php-general Digest 27 Aug 2009 08:42:01 -0000 Issue 6308
Topics (messages 297329 through 297339):
Re: unset() something that doesn't exist
297329 by: Stuart
297339 by: Peter Ford
Re: parse_ini_file problem
297330 by: Jim Lucas
Re: What if this code is right ? It worked perfectly for years!!
297331 by: Ben Dunlap
Re: How to output a NULL field?
297332 by: Phpster
Re: Why aren't you rich? (was Re: unset() something that doesn't exist)
297333 by: Jason Pruim
Re: Can't find the server path when, in http.conf, using Alias and
DirectoryIndex
297334 by: Torben Wilson
297337 by: Paul Gardiner
297338 by: Torben Wilson
user permissions
297335 by: John
297336 by: Robyn Overstreet
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
2009/8/26 tedd <tedd.sperl...@gmail.com>:
> At 2:12 PM +0100 8/26/09, Stuart wrote:
>>
>> 2009/8/26 tedd <tedd.sperl...@gmail.com>:
>>
>> > And, we all need a holiday...
>>
>> Apparently a holiday is out of the question, so I've decided to change
>> jobs instead. A new environment, that's all I need.
>>
>> Loving your view of this list as a hierarchy of idiots btw, I think
>> that works as a description for a lot of places.
>>
>> -Stuart
>
>
> -Stuart:
>
> I hope your new job still includes this list.
Unfortunately I've already had to cut down a lot on the time I spend
doing stuff like this list in my current job, and that's unlikely to
change when I take up my new role. I dip in when I can, and still try
to have fun with it ;-)
> As for the "hierarchy of idiots", but of course -- if we weren't idiots we
> would be doing something that made lot's of money.
>
> I had a client say to me once "If you're so smart, then why aren't you
> rich?" I answered quickly "What makes you think I'm not?" But privately his
> comment cut me to the quick. There was no question that much dumber people
> than me (according to me) were making far more bucks than I was.
>
> So, who's the smart one? Is it the guy that went to college to get three
> degrees to work his ass off for a moron who pays a a fraction of what he
> makes on the deal? Or is it the moron who sniffs out the deal and gets
> idiots to work for him?
There are some *very* lucky people out there who get away with doing
and/or knowing very little, with minimal intelligence but who manage
to get paid over-the-top amounts for it. In my experience they are the
type of person for whom money is the goal. I hate that attitude and it
says more about society in general than such an individual.
For me money has never been a core driver in my life, mainly because
I've been fortunate to usually have a job that pays well enough to
provide me with everything I need, but so far I've never felt it was
excessive.
IMHO the richest person in the world is the one who would still do
what they get paid for after they've won £100m on the lottery. Having
a job you love so much that you can't imagine not doing it is the holy
grail. I reckon I'm pretty close to that because I love my job (both
current and new) and the only thing I would change if I could would be
to own the company rather than work for it, but that would change
little in my day-to-day activities.
> It appears that the world is made up of morons and idiots -- the problem is
> that idiots do all the work and morons make all the money. The smarter the
> idiot, the more work that's available. The craftier the moron, the more
> money they make and thus the more idiots they hire.
If you ask me you are essentially describing engineers (or doers) as
idiots and salespeople as morons. I won't debate the labels but
unfortunately it's a fact of life that most "management" types in this
world are ex-sales because they're the ones who know how to use their
skills to further their career which them in a position to favour
sales over engineering when it comes to salary and rewards.
I've worked in a number of organisations where the sales staff were
treated like rock stars and the people who did the actual work were
treated like commodities - easily replaced. I've also worked in (and
now insist on only working for) organisations that recognise that
building stuff is as important, if not more so than being able to sell
it.
When it comes to software, especially since the (and I really hate the
term, but) Web 2.0 label took off it's become increasingly clear that
a good product will sell itself through personal recommendations many
times more successfully than a glossy ad campaign. It's also being
recognised that a fair proportion of the public now object to being
sold something by pretentious, over-confident, pushy salespeople, and
it's fairly likely they'll be put off buying whatever their selling
regardless of what it is. This, I think, is the source of the recent
switch in focus from polished advertising to polished products.
This switch coupled with the low cost of distributing software via the
internet has created the perfect environment for small companies to
create great products and compete effectively with traditional
shrink-wrapped software publishers. And long may it continue. Better
quality software is better for everyone, users and developers alike.
Incidentally, I should say at this point that if PHP has one weakness
in this brave new world its that the barrier to entry is far too low.
It's just too easy to do it wrong and get away with it. Most languages
specifically aimed at web development suffer from the same problem,
but PHP seems to have special skills in this area.
I've been recruiting for my replacement recently (drop me a note if
you're interested in a lead developer role in a financially stable
UK-based company) and as with every time I recruit PHP developers it
scares me the number of people out there commanding decent salaries
when they really don't know what I consider to be the basics of
software development. I think I've worked out why tho... what they
make works, and if you don't look too closely or with a trained eye
you'll never see that it's riddled with security holes and is
generally a nightmare to maintain. Maybe it's just me but any
developer who doesn't care about the quality, security and
maintainability of their work will never get a job from me!!
Ok, that turned in to a bit of a rant. Sorry, and thanks for reading
it (I assume you did since you're reading this sentence - if you're
just skimming it then this still applies, but less so).
> As for me, sometimes I'm an idiot and other times I'm a moron. But what I
> really would like to be is retired so I could do this for a hobby.
*raises a glass of hot cocoa* Here's to that day!
-Stuart
--
http://stut.net/
--- End Message ---
--- Begin Message ---
Stuart wrote: (among other things)
> If you ask me you are essentially describing engineers (or doers) as
> idiots and salespeople as morons. I won't debate the labels but
> unfortunately it's a fact of life that most "management" types in this
> world are ex-sales because they're the ones who know how to use their
> skills to further their career which them in a position to favour
> sales over engineering when it comes to salary and rewards.
>
I think you'll find it's because the engineers like engineering and not
managing, so they (if they can get away with it) avoid or decline the
"opportunities" for promotion to management.
ISTR the Royal Air Force has a "Specialist Aircrew" track where the really good
pilots, who wanted to fly planes rather than desks, could be promoted to
"management" ranks but avoid the management duties.
I had the pleasure of meeting one of these chaps when I was at university - he
had more flying hours than I had lived and flown just about everything with
wings. A superb instructor, but far too much of a livewire to be a manager...
--
Peter Ford phone: 01580 893333
Developer fax: 01580 893399
Justcroft International Ltd., Staplehurst, Kent
--- End Message ---
--- Begin Message ---
Richard H Lee wrote:
> Hi all,
>
> I think I'm having a problem with parse_ini_file in php. I am using wamp
> on two machines. I'm installing a Digishop e-commerce package.
>
> The blah.ini.php file starts with
>
> ----------------
> <?php die ?>
>
>
> [SOMETITLE]
> some_setting="Ok, I Have Completed This Step"
> another_setting="Next"
> ..
> ..
> ..
> ----------------
>
> On one machine which uses php 5.2.5 it parses the file fine and installs
> properly
>
> But on another machine which use 5.3.0 i get the error
>
> Warning: parse error in blah.ini.php on line 1 in myparser.php on line 81
>
> On the 5.3.0 if I remove the <?php die ?> it works fine. But it still
> does not install the sofware properly.
>
> I get the feeling php on the 5.3.0 marchine is parsing the file
> differently to the 5.2.5. I doubt anything has changed between the
> versions. I also compared the phpinfos between the two setups but could
> not see anything outstanding.
>
> Have any of you guys seen this behaviour before?
>
> Cheers,
>
> Richard
>
I would write a little line to your cli like this
php -r 'print_r(parse_ini_file("/path/to/your/ini.file.php"));'
see if the output is different. If it is, then you know that the two
versions are doing something different.
If you find that the output is different and you have more questions
please provide the output from "php -v" from both machines and we might
be able to help further.
--- End Message ---
--- Begin Message ---
> <?
> $fName = $_REQUEST['fName'] ;
> $emailid = $_REQUEST['emailid'] ;
> $number = $_REQUEST['number'] ;
> $message = $_REQUEST['message'] ;
>
> mail( "ch...@gmail.com", $number, $message, "From: $emailid" );
> header( "Location: http://www.thankyou.com/thankYouContact.php"; );
> ?>
This is a bit of a hang-up of mine so forgive me if it's mildly OT,
but if you do figure out what the problem is, and fix it, you may want
to revisit this code in a more extensive way, if what you've pasted
above is exactly the code you use in your live application. Please
ignore if you've simplified the code above for simplicity's sake.
At any rate the code above is most likely vulnerable to SMTP
injection, because it passes the unfiltered value of '$emailid' as
part of the 'additional_headers' argument to mail().
So the form could be used to send spam to arbitrary email addresses.
I'd recommend using filter_input(), with the FILTER_VALIDATE_EMAIL
filter, to get at the 'emailid' parameter:
http://us3.php.net/manual/en/function.filter-input.php
Ben
--- End Message ---
--- Begin Message ---
On Aug 26, 2009, at 12:31 PM, "David Stoltz" <dsto...@shh.org> wrote:
I'm using COM because I don't know what else to use ;-)
Like I said, I'm new to PHP. Here is another way I communicate with
the database, let me know if this is a better way (it requires a
stored procedure):
//Assign the server connection to a variable
$connect = mssql_connect(SERVER,1433', USER, 'PASSWORD');
//Select your database and reference the connection
mssql_select_db('DATABASE', $connect);
// Create a new stored prodecure
$stmt = mssql_init('StoredProcedureName');
// Bind the field names
mssql_bind($stmt, '@category',$cat,SQLINT4,false,false,4);
mssql_bind($stmt, '@userid',$userid,SQLINT4,false,false,4);
mssql_bind($stmt, '@passwordtitle',$pname,SQLVARCHAR,false,false,100);
mssql_bind($stmt, '@password',$encrypted_data,SQLVARCHAR,false,false,
1000);
mssql_bind($stmt, '@alt',$alt,SQLVARCHAR,false,false,150);
mssql_bind($stmt, '@desc',$desc,SQLVARCHAR,false,false,100);
// Execute
mssql_execute($stmt);
-----Original Message-----
From: hack988 hack988 [mailto:hack...@dev.htwap.com]
Sent: Wednesday, August 26, 2009 12:18 PM
To: Andrew Ballard
Cc: David Stoltz; php-gene...@lists.php.net
Subject: Re: [PHP] How to output a NULL field?
Com function is just for Windows,I don't kown why some body like use
it.:(
2009/8/27 Andrew Ballard <aball...@gmail.com>:
On Wed, Aug 26, 2009 at 9:51 AM, David Stoltz<dsto...@shh.org> wrote:
Sorry - I don't know what you mean by DB class?
I'm using Microsoft SQL 2000....with this code:
<?php
//create an instance of the ADO connection object
$conn = new COM ("ADODB.Connection")
or die("Cannot start ADO");
//define connection string, specify database driver
$connStr =
"PROVIDER=SQLOLEDB;SERVER=xxxx;UID=xxx;PWD=xxxx;DATABASE=xxxx";
$conn->open($connStr); //Open the connection to the database
$query = "SELECT * FROM eval_evaluations WHERE id = ".$_POST
["eval"];
$rs = $conn->execute($query);
echo $rs->Fields(22); //this is where that particular field is
NULL, and produces the error
....
Because you are using COM, you can't use PHP's empty(), isset(), or
is_null() in your if(...) statement. I've not used COM for much in
PHP, but I think you'll have to do something like this:
switch (variant_get_type($rs->Fields(22)) {
case VT_EMPTY:
case VT_NULL:
$q4 = '';
break;
case VT_UI1:
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
MS has developed and released a new version of the mssql drivers for
php. It might be worth investigating that to see ifthat firs your needs.
Bastien
Sent from my iPod
--- End Message ---
--- Begin Message ---
On Aug 26, 2009, at 1:23 PM, Tom Worster wrote:
On 8/26/09 10:08 AM, "tedd" <tedd.sperl...@gmail.com> wrote:
I had a client say to me once "If you're so smart, then why aren't
you rich?"
how about: "i'm smart enough that i know not to waste my allotted
time on
this planet amassing riches."
i know plenty of rich people, many of whom earned their wealth. i
envy the
financial security but little else of that their wealth has done to
their
lives. time is really what i want more of. some wealthy trust fund
types
have wealth and time but they have other problems i'm glad i don't.
I know this is a little old, but I've been busy and I wanted to chime
in on this :)
Wealth is many things to many people... Me personally... I'm poor with
money, but rich with spirit and other blessings... I have a loving
wife, and two boys that think I'm the king of the world and I could do
anything. I'd like to cover my bills a little better, and put
something away for retirement and there college funds... but that's
all I need :)
--- End Message ---
--- Begin Message ---
2009/8/26 Paul Gardiner <li...@glidos.net>:
> Paul Gardiner wrote:
>>
>> I want to write a simple indexing script to display a
>> directory full of photos as a gallery of thumbnails.
>> (There are various solutions out there for this, but
>> they're all a bit more complicated than I need).
>>
>> I've added a file in /etc/apache2/conf.d that
>> looks like this:
>>
>> Alias /photos /home/public/photos
>> <Directory "/home/public/photos">
>> AllowOverride None
>> Order allow,deny
>> Allow from all
>>
>> DirectoryIndex /cgi-bin/index.php
>> </Directory>
>>
>>
>> I use "Alias" so that I can leave the photos where they are
>> and not have to move them to DocumentRoot. I use "DirectoryIndex"
>> so that the script doesn't have to be in with the photos. My
>> problem is that the running script seems to have no way to
>> work out the photos are in /home/public/photos.
>>
>> $_SERVER[REQUEST_URI] is "/photos/", but I can't see how to
>> derive the server path from that, since $_SERVER[DOCUMENT_ROOT]
>> is "/srv/www/htdocs".
>>
>> $_SERVER[PHP_SELF] is "/cgi-bin/index.php", so no use either.
>>
>>
>> How can I do this? Is there a way to interrogate the alias,
>> or can I set a variable in the conf file that PHP can pick up?
>
> I've sussed it. If I use this apache2 conf file, where I
> tag the server path onto the end of the index url:
>
> Alias /photos /home/public/photos
> <Directory "/home/public/photos">
> AllowOverride None
> Order allow,deny
> Allow from all
>
> DirectoryIndex /cgi-bin/index.php/home/public/photos
> </Directory>
>
> then the script can pick up the path as $_SERVER[PATH_INFO]
>
> P.
Hi Paul,
Glad you got it working. I would add one note: I don't know if this is
what your actual code contains or if it's just in your emails, but not
quoting string indices in arrays is a Bad Idea (TM). i.e. I'd
recommend avoiding the use of something like $_SERVER[PATH_INFO] and
instead use $_SERVER['PATH_INFO']. While the unquoted version will
work much of the time, it's untrustworthy. In this case, PHP sees the
label PATH_INFO and looks for a constant named PATH_INFO. If it
doesn't find one, then it interprets the label as a string--which
allows things to work. However, if at some point you include code
which does a define('PATH_INFO', 'foo'); then what PHP will see is
$_SERVER['foo'], which probably isn't what you wanted.
This example is of course a little contrived, but unless you know that
there is a constant defined with the value you're using, and you want
to use that as your array index, then you should always quote string
array indices.
For more information check out
http://www.php.net/manual/en/language.types.array.php#language.types.array.donts
Of course, if you just left out the quotes for the purposes of posting
then you may happily ignore this message and carry on. :)
Cheers (I'm done butting in now),
Torben
--- End Message ---
--- Begin Message ---
Torben Wilson wrote:
2009/8/26 Paul Gardiner <li...@glidos.net>:
Paul Gardiner wrote:
I want to write a simple indexing script to display a
directory full of photos as a gallery of thumbnails.
(There are various solutions out there for this, but
they're all a bit more complicated than I need).
I've added a file in /etc/apache2/conf.d that
looks like this:
Alias /photos /home/public/photos
<Directory "/home/public/photos">
AllowOverride None
Order allow,deny
Allow from all
DirectoryIndex /cgi-bin/index.php
</Directory>
I use "Alias" so that I can leave the photos where they are
and not have to move them to DocumentRoot. I use "DirectoryIndex"
so that the script doesn't have to be in with the photos. My
problem is that the running script seems to have no way to
work out the photos are in /home/public/photos.
$_SERVER[REQUEST_URI] is "/photos/", but I can't see how to
derive the server path from that, since $_SERVER[DOCUMENT_ROOT]
is "/srv/www/htdocs".
$_SERVER[PHP_SELF] is "/cgi-bin/index.php", so no use either.
How can I do this? Is there a way to interrogate the alias,
or can I set a variable in the conf file that PHP can pick up?
I've sussed it. If I use this apache2 conf file, where I
tag the server path onto the end of the index url:
Alias /photos /home/public/photos
<Directory "/home/public/photos">
AllowOverride None
Order allow,deny
Allow from all
DirectoryIndex /cgi-bin/index.php/home/public/photos
</Directory>
then the script can pick up the path as $_SERVER[PATH_INFO]
P.
Hi Paul,
Glad you got it working.
Actually, since posting, I've given up on that method,
partly because I realised that in doing so I was opening up
a security hole and being close to allowing enumeration of
any apache-readable directory on my server, via direct use
of the url http:/<host>/cgi-bin/index.php/<path>/. I've
found a much better way (using SetEnv):
Alias /photos /home/public/photos
<Directory "/home/public/photos">
AllowOverride None
Order allow,deny
Allow from all
SetEnv GalleryPath /home/public/photos
DirectoryIndex /cgi-bin/index.php
</Directory>
And then the script can pick up the path as $_SERVER['GalleryPath']
I would add one note: I don't know if this is
what your actual code contains or if it's just in your emails, but not
quoting string indices in arrays is a Bad Idea (TM). i.e. I'd
recommend avoiding the use of something like $_SERVER[PATH_INFO] and
instead use $_SERVER['PATH_INFO']. While the unquoted version will
work much of the time, it's untrustworthy. In this case, PHP sees the
label PATH_INFO and looks for a constant named PATH_INFO.
Thanks for the advice. I've always been a little uncertain of that. I
don't generally leave the quotes out, but I had been tending to, just
for accessing $_SERVER (not sure why - some example code I must have
read I think). Anyway, I'll put the quotes in.
What about the case of including an array within a string, e.g.,
$line = "<tr><td>$array['name']<td>$array['address']";
I've read something about that not working with the quotes in place.
Is that best avoided too?
Cheers,
Paul.
--- End Message ---
--- Begin Message ---
2009/8/27 Paul Gardiner <li...@glidos.net>:
> Torben Wilson wrote:
>>
>> 2009/8/26 Paul Gardiner <li...@glidos.net>:
>>>
>>> Paul Gardiner wrote:
>>>>
>>>> I want to write a simple indexing script to display a
>>>> directory full of photos as a gallery of thumbnails.
>>>> (There are various solutions out there for this, but
>>>> they're all a bit more complicated than I need).
>>>>
>>>> I've added a file in /etc/apache2/conf.d that
>>>> looks like this:
>>>>
>>>> Alias /photos /home/public/photos
>>>> <Directory "/home/public/photos">
>>>> AllowOverride None
>>>> Order allow,deny
>>>> Allow from all
>>>>
>>>> DirectoryIndex /cgi-bin/index.php
>>>> </Directory>
>>>>
>>>>
>>>> I use "Alias" so that I can leave the photos where they are
>>>> and not have to move them to DocumentRoot. I use "DirectoryIndex"
>>>> so that the script doesn't have to be in with the photos. My
>>>> problem is that the running script seems to have no way to
>>>> work out the photos are in /home/public/photos.
>>>>
>>>> $_SERVER[REQUEST_URI] is "/photos/", but I can't see how to
>>>> derive the server path from that, since $_SERVER[DOCUMENT_ROOT]
>>>> is "/srv/www/htdocs".
>>>>
>>>> $_SERVER[PHP_SELF] is "/cgi-bin/index.php", so no use either.
>>>>
>>>>
>>>> How can I do this? Is there a way to interrogate the alias,
>>>> or can I set a variable in the conf file that PHP can pick up?
>>>
>>> I've sussed it. If I use this apache2 conf file, where I
>>> tag the server path onto the end of the index url:
>>>
>>> Alias /photos /home/public/photos
>>> <Directory "/home/public/photos">
>>> AllowOverride None
>>> Order allow,deny
>>> Allow from all
>>>
>>> DirectoryIndex /cgi-bin/index.php/home/public/photos
>>> </Directory>
>>>
>>> then the script can pick up the path as $_SERVER[PATH_INFO]
>>>
>>> P.
>>
>> Hi Paul,
>>
>> Glad you got it working.
>
> Actually, since posting, I've given up on that method,
> partly because I realised that in doing so I was opening up
> a security hole and being close to allowing enumeration of
> any apache-readable directory on my server, via direct use
> of the url http:/<host>/cgi-bin/index.php/<path>/. I've
> found a much better way (using SetEnv):
>
> Alias /photos /home/public/photos
> <Directory "/home/public/photos">
> AllowOverride None
> Order allow,deny
> Allow from all
>
> SetEnv GalleryPath /home/public/photos
> DirectoryIndex /cgi-bin/index.php
> </Directory>
>
> And then the script can pick up the path as $_SERVER['GalleryPath']
>
>> I would add one note: I don't know if this is
>> what your actual code contains or if it's just in your emails, but not
>> quoting string indices in arrays is a Bad Idea (TM). i.e. I'd
>> recommend avoiding the use of something like $_SERVER[PATH_INFO] and
>> instead use $_SERVER['PATH_INFO']. While the unquoted version will
>> work much of the time, it's untrustworthy. In this case, PHP sees the
>> label PATH_INFO and looks for a constant named PATH_INFO.
>
> Thanks for the advice. I've always been a little uncertain of that. I
> don't generally leave the quotes out, but I had been tending to, just
> for accessing $_SERVER (not sure why - some example code I must have
> read I think). Anyway, I'll put the quotes in.
>
> What about the case of including an array within a string, e.g.,
>
> $line = "<tr><td>$array['name']<td>$array['address']";
Hi Paul,
For that, you use curly braces inside strings:
$line = "<tr><td>{$array['name']}<td>{$array['address']}";
http://www.php.net/manual/en/language.types.string.php#language.types.string.parsing
Regards,
Torben
> I've read something about that not working with the quotes in place.
> Is that best avoided too?
>
> Cheers,
> Paul.
>
>
--- End Message ---
--- Begin Message ---
Hi,
What is the best way to assign permissions to users?
a) Each user has a list of permissions associated with that user or
b) Each task/permission has a list of users that qualify or
c) Have a table with a row for each user/permission combination
Thanks!
John
--- End Message ---
--- Begin Message ---
This is where binary is actually helpful. You can store each
task/permission as a bit, ie, as a yes or no piece of data.
For example: read, write, edit, moderate ... a user with read/write
permissions only would be represented by: 1100, which in decimal is
12. So in effect, you're storing 4 values in one integer.
If you wanted to create a table to serve as a key to the permission
level codes, you could do that as well.
RO
On Wed, Aug 26, 2009 at 11:55 PM, John<i...@dynatechdesign.ca> wrote:
> Hi,
>
>
>
> What is the best way to assign permissions to users?
>
>
>
> a) Each user has a list of permissions associated with that user or
>
> b) Each task/permission has a list of users that qualify or
>
> c) Have a table with a row for each user/permission combination
>
>
>
> Thanks!
>
>
>
> John
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
