[PHP] Re: [suspicious - maybe spam] [PHP] [suspicious - maybe spam] RE: [PHP] RE: Issues with News sites again...
Death Gauge wrote: I'll try that...But why shouldn't I have register_globals on (which my ISP does and every tutorial I've ever read says to do in order to use several different features of PHP:-/). http://php.net/security.globals I would be very worried about the quality of any tutorial that said that (and any ISP that did that by default). -- Jasper Bryant-Greene Freelance web developer http://jasper.bryant-greene.name/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] trying to figure out the best/efficient way to tell whoislogged into a site..
bruce wrote: ben... your statements/approach is pretty much what i've been thinking of. however, with regards to the forums/cms apps.. i've yet to find one that actually keeps a track of the logged in users, that works when the user kills the browser.. the ones that i've seen, that allow an admin to see who's online, appear to fail when i've killed the test user. the apps still show the killed user as being online... hence my isuue! Bruce, what I have been trying to explain is that this _can_not_ be overcome. The web is stateless. Connections between server and client last only long enough for a file to be requested and sent, once that has happened the server and client are no longer connected and have no knowledge of each other. _No_ server-side program will be able to tell you when a user closes their browser or goes to another web site. HTTP simply doesn't provide what you are looking for. - Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Little Problem with my Guestbook
Hi. I'm new to PHP. I need some help from you, because, I'm creating a guestbook. But I have a little problem. I have a table, where the different My-SQL-Entries are read out. But now I get only one Entry, but not more. How can do it, that the table read out 4 times, when 4 entries are in the database? And the cursor from the database are jumping to the next entry. Sorry for my bad english. :) MFG Florian Paucke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Little Problem with my Guestbook
Florian Paucke wrote: I need some help from you, because, I'm creating a guestbook. But I have a little problem. I have a table, where the different My-SQL-Entries are read out. But now I get only one Entry, but not more. How can do it, that the table read out 4 times, when 4 entries are in the database? And the cursor from the database are jumping to the next entry. Sorry for my bad english. :) Please provide the code that is causing problems so that we can understand your problem and help you fix it. -- Jasper Bryant-Greene Freelance web developer http://jasper.bryant-greene.name/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Modifying data in forms with values
Robert, Murray's suggestion is good. Here is some code to produce the current value of 'county' in a select list: !-- START of counties.php -- ?php $_REQUEST['county'] = !isset($_REQUEST['county'])? NULL:$_REQUEST['county']; // initialize or capture ? select name=county option value=?php echo $_REQUEST['county'];? SELECTED?php echo $_REQUEST['county'];?/option !-- Add, remove or change any of the select option items below: -- option value=AberdeenshireAberdeenshire/option option value=AngusAngus/option option value=Argyll ButeArgyll Bute/option option value=AvonAvon/option option value=AyrshireAyrshire/option option value=BedfordshireBedfordshire/option option value=BerkshireBerkshire/option option value=BordersBorders/option option value=Western IslesWestern Isles/option /select !-- END of counties.php -- Here's a basic select list article: http://www.globalissa.com/articles/articleSelectList.php Dave. http://www.globalissa.com === I have to create registration forms all the time for people in the office and what I keep running into is that I need a way for when they edit a field that the drop-down list of choices is automatically set for the right now. I have 100+ counties in one list, but I don't want to write 100+ if statements for checking to see if the value of $county equals the value of the field I am drop down choice. Anyone have some quick solutions? I have radio buttons as well, but going to use a drop-down list for the editing pages to make it all simple. === -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Little Problem with my Guestbook
Florian Paucke wrote: Hi. I'm new to PHP. I need some help from you, because, I'm creating a guestbook. But I have a little problem. I have a table, where the different My-SQL-Entries are read out. But now I get only one Entry, but not more. How can do it, that the table read out 4 times, when 4 entries are in the database? And the cursor from the database are jumping to the next entry. Sorry for my bad english. :) Assuming you are using a SELECT statement that returns more than one row, you need to loop through the rows that are returned by your query. Have a look at the examples for mysql_fetch_array in the php docs at php.net/mysql_fetch_array The examples show the entire process from the SELECT statement through to printing the results with printf. You may find printf a bit daunting; echo might be easier for a beginner unless you are used to C. To use echo, in example 3 replace printf(ID: %s Name: %s, $row[id], $row[name]); with echo ID: {$row[id]} Name: {$row[name]}; Cheers -- David Robley I Never Knew A Cat Who Suffered From Insomnia. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] linux embedded no db which way
guys hi all, quite new in this list I'm involved in a project with php in a linux embedded environment, it's impossibile to use a db server, any suggestion on how to handle few hundreds of simple records ? tia - happy work with php! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Webservices and PHP?
Hi there! I want to learn about creating webservices with PHP? (Is it possible with PHP 4.3.11?) and calling webservices against ASP.Net. Anyone has suggestion where I should start looking? /G http://www.varupiraten.se/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] linux embedded no db which way
- Original Message - From: adriano ghezzi [EMAIL PROTECTED] To: php-general@lists.php.net Sent: Wednesday, September 14, 2005 8:57 AM Subject: [PHP] linux embedded no db which way guys hi all, quite new in this list I'm involved in a project with php in a linux embedded environment, it's impossibile to use a db server, any suggestion on how to handle few hundreds of simple records ? tia - happy work with php! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Hi there! Impossible to use a db-server? Why? An alternative may be to use textfile, but it's not a good alternative OR maybe connect to a Excel-sheet or something like that? /G http://www.varupiraten.se/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] linux embedded no db which way
adriano ghezzi wrote: guys hi all, quite new in this list I'm involved in a project with php in a linux embedded environment, it's impossibile to use a db server, any suggestion on how to handle few hundreds of simple records ? A text file, comma-separated or similar? http://php.net/fputcsv -- Jasper Bryant-Greene Freelance web developer http://jasper.bryant-greene.name/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] uk summer time
Hi, I am looking for a function that returns the local time in the uk, it has to account for the clock changes in winter and summner. date_default_timezone_set('GMT'); - does not work. Thanks, Ross -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] SOAP?
Hi there! If you look at this link (it shows info of the server) http://www.stammis.com/agendalatina/info.php Is it possible to use PEAR SOAP-package? /G http://www.varupiraten.se/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Output of html without using functions?
Hi there! Look at the following code code1.php ?php echo rand(1,1); ? code2.php //Here I want to get the output of code1.php without using functions. Is it possible? // //Something like $test = require(http://domain/mobil_info.php); but instead of returning 1 at success I want to return the random value... Why? Because I want to be platform independent. I'm connecting to a server running PHP 4.3.11. Ideas? Please give me! /G http://www.varupiraten.se -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] linux embedded no db which way
This one time, at band camp, adriano ghezzi [EMAIL PROTECTED] wrote: guys hi all, quite new in this list I'm involved in a project with php in a linux embedded environment, it's impossibile to use a db server, any suggestion on how to handle few hundreds of simple records ? sqlite.org SQLite is also bundled with php5 making it totally l33t Kevin -- Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Fwd: [PHP] linux embedded no db which way(2)
-- Forwarded message -- From: Jasper Bryant-Greene [EMAIL PROTECTED] Date: 14-set-2005 9.01 Subject: Re: [PHP] linux embedded no db which way To: php-general@lists.php.net adriano ghezzi wrote: guys hi all, quite new in this list I'm involved in a project with php in a linux embedded environment, it's impossibile to use a db server, any suggestion on how to handle few hundreds of simple records ? A text file, comma-separated or similar? http://php.net/fputcsv -- Jasper Bryant-Greene Freelance web developer http://jasper.bryant-greene.name/ -- - hy bryant -no space for db and no cpu power it is a really poor environment looking for a template or framework csv may be ok but need to handle all records management eg.: insert,delete,search every time rewriting text file -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] uk summer time
- Original Message - From: Ross [EMAIL PROTECTED] To: php-general@lists.php.net Sent: Wednesday, September 14, 2005 9:06 AM Subject: [PHP] uk summer time Hi, I am looking for a function that returns the local time in the uk, it has to account for the clock changes in winter and summner. date_default_timezone_set('GMT'); - does not work. Thanks, Ross -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Hi there! Maybe these functions can help? I'm not sure though http://se2.php.net/manual/sv/function.date-sunrise.php http://se2.php.net/manual/sv/function.date-sunset.php /G http://www.varupiraten.se/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Little Problem with my Guestbook
?php include(sql.inc.php); include(config.inc.php); $connection = mysql_connect($sql['host'],$sql['uid'],$sql['pwd']); $select_db = mysql_select_db($sql['db']); $select = mysql_query('SELECT * FROM comments'); $data = mysql_fetch_array($select); $result = mysql_query('SELECT * FROM comments'); $rows = mysql_num_rows($result); ? ?php echo Gauml;stebucheintrauml;ge gesamt: $rows; ? table border=1 width=95% tr td ID: /td td ?php echo $data[id]; ? /td /tr tr td Name: /td td ?php echo $data[autor]; ? /td /tr tr td Titel: /td td ?php echo $data[titel]; ? /td /tr tr td Kommentar: /td td pre?php echo $data[comment]; ?/pre /td /tr /table Thats the code i have written. And I would like to post the table/table how often I have SQL-entries in my database. I hope you understand what I would like to say. And in each cycle it ought to put out the next entry of the database. Florian P. Jasper Bryant-Greene [EMAIL PROTECTED] schrieb im Newsbeitrag news:[EMAIL PROTECTED] Florian Paucke wrote: I need some help from you, because, I'm creating a guestbook. But I have a little problem. I have a table, where the different My-SQL-Entries are read out. But now I get only one Entry, but not more. How can do it, that the table read out 4 times, when 4 entries are in the database? And the cursor from the database are jumping to the next entry. Sorry for my bad english. :) Please provide the code that is causing problems so that we can understand your problem and help you fix it. -- Jasper Bryant-Greene Freelance web developer http://jasper.bryant-greene.name/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Webservices and PHP?
Hi. What kind of webservices do you mean??? Do you mean Guestbooks? Or do you mean Forums? Or what else? Greets Gustav Wiberg [EMAIL PROTECTED] schrieb im Newsbeitrag news:[EMAIL PROTECTED] Hi there! I want to learn about creating webservices with PHP? (Is it possible with PHP 4.3.11?) and calling webservices against ASP.Net. Anyone has suggestion where I should start looking? /G http://www.varupiraten.se/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Output of html without using functions?
Hi, You can use your code1.php as ?php return rand(1,1); ? and then you can get the value as $returnedData = require(code1.php); On 9/14/05, Gustav Wiberg [EMAIL PROTECTED] wrote: Hi there! Look at the following code code1.php ?php echo rand(1,1); ? code2.php //Here I want to get the output of code1.php without using functions. Is it possible? // //Something like $test = require(http://domain/mobil_info.php); but instead of returning 1 at success I want to return the random value... Why? Because I want to be platform independent. I'm connecting to a server running PHP 4.3.11. Ideas? Please give me! /G http://www.varupiraten.se -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- *** phpgurru.com http://phpgurru.com [A php resource provider] *** \\\|/// \\ - - // ( @ @ ) PHP is too logical for my brain +---oOOo-(_)-oOOo--+ | Mian Shafiq ur Rehman | phpgurru.com http://phpgurru.com [A php resource provider] | 107 B, New Town, Multan Road | Lahore Pakistan | | Mobile: 0300 423 9385 | | ooo0 http://www.phpgurru.com | ( ) 0ooo E-Mail: [EMAIL PROTECTED] +---\ (( )--+ \_) ) / (_/
Re: [PHP] Output of html without using functions?
Gustav Wiberg wrote: //Something like $test = require(http://domain/mobil_info.php); but instead of returning 1 at success I want to return the random value... $test = file_get_contents(http://domain/mobil_info.php); assuming allow_url_fopen is on, otherwise look at the CURL functions or use raw sockets -- Jasper Bryant-Greene Freelance web developer http://jasper.bryant-greene.name/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Output of html without using functions?
Gustav Wiberg wrote: Hi there! Look at the following code code1.php ?php echo rand(1,1); ? code2.php //Here I want to get the output of code1.php without using functions. Is it possible? // //Something like $test = require(http://domain/mobil_info.php); but instead of returning 1 at success I want to return the random value... Why? Because I want to be platform independent. I'm connecting to a server running PHP 4.3.11. I have no idea whether what you want to do is actually what you want to do but output buffering will get you there none the less... e.g.: ob_start() ob_get_clean() start reading here: http://php.net/manual/en/ref.outcontrol.php Ideas? Please give me! /G http://www.varupiraten.se -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Dynamically determine class
Hi, I'm using PHP5 and try to do something like this: I have a base class called 'Entry' and a child class called 'ExtendedEntry'. I want to read all Entries to a certain topic from a database. While constructing the EntryObject I would like to look if Entry is a simple Entry or an ExtendedEntry. I want the new object to be an ExtendedEntry - if possible - and otherwise to be an Entry. It was not possible to return the object in the __construct() function and it was not possible to reassign $this with code like $this = new ExtendedEntry() also in the __construct() function. And I tried to always generate an ExtendedEntry with a flag, that says it is really Extended and a typecast afterwards, but I wasn't able to typecast to another object by (Entry) $extEntry. Any suggestions how to solve this problem without writing a generateEntry() function, that looks into the database and then calls the correct class type? thanks in advance, Norbert -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Webservices and PHP?
Gustav Wiberg wrote: Hi there! I want to learn about creating webservices with PHP? (Is it possible with PHP 4.3.11?) and calling webservices against ASP.Net. Anyone has suggestion where I should start looking? /G http://www.varupiraten.se/ Hi Gustav What I can suggest is to try and get your hands on the following book PHP Anhology Object Oriented PHP Solutuons VolumeII by Harry Fuecks. In chapter 2 he explains how to setup a webservices. You can order the book from www.sitepoint.com You can also have look at the following article http://www.sitepoint.com/article/web-services-demystified Another website that might help is http://www.codewalkers.com Regards Robert -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Output of html without using functions?
- Original Message - From: George Pitcher [EMAIL PROTECTED] To: Gustav Wiberg [EMAIL PROTECTED] Sent: Wednesday, September 14, 2005 9:47 AM Subject: RE: [PHP] Output of html without using functions? Gustav, For true simplicity (platform independence), you need to do a lot more work. Do your coding as normal except where it might be affected by the platform in which case you need to be able to check the platform and perform the relevant function (works for paths etc too). My site was being developed on a Win XP laptop for deployment on a Linux server, until the company changed its mind and decided to use an existing NT4 server. My site still works fine even though my dev machine uses IIS and the server uses Apache. I don't need to worry about this as I include a config file at the head of each script that sets the paths accordingly. Hope this helps. George in Oxford -Original Message- From: Gustav Wiberg [mailto:[EMAIL PROTECTED] Sent: 14 September 2005 8:41 am To: PHP General Subject: [PHP] Output of html without using functions? Hi there! Look at the following code code1.php ?php echo rand(1,1); ? code2.php //Here I want to get the output of code1.php without using functions. Is it possible? // //Something like $test = require(http://domain/mobil_info.php); but instead of returning 1 at success I want to return the random value... Why? Because I want to be platform independent. I'm connecting to a server running PHP 4.3.11. Ideas? Please give me! /G http://www.varupiraten.se -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Hi there! Ok, here's the deal. I want to do this: A cooperation-partner has ASP.Net. I have PHP. Neither of us will change programming language. If I write a function in PHP. Main question: Would the partner be able to get the value from a function written in PHP across the Internet? Or what's the solution? /G http://www.varupiraten.se -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Webservices and PHP?
- Original Message - From: Robert Graham [EMAIL PROTECTED] To: Gustav Wiberg [EMAIL PROTECTED] Cc: PHP General php-general@lists.php.net Sent: Wednesday, September 14, 2005 10:01 AM Subject: Re: [PHP] Webservices and PHP? Gustav Wiberg wrote: Hi there! I want to learn about creating webservices with PHP? (Is it possible with PHP 4.3.11?) and calling webservices against ASP.Net. Anyone has suggestion where I should start looking? /G http://www.varupiraten.se/ Hi Gustav What I can suggest is to try and get your hands on the following book PHP Anhology Object Oriented PHP Solutuons VolumeII by Harry Fuecks. In chapter 2 he explains how to setup a webservices. You can order the book from www.sitepoint.com You can also have look at the following article http://www.sitepoint.com/article/web-services-demystified Another website that might help is http://www.codewalkers.com Regards Robert -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Thanx! /G http://www.varupiraten.se/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: ADODB vs PHP extension
Dean Maunder wrote: My apologies, I meant the PEAR ADODB abstraction layer/ If you mean DB_ado (from http://pear.php.net/package/DB_ado) I can't say anything about it because I haven't used it. But if you mean ADOdb Database Abstraction Library for PHP (from http://adodb.sourceforge.net/): It should be somewhat faster if you use the extension, because of the abstraction layer there is some overhead by using the class even when the class itself also uses the extension. So if you need all the speed you can get use the extension calls, but if you want a system where you can easily adopt from one database to another, handy helping functions for database specific date conversion and a nice sql query caching system, you should use the abstraction layer. Jens -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Output of html without using functions?
Hi there! Ok.. Thanx! Yes, I must be able to get info from his site, BUT i can't install anything (Not Curl either) on the server because the server belongs to b-one.net and not me. Is it impossible then? /G http://www.varupiraten.se/ - Original Message - From: George Pitcher [EMAIL PROTECTED] To: Gustav Wiberg [EMAIL PROTECTED] Sent: Wednesday, September 14, 2005 10:08 AM Subject: RE: [PHP] Output of html without using functions? Gustav, If I write a function in PHP. Main question: Would the partner be able to get the value from a function written in PHP across the Internet? Two issues here. 1. Do you need to be able to get data from his site? If so you need to look at curl functions - not used them myself. 2. Does he need to get info from your site? That's his problem - not yours. If you both decide that you won't converge to a single strategy then you will both have to build code to extract results from the other site. It wouldn't matter what the 'other' site was written in as long as it was generating the result in html (or soap, or xml etc). Hope this helps the thinking. George -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PHP 5, LDAP/Active Directory
On my server I'm running: Fedora Core 4 Apache 2 PHP 5 compiled with OpenLDAP To shed more light on the topic, bug #30670 [ http://bugs.php.net/ bug.php?id=30670edit=0 ] seems to fit my situation perfectly. As some of the posts on that bug suggest, I've tried using ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION,3); ldap_set_option($ldap, LDAP_OPT_REFERRALS,0); between ldap_connect and ldap_bind but I still get the Operations error message. Everyone seems to be able to get this to work as long as they are running PHP4, but I have yet to see (or realize I've seen) a solution from someone using PHP5. I've also found where blizzards at libero dot it has posted When querying a windows 2000/2003 AD you MUST use only SASL and not TLS (non supported). - Is this true? ?php $ds = ldap_connect('ad.server.com'); make sure this is working by doing this: if($ds){ $lb = ldap_bind($ds, 'username', 'password'); then this: echo Bind result is . $lb . br /; (should show 1) // At this point the bind looks successful // so we'll try a query $res = ldap_search($ds, 'o=My Company,c=US','sn=S*'); Are you certain that this is the correct distinguished name? This is the bit I struggled with. It will be the name at the very top of your active directory (or the bit you are trying to search). To find this, I went onto the windows box in question, and opened the active directory users and computers. The top level entry, which the Groups and Users are directly beneath, is what you are looking for. In my case, it was mydomain.com, so my distinguished name looked like this: DC=mycompany, DC=com If I tried anything else here, it gave me an operations error So since you've got it working with PHP5 can you verify that SASL is/ is not needed to communicate to an AD 2003 server from linux? I keep leaning towards the possibility that I need that, but can't seem to find any way to tell for sure since the ldap_sasl_bind() function isn't documented yet. No, I'm using windows 200, can't help with that I'm afraid Good luck Mark -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Deny access from certain hosts
Aaron Greenspan wrote: Can you do that with .htaccess? Please have a look at http://www.webmasterworld.com/forum92/2783.htm found it on the second page with the search termin apache block requests from specific referrers. Jens -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Dynamically determine class
Norbert Wenzel wrote: Hi, I'm using PHP5 and try to do something like this: I have a base class called 'Entry' and a child class called 'ExtendedEntry'. I want to read all Entries to a certain topic from a database. While constructing the EntryObject I would like to look if Entry is a simple Entry or an ExtendedEntry. I want the new object to be an ExtendedEntry - if possible - and otherwise to be an Entry. It was not possible to return the object in the __construct() function and it was not possible to reassign $this with code like $this = new ExtendedEntry() also in the __construct() function. And I tried to always generate an ExtendedEntry with a flag, that says it is really Extended and a typecast afterwards, but I wasn't able to typecast to another object by (Entry) $extEntry. Any suggestions how to solve this problem without writing a generateEntry() function, that looks into the database and then calls the correct class type? no not really - although I would suggest to create a static member function (method) in the base class that acts as the factory e.g: class Entry { static public function create($key = array(), $type = null) { // $type could be used to force the type of class // or specify a class for a new object (as opposed to // an object created from existing database content // $key could be used to pass the relevant primary key(s) // in order to retrieve the relevant data. (leave empty to create // a 'new' object?) } } actually you might try looking into the delegation pattern which could offer an alternative to a factory function (i.e. the object can make extra methods from contained/helper classes available depending on the type of data retrieved) thanks in advance, Norbert -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quick Poll: PHP 4 / 5
hi Ryan, here are my crosses :-) It would be nice if you could compile a small summary at some stage based on the replies - any chance of that? Ryan A wrote: ... [x] I am still working on PHP 4 [] I never work with PHP 4 anymore, all my work is with PHP 5 [] Oops, call me old fashioned but i am still with 3! [x] I have no problems finding a host with PHP 5 support [] I can handle PHP 5, but I only work with PHP 4 [] Nah, will wait till PHP 6 is out, theres not much diff between 4 and 5 [] PHP 5 sounds / looks too hard to learn [x] Other All my new stuff is in php5 unless I'm forced otherwise. I maintain quite a bit of php4 code which I can't upgrade to php5 without a major rewrite (which will happen when hell freezes over) I mostly run on my own servers, some of my clients have dedicated hardware which I can install what ever is needed onto. the hosting I do use is very flexible in getting me the tools I want/need - I ask them 'any chance of php5' 15 minutes later I have access to a fully functional production box with php5 (etc). my hosting guys are a small technical outfit and rather nice to me :-) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Dynamically determine class
Thanks. Norbert -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Output of html without using functions?
I have tried a class called HTTP protocol client from phpclasses to retrive sourcecode from other websites. You should be able to used it to get the output from your remote script. And it works on b-one. http://www.phpclasses.org/browse/package/3.html /Jepser -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Output of html without using functions?
Hi there! Thanx! I think this will solve the problem... /G http://www.varupiraten.se/ - Original Message - From: Jesper Gran [EMAIL PROTECTED] To: Gustav Wiberg [EMAIL PROTECTED] Cc: PHP General php-general@lists.php.net Sent: Wednesday, September 14, 2005 11:59 AM Subject: Re: [PHP] Output of html without using functions? I have tried a class called HTTP protocol client from phpclasses to retrive sourcecode from other websites. You should be able to used it to get the output from your remote script. And it works on b-one. http://www.phpclasses.org/browse/package/3.html /Jepser -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] launch app
No way. PHP is server based you can't trigger anything on the client side. Use Javascript, ActiveX, XUL or the like. What's the best way to send an executable to a client desktop in PHP? I'm doing a project where we need to check and see which files need to be updated on a client-desktop. The idea is for a user to visit the website, an executable launches, checks the files on the drive, and then sends the data back to the website. It's all on the up and up - I'm not trying to do anything bad to the user. The site is designed to maintain a product that they're purchasing from us. Screens will explain what's going on. I also believe the browser will display something - not completely sure how to trigger this, but I think it's something to do with having executables signed - I'd appreciate if you have any advice on how to do this also. Thanks, Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] whats wrong in this program.
Hi, I tried to use the final array values in a insert statement, but the values are not inserted. the code is foreach ($final as $subnum){ $res = $db-query(INSERT INTO substrate_protocoll(substrate_type,substrate_num,operator,location,solvent,ultrasonic,duration,cdate,ctime,comment) VALUES('$substrate_type1',$subnum,'$operator','$location','$solvent',$uv,$duration,'$cdate','$sctime','$comment')); if(!$res){ echo insert failed; } } the values of array ($subnum)are not inserted , can you tell me where the problem is. Jordan Miller [EMAIL PROTECTED] wrote: I think I finally understand what you are trying to do. I don't see any reason why you need to use the token functions, and I would recommend using array functions instead (also, it is exceedingly easy to sort the elements of an array... see the end). I believe this will do what you are trying to do: //Tokenizer for Babu $str = '10,12,14-18'; $commas = explode(',', $str); // $commas will be an array of three items in this case // Final Values will go into the $final array $final = array(); foreach ($commas as $value) { // If one of the $commas elements contains a dash, we need to get the range between them! if (strstr($value, '-')) { // Explode based on the dash. This code assumes there will only be a single dash $rangeValues = explode('-', $value); foreach (range($rangeValues[0], $rangeValues[1]) as $number) { $final[] = $number; } } else { // If $value does not contain a dash, add it directly to the $final array $final[] = $value; } } echo All your values in the range $str are .implode(' ', $final); // Prints All your values in the range 10,12,14-18 are 10 12 14 15 16 17 18 In your last email, you had some of the values given out of order: 1. 20,21-24 2. 21-24,20 3. 10,20,21-24,25,26,30 To make sure the $final values are always ascending, just do this at the end: sort($final); Done!! Jordan On Sep 13, 2005, at 7:16 PM, babu wrote: $str=10,12,14-18; $tok = strtok($str, ','); while ($tok !== false) { $toks[] = $tok; $tok = strtok(','); } foreach ($toks as $token){ if (strpos($token,'-')){ stringtokenize($token); }else{ $finaltokens[]= $token; } } function stringtokenize($nstr){ $ntok1= strtok($nstr,'-'); $ntok2=strtok('-'); for($i=$ntok1;$i=$ntok2;$i++){ $finaltokens[]= $i; } } foreach ($finaltokens as $ftoken){ echo $ftoken; echo ; } the ouput prints only 10,12 but not 14,15,16,17,18. where is the problem. - To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php - How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos. Get Yahoo! Photos
RE: [PHP] Re: Quick Poll: PHP 4 / 5
Personally I keep using PHP 4 and do not see the motivation to upgrade. First because, for me, PHP 4 is already a feature complete language for Web development. Second, because I do not have the time nor the patience to chase all the backward incompatibilities of PHP 5 that will break the code of my sites. Actually I am even scared to try PHP 5 in sites that I have with large code bases because it is very hard to fully test them in development environment. It is not impossible to test a large site in development environment to find the possible problems, but it would take a lot of time and still many details could escape, so I am not interested to risk and put a site up malfunctioning due to PHP 5 incompatibilities, especially when PHP 4 worked so well for all these years. Last time this was debated here I pointed out that the upgrade from 4.x to 5.x will most certainly be less painful than upgrading from 4.x to 6.x (or 7.x, or 8.x) would be. That, in itself, is motivation to upgrade. Another is that as time goes on and more people make the migration, fewer people will be available to support 4.x. Last time this was debated, someone posted instructions on how to have BOTH versions on your server so that you can switch back and forth. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] incrementing cookie
Hi, I want to increment a cookie by 1 every time a click a button if (isset($add) { $number++; setcookie(cookie[number], $number Is the number) } I know I should retireve the cookie value for $number but the problem is it has 2 bits, a number and a bit of text. Thanks, Ross -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Quick Poll: PHP 4 / 5
Jim Moseby wrote: Personally I keep using PHP 4 and do not see the motivation to upgrade. First because, for me, PHP 4 is already a feature complete language for Web development. Second, because I do not have the time nor the patience to chase all the backward incompatibilities of PHP 5 that will break the code of my sites. Actually I am even scared to try PHP 5 in sites that I have with large code bases because it is very hard to fully test them in development environment. It is not impossible to test a large site in development environment to find the possible problems, but it would take a lot of time and still many details could escape, so I am not interested to risk and put a site up malfunctioning due to PHP 5 incompatibilities, especially when PHP 4 worked so well for all these years. Last time this was debated here I pointed out that the upgrade from 4.x to 5.x will most certainly be less painful than upgrading from 4.x to 6.x (or 7.x, or 8.x) would be. That, in itself, is motivation to upgrade. Another is that as time goes on and more people make the migration, fewer people will be available to support 4.x. Last time this was debated, someone posted instructions on how to have BOTH versions on your server so that you can switch back and forth. all good points IMHO, the 'someone' was Rasmus Lerdorf btw - worth remembering :-) JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] incrementing cookie
Ross wrote: Hi, I want to increment a cookie by 1 every time a click a button if (isset($add) { $number++; setcookie(cookie[number], $number Is the number) } I know I should retireve the cookie value for $number but the problem is it has 2 bits, a number and a bit of text. in your case this can be done simply: $number = 99; $string = $number Is the number; echo the number is ,intval($string),\n; this works because the number is at the start of the string... (and because of the cool way the made type conversion work in php) to find out more search/read the manual on the subject of typecasting/conversion. Thanks, Ross -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php Slow with Mac OS X 10.4
Hi all ! Here, we've got several Mac computer acting as servers to serve many kinds of sites. One of wich was running, until the middle of august, Mac OS X 10.2. It was then with apache 1.3.x, and php 4.3.10 dso. All things were normal. At the middle of august, we upgraded to Mac OS X 10.4 (re-install from scratch). Now, it's with apache2, php 4.4.0 dso. Now, everthing that is php is slow as hell. A page that took normally less than a second to render, now takes up to 15 ! Yes, fifteen seconds. That depends of course on the general load of the server, but it nevers goes down under 8 to 10 seconds. The machine is a dual G4, with 1.5 gigs of ram. Now, if I go to the command line, in the directory of this site and type php index.php, it renders in about 1 to 1.5 seconds, wich is acceptable. I did tests with : - apache 1, php 4, php 5, all static or dso - apache 2, php 4, php 5, dso - php 4.3, php 4.4 - Stock php that comes with Tiger - Stock apache that comes with Tiger - Different compile options with mysql as --with-mysql and --with-mysql=/usr/local/mysql - I've also tried with and without zend optimizer, turck mmcache. All with the same results. In my test case, there is mysql involved, but it's irrelevent to the problem, since the mysql is an another machine and is the same all trough my tests. Now, in a different server room, we have a set of 3 xserves cluster node dual g5 with 4 gigs of ram each. One of them was upgraded to Mac OS X 10.4 (server) and the other 2 are still with 10.3. If I take the same setup (same compile options, same versions) on these machines, the exact same site is slow as hell on the 10.4, and lightning fast on 10.3. Here's my php configure command : ./configure --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql --with-fbsql --with-xml --enable-ftp --with-curl=/sw --with-zlib --with-png-dir=/sw --with-jpeg-dir=/sw --with-gd --with-ttf=/sw --with-freetype-dir=/sw --enable-track-vars --enable-trans-id --disable-debug This is really begins to bugs me... Any hints ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] trying to figure out the best/efficient way to tell whoisloggedinto a site..
ben... i understand what you've stated, but i was under the impression that a number of sites (etrade, etc...) can/do track who is/is not logged into their sites.. and not just by some crude 'timeout' function... i might be wrong, but it was my understanding that those kinds of sites have the ability to more or less know when someone kills the browser session, and is no longer on the system. these kinds of sites also ustilize some form of a 'timeout' process as well for users who simply have browser sessions that are inactive... by your statements, you're pretty much saying that the only approach one has to this issue is to utilize some sort of timeout function, and if you don't detect user activity after your timeout, then mark the user as no longer being active, and proceed accordingly. this apporach doesn't allow an app to immediately know when a user has killed the browser. so, the question might be, how does one detect when a user has killed a session/left your app? -bruce -Original Message- From: Ben Holt [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 13, 2005 11:05 PM To: [EMAIL PROTECTED] Cc: php-general@lists.php.net Subject: Re: [PHP] trying to figure out the best/efficient way to tell whoisloggedinto a site.. bruce wrote: ben... your statements/approach is pretty much what i've been thinking of. however, with regards to the forums/cms apps.. i've yet to find one that actually keeps a track of the logged in users, that works when the user kills the browser.. the ones that i've seen, that allow an admin to see who's online, appear to fail when i've killed the test user. the apps still show the killed user as being online... hence my isuue! Bruce, what I have been trying to explain is that this _can_not_ be overcome. The web is stateless. Connections between server and client last only long enough for a file to be requested and sent, once that has happened the server and client are no longer connected and have no knowledge of each other. _No_ server-side program will be able to tell you when a user closes their browser or goes to another web site. HTTP simply doesn't provide what you are looking for. - Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php Slow with Mac OS X 10.4
Quoting Nicolas Ross [EMAIL PROTECTED]: [snip] Now, in a different server room, we have a set of 3 xserves cluster node dual g5 with 4 gigs of ram each. One of them was upgraded to Mac OS X 10.4 (server) and the other 2 are still with 10.3. If I take the same setup (same compile options, same versions) on these machines, the exact same site is slow as hell on the 10.4, and lightning fast on 10.3. [snip] Any hints ? Have you compared the httpd.conf files? It could be that they've for some reason changed the KeepAlive to Off and MaxKeepAliveRequests and KeepAliveTimeout values to something odd, check those, might improve performance a bit. Regards, Torgny -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php Slow with Mac OS X 10.4
Now, in a different server room, we have a set of 3 xserves cluster node dual g5 with 4 gigs of ram each. One of them was upgraded to Mac OS X 10.4 (server) and the other 2 are still with 10.3. If I take the same setup (same compile options, same versions) on these machines, the exact same site is slow as hell on the 10.4, and lightning fast on 10.3. [snip] Any hints ? Have you compared the httpd.conf files? It could be that they've for some reason changed the KeepAlive to Off and MaxKeepAliveRequests and KeepAliveTimeout values to something odd, check those, might improve performance a bit. In all cases, it was the same httpd.conf. Of course, from apache 1 to 2 there where differences, but basicly it's the same. Nicolas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Little Problem with my Guestbook
Florian P. wrote: ?php include(sql.inc.php); include(config.inc.php); $connection = mysql_connect($sql['host'],$sql['uid'],$sql['pwd']); $select_db = mysql_select_db($sql['db']); $select = mysql_query('SELECT * FROM comments'); $data = mysql_fetch_array($select); $result = mysql_query('SELECT * FROM comments'); $rows = mysql_num_rows($result); snip No reason to run this twice $data = array(); if ( $result = mysql_query ( 'SELECT * FROM comments' ) ) { while ( $temp = mysql_fetch_array ( $result, MYSQL_ASSOC ) ) { $data[] = $temp; } $rows = mysql_num_rows ( $result ); mysql_free_result ( $result ); } else { echo ( mysql_error() ); exit; } The returned rows will be in the $data array. -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] incrementing cookie
[EMAIL PROTECTED] wrote: Thanks for your reply, yeah but that doesn't mean you have to start replying to just me, keep your replies on list please - it helps others, and stops me from getting the feeling I'm your personal bug fixer. This is what I have so far if (isset($add)){ $pakora++; $pakora will only exist if you set or if register_globals is turned on. (I get the feeling you have register_globals turned on - not the recommended setting IMO) setcookie(cookie[pakora], $pakora Pakora); try dumping the contents of $_COOKIE: var_dump($_COOKIE); I would imagine the following gives you the number you are looking for: echo intval($_COOKIE['cookie']['pakora']); so... ?php if (!isset($_COOKIE['cookie']['pakora'])) { $pakora = 0; } else { $pakora = intval($_COOKIE['cookie']['pakora']); } if (isset($add)) { $pakora++; setcookie(cookie[pakora], $pakora Pakora); } } I just cannot seem to get the syntax right. when I try and use $_COOKIE['pakora'] i get an undefined index error. I am trying to increment the value of $pakora by 1 evert time . thanks again, Ross - Original Message - From: Jochem Maas [EMAIL PROTECTED] To: Ross [EMAIL PROTECTED] Cc: php-general@lists.php.net Sent: Wednesday, September 14, 2005 1:57 PM Subject: Re: [PHP] incrementing cookie Ross wrote: Hi, I want to increment a cookie by 1 every time a click a button if (isset($add) { $number++; setcookie(cookie[number], $number Is the number) } I know I should retireve the cookie value for $number but the problem is it has 2 bits, a number and a bit of text. in your case this can be done simply: $number = 99; $string = $number Is the number; echo the number is ,intval($string),\n; this works because the number is at the start of the string... (and because of the cool way the made type conversion work in php) to find out more search/read the manual on the subject of typecasting/conversion. Thanks, Ross -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] trying to figure out the best/efficient way to tell whoisloggedinto a site..
On 9/14/05, bruce [EMAIL PROTECTED] wrote: ben... i understand what you've stated, but i was under the impression that a number of sites (etrade, etc...) can/do track who is/is not logged into their sites.. and not just by some crude 'timeout' function... This might be possible to do with some client-side javascript. I think that eTrade and all of those sites are using an AJAX paradigm and so the client is periodically pushing requests onto the server (but just for the information that needs to be updated). Among other things I'm sure that users would be submitting the session ID that they have and eTrade can track if the browser session is still alive by doing this. However, all of this would be something to ask on a JS list instead of here. :-) Also remember that not all users will enable JS so you need to have backup functionality (i.e. rely on the timeout) so you will never have 100% accuracy, but the method described above will improve your accuracy (at the cost of extra HTTP connections) ... by your statements, you're pretty much saying that the only approach one has to this issue is to utilize some sort of timeout function, and if you don't detect user activity after your timeout, then mark the user as no longer being active, and proceed accordingly. this apporach doesn't allow an app to immediately know when a user has killed the browser. so, the question might be, how does one detect when a user has killed a session/left your app? The timeout method is still the main way to do it... but with the addition of the AJAX methods you can have the client machine *push* updates into your user session. Once you've determined that the client is enabling JS then it is pretty safe to assume they will keep JS enabled for the life of the browser session. So when your site stops getting pings from the client you could kill their session. All of this said... unless you're using AJAX throughout the entire sit already I wouldn't mess around with it. IMHO it takes a lot of extra coding and the added benefit for something like improved user count isn't going to offset the costs of coding and extra HTTP connections when it goes live.
Re: [PHP] php Slow with Mac OS X 10.4
Nicolas Ross wrote: Now, in a different server room, we have a set of 3 xserves cluster node dual g5 with 4 gigs of ram each. One of them was upgraded to Mac OS X 10.4 (server) and the other 2 are still with 10.3. If I take the same setup (same compile options, same versions) on these machines, the exact same site is slow as hell on the 10.4, and lightning fast on 10.3. [snip] Any hints ? Have you compared the httpd.conf files? It could be that they've for some reason changed the KeepAlive to Off and MaxKeepAliveRequests and KeepAliveTimeout values to something odd, check those, might improve performance a bit. In all cases, it was the same httpd.conf. Of course, from apache 1 to 2 there where differences, but basicly it's the same. your description gives the impression that there is a DNS configuration problem... like apache is trying for 5-10 seconds to look something up, fails and then finally decides to run your script. you can test that with a simple script like: ?php /*make sure all outputbuffering is off!*/ for ($i=0;$i 10;$i++) { echo $ibr /; } ? chances are it will start outputting after a certain ammount of time rather than right away. that said this is a very simplistic test and my understanding of this stuff is rather limited. Nicolas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] incrementing cookie
Hi, if (isset($add)) { $pakora++; setcookie(cookie[pakora], $pakora Pakora); } If I'm not mistaken, you also need to be sure that you are writing your script to html/display and not redirecting to another page after the cookie has been set - as redirecting will not write the cookie. Just my 2p. George -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php Slow with Mac OS X 10.4
In all cases, it was the same httpd.conf. Of course, from apache 1 to 2 there where differences, but basicly it's the same. your description gives the impression that there is a DNS configuration problem... like apache is trying for 5-10 seconds to look something up, fails and then finally decides to run your script. you can test that with a simple script like: ?php /*make sure all outputbuffering is off!*/ for ($i=0;$i 10;$i++) { echo $ibr /; } ? chances are it will start outputting after a certain ammount of time rather than right away. that said this is a very simplistic test and my understanding of this stuff is rather limited. It did occure to me that there maybe a dns issue, but it can't be. My tests were done on two separates server rooms. In the second one (the one with the xserves), I have 3 computers. All ip config is exactly the same (apart from main ip)... And the only non-network related difference between the nodes are the OS (10.3 vs 10.4). Besides, if it were a DNS problem, I would also experience delays elswhere, like ssh, ftp an other things network-related. I did the test, and it started to output immediatly... Thanks, Nicolas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Webservices and PHP?
You may also check out SOAP. There is a SOAP PEAR package... http://pear.php.net/package/SOAP With PHP 5 you can compile in a SOAP extension. http://www.php.net/SOAP I know you said you were running PHP 4.3.11 so the SOAP extension may not be an option. I think a little googling with PHP and SOAP should turn up some pretty good results for you. -k. __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[suspicious - maybe spam] [PHP] [suspicious - maybe spam] RE: Issues with News sites again...
I would be very worried about the quality of any reply that posts a link that says the opposite of what the person is saying. Nowhere in that link did I see them say that turning on the globals was a security issue. The page said the misuse of the globals was the security risk due to forgetting to initialize variables and then goes on to show examples of the issue risks if the globals aren't properly initialized. The security issues fall on the web designer not the ISP or PHP, ISP and PHP doesn't control if I forget to initialize something in my PHP scripts. The first two paragraphs even state that it is a web designer's problem (not in so many words though). [QUOTE] Perhaps the most controversial change in PHP is when the default value for the PHP directive register_globals went from ON to OFF in PHP 4.2.0. Reliance on this directive was quite common and many people didn't even know it existed and assumed it's just how PHP works. This page will explain how one can write insecure code with this directive but keep in mind that the directive itself isn't insecure but rather it's the misuse of it. When on, register_globals will inject your scripts with all sorts of variables, like request variables from HTML forms. This coupled with the fact that PHP doesn't require variable initialization means writing insecure code is that much easier. It was a difficult decision, but the PHP community decided to disable this directive by default. When on, people use variables yet really don't know for sure where they come from and can only assume. Internal variables that are defined in the script itself get mixed up with request data sent by users and disabling register_globals changes this. [/QUOTE] --Death Gauge How do you gauge your death?! Original Message Follows From: Jasper Bryant-Greene [EMAIL PROTECTED] To: php-general@lists.php.net Subject: [PHP] Re: [suspicious - maybe spam] [PHP] [suspicious - maybe spam] RE:[PHP] RE: Issues with News sites again... Date: Wed, 14 Sep 2005 17:37:21 +1200 Death Gauge wrote: I'll try that...But why shouldn't I have register_globals on (which my ISP does and every tutorial I've ever read says to do in order to use several different features of PHP:-/). http://php.net/security.globals I would be very worried about the quality of any tutorial that said that (and any ISP that did that by default). -- Jasper Bryant-Greene Freelance web developer http://jasper.bryant-greene.name/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] whats wrong in this program.
I tried to use the final array values in a insert statement, but the values are not inserted. the code is foreach ($final as $subnum){ $res = $db-query(INSERT INTO substrate_protocoll(substrate_type,substrate_num,operator,location,solvent,u ltrasonic,duration,cdate,ctime,comment) VALUES('$substrate_type1',$subnum,'$operator','$location','$solvent',$uv,$du ration,'$cdate','$sctime','$comment')); if(!$res){ echo insert failed; } } the values of array ($subnum)are not inserted , can you tell me where the problem is. the problem is probably in this line: echo (INSERT INTO substrate_protocoll(substrate_type,substrate_num,operator,location,solvent,u ltrasonic,duration,cdate,ctime,comment) VALUES('$substrate_type1',$subnum,'$operator','$location','$solvent',$uv,$du ration,'$cdate','$sctime','$comment')); and the problem is that you haven't done this to see what is wrong with the SQL. The next problem is that this line is also missing: echo mysql_error(); Jordan Miller [EMAIL PROTECTED] wrote: I think I finally understand what you are trying to do. I don't see any reason why you need to use the token functions, and I would recommend using array functions instead (also, it is exceedingly easy to sort the elements of an array... see the end). I believe this will do what you are trying to do: //Tokenizer for Babu $str = '10,12,14-18'; $commas = explode(',', $str); // $commas will be an array of three items in this case // Final Values will go into the $final array $final = array(); foreach ($commas as $value) { // If one of the $commas elements contains a dash, we need to get the range between them! if (strstr($value, '-')) { // Explode based on the dash. This code assumes there will only be a single dash $rangeValues = explode('-', $value); foreach (range($rangeValues[0], $rangeValues[1]) as $number) { $final[] = $number; } } else { // If $value does not contain a dash, add it directly to the $final array $final[] = $value; } } echo All your values in the range $str are .implode(' ', $final); // Prints All your values in the range 10,12,14-18 are 10 12 14 15 16 17 18 In your last email, you had some of the values given out of order: 1. 20,21-24 2. 21-24,20 3. 10,20,21-24,25,26,30 To make sure the $final values are always ascending, just do this at the end: sort($final); Done!! Jordan On Sep 13, 2005, at 7:16 PM, babu wrote: $str=10,12,14-18; $tok = strtok($str, ','); while ($tok !== false) { $toks[] = $tok; $tok = strtok(','); } foreach ($toks as $token){ if (strpos($token,'-')){ stringtokenize($token); }else{ $finaltokens[]= $token; } } function stringtokenize($nstr){ $ntok1= strtok($nstr,'-'); $ntok2=strtok('-'); for($i=$ntok1;$i=$ntok2;$i++){ $finaltokens[]= $i; } } foreach ($finaltokens as $ftoken){ echo $ftoken; echo ; } the ouput prints only 10,12 but not 14,15,16,17,18. where is the problem. - To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php - How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos. Get Yahoo! Photos -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php Slow with Mac OS X 10.4
There are two thing to check in the Apache config to make sure DNS is not the thing slowing you down. HostnameLookups defaults to On in Apache2, but defaulted to off in Apache1. Check that setting. Also, if you use Allow and Deny directives with domain names, Apache does a double reverse triple lindy DNS lookup (or something like that). That would slow things down alot, but not affect ssh, ftp, etc. Regardless, my guess is it's something with Apache2 that is causing the slow down. Have you tried Apache1.3 under 10.4? I haven't experienced any performance slow down under 10.4 using 1.3. On Sep 14, 2005, at 9:57 AM, Nicolas Ross wrote: In all cases, it was the same httpd.conf. Of course, from apache 1 to 2 there where differences, but basicly it's the same. your description gives the impression that there is a DNS configuration problem... like apache is trying for 5-10 seconds to look something up, fails and then finally decides to run your script. you can test that with a simple script like: ?php /*make sure all outputbuffering is off!*/ for ($i=0;$i 10;$i++) { echo $ibr /; } ? chances are it will start outputting after a certain ammount of time rather than right away. that said this is a very simplistic test and my understanding of this stuff is rather limited. It did occure to me that there maybe a dns issue, but it can't be. My tests were done on two separates server rooms. In the second one (the one with the xserves), I have 3 computers. All ip config is exactly the same (apart from main ip)... And the only non-network related difference between the nodes are the OS (10.3 vs 10.4). Besides, if it were a DNS problem, I would also experience delays elswhere, like ssh, ftp an other things network-related. I did the test, and it started to output immediatly... Thanks, Nicolas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Brent Baisley Systems Architect Landover Associates, Inc. Search Advisory Services for Advanced Technology Environments p: 212.759.6400/800.759.0577 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] RE: [suspicious - maybe spam] [PHP] [suspicious - maybe spam] RE: Issues with News sites again...
[snip] I would be very worried about the quality of any reply that posts a link that says the opposite of what the person is saying. Nowhere in that link did I see them say that turning on the globals was a security issue. The page said the misuse of the globals was the security risk due to forgetting to initialize variables and then goes on to show examples of the issue risks if the globals aren't properly initialized. The security issues fall on the web designer not the ISP or PHP, ISP and PHP doesn't control if I forget to initialize something in my PHP scripts. The first two paragraphs even state that it is a web designer's problem (not in so many words though). [/snip] At the risk of starting another globals holy war, the reply that you received was a generalization that reflects the potential ( NOTE THAT) security risks from having register globals 'on'. The poster was essentially correct, misuse of globals opens up a whole can of potential security issues. I will refer you to several good PHP security resources at http://www.shiflett.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Issues with News sites again...
Jay Blanchard wrote: [snip] I would be very worried about the quality of any reply that posts a link that says the opposite of what the person is saying. Nowhere in that link did I see them say that turning on the globals was a security issue. The page said the misuse of the globals was the security risk due to forgetting to initialize variables and then goes on to show examples of the issue risks if the globals aren't properly initialized. The security issues fall on the web designer not the ISP or PHP, ISP and PHP doesn't control if I forget to initialize something in my PHP scripts. The first two paragraphs even state that it is a web designer's problem (not in so many words though). [/snip] At the risk of starting another globals holy war, the reply that you Trouble maker. received was a generalization that reflects the potential ( NOTE THAT) security risks from having register globals 'on'. The poster was essentially correct, misuse of globals opens up a whole can of potential security issues. I will refer you to several good PHP security resources at http://www.shiflett.org At the risk of inflating Chris' ego, I second that referal. ;) -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php Slow with Mac OS X 10.4
Hostname lookup is always off in all config. There is no allow, deny directive with hostnames. In my original post, I said I've tested with apache 1.3 and 2.0. And btw, I forgot to mention an important point, during the 8-15 seconds it takes to display the page, the particular thread serving this page eats close to 100% of 1 cpu. Nicolas - Original Message - From: Brent Baisley [EMAIL PROTECTED] To: Nicolas Ross [EMAIL PROTECTED] Cc: php-general@lists.php.net Sent: Wednesday, September 14, 2005 10:46 AM Subject: Re: [PHP] php Slow with Mac OS X 10.4 There are two thing to check in the Apache config to make sure DNS is not the thing slowing you down. HostnameLookups defaults to On in Apache2, but defaulted to off in Apache1. Check that setting. Also, if you use Allow and Deny directives with domain names, Apache does a double reverse triple lindy DNS lookup (or something like that). That would slow things down alot, but not affect ssh, ftp, etc. Regardless, my guess is it's something with Apache2 that is causing the slow down. Have you tried Apache1.3 under 10.4? I haven't experienced any performance slow down under 10.4 using 1.3. On Sep 14, 2005, at 9:57 AM, Nicolas Ross wrote: In all cases, it was the same httpd.conf. Of course, from apache 1 to 2 there where differences, but basicly it's the same. your description gives the impression that there is a DNS configuration problem... like apache is trying for 5-10 seconds to look something up, fails and then finally decides to run your script. you can test that with a simple script like: ?php /*make sure all outputbuffering is off!*/ for ($i=0;$i 10;$i++) { echo $ibr /; } ? chances are it will start outputting after a certain ammount of time rather than right away. that said this is a very simplistic test and my understanding of this stuff is rather limited. It did occure to me that there maybe a dns issue, but it can't be. My tests were done on two separates server rooms. In the second one (the one with the xserves), I have 3 computers. All ip config is exactly the same (apart from main ip)... And the only non-network related difference between the nodes are the OS (10.3 vs 10.4). Besides, if it were a DNS problem, I would also experience delays elswhere, like ssh, ftp an other things network-related. I did the test, and it started to output immediatly... Thanks, Nicolas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Deny access from certain hosts
if people are allowed to post copyrighted images to your bulletin board, shouldn't you have some sort of password protection anyway? negating that, i would do it with PHP and not Apache. rather than simply serving up the file raw: img src=image.gif why not setup a php script to do URL referring blocking: img src=getFile.php?img=image.gif in the getFile.php file, you could check the referring URL, and then present the file, or not. you would need to move the images out of the web tree, though, so people couldn't bypass your script. it sounds like you need to reconsider what you really want, though. Jordan On Sep 13, 2005, at 3:00 PM, Aaron Greenspan wrote: Jordan, I have a similar problem where someone is using copyrighted images on my site in a bulletin board. It's not that one specific host is requesting the files--it's people from all over--but rather that I want to block one referring URL using Apache, rather than PHP, since the images are GIF files. Can you do that with .htaccess? Thanks, Aaron Aaron Greenspan President CEO Think Computer Corporation http://www.thinkcomputer.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] whats wrong in this program.
you need single quotes around $subnum in the sql statement. don't know why you seem to be arbitrarily leaving them off (put them around $uv and $duration, too!). also, you should never insert stuff directly from a user into a database. first escape every variable with: http://www.php.net/mysql_real_escape_string Jordan On Sep 14, 2005, at 6:36 AM, babu wrote: Hi, I tried to use the final array values in a insert statement, but the values are not inserted. the code is foreach ($final as $subnum){ $res = $db-query(INSERT INTO substrate_protocoll (substrate_type,substrate_num,operator,location,solvent,ultrasonic,dur ation,cdate,ctime,comment) VALUES('$substrate_type1', $subnum,'$operator','$location','$solvent',$uv, $duration,'$cdate','$sctime','$comment')); if(!$res){ echo insert failed; } } the values of array ($subnum)are not inserted , can you tell me where the problem is. Jordan Miller [EMAIL PROTECTED] wrote: I think I finally understand what you are trying to do. I don't see any reason why you need to use the token functions, and I would recommend using array functions instead (also, it is exceedingly easy to sort the elements of an array... see the end). I believe this will do what you are trying to do: //Tokenizer for Babu $str = '10,12,14-18'; $commas = explode(',', $str); // $commas will be an array of three items in this case // Final Values will go into the $final array $final = array(); foreach ($commas as $value) { // If one of the $commas elements contains a dash, we need to get the range between them! if (strstr($value, '-')) { // Explode based on the dash. This code assumes there will only be a single dash $rangeValues = explode('-', $value); foreach (range($rangeValues[0], $rangeValues[1]) as $number) { $final[] = $number; } } else { // If $value does not contain a dash, add it directly to the $final array $final[] = $value; } } echo All your values in the range $str are .implode(' ', $final); // Prints All your values in the range 10,12,14-18 are 10 12 14 15 16 17 18 In your last email, you had some of the values given out of order: 1. 20,21-24 2. 21-24,20 3. 10,20,21-24,25,26,30 To make sure the $final values are always ascending, just do this at the end: sort($final); Done!! Jordan On Sep 13, 2005, at 7:16 PM, babu wrote: $str=10,12,14-18; $tok = strtok($str, ','); while ($tok !== false) { $toks[] = $tok; $tok = strtok(','); } foreach ($toks as $token){ if (strpos($token,'-')){ stringtokenize($token); }else{ $finaltokens[]= $token; } } function stringtokenize($nstr){ $ntok1= strtok($nstr,'-'); $ntok2=strtok('-'); for($i=$ntok1;$i=$ntok2;$i++){ $finaltokens[]= $i; } } foreach ($finaltokens as $ftoken){ echo $ftoken; echo ; } the ouput prints only 10,12 but not 14,15,16,17,18. where is the problem. - To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php - How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos. Get Yahoo! Photos -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] whats wrong in this program.
Jordan Miller wrote: you need single quotes around $subnum in the sql statement. don't know why you seem to be arbitrarily leaving them off (put them around $uv and $duration, too!). snip It's not needed if those fields are integers. *damnit, that's twice today I've replied to the poster and not the list. -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] whats wrong in this program.
heh, i did it too. John, oh, good to know, thanks. $final should be composed of strings, not integers, so i guess that is his problem. i just read that it is best to quote every variable, now I know why... so you can change implementations later and not have to worry about types (and php's autotyping is so great anyway). Jordan On Sep 14, 2005, at 10:54 AM, John Nichel wrote: Jordan Miller wrote: you need single quotes around $subnum in the sql statement. don't know why you seem to be arbitrarily leaving them off (put them around $uv and $duration, too!). snip It's not needed if those fields are integers. *damnit, that's twice today I've replied to the poster and not the list. -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] trying to figure out the best/efficient way to tell whoisloggedinto a site..
bruce wrote: ben... i understand what you've stated, but i was under the impression that a number of sites (etrade, etc...) can/do track who is/is not logged into their sites.. and not just by some crude 'timeout' function... Yes they do, the key there being that they are tracking who is logged into their site. You log in, they make a note of it, you log out, they make a note of it. If you don't log out and yet are inactive for a period of time your login becomes stale and you are logged out automatically by the timeout. i might be wrong, but it was my understanding that those kinds of sites have the ability to more or less know when someone kills the browser session, and is no longer on the system. these kinds of sites also ustilize some form of a 'timeout' process as well for users who simply have browser sessions that are inactive... by your statements, you're pretty much saying that the only approach one has to this issue is to utilize some sort of timeout function, and if you don't detect user activity after your timeout, then mark the user as no longer being active, and proceed accordingly. this apporach doesn't allow an app to immediately know when a user has killed the browser. so, the question might be, how does one detect when a user has killed a session/left your app? Provide a login/logout ability and when they log out you kill their session. This is how an e-trade like site would deal with it. If they don't log out you still won't know they have left your site until their session times out though. Some reading on HTTP would help you understand why what you are looking for is not possible. - Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quick Poll: PHP 4 / 5
Manuel Lemos schrieb: In theory those are the only changes. In practice, besides the officially admitted changes, there are also the bugs that were not yet discovered or fixed. Examples? Links? More information on this? The fact is that on php.internals there are discussions to reduce the number of maintained development threads. In the not-so-far future they will reduce the manpower put into backporting bugfixes to the PHP4.x development branch since 5.x is the HEAD revision and everything is first fixed there. I think all old stuff is just as mature in PHP5 as you know it from PHP4 and if some errors are found they are likely to be fixed more quickly for the 5.x release. The new stuff (that wasn't there before 5.0) almost certainly has more bugs since it's younger but that's no argument since this isn't relevant for old projects. I think the change from 4 to 5 ist that slow because there are so many programmers with VisualBasic (or worse) background that don't see the benefits of OOP. Iterators and delegation via interceptors are cool !?!? You can do OOP since PHP 3. PHP 5 OOP improvements are nice but they will not make anybody richer. The OOP features of PHP3 were nothing more than some kind of crippled namespaces for functions. PHP4 improved on that but PHP5 was the version to bring real OOP features to the language. It's the first versions to feature destructors and the possibility to overload parts of the Zend Engine for iterators or array access. You couldn't do $adr=new DB_Adress(12); // loads the adress with ID 12 from DB $adr['street']='Market Street'; // change the property //... // end of script, save changes to DB ? before PHP5. [...] As a matter of fact I just read this interesting article named The Six Dumbest Ideas in Computer Security that demonstrates what I always knew that upgrading to the latest versions is often a bad idea. Read the point #6) Action is Better Than Inaction . http://www.ranum.com/security/computer_security/editorials/dumb/ Nice article. Read it myself a few days ago (wasn't the link featured on Slashdot? *g*). Delaying upgrades might be true for running systems. But there's nothing keeping you from running both PHP4 and PHP5 on the same machine for different projects. And if you start a project from scratch PHP5 is the way to go. AllOLLi I just found the last bug. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quick Poll: PHP 4 / 5
Manuel Lemos schrieb: In theory those are the only changes. In practice, besides the officially admitted changes, there are also the bugs that were not yet discovered or fixed. Examples? Links? More information on this? The fact is that on php.internals there are discussions to reduce the number of maintained development threads. In the not-so-far future they will reduce the manpower put into backporting bugfixes to the PHP4.x development branch since 5.x is the HEAD revision and everything is first fixed there. I think all old stuff is just as mature in PHP5 as you know it from PHP4 and if some errors are found they are likely to be fixed more quickly for the 5.x release. The new stuff (that wasn't there before 5.0) almost certainly has more bugs since it's younger but that's no argument since this isn't relevant for old projects. I think the change from 4 to 5 ist that slow because there are so many programmers with VisualBasic (or worse) background that don't see the benefits of OOP. Iterators and delegation via interceptors are cool !?!? You can do OOP since PHP 3. PHP 5 OOP improvements are nice but they will not make anybody richer. The OOP features of PHP3 were nothing more than some kind of crippled namespaces for functions. PHP4 improved on that but PHP5 was the version to bring real OOP features to the language. It's the first versions to feature destructors and the possibility to overload parts of the Zend Engine for iterators or array access. You couldn't do $adr=new DB_Adress(12); // loads the adress with ID 12 from DB $adr['street']='Market Street'; // change the property //... // end of script, save changes to DB ? before PHP5. [...] As a matter of fact I just read this interesting article named The Six Dumbest Ideas in Computer Security that demonstrates what I always knew that upgrading to the latest versions is often a bad idea. Read the point #6) Action is Better Than Inaction . http://www.ranum.com/security/computer_security/editorials/dumb/ Nice article. Read it myself a few days ago (wasn't the link featured on Slashdot? *g*). Delaying upgrades might be true for running systems. But there's nothing keeping you from running both PHP4 and PHP5 on the same machine for different projects. And if you start a project from scratch PHP5 is the way to go. AllOLLi I just found the last bug. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PHP 5, LDAP/Active Directory: fixed
Mark, Thanks for all the help! Turns out I was right when I said my problem may have been inexperience. Your suggestion of DC=domain,DC=com worked and everything is functioning great! Thanks again! On Sep 14, 2005, at 4:35 AM, Mark Rees wrote: On my server I'm running: Fedora Core 4 Apache 2 PHP 5 compiled with OpenLDAP To shed more light on the topic, bug #30670 [ http://bugs.php.net/ bug.php?id=30670edit=0 ] seems to fit my situation perfectly. As some of the posts on that bug suggest, I've tried using ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION,3); ldap_set_option($ldap, LDAP_OPT_REFERRALS,0); between ldap_connect and ldap_bind but I still get the Operations error message. Everyone seems to be able to get this to work as long as they are running PHP4, but I have yet to see (or realize I've seen) a solution from someone using PHP5. I've also found where blizzards at libero dot it has posted When querying a windows 2000/2003 AD you MUST use only SASL and not TLS (non supported). - Is this true? ?php $ds = ldap_connect('ad.server.com'); make sure this is working by doing this: if($ds){ $lb = ldap_bind($ds, 'username', 'password'); then this: echo Bind result is . $lb . br /; (should show 1) // At this point the bind looks successful // so we'll try a query $res = ldap_search($ds, 'o=My Company,c=US','sn=S*'); Are you certain that this is the correct distinguished name? This is the bit I struggled with. It will be the name at the very top of your active directory (or the bit you are trying to search). To find this, I went onto the windows box in question, and opened the active directory users and computers. The top level entry, which the Groups and Users are directly beneath, is what you are looking for. In my case, it was mydomain.com, so my distinguished name looked like this: DC=mycompany, DC=com If I tried anything else here, it gave me an operations error So since you've got it working with PHP5 can you verify that SASL is/ is not needed to communicate to an AD 2003 server from linux? I keep leaning towards the possibility that I need that, but can't seem to find any way to tell for sure since the ldap_sasl_bind() function isn't documented yet. No, I'm using windows 200, can't help with that I'm afraid Good luck Mark -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quick Poll: PHP 4 / 5
Hello, on 09/14/2005 01:30 PM Oliver Grätz said the following: In theory those are the only changes. In practice, besides the officially admitted changes, there are also the bugs that were not yet discovered or fixed. Examples? Links? More information on this? The fact is that on http://bugs.php.net/ php.internals there are discussions to reduce the number of maintained development threads. In the not-so-far future they will reduce the manpower put into backporting bugfixes to the PHP4.x development branch since 5.x is the HEAD revision and everything is first fixed there. I In theory yes, in practice no. As a matter of fact PHP 4.4 was introduced after PHP 5.0, although the new version, new bugs is the same. think all old stuff is just as mature in PHP5 as you know it from PHP4 and if some errors are found they are likely to be fixed more quickly for the 5.x release. The new stuff (that wasn't there before 5.0) almost certainly has more bugs since it's younger but that's no argument since this isn't relevant for old projects. Right, that is why most people with old projects will not upgrade to PHP 5. I think the change from 4 to 5 ist that slow because there are so many programmers with VisualBasic (or worse) background that don't see the benefits of OOP. Iterators and delegation via interceptors are cool !?!? You can do OOP since PHP 3. PHP 5 OOP improvements are nice but they will not make anybody richer. The OOP features of PHP3 were nothing more than some kind of crippled That is not the point. The point is that you said that people using PHP 4 do not see the benefits of OOP, as if they cannot do OOP in PHP 4. The reality is that even in PHP 3 you can use benefit of OOP features such as encapsulation and inheritance. PHP 5 adds more OOP features, some copied from Java and Visual Basic, but that does not mean developers must use PHP 5 to do OOP. It is also curious that you mention Visual Basic as if you could not do OOP in Visual Basic either. Did you know that not only you can do OOP since a long time ago in Visual Basic, but also you can make object variable accesses be implicitly implemented with setter and getter functions like you can now in PHP 5? As a matter of fact I just read this interesting article named The Six Dumbest Ideas in Computer Security that demonstrates what I always knew that upgrading to the latest versions is often a bad idea. Read the point #6) Action is Better Than Inaction . http://www.ranum.com/security/computer_security/editorials/dumb/ Nice article. Read it myself a few days ago (wasn't the link featured on Slashdot? *g*). Delaying upgrades might be true for running systems. But there's nothing keeping you from running both PHP4 and PHP5 on the same machine for different projects. And if you start a project from scratch PHP5 is the way to go. In theory yes, in practice nobody starts projects from scratch. Usually you reuse class libraries that are proven and implement many basic function. Many of those class libraries were built for PHP 4, not for PHP 5. Some are complex and large. If you use them in PHP 5 with prior certification chances are that you may stumble in PHP 5 bugs and backwards incompatible changes that make such libraries not work properly. Then even your new projects may be affected. -- Regards, Manuel Lemos PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/ Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] trying to figure out the best/efficient way to tell who is logged into a site..
Gustav Wiberg wrote: All you guys, please comment if the code is well or bad written and why... :-) Since you asked, a few things popped out from a security perspective, though I didn't read through your code very thoroughly ?php function chkIfPasswordTrue($un, $pw, $typeUser) { //Make username and password in-casesensitive // $un = strtolower($un); $pw = strtolower($pw); Why limit your usernames/passwords to lower case? You've just made them significantly easier to brute force. $sql = $sql . SELECT IDAnvandare FROM tbanvandare WHERE; $sql = $sql . Anvandarnamn= . safeQuote($un) . AND; $sql = $sql . Losenord= . safeQuote($pw) . AND; Where is your safeQuote() function coming from? From what I can see of your code you aren't doing any testing against the username and password before they are used as part of your SQL query. Sure would suck to have an unauthenticated user drop or otherwise muck with your db! if (isset($_REQUEST[frmUsername])) { $un = $_REQUEST[frmUsername]; If you're going to use $_REQUEST you might as well just turn on register globals (no, don't!). If you're expecting a post look for a $_POST, if you're expecting a get look for a $_GET. Ditto with cookies. You really need to know where your variables are coming from if you want a measure of security. - Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] error message while mysqling on php
Thanks very much. I had an extra character when I was connecting to the database. Now everything works!!! -Original Message- From: Alan Fullmer [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 13, 2005 5:14 PM To: 'Michal Krezolek'; php-general@lists.php.net Subject: RE: [PHP] error message while mysqling on php I see two things that could be it. #1 your $result is not $result = mysql_query(queryline); Or #2 your syntax on your query line is bad. You can try doing something like this: $query = SELECT * FROM table etc blah; $result = mysql_query($query) or die(mysql_error()); $num = mysql_num_rows($result); Sometimes the error message can be more explicit if you tell it to print it. If you get no error on that query statement, then your query is fine. I have received an error: Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/www/mksystem.net when trying to execute $num = mysql_num_rows($result); Please go to http://mksystem.net/phpinfo.php and tell me whether it is due to the version of php I have on server and an easy workaround would be appreciated. Check the syntax of your SQL statement, it's very possible you have an error in it somewhere. If you have PHPMyAdmin, or some other interface to MySQL such as MySQL Query Browser, etc, try executing the SQL statement in one of them directly, to see if they return a valid resultset. Much warmth, Murray --- Lost in thought... http://www.planetthoughtful.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: trying to figure out the best/efficient way to tell whois logged into a site..
(snipped) Ben [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Gustav Wiberg wrote: if (isset($_REQUEST[frmUsername])) { $un = $_REQUEST[frmUsername]; If you're going to use $_REQUEST you might as well just turn on register globals (no, don't!). If you're expecting a post look for a $_POST, if you're expecting a get look for a $_GET. Ditto with cookies. You really need to know where your variables are coming from if you want a measure of security. Why is using $_REQUEST a security issue? You know every value in the entire array came from the end-user, and needs to be validated somehow. If your code is written so the end-user can send this data to you via a POST/GET/COOKIE, why not use $_REQUEST? Just trying to learn. DanB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: trying to figure out the best/efficient way to tell whois logged into a site..
(snipped) Ben [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Gustav Wiberg wrote: if (isset($_REQUEST[frmUsername])) { $un = $_REQUEST[frmUsername]; If you're going to use $_REQUEST you might as well just turn on register globals (no, don't!). If you're expecting a post look for a $_POST, if you're expecting a get look for a $_GET. Ditto with cookies. You really need to know where your variables are coming from if you want a measure of security. Why is using $_REQUEST a security issue? You know every value in the entire array came from the end-user, and needs to be validated somehow. If your code is written so the end-user can send this data to you via a POST/GET/COOKIE, why not use $_REQUEST? Suppose you have a form that posts set hidden values. A malicious user could modify the URI to change those values. Which raises the question, in the scenario above, you may have an identical 'post' value and 'get' value submitted to the same page. Which takes precidence in $_REQUEST? JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Re: trying to figure out the best/efficient way to tellwhois logged into a site..
Jim Moseby [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] (snipped) Ben [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Gustav Wiberg wrote: if (isset($_REQUEST[frmUsername])) { $un = $_REQUEST[frmUsername]; If you're going to use $_REQUEST you might as well just turn on register globals (no, don't!). If you're expecting a post look for a $_POST, if you're expecting a get look for a $_GET. Ditto with cookies. You really need to know where your variables are coming from if you want a measure of security. Why is using $_REQUEST a security issue? You know every value in the entire array came from the end-user, and needs to be validated somehow. If your code is written so the end-user can send this data to you via a POST/GET/COOKIE, why not use $_REQUEST? Suppose you have a form that posts set hidden values. A malicious user could modify the URI to change those values. Which raises the question, in the scenario above, you may have an identical 'post' value and 'get' value submitted to the same page. Which takes precidence in $_REQUEST? Interesting idea. But, a malicious user would probably send a POST, with the modified hidden values. Using $_REQUEST may make it easier for them to alter the values, but your php page needs to handle the possibility of modified values anyway. IF you have the identical POST and GET value-names, you will need to use $_GET and $_POST to identify them. But, this isn't a security issue, more of a coding-style issue. So, I still don't see a security problem -- unless I misunderstood the modified hidden post values issue. DanB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] A tricky little addition
Hello, If I have a variety of submit buttons all called 'add' but with different vaues, (food types fish, pork, beef ) I want to feed this into a function to increment the corresponfding cookies value by 1. This is what I have so far if (isset($add)){ $variable= $.$add; echo the variable is.$variable; $variable = intval($_COOKIE['cookie']['$add']); echo $variable; $variable++; setcookie(cookie[$add], $fish fish); echo var_dump($_COOKIE['cookie']['fish']); } So if add = fish, I need to make a variable $fish and then retrieve the current value of fish from the cookie using the var_dump function. $variable= $.$add; echo the variable is.$variable; $variable = intval($_COOKIE['cookie']['$add']); The problem is in these three lines. I need to make an on-the-fly vairable based on the button that has been pressed. I hope this makes sense, Any other suggestions would be appreciated R. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: trying to figure out the best/efficient way to tell whois logged into a site..
Dan Baker wrote: Why is using $_REQUEST a security issue? You know every value in the entire array came from the end-user, and needs to be validated somehow. If your code is written so the end-user can send this data to you via a POST/GET/COOKIE, why not use $_REQUEST? On the one hand, you can't trust anything that came from the client, but on the other if you're expecting a variable to come from a cookie and instead it comes from a get you know something weird is going on, but using $_REQUEST you'll be oblivious. You ought to know where your variable values are coming from, $_REQUEST hides this. In older versions of PHP4 this is even more of an issue since $_FILE information was also included in $_REQUEST. If someone uploades a file while including conflicting information from another source (cookie, post, get) this could lead to all sorts of problems. And the lazy guy answer... typing $_POST and $_GET is faster than typing $_REQUEST ;-). - Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A tricky little addition
the syntax for variable variables is: $variable= $$add; or alternatively: $variable= ${$add}; Jordan On Sep 14, 2005, at 2:25 PM, Ross wrote: $variable= $.$add; -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: trying to figure out the best/efficient way to tell whois loggedinto a site..
Ben [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Dan Baker wrote: Why is using $_REQUEST a security issue? You know every value in the entire array came from the end-user, and needs to be validated somehow. If your code is written so the end-user can send this data to you via a POST/GET/COOKIE, why not use $_REQUEST? On the one hand, you can't trust anything that came from the client, but on the other if you're expecting a variable to come from a cookie and instead it comes from a get you know something weird is going on, but using $_REQUEST you'll be oblivious. You ought to know where your variable values are coming from, $_REQUEST hides this. Interesting, but I think I wouldn't spend the extra code to detect if I was expecting a POST, but got a GET. If I didn't get the value from POST, I'd just assume it wasn't there -- I wouldn't go looking elsewhere for it, and report an error. The *main* reason I use $_REQUEST is so I can code up GET and POST pages that all are handled by the same php functions. I may have an item called Key that contains what the end-user is expected to be doing (User.Create or User.Edit or whatever). Then I may have a link (GET) that has ?Key=User.Create, while a form (POST) that has a hidden value Key with value User.Create. I don't really care if it came from a GET or POST -- if the data is all valid, I'll allow it to work. In older versions of PHP4 this is even more of an issue since $_FILE information was also included in $_REQUEST. If someone uploades a file while including conflicting information from another source (cookie, post, get) this could lead to all sorts of problems. I didn't know this one. This might cause problems for me. And the lazy guy answer... typing $_POST and $_GET is faster than typing $_REQUEST ;-). This is, by far, the best reason I've ever heard! grin DanB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php/mysql object id question..
hi... i have the following psuedo code... i'm showing the pertinent parts, and eliminating the rest... -- class sql { function sql(...) { return false mysql_ mysql_ } } $db = new sql(...) echo db = .$db; $db comes back as an object id.. even when i force a 'return false'. it appears that no matter what i do, the class constructor returns an object id!!! the weird thing is that it gets to the 'return false' and then still seems to return the 'object id' i've also replaced 'false' with other values to see if it made a diff.. it didn't which is good... i would have really hit the roof then!! so.. why is this behavior occuring. any ideas as to why? or, am i just too tired right now! thanks bruce ps.. i could use the $db, object ID, and try to see if it actually access the db, in order to determine if it actually exists. but i shouldn't have to do that... the class should return false!!! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php/mysql object id question..
On Wednesday 14 September 2005 03:42 pm, bruce wrote: hi... i have the following psuedo code... i'm showing the pertinent parts, and eliminating the rest... -- class sql { function sql(...) { return false mysql_ mysql_ } } $db = new sql(...) The new sql() is returning an object because that is what your asking for. now if you did a $db-sql() that'd return false. yes you did put a return false in the constructor but an object is what is being created and thus what is being returned. In my opinion a return anything within the constructor shouldn't be allowed. This might be the behavior in newer versions but I don't know. newer syntax is: class sql { function __construct (...) { ... } } truthfully when you do the $db = new sql(...); you are not running that function.. you are instantiating a new instance of sql which is invoking the object's constructor. echo db = .$db; $db comes back as an object id.. even when i force a 'return false'. it appears that no matter what i do, the class constructor returns an object id!!! the weird thing is that it gets to the 'return false' and then still seems to return the 'object id' i've also replaced 'false' with other values to see if it made a diff.. it didn't which is good... i would have really hit the roof then!! so.. why is this behavior occuring. any ideas as to why? or, am i just too tired right now! thanks bruce ps.. i could use the $db, object ID, and try to see if it actually access the db, in order to determine if it actually exists. but i shouldn't have to do that... the class should return false!!! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php/mysql object id question..
stephen, you're correct regarding what's going on... i had taken some code used in phpBB, and blindly slammed it into my app to test out their db class... i had assumed that it worked guess what!!! in their constructor, they have the 'return false' arrggghh!!! a quick look at google, and it appears that you can't return any val from a constructor. in fact, the 'object id' that's being returned appears to simply be (as you stated) the instance of the class that was created... as opposed to a return val... thoughts/comments/etc... -bruce -Original Message- From: Stephen Leaf [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 14, 2005 1:51 PM To: php-general@lists.php.net Subject: Re: [PHP] php/mysql object id question.. On Wednesday 14 September 2005 03:42 pm, bruce wrote: hi... i have the following psuedo code... i'm showing the pertinent parts, and eliminating the rest... -- class sql { function sql(...) { return false mysql_ mysql_ } } $db = new sql(...) The new sql() is returning an object because that is what your asking for. now if you did a $db-sql() that'd return false. yes you did put a return false in the constructor but an object is what is being created and thus what is being returned. In my opinion a return anything within the constructor shouldn't be allowed. This might be the behavior in newer versions but I don't know. newer syntax is: class sql { function __construct (...) { ... } } truthfully when you do the $db = new sql(...); you are not running that function.. you are instantiating a new instance of sql which is invoking the object's constructor. echo db = .$db; $db comes back as an object id.. even when i force a 'return false'. it appears that no matter what i do, the class constructor returns an object id!!! the weird thing is that it gets to the 'return false' and then still seems to return the 'object id' i've also replaced 'false' with other values to see if it made a diff.. it didn't which is good... i would have really hit the roof then!! so.. why is this behavior occuring. any ideas as to why? or, am i just too tired right now! thanks bruce ps.. i could use the $db, object ID, and try to see if it actually access the db, in order to determine if it actually exists. but i shouldn't have to do that... the class should return false!!! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: trying to figure out the best/efficient way to tell whois loggedinto a site..
Dan Baker wrote: On the one hand, you can't trust anything that came from the client, but on the other if you're expecting a variable to come from a cookie and instead it comes from a get you know something weird is going on, but using $_REQUEST you'll be oblivious. You ought to know where your variable values are coming from, $_REQUEST hides this. Interesting, but I think I wouldn't spend the extra code to detect if I was expecting a POST, but got a GET. If I didn't get the value from POST, I'd just assume it wasn't there -- I wouldn't go looking elsewhere for it, and report an error. Sorry, I didn't mean to suggest you spend the extra time checking to see if you got a get when expecting a cookie, I meant to suggest that if you were expecting a cookie you only look for a cookie and therefore ignore the get (and generate whatever error is appropriate if you didn't get the value). No point doing any extra coding. The point was that you shouldn't accept a variable from where you weren't expecting it, which $_REQUEST doesn't allow you to do. The *main* reason I use $_REQUEST is so I can code up GET and POST pages that all are handled by the same php functions. I may have an item called Key that contains what the end-user is expected to be doing (User.Create or User.Edit or whatever). Then I may have a link (GET) that has ?Key=User.Create, while a form (POST) that has a hidden value Key with value User.Create. I don't really care if it came from a GET or POST -- if the data is all valid, I'll allow it to work. How are you passing your values to your functions? If you stick to local variables in your functions they won't care where you got the values from. Deal with the post or get values in whatever script handles your form submissions and have it pass the values on to your functions. IE In your post handling script: $result=doSomething($_POST['this'],$_POST['that']); In your get handling script: $result=doSomething($_GET['this'],$_GET['that']); - Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: trying to figure out the best/efficient way to tell whois loggedinto a site..
Dan Baker wrote: Ben [EMAIL PROTECTED] wrote in message [snip] Interesting, but I think I wouldn't spend the extra code to detect if I was expecting a POST, but got a GET. If I didn't get the value from POST, I'd just assume it wasn't there -- I wouldn't go looking elsewhere for it, and report an error. There's no extra code with !empty($_POST['whatever']). They didn't send the information in the correct format (as a $_POST), so more than likely it's someone trying to do something funny. So ignore it or whatever. It's a real fast way to check if the data your getting came from your form. You still need to do all the other checks too. I see it not as a real security measure per se, but more like an initial check to make sure what I'm getting from my forms (may) have really came from my forms. If you can eliminate some funn business right off the bat then you don't have to do any extra processing on what most probably is bad data. [snip] And the lazy guy answer... typing $_POST and $_GET is faster than typing $_REQUEST ;-). This is, by far, the best reason I've ever heard! grin DanB I'd agree with that one too! ;) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Webservices and PHP - thanx!
Hi there! Thanx you all for help with this issue... /G http://www.varupiraten.se/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php/mysql object id question..
bruce wrote: stephen, you're correct regarding what's going on... i had taken some code used in phpBB, and blindly slammed it into my app to test out their db class... i had assumed that it worked guess what!!! in their constructor, they have the 'return false' arrggghh!!! a quick look at google, and it appears that you can't return any val from a constructor. in fact, the 'object id' that's being returned appears to simply be (as you stated) the instance of the class that was created... as opposed to a return val... thoughts/comments/etc... -bruce Sounds like a good thing to me. What would happen to your code if the constructor returned false? How would you handle it? And why would you want it to in the first place? The return from a = new Class(); should be an object as you're assigning it to a variable that is supposed to represent the object. If your doing something in the constructor that might return false, then set a property in the class to false and check that. IE for a database class if you set up your connection in the constructor then do a psudocode if(!mysql_connect...){ $this-connected = false; } /psudocode and then check $db-connected after a $db = new DB(); or whatever your doing. Don't get me wrong, I had a lot of return false;'s in my constructors before I found out you can't do that, then started to wonder why I would want to. ;) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php/mysql object id question..
bruce wrote: in their constructor, they have the 'return false' arrggghh!!! a quick look at google, and it appears that you can't return any val from a constructor. in fact, the 'object id' that's being returned appears to simply be (as you stated) the instance of the class that was created... as opposed to a return val... If you want to stop the object from being created for any reason (e.g. connection to database failed) and you're using PHP 5, I believe that you can throw an exception in the constructor. From http://php.net/language.oop5.basic : An object will always be assigned when creating a new object unless the object has a constructor defined that throws an exception on error. -- Jasper Bryant-Greene Freelance web developer http://jasper.bryant-greene.name/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] size limit in mysql tables?
I have a simple database with one table with about 6 fields, just holding filenames, filepaths and sizes. Very basic audit for management here. Problem is I import a load of records into this table and it seems to only allow me to put in about 550,000 records. Maybe it's just mysqlFront that can only display that many records or something. Anybody know of a size or record limit in mysql tables? The actual size of the database is about 70Mb. Not huge really.
[PHP] Size limits of mysql
Hi All, I have a simple database with one table with about 6 fields, just holding filenames, filepaths and sizes. Very basic audit for management here. Problem is I import a load of records into this table and it seems to only allow me to put in about 550,000 records.Maybe it's just mysqlFront that can only display that many records or something. Anybody know of a size or record limit in mysql tables? The actual size of the database is about 70Mb. Not huge really. Thanks Matthew
RE: [PHP] launch app
The only thing that you can do is the same as sourceforge.net does. Bring up a web page that says yadadad download this etc. then in the header make it redirect to a file on the web server after 3 seconds or something. Go download something off sourceforge to see what I'm on about. :) I have the same problem. I wrote a program to gather stuff of a persons machine. Works like a charm. Written in visual basic using only API calls and myvbsql calls to write to a mysql database. We put it in the login script. My boss wanted to make it like windows update so it runs when you visit our intranet. I put that idea in the 'good idea but too hard basket'. :) -Original Message- From: Ed Lazor [mailto:[EMAIL PROTECTED] Sent: Wednesday, 14 September 2005 11:50 AM To: php-general@lists.php.net Subject: [PHP] launch app What's the best way to send an executable to a client desktop in PHP? I'm doing a project where we need to check and see which files need to be updated on a client-desktop. The idea is for a user to visit the website, an executable launches, checks the files on the drive, and then sends the data back to the website. It's all on the up and up - I'm not trying to do anything bad to the user. The site is designed to maintain a product that they're purchasing from us. Screens will explain what's going on. I also believe the browser will display something - not completely sure how to trigger this, but I think it's something to do with having executables signed - I'd appreciate if you have any advice on how to do this also. Thanks, Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Size limits of mysql
I have a simple database with one table with about 6 fields, just holding filenames, filepaths and sizes. Very basic audit for management here. Problem is I import a load of records into this table and it seems to only allow me to put in about 550,000 records.Maybe it's just mysqlFront that can only display that many records or something. Anybody know of a size or record limit in mysql tables? The actual size of the database is about 70Mb. Not huge really. I don't know the actual limit, but you are nowhere near hitting it. Not even close... I suspect it's your mysqlFront app that is having issues. Or just an issue in trying to display 550,000 records at once. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: trying to figure out the best/efficient way to tell whois logged into a site..
Suppose you have a form that posts set hidden values. A malicious user could modify the URI to change those values. A malicious user could just as easily modify the http header that sets the POST, or the cookie that sets the COOKIE, or whatever. In other words, if it comes from the user, it could have been tampered with. Which raises the question, in the scenario above, you may have an identical 'post' value and 'get' value submitted to the same page. Which takes precidence in $_REQUEST? That is configurable in php.ini (I think). By default, COOKIE overwrites POST overwrites GET. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php/mysql object id question..
it's not my understanding/use of classes.. my issue is that i was blindly using code that's been used by a lot of people, but that it obviously hadn't been thoroughly checked!! but then, i'm starting to realize that there's probably a great deal of 'opensource' code that's in use that hasn't been thoroughly vetted. when i used to be a software engineer, there's no way in hell that my teams would have offered some of this up for consumption.. -bruce lloks like i'm going to need to start remembering/using that which i long ago tried to forget!! -Original Message- From: Edward Vermillion [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 14, 2005 2:46 PM To: [EMAIL PROTECTED] Cc: php-general@lists.php.net Subject: Re: [PHP] php/mysql object id question.. bruce wrote: stephen, you're correct regarding what's going on... i had taken some code used in phpBB, and blindly slammed it into my app to test out their db class... i had assumed that it worked guess what!!! in their constructor, they have the 'return false' arrggghh!!! a quick look at google, and it appears that you can't return any val from a constructor. in fact, the 'object id' that's being returned appears to simply be (as you stated) the instance of the class that was created... as opposed to a return val... thoughts/comments/etc... -bruce Sounds like a good thing to me. What would happen to your code if the constructor returned false? How would you handle it? And why would you want it to in the first place? The return from a = new Class(); should be an object as you're assigning it to a variable that is supposed to represent the object. If your doing something in the constructor that might return false, then set a property in the class to false and check that. IE for a database class if you set up your connection in the constructor then do a psudocode if(!mysql_connect...){ $this-connected = false; } /psudocode and then check $db-connected after a $db = new DB(); or whatever your doing. Don't get me wrong, I had a lot of return false;'s in my constructors before I found out you can't do that, then started to wonder why I would want to. ;) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] RE: [suspicious - maybe spam] [PHP] [suspicious - maybe spam] RE: Issues with News sites again...
On Wed, September 14, 2005 9:46 am, Jay Blanchard wrote: At the risk of starting another globals holy war, the reply that you received was a generalization that reflects the potential ( NOTE THAT) security risks from having register globals 'on'. The poster was essentially correct, misuse of globals opens up a whole can of potential security issues. I will refer you to several good PHP security resources at http://www.shiflett.org I was frankly rather pissed when register_globals went off *I* do not have any uninitialized variables anywhere in any scripts on any site I ever built. Period. Upon reflection, though... In the unlikely event that I break down and give in to client demands to install some lame-ass bulletin board with all its *other* security holes, it's pretty much guaranteed their crappy PHP code ALSO has a zillion uninitialized variables. Even phpLIB, which sort of morphed into PEAR (???) used to have a bunch of uninitialized member variables. It wouldn't even run on my server since I had E_ALL cranked up. Their first patch for that was to just change my warnings dynamically. Then not change them BACK at the end of their code. Blech. Sure, I'd LIKE to educate every PHP scripter to never use an uninitialized variable. And I'd LOVE to change the default error_reporting in php.ini to E_ALL. But neither of those is likely to happen, and the best band-aid we can muster is register_globals off That said, the real culprits, as far as I can tell, are just doing extract($_POST), at which point they might as well have just left register_globals on anyway... register_globals off is a band-aid. How the PHP community can fix this problem for real is not something to be figured out in a 10-minute PHP-General discussion. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: trying to figure out the best/efficient way to tell whois loggedinto a site..
On Wed, September 14, 2005 4:03 pm, Ben wrote: using $_REQUEST you'll be oblivious. You ought to know where your variable values are coming from, $_REQUEST hides this. I think I must object to saying $_REQUEST hides this. $_REQUEST tells you it came from POST or GET (or COOKIE) Anyway, I have several applications where both GET and POST are supported, and behave the same, using $_REQUEST. I really don't care if somebody wants to web-scrape with GET instead of POST, or even if they manage to fargle their Cookies to get the data they need. GET, POST, and COOKIE are all equally untrustworthy in my eyes. Lumping them into one big mess to deal with, and responding to them the same makes sense to me from a Security standpoint. And certainly providing an HTTP response to both GET/POST, not caring which way the requestor asked for it, doesn't matter to me. I don't think it reduces security to not care about whether the request is GET or POST -- Any moron can fake up either GET or POST in minutes. No difference, in the Big Picture. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: trying to figure out the best/efficient way to tell whois logged into a site..
On Wed, September 14, 2005 2:08 pm, Jim Moseby wrote: Suppose you have a form that posts set hidden values. A malicious user could modify the URI to change those values. Sure. Or they could save your HTML on their hard drive, edit it in their editor of choice (some of which require NO brains to drive) and then POST the modified data back to you. POST is *NOT* *NOT* *NOT* more safe nor less likely to be modified than GET. Well, okay, maybe the dumbest of the dumb can't figure out how to save/edit HTML... The point is that relying on POST being safer than the user modifying the GET paramters of a URL is just plain silly. You're putting a barrier in place that is about an eighth of an inch high. It's not much of a barrier. Meanwhile, you now have to clean *ALL* of $_GET/$_POST/$_COOKIE in three different iterative constructs. Or you could do *one* iteration and clean $_REQUEST, and ignore $_GET/$_POST/$_COOKIE Which raises the question, in the scenario above, you may have an identical 'post' value and 'get' value submitted to the same page. Which takes precidence in $_REQUEST? The precedence is CLEARLY defined in the GPC settings in php.ini! If you don't like the default precedence order, feel free to change it. Or you can accept the default precedence, which is probably the safest assumption for portable code. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A tricky little addition
On Wed, September 14, 2005 2:25 pm, Ross wrote: Hello, If I have a variety of submit buttons all called 'add' but with different vaues, (food types fish, pork, beef ) I want to feed this into a function to increment the corresponfding cookies value by 1. This is what I have so far if (isset($add)){ $variable= $.$add; echo the variable is.$variable; $variable = intval($_COOKIE['cookie']['$add']); echo $variable; $variable++; setcookie(cookie[$add], $fish fish); echo var_dump($_COOKIE['cookie']['fish']); } So if add = fish, I need to make a variable $fish and then retrieve the current value of fish from the cookie using the var_dump function. $fish = 1; $$add++; echo fish is now: $fishbr /\n; You may also want to consider using: input type=submit name=add[fish] value=Fish / You can then look into the $_POST['add'] array and find 'fish' as the key with http://php.net/key or similar functions. Variable variables might be a bit tricky to understand and easy to mess up, but arrays are, for MOST users, easier. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: trying to figure out the best/efficient way to tell whois logged into a site..
On Wed, September 14, 2005 1:57 pm, Dan Baker wrote: (snipped) If you're going to use $_REQUEST you might as well just turn on register globals (no, don't!). More mis-information. $_REQUEST is simply the array_merge() of $_GET, $_POST, and $_COOKIE. You either check the contents of any of those 4 $_ variables for what variables you expect. Or you don't check the keys, in which case you might as well have register_globals on because you *ARE* initializing your un-initialized script variables with whatever comes in from the outside world. But it really does NOT matter that you assume all of $_REQUEST is equally suspect, and validate that, and use it, instead of doing GET/POST separately. Or, at least, not in terms of register_globals being on/off. If you are using the same variable in both GET and POST in one request, yeah, you need to look into both to get the two values. But that's usually a Bad Idea, since it's too confusing to get the same variable in both at once. But, really, the user over-writing GET data with POST data (or vice versa) is a non-issue. The malicious user can just as easily over-write POST data with whatever POST data they want to send you in the first place! register_globals is all about the user providing default values for un-initialized variables. It's got NOTHING to do with GET versus POST data being more/less suspect , or GET/POST over-writing POST/GET 99.9% of the people who insist on using GET/POST instead of REQUEST mistakenly believe that POST is more secure than GET. They're wrong on that score. There may be OTHER reasons to use GET/POST, if only to be clear on where you expect the data to come from in the other parts of the application, but it's not about security It can't be about Security because POST and GET are equally easy to forge and send in, so any Security measure based on them being different is flawed, by definition. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] launch app
On Tue, September 13, 2005 9:19 pm, Ed Lazor wrote: What's the best way to send an executable to a client desktop in PHP? readfile(/full/path/to/file.exe); I'm doing a project where we need to check and see which files need to be updated on a client-desktop. The idea is for a user to visit the website, an executable launches, checks the files on the drive, and then sends the data back to the website. Not gonna happen. Web browsers simply do *NOT* do that. Well, MS IE does that, with signed content, from Microsoft, when you update MS software through their browser. So, I guess one solution is to write your own OS, and your own Browser, and then you can do whatever you want. :-) It's all on the up and up - I'm not trying to do anything bad to the user. The site is designed to maintain a product that they're purchasing from us. Screens will explain what's going on. I also believe the browser will display something - not completely sure how to trigger this, but I think it's something to do with having executables signed - I'd appreciate if you have any advice on how to do this also. If your application is already on their desktop, you can add some simple code to it to phone home and check for updates in YOUR application, and to download them, and install them. But at no point in this will there be a web browser, nor PHP. Unless you write it in PHP-GTK http://gtk.php.net :-) Actually, I suppose you could pay MS enough money to get your product included in their distribution channels, and installed/upgraded through that process... That's going to cost a LOT more than just DIY in your own application. But obviously if the 300-pound gorilla is shoving your bananas down every throat, then maybe that's a good thing. For you and your bananas. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quick Poll: PHP 4 / 5
On Tue, September 13, 2005 7:50 pm, Manuel Lemos wrote: I also am a bit surprised for the tremendous lack of interest to upgrade to PHP 5. Ok, I expected that many people would not want to upgrade due to the nightmare of dealing with backwards incompatible changes, but I did not expect that the statistics would be so overwhealming. I think there are simply no must have features in PHP 5. It's being treated more like a minor incremental release -- something to be done when a NEW machine or application needs to be built/written. I guess this should ring a lot of bells for those that expect to develop products targetted to PHP 5, because the numbers seem to show that PHP 5 is a flop, despite PHP 5.0.0 was released more than 1 year ago. I don't think that makes PHP 5 a flop We had this same issue (and experience) when PHP3 - PHP4 came around. People held onto PHP3 a lot longer than the hard-core developers/users expected. There is so much FUD in upgrading, that crucial uses simply won't upgrade until more time passes with no bugs/issues. My webhost is building new boxes with PHP5 and leaving the old ones alone with PHP4 -- So his new clients get PHP5, and old sites aren't broken by any of the rare incompatibilities. Some of my sites are on 5. Some are on 4. I can't tell a difference. That's a Good Thing in that PHP5 *IS* that backwards compatible. It's a Bad Thing in that I'm not gonna bug my host to upgrade or move my sites to PHP5, since I can't even notice a difference. 'Course I got zero interest in PHP OOP, XML, and any of the new features of PHP5 anyway, so I might be the exception. But webhosts will move to 5 when their clients demand it, not the other way around. For sure, getting RedHat (et al) to move to PHP5 for default install is the first big crucial step. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problems with strings being handled like numbers
On Tue, September 13, 2005 7:48 pm, J B wrote: On 9/13/05, Chris [EMAIL PROTECTED] wrote: Are you sure you're getting the number as you need it from the query? PHP won't (though I guess there could be a bug) automatically convert a numerical string into it's numerical equivalent. If the code you posted produces this problem, then the only possiblities I see are that the mssql module is returning a number, or the database query is returning that particular string. (Sorry to Chris for getting this twice, I accidentally didn't reply to the list) First of all, thanks for the absurdly fast reply. I've been playing with it and it looks like mssql_fetch_row may be the problem. Right after this line: $line = mssql_fetch_row($result); ...I inserted this line: var_dump($line[0]); ...and this is what I got back: string(20) 3.67124100206018e+17 The actual contents of that cell should be 367124100206018209. So it looks like the contents of the cell have already been mangled before they're even assigned to the array variables (which would explain why my previous attempts at typecasting at assignment time weren't having any effect...it was already a string). Is there some way I can tell mssql_fetch_row() to leave the contents alone? By the way, if I do SELECT cast(Number as char) from Voucher... and leave the rest of it the same, I do get the whole number...but that seems kinda inelegant. Is this expected behaviour for mssql_fetch_row()? Yes. It's not actually mssql_fetch_row() that is changing the data, per se. mssql_* and PHP know that the data is supposed to be integer But the largest integer that PHP can store is 0x. So when PHP tries to accept the integer from mssql_fetch_row, it's got no room to store it as integer, and HAS to convert it to float. You need to keep it char if you expect to work with integers that large. There are mathematical packages in PHP that let you manipulate large integers. Well, actually, you manipulate large strings that happen to LOOK like integers, since they're not really integers in PHP if they're bigger than 0x One of those extensions is called BC_MATH. I forget the other (newer, better) extension name. But I'm sure you can find it in http://php.net/manual as fast as I can. If you JUST want to display it, and not manipulate it in PHP, you can ignore that bit about BC_MATH and the other extension. You'll need to use the typecast to char in MSSQL no matter what, cuz ain't no way PHP is gonna store an integer bigger than 0x as an integer. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quick Poll: PHP 4 / 5
Manuel Lemos schrieb: In theory those are the only changes. In practice, besides the officially admitted changes, there are also the bugs that were not yet discovered or fixed. Examples? Links? More information on this? The fact is that on http://bugs.php.net/ A reference where _I_ have to search is something like a non-answer... php.internals there are discussions to reduce the number of maintained development threads. In the not-so-far future they will reduce the manpower put into backporting bugfixes to the PHP4.x development branch since 5.x is the HEAD revision and everything is first fixed there. I In theory yes, in practice no. As a matter of fact PHP 4.4 was introduced after PHP 5.0, although the new version, new bugs is the same. PHP 4.4.0 is dated 11-Jul-2005 and kind of a -break-stuff version (the reference notice). PHP 5.0.5 is a bit late here (05-Sep-2005) but it fixes about two times as many bugs AND inbetween there has been the RC1 of PHP 5.1. Speaking of releases it seems true that The 4.x branch is quicker but looking at php.internals one can see that the people there fix it in the HEAD revision and then complain about having to backport fixes to the other branches and they want to get rid of this by just backporting _serious_ fixes. think all old stuff is just as mature in PHP5 as you know it from PHP4 and if some errors are found they are likely to be fixed more quickly for the 5.x release. The new stuff (that wasn't there before 5.0) almost certainly has more bugs since it's younger but that's no argument since this isn't relevant for old projects. Right, that is why most people with old projects will not upgrade to PHP 5. I've got PHP5 and 4 running on the same machine. [OO bologna] That is not the point. The point is that you said that people using PHP 4 do not see the benefits of OOP, as if they cannot do OOP in PHP 4. No, I said that those people have a pre-PHP background that keeps them from seeing any use for OOP at all. The procedural programming paradigma is so clean and simple because it doesn't deal with larger concepts like abstract datatypes and their methods. One can quicker start doing stuff: some simple variable types, functions to manipulate them, that's it. On the other side, there's object orientation. The datatypes are alive, they can do things themselves. Then there are interfaces, contracts about using things so that you can use different datatypes in the same way. And so on and so on. All this are more complex concepts that a programmer only realizes with the right background. And a lot of the PHP programmers come from non-OOP languages or start programming in PHP with no background at all. Even (and this is not the main, but a subpoint) in the pre-PHP5 era PHP had some kind of OOP but was not evangelising its use. The reality is that even in PHP 3 you can use benefit of OOP features such as encapsulation and inheritance. PHP 5 adds more OOP features, some copied from Java and Visual Basic, but that does not mean developers must use PHP 5 to do OOP. That depends on how one defines OOP. Some people are satisfied with what PHP3 offered, other people say that even PHP5 is not featuring some of the most important features (like namespaces or proper overloading of method prototypes without manually parsing the parameter array). For me, destructors and delegation (or multiple inheritance) are important points for an object oriented language. On the opposite, I don't like exceptions because I hate the jumping around in the code. So everyone has different expectations of OOP. It is also curious that you mention Visual Basic as if you could not do OOP in Visual Basic either. Did you know that not only you can do OOP since a long time ago in Visual Basic, but also you can make object variable accesses be implicitly implemented with setter and getter functions like you can now in PHP 5? I just refer to VisualBasic because some of the most ugly code I have ever seen is Visual Basic code. I might as well have mentioned Perl. Perl features a complete OOP implementation but it's such an ugly thing that the ordinary Java programmer would simply commit suicide if forced to use it. [scratch vs reuse] In theory yes, in practice nobody starts projects from scratch. Usually you reuse class libraries that are proven and implement many basic function. Many of those class libraries were built for PHP 4, not for PHP 5. Some are complex and large. If you use them in PHP 5 with prior certification chances are that you may stumble in PHP 5 bugs and backwards incompatible changes that make such libraries not work properly. Then even your new projects may be affected. First of all, in many cases code reuse still is a myth. I hate to say it but it's true. Then, a large potion of the PHP community hasn't even heard of PEAR. Then, people definitely start projects from scratch. If they didn't, there would be no PHPUnit2, Creole or
[PHP] Re: Webservices and PHP - thanx!
http://de.php.net/soap Short to not there questions provoke short answers AllOLLi I let you borrow my eggs for a whole year! [Susan on DH 106] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] mysql query
I have a table colum in mysql with two fields: day and month. I would like to know if it's possible to make a query where I can determine if exist days before to a selected day, for example: if I have in my table: day 19 - month 05, I wish to know if there are previous days inserted at the 19, the days they are not inserted in the table, they are inserted according your selection, what I want to get is that every time that you insert a day, I want to check if there are days previous to the one already inserted in the table in the same month, in case that there are not them then they owe you to insert together with the one selected, I wait they understand me what I want: I work php/mysql. sorry for my english i'm cuban Thank you and excuse the nuisances -- Este mensaje ha sido analizado por MailScanner en busca de virus y otros contenidos peligrosos, y se considera que está limpio. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php