want to use curl support for php5.0.5 and iis. I installed the downloaded
php binary and tried to configure the it to use curl by modifying php.ini.
But it always came with a message not able to find curl_init(). Is there
anybody out there knowing if we can configure the downloaded php 5.0.5 to
get the curl support and how?
I also tried to compile PHP source using --with-curl, but this always
failed. Can anybody provide a complete procedure to do this? Thank.
E. Chow
--- End Message ---
--- Begin Message ---
I want to use curl support for php5.0.5 and iis. I installed the downloaded
php binary and tried to configure the it to use curl by modifying php.ini.
But it always came with a message not able to find curl_init(). Is there
anybody out there knowing if we can configure the downloaded php 5.0.5 to
get the curl support and how?
I also tried to compile PHP source using --with-curl, but this always
failed. Can anybody provide a complete procedure to do this? Thank.
E. Chow
--- End Message ---
--- Begin Message ---
I want to use curl support for php5.0.5 and iis. I installed the downloaded
php binary and tried to configure the it to use curl by modifying php.ini.
But it always came with a message not able to find curl_init(). Is there
anybody out there knowing if we can configure the downloaded php 5.0.5 to
get the curl support and how?
I also tried to compile PHP source using --with-curl, but this always
failed. Can anybody provide a complete procedure to do this? Thank.
E. Chow
--- End Message ---
--- Begin Message ---
If I read this correctly then your question is in no way JAVA-specific.
You want to instantiate an object (which you suppose to be of large size
and slow in instantiation) and save this object in the session during
page requests.
First of all, any data put in the session array will be serialized
(read: converted into a string containing all the data in this object).
This in itself is slow for large objects. A performance gain for large
objects through using a session isn't likely.
The second problem with this - and this is the point where JAVA kicks in
- not all data in objects is serializable. The Java-API of PHP is just
some kind of adapter to the Java system. If you serialize an adapter
object then your adapter is saved but not the Java object it uses
(because PHP has no control over it). Think of the Java API as some kind
of socket connection where you only see the stuff on your side (the
client side) and the JAVA object on the "server" side is not under your
control but just used.
What happens is: you save you adapter object and the script terminates.
The JAVA VM notices that an object is no longer referenced and it is
thrown away by the garbage collection.
What could you do? Well, you could use it the other way round (Servlet
uses PHP), because then you control the JAVA side. Or you still do it
the way you do it now but write some clever JAVA code that keeps running
and retains your objects. You give those objects a name known to both
the PHP and JAVA side and this name can be serialized. You can then
re-reference any object on the next page request by its name.
AllOLLi
____________
Jayne spits a large glob of saliva on his blade,
wipes it on his shirt, shining it.
"Could you NOT do that while we're.... ever!"
[Simon on firefly 09]
--- End Message ---
--- Begin Message ---
Quite rite.
Well i have used this on my next page:
global $HTTP_POST_VARS;
$num_fields=count($HTTP_POST_VARS);
while(list($key, $value) = each($HTTP_POST_VARS))
{
echo "$key = $value<br>";
/////////////or whatever coding i want to do//////////
}
regards
hope
Jay Blanchard wrote:
[snip]
<form name="sqlform" action="table1_process2.php" method="post"
enctype="multipart/form-data" >
////////////////////////////////////////////////////////////////////////////
//
now i want to access the values from input fields on next page?
can somebody give me idea how to pass all form field values to next page
in this context??
[/snip]
Look in the $_POST array (which matches the form method) on the next page.
For example;
<?php
print_r($_POST);
?>
--- End Message ---
