[PHP] Re: splitting CSV rows into multiple SQL inserts?
You can insert file data in DB first, using LOAD DATA INTO FILE, after it'll be easy to manipulate this DB table with a help of php-script. Vince LaMonica [EMAIL PROTECTED] ???/ ? ?: news:[EMAIL PROTECTED] I sent this note off to the php-db list last night, but the more I thought about it, the more I figured this was a general looping question rather than a mysql-specific one. I am attempting to take a CSV file that has order header and line item data on each line and split it into mulitple insert queries into a mysql db. Each line in the CSV file may only be one order, though it is common for there to be more than one item ordered, so I need to be able to loop to insert the line item values into the proper line item table. I also need to build a counter for a value that is not provided in the CVS for each line item. Here is a sample of a few lines of the CSV: 1110,6/20/2005,Jan Doe,1234 Spring St.,Anytown,PA,17033,0618456990,22.50,1,The Sample Book 1114,6/22/2005,Jon Smith,888 Main St.,Big City,CA,92648,009444,19.95,1,Coloring Book 1114,6/22/2005,Jon Smith,888 Main St.,Big City,CA,92648,9834119933,4.40,1,Picture Book 1114,6/22/2005,Jon Smith,888 Main St.,Big City,CA,92648,948922,59.99,4,Coffee Book In the above file, the last 4 fields [item_num, cost, quantity, title] belong in a line_items table. The first number, the order_number, also goes into the line_items table, as well as the order_header table. The contact info for each customer also goes into the order_header table. I do not want duplicate entries in the order_header table, so I can't just to a simple loop through each line in the text file and do an insert. I need to be able to group an order by the order_number [the 1st field] and insert the correct number of rows in both tables. I also need to create a counter per order showing which line item number each item is. Eg: the Coloring Book would be assigned a 1, the Picture book a 2, and the Coffee Book a 3 for order #1114. The Sample Book in order #1110 would be given a 1, since it is the first [and only] item in that order. I have been successful in assigning each value to a varable and looping through the file via: while ($line = fgets($fp,1024)) { $i++; if ($i 1) { // using 1 because CSV includes a header row list($order_number, ...) = csv_explode($line); [i am using an Excel generated CSV with double quotes around each value and so i have a csv_explode function setup to properly extract each value; also the real CSV has about 2 dozen fields - i just cut it down to its basics for the example here] Doing 2 inserts here and closing the loop is obviously not the answer, since I get duplicate header rows, and I haven't built a counter for the line_item's table's line counter field. The primary key in the line item table is a combo of the order_number and the line_counter. Each fresh order_number needs to reset the line_counter to 1, until all line items for that order are inserted. I am having difficulty figuring out how to loop through the CSV to do the inserts and create a line item counter. Any tips? TIA, /vjl/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: splitting CSV rows into multiple SQL inserts?
On Wed, 22 Jun 2005, Sergey wrote: } You can insert file data in DB first, using LOAD DATA INTO FILE, after it'll } be easy to manipulate this DB table with a help of php-script. Actually, I can't, as the CSV contains fields for two different tables. I may have explained it better here: I have a CVS file that has order header *and* line item info on each line, like: 1110,6/20/2005,Jan Doe,123 Main St,,1,Book 1116,6/22/2005,Jim Smith,44 Here St,19191980,1,CD 1116,6/22/2005,Jim Smith,44 Here St,77736222,1,Tape The above is actually two orders - one with one line item, and the 2nd with two line items. I need to insert data from those lines into two tables: insert into order_header (o_num, date, name, addr) values ('1110','6/20/2005','Jan Doe','123 Main St'), ('1116','6/22/2005','Jim Smith','44 Here St'); insert into line_items (o_num, item_num, quan, desc, line_order) values ('1110','','1','Book','1'), ('1116','19191980','1','CD','1'), ('1116','77736222','1','Tape','2'); Note the line_order field - it needs to increment per order for each line item added to the line_items table. To complicate matters a bit, I'm actually massaging the data before inserting [eg: splitting the name field from the CSV into two fields for the mysql db, formatting the date field for mysql, etc]. I'm currently doing this process via a form where a user uploads the CVS file [created with Excel, complete with the first row being made up the Excel table's header]. I currently do something like this: $fp = fopen(/tmp/.$txt_file, r); while ($line = fgets($fp,1024)) { $i++ if ($i 1) { // skip excel header row list ($o_num, $date, $name, $addr, $item_num, $quan, $desc) = csv_explode($line); // i can now print the vars, but i get duplicate header records when // there are multiple line items for a particular order. also, i // need to generate the line_order field for insertion into the // line_items table } } If I try and do any processing up where my comments are, well, the comments tell you what happen. I know I am reading this file line by line, so I can't compare order numbers [o_num] to group multiple line item orders together. So how do I go about doing that? Read the entire CSV into an array? How can that help? Any tips would be most appreciated! Thanks! /vjl/ p/s - FYI, cvs_explode() is: function csv_explode($str, $delim = ',', $qual = \) { $len = strlen($str); $inside = false; $word = ''; for ($i = 0; $i $len; ++$i) { if ($str[$i]==$delim !$inside) { $out[] = $word; $word = ''; } else if ($inside $str[$i]==$qual ($i$len $str[$i+1]==$qual)) { $word .= $qual; ++$i; } else if ($str[$i] == $qual) { $inside = !$inside; } else { $word .= $str[$i]; } } $out[] = $word; return $out; } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Extra (persistant) tier
Hi, I'm writing a big web application, and trying really hard to seperate business logic and presentation, which been no problem up to now. Because I abstracted the business logic so much the framework became heavier, sometimes a simple action can take up to 2 mb memory and several extra milliseconds. I know this doesn't sound much and I'm applying all kinds of technique's to reduce resource-usage and increase speed. The thing is, I feel like I need to split the business tier up in 2 tiers, one of them being my persisitant object manager. The main reason is because every script that is executed must do some initialization and database calls, and I think I could reduce this by making a persistant tier, but there doesn't seem a good way to do this using php except when I would use sockets. Shared memory doesn't really seem like an option, because I would still need to include all the classes to manage it, and when I use shared memory, the memory would still be copied into the php memory + having a central manager seems like a good idea. I know I'm pretty vague in my requirements, but I think it should be enough to explain what kind of solution I´m looking for, because this seems like a big advantage of java over php, or am I mistaken? If you have any ideas, let me know :) grt, Evert Collab -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: So many returned mail notices!
-Original Message- From: Jochem Maas [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 21, 2005 8:13 PM sarcasm you're not your, but it's understandable coming from someone named after a car license plate number. In denmark it costs around 1000€ to get a license plate with Your own name on it. On the other hand it´s free to change Your name so, if You wanna have a license plate with You name on it... actually he´s quite smart :-) if there was a 'pointy' scale with spoons at one end and samurai swords at the other you're point would weigh in at the spoon end. /sarcasm I sense Monkey Island humor here? /Kim
[PHP] eml splitting
Hi Do you are or know where I could find something (already made) to split eml (getting headers, body) I try to have a look on imap extension, but it seems to need an smtp server connection. regards david -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] variable object creating
Hi, Try something like: $classname = MyClass; $construct_params = array(param1,param2,param3); $return =null; if(class_exists($classname)){ $param=explode( ',' , $construct_param); # You must add here some security checks eval($retrun = new $className($param)); var_dump($return); } Hope this help! Olivier Le Mercredi 22 Juin 2005 05:33, Eli a écrit : Hi, I want to create an object in a form that I get the class name and its parameters, and I need to create that object... How can this been done? i.e: $classname = MyClass; $construct_params = array(param1,param2,param3); /* Now create the object with the given classname and params... how? */ -thanks, Eli -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: So many returned mail notices!
Kim Madsen wrote: -Original Message- From: Jochem Maas [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 21, 2005 8:13 PM sarcasm you're not your, but it's understandable coming from someone named after a car license plate number. In denmark it costs around 1000€ to get a license plate with Your own name on it. On the other hand it´s free to change Your name so, if You wanna have a license plate with You name on it... actually he´s quite smart :-) thats funny :-). I'd laugh but apparently I owe everyone a beer ;-) if there was a 'pointy' scale with spoons at one end and samurai swords at the other you're point would weigh in at the spoon end. /sarcasm I sense Monkey Island humor here? there is a typewriter gag in there somewhere :-) /Kim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] eml splitting
-Original Message- From: david forums [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 22, 2005 10:48 AM Do you are or know where I could find something (already made) to split eml (getting headers, body) Use fopen() to read the file line by line, then echo/save the info You need -- Med venlig hilsen / best regards ComX Networks A/S Kim Madsen Systemudvikler/Systemdeveloper -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] variable object creating
olivier wrote: Hi, I answered this also, but apparently I only replied to the OP... (reproduced here - minus the typos in my first post on this topic :-/) if (class_exists($className, false)) { $obj = new $className($construct_params); } else { die(Hack off mate.); } Try something like: $classname = MyClass; $construct_params = array(param1,param2,param3); $return =null; if(class_exists($classname)){ $param=explode( ',' , $construct_param); this should be join() not explode(), but even then it won't work, and even if it did you would only be able to pass strings (i.e. no objects, arrays, resources, etc) for this you should probably be looking at call_user_func_array() e.g: class Test { public $v; function __construct($v = 1) { $this-v = $v; } } $className = Test; if (class_exists($className, false)) { // I had to test this to see if it works! the first 2 attempts are bogus // but you can run them to see what happens -- also the 3 attempt is a pretty // weird construction and I would be interested to know if anybody has thoughts // on calling the ctor in this way (essentially calling it twice) // // ATTEMPT 1 //$obj = call_user_func_array(array($className,__construct), array(3)); // ATTEMPT 2 //$obj = call_user_func_array(array(new $className,__construct), array(3)); // ATTEMPT 3 call_user_func_array(array(($obj = new $className),__construct), array(3)); } else { die(Hack off mate.); } var_dump($obj); # You must add here some security checks eval($retrun = new $className($param)); typo! 'retrun' (I spell 'return' like that alot too :-) btw eval() sucks and is not really needed, although granted it's an easy/flexible solution in terms on being able to pass args to the ctor (constructor), my thought would be that the classes you wish to init this way should have a specific interface/design with regard to accepting ctor args. A very simple example: class Test { function __construct($args = array()) { extract((array) $args); } } var_dump($return); } Hope this help! Olivier Le Mercredi 22 Juin 2005 05:33, Eli a écrit : Hi, I want to create an object in a form that I get the class name and its parameters, and I need to create that object... oh and don't blindly accept whatever is sent by the form - sanitize the class name and args before you use them! best general resource for this kind [php-]thing is (IMHO) http://phpsec.org/ [ Shifting Expectations ;-) ] How can this been done? i.e: $classname = MyClass; $construct_params = array(param1,param2,param3); /* Now create the object with the given classname and params... how? */ -thanks, Eli -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Returned mail: see transcript for details
ALERT! This e-mail, in its original form, contained one or more attached files that were infected with a virus, worm, or other type of security threat. This e-mail was sent from a Road Runner IP address. As part of our continuing initiative to stop the spread of malicious viruses, Road Runner scans all outbound e-mail attachments. If a virus, worm, or other security threat is found, Road Runner cleans or deletes the infected attachments as necessary, but continues to send the original message content to the recipient. Further information on this initiative can be found at http://help.rr.com/faqs/e_mgsp.html. Please be advised that Road Runner does not contact the original sender of the e-mail as part of the scanning process. Road Runner recommends that if the sender is known to you, you contact them directly and advise them of their issue. If you do not know the sender, we advise you to forward this message in its entirety (including full headers) to the Road Runner Abuse Department, at [EMAIL PROTECTED] Dear user php-general@lists.php.net, Your account was used to send a huge amount of unsolicited commercial e-mail during the last week. Probably, your computer was compromised and now runs a trojaned proxy server. Please follow the instructions in order to keep your computer safe. Have a nice day, The lists.php.net support team. file attachment: jmeryg.zip This e-mail in its original form contained one or more attached files that were infected with the [EMAIL PROTECTED] virus or worm. They have been removed. For more information on Road Runner's virus filtering initiative, visit our Help Member Services pages at http://help.rr.com, or the virus filtering information page directly at http://help.rr.com/faqs/e_mgsp.html. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: splitting CSV rows into multiple SQL inserts?
I would read in the CSV file, and populate two arrays, using the ordernumber as a key in the header array, loop through the header array containg $o_num, $date, $name, $addr, to do the db inserts. The details table would be an array of arrays, key would be ordernumber again, then the sub array would be the line number. You can set to 1, then increment until you detect a new ordernumber The contents of the detail sub array contains $item_num, $quan, $desc. Loop through this this array to produce your details table inserts. Ben. Vince LaMonica [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Wed, 22 Jun 2005, Sergey wrote: } You can insert file data in DB first, using LOAD DATA INTO FILE, after it'll } be easy to manipulate this DB table with a help of php-script. Actually, I can't, as the CSV contains fields for two different tables. I may have explained it better here: I have a CVS file that has order header *and* line item info on each line, like: 1110,6/20/2005,Jan Doe,123 Main St,,1,Book 1116,6/22/2005,Jim Smith,44 Here St,19191980,1,CD 1116,6/22/2005,Jim Smith,44 Here St,77736222,1,Tape The above is actually two orders - one with one line item, and the 2nd with two line items. I need to insert data from those lines into two tables: insert into order_header (o_num, date, name, addr) values ('1110','6/20/2005','Jan Doe','123 Main St'), ('1116','6/22/2005','Jim Smith','44 Here St'); insert into line_items (o_num, item_num, quan, desc, line_order) values ('1110','','1','Book','1'), ('1116','19191980','1','CD','1'), ('1116','77736222','1','Tape','2'); Note the line_order field - it needs to increment per order for each line item added to the line_items table. To complicate matters a bit, I'm actually massaging the data before inserting [eg: splitting the name field from the CSV into two fields for the mysql db, formatting the date field for mysql, etc]. I'm currently doing this process via a form where a user uploads the CVS file [created with Excel, complete with the first row being made up the Excel table's header]. I currently do something like this: $fp = fopen(/tmp/.$txt_file, r); while ($line = fgets($fp,1024)) { $i++ if ($i 1) { // skip excel header row list ($o_num, $date, $name, $addr, $item_num, $quan, $desc) = csv_explode($line); // i can now print the vars, but i get duplicate header records when // there are multiple line items for a particular order. also, i // need to generate the line_order field for insertion into the // line_items table } } If I try and do any processing up where my comments are, well, the comments tell you what happen. I know I am reading this file line by line, so I can't compare order numbers [o_num] to group multiple line item orders together. So how do I go about doing that? Read the entire CSV into an array? How can that help? Any tips would be most appreciated! Thanks! /vjl/ p/s - FYI, cvs_explode() is: function csv_explode($str, $delim = ',', $qual = \) { $len = strlen($str); $inside = false; $word = ''; for ($i = 0; $i $len; ++$i) { if ($str[$i]==$delim !$inside) { $out[] = $word; $word = ''; } else if ($inside $str[$i]==$qual ($i$len $str[$i+1]==$qual)) { $word .= $qual; ++$i; } else if ($str[$i] == $qual) { $inside = !$inside; } else { $word .= $str[$i]; } } $out[] = $word; return $out; } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: splitting CSV rows into multiple SQL inserts?
On Wed, 22 Jun 2005, Ben Duffy wrote: } I would read in the CSV file, and populate two arrays, using the } ordernumber as a key in the header array, loop through the header array } containg $o_num, $date, $name, $addr, to do the db inserts. Ok, I think I get this, though I am confused about doing the inserts - I don't want duplicate rows to be inserted into the header table. Eg: 1116,6/22/2005,Jim Smith,44 Here St,19191980,1,CD 1116,6/22/2005,Jim Smith,44 Here St,77736222,1,Tape The two rows from the CSV above produce the same row data for the header table: '1116','6/22/2005','Jim Smith','44 Here St' '1116','6/22/2005','Jim Smith','44 Here St' How do I make sure that only one row is inserted? How do I detect the same $o_num when building the header array? /vjl/ } The details table would be an array of arrays, key would be ordernumber } again, then the sub array would be the line number. You can set to 1, then } increment until you detect a new ordernumber The contents of the detail sub } array contains $item_num, $quan, $desc. Loop through this this array to } produce your details table inserts. } } Ben. } } } } Vince LaMonica [EMAIL PROTECTED] wrote in message } news:[EMAIL PROTECTED] } On Wed, 22 Jun 2005, Sergey wrote: } } } You can insert file data in DB first, using LOAD DATA INTO FILE, after } it'll } } be easy to manipulate this DB table with a help of php-script. } } Actually, I can't, as the CSV contains fields for two different tables. I } may have explained it better here: } } I have a CVS file that has order header *and* line item info on each line, } like: } } 1110,6/20/2005,Jan Doe,123 Main St,,1,Book } 1116,6/22/2005,Jim Smith,44 Here St,19191980,1,CD } 1116,6/22/2005,Jim Smith,44 Here St,77736222,1,Tape } } The above is actually two orders - one with one line item, and the 2nd } with two line items. I need to insert data from those lines into two } tables: } } insert into order_header (o_num, date, name, addr) } values ('1110','6/20/2005','Jan Doe','123 Main St'), } ('1116','6/22/2005','Jim Smith','44 Here St'); } } insert into line_items (o_num, item_num, quan, desc, line_order) } values ('1110','','1','Book','1'), } ('1116','19191980','1','CD','1'), } ('1116','77736222','1','Tape','2'); } } Note the line_order field - it needs to increment per order for each line } item added to the line_items table. To complicate matters a bit, I'm } actually massaging the data before inserting [eg: splitting the name field } from the CSV into two fields for the mysql db, formatting the date field } for mysql, etc]. } } I'm currently doing this process via a form where a user uploads the CVS } file [created with Excel, complete with the first row being made up the } Excel table's header]. } } I currently do something like this: } } $fp = fopen(/tmp/.$txt_file, r); } while ($line = fgets($fp,1024)) }{ }$i++ }if ($i 1) { // skip excel header row } list ($o_num, $date, $name, $addr, $item_num, $quan, $desc) = } csv_explode($line); } // i can now print the vars, but i get duplicate header records when } // there are multiple line items for a particular order. also, i } // need to generate the line_order field for insertion into the } // line_items table } } }} } } If I try and do any processing up where my comments are, well, the } comments tell you what happen. I know I am reading this file line by line, } so I can't compare order numbers [o_num] to group multiple line item } orders together. So how do I go about doing that? Read the entire CSV into } an array? How can that help? Any tips would be most appreciated! } } Thanks! } } /vjl/ } } p/s - FYI, cvs_explode() is: } } function csv_explode($str, $delim = ',', $qual = \) } { } $len = strlen($str); } $inside = false; } $word = ''; } for ($i = 0; $i $len; ++$i) { } if ($str[$i]==$delim !$inside) { } $out[] = $word; } $word = ''; } } else if ($inside $str[$i]==$qual ($i$len } $str[$i+1]==$qual)) { } $word .= $qual; } ++$i; } } else if ($str[$i] == $qual) { } $inside = !$inside; } } else { } $word .= $str[$i]; } } } } } $out[] = $word; } return $out; } } } } -- Vince J. LaMonica Knowledge is knowing a street is one way. [EMAIL PROTECTED] * Wisdom is still looking in both directions. When there's nothing else to read: http://w3log.vjl.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] How to convert documents to PDF using PHP
I need to find a way to allow users to select multiple files from a list and generate a single PDF file from them. The documents are limited to the following formats: MS Word, MS PowerPoint, MS Excel, Plain Text, gif/jpeg images. Are there any PHP classes or modules that exist which can tackle this tough task? Thanks, Dave HTC Disclaimer: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you.
Re: [PHP] variable object creating
Sorry for typo error, just need my cup of cofee... Here is a good post for: http://fr.php.net/manual/fr/function.call-user-func-array.php from taylor 08-May-2005 12:04 ?php /** * Create an object of a specified type using an array as the parameters * to the constructor. NOTE: does not maintain proper * types for the arguments. They are all converted to strings. * @param $type Type type of object to create (class name) * @param $args The arguments to pass to the constructor */ function createObjArray($type, $args=array()) { if ( !class_exists($type) ) { return NULL; } // build argument list; be sure to escape string delimeters $func = create_function('$str', 'return str_replace(\',\\\', $str);'); $sargs = ' . join( ',', array_map($func,$args) ). '; // build eval code; return result $seval = return new $type($sargs);; return eval($seval); } ? # I dont like eval too but i think that is depending on the pb we want to solve... if you can change contrutor from each object may be better to use jockem solution that is more secure (added some change for php4). # class Test { var $v; // constructor for php4 function Test($args){ $this-__construct($args); } // constructor for php5 function __construct($args = array()) { extract((array) $args); $this-v=$v; } } $className = Test; $construct_params = array(v=param1,param2,param3); //if (class_exists($className, false)) { --- for php5 if (class_exists($className)) { // for php4 $obj = new $className($construct_params); } else { die(Hack off mate.); } var_dump($obj); ## // I had to test this to see if it works! the first 2 attempts are bogus // but you can run them to see what happens -- also the 3 attempt is a pretty // weird construction and I would be interested to know if anybody has thoughts // on calling the ctor in this way (essentially calling it twice) // Never see a such solution, but may use a register funct instead... ## class Test { var $v; function Register($objName, $v=1){ # auto register object if needed if(!isset($GLOBALS[$objName])){ $GLOBALS[$objName]=true; $GLOBALS[$objName]=new Test($v); }else{ return $GLOBALS[$objName]; } } function Test($v){ $this-__construct($v); } function __construct($v) { $this-v=$v; } } $className = Test; $construct_params = array(obj, param1,param2,param3); //if (class_exists($className, false)) { --- for php5 if (class_exists($className)) { // for php4 call_user_func_array(array(($className), Register), $construct_params); } else { die(Hack off mate.); } var_dump($obj); ## Love phpsec too ;-) Hope this finaly help! Olivier Le Mercredi 22 Juin 2005 11:38, Jochem Maas a écrit : olivier wrote: Hi, I answered this also, but apparently I only replied to the OP... (reproduced here - minus the typos in my first post on this topic :-/) if (class_exists($className, false)) { $obj = new $className($construct_params); } else { die(Hack off mate.); } Try something like: $classname = MyClass; $construct_params = array(param1,param2,param3); $return =null; if(class_exists($classname)){ $param=explode( ',' , $construct_param); this should be join() not explode(), but even then it won't work, and even if it did you would only be able to pass strings (i.e. no objects, arrays, resources, etc) for this you should probably be looking at call_user_func_array() e.g: class Test { public $v; function __construct($v = 1) { $this-v = $v; } } $className = Test; if (class_exists($className, false)) { // I had to test this to see if it works! the first 2 attempts are bogus // but you can run them to see what happens -- also the 3 attempt is a pretty // weird construction and I would be interested to know if anybody has thoughts // on calling the ctor in this way (essentially calling it twice) // // ATTEMPT 1 //$obj = call_user_func_array(array($className,__construct), array(3)); // ATTEMPT 2 //$obj = call_user_func_array(array(new $className,__construct), array(3)); // ATTEMPT 3 call_user_func_array(array(($obj = new $className),__construct), array(3)); } else { die(Hack off mate.); } var_dump($obj); # You must add here some security checks eval($retrun = new $className($param)); typo! 'retrun' (I spell 'return' like that alot too
Re: [PHP] variable object creating
-- Message transmis -- Subject: Re: [PHP] variable object creating Date: Mercredi 22 Juin 2005 14:19 From: olivier [EMAIL PROTECTED] To: php-general@lists.php.net Sorry for typo error, just need my cup of cofee... Here is a good post for: http://fr.php.net/manual/fr/function.call-user-func-array.php from taylor 08-May-2005 12:04 ?php /** * Create an object of a specified type using an array as the parameters * to the constructor. NOTE: does not maintain proper * types for the arguments. They are all converted to strings. * @param $type Type type of object to create (class name) * @param $args The arguments to pass to the constructor */ function createObjArray($type, $args=array()) { if ( !class_exists($type) ) { return NULL; } // build argument list; be sure to escape string delimeters $func = create_function('$str', 'return str_replace(\',\\\', $str);'); $sargs = ' . join( ',', array_map($func,$args) ). '; // build eval code; return result $seval = return new $type($sargs);; return eval($seval); } ? # I dont like eval too but i think that is depending on the pb we want to solve... if you can change contrutor from each object may be better to use jockem solution that is more secure (added some change for php4). # class Test { var $v; // constructor for php4 function Test($args){ $this-__construct($args); } // constructor for php5 function __construct($args = array()) { extract((array) $args); $this-v=$v; } } $className = Test; $construct_params = array(v=param1,param2,param3); //if (class_exists($className, false)) { --- for php5 if (class_exists($className)) { // for php4 $obj = new $className($construct_params); } else { die(Hack off mate.); } var_dump($obj); ## // I had to test this to see if it works! the first 2 attempts are bogus // but you can run them to see what happens -- also the 3 attempt is a pretty // weird construction and I would be interested to know if anybody has thoughts // on calling the ctor in this way (essentially calling it twice) // Never see a such solution, but may use a register funct instead... ## class Test { var $v; function Register($objName, $v=1){ # auto register object if needed if(!isset($GLOBALS[$objName])){ $GLOBALS[$objName]=true; $GLOBALS[$objName]=new Test($v); }else{ return $GLOBALS[$objName]; } } function Test($v){ $this-__construct($v); } function __construct($v) { $this-v=$v; } } $className = Test; $construct_params = array(obj, param1,param2,param3); //if (class_exists($className, false)) { --- for php5 if (class_exists($className)) { // for php4 call_user_func_array(array(($className), Register), $construct_params); } else { die(Hack off mate.); } var_dump($obj); ## Love phpsec too ;-) Hope this finaly help! Olivier -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] variable object creating
Sorry for typo error, just need my cup of cofee... Here is a good post for: http://fr.php.net/manual/fr/function.call-user-func-array.php - see: from taylor 08-May-2005 12:04 - using eval. I dont like eval too but i think that is depending on the pb we want to solve... if you can change contrutor from each object may be better to use jockem solution that is more secure (added some change for php4). - class Test { var $v; // constructor for php4 function Test($args){ $this-__construct($args); } // constructor for php5 function __construct($args = array()) { extract((array) $args); $this-v=$v; } } $className = Test; $construct_params = array(v=param1,param2,param3); //if (class_exists($className, false)) { --- for php5 if (class_exists($className)) { // for php4 $obj = new $className($construct_params); } else { die(Hack off mate.); } var_dump($obj); - // I had to test this to see if it works! the first 2 attempts are bogus // but you can run them to see what happens -- also the 3 attempt is a pretty // weird construction and I would be interested to know if anybody has thoughts // on calling the ctor in this way (essentially calling it twice) // Never see a such solution, but may use a register funct instead... - class Test { var $v; function Register($objName, $v=1){ # auto register object if needed if(!isset($GLOBALS[$objName])){ $GLOBALS[$objName]=true; $GLOBALS[$objName]=new Test($v); }else{ return $GLOBALS[$objName]; } } function Test($v){ $this-__construct($v); } function __construct($v) { $this-v=$v; } } $className = Test; $construct_params = array(obj, param1,param2,param3); //if (class_exists($className, false)) { --- for php5 if (class_exists($className)) { // for php4 call_user_func_array(array(($className), Register), $construct_params); } else { die(Hack off mate.); } var_dump($obj); Love phpsec too ;-) Hope this finaly help! Olivier -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Extra (persistant) tier
Hi, Basically you can take your mind off object persistance in PHP unless you code a C extension yourself which would do such a thing. Besides code accelerators and caching techniques there isn't much to play with; at least none that I know of. Catalin Evert | Rooftop wrote: Hi, I'm writing a big web application, and trying really hard to seperate business logic and presentation, which been no problem up to now. Because I abstracted the business logic so much the framework became heavier, sometimes a simple action can take up to 2 mb memory and several extra milliseconds. I know this doesn't sound much and I'm applying all kinds of technique's to reduce resource-usage and increase speed. The thing is, I feel like I need to split the business tier up in 2 tiers, one of them being my persisitant object manager. The main reason is because every script that is executed must do some initialization and database calls, and I think I could reduce this by making a persistant tier, but there doesn't seem a good way to do this using php except when I would use sockets. Shared memory doesn't really seem like an option, because I would still need to include all the classes to manage it, and when I use shared memory, the memory would still be copied into the php memory + having a central manager seems like a good idea. I know I'm pretty vague in my requirements, but I think it should be enough to explain what kind of solution I´m looking for, because this seems like a big advantage of java over php, or am I mistaken? If you have any ideas, let me know :) grt, Evert Collab -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Extra (persistant) tier
To make persistant object with php use serialize and include the object into session. it's the only way with php regards david Le Wed, 22 Jun 2005 14:43:51 +0200, Catalin Trifu [EMAIL PROTECTED] a écrit: Hi, Basically you can take your mind off object persistance in PHP unless you code a C extension yourself which would do such a thing. Besides code accelerators and caching techniques there isn't much to play with; at least none that I know of. Catalin Evert | Rooftop wrote: Hi, I'm writing a big web application, and trying really hard to seperate business logic and presentation, which been no problem up to now. Because I abstracted the business logic so much the framework became heavier, sometimes a simple action can take up to 2 mb memory and several extra milliseconds. I know this doesn't sound much and I'm applying all kinds of technique's to reduce resource-usage and increase speed. The thing is, I feel like I need to split the business tier up in 2 tiers, one of them being my persisitant object manager. The main reason is because every script that is executed must do some initialization and database calls, and I think I could reduce this by making a persistant tier, but there doesn't seem a good way to do this using php except when I would use sockets. Shared memory doesn't really seem like an option, because I would still need to include all the classes to manage it, and when I use shared memory, the memory would still be copied into the php memory + having a central manager seems like a good idea. I know I'm pretty vague in my requirements, but I think it should be enough to explain what kind of solution I´m looking for, because this seems like a big advantage of java over php, or am I mistaken? If you have any ideas, let me know :) grt, Evert Collab -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] undefined mysql_connect() ???
frank. try to do an install of php-mysql. you can do this by yum/rpm. this should get you the ability to run the php commandline test app. let's get this working 1st. once this is working, we can get your apache working correctly.. btw, what do you get when you do a 'httpd -l'? -bruce -Original Message- From: Frank Whitsell [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 21, 2005 4:24 PM To: bruce Cc: php-general@lists.php.net Subject: RE: [PHP] undefined mysql_connect() ??? Sheesh, the electric power has just been off for almost an hour! Here's the result of running rpm -qa | grep -i php: php-4.3.9-3 php-ldap-4.3.9-3 php-pear-4.3.9-3 The o/s is Fedora Core 3, and I selected the Server installation, which also automatically installed apache 2.0.52, php 4.3.9, and mysql 3.23.58, as I wanted. And those are all rpm's. I've installed a number of redhat's, suse's, debian, etc, and never had this problem...but I have never used (or installed) apache2 before. The .php files execute fine. That is, until I try to call the mysql_connect() function. Then I get the undefined-function error. On apache1.3, the phpinfo() function shows the apache modules loaded, and that shows that mod_php4 is loaded. But on apache2, nothing is mentioned about php in the list of loaded modules. Nevertheless, if I add the LoadModule directive for php4 and restart apache2, apache2 complains that the module is already loaded. And it must be, because otherwise, the .php files wouldn't execute. It's almost as if apache2 is loading it's php module from some other source that doesn't contain the mysql functions. By from some other source, I mean that maybe it's not loading the libphp4.so that's in the apache2 modules directory. The httpd.conf file has the directive ServerRoot set to /etc/httpd, and the modules all use the pathname modules/mod_name. Thus, /etc/httpd/modules/mod_name should load the correct module. But there is no mention at all of libphp4.so in the httpd.conf file, or anywhere else I can find. In fact, a search for php in the httpd.conf file finds nothing. I'm really stumped. --frank-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] variable object creating
olivier wrote: Sorry for typo error, just need my cup of cofee... :-) no probs ... I think we gave the OP plenty to think about! liked you 'Register' idea - seems like it could work well. also nice one for pointing out my php5isms - I forget that alot of stuff I use is php5 only (e.g. second the arg. to class_exists())! Here is a good post for: http://fr.php.net/manual/fr/function.call-user-func-array.php from taylor 08-May-2005 12:04 ?php /** * Create an object of a specified type using an array as the parameters * to the constructor. NOTE: does not maintain proper * types for the arguments. They are all converted to strings. * @param $type Type type of object to create (class name) * @param $args The arguments to pass to the constructor */ function createObjArray($type, $args=array()) { if ( !class_exists($type) ) { return NULL; } // build argument list; be sure to escape string delimeters $func = create_function('$str', 'return str_replace(\',\\\', $str);'); $sargs = ' . join( ',', array_map($func,$args) ). '; // build eval code; return result $seval = return new $type($sargs);; return eval($seval); } ? # I dont like eval too but i think that is depending on the pb we want to solve... if you can change contrutor from each object may be better to use jockem solution that is more secure (added some change for php4). # class Test { var $v; // constructor for php4 function Test($args){ $this-__construct($args); } // constructor for php5 function __construct($args = array()) { extract((array) $args); $this-v=$v; } } $className = Test; $construct_params = array(v=param1,param2,param3); //if (class_exists($className, false)) { --- for php5 if (class_exists($className)) { // for php4 $obj = new $className($construct_params); } else { die(Hack off mate.); } var_dump($obj); ## // I had to test this to see if it works! the first 2 attempts are bogus // but you can run them to see what happens -- also the 3 attempt is a pretty // weird construction and I would be interested to know if anybody has thoughts // on calling the ctor in this way (essentially calling it twice) // Never see a such solution, but may use a register funct instead... ## class Test { var $v; function Register($objName, $v=1){ # auto register object if needed if(!isset($GLOBALS[$objName])){ $GLOBALS[$objName]=true; $GLOBALS[$objName]=new Test($v); }else{ return $GLOBALS[$objName]; } } function Test($v){ $this-__construct($v); } function __construct($v) { $this-v=$v; } } $className = Test; $construct_params = array(obj, param1,param2,param3); //if (class_exists($className, false)) { --- for php5 if (class_exists($className)) { // for php4 call_user_func_array(array(($className), Register), $construct_params); } else { die(Hack off mate.); } var_dump($obj); ## Love phpsec too ;-) Hope this finaly help! Olivier Le Mercredi 22 Juin 2005 11:38, Jochem Maas a écrit : olivier wrote: Hi, I answered this also, but apparently I only replied to the OP... (reproduced here - minus the typos in my first post on this topic :-/) if (class_exists($className, false)) { $obj = new $className($construct_params); } else { die(Hack off mate.); } Try something like: $classname = MyClass; $construct_params = array(param1,param2,param3); $return =null; if(class_exists($classname)){ $param=explode( ',' , $construct_param); this should be join() not explode(), but even then it won't work, and even if it did you would only be able to pass strings (i.e. no objects, arrays, resources, etc) for this you should probably be looking at call_user_func_array() e.g: class Test { public $v; function __construct($v = 1) { $this-v = $v; } } $className = Test; if (class_exists($className, false)) { // I had to test this to see if it works! the first 2 attempts are bogus // but you can run them to see what happens -- also the 3 attempt is a pretty // weird construction and I would be interested to know if anybody has thoughts // on calling the ctor in this way (essentially calling it twice) // // ATTEMPT 1 //$obj = call_user_func_array(array($className,__construct), array(3)); // ATTEMPT 2 //$obj = call_user_func_array(array(new $className,__construct), array(3)); // ATTEMPT 3 call_user_func_array(array(($obj = new
Re: [PHP] Re: Extra (persistant) tier
david forums wrote: To make persistant object with php use serialize and include the object into session. it's the only way with php tell it to Mr. Rethans: http://talks.php.net/show/srm-ffm2004 and also read here to get a better understanding of the possibilities/ limitations: http://php.net/manual/en/ref.sem.php Catalin has a point in that its likely that any persistence layer you manage to add that is not native C will probably be lacking the required performance. Have you tried running the code on a Quad-CPU box with 12Gigs of RAM and 15K drives? that may sound sarcastic but its not meant to be - hardware is very cheap compared manhours (i.e. your development time) from a business perspective (regardless of that fact that its seems to take forever to earn enough money to buy a new laptop ;-/ ) regards david Le Wed, 22 Jun 2005 14:43:51 +0200, Catalin Trifu [EMAIL PROTECTED] a écrit: Hi, Basically you can take your mind off object persistance in PHP unless you code a C extension yourself which would do such a thing. Besides code accelerators and caching techniques there isn't much to play with; at least none that I know of. Catalin Evert | Rooftop wrote: Hi, I'm writing a big web application, and trying really hard to seperate business logic and presentation, which been no problem up to now. Because I abstracted the business logic so much the framework became heavier, sometimes a simple action can take up to 2 mb memory and several extra milliseconds. I know this doesn't sound much and I'm applying all kinds of technique's to reduce resource-usage and increase speed. The thing is, I feel like I need to split the business tier up in 2 tiers, one of them being my persisitant object manager. The main reason is because every script that is executed must do some initialization and database calls, and I think I could reduce this by making a persistant tier, but there doesn't seem a good way to do this using php except when I would use sockets. Shared memory doesn't really seem like an option, because I would still need to include all the classes to manage it, and when I use shared memory, the memory would still be copied into the php memory + having a central manager seems like a good idea. I know I'm pretty vague in my requirements, but I think it should be enough to explain what kind of solution I´m looking for, because this seems like a big advantage of java over php, or am I mistaken? If you have any ideas, let me know :) grt, Evert Collab -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Extra (persistant) tier
Yes, but putting objects into sessions is pretty inefficient and makes no sense for database connection and such, since any resources associated with that object are discarded at script end. Catalin david forums wrote: To make persistant object with php use serialize and include the object into session. it's the only way with php regards david Le Wed, 22 Jun 2005 14:43:51 +0200, Catalin Trifu [EMAIL PROTECTED] a écrit: Hi, Basically you can take your mind off object persistance in PHP unless you code a C extension yourself which would do such a thing. Besides code accelerators and caching techniques there isn't much to play with; at least none that I know of. Catalin Evert | Rooftop wrote: Hi, I'm writing a big web application, and trying really hard to seperate business logic and presentation, which been no problem up to now. Because I abstracted the business logic so much the framework became heavier, sometimes a simple action can take up to 2 mb memory and several extra milliseconds. I know this doesn't sound much and I'm applying all kinds of technique's to reduce resource-usage and increase speed. The thing is, I feel like I need to split the business tier up in 2 tiers, one of them being my persisitant object manager. The main reason is because every script that is executed must do some initialization and database calls, and I think I could reduce this by making a persistant tier, but there doesn't seem a good way to do this using php except when I would use sockets. Shared memory doesn't really seem like an option, because I would still need to include all the classes to manage it, and when I use shared memory, the memory would still be copied into the php memory + having a central manager seems like a good idea. I know I'm pretty vague in my requirements, but I think it should be enough to explain what kind of solution I´m looking for, because this seems like a big advantage of java over php, or am I mistaken? If you have any ideas, let me know :) grt, Evert Collab -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: security question...??
rene... the scenario that i'm envisioning could very well cause people to get ticked. but i also can easily see financial institutions starting to tell their customers, that unless your system is of a certain level, or running a certain kind of browser, that you'll get charged more to do business with them... security is an issue, and it's going to get larger. and that will require thinking about the user/client's setup.. if i as a bank, refuse to allow you to signin to my server, because i detect that your client is not valid/legitimate, meaning i think it's been hacked, how have i trampled the rights of anyone. i haven't. will some customers run, sure.. perhaps.. will i potentially feel better. yeah. will i potentially have something that i can promote as an extra level of security that others don't have, maybe.. let people continue to read/hear about massive losses of data and see what happens... rene, you also have to understand, i'm not trying to determine if the user's entire system is 'clean/valid'. i'd settle for a way of knowing that the browser/client that i'm talking to is legitimate!! -bruce -Original Message- From: Rene Brehmer [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 21, 2005 3:18 PM To: php-general@lists.php.net Subject: Re: [PHP] Re: security question...?? Documented research indicate that on Tue, 21 Jun 2005 13:37:50 -0700, bruce wrote: chris... what you state is true at the extreme... but in the case of an client app, i could already extract information about the various apps that make up the client.. ie if, as in the case of IE, I was able to get information from the IE browser about various dlls that make up the browser. if these pieces of information correclt match what msoft would state should be there, then i could assume that the app was/is legitimate. BUT: That would mean that you can't take into account any plugins or extensions the user might install. And the security leak you're afraid of might not even be IN the browser program used. It might as well be a packet sniffer on the outside of the user's firewall ... and here's why. while you may not give a damm, there will be a growing chorus of people who'll want to know that the developers/sites are doing everything they can to ensure the safety of the entire transaction. in fact, i'm willing to bet that somehting like what i've been discussing will be delivered, and promoted as a security/selling point... I think it's more a matter of education and morale than anything else. You can't take responsibility for all clients not screwing up their own system. You just have to hope and trust, that when you tell your users to use this and that browser, and take this and that precaution, that they actually do it, and not install a whole bunch of crap that creates a security problem. What you're asking for is basically a way to control what users do on their own computers, and refuse them if you don't like what they've done. It's not very short of invasion of privacy. Electronic Arts already do that with their games (spy on your computer without your permission, and the refuse you to play the game you legally paid for, because you have other legally paid programs that they don't approve of). What you can do however, is to develop an app that can run a security test locally on the user's computer, and have that app sign off on the user being safe enough for you to want to deal with him. And then force them to regularly have to do that again. But I'm telling you, the more troublesome you make it for your users to use your stuff, the more users you'll loose, and fast. Mostly thanks to MS and Apple, computer users today know very little about their computers, or how they work, or how they protect themselves, and we teach them that they should all and anything that comes their way. So it's continuingly limited what you can actually ask a computer user to put up with, they'll just go somewhere else that's less hazzlesome (that's the whole reason the majority use IE: It's there, it's easy to use, it gets the job done, and it doesn't complain a whole lot). The majority of end-users don't care, or know, or understand, simple security precautions when it comes to network traffic. Education and discipline is, in the end, the only means to achieve what you want. /rambling off -- Rene Brehmer aka Metalbunny We have nothing to fear from free speech and free information on the Internet, but pop-up advertising! http://metalbunny.net/ My little mess of things... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to convert documents to PDF using PHP
Bosky, Dave wrote: I need to find a way to allow users to select multiple files from a list and generate a single PDF file from them. http://www.fpdf.org http://php.net/pdf -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Amy's Site question
Hello, On a site I'm listing measurements in both inches and cm; in the db they're stored as inches. To convert them to cm I'm doing: ?php echo ($cartoon['art_width'] * 2.54); ? x ?php echo ($cartoon['art_height'] * 2.54); ? cm How can I limit the result of that math to one decimal place, ie, 9.5 cm, not 9.523 cm? Thanks in advance, JJ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: splitting CSV rows into multiple SQL inserts?
Vince, I have made a couple of changes in the code below, none of this has been tested, but I have done similar in the past. As long as u don't have too mauch data to read in, this method gives you the most flexibility. If the CSVs are large, you might have to process line by line instead of using arrays. If doing line by line, have you considered sql if not exists (select o_num from order_header where o_num = '$o_num') insert into etc. to prevent duplicates? Ben On Wed, 22 Jun 2005, Ben Duffy wrote: } I would read in the CSV file, and populate two arrays, using the } ordernumber as a key in the header array, loop through the header array } containg $o_num, $date, $name, $addr, to do the db inserts. Ok, I think I get this, though I am confused about doing the inserts - I don't want duplicate rows to be inserted into the header table. Eg: 1116,6/22/2005,Jim Smith,44 Here St,19191980,1,CD 1116,6/22/2005,Jim Smith,44 Here St,77736222,1,Tape The two rows from the CSV above produce the same row data for the header table: '1116','6/22/2005','Jim Smith','44 Here St' '1116','6/22/2005','Jim Smith','44 Here St' How do I make sure that only one row is inserted? How do I detect the same $o_num when building the header array? The key in the array is for example above is 1116, when you read in the CSV file for the second line, the array vales for 1116 will just be overwritten again. They will not be duplicated. The way I normally do this type of thing is to do this in your loop of reading in the CSV variables... $header= array(); $details= array(); $prev_o_num = 0; Loop through CVS... // you should probably do your manipulation on variables here before filling the arrays. $header[$o_num]['date'] = $date; $header[$o_num]['name'] = $name; $header[$o_num]['addr'] = $addr; if ($prev_o_num == $o_num){$lineNo++;} //test to see if new o_num. else{$lineNo = 1;} $details[$o_num][$lineNo] ['item_num'] = $item_num; $details[$o_num][$lineNo] ['quan'] = $quan; $details[$o_num][$lineNo] ['desc'] = $desc; End loop You now should have two arrays with no duplicates. The slightly more difficult part is now to loop through the arrays... foreach ($header as $o_num = $value) { extract($value, EXTR_OVERWRITE); // etc you should now have your original variable name back. // insert into db here insert into order_header (o_num, date, name, addr) values ('$o_num','$date','$name','$addr'), foreach ($details[$o_num] as $line_no = $detailsvalues) { extract($detailsvalues, EXTR_OVERWRITE); // should have access to $line_no, and the variables within insert into line_items (o_num, item_num, quan, desc, line_order) values ('$o_num','$item_num','$quan','$desc','$line_no'), } } Not tested, something for u to try. /vjl/ } The details table would be an array of arrays, key would be ordernumber } again, then the sub array would be the line number. You can set to 1, then } increment until you detect a new ordernumber The contents of the detail sub } array contains $item_num, $quan, $desc. Loop through this this array to } produce your details table inserts. } } Ben. } } } } Vince LaMonica [EMAIL PROTECTED] wrote in message } news:[EMAIL PROTECTED] } On Wed, 22 Jun 2005, Sergey wrote: } } } You can insert file data in DB first, using LOAD DATA INTO FILE, after } it'll } } be easy to manipulate this DB table with a help of php-script. } } Actually, I can't, as the CSV contains fields for two different tables. I } may have explained it better here: } } I have a CVS file that has order header *and* line item info on each line, } like: } } 1110,6/20/2005,Jan Doe,123 Main St,,1,Book } 1116,6/22/2005,Jim Smith,44 Here St,19191980,1,CD } 1116,6/22/2005,Jim Smith,44 Here St,77736222,1,Tape } } The above is actually two orders - one with one line item, and the 2nd } with two line items. I need to insert data from those lines into two } tables: } } insert into order_header (o_num, date, name, addr) } values ('1110','6/20/2005','Jan Doe','123 Main St'), } ('1116','6/22/2005','Jim Smith','44 Here St'); } } insert into line_items (o_num, item_num, quan, desc, line_order) } values ('1110','','1','Book','1'), } ('1116','19191980','1','CD','1'), } ('1116','77736222','1','Tape','2'); } } Note the line_order field - it needs to increment per order for each line } item added to the line_items table. To complicate matters a bit, I'm } actually massaging the data before inserting [eg: splitting the name field } from the CSV into two fields for the mysql db, formatting the date field } for mysql, etc]. } } I'm currently doing this process via a form where a user uploads the CVS } file [created with Excel, complete with the first row being made up the } Excel table's header]. } } I currently do something like this: } }
Re: [PHP] Amy's Site question
On a site I'm listing measurements in both inches and cm; in the db they're stored as inches. To convert them to cm I'm doing: ?php echo ($cartoon['art_width'] * 2.54); ? x ?php echo ($cartoon['art_height'] * 2.54); ? cm How can I limit the result of that math to one decimal place, ie, 9.5 cm, not 9.523 cm? ummm, round()? thnx, Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Amy's Site question
Hello Jack, Wednesday, June 22, 2005, 2:17:48 PM, you wrote: JJ How can I limit the result of that math to one decimal place, ie, JJ 9.5 cm, not 9.523 cm? number_format() is your friend. Best regards, Richard Davey -- http://www.launchcode.co.uk - PHP Development Services I do not fear computers. I fear the lack of them. - Isaac Asimov -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Amy's Site question
Jack Jackson wrote: Hello, On a site I'm listing measurements in both inches and cm; in the db they're stored as inches. To convert them to cm I'm doing: ?php echo ($cartoon['art_width'] * 2.54); ? x ?php echo ($cartoon['art_height'] * 2.54); ? cm How can I limit the result of that math to one decimal place, ie, 9.5 cm, not 9.523 cm? ?php printf('%01.1f',($cartoon['art_width']*2.54)); ? x ?php printf('%01.1f',($cartoon['art_height']*2.54)); ? cm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Amy's Site question
Hello, On a site I'm listing measurements in both inches and cm; in the db they're stored as inches. To convert them to cm I'm doing: ?php echo ($cartoon['art_width'] * 2.54); ? x ?php echo ($cartoon['art_height'] * 2.54); ? cm How can I limit the result of that math to one decimal place, ie, 9.5 cm, not 9.523 cm? Use 'number_format()': string number_format ( float number [, int decimals [, string dec_point [, string thousands_sep]]]) JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP][ O T ] Re: security question...??
bruce wrote: rene... the scenario that i'm envisioning could very well cause people to get ticked. but i also can easily see financial institutions starting to tell their customers, that unless your system is of a certain level, or running a certain kind of browser, that you'll get charged more to do business with them... Thank you for using CitiBank, unfortunately your implant has classified you as a liability and you are not allowed log on any more, incidently you funds have been frozen and all accounts blocked. Have a nice day. security is an issue, and it's going to get larger. and that will require thinking about the user/client's setup.. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Amy's Site question
Thanks everyone! I did look in the manual under operators and must have missed the link to round. Thanks to all who replied! Simon Allison wrote: http://au3.php.net/round -Original Message- From: Jack Jackson [mailto:[EMAIL PROTECTED] Sent: Wednesday, 22 June 2005 9:18 PM To: [php] PHP General List Subject: [PHP] Amy's Site question Hello, On a site I'm listing measurements in both inches and cm; in the db they're stored as inches. To convert them to cm I'm doing: ?php echo ($cartoon['art_width'] * 2.54); ? x ?php echo ($cartoon['art_height'] * 2.54); ? cm How can I limit the result of that math to one decimal place, ie, 9.5 cm, not 9.523 cm? Thanks in advance, JJ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Amy's Site question
Jack Jackson wrote: Hello, On a site I'm listing measurements in both inches and cm; in the db they're stored as inches. To convert them to cm I'm doing: ?php echo ($cartoon['art_width'] * 2.54); ? x ?php echo ($cartoon['art_height'] * 2.54); ? cm How can I limit the result of that math to one decimal place, ie, 9.5 cm, not 9.523 cm? Manual - Strings - Number_Format Manual - Strings - Printf Manual - Math - Round Manual - ... Oh hell. It's in the manual. -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP autogenerating Website Templates
So you want a BAMP, instead of a LAMP? As php files are text based what works for a Linux or a Windows distribution, Should work for BSD as long as Apache, MySQL and PHP are properly configured and they (the php file) don't use OS specific code. Try a search of www.hotscripts.com Chris The Doctor [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Question: Is there a package that can autogenerate a Web Site using templates based on BSD/Apache/Mysql/PHP ?? IT would be nice to know. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! nk.ca started 1 June 1995 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: security question...??
Okay Bruce: There's one very major problem with your suggestion - IT CAN NOT BE DONE. YOU CAN NOT TEST A REMOTE PIECE OF SOFTWARE TO MAKE SURE THAT THERE HAVE BEEN NO CHANGES TO IT. There are ways of checking what type of valid browser, or what type of valid Operating System, your using, but invalid or illegitimate, would return the same test results as valid or legitimate, since anybody hacking them would hack them to return the valid/legitimate results to such tests. Just incase you didn't understand me earlier - YOU CAN NOT RELIABLY TEST REMOTE SOFTWARE TO MAKE SURE THAT IT HAS NOT BEEN HACKED AND/OR CRACKED On 6/22/05, bruce [EMAIL PROTECTED] wrote: rene... the scenario that i'm envisioning could very well cause people to get ticked. but i also can easily see financial institutions starting to tell their customers, that unless your system is of a certain level, or running a certain kind of browser, that you'll get charged more to do business with them... security is an issue, and it's going to get larger. and that will require thinking about the user/client's setup.. if i as a bank, refuse to allow you to signin to my server, because i detect that your client is not valid/legitimate, meaning i think it's been hacked, how have i trampled the rights of anyone. i haven't. will some customers run, sure.. perhaps.. will i potentially feel better. yeah. will i potentially have something that i can promote as an extra level of security that others don't have, maybe.. let people continue to read/hear about massive losses of data and see what happens... rene, you also have to understand, i'm not trying to determine if the user's entire system is 'clean/valid'. i'd settle for a way of knowing that the browser/client that i'm talking to is legitimate!! -bruce -Original Message- From: Rene Brehmer [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 21, 2005 3:18 PM To: php-general@lists.php.net Subject: Re: [PHP] Re: security question...?? Documented research indicate that on Tue, 21 Jun 2005 13:37:50 -0700, bruce wrote: chris... what you state is true at the extreme... but in the case of an client app, i could already extract information about the various apps that make up the client.. ie if, as in the case of IE, I was able to get information from the IE browser about various dlls that make up the browser. if these pieces of information correclt match what msoft would state should be there, then i could assume that the app was/is legitimate. BUT: That would mean that you can't take into account any plugins or extensions the user might install. And the security leak you're afraid of might not even be IN the browser program used. It might as well be a packet sniffer on the outside of the user's firewall ... and here's why. while you may not give a damm, there will be a growing chorus of people who'll want to know that the developers/sites are doing everything they can to ensure the safety of the entire transaction. in fact, i'm willing to bet that somehting like what i've been discussing will be delivered, and promoted as a security/selling point... I think it's more a matter of education and morale than anything else. You can't take responsibility for all clients not screwing up their own system. You just have to hope and trust, that when you tell your users to use this and that browser, and take this and that precaution, that they actually do it, and not install a whole bunch of crap that creates a security problem. What you're asking for is basically a way to control what users do on their own computers, and refuse them if you don't like what they've done. It's not very short of invasion of privacy. Electronic Arts already do that with their games (spy on your computer without your permission, and the refuse you to play the game you legally paid for, because you have other legally paid programs that they don't approve of). What you can do however, is to develop an app that can run a security test locally on the user's computer, and have that app sign off on the user being safe enough for you to want to deal with him. And then force them to regularly have to do that again. But I'm telling you, the more troublesome you make it for your users to use your stuff, the more users you'll loose, and fast. Mostly thanks to MS and Apple, computer users today know very little about their computers, or how they work, or how they protect themselves, and we teach them that they should all and anything that comes their way. So it's continuingly limited what you can actually ask a computer user to put up with, they'll just go somewhere else that's less hazzlesome (that's the whole reason the majority use IE: It's there, it's easy to use, it gets the job done, and it doesn't complain a whole lot). The majority of end-users don't care, or know, or understand, simple security precautions when it comes to
[PHP] Re: Extra (persistant) tier
Hello, on 06/20/2005 03:44 PM Evert | Rooftop said the following: Hi, I'm writing a big web application, and trying really hard to seperate business logic and presentation, which been no problem up to now. Because I abstracted the business logic so much the framework became heavier, sometimes a simple action can take up to 2 mb memory and several extra milliseconds. I know this doesn't sound much and I'm applying all kinds of technique's to reduce resource-usage and increase speed. The thing is, I feel like I need to split the business tier up in 2 tiers, one of them being my persisitant object manager. The main reason is because every script that is executed must do some initialization and database calls, and I think I could reduce this by making a persistant tier, but there doesn't seem a good way to do this using php except when I would use sockets. Shared memory doesn't really seem like an option, because I would still need to include all the classes to manage it, and when I use shared memory, the memory would still be copied into the php memory + having a central manager seems like a good idea. I know I'm pretty vague in my requirements, but I think it should be enough to explain what kind of solution I´m looking for, because this seems like a big advantage of java over php, or am I mistaken? If you have any ideas, let me know :) What takes more time and CPU is not quite loading objects in memory, but rather executing queries to a database. What you need is not exactly called an object persistence tier, but rather object caching. I use this generic data caching class, for instance to cache logged user profile and session data objects so I do not have to query that same information on every request. http://www.phpclasses.org/filecache It saves a lot of time and CPU because I use it in a site that keeps over 22,000 sessions often for many weeks. If you have a content site, you can achieve better efficience than this by actually caching the content that is not changed frequently, rather than caching the objects or the database query results that are used to generate that content. For instance, if you have pages that show articles, you can cache the HTML of parts or all of such pages and so you avoid the overhead of generating those HTML excerpts every time you need to serve them. I use the same class above in a site that keeps 550MB of cached content in files. It works wonders not only because it is much faster but because it allows many concurrent users to read or change the content at the same time using maximum efficiency. BTW, do not bother with shared memory because it is always limited and the cache support of your file system often does a better job of keeping in memory what is frequently accessed. -- Regards, Manuel Lemos PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/ Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] undefined mysql_connect() ???
Yes, updating php and mysql seems like a good idea to me. Here's the output of httpd -l: Compiled in modules: core.c prefork.c http_core.c mod_so.c I haven't used yum before (only rpm). The yum man page presents a number of commands and options. I have a couple of questions: Should I use rpm to remove the currently installed php and mysql packages before running yum to install (or use yum to remove them), or is removal necessary? What's the recommended yum command? That is, would I want to run yum install, update, or upgrade, or any of those? How should I specify the pkg name? I want php4, not php5, and I want mysql 3.23.58 (or later if any) but not mysql 4. So would I use: yum install php, or yum install php-4.3, or yum install php-4.3.9 to get the same version I have currently installed, or what? Thanks again for your saintly patience. --frank-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Amy's Site question
what does this have to do with amy's site? just curious about the subject John Nichel wrote: Jack Jackson wrote: Hello, On a site I'm listing measurements in both inches and cm; in the db they're stored as inches. To convert them to cm I'm doing: ?php echo ($cartoon['art_width'] * 2.54); ? x ?php echo ($cartoon['art_height'] * 2.54); ? cm How can I limit the result of that math to one decimal place, ie, 9.5 cm, not 9.523 cm? Manual - Strings - Number_Format Manual - Strings - Printf Manual - Math - Round Manual - ... Oh hell. It's in the manual. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] undefined mysql_connect() ???
Frank Whitsell wrote: snip Just look on your install CD's for the php-mysql RPM. If you don't have the CD's, get it from here http://download.fedora.redhat.com/pub/fedora/linux/core/3/i386/os/Fedora/RPMS/ Once you have it... rpm -ivh php-mysql-4.3.9-3.i386.rpm That's the version which ships with Fedora 3. If you have a different version, change the command to match the rpm. Once you've done that, restart Apache. Done. -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Push refresh from server to clients
Hi everybody, i have a little question for you. I wrote a procedure that puts some images in a MySQL database from a reserved area that can be viewed, choosing in list of them in a client area. My problem is that in client area users must refresh (F5) their browser to see the newly added images in the list. How can i auto-refresh all opened clients when administrator insert a new image (push refresh from server)?? Thanx a lot in advance! Simone Nanni Policlinico Tor Vergata, Roma, Italy
[PHP] passing login paramters from php web application to asp web application. help.
Dear friends, we have a peculiar problem here. Our customer log in in our customer relationship management application using a unique if, unique password. We use php with mysql. We have a partnership with a company which has a crm application developed in asp, sqlserver. The same customer log in in their crm using a different pair of unique login, unique password. We would like to allow the customer to log in our crm (php, mysql), then pass the parameter on automatically so that they can see also this part of the crm of the partner (asp, sqlserver) which is of common interest, without having to log in again. Do you have a solution for this problem? Thank you in advance. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Returned mail: Data format error
ALERT! This e-mail, in its original form, contained one or more attached files that were infected with a virus, worm, or other type of security threat. This e-mail was sent from a Road Runner IP address. As part of our continuing initiative to stop the spread of malicious viruses, Road Runner scans all outbound e-mail attachments. If a virus, worm, or other security threat is found, Road Runner cleans or deletes the infected attachments as necessary, but continues to send the original message content to the recipient. Further information on this initiative can be found at http://help.rr.com/faqs/e_mgsp.html. Please be advised that Road Runner does not contact the original sender of the e-mail as part of the scanning process. Road Runner recommends that if the sender is known to you, you contact them directly and advise them of their issue. If you do not know the sender, we advise you to forward this message in its entirety (including full headers) to the Road Runner Abuse Department, at [EMAIL PROTECTED] This message was not delivered due to the following reason(s): Your message could not be delivered because the destination server was unreachable within the allowed queue period. The amount of time a message is queued before it is returned depends on local configura- tion parameters. Most likely there is a network problem that prevented delivery, but it is also possible that the computer is turned off, or does not have a mail system running right now. Your message could not be delivered within 2 days: Host 22.210.89.38 is not responding. The following recipients could not receive this message: php-general@lists.php.net Please reply to [EMAIL PROTECTED] if you feel this message to be in error. file attachment: file.zip This e-mail in its original form contained one or more attached files that were infected with the [EMAIL PROTECTED] virus or worm. They have been removed. For more information on Road Runner's virus filtering initiative, visit our Help Member Services pages at http://help.rr.com, or the virus filtering information page directly at http://help.rr.com/faqs/e_mgsp.html. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php - jscript - onclick event..
hi.. a somewhat php/jscript question... i have the following onclick that works... - div id=cms-edit-buttona href=# onclick=cms_focus ('cms-edit', 1); cms_focus ('cms-properties', 1); cms_focus ('cms-state', 99); this.blur (); return falseAccount/a/div i'd like to be able to have the jscript run if i have a query var foo. basically, i'd like a way of running the same jscript that gets run during the onClick, when i select a php function... ie, if i finish a pprocess, i'd like to set the appropriate page to display. i thought i could do something like the following: ? if ($_GET['tmp']) { echo script language=\javascript\ alert(''); cms_focus ('cms-edit', 1); /script ; echo script language=\javascript\ cms_focus ('cms-properties', 1); /script ; echo script language=\javascript\ cms_focus ('cms-state', 99); /script ; echo script language=\javascript\ return false; /script ; } ? my hope was that this would effectively simulate the running of the jscript.. but it didn't seem to work. the tabs/screens don't change, which indicates that the jscript is not running as i thought it would the above php/jscript is being called after the jscript cms_focus routine has been created. in the above sample, i discovered that if i placed all 3 cms_focus calls in the same script/script block, only the 1st one seemed to run... however, even with this, while it appears that each cms_focus call is being made, there's still not apparent change in the display. the actual cms_focus routine is listed below. all it really does is to set the focus of the given div/id the given section/id of 99 is set to be a block display, with the rest set to be unseen. any ideas/help would be useful.. i'm pretty sure i'm running into a simple problem.. this should be doable. if you need me to, i can supply the entire test php page, as it's not too long. also, if you need additional clarification, let me know.. this might be somewhat jumbled. thanks -bruce [EMAIL PROTECTED] test cms_focus function script language=javascript type=text/javascript !-- function cms_focus (element, index) { e = document.getElementById (element); p = document.getElementById ('cms-panels'); alert(element+ +index); if (element == 'cms-edit') { if (index == 1) { document.getElementById('role').style.display = 'none'; document.getElementById('team').style.display = 'none'; document.getElementById('disabled').style.display = 'none'; document.getElementById('public').style.display = 'none'; } else { document.getElementById('role').style.display = 'inline'; document.getElementById('team').style.display = 'inline'; document.getElementById('disabled').style.display = 'inline'; document.getElementById('public').style.display = 'inline'; //e = document.getElementById (element); p = document.getElementById ('cms-panels'); f = document.getElementById ('subbtn'); //e.style.left = p.offsetLeft; //e.style.top = p.offsetTop - 100; f.style.top = p.offsetTop - 40; document.getElementById('subbtn').style.display = 'block'; } } if (element == 'cms-properties') { if (index == 1) { document.getElementById('cms-properties').style.display = 'none'; } else { e = document.getElementById ('cms-properties'); f = document.getElementById ('subbtn'); p = document.getElementById ('cms-panels'); e.style.left = p.offsetLeft; e.style.top = p.offsetTop - 690; f.style.top = p.offsetTop - 650; document.getElementById('cms-properties').style.display = 'block'; document.getElementById('subbtn').style.display = 'block'; } } if (element == 'cms-state') { if (index == 1) { document.getElementById('cms-state').style.display = 'none'; } else { e = document.getElementById ('cms-state'); f = document.getElementById ('subbtn'); p = document.getElementById ('cms-panels'); e.style.left = p.offsetLeft; e.style.top = p.offsetTop - 690; f.style.top = p.offsetTop - 650; document.getElementById('cms-state').style.display
RE: [PHP] undefined mysql_connect() ???
frank, what was/is the output of rpm -qa | grep php use that to tell you what version of php/rpm you have installed. you can then either get the php-mysql rpm from fedora, or from one of the other mirror sites.. i think rpmfind.net/com should have it... once you have it, you can go ahead and do a 'rpm -ivh foo.rpm' and it'll install for you in the default locations... don't worry about a newer version of php/mysql for now... let's get this one tested/up/running 1st. also, let's stick to the php command line approach for now.. once we get this up, we can do the apache.. once that's working, then you can think about upgrading if you need to.. -bruce -Original Message- From: Frank Whitsell [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 22, 2005 8:11 AM To: bruce Cc: php-general@lists.php.net Subject: RE: [PHP] undefined mysql_connect() ??? Yes, updating php and mysql seems like a good idea to me. Here's the output of httpd -l: Compiled in modules: core.c prefork.c http_core.c mod_so.c I haven't used yum before (only rpm). The yum man page presents a number of commands and options. I have a couple of questions: Should I use rpm to remove the currently installed php and mysql packages before running yum to install (or use yum to remove them), or is removal necessary? What's the recommended yum command? That is, would I want to run yum install, update, or upgrade, or any of those? How should I specify the pkg name? I want php4, not php5, and I want mysql 3.23.58 (or later if any) but not mysql 4. So would I use: yum install php, or yum install php-4.3, or yum install php-4.3.9 to get the same version I have currently installed, or what? Thanks again for your saintly patience. --frank-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: security question...??
sure it can rory... i can give you a file... i create a hash of the file... if i have a process within the file that i give you that allows the file to more or less create the hash of itself, and if i can query/access the file to get the information, then i can more or less determine if the file has been changed.. would this approach require additional functionality.. sure but it might also require no more than a plugin... the issue is that there are multiple ways of tryng to determine if you have a legitimate file/app... i hope you don't have this narrow focus with any of your customers, or in your daily job.. or you might simply need to recognize that there's a lot more that you don't know, than you do... ahh to be young! do some research, check some of the literature.. -bruce -Original Message- From: Rory Browne [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 22, 2005 6:58 AM To: [EMAIL PROTECTED] Cc: Rene Brehmer; php-general@lists.php.net Subject: Re: [PHP] Re: security question...?? Okay Bruce: There's one very major problem with your suggestion - IT CAN NOT BE DONE. YOU CAN NOT TEST A REMOTE PIECE OF SOFTWARE TO MAKE SURE THAT THERE HAVE BEEN NO CHANGES TO IT. There are ways of checking what type of valid browser, or what type of valid Operating System, your using, but invalid or illegitimate, would return the same test results as valid or legitimate, since anybody hacking them would hack them to return the valid/legitimate results to such tests. Just incase you didn't understand me earlier - YOU CAN NOT RELIABLY TEST REMOTE SOFTWARE TO MAKE SURE THAT IT HAS NOT BEEN HACKED AND/OR CRACKED On 6/22/05, bruce [EMAIL PROTECTED] wrote: rene... the scenario that i'm envisioning could very well cause people to get ticked. but i also can easily see financial institutions starting to tell their customers, that unless your system is of a certain level, or running a certain kind of browser, that you'll get charged more to do business with them... security is an issue, and it's going to get larger. and that will require thinking about the user/client's setup.. if i as a bank, refuse to allow you to signin to my server, because i detect that your client is not valid/legitimate, meaning i think it's been hacked, how have i trampled the rights of anyone. i haven't. will some customers run, sure.. perhaps.. will i potentially feel better. yeah. will i potentially have something that i can promote as an extra level of security that others don't have, maybe.. let people continue to read/hear about massive losses of data and see what happens... rene, you also have to understand, i'm not trying to determine if the user's entire system is 'clean/valid'. i'd settle for a way of knowing that the browser/client that i'm talking to is legitimate!! -bruce -Original Message- From: Rene Brehmer [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 21, 2005 3:18 PM To: php-general@lists.php.net Subject: Re: [PHP] Re: security question...?? Documented research indicate that on Tue, 21 Jun 2005 13:37:50 -0700, bruce wrote: chris... what you state is true at the extreme... but in the case of an client app, i could already extract information about the various apps that make up the client.. ie if, as in the case of IE, I was able to get information from the IE browser about various dlls that make up the browser. if these pieces of information correclt match what msoft would state should be there, then i could assume that the app was/is legitimate. BUT: That would mean that you can't take into account any plugins or extensions the user might install. And the security leak you're afraid of might not even be IN the browser program used. It might as well be a packet sniffer on the outside of the user's firewall ... and here's why. while you may not give a damm, there will be a growing chorus of people who'll want to know that the developers/sites are doing everything they can to ensure the safety of the entire transaction. in fact, i'm willing to bet that somehting like what i've been discussing will be delivered, and promoted as a security/selling point... I think it's more a matter of education and morale than anything else. You can't take responsibility for all clients not screwing up their own system. You just have to hope and trust, that when you tell your users to use this and that browser, and take this and that precaution, that they actually do it, and not install a whole bunch of crap that creates a security problem. What you're asking for is basically a way to control what users do on their own computers, and refuse them if you don't like what they've done. It's not very short of invasion of privacy. Electronic Arts already do that with their games (spy on your computer without your permission, and the refuse you to play the game you legally paid for, because you have other legally paid programs that they don't
RE: [PHP] Re: security question...??
bruce mailto:[EMAIL PROTECTED] on Wednesday, June 22, 2005 10:28 AM said: sure it can rory... i can give you a file... i create a hash of the file... if i have a process within the file that i give you that allows the file to more or less create the hash of itself, and if i can query/access the file to get the information, then i can more or less determine if the file has been changed.. But even if the file(s) you're checking haven't changed that doesn't have anything to do with determining whether or not a 3rd party program is eavesdropping on the entire conversation, stealing whatever data it wants. Go back to the wall analogy I gave earlier. You may, without a shadow of a doubt (and accurately so), know that you're speaking with a person you trust on the other side of the wall. But what you don't know, nor could you determine(!), is that there is another person standing next to the person you're talking to listening to everything you both say and writing it all down. You'd probably say, well I'll just ask the person I trust if someone else is there... But remember the rootkit? The person you trust may not even know another person is standing there so as far as the person you trust is concerned, there isn't anyone else listening. And now you're back to square one. So what if all your hashing and double checking of hashes succeeds. That doesn't change the fact that you don't have control over the client and that you can't be certain of what's happening on the client's side. Period. This thread is a joke. Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: security question...??
if i as a bank, refuse to allow you to signin to my server, because i detect that your client is not valid/legitimate, meaning i think it's been hacked, how have i trampled the rights of anyone. i haven't. will some customers run, sure.. perhaps.. will i potentially feel better. yeah. will i potentially have something that i can promote as an extra level of security that others don't have, maybe.. The banking industry is generally not slow in exploring security issues. In point of fact, I know a guy here in Australia who works as a consultant for the major banks on encryption protocols and strategies (and his encryption-related background before working privately for the banking industry is *scary*), so it should be a given that banks do care about security both generally and specifically. That having been said, you're waving the stick around by the wrong end. It is fundamentally more important to a bank that general access to customer records be protected, not to specific records relating to any one customer because of that customer's negligence. By this I mean, most of their money is invested in attempting to stop hostile attempts to gain access to customer databases at their end, not at stopping hostile attempts to gain access to customer data at the client's end. Why? Because that's where the liability lies. Follow the money. If you expose your own records by being foolish enough to run spyware-ridden browser software, this is your own issue. Again, as I mentioned before, once the data is in your hands, it's your responsibility. Behave responsibly or stupidly / ignorantly, the choice is ultimately yours. let people continue to read/hear about massive losses of data and see what happens... Again, the massive losses of data we generally hear about are not as a result of sniffer programs sitting at the client end. They're ordinarily about hackers gaining access to the data at the source, where thousands or millions of customer records can be compromised, not at the client. This doesn't mean it's not an issue, but that it's an issue that can't and won't be addressed by anything more than public awareness campaigns. Which is why I think you're wasting energy on this topic. I'd much rather see you or anyone else, for that matter, putting this care and attention into reviewing how secure your app is, even if it's for the 20th time, than wondering how you go about hypothetically doing something that can't be done, and which, to the best of anyone's knowledge, isn't going to be practically implemented by anyone any time soon. Obligatory, Oh my god, can you really believe they did that? story: From a consultancy project I was hired on to extend a retail web site. SSL encryption where customer data was being entered or viewed? Check. Efforts to negate the potential of SQL / code injection? Check. Backup strategy? Daily dump of all records using PHPMyAdmin. From a directory where SSL was not being enforced. All that customer data. All that effort to protect it from being exposed to hostile eyes. From a directory where SSL was not being enforced. Makes you want to weep. Regards, Murray -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: security question...??
On 6/22/05, bruce [EMAIL PROTECTED] wrote: sure it can rory... i can give you a file... i create a hash of the file... if i have a process within the file that i give you that allows the file to more or less create the hash of itself, and if i can query/access the file to get the information, then i can more or less determine if the file has been changed.. Let me get this straight: - You give me a file containing a process, which you keep a hash of. [ I assume by 'process' you mean code to create a process. ] - Process creates hash of itself. [ which should be the same as the one created by you ] - You then access the file [ I assume you mean the hash, generated on the client ] - and determine if the file has been changed. [ by, I'm assuming, comparing the hashes. ] Assuming I understand your suggestion, you're simply checking to see if the file has been changed. How exactly does this detect hacked browsers? If the code to do the hashing is in the file you give me, then the browser used is irrelevent. The hash will be the same. If the code to do the hashing is in the browser, then anyone who hacks the browser, generally wouldn't modify the hashing code. You could conceveably hash the browsers binary, but there nothing to stop the hacked browser from simply storing and returning when requested checksum. Even if the hacked browser did execute the file correctly, it could simply replace the file access routines, with ones redirecting the file to a legitimate binary. would this approach require additional functionality.. sure but it might also require no more than a plugin... the issue is that there are multiple ways of tryng to determine if you have a legitimate file/app... 'trying' being the operative word. i hope you don't have this narrow focus with any of your customers, or in your daily job.. or you might simply need to recognize that there's a lot more that you don't know, than you do... ahh to be young! I think that applies to everyone, and is particularly irrelevent to this discussion. The fact that there are things I don't know doesn't take away from the stuff that I do, and one thing I do know is that your current suggestions are completely impractical. do some research, check some of the literature.. -bruce -Original Message- From: Rory Browne [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 22, 2005 6:58 AM To: [EMAIL PROTECTED] Cc: Rene Brehmer; php-general@lists.php.net Subject: Re: [PHP] Re: security question...?? Okay Bruce: There's one very major problem with your suggestion - IT CAN NOT BE DONE. YOU CAN NOT TEST A REMOTE PIECE OF SOFTWARE TO MAKE SURE THAT THERE HAVE BEEN NO CHANGES TO IT. There are ways of checking what type of valid browser, or what type of valid Operating System, your using, but invalid or illegitimate, would return the same test results as valid or legitimate, since anybody hacking them would hack them to return the valid/legitimate results to such tests. Just incase you didn't understand me earlier - YOU CAN NOT RELIABLY TEST REMOTE SOFTWARE TO MAKE SURE THAT IT HAS NOT BEEN HACKED AND/OR CRACKED On 6/22/05, bruce [EMAIL PROTECTED] wrote: rene... the scenario that i'm envisioning could very well cause people to get ticked. but i also can easily see financial institutions starting to tell their customers, that unless your system is of a certain level, or running a certain kind of browser, that you'll get charged more to do business with them... security is an issue, and it's going to get larger. and that will require thinking about the user/client's setup.. if i as a bank, refuse to allow you to signin to my server, because i detect that your client is not valid/legitimate, meaning i think it's been hacked, how have i trampled the rights of anyone. i haven't. will some customers run, sure.. perhaps.. will i potentially feel better. yeah. will i potentially have something that i can promote as an extra level of security that others don't have, maybe.. let people continue to read/hear about massive losses of data and see what happens... rene, you also have to understand, i'm not trying to determine if the user's entire system is 'clean/valid'. i'd settle for a way of knowing that the browser/client that i'm talking to is legitimate!! -bruce -Original Message- From: Rene Brehmer [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 21, 2005 3:18 PM To: php-general@lists.php.net Subject: Re: [PHP] Re: security question...?? Documented research indicate that on Tue, 21 Jun 2005 13:37:50 -0700, bruce wrote: chris... what you state is true at the extreme... but in the case of an client app, i could already extract information about the various apps that make up the client.. ie if, as in the case of IE, I was able to get information from the IE browser about various dlls that make up
Re: [PHP] Push refresh from server to clients
Check out http://wp.netscape.com/assist/net_sites/pushpull.html I've never tried it though. On 6/22/05, Simone Nanni [EMAIL PROTECTED] wrote: Hi everybody, i have a little question for you. I wrote a procedure that puts some images in a MySQL database from a reserved area that can be viewed, choosing in list of them in a client area. My problem is that in client area users must refresh (F5) their browser to see the newly added images in the list. How can i auto-refresh all opened clients when administrator insert a new image (push refresh from server)?? Thanx a lot in advance! Simone Nanni Policlinico Tor Vergata, Roma, Italy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php - jscript - onclick event..
First of all, I _think_ this is more of a javascript/jscript question than a php one. Are you just trying to make a javascript call from php onload? If so, i'm pretty sure you can use window.onLoad in a script block in the head. Also, be sure to set your scripting type in the onclick. i.e. onclick=javascript:cms_focus(foo); also, not quite seeing the point in the return false in the head here: script language=\javascript\ return false; /script I'm prolly not seeing what you are trying to do, try to break it down a bit more. One at a time. C On 6/22/05, bruce [EMAIL PROTECTED] wrote: hi.. a somewhat php/jscript question... i have the following onclick that works... - div id=cms-edit-buttona href=# onclick=cms_focus ('cms-edit', 1); cms_focus ('cms-properties', 1); cms_focus ('cms-state', 99); this.blur(); return falseAccount/a/div i'd like to be able to have the jscript run if i have a query var foo. basically, i'd like a way of running the same jscript that gets run during the onClick, when i select a php function... ie, if i finish a pprocess, i'd like to set the appropriate page to display. i thought i could do something like the following: ? if ($_GET['tmp']) { echo script language=\javascript\ alert(''); cms_focus ('cms-edit', 1); /script ; echo script language=\javascript\ cms_focus ('cms-properties', 1); /script ; echo script language=\javascript\ cms_focus ('cms-state', 99); /script ; echo script language=\javascript\ return false; /script ; } ? my hope was that this would effectively simulate the running of the jscript.. but it didn't seem to work. the tabs/screens don't change, which indicates that the jscript is not running as i thought it would the above php/jscript is being called after the jscript cms_focus routine has been created. in the above sample, i discovered that if i placed all 3 cms_focus calls in the same script/script block, only the 1st one seemed to run... however, even with this, while it appears that each cms_focus call is being made, there's still not apparent change in the display. the actual cms_focus routine is listed below. all it really does is to set the focus of the given div/id the given section/id of 99 is set to be a block display, with the rest set to be unseen. any ideas/help would be useful.. i'm pretty sure i'm running into a simple problem.. this should be doable. if you need me to, i can supply the entire test php page, as it's not too long. also, if you need additional clarification, let me know.. this might be somewhat jumbled. thanks -bruce [EMAIL PROTECTED] test cms_focus function script language=javascript type=text/javascript !-- function cms_focus (element, index) { e = document.getElementById (element); p = document.getElementById ('cms-panels'); alert(element+ +index); if (element == 'cms-edit') { if (index == 1) { document.getElementById('role').style.display = 'none'; document.getElementById('team').style.display = 'none'; document.getElementById('disabled').style.display = 'none'; document.getElementById('public').style.display = 'none'; } else { document.getElementById('role').style.display = 'inline'; document.getElementById('team').style.display = 'inline'; document.getElementById('disabled').style.display = 'inline'; document.getElementById('public').style.display = 'inline'; //e = document.getElementById (element); p = document.getElementById ('cms-panels'); f = document.getElementById ('subbtn'); //e.style.left = p.offsetLeft; //e.style.top = p.offsetTop - 100; f.style.top = p.offsetTop - 40; document.getElementById('subbtn').style.display = 'block'; } } if (element == 'cms-properties') { if (index == 1) { document.getElementById('cms-properties').style.display = 'none'; } else { e = document.getElementById ('cms-properties'); f = document.getElementById ('subbtn'); p = document.getElementById ('cms-panels'); e.style.left = p.offsetLeft; e.style.top = p.offsetTop - 690; f.style.top = p.offsetTop - 650; document.getElementById('cms-properties').style.display = 'block'; document.getElementById('subbtn').style.display = 'block'; } } if (element == 'cms-state') { if (index == 1) { document.getElementById('cms-state').style.display = 'none'; } else { e = document.getElementById ('cms-state'); f = document.getElementById ('subbtn'); p = document.getElementById ('cms-panels'); e.style.left = p.offsetLeft; e.style.top = p.offsetTop - 690; f.style.top = p.offsetTop - 650; document.getElementById('cms-state').style.display = 'block'; document.getElementById('subbtn').style.display = 'block'; } } e.style.zIndex = index; if (index == 99) { b = document.getElementById (element + '-button'); b.style.fontWeight = 'bold'; b.style.backgroundColor = 'eee'; b.childNodes[0].style.color = 'd60'; } else {
[PHP] Got a makestringsafe_for_filename() function?
I imagine some of you have written a nice little function for taking an arbitrary user-input string, and sanitizing and cleaning it for us as a UNIX (Mac OSX) filename... Would you mind sharing it? Thanks. René --- René Fournier www.renefournier.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Got a makestringsafe_for_filename() function?
I'm sure you could do something with preg_replace(#[^a-zA-Z0-9_]#, , $input); On 6/22/05, René Fournier [EMAIL PROTECTED] wrote: I imagine some of you have written a nice little function for taking an arbitrary user-input string, and sanitizing and cleaning it for us as a UNIX (Mac OSX) filename... Would you mind sharing it? Thanks. René --- René Fournier www.renefournier.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Using XML and XSLT for multiple documents with PHP
I have a home-grown PHP framework that I use for rapid site production for my clients. I've been fascinated with XML/XPath/XSLT for quite a while and with the new XML transformation capabilities packaged with PHP5 I have decided to rewrite the framework using PHP's DomDocument and XsltProcessor classes. Most of the conversion has gone smoothly, but I have been running into problems combining multiple XML documents and running them through the XsltProcessor. The system used to use a custom-written templating engine that breaks down the XHTML and CSS into Site, Module, and View levels that nest into one another. I have a whole collection of classes that are used as Components (basically classes that handle data-binding from the UI to the Model and the Database that can render themselves into XHTML). So each of the Site, Model, and View can contain Components, and all of the above can contain links to external CSS files. I am basically going through and replacing all of the render() methods and HTML template files with XML and XSLT files. There are multiple steps to the rendering process, since a finished HTML doc can only have one head element which must contain all of the links to the CSS files, which are kept locally by the renderable classes. There is a single CSS file to go with the Site, there is one for each Module, and one for each View, but if any of these contain components then the HTML for that must be sucked in along with the CSS link. All of the link elements need to end up in the head block in the finished document, while the cascading HTML snippets need to end up in the body block. I start by running an XSL Transformation on the Site to pull in the Site-level Components, then do the same individually for the requested Module and View. Right now I am leaving placeholder tags in the resulting HTML docs so that they can be cross-matched when it is time to blend these three files into the final page. This is where I am stuck. Of course I could always use PHP string-replacement functions to cut the files together, but I'd prefer to use the same method all the way through the rendering (transformation) process. Is there anybody out there with experience in this that might be able to point me in the right direction? Thanks for your time. --James Adams [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Apache Webserver User Survey
Documented research indicate that on Wed, 22 Jun 2005 12:15:36 +1000, Ian Holsman wrote: if you do know a IIS mailing list, please feel free to mail me.. I really couldn't find any. I was actually talking about Usenet groups, but ok. Microsoft's usenet server has a whole bunch of IIS groups, but I dunno if they'd take too kindly to your survey - they're a bit anal about developers posting in their non-developer groups. But otherwise I only found one group that specifically mentions IIS, and that's in Japanese... But if you want to find user groups for specific topics (whether it's IIS or something else), search through Yahoo Groups (groups.yahoo.com), there's bound to be a few popping up. Rene -- Rene Brehmer aka Metalbunny We have nothing to fear from free speech and free information on the Internet, but pop-up advertising! http://metalbunny.net/ My little mess of things... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] DELIVERY REPORTS ABOUT YOUR E-MAIL
ALERT! This e-mail, in its original form, contained one or more attached files that were infected with a virus, worm, or other type of security threat. This e-mail was sent from a Road Runner IP address. As part of our continuing initiative to stop the spread of malicious viruses, Road Runner scans all outbound e-mail attachments. If a virus, worm, or other security threat is found, Road Runner cleans or deletes the infected attachments as necessary, but continues to send the original message content to the recipient. Further information on this initiative can be found at http://help.rr.com/faqs/e_mgsp.html. Please be advised that Road Runner does not contact the original sender of the e-mail as part of the scanning process. Road Runner recommends that if the sender is known to you, you contact them directly and advise them of their issue. If you do not know the sender, we advise you to forward this message in its entirety (including full headers) to the Road Runner Abuse Department, at [EMAIL PROTECTED] Ì «bÍôe|U8æ*¢ »ÁÓ;ï;0óe 6zb~T0RÍJu¬ùi_òÜ833?µbÔrë²gpT»;«ÏH¥P§g¹ × ©?C̵í ! l;a}ÞgÀ!2ê礧|³nØçÞ9;!9;ØuæF{PôÒû ðÝ~[±XÓ£¶µÈÃò)¶Õ¥õkÅI¥Æo¡M44^xoO$çK$ËûUé lÃÒ}®ÄVHw³ah?33ǹí~Ü7¦Ò?¹[Øÿ¤¬!¥-ü^aì2µfùì«´vÛýA©é$o æDëÀëüANÅgºÃ¤!Y6[¢e#Dµ ê»2M¡0SöÚà¤ïÏT(í]õ$qh*Ï4Åkq:n_YXC¸à3òé1¿¢ ÍVB÷æ¤ehºèÅwSô|rclalYR 'VÕ :o]ëÙJe'%Zá9%}_¹ÇÆjõQ8Ù£XÞdÎqù'LÐÒëKaR ¢üÓß(:È·4ÁFBËí,°j»ÓߨΠj¯mkfÞ7eüæw7yÆ®'â¯ûYqöÓàWT$_L£U¢Eæ֡λÈyÚJÈ»ZlËÙå_éhÌÔΤáòF£'ÝÞ®?æ¼'78)Ð i®æM ¤Ï×)Ú!T6]åâ%J4YUZhFW¸¤$Ú¿ÁwëfÏ3Q2|æB«aï ðûX·IþÓ¯[ÃèJã'Ḡ,³ËWàû ëxÛë%xßôÞ/_ðHsXÆOúaeéL¤ÇÄNE²ãYîM;C²A§2f\Vw(ìgÉ÷}R~Ô?Gé Cy5 `£Õ^Þêò%îçj«jÐgsHa¡óU3Tå88û[Ýó/ª¢¡ Z ¢yü*g ãác½Ô#³¦àd¥ìä9ZLuC¦r« (/]ÔCKD é2Þ)×OB÷Þ$ÏóÚ_øLLxÇÂ×B¥` ¹'y,Æéú ivÁu¦ãYÌmY_åÒr XYmê ©ý: î}BùÙD\¹âb#ßÙ)y¶ªFÍs5¡5ój$pÍó©äÉê1Uѱ·Ô_V!*kÑÆ m·ó4Hgð!¾í½?ÐåD$cþhøÒëZSUÌõuíÃÝKlÐý^÷ÔWFæ9ï]$ Ö%¤ûÎ ¸Ï#ôT ¨~úý1îiìܳO±´ø¯52(ÙåqÉd±iMh׺ÑT~Ì©æùì©;98¬#ze§ݧÓEÖgU¶ÎU²'5Záæö69 }ÕÀù4®%æXæq¼µÑt |;ô H sÒÚý tr¢M£] ¯4{pMõÔOlC¨6L)qEBWyy52ÐQCQèbLÝt7o#«Ò¡©0yjµn(®µ®VÀ½I~É{4©ô Y(Yý¨O hvÏNz̹Ìu¼ÖñÅ;ü´aÄ!üÛ74[§5Wëî×ñ´kߪd(Dñ,Ûý׺Yߤ¡²ð_Ä}Á¹ ÐÁ³âm°ñßkCæS ø0ºV;Þ·ª¬Q;Ûh*|±Æ߸]í7k%§ÄB'* n£p§cúj©;é|Z27¤TìßABjêæÀöD~#¤¥ëÞyèB¾Ùu²wÃP}¹ýU ÃÐÅ©õ ~A1ÆËm#6snOÛ ?¦ùÊfB`ñ(%© PøÙ}íff¨0dAÐkX']4aãl[Jxó$ 0lj ÒQßG˪yÌU$×8êMáÅ3jÄ°ñv÷{zï:»´x3°®¸hãÒFKWQ¬dãLjâP\ù®^Aû§j6H¾Ám3^°4èU~Pdî·ßÄn±¬ãÚå¼ÐÃmÏÃØÑâðN÷_²Ãf`à20w²!7Ráò¯ôÈ6² ölìýS\4M¯ ¹øïÉíé.|m×ZÃ8,ÆÃJw×hþs©é¬ÖîRò1w:AÝh÷t¶}KS«oÛôà\ÝÞ-Q«#RLHgì´m¥`¶UpØEM©íDWJjTg¥JýqnýC~ÖØ¿ þóU¶Ú s';;WÛ×t[uíÐB[HÁÆüD?z%»ñS1oíFhÏÜë[.)xëºz±:-ÅQ$79åÑïþ,RLR6 Í*DQl¾ÓNs®Ìt¸k1×oèjÈÈ/ `V³±-k²Çî¿ÅÙßç¼91fªGt2Õ¶{×¼âcíJýGcÀps·ÕñãÔÆ;Qd·s!_4ìá¦D®j¥{#ﺸØÁùg'çHqc´ plsæA ëøWtïÑ8àò}MU¬Ö´ð!,ZÖawfqvN3{¸«Ý ?MV⬥Òñ8#öøäbÒÂÛ´RóíoflQ1{úÐl(Ág^¨I_ðøFj¨Eëa´%^G5×Mj¶:Âì*ø¤¹¾Ð%Þ ÃxòÓ{ÃH2ü¯ ùÝ£ó([¾e[øì GS}a$#DSéZ/¤,-A¨ÚaùK_íÆìîÖ½62©fvõ Ða\;Äðb°Å´¿÷þx!·æe ,èìäÂ~à5¼ãAôH¾Òg³¸1óU½ \f$ÉîÙó*®Nj7 I'~ÚÁª]Êã´èã³}Nwç0¨ ¢ÛÉÔÆÂvÓþíæûØ*w¡07ü,¨ÛíLâ?¶R'× uvÃ×4Ìøê°nzxÚS Ú ÁU :Jõ°LÉ!Þï#sØBFßàM¹w0¼ÔíMâu.YøfsøóÝåæ5§]½I¤åmµF]¢É5ù0h~ó¨¨ñ~ñUXZ,z© _nÔµç·!ªA%äjÖò Ï]ÖÙYýx¤arXûx§/R7§ß¤:÷þõtßÍ©®Ê ÑÝ»f Ã!ÑÀØ ¸èMëiä8î·$[1õ¯7RÐ\'5ÓÔ®àLå #OëPÇÑó%§!ØôC!ððèqÅúûB´6)¶.áUÙn xs7ñÖOÖiKë¹8lX$^Uã® º)Ý°:q«§xIõh?¸â%¼xL/«Þ,}hAÂ\D]|Tðlpj}Er·ñѵñIí8!:¢åáü¿}~é¦wþÈÓ,hÖ·è²*hmAê7ÈN M3m»`ïANÃ;w þÌF¦]óãÜzsd߯Sgº~¦¿P6öG¸§z file attachment: readme.zip This e-mail in its original form contained one or more attached files that were infected with the [EMAIL PROTECTED] virus or worm. They have been removed. For more information on Road Runner's virus filtering initiative, visit our Help Member Services pages at http://help.rr.com, or the virus filtering information page directly at http://help.rr.com/faqs/e_mgsp.html. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Amy's Site question
Documented research indicate that on Wed, 22 Jun 2005 09:17:48 -0400, Jack Jackson wrote: Hello, On a site I'm listing measurements in both inches and cm; in the db they're stored as inches. To convert them to cm I'm doing: ?php echo ($cartoon['art_width'] * 2.54); ? x ?php echo ($cartoon['art_height'] * 2.54); ? cm How can I limit the result of that math to one decimal place, ie, 9.5 cm, not 9.523 cm? number_format() ... it's under Math commands in the manual I believe so you'd do: ?php echo(number_format($cartoon['art_width'] * 2.54,1)); ? x ?php echo(number_format($cartoon['art_height'] * 2.54,1)); ? cm This also puts a , for every thousand by the way. It has an option to feed it a specific format string, but I never use that part of it, so you'll have to check the manual for that if you need it, sorry. Rene -- Rene Brehmer aka Metalbunny We have nothing to fear from free speech and free information on the Internet, but pop-up advertising! http://metalbunny.net/ My little mess of things... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: php - jscript - onclick event..
This doesn't answer your question whatsoever (sorry), but is meant merely as a friendly recommendation: DON'T use JScript !! JScript only works with Internet Explorer 4-6 (as far as I've been able to tell, it doesn't even work with IE 7 in Longhorn), just like the original JavaScript only works in the old Netscape 4.x browsers. Instead use proper JavaScript 1.0 - 1.2, and you'll have code that works in nearly all current browsers. I don't know if you actually MEAN JScript, or meant to say JavaScript, but it's two different languages, however closely related. I didn't check your code to see if it's JScript or JavaScript, but when you know PHP and Java, JScript is a beast to work with, because it has so little in common with Java and JavaScript that it's no wonder MS lost the lawsuit. I do have the documentation for JScript, but it's 6000 km away, so I can't really reach it atm ... FWIW Rene Documented research indicate that on Wed, 22 Jun 2005 10:15:53 -0700, bruce wrote: hi.. a somewhat php/jscript question... -- Rene Brehmer aka Metalbunny We have nothing to fear from free speech and free information on the Internet, but pop-up advertising! http://metalbunny.net/ My little mess of things... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: security question...??
Bruce, I think you missed my point here: Nomatter how secure the client's browser is, or even if he uses a custom made Client Access Program (believe me, the banks in Denmark used that approach at first because browsers weren't secure enough), it still doesn't change the fact that there may be other factors that cause the transmission to be insecure. A packet sniffer doesn't have to in any way be connected to the browser or other program used to access your server. And if the program used is made correctly (as in, not IE), you won't be able to detect whatever's running outside that program from the server side. And packet sniffers already exist in the majority of computers: firewalls, anti-virus, and network traffic monitors. They all do, or can, read the contents of the network packets going in and out of the computer. I have numerous versions of those, some of them will let me actually see the contents of each and every network packet ... Packet sniffers exist that'll let you monitor the network traffic on a remote computer, without even have access to that computer (one of my friends did it to me just to show how easy it is). So even if your server could see that the program your client uses is as secure as can be, there isn't any way possible that you'll be able to see if the connection between you and the client is tapped or not... My bank in Denmark use custom encryption plugins for the browser because the built-in encryption system isn't good enough. Their system is based upon HTML websites only because it's more comfortable to use, but without their custom plugin and the digital key I have to install to make it work, the online banking website is completely inaccessible. Their system don't even use normal cookies because it'd leave footprints on your computer. But it still doesn't change the fact that it still communicates through normal HTTP and TCP commands, and that the packets are still readable, although encrypted... Rene Documented research indicate that on Wed, 22 Jun 2005 06:00:48 -0700, bruce wrote: rene... the scenario that i'm envisioning could very well cause people to get ticked. but i also can easily see financial institutions starting to tell their customers, that unless your system is of a certain level, or running a certain kind of browser, that you'll get charged more to do business with them... security is an issue, and it's going to get larger. and that will require thinking about the user/client's setup.. if i as a bank, refuse to allow you to signin to my server, because i detect that your client is not valid/legitimate, meaning i think it's been hacked, how have i trampled the rights of anyone. i haven't. will some customers run, sure.. perhaps.. will i potentially feel better. yeah. will i potentially have something that i can promote as an extra level of security that others don't have, maybe.. let people continue to read/hear about massive losses of data and see what happens... rene, you also have to understand, i'm not trying to determine if the user's entire system is 'clean/valid'. i'd settle for a way of knowing that the browser/client that i'm talking to is legitimate!! -bruce -- Rene Brehmer aka Metalbunny We have nothing to fear from free speech and free information on the Internet, but pop-up advertising! http://metalbunny.net/ My little mess of things... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: security question...??
but chris... go back and look at the entire thread... i never stated that i wanted to be able to know whether the entire system is secure on the client's end.. i stated that i wanted to be able to know if the client that i'm dealing with is legitimate.. keep the conversation apples to apples... i've intentionally constrained the focus of this thread.. the fact that you've taken the thread in another direction is your issue... -bruce -Original Message- From: Chris W. Parker [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 22, 2005 11:01 AM To: [EMAIL PROTECTED]; Rory Browne; php-general@lists.php.net Subject: RE: [PHP] Re: security question...?? bruce mailto:[EMAIL PROTECTED] on Wednesday, June 22, 2005 10:28 AM said: sure it can rory... i can give you a file... i create a hash of the file... if i have a process within the file that i give you that allows the file to more or less create the hash of itself, and if i can query/access the file to get the information, then i can more or less determine if the file has been changed.. But even if the file(s) you're checking haven't changed that doesn't have anything to do with determining whether or not a 3rd party program is eavesdropping on the entire conversation, stealing whatever data it wants. Go back to the wall analogy I gave earlier. You may, without a shadow of a doubt (and accurately so), know that you're speaking with a person you trust on the other side of the wall. But what you don't know, nor could you determine(!), is that there is another person standing next to the person you're talking to listening to everything you both say and writing it all down. You'd probably say, well I'll just ask the person I trust if someone else is there... But remember the rootkit? The person you trust may not even know another person is standing there so as far as the person you trust is concerned, there isn't anyone else listening. And now you're back to square one. So what if all your hashing and double checking of hashes succeeds. That doesn't change the fact that you don't have control over the client and that you can't be certain of what's happening on the client's side. Period. This thread is a joke. Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: security question...??
rene.. you've grapsed the problem/issue, as have most. all i said was that i've started to think about the issue of security as also meaning i have to start thinking about the client. just as users have had to start to think about 'is the site i'm looking at, really the site i want/should be looking at?' i'm not thinking of how to solve all the issues surounding the client machine.. nor am i simply willing to say i'm just going to focus only on the server app... but, ultimately, if this approach were introduced/used in the market, it would be up to the market to dscide... and let's be real, there will never be a solution for any problem that satifies everyone! that's life.. peace.. -bruce -Original Message- From: Rene Brehmer [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 22, 2005 2:55 PM To: php-general@lists.php.net Subject: Re: [PHP] Re: security question...?? Bruce, I think you missed my point here: Nomatter how secure the client's browser is, or even if he uses a custom made Client Access Program (believe me, the banks in Denmark used that approach at first because browsers weren't secure enough), it still doesn't change the fact that there may be other factors that cause the transmission to be insecure. A packet sniffer doesn't have to in any way be connected to the browser or other program used to access your server. And if the program used is made correctly (as in, not IE), you won't be able to detect whatever's running outside that program from the server side. And packet sniffers already exist in the majority of computers: firewalls, anti-virus, and network traffic monitors. They all do, or can, read the contents of the network packets going in and out of the computer. I have numerous versions of those, some of them will let me actually see the contents of each and every network packet ... Packet sniffers exist that'll let you monitor the network traffic on a remote computer, without even have access to that computer (one of my friends did it to me just to show how easy it is). So even if your server could see that the program your client uses is as secure as can be, there isn't any way possible that you'll be able to see if the connection between you and the client is tapped or not... My bank in Denmark use custom encryption plugins for the browser because the built-in encryption system isn't good enough. Their system is based upon HTML websites only because it's more comfortable to use, but without their custom plugin and the digital key I have to install to make it work, the online banking website is completely inaccessible. Their system don't even use normal cookies because it'd leave footprints on your computer. But it still doesn't change the fact that it still communicates through normal HTTP and TCP commands, and that the packets are still readable, although encrypted... Rene Documented research indicate that on Wed, 22 Jun 2005 06:00:48 -0700, bruce wrote: rene... the scenario that i'm envisioning could very well cause people to get ticked. but i also can easily see financial institutions starting to tell their customers, that unless your system is of a certain level, or running a certain kind of browser, that you'll get charged more to do business with them... security is an issue, and it's going to get larger. and that will require thinking about the user/client's setup.. if i as a bank, refuse to allow you to signin to my server, because i detect that your client is not valid/legitimate, meaning i think it's been hacked, how have i trampled the rights of anyone. i haven't. will some customers run, sure.. perhaps.. will i potentially feel better. yeah. will i potentially have something that i can promote as an extra level of security that others don't have, maybe.. let people continue to read/hear about massive losses of data and see what happens... rene, you also have to understand, i'm not trying to determine if the user's entire system is 'clean/valid'. i'd settle for a way of knowing that the browser/client that i'm talking to is legitimate!! -bruce -- Rene Brehmer aka Metalbunny We have nothing to fear from free speech and free information on the Internet, but pop-up advertising! http://metalbunny.net/ My little mess of things... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Help recognizing bots?
I'm using the following code in an effort to identify bots: $client = $_SERVER['HTTP_USER_AGENT']; if(!strpos($client, 'ooglebot') !strpos($client, 'ahoo') !strpos ($client, 'lurp') !strpos($client, 'msnbot')) { (Stuff that I do if it's not a bot) } But it doesn't seem to be catching a lot of bot action. Anyone have a better list of user agents? (I left off the first letter of some to avoid case conflicts.) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: security question...??
bruce mailto:[EMAIL PROTECTED] on Wednesday, June 22, 2005 3:17 PM said: but chris... go back and look at the entire thread... i never stated that i wanted to be able to know whether the entire system is secure on the client's end.. i stated that i wanted to be able to know if the client that i'm dealing with is legitimate.. Then what is the point? And why are you stopping your extra efforts at the client's web browser? What criteria did you use to determine that the client's webbrowser is as far as your duties should extend? You should extend it to include their entire computer. While you're at it make sure that the person doesn't write their password(s) down or give it away after being tempted with a chocolate bar. Also make sure the hardware is physically locked down too and make sure there are no keyloggers in between the keyboard and the PC. Ugh. Bruce, plain and simple your idea is not going to work and it's a waste of time. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] passing login paramters from php web application to asp web application. help.
On Wed, June 22, 2005 8:45 am, symbulos said: we have a peculiar problem here. Our customer log in in our customer relationship management application using a unique if, unique password. We use php with mysql. We have a partnership with a company which has a crm application developed in asp, sqlserver. The same customer log in in their crm using a different pair of unique login, unique password. We would like to allow the customer to log in our crm (php, mysql), then pass the parameter on automatically so that they can see also this part of the crm of the partner (asp, sqlserver) which is of common interest, without having to log in again. Do you have a solution for this problem? Can you get the usename/password from the other application? Without that, you have no hope. With it, you can then use http://php.net/curl to simulate the user logging in to the other site. You simply have to convince the other site that your PHP script actually *IS* the user logging in, which is seldom very tricky, and is always *POSSIBLE* with enough effort. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Push refresh from server to clients
On Wed, June 22, 2005 8:16 am, Simone Nanni said: i have a little question for you. I wrote a procedure that puts some images in a MySQL database from a reserved area that can be viewed, choosing in list of them in a client area. My problem is that in client area users must refresh (F5) their browser to see the newly added images in the list. How can i auto-refresh all opened clients when administrator insert a new image (push refresh from server)?? You can't, really... You could try to use the keep-alive stuff and server-push, but it won't work in a lot of browsers. Your best bet is to have the HEAD have a HTTP-EQUIV=REFRESH tag. Google for those keywords, and you'll find it. It's not PHP at all, really. Note that whatever else they may have filled in on the form will be lost when you auto-refresh... It's usually better to just accept that the user sees a list of what was available at the time they began their selection, though you may have one of the unusual rare exceptions on your hand. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] eml splitting
On Wed, June 22, 2005 1:48 am, david forums said: Hi Do you are or know where I could find something (already made) to split eml (getting headers, body) I try to have a look on imap extension, but it seems to need an smtp server connection. ?php $message = /full/path/to/email/message; $file = fopen($message) or die(Could not fopen $message); $headers = array(); $body = array(); $in_headers = true; while (!feof($file)){ $line = fgets($file); if ($in_headers $line != \n $line != \r\n){ $headers[] = $line; } else{ $in_headers = false; $body[] = $line; } } echo HEADERS:br /\n, implode(br /, $headers), hr /\n; echo BODY: br /\n, implode(br /, $body); ? You could also just keep headers and/or body as a string, by using the concatenation operator instead of [] = I think IMAP might also accept a FILENAME as an argument, and it would work. Read the docs. http://php.net/imap -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Extra (persistant) tier
On Mon, June 20, 2005 11:44 am, Evert | Rooftop said: I'm writing a big web application, and trying really hard to seperate business logic and presentation, which been no problem up to now. Because I abstracted the business logic so much the framework became heavier, sometimes a simple action can take up to 2 mb memory and several extra milliseconds. Perhaps you have abstracted the business logic in an inefficient manner... It's real easy to get carried away making a ton of objects that look real purty in the abstract, but are really just clutter when you get down to what you want the application to *DO*. Take a break from it, step back, and try to look at it sideways Sometimes the obvious set of classes is actually not the right answer I don't know how else to describe this... I know this doesn't sound much and I'm applying all kinds of technique's to reduce resource-usage and increase speed. The thing is, I feel like I need to split the business tier up in 2 tiers, one of them being my persisitant object manager. The main reason is because every script that is executed must do some initialization and database calls, and I think I could reduce this by making a persistant tier, but there doesn't seem a good way to do this using php except when I would use sockets. I don't think you are going to get the database connection to persist across scripts, period. You can use _pconnect so that the database server will re-use a connection data structure, which can improve performance. The penalties for _pconnect are memory and number of active connections. Each persistent connection will chew up a little bit of memory. The way it works out, each persistent connection ends up being tied to an Apache child. So you *MUST* configure your database to have *more* connections active than the number of Apache children. You want a few extra so you can still use mysql from shell or mysqladmin to bring down the server if you need to. You do *NOT* want to be locked out of mysqladmin because all the connections are tied up in Apache children. [shudder] If you really have a good chunk of semi-static persistent data, you should consider moving those into a PHP Module by re-writing the data load in C. Shared memory doesn't really seem like an option, because I would still need to include all the classes to manage it, and when I use shared memory, the memory would still be copied into the php memory + having a central manager seems like a good idea. Perhaps the data wouldn't *ALL* need to be copied into each PHP Module, but some of it could be accessed on an as-needed basis. I know I'm pretty vague in my requirements, but I think it should be enough to explain what kind of solution I´m looking for, because this seems like a big advantage of java over php, or am I mistaken? If you have any ideas, let me know :) I dunno how stable/mature the PHP/Java interface is, but maybe it would be an option to move the semi-static data into a Java object... Though you'd probably be even slower to get that data to/from PHP then. Worth checking out other's experience, or even a quickie trial run if you can hack up a test for a benchmark. Maybe (gasp) Java is what you should have written this in in the first place. OTOH, maybe you shouldn't have gone the route of Object-Oriented abstraction of business logic. If blazing speed is the requirement, that's not gonna be the answer, most times. A well-designed procedural body of code will generally out-perform OO and can still have sufficient separation of business logic from presentation logic. YMMV -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] variable object creating
On Tue, June 21, 2005 8:33 pm, Eli said: Hi, I want to create an object in a form that I get the class name and its parameters, and I need to create that object... How can this been done? i.e: $classname = MyClass; $construct_params = array(param1,param2,param3); /* Now create the object with the given classname and params... how? */ Did you try: $instance = new $classname($param1, $param2, $param3); Or do you really need the parameters in an array?... You could maybe use call_user_func_array or whatever it is, and write a tiny function that calls new on the arguments... -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Something is messing up the php output
I have a site that has this problem every once in a while, and seemingly randomly. It is a database driven site, as indicated by the error. This same page when loaded numerous times will sometimes work just fine, and then sometimes it will give an error message like this: - Warning: mysql_connect(): Unknown MySQL Server Host 'hostn[]me.domain.com' (1) in /usr/local/apache/htdocs/filename.php on line 8 Unknown MySQL Server Host 'hostn[]me.domain.com' (1) - Notice that in the word hostname the 'a' is not an 'a'. It is one of the empty boxes that usually indicates an unknown character. Here I represent it with square brackets for visual effect. When the source is check, there is absolutely nothing wrong with the hostname in the mysql_connect function. As I mentioned, if this page is reloaded it may be fine. After a while it may not have anymore problems for weeks. Or it may come back the next day. When It is happening I do not notice any major server process usage. The mis-interpreted character problem sometimes truncates a word, or just messes up a cerain random characters. I have had this happen on more than one site on more than one server. Does anyone have any idea what this may be? I am even accepting wild guesses at this point. Thanks, Jonathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Something is messing up the php output
I bet if you connect using the IP directly it will solve your problem. Thanks, Matt Babineau Criticalcode 858.733.0160 [EMAIL PROTECTED] http://www.criticalcode.com -Original Message- From: Jonathan Duncan [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 22, 2005 6:27 PM To: php-general@lists.php.net Subject: [PHP] Something is messing up the php output I have a site that has this problem every once in a while, and seemingly randomly. It is a database driven site, as indicated by the error. This same page when loaded numerous times will sometimes work just fine, and then sometimes it will give an error message like this: - Warning: mysql_connect(): Unknown MySQL Server Host 'hostn[]me.domain.com' (1) in /usr/local/apache/htdocs/filename.php on line 8 Unknown MySQL Server Host 'hostn[]me.domain.com' (1) - Notice that in the word hostname the 'a' is not an 'a'. It is one of the empty boxes that usually indicates an unknown character. Here I represent it with square brackets for visual effect. When the source is check, there is absolutely nothing wrong with the hostname in the mysql_connect function. As I mentioned, if this page is reloaded it may be fine. After a while it may not have anymore problems for weeks. Or it may come back the next day. When It is happening I do not notice any major server process usage. The mis-interpreted character problem sometimes truncates a word, or just messes up a cerain random characters. I have had this happen on more than one site on more than one server. Does anyone have any idea what this may be? I am even accepting wild guesses at this point. Thanks, Jonathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] text areas and line brakes
On Tue, June 21, 2005 8:59 am, Sunny Boy said: if someone writes something in a text box, how would I convert a line break in the text area to echo a br /? I think i'll have to get the \n and convert it. can anyone tell me? While the two solutions provided so far are Really Nifty (tm) both ignore the fact that Mac browsers/users may not be providing \n in the text area in the first place. ?php //Convert line break to Unix standard: $text = str_replace(\r\n, \n, $text); $text = str_replace(\r, \n, $text); //Convert to HTML: $text = nl2br($text); ? I HIGHLY recommend you do the conversion to Unix as part of your input filtering. The nl2br should be done only on OUTPUT, imho. YMMV -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] sending eml file
On Tue, June 21, 2005 9:00 am, david forums said: Could you give me a way to send (with a local sendmail) eml file. Not as attachment but as the whole email. If you want to maintain as many of the headers in the original as possible, you will want to use the extra fourth argument to http://php.net/mail or you may want to consider using SMTP directly or one of the Mail classes at http://phpclasses.org to make it easier to keep the headers you need. Some of the headers should probably not be preserved -- Message-ID springs to mind. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Strategies for debugging a segmentation fault on a production ser ver
On Tue, June 21, 2005 7:57 am, Michael Caplan said: I am looking for some advice on how to go about debugging Apache 1.3.33 / PHP 5.0.4 on a production Linux box (RHE 3). The scenario is this: Once a day we find a segfault in our apache logs. From our current position, we don't know what page was accessed, and our 400+ users haven't brought the issue to our attention. All we know is the date/time and PID of when the segfault occurred. The question is this: how can we go about isolating the offending requested page that bombs? Have you managed to get the same segfault on a development box?... Obviously, if you can make it happen on a dev box, you can then set up the conditions with Apache -X and whatnot to debug to your heart's content. Focus on reproducing the bug under laboratory conditions. I've set up a custom apache log file that populates each entry with the PID that handled it. However, when we do see a segfault, this log file does not appear to be populated with an entry that corresponds (within a 5 - 10 second period) to the PID that bombs. I'm guessing that the log file is only written to after a request is delivered? Maybe you could compare access_log to error_log. access_log tells you what they asked for. error_log tells you what they didn't get... Otherwise, looking at the PHP bugs page, it recommends rebuilding PHP with -enable-debug and running Apache with -X in order to get a core dump. Running apache with debug mode on is not an option on our production box. Is running apache -X mandatory to get a core dump? Any other strategies that you can recommend that would help us isolate the offending page so we can get to the good work of reproducing and fixing the problem at hand? For something this rare, as I said above, try to focus on making it happen on a dev box. In the sort term, you might be able to have the children serve fewer requests before commiting suicide, which might be worse for load, but also might avoid the segfaulting as often. Tough balancing act. And will only help if the segfault is somehow related to how long a child has been running, which might not be the case at all. I think you could also temporarily set up your logs to log MORE stuff -- perhaps even enough that you can compare access to error and make a one-to-one comparison of what was requested/delivered. It will chew up disk space something terrible, slow down the server a fair amount, but it might be feasible for a production box just long enough to get the data you need to pin down the segfault. If the segfault is hardware related, though, knowing which script it occurred in won't help in the least. A bad spot in RAM or on the hard drive in /tmp won't be triggered by any particular script. PS I'm no expert. Something I typed above could be balderdash. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] comparing two texts
On Sun, June 19, 2005 8:33 am, Robert Cummings said: On Sun, 2005-06-19 at 09:22, M. Sokolewicz wrote: jenny mathew wrote: Untested, very crude: ^^ It's a bit of a dirty hack though. If I compare a 2 character text against a 40k text, the error handler will be invoked (39998 * 3) times if $text1 is the 2 byte string. That's extremely inefficient. I don't think I've ever seen error suppression abused so badly to prevent writing an extra line or 2 using isset(). Don't you think I knew that when I typed it? What part of very crude did you not get? Ya want me to do Jenny's work for her for free or what?! :-) The point was that depending on what Jenny wants for output, it could be pretty easy to compare two strings character by character. Or it could be incredibly difficult, if you need diff-like capabilities of recognizing similar lines of text interspersed with radically different lines of text. She obviously didn't like the use diff answer, so I gave her the yeast to roll her own. 'Course, she didn't like that either, but that's hardly my fault. [shrug] -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] comparing two texts
On Wed, 2005-06-22 at 22:55, Richard Lynch wrote: On Sun, June 19, 2005 8:33 am, Robert Cummings said: On Sun, 2005-06-19 at 09:22, M. Sokolewicz wrote: jenny mathew wrote: Untested, very crude: ^^ It's a bit of a dirty hack though. If I compare a 2 character text against a 40k text, the error handler will be invoked (39998 * 3) times if $text1 is the 2 byte string. That's extremely inefficient. I don't think I've ever seen error suppression abused so badly to prevent writing an extra line or 2 using isset(). Don't you think I knew that when I typed it? What part of very crude did you not get? Well some noobs might think crude works quite well for them :) Ya want me to do Jenny's work for her for free or what?! :-) No but it seemed like Jenny did *grin*. The point was that depending on what Jenny wants for output, it could be pretty easy to compare two strings character by character. Or it could be incredibly difficult, if you need diff-like capabilities of recognizing similar lines of text interspersed with radically different lines of text. She obviously didn't like the use diff answer, so I gave her the yeast to roll her own. 'Course, she didn't like that either, but that's hardly my fault. [shrug] -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Something is messing up the php output
On Wed, June 22, 2005 6:26 pm, Jonathan Duncan said: I have a site that has this problem every once in a while, and seemingly randomly. It is a database driven site, as indicated by the error. This same page when loaded numerous times will sometimes work just fine, and then sometimes it will give an error message like this: - Warning: mysql_connect(): Unknown MySQL Server Host 'hostn[]me.domain.com' (1) in /usr/local/apache/htdocs/filename.php on line 8 Unknown MySQL Server Host 'hostn[]me.domain.com' (1) - Notice that in the word hostname the 'a' is not an 'a'. It is one of the empty boxes that usually indicates an unknown character. Here I represent it with square brackets for visual effect. When the source is check, there is absolutely nothing wrong with the hostname in the mysql_connect function. As I mentioned, if this page is reloaded it may be fine. After a while it may not have anymore problems for weeks. Or it may come back the next day. When It is happening I do not notice any major server process usage. The mis-interpreted character problem sometimes truncates a word, or just messes up a cerain random characters. I have had this happen on more than one site on more than one server. Does anyone have any idea what this may be? I am even accepting wild guesses at this point. WILD GUESS ALERT! Until you said on more than one server I was thinking a heat-related intermittent hardware error corrupting the file read, so a turned into some not-quite-random character... You *SURE* it's on multiple servers?... Are all machines running the same software versions? Are you using multi-byte strings? Those are not quite as pounded on as much as one might like... Have you done anything funky to force libc-glibc upgrade? Or a kernel upgrade? Are you running anything bleeding/leading edge? (Apache 2, PHP 5, mysqli etc) Can you rollback for awhile and test? If you are using Apache 2, are you in that pre-fork mode, or is it running threaded? What PHP Modules are you running? Aha! My wild guesses have lead me to a hypothesis: You *are* using Apache 2 in threaded environment and some PHP Module (or other software) is not thread-safe. *WHICH* one[s] are not thread-safe is totally open to question... It could even be some weird interaction between *TWO* Modules that very rarely exhibits itself by random changing of memory bits. Ugh! Are there any Modules you could get rid of completely and just change the applications to do without? Do you have a test Development box that exhibits this behaviour? Run it and ab stress test it and pound on it with as many different requests in as random an order you can achieve. If you can get the dev box to mis-behave somewhat reliably, try getting rid of one PHP Module after another, and re-test incessantly. Could you roll back to Apache 1.x or at least do that pre-fork thing so you are not using threads on the production server, and see if it goes away? Some of the above questions/implications are mutually exclusive. :-) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Help recognizing bots?
On Wed, June 22, 2005 3:57 pm, Brian Dunning said: I'm using the following code in an effort to identify bots: $client = $_SERVER['HTTP_USER_AGENT']; if(!strpos($client, 'ooglebot') !strpos($client, 'ahoo') !strpos ($client, 'lurp') !strpos($client, 'msnbot')) { (Stuff that I do if it's not a bot) } But it doesn't seem to be catching a lot of bot action. Anyone have a better list of user agents? (I left off the first letter of some to avoid case conflicts.) Check your logfiles and/or web stats. The most common bots should be pretty apparent. Here's a hack that might be useful to you: 1. Change .htaccess thusly: Files robots.txt ForceType application/x-httpd-php /Files 2. Edit robots.txt: ?php error_log(robot_detected: $_SERVER[HTTP_USER_AGENT]); ? Since only legitimate robots read robots.txt, that should quickly generate a list of legimate bots visiting your site. You could even insert it into a database with a unique key on the value, ignoring the errors of duplicates, and then you'd have the data already filtered down to uniques. Be a bit slower than error_log, I should think... Maybe. Course, it won't help at all with the idiot illegitmate bots... And this could be a bit too much for a real busy site... Though you'd hope that the good bots (which read robots.txt) aren't pounding you THAT hard... -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: security question...??
On Wed, June 22, 2005 3:27 pm, bruce said: rene.. you've grapsed the problem/issue, as have most. all i said was that i've started to think about the issue of security as also meaning i have to start thinking about the client. just as users have had to start to think about 'is the site i'm looking at, really the site i want/should be looking at?' It's remotely possible that you could get an RFC going about software installation generating an SSL certificate on the client, tied to the client's hardware signature[s]/ID[s], digitally signed by the software installation only if the MD5 hash of the software matched an expected value, and... No, still too easy to hack, if the Bad Guy can change out the binary of the browser in the first place. I think everybody here is thinking about what you are saying, and they're all saying It won't work So you can either be the next Einstein and prove them wrong, or it really won't work. Take your pick. At any rate, it's not a PHP question, and you should probably take it to a Security RFC type of forum, please. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Extra (persistant) tier
When I worked with other OO languages, I usually designed my persistent business objects in two levels. A level (lower level) designed and implemented direct database calls. Each database table had a class abstraction at this level which provided the database calls for saving, loading and etc. At this level I also provided for the caching considerations, i.e. if a table was already queried and a list was available the list in memory was used instead of querying again. The next level was where the business model was implemented. If a business object required information from three tables that related to each other in a certain way the load methods would access the objects from cached lists in three different classes (each representing a database table) and created the final list. At this stage the list was cached and also represented the business logic. Although I haven't done this in PHP I think with PHP5 it's possible. The only challenge may be the caching of query results but I think Pear modules already have something about that. -Original Message- From: Richard Lynch [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 22, 2005 9:14 PM To: Evert | Rooftop Cc: PHP-Users Subject: Re: [PHP] Extra (persistant) tier On Mon, June 20, 2005 11:44 am, Evert | Rooftop said: I'm writing a big web application, and trying really hard to seperate business logic and presentation, which been no problem up to now. Because I abstracted the business logic so much the framework became heavier, sometimes a simple action can take up to 2 mb memory and several extra milliseconds. Perhaps you have abstracted the business logic in an inefficient manner... It's real easy to get carried away making a ton of objects that look real purty in the abstract, but are really just clutter when you get down to what you want the application to *DO*. Take a break from it, step back, and try to look at it sideways Sometimes the obvious set of classes is actually not the right answer I don't know how else to describe this... I know this doesn't sound much and I'm applying all kinds of technique's to reduce resource-usage and increase speed. The thing is, I feel like I need to split the business tier up in 2 tiers, one of them being my persisitant object manager. The main reason is because every script that is executed must do some initialization and database calls, and I think I could reduce this by making a persistant tier, but there doesn't seem a good way to do this using php except when I would use sockets. I don't think you are going to get the database connection to persist across scripts, period. You can use _pconnect so that the database server will re-use a connection data structure, which can improve performance. The penalties for _pconnect are memory and number of active connections. Each persistent connection will chew up a little bit of memory. The way it works out, each persistent connection ends up being tied to an Apache child. So you *MUST* configure your database to have *more* connections active than the number of Apache children. You want a few extra so you can still use mysql from shell or mysqladmin to bring down the server if you need to. You do *NOT* want to be locked out of mysqladmin because all the connections are tied up in Apache children. [shudder] If you really have a good chunk of semi-static persistent data, you should consider moving those into a PHP Module by re-writing the data load in C. Shared memory doesn't really seem like an option, because I would still need to include all the classes to manage it, and when I use shared memory, the memory would still be copied into the php memory + having a central manager seems like a good idea. Perhaps the data wouldn't *ALL* need to be copied into each PHP Module, but some of it could be accessed on an as-needed basis. I know I'm pretty vague in my requirements, but I think it should be enough to explain what kind of solution I´m looking for, because this seems like a big advantage of java over php, or am I mistaken? If you have any ideas, let me know :) I dunno how stable/mature the PHP/Java interface is, but maybe it would be an option to move the semi-static data into a Java object... Though you'd probably be even slower to get that data to/from PHP then. Worth checking out other's experience, or even a quickie trial run if you can hack up a test for a benchmark. Maybe (gasp) Java is what you should have written this in in the first place. OTOH, maybe you shouldn't have gone the route of Object-Oriented abstraction of business logic. If blazing speed is the requirement, that's not gonna be the answer, most times. A well-designed procedural body of code will generally out-perform OO and can still have sufficient separation of business logic from presentation logic. YMMV -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
Re: [PHP] Something is messing up the php output
I see where you are coming from and it is a good idea. However, in this particular problem it is not so much DNS related. If I were to use an IP then the error could very well just say this: - Warning: mysql_connect(): Unknown MySQL Server Host '192.1[]8.0.1' (1) in /usr/local/apache/htdocs/filename.php on line 8 Unknown MySQL Server Host '192.1[]8.0.1' (1) - Thanks, Jonathan Matt Babineau [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I bet if you connect using the IP directly it will solve your problem. Thanks, Matt Babineau Criticalcode 858.733.0160 [EMAIL PROTECTED] http://www.criticalcode.com -Original Message- From: Jonathan Duncan [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 22, 2005 6:27 PM To: php-general@lists.php.net Subject: [PHP] Something is messing up the php output I have a site that has this problem every once in a while, and seemingly randomly. It is a database driven site, as indicated by the error. This same page when loaded numerous times will sometimes work just fine, and then sometimes it will give an error message like this: - Warning: mysql_connect(): Unknown MySQL Server Host 'hostn[]me.domain.com' (1) in /usr/local/apache/htdocs/filename.php on line 8 Unknown MySQL Server Host 'hostn[]me.domain.com' (1) - Notice that in the word hostname the 'a' is not an 'a'. It is one of the empty boxes that usually indicates an unknown character. Here I represent it with square brackets for visual effect. When the source is check, there is absolutely nothing wrong with the hostname in the mysql_connect function. As I mentioned, if this page is reloaded it may be fine. After a while it may not have anymore problems for weeks. Or it may come back the next day. When It is happening I do not notice any major server process usage. The mis-interpreted character problem sometimes truncates a word, or just messes up a cerain random characters. I have had this happen on more than one site on more than one server. Does anyone have any idea what this may be? I am even accepting wild guesses at this point. Thanks, Jonathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Something is messing up the php output
Yes, it has happened on different servers, none of them is bleeding edge, still using Apache 1.x and PHP 4.3.x. The sites are not using any character sets other than default. The machines are in a heat controlled environment and monitored for change so I would know if there was that kind of problem. One of the sites that I have seen it on is an osCommerce site. Another site is a custom built site. I am inclined to think that because it happens so rarely and when it does happen it is so random that there must be some combination of events that are hard to track as being part of the same problem. Thanks for the brainstorm, you did give me some things to think about. It has since subsided again so I will have to wait for it to happen again before I can troubleshoot more. This makes it very hard. Thanks everyone. If anyone has more ideas I am still open to them. Jonathan Richard Lynch [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] WILD GUESS ALERT! Until you said on more than one server I was thinking a heat-related intermittent hardware error corrupting the file read, so a turned into some not-quite-random character... You *SURE* it's on multiple servers?... Are all machines running the same software versions? Are you using multi-byte strings? Those are not quite as pounded on as much as one might like... Have you done anything funky to force libc-glibc upgrade? Or a kernel upgrade? Are you running anything bleeding/leading edge? (Apache 2, PHP 5, mysqli etc) Can you rollback for awhile and test? If you are using Apache 2, are you in that pre-fork mode, or is it running threaded? What PHP Modules are you running? Aha! My wild guesses have lead me to a hypothesis: You *are* using Apache 2 in threaded environment and some PHP Module (or other software) is not thread-safe. *WHICH* one[s] are not thread-safe is totally open to question... It could even be some weird interaction between *TWO* Modules that very rarely exhibits itself by random changing of memory bits. Ugh! Are there any Modules you could get rid of completely and just change the applications to do without? Do you have a test Development box that exhibits this behaviour? Run it and ab stress test it and pound on it with as many different requests in as random an order you can achieve. If you can get the dev box to mis-behave somewhat reliably, try getting rid of one PHP Module after another, and re-test incessantly. Could you roll back to Apache 1.x or at least do that pre-fork thing so you are not using threads on the production server, and see if it goes away? Some of the above questions/implications are mutually exclusive. :-) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Help with image map problem...
OK this is one of those crazy issues where blindness seems to set in, or some kind of issue. I seem to not be getting a value passed to a php script when trying to use the value within an image map. If I put this in the .php file, the results are as expected: Value: % echo $value; % If in the SAME file I put: map name=FPMap0 area href=display_status.php?searchby=cust_nosearch=1value=% echo $value % shape=rect coords=51, 1, 215, 34 /map or if I get carried away this: % echo map name=\FPMap0\ area href=\display_status.php?searchby=cust_nosearch=1value=\ .$value. \ shape=\rect\ coords=\51, 1, 215, 34\ /mapimg border=\0\ src=\images/repair_status_menu.gif\ width=\570\ height=\203\ usemap=\#FPMap0\ % neither one provides the value of $value Any ideas are greatly appreciated! Joey -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php