php-general Digest 22 Feb 2009 04:09:26 -0000 Issue 5972
Topics (messages 288645 through 288656):
Re: mysql_real_escape_string("asdasddas") ??? wtf
288645 by: Per Jessen
288646 by: Robert Cummings
288655 by: Tim | iHostNZ
288656 by: 9el
Re: Unique User Hashes
288647 by: Per Jessen
288648 by: tedd
288649 by: Per Jessen
redirecting output for a spawned child process..
288650 by: bruce
288651 by: Per Jessen
adding whitespace to a timestamp
288652 by: Eric Sherman
288653 by: Shawn McKenzie
288654 by: Jason Pruim
Administrivia:
To subscribe to the digest, e-mail:
[email protected]
To unsubscribe from the digest, e-mail:
[email protected]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
Ross McKay wrote:
> It doesn't use the db - at least, it doesn't make a call to the db. It
> probably wants a db resource handle so that it can know what character
> set it is meant to be handling, which is established as a property on
> the connection.
Yep, that's exactly why.
If the current character set is unimportant, you can use
mysql_escape_string() instead. (yes, I know it's deprecated).
--
Per Jessen, Zürich (4.8°C)
--- End Message ---
--- Begin Message ---
On Sat, 2009-02-21 at 19:19 +1300, Tim | iHostNZ wrote:
> Hi everyone,
>
> Can anyone here tell me why mysql_real_escape_string("asdasddas") returns an
> empty string?
>
> Just writing a data import...
>
> Anyway, for security but also simply because i might have a ' in the string,
> i need to escape it. Apparently it is good practice to use
> mysql_real_escape_string() but it simply doesn't work at all on this
> machine. I thought it's a rather standard function.
>
> Is it maybe my Apache server setup? But i thought the function wouldn't
> exist then and throw an error in the php script, but it runs through fine.
>
> Please help, we need this data import by next week hence i'm working now...
>
> I can send you details of the server setup if required. Please let me know
> what as there are quite a few things... It's xampp on windows xp
> (testing/dev machine).
RTFM:
Note: A MySQL connection is required before using
mysql_real_escape_string() otherwise an error of level
E_WARNING is generated, and FALSE is returned. If
link_identifier isn't defined, the last MySQL connection
is used.
And turn your error reporting on or check your logs.
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--- End Message ---
--- Begin Message ---
OK, thanks. I think you guys are right. It's just safer and simpler than
writing my function and probably not really slower either. need a db
connection anyway. Read a bit on the function and yeah, a bit of screwed up
binary data might yet cause funny errors although the xml is a feed from a
trusted source.
You guys are great! Faster with answers than i can search. Almost feel
tempted not to search.... Nah i still search first. :-)
Tim-Hinnerk Heuer
http://www.ihostnz.com
Emo Philips - "I was the kid next door's imaginary friend."
2009/2/22 Robert Cummings <[email protected]>
> On Sat, 2009-02-21 at 19:19 +1300, Tim | iHostNZ wrote:
> > Hi everyone,
> >
> > Can anyone here tell me why mysql_real_escape_string("asdasddas") returns
> an
> > empty string?
> >
> > Just writing a data import...
> >
> > Anyway, for security but also simply because i might have a ' in the
> string,
> > i need to escape it. Apparently it is good practice to use
> > mysql_real_escape_string() but it simply doesn't work at all on this
> > machine. I thought it's a rather standard function.
> >
> > Is it maybe my Apache server setup? But i thought the function wouldn't
> > exist then and throw an error in the php script, but it runs through
> fine.
> >
> > Please help, we need this data import by next week hence i'm working
> now...
> >
> > I can send you details of the server setup if required. Please let me
> know
> > what as there are quite a few things... It's xampp on windows xp
> > (testing/dev machine).
>
> RTFM:
>
> Note: A MySQL connection is required before using
> mysql_real_escape_string() otherwise an error of level
> E_WARNING is generated, and FALSE is returned. If
> link_identifier isn't defined, the last MySQL connection
> is used.
>
> And turn your error reporting on or check your logs.
>
> Cheers,
> Rob.
> --
> http://www.interjinn.com
> Application and Templating Framework for PHP
>
>
--- End Message ---
--- Begin Message ---
-----------------------------------------------------------------------
Use FreeOpenSourceSoftwares, Stop piracy, Let the developers live. Get
a Free CD of Ubuntu mailed to your door without any cost. Visit :
www.ubuntu.com
----------------------------------------------------------------------
On Sun, Feb 22, 2009 at 5:35 AM, Tim | iHostNZ <[email protected]> wrote:
> OK, thanks. I think you guys are right. It's just safer and simpler than
> writing my function and probably not really slower either. need a db
> connection anyway. Read a bit on the function and yeah, a bit of screwed up
> binary data might yet cause funny errors although the xml is a feed from a
> trusted source.
Having concluded with this realization get to read about Security chapters
from Zend Certified Engineer Exam Guide Book from phpArchitect. Written by
Ben Ramsey and David Shafiq.
And you probably know about the term of 're-inventing the wheel'. :)
>
>
> You guys are great! Faster with answers than i can search. Almost feel
> tempted not to search.... Nah i still search first. :-)
>
> Tim-Hinnerk Heuer
>
> http://www.ihostnz.com
> Emo Philips - "I was the kid next door's imaginary friend."
>
> 2009/2/22 Robert Cummings <[email protected]>
>
> > On Sat, 2009-02-21 at 19:19 +1300, Tim | iHostNZ wrote:
> > > Hi everyone,
> > >
> > > Can anyone here tell me why mysql_real_escape_string("asdasddas")
> returns
> > an
> > > empty string?
> > >
> > > Just writing a data import...
> > >
> > > Anyway, for security but also simply because i might have a ' in the
> > string,
> > > i need to escape it. Apparently it is good practice to use
> > > mysql_real_escape_string() but it simply doesn't work at all on this
> > > machine. I thought it's a rather standard function.
> > >
> > > Is it maybe my Apache server setup? But i thought the function wouldn't
> > > exist then and throw an error in the php script, but it runs through
> > fine.
> > >
> > > Please help, we need this data import by next week hence i'm working
> > now...
> > >
> > > I can send you details of the server setup if required. Please let me
> > know
> > > what as there are quite a few things... It's xampp on windows xp
> > > (testing/dev machine).
> >
> > RTFM:
> >
> > Note: A MySQL connection is required before using
> > mysql_real_escape_string() otherwise an error of level
> > E_WARNING is generated, and FALSE is returned. If
> > link_identifier isn't defined, the last MySQL connection
> > is used.
> >
> > And turn your error reporting on or check your logs.
> >
> > Cheers,
> > Rob.
> > --
> > http://www.interjinn.com
> > Application and Templating Framework for PHP
> >
> >
>
--- End Message ---
--- Begin Message ---
Nathan Rixham wrote:
> it's all a bit pointless, the only way to ensure only one vote per
> person is to get take and test a dns sample from each user.
>
> anything else is going to be flawed
Not at all - you issue voting-rights based on user identity. Works very
well in many places. Here in Switzerland for instance.
/Per
--
Per Jessen, Zürich (3.9°C)
--- End Message ---
--- Begin Message ---
At 1:19 PM +0100 2/21/09, Per Jessen wrote:
Nathan Rixham wrote:
it's all a bit pointless, the only way to ensure only one vote per
person is to get take and test a dns sample from each user.
anything else is going to be flawed
Not at all - you issue voting-rights based on user identity. Works very
well in many places. Here in Switzerland for instance.
/Per
Certainly voting methodology can work provided you can accurately
identify the voter -- and therein lies the problem.
Fortunately/unfortunately, the server can only gather a limited
amount of information from a user's visit and certainly not enough to
accurately discern one user from another.
So some other method must be employed and all methods revolve around
some process where the user is required to identify themselves online
before casting their vote.
Now, the question is -- how do you do that? With Unions, Federal,
State, Local and other such organizations, they often have hard-copy
ID cards that the user have in their possession.
The organization wanting the gather the vote simply has to have an
online database with those ID numbers to approve and subsequently
permit voting. However, a problem still remains, which is "Is the
person casting the vote the person who is registered to that ID?" At
some point you have to conclude that the person submitting the
correct ID is the person voting.
If you don't have a hard-copy ID card for the people you are
accepting votes from, then you must rely on some other method of
uniquely identifying the person voting.
The method I suggested was simply to use the person's email address.
Each email address is indeed unique. HOWEVER, many people could use
the same email address and thus the method cannot guarantee the
identity of the person casting the vote. But like the ID card, at
some point you have to conclude that the person submitting the
correct email address is the person voting. Neither method is
perfect, but one vote is gathered per ID/email address.
Granted, my method does not prohibit someone from gathering numerous
email address and voting several times. But my method does provide a
better job than not requiting any identification from the voter at
all, as was suggested at the beginning of this thread by someone who
didn't understand the problem. It's one thing to be required to have
a real email address, it's another matter to just click and click
again. Even with using COOKIES, it's not a problem to click, clear
COOKIES, and click again.
So in Switzerland if each of you have a ID card, then the problem is
"solved" as descried above. However, if there is no ID card, then
other methods must be considered. But I just don't see any way of
uniquely identifying a user online without some sort of unique user
input -- do you?
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
tedd wrote:
[agree with all of the above]
> So in Switzerland if each of you have a ID card, then the problem is
> "solved" as descried above. However, if there is no ID card, then
> other methods must be considered.
It's not the ID-card as such (it's your ability to prove your own
identity), but your point is valid nonetheless.
> But I just don't see any way of uniquely identifying a user online
> without some sort of unique user input -- do you?
Nope.
--
Per Jessen, Zürich (6.0°C)
--- End Message ---
--- Begin Message ---
hi...
got a situation where i have a parent app that spawns children. trying to
figure out how to get the output of the spawned/forked children to be
written to an external file...
can't seem to find any examples of how to accomplish this... do i have to
insert something within the child php app itself to redirect the output
that's currently being sent to the term? i'd prefer to have the output
displayed, as well as redirected...
these are cli apps...
code chunks would be appreciated..
thanks
--- End Message ---
--- Begin Message ---
bruce wrote:
> hi...
>
> got a situation where i have a parent app that spawns children. trying
> to figure out how to get the output of the spawned/forked children to
> be written to an external file...
Normally I would use freopen() on stdout and stderr, but that's not
available in PHP :-(
> can't seem to find any examples of how to accomplish this... do i have
> to insert something within the child php app itself to redirect the
> output that's currently being sent to the term? i'd prefer to have the
> output displayed, as well as redirected...
You basically need to do something about the stdin, stdout and stderr
file descriptors that your child inherited from the parent at time of
fork(). I can't seem to find many PHP functions that deal with file
descriptors though.
--
Per Jessen, Zürich (2.6°C)
--- End Message ---
--- Begin Message ---
I hoping to add a space between the date and the time in this:
$thedate = date('M jS g:i A', $postTIME);
i.e, between* jS* and *g:i*
I've looked around but can't find anything.
Thanks
Eric Sherman
Multi Media Information
--
Copyediting the web, one page at a time.
--- End Message ---
--- Begin Message ---
Eric Sherman wrote:
> I hoping to add a space between the date and the time in this:
>
> $thedate = date('M jS g:i A', $postTIME);
>
> i.e, between* jS* and *g:i*
>
> I've looked around but can't find anything.
>
> Thanks
>
> Eric Sherman
> Multi Media Information
There is already a space there!
--
Thanks!
-Shawn
http://www.spidean.com
--- End Message ---
--- Begin Message ---
On Feb 21, 2009, at 1:28 PM, Eric Sherman wrote:
I hoping to add a space between the date and the time in this:
$thedate = date('M jS g:i A', $postTIME);
i.e, between* jS* and *g:i*
I've looked around but can't find anything.
Thanks
If what you want it to have something like this:
First part of date balh blha blha blha other type Second part of date
then you just pt in the variable twice and format it that way. Such as:
<?PHP
$date1 = date('M jS', $postTIME);
$date2 = date('g:i A', $posttime);
echo <<<HTML
{$date1} blah blah blah blhab lots of type all leading up to: {$date2}
HTML;
?>
or something along those lines..
--- End Message ---
