php-general Digest 13 Apr 2009 02:12:14 -0000 Issue 6064
Topics (messages 291384 through 291406):
$_GET verses $_POST
291384 by: Ron Piggott
291385 by: Phpster
291387 by: abdulazeez alugo
291388 by: 9el
291392 by: Ron Piggott
291398 by: Phpster
291399 by: Jason Pruim
291401 by: Michael A. Peters
291402 by: Micah Gersten
291405 by: Michael A. Peters
Generate XHTML (HTML compatible) Code using DOMDocument
291386 by: Raymond Irving
291389 by: Michael Shadle
291390 by: Raymond Irving
291391 by: Raymond Irving
New installation and can not more include files
291393 by: Michelle Konzack
291394 by: Michelle Konzack
what to use instead of foreach
291395 by: PJ
291403 by: Ashley Sheridan
Re: pear mdb2 and null
291396 by: Michael A. Peters
Re: extract varying data from array with different formatting
291397 by: Jim Lucas
291404 by: Ashley Sheridan
Suggestion on .htaccess
291400 by: 9el
What was the unix timestamp of last week, Monday 12:00 am?
291406 by: René Fournier
Administrivia:
To subscribe to the digest, e-mail:
[email protected]
To unsubscribe from the digest, e-mail:
[email protected]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
How do I know when to use $_GET verses $_POST?
Is there a pre defined variable that does both?
Ron
--- End Message ---
--- Begin Message ---
$_GET when the form uses get or parameters are passed via the
querystring
$_POST when the form method is post
$_REQUEST does both
Bastien
Sent from my iPod
On Apr 12, 2009, at 10:23, Ron Piggott <[email protected]>
wrote:
How do I know when to use $_GET verses $_POST?
Is there a pre defined variable that does both?
Ron
--- End Message ---
--- Begin Message ---
> From: [email protected]
> To: [email protected]
> Date: Sun, 12 Apr 2009 10:23:01 -0400
> Subject: [PHP] $_GET verses $_POST
>
> How do I know when to use $_GET verses $_POST?
>
> Is there a pre defined variable that does both?
>
> Ron
Hi Ron,
One thing you should know is that when you use $_GET, you'll be sending a
little information about the particular page to the browser and therefore it
would be displayed in the address bar so for example if you're using get on a
login page, you'll be showing user id and passwrod in the address bar. $_POST
does the exact opposite of $_GET in that aspect and it's ideal. $_REQUEST does
both.
Hope this helps.
Cheers.
Alugo Abdulazeez.
_________________________________________________________________
Drag n’ drop—Get easy photo sharing with Windows Live™ Photos.
http://www.microsoft.com/windows/windowslive/products/photos.aspx
--- End Message ---
--- Begin Message ---
> One thing you should know is that when you use $_GET, you'll be sending a
> little information about the particular page to the browser and therefore it
> would be displayed in the address bar so for example if you're using get on
> a login page, you'll be showing user id and passwrod in the address bar.
> $_POST does the exact opposite of $_GET in that aspect and it's ideal.
> $_REQUEST does both.
>
> Its also important to know that some critical information like multipart
meta data cant be sent via get. And GET method is not safe too.
Large chunks of data are sent via POST method.
$_REQUEST is not advised to use for security reasons.. there are senior and
experienced programmers here who will elaborate more onto this :)
--- End Message ---
--- Begin Message ---
Thanks. I got my script updated. Ron
On Sun, 2009-04-12 at 22:33 +0600, 9el wrote:
>
>
>
> One thing you should know is that when you use $_GET, you'll
> be sending a little information about the particular page to
> the browser and therefore it would be displayed in the address
> bar so for example if you're using get on a login page, you'll
> be showing user id and passwrod in the address bar. $_POST
> does the exact opposite of $_GET in that aspect and it's
> ideal. $_REQUEST does both.
>
>
> Its also important to know that some critical information like
> multipart meta data cant be sent via get. And GET method is not safe
> too.
> Large chunks of data are sent via POST method.
>
> $_REQUEST is not advised to use for security reasons.. there are
> senior and experienced programmers here who will elaborate more onto
> this :)
>
--- End Message ---
--- Begin Message ---
There are no real security issues with the $_REQUEST object. What
needs to be taken into consideration is that the order that the PHP
engine gathers data from the system ( GPCS ) and the potential issues
having cookies or session data named the same as the actual data you
are trying to access via the request array.
Bastien
Sent from my iPod
On Apr 12, 2009, at 13:48, Ron Piggott <[email protected]>
wrote:
Thanks. I got my script updated. Ron
On Sun, 2009-04-12 at 22:33 +0600, 9el wrote:
One thing you should know is that when you use $_GET, you'll
be sending a little information about the particular page to
the browser and therefore it would be displayed in the address
bar so for example if you're using get on a login page, you'll
be showing user id and passwrod in the address bar. $_POST
does the exact opposite of $_GET in that aspect and it's
ideal. $_REQUEST does both.
Its also important to know that some critical information like
multipart meta data cant be sent via get. And GET method is not safe
too.
Large chunks of data are sent via POST method.
$_REQUEST is not advised to use for security reasons.. there are
senior and experienced programmers here who will elaborate more onto
this :)
--- End Message ---
--- Begin Message ---
On Apr 12, 2009, at 1:48 PM, Ron Piggott wrote:
Thanks. I got my script updated. Ron
There are a few other thing's that I didn't see mentioned...
The best description of when to use what, is this.. Use POST when you
are submitting a form for storing info, using GET when you are
retrieving from the server...
GET can also be bookmarked and shared between computers without a
problem... So depending on what your app is for that might be a
consideration.
POST does not display anything in the browser, so as others have said
it's perfect for login's since that info will never be visible to the
user.
as far as REQUEST goes... I personally don't think it's any less
secure then POST or GET... As long as you do sanitization on the info
that is appropriate for your app, REQUEST is fine..
Some people prefer to use GET and POST though because then they know
where the info is coming from...
I think that's everything I wanted to add :)
Just stuff to think about.
--- End Message ---
--- Begin Message ---
Jason Pruim wrote:
On Apr 12, 2009, at 1:48 PM, Ron Piggott wrote:
Thanks. I got my script updated. Ron
There are a few other thing's that I didn't see mentioned...
The best description of when to use what, is this.. Use POST when you
are submitting a form for storing info, using GET when you are
retrieving from the server...
I always use post unless the situation makes post impractical.
Example - with search results, you may have more than one page of
results. The only practical way I have found to have the nice numbered
links to other pages of a search result sent via post is to use
JavaScript. Many users (myself included) are hesitant to enable
JavaScript on sites we do not trust, especially search engines, as
search engines often are vulnerable to xss (usually reflected but not
always).
With get in that scenario, you just create a hyperlink with the
variables, no need for javascript.
But for most scenarios, if I can do it with post I really prefer to,
especially since many of my forms have an ugly 32 character long post
token (for csrf protection).
It's too bad that browsers don't have an option that can be set by a
html parameter for hiding get values from display in the url bar, they
really are ugly to look at and the user shouldn't have to see them
unless they are cutting and pasting a link.
--- End Message ---
--- Begin Message ---
Ron Piggott wrote:
> How do I know when to use $_GET verses $_POST?
>
> Is there a pre defined variable that does both?
>
> Ron
>
One of the things usually left out of this discussion is the actual
intended use for each of these. I submit the following 2 reference links:
http://www.w3.org/TR/html401/interact/forms.html#h-17.13.1
http://www.w3.org/2001/tag/doc/whenToUseGet.html
--
Micah
--- End Message ---
--- Begin Message ---
Micah Gersten wrote:
Ron Piggott wrote:
How do I know when to use $_GET verses $_POST?
Is there a pre defined variable that does both?
Ron
One of the things usually left out of this discussion is the actual
intended use for each of these. I submit the following 2 reference links:
http://www.w3.org/TR/html401/interact/forms.html#h-17.13.1
http://www.w3.org/2001/tag/doc/whenToUseGet.html
Those are nice resources.
--- End Message ---
--- Begin Message ---
Hello,
After talking with Michael about how to generate XHTML code using the DOM I
came up with this little function that I'm thinking of using to generate XHTML
code that's HTML compatible:
function saveXHTML($dom) {
$html = $dom->saveXML(null,LIBXML_NOEMPTYTAG);
$html = str_replace(' ','',$html);
$html = preg_replace('/<\?xml[^>]*>\n/','',$html,1);
$html =
preg_replace('/<\!\[CDATA\[(.*)\]\]><\/script>/s','//<![CDATA[\1//]]></script>',$html);
$html =
preg_replace('/><\/(meta|link|base|basefont|param|img|br|hr|area|input)>/','
/>',$html);
return $html;
}
What do you think?
__
Raymond Irving
--- End Message ---
--- Begin Message ---
On Sun, Apr 12, 2009 at 8:07 AM, Raymond Irving <[email protected]> wrote:
>
> Hello,
>
> After talking with Michael about how to generate XHTML code using the DOM I
> came up with this little function that I'm thinking of using to generate
> XHTML code that's HTML compatible:
>
> function saveXHTML($dom) {
> $html = $dom->saveXML(null,LIBXML_NOEMPTYTAG);
> $html = str_replace('
> ','',$html);
> $html = preg_replace('/<\?xml[^>]*>\n/','',$html,1);
> $html =
> preg_replace('/<\!\[CDATA\[(.*)\]\]><\/script>/s','//<![CDATA[\1//]]></script>',$html);
> $html =
> preg_replace('/><\/(meta|link|base|basefont|param|img|br|hr|area|input)>/','
> />',$html);
> return $html;
> }
>
> What do you think?
If this will maintain utf-8 I might be able to use it :) which
according to the last thread, saveHTML munges utf-8 stuff due to
libxml...
Hopefully this week I can give it a go.
--- End Message ---
--- Begin Message ---
Hi Michael,
--- On Sun, 4/12/09, Michael Shadle <[email protected]> wrote:
> If this will maintain utf-8 I might be able to use it :)
> which
> according to the last thread, saveHTML munges utf-8 stuff
> due to
> libxml...
>
> Hopefully this week I can give it a go.
I think it should work just fine as saveXML produces utf-8 output.
PS. Feel free to drop me a line as I would like to hear about your experience
with utf-8 web pages.
Best regards,
__
Raymond Irving
--- End Message ---
--- Begin Message ---
It appears that the email system stripped out the "& #13;" from this line:
$html = str_replace(' ','',$html);
Best regards,
__
Raymond Irving
--- On Sun, 4/12/09, Raymond Irving <[email protected]> wrote:
> From: Raymond Irving <[email protected]>
> Subject: [PHP] Generate XHTML (HTML compatible) Code using DOMDocument
> To: "[email protected]" <[email protected]>
> Date: Sunday, April 12, 2009, 11:07 AM
>
> Hello,
>
> After talking with Michael about how to generate XHTML code
> using the DOM I came up with this little function that I'm
> thinking of using to generate XHTML code that's HTML
> compatible:
>
> function saveXHTML($dom) {
> $html =
> $dom->saveXML(null,LIBXML_NOEMPTYTAG);
> $html = str_replace('
','',$html);
> $html =
> preg_replace('/<\?xml[^>]*>\n/','',$html,1);
> $html =
> preg_replace('/<\!\[CDATA\[(.*)\]\]><\/script>/s','//<![CDATA[\1//]]></script>',$html);
> $html =
> preg_replace('/><\/(meta|link|base|basefont|param|img|br|hr|area|input)>/','
> />',$html);
> return $html;
> }
>
> What do you think?
>
>
> __
> Raymond Irving
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
Hello,
to test a new setup I have setup DynDNS.org and it works, but...
<http://vserver1.tamay-dogan.homelinuxnet/>
the copied config of my working website is failing here to include ANY
files... I do not find the difference between the configs.
Please can you tell me where I must looking for?
Note: My orig website was under Gentoo and now I am under Debian Lenny.
Thanks, Greetings and nice Day/Evening
Michelle Konzack
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
+49/177/9351947 50, rue de Soultz MSN LinuxMichi
+33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
signature.pgp
Description: Digital signature
--- End Message ---
--- Begin Message ---
Am 2009-04-12 20:05:31, schrieb Michelle Konzack:
> <http://vserver1.tamay-dogan.homelinuxnet/>
Oops... I mean <http://vserver1.tamay-dogan.homelinux.net/>
Thanks, Greetings and nice Day/Evening
Michelle Konzack
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
+49/177/9351947 50, rue de Soultz MSN LinuxMichi
+33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
signature.pgp
Description: Digital signature
--- End Message ---
--- Begin Message ---
foreach does not allow for different formatting for output...
What could be used as a workaround?
example:
echo $some_result, "<br>"; // will print all results in 1 column
echo $some_result, ","; // will print all results comma-separated in 1 row
But how do you get result1, result2 & result3 // with <br> at end ?
--
unheralded genius: "A clean desk is the sign of a dull mind. "
-------------------------------------------------------------
Phil Jourdan --- [email protected]
http://www.ptahhotep.com
http://www.chiccantine.com/andypantry.php
--- End Message ---
--- Begin Message ---
On Sun, 2009-04-12 at 13:56 -0500, PJ wrote:
> foreach does not allow for different formatting for output...
> What could be used as a workaround?
> example:
> echo $some_result, "<br>"; // will print all results in 1 column
> echo $some_result, ","; // will print all results comma-separated in 1 row
>
> But how do you get result1, result2 & result3 // with <br> at end ?
>
> --
> unheralded genius: "A clean desk is the sign of a dull mind. "
> -------------------------------------------------------------
> Phil Jourdan --- [email protected]
> http://www.ptahhotep.com
> http://www.chiccantine.com/andypantry.php
>
>
You need to explain a bit more of what you are trying to achieve. There
are no limits I know of with using foreach to output content.
Ash
www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
Phpster wrote:
On Apr 11, 2009, at 21:38, "Michael A. Peters" <[email protected]> wrote:
I've run into a small issue with mdb2.
I have a mysql database with a field set to longtext not null.
inserting "" into that field works just dandy when using the mysql_
functions.
However, when using mdb2 - it converts "" to NULL which is NOT what I
want to have happen, and the result is that the execute() fails
because the database table does not accept NULL for that field.
Why does mdb2 turn "" into NULL for a text type when MySQL knows there
is a difference? How do I suppress that?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Why not set a default in the field then, as am empty string and let the
db handle field properly? Having a Not Null with no default is bad db
design.
I need it to error when an attempt to create a record without setting
that field is attempted, but setting the field to an empty string is fine.
Attempting to insert data without defining that field indicates there is
not sufficient information to create a record. Setting that field to a
zero length string however indicates that there is enough information to
create a record. Assuming that no information is the same as an zero
length string is not OK.
Call it bad design if you want, by MySQL knows the difference between
NULL and an empty string, so should my database abstraction layer.
--- End Message ---
--- Begin Message ---
PJ wrote:
foreach does a nice job if you want the results identical each time.
What can you use to change the formatting of the results dependent on
the number of results.
Here's an example:
foreach ( $authors[$bookID] AS $authorID => $authorData ) {
# Display the
echo "{$authorData['first_name']}
{$authorData['last_name']}\n";
}
will echo - Joe Boe John Blue Andy Candy etc depending on how many rows
we have.
What I want is: Joe Boe, John Blue, Andy Candy & Hans Stick ( separated
by commas, except for the last one which is separated with & .
I thought of passing a variable to the foreach and then using if
elseif... but that can't work because the variable is reset to 0 after
each pass.
Can't get switch to do it (maybe I don't understand it right.
Help ?
your answer lies with not replacing foreach to make your life/output better. But with how the data is prepared and
handed off to the foreach statement.
I am guessing that what you want would be something like this.
Since this looks like a snippet of code I sent you the other day, I will snag it
"complete" from the other thread.
<?php
...
# Test to see if the book has any authors
if ( isset($authors[$bookID]) ) {
# Tell us how many authors we found
echo 'Found: ', count($author[$bookID]), ' authors';
# Create an array that will hold the output from the DB.
$aList = array();
# Loop through the authors
foreach ( $authors[$bookID] AS $authorID => $authorData ) {
# Add all the authors to that new array
$aList[] = "{$authorData['last_name']},
{$authorData['first_name']}";
}
# Sanitize the output
$aList = array_map('htmlspecialchars', $aList);
# Get a count of how many authors their is.
$tAuthors = count($aList);
# If more then one, do...
if ( $tAuthors > 1 ) {
# Take the last one off, so we can handle it differently
$last_author = array_pop($aList);
echo join(', ', $aList), ' & ', $last_author;
# If only one, then do...
} elseif ( $tAuthors == 1 ) {
echo join('', $aList);
}
echo '<br />';
} else {
echo 'No authors found';
}
...
?>
--- End Message ---
--- Begin Message ---
On Sat, 2009-04-11 at 16:11 -0500, PJ wrote:
> foreach does a nice job if you want the results identical each time.
> What can you use to change the formatting of the results dependent on
> the number of results.
> Here's an example:
> foreach ( $authors[$bookID] AS $authorID => $authorData ) {
> # Display the
> echo "{$authorData['first_name']}
> {$authorData['last_name']}\n";
> }
>
> will echo - Joe Boe John Blue Andy Candy etc depending on how many rows
> we have.
> What I want is: Joe Boe, John Blue, Andy Candy & Hans Stick ( separated
> by commas, except for the last one which is separated with & .
> I thought of passing a variable to the foreach and then using if
> elseif... but that can't work because the variable is reset to 0 after
> each pass.
> Can't get switch to do it (maybe I don't understand it right.
> Help ?
>
> --
> unheralded genius: "A clean desk is the sign of a dull mind. "
> -------------------------------------------------------------
> Phil Jourdan --- [email protected]
> http://www.ptahhotep.com
> http://www.chiccantine.com/andypantry.php
>
>
$count = 1;
foreach ( $authors[$bookID] AS $authorID => $authorData )
{
echo "{$authorData['first_name']} {$authorData['last_name']}\n";
echo($count < count($authors[$bookID]))?', ':' & ';
$count ++;
}
Ash
www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
This is a .htaccess for a MU blog
the index file is kept at : public_html/
And main blog is kept at: public_html/blog
It is causing severe cache issue. SuperCache plugin is not working.
The blog is running out of memory most of times and consuming huge CPU. Any
suggestions?
# BEGIN WPSuperCache
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /blog/
AddDefaultCharset UTF-8
RewriteRule ^(.*) /blog/wp-content/cache/%{HTTP_HOST}/blog/$1/index.html.gz
[L]
RewriteCond %{REQUEST_URI} !^.*[^/]$
RewriteCond %{REQUEST_URI} !^.*//.*$
RewriteCond %{REQUEST_METHOD} !=POST
RewriteCond %{QUERY_STRING} !.*=.*
RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress|wp-postpass_).*$
RewriteCond %{HTTP:Accept-Encoding} gzip
RewriteCond
%{DOCUMENT_ROOT}/blog/wp-content/cache/%{HTTP_HOST}/blog/$1/index.html.gz -f
</IfModule>
# END WPSuperCache
#uploaded files
RewriteRule ^(.*/)?files/$ index.php [L]
RewriteRule ^(.*/)?files/(.*) wp-content/blogs.php?file=$2 [L]
RewriteCond %{REQUEST_URI} !.*wp-content/plugins.*
# add a trailing slash to /wp-admin
RewriteCond %{REQUEST_URI} ^.*/wp-admin$
RewriteRule ^(.+)$ $1/ [R=301,L]
RewriteRule . - [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-.*) $2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule .* /blog/index.php [L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
<IfModule mod_security.c>
<Files async-upload.php>
SecFilterEngine Off
SecFilterScanPOST Off
</Files>
</IfModule>
--- End Message ---
--- Begin Message ---
I'm trying to write a [simple] function, such that:
function earlier_unix_timestamp () {
$now = mktime();
[...]
return $then; // e.g., 1238983107
}
Anyone have something already made? There seem to be many ways to skin
this cat, with date() arithmetic, etc., but the exceptions (Jan 1,
first day of the month, etc.) are driving me crazy.
...Rene
--- End Message ---
