Re: [PHP] T_PAAMAYIM_NEKUDOTAYIM
Jay Blanchard wrote: [snip] I was working with objects, and suddenly i got this error: *Parse error*: syntax error, unexpected T_PAAMAYIM_NEKUDOTAYIM in * D:\Apache\Apache(re)\Apache2\htdocs\Include.php* on line *11* is this like a bug in PHP or is it a valid error? thanks in advance [/snip] It means that you have two colons not being used correctly its a good thing this mailinglist is not about the practice of medicine ;-) http://www.php.net/manual/en/keyword.paamayim-nekudotayim.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] T_PAAMAYIM_NEKUDOTAYIM
It means that you have two colons not being used correctly its a good thing this mailinglist is not about the practice of medicine ;-) If it was, I suppose you would recommend 'colonic irrigation' then? Twice, perhaps? George -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Select and $_POST
Chris Shiflett wrote:
Ben Ramsey wrote:
$clean = array();
$sql = array();
Glad to see someone spreading this habit. :-) Thanks, Ben.
if (ctype_alnum($_POST['pass']))
{
$clean['pass'] = $_POST['pass'];
}
I think it's fine to cheat a bit with the password and trust the output
format of md5():
$clean['pass'] = md5((ini_get('magic_quotes_gpc') ?
stripslashes($_POST['pass']) : $_POST['pass']));
or users with quotes in their password won't be able to log in.
$clean['pass'] = md5($_POST['pass']);
Of course, it is best to use a salt:
$salt = 'SHIFLETT';
$clean['pass'] = md5($salt . md5($_POST['pass'] . $salt));
Chris
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] post and variables
Thanks fpr all the feedback on the password but I have another one...
How do I use $_POST with variables. Cant find an example of this anywhere on
php.net
if ($_POST['$table_name== 1']) {
//do something
}
Ta,
ross
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: post and variables
Sorry I got confused. I am using variable variables.
Disregard.
Ross [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Thanks fpr all the feedback on the password but I have another one...
How do I use $_POST with variables. Cant find an example of this anywhere
on php.net
if ($_POST['$table_name== 1']) {
//do something
}
Ta,
ross
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] post and variables
if (($_POST['$table_name']) == 1){
//do something
}
what you have is essentialll looking for a posted value called '$table_name==
1'!
Ross wrote:
Thanks fpr all the feedback on the password but I have another one...
How do I use $_POST with variables. Cant find an example of this anywhere on
php.net
if ($_POST['$table_name== 1']) {
//do something
}
Ta,
ross
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] post and variables
Hi Ross,
Thursday, November 10, 2005, 10:39:48 AM, you wrote:
How do I use $_POST with variables. Cant find an example of this
anywhere on php.net
if ($_POST['$table_name== 1']) {
if ($_POST['form_element_name'] == 'whatever')
There are many examples of this all over the web. You need to look
harder. Try Google for beginners guide to PHP.
Cheers,
Rich
--
Zend Certified Engineer
PHP Development Services
http://www.corephp.co.uk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: post and variables
Ross wrote:
Sorry I got confused. I am using variable variables.
Disregard.
Ross [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Thanks fpr all the feedback on the password but I have another one...
How do I use $_POST with variables. Cant find an example of this anywhere
on php.net
if ($_POST['$table_name== 1']) {
$tablename = 'yourtable';
if (isset($_POST[ $tablename ]) $_POST[ $tablename ] == 1) {
echo $tablename, ' has been selected';
}
//do something
}
Ta,
ross
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] undefined index and php
Before someone advises me to 'google' my question. I have and can't find a
PHP.net example either.
I have turned off registered globals and am updating my scripts so they work
but I keep getting an undefined index problem using $_POST
I tried this to set the value...
if (!isset($_POST['heading'])) {
$_POST ['heading'] = ;
}
because the following line give the notice 'undefined index' BEFORE the
submit button has been pressed..
? $heading_insert= stripslashes($_POST['heading']);?
R.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] undefined index and php
Ross wrote: because the following line give the notice 'undefined index' BEFORE the submit button has been pressed.. ? $heading_insert= stripslashes($_POST['heading']);? That's because before the submit button has been pressed, $_POST is empty and so 'heading' is indeed an undefined index. Try: $heading_insert = isset( $_POST['heading'] ) ? stripslashes( $_POST['heading'] ) : ''; By the way, while you're switching register_globals off, it might be a good idea to also switch off magic_quotes_gpc (the reason you need stripslashes() above) and short_open_tag (judging by your use of the non-portable ? open tag rather than ?php). Jasper -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] undefined index and php
I have never really used this abreviated format before why the question mark and the colon? What is the long hang eqivalent. I turned magic quotes off too. thanks. R. - Original Message - From: Jasper Bryant-Greene [EMAIL PROTECTED] To: Ross [EMAIL PROTECTED] Cc: php-general@lists.php.net Sent: Thursday, November 10, 2005 12:19 PM Subject: Re: [PHP] undefined index and php Ross wrote: because the following line give the notice 'undefined index' BEFORE the submit button has been pressed.. ? $heading_insert= stripslashes($_POST['heading']);? That's because before the submit button has been pressed, $_POST is empty and so 'heading' is indeed an undefined index. Try: $heading_insert = isset( $_POST['heading'] ) ? stripslashes( $_POST['heading'] ) : ''; By the way, while you're switching register_globals off, it might be a good idea to also switch off magic_quotes_gpc (the reason you need stripslashes() above) and short_open_tag (judging by your use of the non-portable ? open tag rather than ?php). Jasper -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: post and variables
Essentially, Ross, you can use $_POST variables as a regular associative
array. $_POST values come from the posted values in a form. If you have a
form element called table_name, and your form uses the post method (as
opposed to the get method), your script would have $_POST['table_name']
available to it. As the example below shows, you can then check its value.
The value of $_POST['table_name'] is the value that was entered in the
corresponding form element. In this case, you're looking to see if it's
equal to 1. If you want to output the value of a $_POST variable, you could
do something like
echo pThe value of table_name is {$_POST['table_name']}/p\n;
or if you don't have a free flowing input box you would probably want to
output the value with htmlentities or htmlspecialchars.
echo pThe value of table_name is . htmlentities($_POST['table_name']) .
/p\n;
I hope this helps. The previous posters are right though, there is lots of
documentation out there
Robbert
Ross wrote:
Sorry I got confused. I am using variable variables.
Disregard.
Ross [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Thanks fpr all the feedback on the password but I have another one...
How do I use $_POST with variables. Cant find an example of this anywhere
on php.net
if ($_POST['$table_name== 1']) {
$tablename = 'yourtable';
if (isset($_POST[ $tablename ]) $_POST[ $tablename ] == 1) {
echo $tablename, ' has been selected';
}
//do something
}
Ta,
ross
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] undefined index and php
The question mark and colon is the equivalent for the iif function. It's a short hand for if/else. You start with the expression, and if true, do what's after the question mark and if false, after the column. Robbert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, November 10, 2005 4:58 AM To: php-general@lists.php.net Subject: Re: [PHP] undefined index and php I have never really used this abreviated format before why the question mark and the colon? What is the long hang eqivalent. I turned magic quotes off too. thanks. R. - Original Message - From: Jasper Bryant-Greene [EMAIL PROTECTED] To: Ross [EMAIL PROTECTED] Cc: php-general@lists.php.net Sent: Thursday, November 10, 2005 12:19 PM Subject: Re: [PHP] undefined index and php Ross wrote: because the following line give the notice 'undefined index' BEFORE the submit button has been pressed.. ? $heading_insert= stripslashes($_POST['heading']);? That's because before the submit button has been pressed, $_POST is empty and so 'heading' is indeed an undefined index. Try: $heading_insert = isset( $_POST['heading'] ) ? stripslashes( $_POST['heading'] ) : ''; By the way, while you're switching register_globals off, it might be a good idea to also switch off magic_quotes_gpc (the reason you need stripslashes() above) and short_open_tag (judging by your use of the non-portable ? open tag rather than ?php). Jasper -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] undefined index and php
Robbert van Andel wrote: The question mark and colon is the equivalent for the iif function. It's a 'if () ...' is not a function it's a language construct. they are different :-) for instance 'echo' is also a language construct which is why it does not require brackets e.g. $space = ' '; echo hello,$space,world; short hand for if/else. You start with the expression, and if true, do what's after the question mark and if false, after the column. Robbert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, November 10, 2005 4:58 AM To: php-general@lists.php.net Subject: Re: [PHP] undefined index and php I have never really used this abreviated format before why the question mark and the colon? What is the long hang eqivalent. I turned magic quotes off too. thanks. R. - Original Message - From: Jasper Bryant-Greene [EMAIL PROTECTED] To: Ross [EMAIL PROTECTED] Cc: php-general@lists.php.net Sent: Thursday, November 10, 2005 12:19 PM Subject: Re: [PHP] undefined index and php Ross wrote: because the following line give the notice 'undefined index' BEFORE the submit button has been pressed.. ? $heading_insert= stripslashes($_POST['heading']);? That's because before the submit button has been pressed, $_POST is empty and so 'heading' is indeed an undefined index. Try: $heading_insert = isset( $_POST['heading'] ) ? stripslashes( $_POST['heading'] ) : ''; By the way, while you're switching register_globals off, it might be a good idea to also switch off magic_quotes_gpc (the reason you need stripslashes() above) and short_open_tag (judging by your use of the non-portable ? open tag rather than ?php). Jasper -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] T_PAAMAYIM_NEKUDOTAYIM
That could get messy On 11/10/05, George Pitcher [EMAIL PROTECTED] wrote: It means that you have two colons not being used correctly its a good thing this mailinglist is not about the practice of medicine ;-) If it was, I suppose you would recommend 'colonic irrigation' then? Twice, perhaps? George -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] T_PAAMAYIM_NEKUDOTAYIM
[snip] It means that you have two colons not being used correctly its a good thing this mailinglist is not about the practice of medicine ;-) If it was, I suppose you would recommend 'colonic irrigation' then? Twice, perhaps? That could get messy [/snip] Well, you see what it did to his code already. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: undefined index and php
I tried this to set the value...
if (!isset($_POST['heading'])) {
$_POST ['heading'] = ;
}
because the following line give the notice 'undefined index' BEFORE the
submit button has been pressed..
? $heading_insert= stripslashes($_POST['heading']);?
What everyone else said, but also:
It's not good practice (in fact I don't even know if it's possible) to
modify the contents $_POST programmatically. It contains, as you no doubt
know, all of the variables POSTed to the script, generally by the submission
of a form with method=POST.
It would be better for you to assign the contents of $_POST to local
variables. Firstly, you will be able to do any necessary checks and
modifications (length, variable type, presence of illegal characters and so
on) at the point when you create the variable. This will save you time if
you need to use the value multiple times on the same page.
example:
$heading='';
if (isset($_POST['heading'])) {
$heading=$_POST ['heading'];
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] T_PAAMAYIM_NEKUDOTAYIM
LOL coding mirrors life. On 11/10/05, Jay Blanchard [EMAIL PROTECTED] wrote: [snip] It means that you have two colons not being used correctly its a good thing this mailinglist is not about the practice of medicine ;-) If it was, I suppose you would recommend 'colonic irrigation' then? Twice, perhaps? That could get messy [/snip] Well, you see what it did to his code already. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Text between two tags
Hello I'm trying to extract some text between two tags: Example I have this string : $text='td/td td align=right class=yfnc_tabledata3/td td/td td align=right class=yfnc_tabledata2/td td/td td align=right class=yfnc_tabledata11234/td td/td td/td td/td td align=right class=yfnc_tabledata5/td '; And I want to retrieve the number 1234 between td align=right class=yfnc_tabledata1 and /td Any idea?? Normmy. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] java .vs php
Quoting [EMAIL PROTECTED]: I know Yahoo! uses PHP and I've heard Google does as well? Google uses Python. http://www.python.org/Quotes.html -- Romanian Web Developers - http://ROWD.ORG -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] undefined index and php
Hello. [EMAIL PROTECTED] wrote: why the question mark and the colon? What is the long hang eqivalent. That's the Ternary operator. Whether you want to get further information, go to: http://php.net/manual/en/language.operators.comparison.php Regards. -- Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Text between two tags
try explode using td align=right class=yfnc_tabledata1 then on array index[1] explode /td your answer will then be in index[0] Hope this helps Mike Message Received: Nov 10 2005, 03:01 PM From: Normmy2k [EMAIL PROTECTED] To: php-general@lists.php.net Cc: Subject: [PHP] Text between two tags Hello I'm trying to extract some text between two tags: Example I have this string : $text='td/td td align=right class=yfnc_tabledata3/td td/td td align=right class=yfnc_tabledata2/td td/td td align=right class=yfnc_tabledata11234/td td/td td/td td/td td align=right class=yfnc_tabledata5/td '; And I want to retrieve the number 1234 between td align=right class=yfnc_tabledata1 and /td Any idea?? Normmy. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] java .vs php
Google uses PHP too. For example: http://toolbar.google.com/failed.php http://toolbar.google.com/whatsnew.php3 http://www.google.co.ve/search?q=%22google+uses+php%22 Regards. Skippy wrote: Quoting [EMAIL PROTECTED]: I know Yahoo! uses PHP and I've heard Google does as well? Google uses Python. http://www.python.org/Quotes.html -- Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Catch the WMV first frame picture in PHP script?
Mr. M: Hello, thanks for your kind help. But my Linux system is Fedora Core 1 , there isn't any totem-video-thumbnailer. What should I do? Do I have to upgrade the Linux system to FC 3 or heigher ? (the Totem exists in FC3 ) or Is there any other method to solve this problem? Thanks a lot ! Fongming from Taiwn. M [EMAIL PROTECTED] 說: 張 峰銘 wrote: Hello: I'm try to design WMV movie upload system im my school. when teachers upload the wmv movie to the web , I hope I can grab the first frame picture of wmv and save it to a jpeg file. Dose any one do that before ? Is is difficult to implement in PHP ? (I'm in the Linux with Apache PHP MySQL) Thanks for any helps. You can execute totem-video-thumbnailer. It captures the middle frame, I think. The first one is mostly irrelevant or even blank anyway. ___ 郔陔唳 Yahoo!✽藻撈�r籵�� 7.0 betaㄛ轎愐鋒繚¦斕湖ㄐ http://messenger.yahoo.com.tw/beta.html
RE: [PHP] java .vs php
Google uses Java also: http://java.sun.com/developer/technicalArticles/J2SE/google/limoore.html Nate Tobik (412)661-5700 x206 VigilantMinds -Original Message- From: Gustavo Narea [mailto:[EMAIL PROTECTED] Sent: Thursday, November 10, 2005 10:25 AM To: php-general@lists.php.net Subject: Re: [PHP] java .vs php Google uses PHP too. For example: http://toolbar.google.com/failed.php http://toolbar.google.com/whatsnew.php3 http://www.google.co.ve/search?q=%22google+uses+php%22 Regards. Skippy wrote: Quoting [EMAIL PROTECTED]: I know Yahoo! uses PHP and I've heard Google does as well? Google uses Python. http://www.python.org/Quotes.html -- Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Text between two tags
HI, Hello I'm trying to extract some text between two tags: I am answering your question from the perspective that you are going to have more than one column that you want the data from. I would use this pattern and this code to test the pattern. ? $pattern=/(td align=\(.*)\ class=\(.*)\(.*)\/td)/; $text='td/td td align=right class=yfnc_tabledata3/td td/td td align=right class=yfnc_tabledata2/td td/td td align=right class=yfnc_tabledata11234/td td/td td/td td/td td align=right class=yfnc_tabledata5/td '; preg_match_all($pattern, $text, $matches); print_r($matches); ? This will give you: [0] = Array ( [0] = td align=right class=yfnc_tabledata3/td [1] = td align=right class=yfnc_tabledata2/td [2] = td align=right class=yfnc_tabledata11234/td ) [1] = Array ( [0] = td align=right class=yfnc_tabledata3/td [1] = td align=right class=yfnc_tabledata2/td [2] = td align=right class=yfnc_tabledata11234/td ) [2] = Array ( [0] = right [1] = right [2] = right ) [3] = Array ( [0] = yfnc_tabledata3 [1] = yfnc_tabledata2 [2] = yfnc_tabledata1 ) [4] = Array ( [0] = [1] = [2] = 1234 ) THen you can loop through $matches[4] and you will get all of the values in your row. $mathces[3] will give you your class names and $matches[2] will give you the alignment and $matches[1] will give you the whole td blah blah blah /td string. You could explode on tr and get each new row of your table in a new element in an array and repeat the process for your entire table. Do note that my regular expression will only return columns with a class name and align attribute. You can use $matches[0] elements if you are needing to replace what is there with other information. I hope this helps. Please let me know if it does what you are asking for as I am in need of good regular expression practice. If you are needing to alter my regex some you can use http://www.quanetic.com/regex.php to help. -- Leonard Burton, N9URK [EMAIL PROTECTED] The prolonged evacuation would have dramatically affected the survivability of the occupants. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] compiling PHP
HI All, I have been digitizing a bungh of 35 mm slides for a client and making a static index and putting all of this on a CD. They are getting to the stage where they would like it to be at least somewhat dynamic. On my laptop I have installed XAMPP and it seems to work decently well. Is there some distribution of PHP (similar to XAMPP) to where I could have it load up PHP (or at least a subset of it) so I could then have the autortun file open the browser to a file so I can provide them dynamic content based in PHP? XAMPP is not an option due to it potentially confusing the client. What do you all think? 73, -- Leonard Burton, N9URK [EMAIL PROTECTED] The prolonged evacuation would have dramatically affected the survivability of the occupants. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Text between two tags
Maybe just treat it like XML and use PHP's XML parsing routines. Should work
pretty good but maybe someone else has a better way of handling it. (code below)
-TG
// $string - contains your HTML string
$innerText = ;
$_XML_PARSER = xml_parser_create();
xml_set_element_handler($_XML_PARSER,'xml_open_element_function','xml_close_element_function');
xml_set_character_data_handler($_XML_PARSER,'xml_handle_character_data');
xml_parse($_XML_PARSER,$string,strlen($string));
xml_parser_free($_XML_PARSER);
echo $innerText;
function xml_response_open_element_function($p, $element, $attributes){
global $grabInnerText;
if (strtolower($element) == td AND $attributes['class'] ==
yfnc_tabledata1) {
$grabInnerText = true;
} else {
$grabInnerText = false;
}
}
function xml_response_close_element_function($p, $element){
global $grabInnerText;
// Probably unnecessary?
$grabInnerText = false;
}
function xml_response_handle_character_data_pdf($p, $cdata){
global $grabInnerText;
global $innerText;
if ($grabInnerText) {
$innerText .= $cdata;
}
}
= = = Original message = = =
Hello
I'm trying to extract some text between two tags:
Example
I have this string :
$text='td/td
td align=right class=yfnc_tabledata3/td
td/td
td align=right class=yfnc_tabledata2/td
td/td
td align=right class=yfnc_tabledata11234/td
td/td td/td td/td td align=right class=yfnc_tabledata5/td ';
And I want to retrieve the number 1234 between td align=right
class=yfnc_tabledata1 and /td
Any idea??
Normmy.
___
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] T_PAAMAYIM_NEKUDOTAYIM
Jay Blanchard wrote: [snip] It means that you have two colons not being used correctly its a good thing this mailinglist is not about the practice of medicine ;-) If it was, I suppose you would recommend 'colonic irrigation' then? Twice, perhaps? That could get messy [/snip] Well, you see what it did to his code already. still working on a joke that incorporates the phrase 'gonna rip you another asshole' - no luck yet :-) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] compiling PHP
[snip] I have been digitizing a bungh of 35 mm slides for a client and making a static index and putting all of this on a CD. They are getting to the stage where they would like it to be at least somewhat dynamic. On my laptop I have installed XAMPP and it seems to work decently well. Is there some distribution of PHP (similar to XAMPP) to where I could have it load up PHP (or at least a subset of it) so I could then have the autortun file open the browser to a file so I can provide them dynamic content based in PHP? XAMPP is not an option due to it potentially confusing the client. What do you all think? [/snip] I think I'd like a rum and coke, minus the coke. Look at http://www.priadoblender.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Text between two tags
Great example.. haha.. I knew someone would pull some nice regex out for this one.. I suck at regex. hah I still like my XML parsing fix, but Leonard's regex is probably better. hah -TG = = = Original message = = = HI, Hello I'm trying to extract some text between two tags: I am answering your question from the perspective that you are going to have more than one column that you want the data from. I would use this pattern and this code to test the pattern. ? $pattern=/(td align=\(.*)\ class=\(.*)\(.*)\/td)/; $text='td/td td align=right class=yfnc_tabledata3/td td/td td align=right class=yfnc_tabledata2/td td/td td align=right class=yfnc_tabledata11234/td td/td td/td td/td td align=right class=yfnc_tabledata5/td '; preg_match_all($pattern, $text, $matches); print_r($matches); ? This will give you: [0] = Array ( [0] = td align=right class=yfnc_tabledata3/td [1] = td align=right class=yfnc_tabledata2/td [2] = td align=right class=yfnc_tabledata11234/td ) [1] = Array ( [0] = td align=right class=yfnc_tabledata3/td [1] = td align=right class=yfnc_tabledata2/td [2] = td align=right class=yfnc_tabledata11234/td ) [2] = Array ( [0] = right [1] = right [2] = right ) [3] = Array ( [0] = yfnc_tabledata3 [1] = yfnc_tabledata2 [2] = yfnc_tabledata1 ) [4] = Array ( [0] = [1] = [2] = 1234 ) THen you can loop through $matches[4] and you will get all of the values in your row. $mathces[3] will give you your class names and $matches[2] will give you the alignment and $matches[1] will give you the whole td blah blah blah /td string. You could explode on tr and get each new row of your table in a new element in an array and repeat the process for your entire table. Do note that my regular expression will only return columns with a class name and align attribute. You can use $matches[0] elements if you are needing to replace what is there with other information. I hope this helps. Please let me know if it does what you are asking for as I am in need of good regular expression practice. If you are needing to alter my regex some you can use http://www.quanetic.com/regex.php to help. -- Leonard Burton, N9URK [EMAIL PROTECTED] The prolonged evacuation would have dramatically affected the survivability of the occupants. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php ___ Sent by ePrompter, the premier email notification software. Free download at http://www.ePrompter.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Select and $_POST
M wrote:
$clean['pass'] = md5((ini_get('magic_quotes_gpc') ?
stripslashes($_POST['pass']) : $_POST['pass']));
or users with quotes in their password won't be able to log in.
This is best handled in one place, so that it's easier to maintain and
less likely to be overlooked. In the examples provided, $_POST['pass']
is the password provided by the user.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: security code
rant mode=troll sarcasm=true anger=+3 replies=duck this email contains swearing so that the sensitive amongst you will be spared what I have to say (assuming you have a stupid 'Im a sensitive person, don't expose me to bad language' mail filter) Gustavo Narea wrote: Hello, Clive. Depending on the target of your website, you shall need to keep in mind the (in)accessibility of this kind of tests: http://www.w3.org/TR/2003/WD-turingtest-20031105/ right and almost 3 people on the planet care in practice. besides the chances are the blind person in question will not be able to navigate through your sea of nested tables. (have you ever heard a screen reader walking thru 5 level of tabel nesting so that you can be told of the lovely logo image that the nested tables are apparently positioning ... fantastic oh any then there is the problem of inaccesibility of mailboxes (because it's full, overloaded, etc) because every spammer and his dog can write an automated mailing script that uses your webform if you don't stick some sort of CAPTCHA in there... the most inaccessible on the web currently is the 'look how clever we are' language and document structures used through out the W3C site - bloody impenetrable. pot calling the kettle black so what if every user agent under the sun can 'read' the W3C site - *I* can't read it, fat chance my browser will be able to explain it to me. given that 9 out of 10 government buildings worldwide are not even accessible by wheelchair users (I didn't do the research but I'm willing to put some money on it) worrying about inaccessible webforms is maybe a little premature. - and given that we, in the west (at the least - I don't believe asians, arabs, whatever are any nicer) are a bunch of body facist hate mongerers - your television and billboards are telling you that if you have a disability (that includes being ugly) then you should be figuring out how to get the f*** off our Calvin Klein planet or put another way - is there a good reason why the web should be any less discriminating than the rest of society. rant By the way, AFAIK they are also known as turing numbers. Regards. Clive wrote: Hi does any one have a class/function to generate those security code images. Yhe ones that you see on website that you must enter to submit a form thanks clive -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: security code
Hello. CAPTCHA tests are indispensables. The problem comes when you *only* use visual tests (such as visual turing numbers). If you need CAPTCHA tests, you may use them both visuals and audibles. This is a good example: https://www.e-gold.com/acct/login.html Regards. Jochem Maas wrote: rant mode=troll sarcasm=true anger=+3 replies=duck this email contains swearing so that the sensitive amongst you will be spared what I have to say (assuming you have a stupid 'Im a sensitive person, don't expose me to bad language' mail filter) Gustavo Narea wrote: Hello, Clive. Depending on the target of your website, you shall need to keep in mind the (in)accessibility of this kind of tests: http://www.w3.org/TR/2003/WD-turingtest-20031105/ right and almost 3 people on the planet care in practice. besides the chances are the blind person in question will not be able to navigate through your sea of nested tables. (have you ever heard a screen reader walking thru 5 level of tabel nesting so that you can be told of the lovely logo image that the nested tables are apparently positioning ... fantastic oh any then there is the problem of inaccesibility of mailboxes (because it's full, overloaded, etc) because every spammer and his dog can write an automated mailing script that uses your webform if you don't stick some sort of CAPTCHA in there... the most inaccessible on the web currently is the 'look how clever we are' language and document structures used through out the W3C site - bloody impenetrable. pot calling the kettle black so what if every user agent under the sun can 'read' the W3C site - *I* can't read it, fat chance my browser will be able to explain it to me. given that 9 out of 10 government buildings worldwide are not even accessible by wheelchair users (I didn't do the research but I'm willing to put some money on it) worrying about inaccessible webforms is maybe a little premature. - and given that we, in the west (at the least - I don't believe asians, arabs, whatever are any nicer) are a bunch of body facist hate mongerers - your television and billboards are telling you that if you have a disability (that includes being ugly) then you should be figuring out how to get the f*** off our Calvin Klein planet or put another way - is there a good reason why the web should be any less discriminating than the rest of society. rant By the way, AFAIK they are also known as turing numbers. Regards. Clive wrote: Hi does any one have a class/function to generate those security code images. Yhe ones that you see on website that you must enter to submit a form thanks clive -- Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] simplexml_load_string always FALSE
I have a call $oXML = simplexml_load_string($xmlString); I then check it, with if(!$oXML) throw new XMLException(); For some reason, it's always evaluating to FALSE. Even though there are no errors and the rest of the xml parsing works fine. If I change it to if($oXML === FALSE) throw new XMLException(); then it works fine. Is it evaluating a valid xml object as 0? I wonder if anyone can enlighten me. Thanks, Scott Klarenbach -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] FORM not printing
Hi Guys, Looks like I am making an elemental mistake somewhere but can't figure out where can anyone please help? This form is not printing at all but doesn't show any error in my browser. The URL of defected PHP: http://www.primarywave.com/eRSP_Contact.php The URL of How It Should Look: http://www.primarywave.com/eRSP_Contact.htm Thanks a lot, C. Ghosh
RE: [PHP] FORM not printing
[snip] Looks like I am making an elemental mistake somewhere but can't figure out where can anyone please help? This form is not printing at all but doesn't show any error in my browser. The URL of defected PHP: http://www.primarywave.com/eRSP_Contact.php The URL of How It Should Look: http://www.primarywave.com/eRSP_Contact.htm [/snip] It would be hard to know, but it is not a PHP problem. Viewing the source shows a table, so you either have an HTML, CSS, or JavaScript problem. I hope that helps to narrow it down. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] FORM not printing
Thanks Jay. Unfortunately I am still at loss. I posted the code I wrote in this URL: http://www.primarywave.com/NONworkingCODE.txt The Source displays exact as is for all markup. If you can help it would be great. Thanks, C - Original Message - From: Jay Blanchard [EMAIL PROTECTED] To: 'Chirantan Ghosh' [EMAIL PROTECTED]; php-general@lists.php.net Sent: Thursday, November 10, 2005 1:54 PM Subject: RE: [PHP] FORM not printing [snip] Looks like I am making an elemental mistake somewhere but can't figure out where can anyone please help? This form is not printing at all but doesn't show any error in my browser. The URL of defected PHP: http://www.primarywave.com/eRSP_Contact.php The URL of How It Should Look: http://www.primarywave.com/eRSP_Contact.htm [/snip] It would be hard to know, but it is not a PHP problem. Viewing the source shows a table, so you either have an HTML, CSS, or JavaScript problem. I hope that helps to narrow it down. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] FORM not printing
[snip] Unfortunately I am still at loss. I posted the code I wrote in this URL: http://www.primarywave.com/NONworkingCODE.txt The Source displays exact as is for all markup. If you can help it would be great. [/snip] Remove all of the JavaScript code from the page and try it then. What is the JavaScript for, it appears to do nothing. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] FORM not printing
I tried that was with no avail. The JS was just cosmetics by the original designer. Now I am trying a new angle. The Form remains in: http://www.primarywave.com/eRSP_Contact.htm but the form processing code is in http://www.primarywave.com/eRSP_Contact.php Its says I have an error in last line of the code i.e line 35. - Original Message - From: Jay Blanchard [EMAIL PROTECTED] To: 'Chirantan Ghosh' [EMAIL PROTECTED]; Jay Blanchard [EMAIL PROTECTED] Cc: php-general@lists.php.net Sent: Thursday, November 10, 2005 2:31 PM Subject: RE: [PHP] FORM not printing [snip] Unfortunately I am still at loss. I posted the code I wrote in this URL: http://www.primarywave.com/NONworkingCODE.txt The Source displays exact as is for all markup. If you can help it would be great. [/snip] Remove all of the JavaScript code from the page and try it then. What is the JavaScript for, it appears to do nothing. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] FORM not printing
[snip] Now I am trying a new angle. The Form remains in: http://www.primarywave.com/eRSP_Contact.htm but the form processing code is in http://www.primarywave.com/eRSP_Contact.php Its says I have an error in last line of the code i.e line 35. [/snip] I get this error when I click... Parse error: parse error, unexpected $ in /home/wave/public_html/eRSP_Contact.php on line 171 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Security Issues - Where to look?
Richard Lynch wrote: IP is useless for identification or authentication of the general web-surfer: Users behind firwalls will all appear to be from one (1) IP AOL users change IPs faster than drummers change underwear I think it's still reasonable to restrict a session to a single IP. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Security Issues - Where to look?
GamblerZG wrote: I think it's still reasonable to restrict a session to a single IP. No, it's not, for all of the reasons Richard mentioned and more. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] a code question..??
hi.. i have a situation where i have a client app (A), and another app (B). i'd like to be able to have app A have a login dialog. I'd like the login dialog to be comming/run from app B. so i envision somehow having code from app B within app A, that essentially is bing run +--+ | login | | function -+ from app B | | | | | | | | | | app A| | | | | |--+ | | ^ | +--+ | | login | | | function --+ | code (php) | | | | | | app B| | | |--+ my question is how the heck can i do this... i want the code to run on app B if possible. but the display of the code segment, will be a dialog for user input. so, once the user inputs information in the app A dialog, i need to be able to run the results on app B (which is where the code would reside) and then return the resulting information back to app A... is this even possible?? is there an easier solution...??? thanks -bruce [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] FORM not printing
Hi Suhas,
Thanks a lot for the closing {, you are a life saver.
I can't believe I could have been so blind then even stupid not to see
after your mail.
Thanks again,
C
Jay,
Thanks to you too.
- Original Message -
From: Suhas [EMAIL PROTECTED]
To: Chirantan Ghosh [EMAIL PROTECTED]
Sent: Thursday, November 10, 2005 3:17 PM
Subject: Re: [PHP] FORM not printing
The correct code is attached
On 11/10/05, Chirantan Ghosh [EMAIL PROTECTED] wrote:
[snip] There is no closing bracket for if [/snip]
Hi Suhas,
I am a newbie..didn't quite catch you. I thought I closed the {, please
explain if you can.
Thanks,
C
$mailBody = Information:\n\n;
if($number){
$mailBody .= Number: $number\n\n;
}
$mailBody .= Full Name: $name\n;
- Original Message -
From: Suhas [EMAIL PROTECTED]
To: Chirantan Ghosh [EMAIL PROTECTED]
Sent: Thursday, November 10, 2005 3:06 PM
Subject: Re: [PHP] FORM not printing
There is no closing bracket for if
U need good editor like Winsyntax
Suhas
On 11/10/05, Chirantan Ghosh [EMAIL PROTECTED] wrote:
I tried that was with no avail. The JS was just cosmetics by the
original
designer.
Now I am trying a new angle.
The Form remains in: http://www.primarywave.com/eRSP_Contact.htm
but the form processing code is in
http://www.primarywave.com/eRSP_Contact.php
Its says I have an error in last line of the code i.e line 35.
- Original Message -
From: Jay Blanchard [EMAIL PROTECTED]
To: 'Chirantan Ghosh' [EMAIL PROTECTED]; Jay Blanchard
[EMAIL PROTECTED]
Cc: php-general@lists.php.net
Sent: Thursday, November 10, 2005 2:31 PM
Subject: RE: [PHP] FORM not printing
[snip]
Unfortunately I am still at loss.
I posted the code I wrote in this URL:
http://www.primarywave.com/NONworkingCODE.txt
The Source displays exact as is for all markup.
If you can help it would be great.
[/snip]
Remove all of the JavaScript code from the page and try it then. What
is
the
JavaScript for, it appears to do nothing.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Contact @
Suhas Pharkute.
[EMAIL PROTECTED]
208 830 8915 (C)
208 429 6943 (H)
--
Contact @
Suhas Pharkute.
[EMAIL PROTECTED]
208 830 8915 (C)
208 429 6943 (H)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] a code question..??
On Thu, November 10, 2005 2:20 pm, bruce wrote: i have a situation where i have a client app (A), and another app (B). i'd like to be able to have app A have a login dialog. I'd like the login dialog to be comming/run from app B. so i envision somehow having code from app B within app A, that essentially is bing run If this all lives on the same server, some include files and some flags or some function arguments to do anything different between A and B could do this. If they live on different servers, you could use http://php.net/curl to manage the I/O back and forth, probably. Or, you could use include() with url_file_wrappers (?) turned on and have app B output the PHP source for app A to run. There are probably several more options. It's difficult to provide quality answers, because you've abstracted things very nicely, to the point that our advice could easily lead you to do something inherently risky. User authentication being shared between A and B was beaten to death in another thread recently. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Security Issues - Where to look?
On Thu, November 10, 2005 1:08 pm, GamblerZG wrote: Richard Lynch wrote: IP is useless for identification or authentication of the general web-surfer: Users behind firwalls will all appear to be from one (1) IP AOL users change IPs faster than drummers change underwear I think it's still reasonable to restrict a session to a single IP. To be more precise: Drummers do not typically change their underwear in a single [recording] session. AOL users WILL change their IP in a single [web-surfing] session. :-) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] simplexml_load_string always FALSE
On Thu, November 10, 2005 12:26 pm, Scott Klarenbach wrote: I have a call $oXML = simplexml_load_string($xmlString); I then check it, with if(!$oXML) throw new XMLException(); For some reason, it's always evaluating to FALSE. Even though there are no errors and the rest of the xml parsing works fine. If I change it to if($oXML === FALSE) throw new XMLException(); then it works fine. Is it evaluating a valid xml object as 0? Probably. The type-casting rules for PHP Objects to integer (and later boolean, when those were introduced) have changed in minor ways with every major release. The exact details of the OO-int conversion always seemed muddy to me, personally. I wonder if anyone can enlighten me. I think your code is way more better with the strict test you already discovered as a work-around. You are explicitly checking for FALSE, which is an unusual value for an Object to take on. You may also want to look at xmlerror or whatever it is, which is where there is PROBABLY and error message just waiting for you to ask. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Text between two tags
On Thu, November 10, 2005 8:56 am, Normmy2k wrote: Example I have this string : $text='td/td td align=right class=yfnc_tabledata3/td td/td td align=right class=yfnc_tabledata2/td td/td td align=right class=yfnc_tabledata11234/td td/td td/td td/td td align=right class=yfnc_tabledata5/td '; And I want to retrieve the number 1234 between td align=right class=yfnc_tabledata1 and /td If that string is consistently what you have, then this would also work: $number = (int) trim(strip_tags($text)); This may prove more resilent to HTML changes from the source that is generating all those table tags... -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] a code question..??
the primary issue i'm trying to address is whether it's possible for a php app to somehow display on one app, code/forms that essentially resides on another server? doens't have to be a login form.. in all honesty, i don't see how it can be possible.. using curl, would simply download the code from app B to app A which isn't what i want. i'm looking to keep the code on app B from being modified/played with, which is why i'm inclined to think the code/form in question needs to be able to be run from app B... -bruce -Original Message- From: Richard Lynch [mailto:[EMAIL PROTECTED] Sent: Thursday, November 10, 2005 1:01 PM To: [EMAIL PROTECTED] Cc: php-general@lists.php.net Subject: Re: [PHP] a code question..?? On Thu, November 10, 2005 2:20 pm, bruce wrote: i have a situation where i have a client app (A), and another app (B). i'd like to be able to have app A have a login dialog. I'd like the login dialog to be comming/run from app B. so i envision somehow having code from app B within app A, that essentially is bing run If this all lives on the same server, some include files and some flags or some function arguments to do anything different between A and B could do this. If they live on different servers, you could use http://php.net/curl to manage the I/O back and forth, probably. Or, you could use include() with url_file_wrappers (?) turned on and have app B output the PHP source for app A to run. There are probably several more options. It's difficult to provide quality answers, because you've abstracted things very nicely, to the point that our advice could easily lead you to do something inherently risky. User authentication being shared between A and B was beaten to death in another thread recently. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] undefined index and php
On Thu, November 10, 2005 5:54 am, Ross wrote:
Before someone advises me to 'google' my question. I have and can't
find a
PHP.net example either.
I have turned off registered globals and am updating my scripts so
they work
but I keep getting an undefined index problem using $_POST
I tried this to set the value...
if (!isset($_POST['heading'])) {
$_POST ['heading'] = ;
}
because the following line give the notice 'undefined index' BEFORE
the
submit button has been pressed..
? $heading_insert= stripslashes($_POST['heading']);?
This bit of code is getting run BEFORE the submit button has been
pressed.
In that case, $_POST itself is not defined, much less $_POST['heading']
You really shouldn't be stuffing values into $_POST. Think of it as a
read-only variable that the browser sends TO you.
Here are some options:
OPTION 1:
?php
$heading_insert = '';
if (isset($_POST['heading'])){
$heading_insert = stripslashes($_POST['heading']);
}
?
OPTION 2:
?php
$heading_insert = isset($_POST['heading']) ?
stripslashes($_POST['heading']) : '';
?
Some people think the ternary operator is confusing or obscure or
whatever. Others think it's a perfectly natural operator. YMMV
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: undefined index and php
On Thu, November 10, 2005 8:38 am, Mark Rees wrote: It's not good practice (in fact I don't even know if it's possible) to It's definitely possible in the sense that you can cram things in there. You can store your lunch in the trash can and pull it back out when it's time to eat. Neither of these is a particularly Good Idea (tm) Any other place in your program, you expect $_POST to contain what the browser/user/client/monkey sent as POST data. Don't pollute that by cramming your own data in there. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] a code question..??
bruce said the following on 11/10/2005 01:15 PM:
the primary issue i'm trying to address is whether it's possible for a php
app to somehow display on one app, code/forms that essentially resides on
another server? doens't have to be a login form..
in all honesty, i don't see how it can be possible..
using curl, would simply download the code from app B to app A which isn't
what i want. i'm looking to keep the code on app B from being
modified/played with, which is why i'm inclined to think the code/form in
question needs to be able to be run from app B...
I quick stroll through the archives ought to answer your question. You
have many options. It could be as simple as:
if($login) {
print(iframe src=\http://url.for.app.b\;/iframe\n);
}
It depends what you want to do and how aware you want your two
applications to be of each other, which you haven't really explained.
- Ben
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] post and variables
On Thu, November 10, 2005 4:39 am, Ross wrote:
Thanks fpr all the feedback on the password but I have another one...
How do I use $_POST with variables. Cant find an example of this
anywhere on
php.net
if ($_POST['$table_name== 1']) {
I believe you want this:
if (isset($_POST[$table_name]) ($_POST[$table_name] === '1')){
}
It is also remotely possible, however, that you want:
if (isset($_POST[$table_name]) ($table_name === '1')){
}
This second one would assume that you have previously set $table_name
to some value earlier in this same script, rather than are getting it
from POST data... It's really unlikely that's what you want, though,
and it's probably code that should be re-factored in the first place,
even if it is what you want.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mod_rewrite, apache2, php5RC1 and osx bsd
On Wed, November 9, 2005 10:36 pm, Dan Rossi wrote: Hi there, ive been having issues with mod_rewrite and apache2 with PHP 5.1RC1. I have googled the php bugs and people have been experiencing the same issue however the php people cant see to reproduce the bug. Its most definately doing it for me, here is a rewrite rule i have setup, if i [L] to a php script, it either tries to download the faked url file or hangs. I reverted back to 5.1.0b2 and it works fine ?? What do i do ? RewriteRule ^(.*)/(.*)/(.*)/(.*)/(.*)/(.+\.(video))$ ../../phpscript.php I should think all those .* should be .+ instead... I mean, if somebody surfs to this URL: http://example.com//example.video Do you really want that to hit ../../phpscript.php This probably will not fix your bug, mind you, but it's probably worth trying just to see. I think you could also lose all those ()s in the Regex, as you don't seem to be doing anything with them. Or perhaps mod_rewrite collects them and passes them in to phpscript.php somehow? You could also consider using: [^/]* instead of . because, after all, .* does match /, so maybe you are confusing the Regex so that: //example.video actually matches your pattern, even though you really don't want it to. I haven't used mod_rewrite enough to know what pattern system it uses, so I could be full of [bleep] here. If all else fails, consider not using mod_rewrite at all, and having a ForceType on some convenient directory to change that directory into a PHP script. For example, suppose you now have: ~/videos/*.video with a zillion video files in there for the * mkdir video_files mv videos/*.video video_files rmdir videos cp phpscript.php videos echo -e Files videos\nForceType application/x-httpd-php\n/Files .htaccess Now, your videos directory is *REALLY* your phpscript.php, but it just *looks* like a directory in the URL. You'd need to change phpscript.php to read the videos (or whatever it does to them) from /video_files/ instead of where they are now. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Gotta learn asp.net...
On Wed, November 9, 2005 6:54 pm, Joseph Szobody wrote: *sigh* I'm a hardcore PHP programmer.. I've been using it for over five years now, and would consider myself fairly advanced. I have a project where I'm being forced to do some ASP.NET development, which I've never touched. I need to learn it fast. Personally, I would simply find a new job and quit. Nobody has enough money to make me do ASP again. That said, there have to be a ton of ASP jump-start resources out there, but the people who know of them are more likely to be on ASP lists than on the PHP list... -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP 5 OO performance exceptions
I was not considering that, I was using $obj_string-getValue(), the
__toString method and type casting could save me some keystrokes :)
Anyway, did you abandon the development with the basic types class?
Angelo
- Original Message -
From: Jake Gardner [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, November 09, 2005 1:37 PM
Subject: Re: [PHP] PHP 5 OO performance exceptions
I myself was considering creating classes such as String, but I ran
into more basic problems before performance, for example:
class String {
protected $Value;
function __construct($Value) {
$this-Value = $Value;
}
}
$SomeString = new String(Hello World!);
Print($SomeString); // Does not print Hello World!
The way around this was still unsatisfactory:
class String {
protected $Value;
function __construct($Value) {
$this- Value = $Value;
}
function __toString() {
return $this-Value;
}
}
$SomeString = new String(Hello World!);
Print($SomeString); // Prints Hello World!
Because this has obvious limitations, and is only a fix for strings;
this doesnt work for functions that expect integer values.
In reality, there really is no way to use PHP to rewrite a type in PHP
without using the PHP omni-type.
However, you can use type casting as it is:
http://us2.php.net/manual/en/language.types.type-juggling.php#language.types.typecasting
http://us2.php.net/manual/en/function.settype.php
On 11/9/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hello,
Currently I'm make some utilities classes and I took the idea from java to
make some wrappers class like String, Integer and so on. This allows me to
use the type hint for basic types in php. Anyone have a clue if replacing
the all in one type in php for objects types will degrade the performance?
Also for every controller class that I'm making I'm also making exceptions
class of every error that it can generate. Same questions: It will
degrade performance to throw an exception instead of lest say a pear error
or return false?
Just for know, I'm doing this because I believe that it will eliminate
some o problems o development and will eliminate some basic validations.
Any tips appreciate
Angelo
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] a code question..??
here's the basic logic flow that i'm contemplating...
app A (server A)app B (server B)
-app displays page
-app gets code from app B ---code/form section
-app displays rest of
page with code/form from
app B
-user enters name
-app sends name to app B--- app B returns new
code/form
-app displays new page, with
new code/form from app B
-user enters new information
in code/form
as you can see, there are interactions that occur betwwen app A and app B.
but i'm not sure if what i'm thinking of can be accomplished...
the information in the code/forms from app B will change based on the
username...
thoughts/comments..
-bruce
-Original Message-
From: Ben [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 10, 2005 1:24 PM
To: php-general@lists.php.net
Subject: Re: [PHP] a code question..??
bruce said the following on 11/10/2005 01:15 PM:
the primary issue i'm trying to address is whether it's possible for a php
app to somehow display on one app, code/forms that essentially resides on
another server? doens't have to be a login form..
in all honesty, i don't see how it can be possible..
using curl, would simply download the code from app B to app A which isn't
what i want. i'm looking to keep the code on app B from being
modified/played with, which is why i'm inclined to think the code/form in
question needs to be able to be run from app B...
I quick stroll through the archives ought to answer your question. You
have many options. It could be as simple as:
if($login) {
print(iframe src=\http://url.for.app.b\;/iframe\n);
}
It depends what you want to do and how aware you want your two
applications to be of each other, which you haven't really explained.
- Ben
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Select and $_POST
On Wed, November 9, 2005 7:15 pm, Chris Shiflett wrote: Ben Ramsey wrote: $clean = array(); $sql = array(); Here's an idea... Quite possibly half-baked. Suppose PHP had a superglobal $_CLEAN which was an empty array. Further suppose it was documented in the manual as *the* place to put your scrubbed data. This rather small and hopefully inexpensive change (in terms of PHP Dev/Docs team work) would quite possibly improve scripts by newbies, simply by nudging them in the proper direction, because it would be a documented feature, and it would have all the nifty cross-links in the manual and all that. It would also help to keep code cleaner to have $_CLEAN be a superglobal rather than just something I made up and have to declare as global all the time. Comments? Suggestions? Derogatory remarks? PS What does Chris Shifflett use to validate an email? Enquiring minds want to know! :-) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mod_rewrite, apache2, php5RC1 and osx bsd
I've been having a problem with PHP 4.4.1 and mod_rewrite, which, as Geert Booster kindly pointed out, has been reported on http://lists.freebsd.org/pipermail/freebsd-ports/2005-November/027038.html, which also has a link to the PHP bug report in the thread. Not sure if this is relevant to PHP5, but thought I'd mention that something similar exist(ed?) in the 4.4.1 version. On Thursday 10 November 2005 22:36, Richard Lynch wrote: On Wed, November 9, 2005 10:36 pm, Dan Rossi wrote: Hi there, ive been having issues with mod_rewrite and apache2 with PHP 5.1RC1. I have googled the php bugs and people have been experiencing the same issue however the php people cant see to reproduce the bug. Its most definately doing it for me, here is a rewrite rule i have setup, if i [L] to a php script, it either tries to download the faked url file or hangs. I reverted back to 5.1.0b2 and it works fine ?? What do i do ? RewriteRule ^(.*)/(.*)/(.*)/(.*)/(.*)/(.+\.(video))$ ../../phpscript.php I should think all those .* should be .+ instead... I mean, if somebody surfs to this URL: http://example.com//example.video Do you really want that to hit ../../phpscript.php This probably will not fix your bug, mind you, but it's probably worth trying just to see. I think you could also lose all those ()s in the Regex, as you don't seem to be doing anything with them. Or perhaps mod_rewrite collects them and passes them in to phpscript.php somehow? You could also consider using: [^/]* instead of . because, after all, .* does match /, so maybe you are confusing the Regex so that: //example.video actually matches your pattern, even though you really don't want it to. I haven't used mod_rewrite enough to know what pattern system it uses, so I could be full of [bleep] here. If all else fails, consider not using mod_rewrite at all, and having a ForceType on some convenient directory to change that directory into a PHP script. For example, suppose you now have: ~/videos/*.video with a zillion video files in there for the * mkdir video_files mv videos/*.video video_files rmdir videos cp phpscript.php videos echo -e Files videos\nForceType application/x-httpd-php\n/Files .htaccess Now, your videos directory is *REALLY* your phpscript.php, but it just *looks* like a directory in the URL. You'd need to change phpscript.php to read the videos (or whatever it does to them) from /video_files/ instead of where they are now. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Select and $_POST
On Wed, November 9, 2005 5:21 pm, Ross wrote:
$query = SELECT * FROM login where username='$_POST['username']' AND
pass
='$_POST['pass']';
In addition to the fine posts regarding SQL Injection and curly
braces, I'd like to provide one other alternative heretofore
unmentioned:
$query = SELECT * FROM login where username = '$_POST[username]' AND
pass = '$_POST[pass]';
PHP is happy to interpolate arrays within quotes, but only if you do
NOT quote the index.
{$array['key']} -- good, after PHP 4.?.?
$array[key] -- good
$array['key'] -- bad
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] a code question..??
bruce said the following on 11/10/2005 01:44 PM: as you can see, there are interactions that occur betwwen app A and app B. but i'm not sure if what i'm thinking of can be accomplished... the information in the code/forms from app B will change based on the username... thoughts/comments.. As Richard suggested, curl ought to work or what ever web services flavour you prefer. - Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] java .vs php
On Thu, November 10, 2005 9:45 am, Nathan Tobik wrote: Google uses Java also: http://java.sun.com/developer/technicalArticles/J2SE/google/limoore.html Google uses Pigeons as well. :-) After doing enough web development for enough time, you get to where you really don't care what so-and-so is using, no matter how successful they may be. Oh, sure, you get warm fuzzies in your tummy when you hear Yahoo is using PHP, or Google uses PHP for some stuff, but it doesn't really MATTER to you. Because, in the end, of all the things that they can point to for their success, the development language behind their software is least likely to be a major factor. I'm not saying it doesn't matter at all, nor that there aren't specific reasons to choose one over another. Only that the success/failure of the site rarely, if ever, rides on the language chosen. It rides almost exclusively on the shoulders of the people building/marketing/promoting/using the site. I suppose there's even a good site built in ASP out there somewhere, even if I think all the ones I've ever seen really suck. :-) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] a code question..??
On Thu, November 10, 2005 3:15 pm, bruce wrote: the primary issue i'm trying to address is whether it's possible for a php app to somehow display on one app, code/forms that essentially resides on another server? doens't have to be a login form.. in all honesty, i don't see how it can be possible.. using curl, would simply download the code from app B to app A which isn't curl would download the HTML, not the PHP source. You can use: ?php include http://example.com/application/B/source.phpsource;;? to snag the source code from B and execute it on A. That's the closest thing to what I think you may be asking... which I'm not even sure what it is. The 's' at the end of my URL is not a typo. It assumes that you have a file named source.phpsource of MIME type text/plain that dumps out PHP code from Application B. Application A can include and execute this source code. This is not a Good Idea (tm) at all if you don't implicitly trust Application B source code to be completely free of (intentional and unintentional) malicious/dangerous/buggy code. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Gotta learn asp.net...
On Wed, November 9, 2005 6:54 pm, Joseph Szobody wrote: *sigh* I'm a hardcore PHP programmer.. I've been using it for over five years now, and would consider myself fairly advanced. I have a project where I'm being forced to do some ASP.NET development, which I've never touched. I need to learn it fast. Nobody has enough money to make me do ASP again. ASP.NET is leaps and bounds better than ASP. I would never use ASP but do do the occasional ASP.NET job (although PHP is my primary and preferred language). I'm not sure about learning ASP.NET fast, but you should start by: - Picking a language to use. VB Script and C# are the biggies. IMHO VB Script is easier, C# is better. - Picking an IDE. WebMatrix is free and easy to use. Visual Studio .NET is expensive and not easy to use but potent. - Knowing what database you'll be using. Probably Access (which totally sucks) or SQL Server (which kind of sucks). Other than that, I personally always start with a good book. If you do that, pick a book that uses the same language and IDE that you'll be using. Also, in my opinion, having a good knowledge of how to create a dynamic Web site helps when going from PHP to ASP.NET. If you know what the program must do in terms of functionality, protocol, etc., then it's mostly a matter of picking up the right syntax. I found that ASP.NET is the opposite of PHP: doing something simple is ridiculously hard but doing something kind of complex is pretty simple. All the built in widgets and wizards help and the form validation tools are really nice. Hope that helps, Larry -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Security Issues - Where to look?
Chris Shiflett wrote: GamblerZG wrote: I think it's still reasonable to restrict a session to a single IP. No, it's not, for all of the reasons Richard mentioned and more. I agree that using only IP to identify session is bad. Using only SID is ok. Using SIDs that are tied to a single IP is even _more secure_, since the possible attacker would need to have exactly the same IP as a victim of session hijacking. This comes at a price of a small inconvinience for dial-up users (since they would need to login on each reconnect), but I think such price it reasonable. IMO, the best way is to re-generate SIDs on each request, but such method will decrease perfomance of a script. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Gotta learn asp.net...
Larry E. Ullman wrote: Also, in my opinion, having a good knowledge of how to create a dynamic Web site helps when going from PHP to ASP.NET. If you know what the program must do in terms of functionality, protocol, etc., then it's mostly a matter of picking up the right syntax. I found that ASP.NET is the opposite of PHP: doing something simple is ridiculously hard but doing something kind of complex is pretty simple. All the built in widgets and wizards help and the form validation tools are really nice. I wonder if ASP.NET have an email validation function? (For Richard Lynch's benefit.) :) Jasper -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Select and $_POST
On 11/10/05 4:48 PM, Richard Lynch wrote: Here's an idea... Quite possibly half-baked. Suppose PHP had a superglobal $_CLEAN which was an empty array. Further suppose it was documented in the manual as *the* place to put your scrubbed data. This rather small and hopefully inexpensive change (in terms of PHP Dev/Docs team work) would quite possibly improve scripts by newbies, simply by nudging them in the proper direction, because it would be a documented feature, and it would have all the nifty cross-links in the manual and all that. It would also help to keep code cleaner to have $_CLEAN be a superglobal rather than just something I made up and have to declare as global all the time. Comments? Suggestions? Derogatory remarks? There is an Input Filter PECL extension that's still in beta, and I think it's a good step, though I'm not so sure about some of the sanitizing it performs. It doesn't offer the superglobal you're suggesting, but it probably wouldn't be too difficult to put it in there. The only issue I see with building in a superglobal to the language (or this extension) is that it doesn't force the user to instantiate the empty array at the top of the script. This could make for a lazy developer, and, if s/he's not careful, anyone running the application on a machine in which register_globals is turned on would run the risk of having a potentially tainted $_CLEAN array, which defeats the purpose of the clean array altogether. The point is that the developer should be able to trust the data in $clean. If PHP had a taint mode and didn't have register_globals, then we'd be making some progress. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: security code
On Thu, November 10, 2005 10:11 am, Jochem Maas wrote: rant mode=troll sarcasm=true anger=+3 replies=duck ... or put another way - is there a good reason why the web should be any less discriminating than the rest of society. Yes. It's the WORLD WIDE WEB. I mean, it's all very well to discriminate against those people way far away whom you will never see in the first place, but they're not any farther away any more, are they? :-^ [tongue firmly planted in cheek, folks!] And if you are a large corporation, you very well may be subject to laws with significant risks attached ($$$) for not being accessible. Google for Olympic Committee blind user Australia big fine for more on that topic. That alone makes it worth considering. Probably the best reason not to use CAPTCHA is that it can already be bypassed by OCR in most cases by a determined person. (Google for it) That means that within a very short period of time, script kiddies and web-POST-spammers [*] will have OCR anti-CAPTCHA technology rolled into their tool-kits. Another very good reason is that even normal users have a not-so-good experience with the damn things. I've gotten way too many indecipherable images and had to click multiple times to get one that was usuable in a single session for some stupid forum post I wanted to contribute. Not my idea of a pleasant web-surfing experience. Certainly not something that makes me want to contribute more to that site. I slapped a CAPTCHA (bad, home-rolled) into a guestbook on a site that had been targetted and was getting hundreds of junk posts a day -- but it's not something I deploy as a matter of course. And I don't expect it to survive more than a year before I have to just get rid of the guestbook. (Assuming the client keeps the site up at all, which is under review.) * So, is there a term for the web moral-equivalent of spammer? Those link-farm visitors who clutter up your site. blammers, perhaps? (blog-spammers). -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: security code
On Thu, November 10, 2005 10:45 am, Gustavo Narea wrote: CAPTCHA tests are indispensables. The problem comes when you *only* use visual tests (such as visual turing numbers). If you need CAPTCHA tests, you may use them both visuals and audibles. This is a good example: https://www.e-gold.com/acct/login.html So the user who is both blind AND deaf? Or the blind user who is at a library computer with no audio output? I saw some research where out of four people with normal hearing, all four were unable to distinguish the crappy audio output into the correct word and use a site. Granted, a very small sample, and the audio from the test site may well have been at the low end of the spectrum for quality. But it was a real site, and these were just regular people roped in for a test of the audio's usefulness. As cool as CAPTCHA seems at first, I don't think it's going to be a long-term solution. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Unable to send variables to MySQL table
On Wed, November 9, 2005 1:15 pm, Stewart Priest wrote:
I've written this script shown below. It gets its variables from a
form, and then it (supposedly!) writes these values into a MySQL table
('invoices').
The script executes with no errors, but when I check the table, the
table is still empty. I can manually insert the data directly into the
table, and when I echo the variables in the script, the values are
displayed whe I run it, but for reasons unknown, the values are not
written to the table.
Any ideas? The code is below.
Many thanks.
Stewart
?php
// this opens the connection to the db
include 'library/opendb.php';
// this adds detals to the invoice table
$item1_desc = $_REQUEST['item1_desc'];
$item2_desc = $_REQUEST['item2_desc'];
$item3_desc = $_REQUEST['item3_desc'];
$item4_desc = $_REQUEST['item4_desc'];
$item1_cost = $_REQUEST['item1_cost'];
$item2_cost = $_REQUEST['item2_cost'];
$item3_cost = $_REQUEST['item3_cost'];
$item4_cost = $_REQUEST['item4_cost'];
$delivery_cost = $_REQUEST['delivery_cost'];
$add_to_db = insert into invoices (item1_desc, item1_cost,
item2_desc, item2_cost, item3_desc, item3_cost, item4_desc,
item4_cost, delivery_cost) values ('$item1_desc', '$item1_cost',
'$item2_desc', '$item2_cost', '$item3_desc', '$item3_cost',
'$item4_desc', '$item4_cost', '$delivery_cost');
mysql_query($add_to_db);
echo hr /$queryhr /;
mysql_query($add_to_db) or die(mysql_error());
?
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] a code question..??
as i understand curl functions (and correct me if i'm wrong). the functions simply allow the user/app to download/copy the file from the remote server, where the existing app could do whatever with the content... this isn't what i want.. i'm trying to figure out if there's a way to run a chunk of code on a remote server... i'd rather not put the source on the intial client-app A machine... -bruce -Original Message- From: Ben [mailto:[EMAIL PROTECTED] Sent: Thursday, November 10, 2005 1:59 PM To: php-general@lists.php.net Subject: Re: [PHP] a code question..?? bruce said the following on 11/10/2005 01:44 PM: as you can see, there are interactions that occur betwwen app A and app B. but i'm not sure if what i'm thinking of can be accomplished... the information in the code/forms from app B will change based on the username... thoughts/comments.. As Richard suggested, curl ought to work or what ever web services flavour you prefer. - Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Security Issues - Where to look?
Richard Lynch wrote: AOL users WILL change their IP in a single [web-surfing] session. Ugh... I did not know that. That's horrible. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Security Issues - Where to look?
On Thu, November 10, 2005 3:08 pm, GamblerZG wrote: Chris Shiflett wrote: GamblerZG wrote: I think it's still reasonable to restrict a session to a single IP. No, it's not, for all of the reasons Richard mentioned and more. I agree that using only IP to identify session is bad. Using only SID is ok. Using SIDs that are tied to a single IP is even _more secure_, since the possible attacker would need to have exactly the same IP as a victim of session hijacking. This comes at a price of a small inconvinience for dial-up users (since they would need to login on each reconnect), but I think such price it reasonable. Please pay attention. AOL *will* change the IP address of their users *IN* *THE* *MIDDLE* *OF* *A* *SESSION*. They will not be disconnected. They will not need to re-dial. Their phone line does not change its status from live to dead They will not be logged out of AOL. Their IP address *WILL* change, just because AOL felt like it [++]. You are rendering your site un-usable by all AOL users in a big way to rely on IP address not changing in mid-session. There is *NO* standard, law, rule, nor reason for an IP address to be assumed to be consistent, even in a single session/login/phone-call. ++ I suspect that AOL has a better reason internally for doing this than I felt like it but they don't NEED a better reason, and the effect is the same. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Security Issues - Where to look?
GamblerZG wrote: This comes at a price of a small inconvinience for dial-up users (since they would need to login on each reconnect), but I think such price it reasonable. Ok, scrap this statement. I did not know about AOL thing. But this one still stands: IMO, the best way is to re-generate SIDs on each request, but such method will decrease perfomance of a script. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Security Issues - Where to look?
GamblerZG wrote: I think it's still reasonable to restrict a session to a single IP. No, it's not, for all of the reasons Richard mentioned and more. I agree that using only IP to identify session is bad. Read more carefully. Enforcing IP consistency is bad, and many good reasons have already been given. Please quit making the same false statements without bothering to read the responses. We're trying to help you, and if you don't want to be helped, at least stop spreading misinformation. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Security Issues - Where to look?
Richard Lynch wrote: Please pay attention. Sorry, I did not see your message when I posted that. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] a code question..??
bruce said the following on 11/10/2005 02:30 PM: as i understand curl functions (and correct me if i'm wrong). the functions simply allow the user/app to download/copy the file from the remote server, where the existing app could do whatever with the content... It depends... You could get the php source (which is what Richard was suggesting when he pointed out that the s wasn't a typo) or you could simply get the output of a php script (ie html or whatever it outputs) by requesting a php page from the remote server. Any time you request a php file you are 'running it on a remote server'. Request the file with curl and voila, you're done. - Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Select and $_POST
On Thu, November 10, 2005 4:21 pm, Ben Ramsey wrote:
On 11/10/05 4:48 PM, Richard Lynch wrote:
The only issue I see with building in a superglobal to the language
(or
this extension) is that it doesn't force the user to instantiate the
empty array at the top of the script. This could make for a lazy
developer, and, if s/he's not careful, anyone running the application
on
a machine in which register_globals is turned on would run the risk of
having a potentially tainted $_CLEAN array, which defeats the purpose
of
the clean array altogether. The point is that the developer should be
able to trust the data in $clean.
I specifically stated the $_CLEAN was an empty array
By that I meant that $_CLEAN is initialized (by PHP core code) to be
an empty array, as part of the initialization routine that sets up
$_SERVER and sometimes $_POST/$_GET/$_COOKIE.
$_CLEAN would start as an empty array in all PHP setups (Module, CGI,
CLI, whatever) regardless of any other condition, pre-condition,
php.ini setting, or phase of the moon. :-)
--- unit test
?php var_dump($_CLEAN);?
--
--- expected output --
array(0) {
}
--
I wouldn't be too keen on it being only done as part of some PECL
extension that may or may not get loaded, particularly as the order of
loading of PECL extensions then would have an effect, I should
think...
PS
The problem with any generic/modular Input Filtering is that one is
never too sure about some of the sanitizing it performs.
There are simply too many application-specific sanitization gotchas
that make this something that is almost always best re-written from
scratch each time, imho...
Not that you don't re-use and cut-and-paste, but maybe in this one
email can be blank, but not in that one, or whatever. Too many
variables, and I've never seen (and can't really imagine) a good clean
modular way to handle this without being so damn complex it's
unwieldy.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] a code question..??
On Thu, November 10, 2005 4:30 pm, bruce wrote: as i understand curl functions (and correct me if i'm wrong). the functions simply allow the user/app to download/copy the file from the remote server, where the existing app could do whatever with the content... this isn't what i want.. i'm trying to figure out if there's a way to run a chunk of code on a remote server... i'd rather not put the source on the intial client-app A machine... The trick, then, is for app B to make its SOURCE CODE available for curl on server A to snatch. http://b.example.com/source_code.php?filename=login.php ?php //really BAD INSECURE code for illustration: $filename = $_GET['filename']; header(Content-type: text/plain); readfile($filename); ? On server A: ?php include http://b.example.com/source_code.php?filename=login.php;; ? Or you could use curl to get the code and eval it, or you could use file_get_contents and eval it, or you could get the code, save it to a temp file, and then include the temp file, or you could... It's not that it can't be done. It's that there are so many ways to do it, we don't know where to start. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Inserting a NULL value into MySQL via PHP
Is there a way when making a MySQL database entry through a PHP script and there is no data to make the db treat it as NULL?
Re: [PHP] Re: Security Issues - Where to look?
On Thu, November 10, 2005 3:29 pm, GamblerZG wrote: IMO, the best way is to re-generate SIDs on each request, but such method will decrease perfomance of a script. But if Cookies are off, you just destroyed their Back button in their browser, which should be a crime. Re-generate only when permission levels are crossed from normal user to admin -- or even just make them login again (or at least provide password) at that point. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Select and $_POST
On Thu, Nov 10, 2005 at 05:21:51PM -0500, Ben Ramsey wrote:
On 11/10/05 4:48 PM, Richard Lynch wrote:
Here's an idea... Quite possibly half-baked.
Suppose PHP had a superglobal $_CLEAN which was an empty array.
Further suppose it was documented in the manual as *the* place to put
your scrubbed data.
This rather small and hopefully inexpensive change (in terms of PHP
Dev/Docs team work) would quite possibly improve scripts by newbies,
simply by nudging them in the proper direction, because it would be a
documented feature, and it would have all the nifty cross-links in the
manual and all that.
It would also help to keep code cleaner to have $_CLEAN be a
superglobal rather than just something I made up and have to declare
as global all the time.
Comments? Suggestions? Derogatory remarks?
There is an Input Filter PECL extension that's still in beta, and I
think it's a good step, though I'm not so sure about some of the
sanitizing it performs. It doesn't offer the superglobal you're
suggesting, but it probably wouldn't be too difficult to put it in there.
There is a pecl extension that you can register, custom
superglobals although it comes with some extra stuff as well:
http://php.net/runkit
The only issue I see with building in a superglobal to the language (or
this extension) is that it doesn't force the user to instantiate the
empty array at the top of the script. This could make for a lazy
developer, and, if s/he's not careful, anyone running the application on
a machine in which register_globals is turned on would run the risk of
having a potentially tainted $_CLEAN array, which defeats the purpose of
the clean array altogether. The point is that the developer should be
able to trust the data in $clean.
I think the idea would be that $_CLEAN is protected from anything
but your own code assigning a value to it, and will always be an
empty array. I'm not sure that will stop anyone from abusing it
and just stick $_REQUEST['password'] into the array without really
cleaning it.
The other issue with having a system variable like this, is if i
choose to not use it, perhaps i have a different method of
sanitizing my input, the variable just becomes an empty useless
item.
If PHP had a taint mode and didn't have register_globals, then we'd be
making some progress.
hmm.. an E_TAINTED error, that might be something good to have put
in php6, since register_globals appears to be going away then. I
could forsee some though code like this though:
array_walk_recursive($_REQUEST, create_function('$v,$k', '$v = $k'));
Curt.
--
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Security Issues - Where to look?
GamblerZG wrote: Richard Lynch wrote: Please pay attention. Sorry, I did not see your message when I posted that. Oh and would you mind using an email address that exists? Every time I reply to one of your posts, I get a returned mail from highstream.net saying your user doesn't exist... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mod_rewrite, apache2, php5RC1 and osx bsd
On 11/11/2005, at 8:36 AM, Richard Lynch wrote: On Wed, November 9, 2005 10:36 pm, Dan Rossi wrote: Hi there, ive been having issues with mod_rewrite and apache2 with PHP 5.1RC1. I have googled the php bugs and people have been experiencing the same issue however the php people cant see to reproduce the bug. Its most definately doing it for me, here is a rewrite rule i have setup, if i [L] to a php script, it either tries to download the faked url file or hangs. I reverted back to 5.1.0b2 and it works fine ?? What do i do ? RewriteRule ^(.*)/(.*)/(.*)/(.*)/(.*)/(.+\.(video))$ ../../phpscript.php I should think all those .* should be .+ instead... Ill try that thanks ! I guess i could also use [A-z] or whatever lol I mean, if somebody surfs to this URL: http://example.com//example.video Do you really want that to hit ../../phpscript.php No not at all, this file is actually called from a windows media player embedded plugin , ie /videos/somethingtoaddtogetquery/anotherthingtoaddtogetquery passed to the script as ?somequery=$1anotherquery=$2 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] a code question..??
richard... in your example, wouldn't app A, essentially download the code from app B, and run the source on app A? or would the code be run on app B, with the resulting html/content/page being transferred to app A? would this be better if it were perhaps done as a soap client/server process... of course, the fact that the user's php would have to have the soap extensions installed would be an issue... -bruce -Original Message- From: Richard Lynch [mailto:[EMAIL PROTECTED] Sent: Thursday, November 10, 2005 3:02 PM To: [EMAIL PROTECTED] Cc: 'Ben'; php-general@lists.php.net Subject: RE: [PHP] a code question..?? On Thu, November 10, 2005 4:30 pm, bruce wrote: as i understand curl functions (and correct me if i'm wrong). the functions simply allow the user/app to download/copy the file from the remote server, where the existing app could do whatever with the content... this isn't what i want.. i'm trying to figure out if there's a way to run a chunk of code on a remote server... i'd rather not put the source on the intial client-app A machine... The trick, then, is for app B to make its SOURCE CODE available for curl on server A to snatch. http://b.example.com/source_code.php?filename=login.php ?php //really BAD INSECURE code for illustration: $filename = $_GET['filename']; header(Content-type: text/plain); readfile($filename); ? On server A: ?php include http://b.example.com/source_code.php?filename=login.php;; ? Or you could use curl to get the code and eval it, or you could use file_get_contents and eval it, or you could get the code, save it to a temp file, and then include the temp file, or you could... It's not that it can't be done. It's that there are so many ways to do it, we don't know where to start. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mod_rewrite, apache2, php5RC1 and osx bsd
On 11/11/2005, at 8:53 AM, Max Belushkin wrote: I've been having a problem with PHP 4.4.1 and mod_rewrite, which, as Geert Booster kindly pointed out, has been reported on http://lists.freebsd.org/pipermail/freebsd-ports/2005-November/ 027038.html, which also has a link to the PHP bug report in the thread. Not sure if this is relevant to PHP5, but thought I'd mention that something similar exist(ed?) in the 4.4.1 version. There is also a bug report which is now closed for my problem !! This bug still exists in the latest PHP 5.1 in snaps.php.net. Mind you my apache is a fink binary, not bsd ports. There is huge issues compiling apache under osx bsd, hence why i had to go with the binary. Mind you osx is my dev environment coz its also my laptop,it is not production lol, our production machine however is also BSD. To prove it wasnt thee rewrite rule, i made it [L] to a standard html file and it was fine, so there is something up with it in php obviouslly in the module. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Inserting a NULL value into MySQL via PHP
[EMAIL PROTECTED] wrote: Is there a way when making a MySQL database entry through a PHP script and there is no data to make the db treat it as NULL? Wouldn't this just work: INSERT INTO myTable (myField) VALUES (NULL) Jasper -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Array_merge, safety and race condition?
Php experts everywhere, I want to merge two arrays, and I want to store the result as the first array. Something like the following: $array1 = array_merge ($array1, $array2); So far the code gives me what I want. However, suppose if $array1 is extremely huge, am I introducing a bug here because of possible race condition? It's possible that array_merge has two write something to $array1 (left hand side) before it even finishes reading it (argument) in the first place. Let alone merging the two. Should I just go conservative and do: $tmp = array_merge($array1, $array2); $array1 = $tmp; Thank you, Ezra -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] xml-rpc and xml-rpci
Hello, What is the future of the xml-rpc client and server functions in php 5.x? I see the old xml-rpc extension is still marked as expirimental and the newer xml-rpci extention in pecl has not been worked on in 8 months and doesn't have server functionality. I am in the process of porting a large web app to php and I want to use the most updated and maintained xml-rpc implimentation. Thanks, Alex -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] a code question..??
in your example, wouldn't app A, essentially download the code from app B, and run the source on app A? or would the code be run on app B, with the resulting html/content/page being transferred to app A? If the PHP file has a .php extension, it will be run on the webserver like any PHP page. If it is .txt or you set Apache directives, etc., it will be transferred to the client app. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] a code question..??
ok... so can i do something like... +---+ | | | user| | 'sub_btn'| | | | | | | | | | blah | | blah | | blah | | | | | | | +---+ in this example, the user/sub_btn is generated from the app B server/system. the user would then fill in the 'user' and hit the 'sub_btn', causing the information to be sent back to the app B server. the app B server would then return a result, based on the user input... i'm trying to figure out how to essentially allocate a section of the page, to a remote application. after i've finished with the remote stuff, the user could go ahead and select other items/buttons on the page that are in the current environment +---+ | | | +-+ | | | remote| | | | app | | | |area | | | +-+ | | | | | | local app space | | | | blah | | blah | | blah | | | | | | | +---+ i'm not sure what's the best approach to this... thanks bruce -Original Message- From: comex [mailto:[EMAIL PROTECTED] Sent: Thursday, November 10, 2005 5:28 PM To: php-general@lists.php.net Subject: Re: [PHP] a code question..?? in your example, wouldn't app A, essentially download the code from app B, and run the source on app A? or would the code be run on app B, with the resulting html/content/page being transferred to app A? If the PHP file has a .php extension, it will be run on the webserver like any PHP page. If it is .txt or you set Apache directives, etc., it will be transferred to the client app. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mod_rewrite, apache2, php5RC1 and osx bsd
On Thu, Nov 10, 2005 at 06:10:50PM +1100, Dan Rossi wrote: On 10/11/2005, at 4:18 PM, Curt Zirzow wrote: On Thu, Nov 10, 2005 at 03:36:07PM +1100, Dan Rossi wrote: Hi there, ive been having issues with mod_rewrite and apache2 with PHP 5.1RC1. I have googled the php bugs and people have been experiencing the same issue however the php people cant see to reproduce the bug. Its most definately doing it for me, here is a rewrite rule i have setup, if i [L] to a php script, it either tries to download the faked url file or hangs. I reverted back to 5.1.0b2 and it works fine ?? What do i do ? RewriteRule ^(.*)/(.*)/(.*)/(.*)/(.*)/(.+\.(video))$ ../../phpscript.php Well this is a really ugly Rewrite, i must say. Say what you like however it had been working, and for the application it works, i dont think you get what its trying to do but anyway , im faking a url with session id's and ecrypted keys and sending the matches to the get request of that file so its hidden. Of course i dont get what your trying to do, the rewriterule doesn't match your description of what you said. One thing to note is well 5.1RC4 has been available in Oct: http://downloads.php.net/ilia/ Thats not available from the main site downloads. I also forgot to meantion i had downloaded the latest from php snaps and still the same problem, so obviouslly it has been overlooked. From your other discusions it is kind of unclear exactly what version of apache you are using, as well as are you using perfork, perchild, worker, etc.. Also You mention fink but then you mention bsd, does it happen on both systems? As far it trying to download the faked url, what exactly is it trying to download and what are the headers for the request as well. The hanging could be a loop of some sort, have you looked at the output of the rewrite log to see exactly what is going on? Curt -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mod_rewrite, apache2, php5RC1 and osx bsd
On 11/11/2005, at 1:21 PM, Curt Zirzow wrote: Of course i dont get what your trying to do, the rewriterule doesn't match your description of what you said. Ok i am vague at most times, i wasnt going to give an exact example as it will give away some of the systems secret and not so good when it goes into the archive :\ From your other discusions it is kind of unclear exactly what version of apache you are using, as well as are you using perfork, perchild, worker, etc.. Its a prefork setup, worker would be nice though :D Also You mention fink but then you mention bsd, does it happen on both systems? Errm live system is running php 4.4.1 / Apache 1.3 and its ok. Im looking at upgrading it to php 5.1 when its out. As far it trying to download the faked url, what exactly is it trying to download and what are the headers for the request as well. The hanging could be a loop of some sort, have you looked at the output of the rewrite log to see exactly what is going on? Where can i find the log for that, i get a heap of errors like this though [Thu Nov 10 15:26:06 2005] [error] Optional hook test said: GET /videos/dir/42288faa3649e8a66b28871ba9d7e77b/457867517/ 713ced53f69d16f48072c2d13705e91b/95/180/video.stream HTTP/1.0 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mod_rewrite, apache2, php5RC1 and osx bsd
On Fri, Nov 11, 2005 at 01:27:32PM +1100, Dan Rossi wrote: On 11/11/2005, at 1:21 PM, Curt Zirzow wrote: Of course i dont get what your trying to do, the rewriterule doesn't match your description of what you said. Ok i am vague at most times, i wasnt going to give an exact example as it will give away some of the systems secret and not so good when it goes into the archive :\ Could you come up with a simplified example that causes the error, so it could be tested on other systems. I was able to have something like: RewriteRule ^(.*)/(.*)/$ /index.php?f=$1b=$2 [L] And accessing /foo/bar/ It worked like a charm with: $_GET['f'] == '/foo' and $_GET['b'] == 'bar' When I used the ../../index.php it would cause a 400 Bad Request, i'm not clear on how your are doing your relative paths. Also You mention fink but then you mention bsd, does it happen on both systems? Errm live system is running php 4.4.1 / Apache 1.3 and its ok. Im looking at upgrading it to php 5.1 when its out. yeah, this makes me wonder if there are issues with the fink binary you are using. Is the web server going to get upgraded to 2.x as well? I know that php has a completely different way to talk with the 1.x vs 2.x which can complicate the issue a bit. The hanging could be a loop of some sort, have you looked at the output of the rewrite log to see exactly what is going on? Where can i find the log for that, i get a heap of errors like this though You can set: RewriteLog /path/to/writable/file RewriteLogLevel 9 #where 9 is the most verbose [Thu Nov 10 15:26:06 2005] [error] Optional hook test said: GET /videos/dir/42288faa3649e8a66b28871ba9d7e77b/457867517/ 713ced53f69d16f48072c2d13705e91b/95/180/video.stream HTTP/1.0 I'm not really sure what this means, it is related to the ./configure options for apache --enable-optional-hook*, i have no clue what that does. Curt. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] a code question..??
the app B server would then return a result, based on the user input... i'm trying to figure out how to essentially allocate a section of the page, to a remote application. after i've finished with the remote stuff, the user could go ahead and select other items/buttons on the page that are in the current environment You could just use an iframe... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Inserting a NULL value into MySQL via PHP
On Fri, Nov 11, 2005 at 01:09:39PM +1300, Jasper Bryant-Greene wrote:
[EMAIL PROTECTED] wrote:
Is there a way when making a MySQL database entry through a PHP script and
there is no data to make the db treat it as NULL?
Wouldn't this just work:
INSERT INTO myTable (myField) VALUES (NULL)
yeah, the final result would need to look like that. Without an
example i would guess the question would be more how do i get my
statement to send NULL instead of ''.
?php
$sql_quoted = array(); // shiflett' -- style
$myFieldValue = isset($POST['myFieldValue'])? $_POST['myFieldValue']: '';
if (strlen(trim($myFieldValue)) {
$sql_quoted['myField'] = ' . mysql_real_escape_string($myFieldValue) . ';
} else {
$sql_quoted['myField'] = 'NULL';
}
$query = INSERT INTO myTable(myField) VALUES({$sql_quoted['myField']});
echo $query;
?
And if the field posted was empty, it will be indentical to
Jasper's sql, other wise it will be a properly quoted string.
Curt.
--
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] wanting to get host name instead of ip
On Thu, Nov 10, 2005 at 11:35:06PM -0600, matt VanDeWalle wrote: hello, I was wondering, is there a way to get a connection's name(host's name instead of just ip), i am using the cli version of php and am now using the function getpeername() but for example, i would like to be able to have it say something like connection: localhost instead of connection: 127.0.0.1 is this possible with the command line interface? I assume you really mean socket_getpeername(). You just have to do a reverse lookup using gethostbyaddr(), pending your host and named settings you will get back either localhost or the hostname you have (hopefully it is localhost), if it can't be resolved it will be the IP. if it is the IP instead of a localhost/hostname you'll have to fix your systems configuration. Curt. -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] wanting to get host name instead of ip
yes, you assume right, I really did mean socket_getpeername() its about midnight here and my brain shuts down at about 10:30 :p thanks for the reply matt On Thu, 10 Nov 2005, Curt Zirzow wrote: On Thu, Nov 10, 2005 at 11:35:06PM -0600, matt VanDeWalle wrote: hello, I was wondering, is there a way to get a connection's name(host's name instead of just ip), i am using the cli version of php and am now using the function getpeername() but for example, i would like to be able to have it say something like connection: localhost instead of connection: 127.0.0.1 is this possible with the command line interface? I assume you really mean socket_getpeername(). You just have to do a reverse lookup using gethostbyaddr(), pending your host and named settings you will get back either localhost or the hostname you have (hopefully it is localhost), if it can't be resolved it will be the IP. if it is the IP instead of a localhost/hostname you'll have to fix your systems configuration. Curt. -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
