php-general Digest 20 Oct 2003 14:13:49 -0000 Issue 2366
Topics (messages 166721 through 166750):
Re: Session hijacking
166721 by: daniel.electroteque.org
166722 by: Chris Shiflett
166723 by: John W. Holmes
166724 by: Chris Shiflett
166725 by: Radek Zajkowski
DB's on seperate server
166726 by: Ryan Thompson
166727 by: Ryan Thompson
166728 by: Becoming Digital
166738 by: BENARD Jean-philippe
addslashes() vs. magic_quotes_gpc
166729 by: Jake McHenry
166730 by: Rasmus Lerdorf
166731 by: Adrian
166746 by: Jon Kriek
Re: Choosing a CMS?
166732 by: Colin Kettenacker
PHP manual - multiple HTML pages
166733 by: wim
Re: PHP within Frames
166734 by: KB
166736 by: David T-G
Re: What Is Scalability?
166735 by: Alexandru COSTIN
Re: partial match on array_search?
166737 by: Burhan Khalid
$PHP_SELF
166739 by: Boris Sagadin
166747 by: Jon Kriek
Pictures stored in database and IE
166740 by: Hanuska Ivo
Re: sorting
166741 by: Ford, Mike [LSS]
166743 by: Wang Feng
166744 by: Ford, Mike [LSS]
166750 by: Ford, Mike [LSS]
Re: best way to use session vars?
166742 by: Ford, Mike [LSS]
166745 by: David T-G
Re: (ANNOUNCE) codeSECURE 1.0 released - - Protecting PHP code
166748 by: John Black
Re: Using two XSLT stylesheets
166749 by: Raditha Dissanayake
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
i setup my sessions to be transparent, can it still be hacked ?
> --- Chris Wanstrath <[EMAIL PROTECTED]> wrote:
>> Lots of great information in this thread as far as solutions go, but
>> what I'm wondering is the concept behind how someone actually can
>> hijack a session if register_globals is off.
>
> I proposed a talk on this at ApacheCon (in addition to my PHP Attacks
> and Defense talk), but it wasn't accepted. I can never tell if there is
> a lot of interest in the idea of securing sessions or not. I think most
> people think it is too narrow a topic.
>
> At any rate, there is too much information to write in an email, but
> there are many methods of impersonation, and almost all of them are
> independent of whether register_globals is enabled.
>
> For example, consider that a legitimate user clicks a link and goes to
> this URL:
>
> http://www.example.org/foo.php?PHPSESSID=12345
>
> Perhaps the user has cookies disabled, so PHP appends the session
> identifier to the URL, or perhaps the developer does it automatically.
> Either way, what if a bad guy visits this URL:
>
> http://www.example.org/foo.php?PHPSESSID=12345
>
> Will the application recognize the user as the same as the legitimate
> user? PHP certainly will, but it is up to the application to try and
> lessen the likelihood of such an attack.
>
> Hope that helps.
>
> Chris
>
> =====
> My Blog
> http://shiflett.org/
> HTTP Developer's Handbook
> http://httphandbook.org/
> RAMP Training Courses
> http://www.nyphp.org/ramp
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
--- [EMAIL PROTECTED] wrote:
> i setup my sessions to be transparent, can it still be hacked ?
Yes.
If you can be more specific, I will try to be more specific also. :-)
Chris
=====
My Blog
http://shiflett.org/
HTTP Developer's Handbook
http://httphandbook.org/
RAMP Training Courses
http://www.nyphp.org/ramp
--- End Message ---
--- Begin Message ---
Chris Shiflett wrote:
For example, consider that a legitimate user clicks a link and goes to this
URL:
http://www.example.org/foo.php?PHPSESSID=12345
Perhaps the user has cookies disabled, so PHP appends the session identifier to
the URL, or perhaps the developer does it automatically. Either way, what if a
bad guy visits this URL:
http://www.example.org/foo.php?PHPSESSID=12345
Called session fixation. Here's good paper on this and how to deal with it.
http://www.acros.si/papers/session_fixation.pdf
The session_regenerate_id() function can come in handy here.
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
--- End Message ---
--- Begin Message ---
--- "John W. Holmes" <[EMAIL PROTECTED]> wrote:
> > Either way, what if a bad guy visits this URL:
> >
> > http://www.example.org/foo.php?PHPSESSID=12345
>
> Called session fixation. Here's good paper on this and how to deal
> with it.
>
> http://www.acros.si/papers/session_fixation.pdf
Actually, I didn't mean to reference session fixation (my example used an
existing session). However, this is another important topic; thanks for the
link.
Chris
=====
My Blog
http://shiflett.org/
HTTP Developer's Handbook
http://httphandbook.org/
RAMP Training Courses
http://www.nyphp.org/ramp
--- End Message ---
--- Begin Message ---
> off. Likewise though, you might start looking for replacements for those
> scripts as it takes time to make the changes, but it has been a year since
> register_globals were turned off by default and mentioned that they were
> going away in the future.
That is a sound advice, some time ago a lot of my scripts were using globals
on and as painful as it was I made the switch. In the long run it pays off.
It makes your programming more secure by default.
One quick way to globals is to simply find/replace in multiple files. Or
declare the values at the beginning of your scripts Eg.
$foo = $_POST["foo"];
it does not fully utilise the globals off style of coding, but offers a
quick fix during transition period, especially if you're paranoid about
automatic find/replace
R>
> -----Original Message-----
> From: news [mailto:[EMAIL PROTECTED] Behalf Of J. Cox
> Sent: October 19, 2003 5:30 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] Re: Session hijacking
>
>
>
> "Ryan A" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> > NO! Globals are on....
> > And asking the others they tell me that around 20% of the
> scripts (around
> > 300 scripts) wont function with globals off :-(
> >
> > What to do?
>
> Use an ini_set in your sessions script (I am assuming that you are using a
> seperate script to manage your sessions) to turn your registered globals
> off. Likewise though, you might start looking for replacements for those
> scripts as it takes time to make the changes, but it has been a year since
> register_globals were turned off by default and mentioned that they were
> going away in the future.
>
> In addition, take a look at some of the other suggestions that were made,
> beyond this one.
>
> J. Cox
> http://www.xaraya.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
Quick yes or no question. My db's are running on a different server then my
Webserver. I've temporarily mounted the directories from the db server to the
webserver to compile db access. Once PHP/Apache are compiled can they be
safely unmounted or will it give me problems somewhere down the line?
I guess in short. Once compiled does PHP need anything from the database
install
directories?
--
Ryan Thompson
[EMAIL PROTECTED]
http://osgw.sourceforge.net
==============================
"A computer scientist is someone who fixes
things that aren't broken" --Unknown
--- End Message ---
--- Begin Message ---
Quick yes or no question. My db's are running on a different server then my
Webserver. I've temporarily mounted the directories from the db server to the
webserver to compile db access. Once PHP/Apache are compiled can they be
safely unmounted or will it give me problems somewhere down the line?
I guess in short. Once compiled does PHP need anything from the database
install
directories?
--
Ryan Thompson
[EMAIL PROTECTED]
http://osgw.sourceforge.net
==============================
"A computer scientist is someone who fixes
things that aren't broken" --Unknown
--- End Message ---
--- Begin Message ---
If the DBMS itself is in those directories, may receive start errors in PHP when
trying to load the database extension. To prevent this problem, comment out the
following line in your php.ini (assumes MySQL):
extension=mysql.so
You may also want to set mysql.max_links = 0 as an additional measure but I don't
think it's necessary.
Edward Dudlik
"Those who say it cannot be done
should not interrupt the person doing it."
wishy washy | www.amazon.com/o/registry/EGDXEBBWTYUU
----- Original Message -----
From: "Ryan Thompson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, 19 October, 2003 23:49
Subject: [PHP] DB's on seperate server
Quick yes or no question. My db's are running on a different server then my
Webserver. I've temporarily mounted the directories from the db server to the
webserver to compile db access. Once PHP/Apache are compiled can they be
safely unmounted or will it give me problems somewhere down the line?
I guess in short. Once compiled does PHP need anything from the database
install
directories?
--
Ryan Thompson
[EMAIL PROTECTED]
http://osgw.sourceforge.net
==============================
"A computer scientist is someone who fixes
things that aren't broken" --Unknown
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Hi,
With Oracle I'm sure the answer is "YES". Once compiled, PHP needs
Oracle libs in order to use OCI. I don't know exactly which libs but I think
there's somewhere a list of all needed libs which you could copy on your web
server.
Cordialement,
Jean-Philippe BENARD
Consultant STERIA Infogérance
([EMAIL PROTECTED])
-----Message d'origine-----
De : Ryan Thompson [mailto:[EMAIL PROTECTED]
Envoyé : lundi 20 octobre 2003 05:50
À : [EMAIL PROTECTED]
Objet : [PHP] DB's on seperate server
Quick yes or no question. My db's are running on a different server then my
Webserver. I've temporarily mounted the directories from the db server to
the
webserver to compile db access. Once PHP/Apache are compiled can they be
safely unmounted or will it give me problems somewhere down the line?
I guess in short. Once compiled does PHP need anything from the database
install
directories?
--
Ryan Thompson
[EMAIL PROTECTED]
http://osgw.sourceforge.net
==============================
"A computer scientist is someone who fixes
things that aren't broken" --Unknown
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
If you have magic_quotes_gpc = On in your php.ini file, which it is by
default, does one still need to have the addslashes function in their
coding?
When I'm inserting into my database, I have addslashes in place, and I
haven't change the default value of magic_quotes_qpc = On. I havn't
seen any side effects from this. It seems like it's doing this job
twice.
Would any speed difference be seen by using / not using either of
these? I currently have 3 databases, roughtly 25 tables each, with
roughly 500 entries in each (growing about 50 daily), and it's
starting to get sluggish when I do a select * from tablename. I need
to recover all the speed I can.
If anyone has any other little tweaks I can do to gain performance,
that would be helpful.
Thanks,
Jake McHenry
Nittany Travel MIS Coordinator
http://www.nittanytravel.com
--- End Message ---
--- Begin Message ---
If you are doing both addslashes() and have magic_quotes_gpc turned on,
then yes, you are double-escaping things.
>From a performance-perspective I doubt you could measure much difference,
but I suppose doing it through magic_quotes_gpc would be faster assuming
you need to escape all your GPC data. If you have a lot of GPC data that
doesn't need to be escaped, then only running addslashes() on the data
that needs it might be more efficient.
-Rasmus
On Mon, 20 Oct 2003, Jake McHenry wrote:
> If you have magic_quotes_gpc = On in your php.ini file, which it is by
> default, does one still need to have the addslashes function in their
> coding?
>
> When I'm inserting into my database, I have addslashes in place, and I
> haven't change the default value of magic_quotes_qpc = On. I havn't
> seen any side effects from this. It seems like it's doing this job
> twice.
>
> Would any speed difference be seen by using / not using either of
> these? I currently have 3 databases, roughtly 25 tables each, with
> roughly 500 entries in each (growing about 50 daily), and it's
> starting to get sluggish when I do a select * from tablename. I need
> to recover all the speed I can.
>
> If anyone has any other little tweaks I can do to gain performance,
> that would be helpful.
>
> Thanks,
> Jake McHenry
> Nittany Travel MIS Coordinator
> http://www.nittanytravel.com
>
>
--- End Message ---
--- Begin Message ---
I think always using addslashes is better because you have to write
clean cide instead of trusting in a funktion which can be disabled on
some servers.
To avoid double-escaping I use this code:
function stripslashes_array($array) {
reset($array);
while(list($key,$val)=each($array)) {
if(is_string($val)) $array[$key]=stripslashes($val);
elseif(is_array($val)) $array[$key]=stripslashes_array($val);
}
return $array;
}
if (get_magic_quotes_gpc()) {
if(is_array($_REQUEST)) $_REQUEST=stripslashes_array($_REQUEST);
if(is_array($_POST)) $_POST=stripslashes_array($_POST);
if(is_array($_GET)) $_GET=stripslashes_array($_GET);
if(is_array($_COOKIE)) $_COOKIE=stripslashes_array($_COOKIE);
}
------------------------
> If you are doing both addslashes() and have magic_quotes_gpc turned on,
> then yes, you are double-escaping things.
> From a performance-perspective I doubt you could measure much difference,
> but I suppose doing it through magic_quotes_gpc would be faster assuming
> you need to escape all your GPC data. If you have a lot of GPC data that
> doesn't need to be escaped, then only running addslashes() on the data
> that needs it might be more efficient.
> -Rasmus
---------
Adrian
mailto:[EMAIL PROTECTED]
www: http://www.planetcoding.net
www: http://www.webskyline.de
--- End Message ---
--- Begin Message ---
Compare mysql_escape_string() to addslashes()
http://www.php.net/mysql_escape_string
--
Jon Kriek
http://phpfreaks.com
"Jake McHenry" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
If you have magic_quotes_gpc = On in your php.ini file, which it is by
default, does one still need to have the addslashes function in their
coding?
When I'm inserting into my database, I have addslashes in place, and I
haven't change the default value of magic_quotes_qpc = On. I havn't
seen any side effects from this. It seems like it's doing this job
twice.
Would any speed difference be seen by using / not using either of
these? I currently have 3 databases, roughtly 25 tables each, with
roughly 500 entries in each (growing about 50 daily), and it's
starting to get sluggish when I do a select * from tablename. I need
to recover all the speed I can.
If anyone has any other little tweaks I can do to gain performance,
that would be helpful.
Thanks,
Jake McHenry
Nittany Travel MIS Coordinator
http://www.nittanytravel.com
--- End Message ---
--- Begin Message ---
I'd recommend Justin's route as well, if you have the time. In fact that is
how I learned to program in PHP by programming my own template and CMS
system (it still has a ways to go though).
If you don't have the time search the list archives as this question comes
up often. You'll get a lot of good feed back there.
ck
--
Cheap Domain Registration | Web Hosting | Email Packages | + more
Fantastic prices -- Even better service.
http://www.hosttohost.net
Justin French [EMAIL PROTECTED] on 10/19/03 2:14 AM wrote:
> On Sunday, October 19, 2003, at 02:16 PM, Joel Konkle-Parker wrote:
>
>> I'm looking for an open source PHP/MySQL CMS that I can use as the
>> backend to my website.
>
> If you've got the time & skills, I'd actually recommend creating your
> own -- building my own CMS rapidly enhanced the way I work, streamlined
> my code, built up my knowledge and problem solving techniques, etc etc.
>
<snip />
--- End Message ---
--- Begin Message ---
Does anyone still have the tarfile for the manual. On the website they
announce that these manuals will be redeployed shortly but this message
is already three weeks there and I need this (as always ) urgently.
Thanx in advance for sending it .
Wim
--- End Message ---
--- Begin Message ---
OK...more specific...
I'm running Windows XP Professional with PHP and MySQL and IE6
What doesn't work: Anything inside the PHP parameters when running in a
Frames environment.
Someone mentioned that I might not have the testing server set up correctly
and it may be running locally. Bit of a novice so not too sure about this.
I have checked the settings for Testing Server in Dreamweaver and it seems
OK. (Should I try a Dreamweaver NewsGroup?)
Thanks to all for their interest/help so far.
Kevin
"Adam" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> This is really an browser interpretation of HTML issue than a straight
> PHP issue. A little more information would be helpful - such as
> browser, page content, etc.
>
> Regards,
> Adam
>
> On Sunday, October 19, 2003, at 05:45 PM, KB wrote:
>
> > Hi,
> >
> > Does anyone know why my PHP pages won't work in Frames? I have 5
> > frames,
> > each of which are displaying PHP pages.....and none of the PHP code
> > works.
> >
> > If I run the code outside of Frames it works fine!
> >
> > I've can't find any decent references for PHP in Frames.
> >
> > Your help would be appreciated.
> >
> > Thanks
> >
> > Kevin
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
--- End Message ---
--- Begin Message ---
Kevin --
...and then KB said...
%
% OK...more specific...
%
% I'm running Windows XP Professional with PHP and MySQL and IE6
OK. Two out of four ain't bad :-)
%
% What doesn't work: Anything inside the PHP parameters when running in a
% Frames environment.
Hmmm... I appreciate your effort, and I bet that you're pulling your
hair out trying to figure out how to give so you can get, but I still
don't really know what you mean. What is a "PHP parameter"?
%
% Someone mentioned that I might not have the testing server set up correctly
% and it may be running locally. Bit of a novice so not too sure about this.
If you can point to your php code and have it execute then you are
probably fine; php that has not been run by the server just looks like
code in your browser. Your frameset could be pointing to
file:///...
instead of
http://...
though (but you should still get a code dump).
% I have checked the settings for Testing Server in Dreamweaver and it seems
% OK. (Should I try a Dreamweaver NewsGroup?)
Since frames have no effect on PHP and you're swimming in deep water,
that might not be a bad idea. You have, however, still not given us much
detail (the only thing I've seen so far is a pair of uuencoded files and,
frankly, I'm too lazy to rip 'em open just because Outhouse doesn't know
how to attach files).
Try saving these two snippets to a directory where your web server can
serve them:
index.php:
<?
print "<frameset border=1 rows=20%,*>\n" ;
print "<frame name='top' src='frame.php?f=top&n=zero'>\n" ;
print "<frame name='bottom' src='frame.php?f=bot&c=black'>\n" ;
print "</frameset>\n" ;
print "<noframes>This is not in the frameset</noframes>\n" ;
?>
frame.php:
<?php
print "Here we are in the frames.<br>\n" ;
switch($_GET['f'])
{
case 'top' :
print "This is the top frame!<br>\n" ;
print "Pick a number:\n" ;
foreach (array('one','two','three') as $n)
{ print "<a href='?f=top&n=$n'>$n</a> \n" ; }
print "(Your last pick was {$_GET['n']}.)<br>\n" ;
break ;
case 'bot' :
print "This is the bottom frame *yawn*<br>\n" ;
print "Pick a color:\n" ;
foreach (array('red','green','blue') as $c)
{ print "<a href='?f=bot&c=$c'>$c</a> \n" ; }
print "(Your last pick was {$_GET['c']}.)<br>\n" ;
break ;;
}
?>
The should look like
http://justpickone.org/davidtg/private/frames/index.phps
http://justpickone.org/davidtg/private/frames/frame.phps
respectively.
Now point your web browser to the right place on your server and see if
you see the frameset like you do at
http://justpickone.org/davidtg/private/frames/
from the examples above. If you do, then your web server is serving
files and your php is being executed. You can also probably kick
Dreamweaver in the head for making life hard. Go and pick up a copy of
vim (it runs on just about any platform) and edit your code the Manly
(and OneTrue ;-) Way!
This could, in fact, be done entirely in one file with no problem...
Just add a default for the switch and print the frameset there.
%
% Thanks to all for their interest/help so far.
That's why we're here :-)
%
% Kevin
HTH & HAND
:-D
--
David T-G * There is too much animal courage in
(play) [EMAIL PROTECTED] * society and not sufficient moral courage.
(work) [EMAIL PROTECTED] -- Mary Baker Eddy, "Science and Health"
http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
pgp00000.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Hi,
I think that "software scalability" is the measure on how an application
could accomodate a large number of simultaneous users without requiring
internal architecture refactoring.
It's not about speed, it's not about technology, it's about
architecture. I also think that maintenance and development time are not
attributes of scalability - but of the architecture.
We can even make a simple comparision between scalability and the law of
Demeter (low coupling) - the scalability of an architecture is reversely
proportional with the number of message pipelines between it's layers. That
means that a simple architecture (like PHP/Perl) will accomodate much
simpler a large number of users because it's messages can be very simply
"mirrored" horizontally - adding CPU power and RAM. An application built on
complex architecture (Java with RMI, direct memory access between threads,
etc) will require a very complex architecture refactoring to support
horizontal scaling.
Anyway - I am also supporting MVC software development in PHP from the
same reason - low coupling between layers that will lead to ease of
development and maintenance.
My 2c
Alexandru
--
Alexandru COSTIN
Chief Operating Officer
http://www.interakt.ro/
+4021 312 5312
"Chris Shiflett" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> PHP has been both heralded and criticized on a number of topics. This is
to be
> expected, considering the rate of growth of PHP's popularity. It has given
> people something to talk about.
>
> One topic that seems to come up a lot is scalability. ONJava.com has an
> interesting article entitled The PHP Scalability Myth:
>
> http://www.onjava.com/pub/a/onjava/2003/10/15/php_scalability.html
>
> Of particular interest to me is the variety of definitions for scalability
that
> I have noticed, both in this article and elsewhere. I wrote a brief
description
> of what scalability is to me in my blog (http://shiflett.org/).
>
> How do you define scalability? What factors do you consider when you
declare
> whether a particular technology is scalable? Do you think PHP is scalable?
Does
> Yahoo?
>
> Chris
>
> =====
> My Blog
> http://shiflett.org/
> HTTP Developer's Handbook
> http://httphandbook.org/
> RAMP Training Courses
> http://www.nyphp.org/ramp
--- End Message ---
--- Begin Message ---
Ian Truelsen wrote:
I am trying to parse out a file using an array. I load each line into a
separate key in the array and then do transforms on the individual
lines.
What I am looking to do is to test each for a keyword so that I can know
which entry contains the data that I need and can get the data from the
correct line.
For example, I have the following line:
Wind: from the SW (230 degrees) at 3 MPH (3 KT):0
What I want to do is to identify the line by 'Wind'. However, using
array_search requires that I match the complete content of the line
exactly, which I can't do, as I don't know the exact data.
Is there any way to get array_search to find a partial match? Or is
there another command that I can use to do this?
You can use explode() and split the line into its parts (by using " " as
the delimiter). Then the first element will be Wind: and you can check
for that.
You could also try any of the regex functions to do the same thing.
--
Burhan Khalid
phplist[at]meidomus[dot]com
http://www.meidomus.com
--- End Message ---
--- Begin Message ---
I'm having problems with $PHP_SELF variable. Mostly it works, other
times (about 10% of tries) it's just empty. Is this a known issue with Apache
2? If I use $_SERVER['PHP_SELF'], it always works fine, but still I'd
like to know if this is a common bug or there's something wrong with
my configuration.
I'm using PHP 4.3.3 with Apache 2.0.43, Linux 2.4.21-grsec, register_globals is on
Thanks,
Boris
--- End Message ---
--- Begin Message ---
This is expected behavior, always use the $_SERVER or $_ENV superglobal
arrays.
--
Jon Kriek
http://phpfreaks.com
"Boris Sagadin" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
>
> I'm having problems with $PHP_SELF variable. Mostly it works, other
> times (about 10% of tries) it's just empty. Is this a known issue with
Apache
> 2? If I use $_SERVER['PHP_SELF'], it always works fine, but still I'd
> like to know if this is a common bug or there's something wrong with
> my configuration.
>
> I'm using PHP 4.3.3 with Apache 2.0.43, Linux 2.4.21-grsec,
register_globals is on
>
> Thanks,
> Boris
--- End Message ---
--- Begin Message ---
Hi everyone,
The pitfall I am trying to solve is confusing and to be honest I have not as much
experience with http to solve it right now.
My application is quite straightforward. Its purpouse is to load image off the MySQL
and send it to client to render it.
I have php script, which reads data together with file type off the table and sends it
to client (of course after all necessary headers are sent).
On the client then some five pictures are animated one after another (all beeing read
from table as described above), so it looks like a simple animation.
Under Mozilla this works fine, but under IE (6.0) the JavaScript OnLoad event on Body
Tag just does not fire up. My suspicion is, that there is something in http protocol I
missed/omitted/forgot to do, so IE still thinks that page is not finished loading and
so the event handler does not gets executed.
Is there something I have to send on the end after data are transmitted? Or, do I have
to send just headers and data and nothing else.
But anyway I think, problem is on PHP(?)/mine site, not on IEs side.
Looking forward for your ideas,
Ivo
--- End Message ---
--- Begin Message ---
On 18 October 2003 10:10, Wang Feng wrote:
> I can't uderstand why the number 18 is stored in the $third
> rather than
> $first. I tried to change the 18 to "18", that is, change it
> from a decimal
> number to a string and by that way, "18" is stored in the $first,
> which is what I expected. But why doesn't 18 work?
>
> My understanding is that the compiler checks the ascii set
> when it deals
> with sorting. So, why the number 18 is *greater* than string "blue"
> and "large" in the ascii?
This is all to do with how PHP handles comparison of different types to each other.
When that sort is run on
array("large", "blue", 18.00)
the comparison of "large" to "blue" is fine, because both are strings so there's no
type conversion involved. However, the comparison of 18.00, a number, to either
"blue" or "large", both strings, necessarily involves a type conversion, and the rules
PHP uses says that when comparing a number with a string, the string should be
converted to a number and teh comparison performed using the two numbers -- and both
"blue" and "large", when converted to a number, are represented by 0, which sorts
before 18, so bingo!
Now, if you make the array into
array("large", "blue", "18.00")
then all the comparisons are string-ti-string, so there are no type conversions
involved, so your sort proceeds exactly how you expect.
If you wish to sort an array containing values of more than one type, then you must
either be fully aware of these type-conversion rules and accept the slightly odd
results they will sometimes give you, or use one of the optional sort flags --
SORT_STRING or SORT_NUMERIC -- to force a more uniform comparison. But don't forget
that if you use SORT_STRING and have an array containing numbers, you will get a
textual sort of those numbers -- for example: 1, 5, 33, 297 would sort as "1", "297",
"33", "5"!!
Cheers!
Mike
---------------------------------------------------------------------
Mike Ford, Electronic Information Services Adviser,
Learning Support Services, Learning & Information Services,
JG125, James Graham Building, Leeds Metropolitan University,
Beckett Park, LEEDS, LS6 3QS, United Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211
--- End Message ---
--- Begin Message ---
Mike,
So, in PHP, when a string is converted to a number to compare with the other
decimal input, the compiler doesn't look at the ascii set table *at all*?
Instead, it simply convert the string to 0?
cheers,
feng
----- Original Message -----
From: "Ford, Mike [LSS]" <[EMAIL PROTECTED]>
To: "'Wang Feng'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Monday, October 20, 2003 10:18 PM
Subject: RE: [PHP] sorting
> On 18 October 2003 10:10, Wang Feng wrote:
>
> > I can't uderstand why the number 18 is stored in the $third
> > rather than
> > $first. I tried to change the 18 to "18", that is, change it
> > from a decimal
> > number to a string and by that way, "18" is stored in the $first,
> > which is what I expected. But why doesn't 18 work?
> >
> > My understanding is that the compiler checks the ascii set
> > when it deals
> > with sorting. So, why the number 18 is *greater* than string "blue"
> > and "large" in the ascii?
>
> This is all to do with how PHP handles comparison of different types to
each other.
>
> When that sort is run on
>
> array("large", "blue", 18.00)
>
> the comparison of "large" to "blue" is fine, because both are strings so
there's no type conversion involved. However, the comparison of 18.00, a
number, to either "blue" or "large", both strings, necessarily involves a
type conversion, and the rules PHP uses says that when comparing a number
with a string, the string should be converted to a number and teh comparison
performed using the two numbers -- and both "blue" and "large", when
converted to a number, are represented by 0, which sorts before 18, so
bingo!
>
> Now, if you make the array into
>
> array("large", "blue", "18.00")
>
> then all the comparisons are string-ti-string, so there are no type
conversions involved, so your sort proceeds exactly how you expect.
>
> If you wish to sort an array containing values of more than one type, then
you must either be fully aware of these type-conversion rules and accept the
slightly odd results they will sometimes give you, or use one of the
optional sort flags -- SORT_STRING or SORT_NUMERIC -- to force a more
uniform comparison. But don't forget that if you use SORT_STRING and have
an array containing numbers, you will get a textual sort of those numbers --
for example: 1, 5, 33, 297 would sort as "1", "297", "33", "5"!!
>
> Cheers!
>
> Mike
>
> ---------------------------------------------------------------------
> Mike Ford, Electronic Information Services Adviser,
> Learning Support Services, Learning & Information Services,
> JG125, James Graham Building, Leeds Metropolitan University,
> Beckett Park, LEEDS, LS6 3QS, United Kingdom
> Email: [EMAIL PROTECTED]
> Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211
--- End Message ---
--- Begin Message ---
On 20 October 2003 13:36, Wang Feng wrote:
> Mike,
>
> So, in PHP, when a string is converted to a number to compare
> with the other
> decimal input, the compiler doesn't look at the ascii set
> table *at all*?
> Instead, it simply convert the string to 0?
Yes, if it doesn't start with a valid string representation of a string --
see
http://uk2.php.net/manual/en/language.types.string.php#language.types.string
.conversion
Cheers!
Mike
---------------------------------------------------------------------
Mike Ford, Electronic Information Services Adviser,
Learning Support Services, Learning & Information Services,
JG125, James Graham Building, Leeds Metropolitan University,
Beckett Park, LEEDS, LS6 3QS, United Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211
--- End Message ---
--- Begin Message ---
On 20 October 2003 13:53, Ford, Mike [LSS] wrote:
> Yes, if it doesn't start with a valid string representation of a
> string -- see
Oops -- string representation of a *number*, of course... ;)
Cheers!
Mike
---------------------------------------------------------------------
Mike Ford, Electronic Information Services Adviser,
Learning Support Services, Learning & Information Services,
JG125, James Graham Building, Leeds Metropolitan University,
Beckett Park, LEEDS, LS6 3QS, United Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211
--- End Message ---
--- Begin Message ---
On 19 October 2003 13:00, David T-G wrote:
> It seems to me that for a fast fix I could set $pw
> and other
> vars in my include file in place of registering them and then, later,
> take my time to correctly switch over to $_POST['pw'] and
> $_SESSION['pw'] everywhere. Does that sound like a good two-step
> approach to
> get all of
> my code back up and running the soonest?
Yes. There's even a PHP function to help with this quick-and-dirty solution --
extract($_SESSION) should do what you want (see http://www.php.net/extract).
Cheers!
Mike
---------------------------------------------------------------------
Mike Ford, Electronic Information Services Adviser,
Learning Support Services, Learning & Information Services,
JG125, James Graham Building, Leeds Metropolitan University,
Beckett Park, LEEDS, LS6 3QS, United Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211
--- End Message ---
--- Begin Message ---
Mike, et al --
...and then Ford, Mike [LSS] said...
%
% On 19 October 2003 13:00, David T-G wrote:
%
% > It seems to me that for a fast fix I could set $pw
...
% > my code back up and running the soonest?
%
% Yes. There's even a PHP function to help with this quick-and-dirty solution --
extract($_SESSION) should do what you want (see http://www.php.net/extract).
Oooh! Oh, cool; *now* I see how that function is useful!
%
% Cheers!
*Very*.
%
% Mike
Thanks! & HAND
:-D
--
David T-G * There is too much animal courage in
(play) [EMAIL PROTECTED] * society and not sufficient moral courage.
(work) [EMAIL PROTECTED] -- Mary Baker Eddy, "Science and Health"
http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
pgp00001.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Hey again David,
% >Hey, that's a nice offer.
% Thanks, we aim to please :-) this offer is open to _anybody_ on the list,
% but please send us one file at time to "example encode" and not more.
>Oops. Sorry. I figured you'd need both to have them work together.
>Perhaps not; perhaps only the core engine need be encoded but anything
>else could be plaintext. That would be nice, too.
Not a problem, I really didn't mind but was just safeguarding myself from
extra work...:-) like if someone sent me 200 files :-D
I wouldn't be able to refuse as I didn't specify the number before....
>BTW, this is probably off-list traffic but if I'm asking common questions
>feel free to put it back on the list.
Thanks, will cc this to the list.
% I've obvuscated them and attached them with this mail, but dont overwrite
% your present files because I have not included the "key" file to open
them.
% If you run them now you would get garbage output...if any.
>Indeed. So how does the key look and what do I do to my code to make my
>server show the pages?
We sell our software with 2 keys, one key looks something like this "oÜ??X?
"
(this changes according to the password you set when you are encoding)
and the other key is just a normal php script (encoded of course)
To make your scripts work all you gotto do is add these two files to the
rest of your files
No making any code changes,
no settings changes etc.
Works with everything including variable variables($$someThing)
>OK. So I just bought index.php from someone and now I want to get it to
>work and I have sent him payment. Next the key file comes winging its
>way to me from him(you) and then... What do I do? How do I make the
>site look at it and/or my page to give the end result?
Just upload the key file/s with the other files.
Its pretty simple, if you want to set a password for your files or want them
to expire after a certain number of days/months/years then you generate your
.key file, if not you have to just add 1 file codeSecure.php and it will be
safe to distribute in a encrypted state.
We have also worked out a way of double encryption, so even if someone
breaks thru the first layer they will come up against another layer or
extremly hard to read stuff.
Cheers,
-JB
--- End Message ---
--- Begin Message ---
Hi,
Catching up with my list mails. As Ray has pointed out you can only do
one transformation with one instance. That's because the underline
parsers are good for one transformation only.
Maybe if you would post your xml and xsl we could give it a shot.
BTW: OT: if you are ok with perl, doing this with perl is a heck of a
lot easier.
rich wrote:
OK,
This is my latest idea to try and do this:
$xh = xslt_create();
parse_str($_SERVER['QUERY_STRING']);
$params = array("keywords" => $keywords);
$results = xslt_process($xh, 'library.xml', 'simple-search.xsl', NULL, NULL,
-->$params);
$f = fopen('results.xml','w');
fwrite($f, $results);
fclose($f);
$data = xslt_process($xh, 'results.xml', 'display-results.xsl', NULL, NULL,
-->NULL);
echo $data;
xslt_free($xh);
But, of course, it just throws up messages saying I can't write to
results.xml!
See http://www.cursus.uea.ac.uk/cdlib/ for error messages in action (search
terms which will find records include 'Boulez', 'Messiaen').
Does anyone know why:
xslt_process($xh, 'sample.xml', 'sample.xsl', 'result.xml')
doesn't work? (lifted straight from the manual)
Cheers,
Rich
--
Raditha Dissanayake.
------------------------------------------------------------------------
http://www.radinks.com/sftp/ | http://www.raditha/megaupload/
Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader
Graphical User Inteface. Just 150 KB | with progress bar.
--- End Message ---
