php-general Digest 14 Feb 2011 03:32:02 -0000 Issue 7180
Topics (messages 311264 through 311271):
Re: Help! Made a boo-boo encrypting credit cards
311264 by: Richard Quadling
Re: PHP arguments getting lost in call!?
311265 by: Nilesh Govindarajan
311266 by: Richard Quadling
311267 by: Florin Jurcovici
311269 by: Thijs Lensselink
Re: using BOTH GET and POST in the same page.
311268 by: Ashim Kapoor
311270 by: tedd
311271 by: Robert Cummings
Administrivia:
To subscribe to the digest, e-mail:
[email protected]
To unsubscribe from the digest, e-mail:
[email protected]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
On 11 February 2011 22:42, Brian Dunning <[email protected]> wrote:
> Hey all -
>
> I'm using mcrypt to store credit cards into MySQL. About 90% of them decrypt
> fine, but about 10% decrypt as nonsense ("b1�\�JEÚU�A���" is a good example).
> Maybe there is a character that appears in about 10% of my encryptions that's
> not being encoded properly???
Unrelated to the code, but considering the frequency of credit card
theft from big sites, is it really safe to store CC details, even if
they are encrypted? Considering the site's code CAN decrypt it, it
wouldn't be that difficult to use your code to get the card details.
Sure, having the details is a benefit to the client in terms of saving
them the hassle of entering the card details for each purchase/usage,
but how secure is it overall?
Related to the code, do you validate the card details first? You are
using addslashes($_POST['cc_number']). Considering a credit card
number is purely numeric, the addslashes would seem to be redundant as
you don't need to escape numbers. And you can run a Luhn10 check
against the card number to make sure it is valid before storing it.
Richard.
--
Richard Quadling
Twitter : EE : Zend
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY
--- End Message ---
--- Begin Message ---
On 02/13/2011 02:06 PM, Florin Jurcovici wrote:
> Hi.
>
> The entry point in my php app is a file containing something like:
>
> require_once("Disptacher.php");
>
> ...
>
> Dispatcher:dispatch($arguments);
>
> ...
>
>
> The file Dispatcher.php is located in the same folder as the file
> containing the above code, and contains the following:
>
> class Dispatcher
> {
> public static function dispatch($arguments)
> {
> ...
> }
> }
>
>
> For some reason, although before the call to Dispatcher::dispatch()
> the variable $arguments is set, and contains what it is supposed to
> contain, inside Dispatcher:dispatch() $arguments is always empty. How
> come? What am I doing wrong? How can I call a static method and pass
> it arguments?
>
> br,
>
> flj
>
You are probably misspelling something, just tried out the code like this:
t.php:
require_once "t1.php";
$args = array('f', 'g', 'h');
t1::fn($args);
t1.php:
class t1 {
public static function fn($a) {
var_dump($a);
}
}
And this gives me:
array(3) {
[0]=>
string(1) "f"
[1]=>
string(1) "g"
[2]=>
string(1) "h"
}
which is as expected
--
Regards,
Nilesh Govindarajan
Facebook: http://www.facebook.com/nilesh.gr
Twitter: http://twitter.com/_linuxgeek_
Website: http://www.itech7.com
--- End Message ---
--- Begin Message ---
On 13 February 2011 08:36, Florin Jurcovici <[email protected]> wrote:
> Hi.
>
> The entry point in my php app is a file containing something like:
>
> require_once("Disptacher.php");
>
> ...
>
> Dispatcher:dispatch($arguments);
>
> ...
>
>
> The file Dispatcher.php is located in the same folder as the file
> containing the above code, and contains the following:
>
> class Dispatcher
> {
> public static function dispatch($arguments)
> {
> ...
> }
> }
>
>
> For some reason, although before the call to Dispatcher::dispatch()
> the variable $arguments is set, and contains what it is supposed to
> contain, inside Dispatcher:dispatch() $arguments is always empty. How
> come? What am I doing wrong? How can I call a static method and pass
> it arguments?
>
> br,
>
> flj
>
> --
> In politics, stupidity is not a handicap. (Napoleon said it, Bush
> junior proves it)
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
What data IS getting through?
print_r(func_get_args());
will show this.
--
Richard Quadling
Twitter : EE : Zend
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY
--- End Message ---
--- Begin Message ---
Me stupid, my bad.
Turns out the bug isn't in my code, but in the debugger. I'm working
with the trial version of Zend Studio. When inside the call to the
static method, everything is undefined. If I look at variables using
the Expressions view, I can see their values, and they _are_ defined.
Still, maybe this thread was not completely useless - others may have
the same problem when using the same development setup.
I recall downloading the PDT from somewhere some time ago, and there
variables in the Variables view were definitely updated upon each step
through the code.
Somewhat off topic: wow, that was a fast response! I challenge any
commercial support service to have such response times - on Sunday!
On Sun, Feb 13, 2011 at 10:53 AM, Richard Quadling <[email protected]> wrote:
> On 13 February 2011 08:36, Florin Jurcovici <[email protected]>
> wrote:
>> Hi.
>>
>> The entry point in my php app is a file containing something like:
>>
>> require_once("Disptacher.php");
>>
>> ...
>>
>> Dispatcher:dispatch($arguments);
>>
>> ...
>>
>>
>> The file Dispatcher.php is located in the same folder as the file
>> containing the above code, and contains the following:
>>
>> class Dispatcher
>> {
>> public static function dispatch($arguments)
>> {
>> ...
>> }
>> }
>>
>>
>> For some reason, although before the call to Dispatcher::dispatch()
>> the variable $arguments is set, and contains what it is supposed to
>> contain, inside Dispatcher:dispatch() $arguments is always empty. How
>> come? What am I doing wrong? How can I call a static method and pass
>> it arguments?
>>
>> br,
>>
>> flj
>>
>> --
>> In politics, stupidity is not a handicap. (Napoleon said it, Bush
>> junior proves it)
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>
> What data IS getting through?
>
> print_r(func_get_args());
>
> will show this.
>
> --
> Richard Quadling
> Twitter : EE : Zend
> @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY
>
--
In politics, stupidity is not a handicap. (Napoleon said it, Bush
junior proves it)
--- End Message ---
--- Begin Message ---
On 02/13/2011 10:00 AM, Florin Jurcovici wrote:
> Me stupid, my bad.
>
> Turns out the bug isn't in my code, but in the debugger. I'm working
> with the trial version of Zend Studio. When inside the call to the
> static method, everything is undefined. If I look at variables using
> the Expressions view, I can see their values, and they _are_ defined.
Maybe the "break at first line" switch is on in the debug config. If you
step through you should see all variables. Two things i can think of.
1. Your breakpoints are set before the var us initialised
2. something wrong with your IDE/debugger setup
>
> Still, maybe this thread was not completely useless - others may have
> the same problem when using the same development setup.
>
> I recall downloading the PDT from somewhere some time ago, and there
> variables in the Variables view were definitely updated upon each step
> through the code.
>
> Somewhat off topic: wow, that was a fast response! I challenge any
> commercial support service to have such response times - on Sunday!
>
> On Sun, Feb 13, 2011 at 10:53 AM, Richard Quadling <[email protected]>
> wrote:
>> On 13 February 2011 08:36, Florin Jurcovici <[email protected]>
>> wrote:
>>> Hi.
>>>
>>> The entry point in my php app is a file containing something like:
>>>
>>> require_once("Disptacher.php");
>>>
>>> ...
>>>
>>> Dispatcher:dispatch($arguments);
>>>
>>> ...
>>>
>>>
>>> The file Dispatcher.php is located in the same folder as the file
>>> containing the above code, and contains the following:
>>>
>>> class Dispatcher
>>> {
>>> public static function dispatch($arguments)
>>> {
>>> ...
>>> }
>>> }
>>>
>>>
>>> For some reason, although before the call to Dispatcher::dispatch()
>>> the variable $arguments is set, and contains what it is supposed to
>>> contain, inside Dispatcher:dispatch() $arguments is always empty. How
>>> come? What am I doing wrong? How can I call a static method and pass
>>> it arguments?
>>>
>>> br,
>>>
>>> flj
>>>
>>> --
>>> In politics, stupidity is not a handicap. (Napoleon said it, Bush
>>> junior proves it)
>>>
>>> --
>>> PHP General Mailing List (http://www.php.net/)
>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>
>>>
>>
>> What data IS getting through?
>>
>> print_r(func_get_args());
>>
>> will show this.
>>
>> --
>> Richard Quadling
>> Twitter : EE : Zend
>> @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY
>>
>
>
>
--- End Message ---
--- Begin Message ---
OK. Thank you Jim/Nathan.
Ashim : )
On Sun, Feb 13, 2011 at 1:26 AM, Nathan Rixham <[email protected]> wrote:
> Ashim Kapoor wrote:
>
>> Dear All,
>>
>> I am reading "PHP5 and MySQL Bible". Chapter 7 of the book says that PHP
>> can
>> use GET and POST in the SAME page! Also it says that we can use the SAME
>> variables in GET and POST variable sets and that conflict resolution is
>> done
>> by variable_order option in php.ini Can some one write a small program to
>> illustrate the previous ideas? It is not clear to me as to how to
>> implement
>> this.
>>
>
> I noticed you've already received one response, so here's some more
> background info.
>
> It's using $_GET and $_POST in the same script, not HTTP GET and HTTP POST.
> $_GET in PHP correlates to the query string parameters in the URL requested,
> $_POST in PHP correlates to form data which is POSTed to the server inside a
> message, with the type application/x-www-form-urlencoded.
>
> One could say that $_GET and $_POST are named misleadingly, and that infact
> what you have is $_PARSED_QUERY_STRING_FROM_URL and $_POST_DATA_MAYBE .
>
> The two are quite separate and can both be used at the same time.
>
> HTML forms allow a method to be set, GET or POST, if GET then the form is
> treated like an URL construction template, if POST then it's treated like a
> message body construction template.
>
> It's worth reading up on both HTTP and HTML Forms when using PHP, since PHP
> is a "Pre Hypertext Processor" and HTTP is the Hypertext transfer protocol,
> and HTML is the Hypertext markup language :)
>
> Best,
>
> Nathan
>
--- End Message ---
--- Begin Message ---
At 10:53 AM +0530 2/12/11, Ashim Kapoor wrote:
Dear All,
I am reading "PHP5 and MySQL Bible". Chapter 7 of the book says that PHP can
use GET and POST in the SAME page! Also it says that we can use the SAME
variables in GET and POST variable sets and that conflict resolution is done
by variable_order option in php.ini Can some one write a small program to
illustrate the previous ideas? It is not clear to me as to how to implement
this.
Many thanks,
Ashim.
Ashim:
What others have not addressed is that the form used to send
variables will send only GET OR POST method variables, but not both
at the same time.
Using REQUEST will show the values of the variables sent, but will
not show what method was used (not addressing COOKIE) and that is the
reason why it's not the best idea to use REQUEST.
Furthermore, as you point out, conflict resolution is done in
accordance with variable order as set in the php.ini file and that
can be different between different environments. As such, a script
can act differently and there in lies the problem.
Now, I have used scripts that may receive POST or GET variables and
act accordingly, but you will never (except possibly AJAX) have a
situation where a script will receive both sets of variables at the
same time. So, I don't think one can write a small simple script that
can demonstrate this.
Cheers,
tedd
--
-------
http://sperling.com/
--- End Message ---
--- Begin Message ---
On 11-02-13 02:25 PM, tedd wrote:
At 10:53 AM +0530 2/12/11, Ashim Kapoor wrote:
Dear All,
I am reading "PHP5 and MySQL Bible". Chapter 7 of the book says that PHP can
use GET and POST in the SAME page! Also it says that we can use the SAME
variables in GET and POST variable sets and that conflict resolution is done
by variable_order option in php.ini Can some one write a small program to
illustrate the previous ideas? It is not clear to me as to how to implement
this.
Many thanks,
Ashim.
Ashim:
What others have not addressed is that the form used to send
variables will send only GET OR POST method variables, but not both
at the same time.
Using REQUEST will show the values of the variables sent, but will
not show what method was used (not addressing COOKIE) and that is the
reason why it's not the best idea to use REQUEST.
Furthermore, as you point out, conflict resolution is done in
accordance with variable order as set in the php.ini file and that
can be different between different environments. As such, a script
can act differently and there in lies the problem.
Now, I have used scripts that may receive POST or GET variables and
act accordingly, but you will never (except possibly AJAX) have a
situation where a script will receive both sets of variables at the
same time. So, I don't think one can write a small simple script that
can demonstrate this.
This is terribly wrong... any drupal site (or probably any front
controller based CMS) will use GET variables to route to the correct
page which may have a form which will capture the POSTed data. I've seen
POST and GET often in the same page.
Cheers,
Rob.
--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.
--- End Message ---
