RE: [PHP] Passing Form As Argument
Hi, I'm new to the list so Hello to all. I'm drafting a function.php page, which will be included() in the pages in need. How would I pass a form as an argument of a function? From the name parameter of the form element or perhaps an ID: function checkForm(theForm){ //Form validation code omitted. } Also, I seem to recall some caution is needed when using user-defined functions? -- I always try to do server-side and client-side verification. Client-side with javascript, server-side with PHP. The coolness with Client-side verification is that it saves the server's bandwidth and processing time and if you use a focus function you can place the cursor to where the first error has been spotted. The issue here is that someone one day makes a mistake you did not think of. Or someone hacks the form and recreates an html version locally to just piss you off and try to fill your database with garbage. Or simply hammer your site with 1 million times the same flawed form to see what happens. Hence the need for server-side verification as well. Another plus is that you can do some more complex verifications in PHP. For instance comparing the zip code with the state by querying a state/zip code database. Or even talk to a credit card processor to make sure that the credit card is valid and has cash, while all the javascript can do is verify the plausibility of the credit card number. I am now AJAXing some of my server-side verifications to make it seem like it is client-side, the goal here is to save time and bandwidth. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Form to page force download
Best group member, I have this process: 1. Fill out a form on a web page 2. Lands on a thank you page and force a download of a pdf Right now I solve this by outputting the thank you page and then using a javascript to redirect to the download.php that consist of the following: header('Content-type: application/pdf'); header('Content-Disposition: attachment; filename=eguide.pdf'); readfile('http://www.thedomain.com/download/eguide.pdf'); Unfortunally it seams like some browsers blocks my javascript that redirects to that address. If JavaScript is enabled, this works fine. How would you solve this? Any method in PHP? I was hoping to be able to do the thing that download.php does in the same file as the output of my thank you page. Thank you.
[PHP] UML for PHP
Hi, Anyone who know about a UML editor that can generate PHP code? /Peter
Re: [PHP] Re: no offense to Rasmus... are you kidding me
You guys make me laugh... :) (And I really actually mean that in a nice way... that last bit was quite funny. And yes, size does matter... some don't like it _too_ big.) But, I digress. I'm OK with taking this off-list... though I'd rather publicly reply. Yeah, I meant procedural, not functional. Chalk one up to another stupid mistake. Also, realize, I'm not saying that we change PHP tomorrow... hell, we don't even necessarily have to change PHP... I'm saying we think about our philosophies and take these agile philosophies into view when we consider making changes to PHP and designing our own applications. Yes, I'm aware performance is a huge deal: I'm OK with developers spending 90% of their time on performance tweaking and 10% on new thinking... I don't want changes to hurt the people... that's definitely not human-centric! I like some stuff, and I know that what I like a lot of people don't like (such as everything-as-objects). My ideas aren't to deface PHP... Everything-as-objects in a transparent manner. Yeah, 5-length won't be too useful, but ['one', 'two', 'three']-length would be, as well as strings with -replace('/with/', 'as') objects... And of course, other ways would work as well... Hey, you know, that's just how I prefer... I like seeing numbers as numbers with their own properties, same as strings and arrays, et al. Hey, I know I'm weird, but I think I'm right. But let me recenter that thought again... I'm not saying that we have to change the language now, if ever: it's about our philosophies. I mean, where did our changes come from anyways? Some crazy guy came in and made suggestions that opened up new ways of thinking or at least new ideas, maybe inspiring the current iteration we use today. I'm hoping to act as a catalyst, even if just a little bit of movement is made. As far as the funeral goes, I'm not saying that PHP is on the crash course either. I used that metaphor because I think that the way we think about our language will become too strict or cemented to be willing to make changes necessary to keep PHP alive: it will become as hard to move within the community as the Titanic. As far as AJAX is concerned: yeah, it's a bitch. I've gotten it to work pretty cleanly in a newer project of mine with little discrepencies, and, hopefully, if what I've been doing is good enough, I might write about it (but we all know how well that goes over, haha). With all of the comments and all, I've lost track if there were any others I wanted to make. Ah well, I'm sure you're more the happier for me to stop (as am I, at this point). I do want to say Thank you for your responses: I did want responses and, eventually, I got some meaty responses! All the while, we were thinking about things, which is good. That's the best way to start. Oh, before I go... I want to echo the fact that AJAX and Web 2.0 are not the same... AJAX is a tool, Web 2.0 (or Agile development) is a philosophy. M.T. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] How to add on libPDF to php
Hi, I am a newbie to libPDF and I am actually wanted to install it. When I look at the installation manual from the website it asked me to recompile with libPDF library directory. But if possible I don't wish to recompile the whole of PHP because I am using Suse Linux and PHP is packaged together with it. And I realize Suse works quite differently from Red Hat and not very used to it. Once I recompile a new PHP, I will be quite lost how to go on with it. Is there anyway I can easily add on this libPDF to PHP without recompiling. And I wonder where can I find this libpdf_php.so file. I only found libpdf.so file on my suse after installing libpdf to it. Help would be much appreciated. Thanks alot. Regards, Ko Ko Reality starts with Dream - Blab-away for as little as 1¢/min. Make PC-to-Phone Calls using Yahoo! Messenger with Voice.
Re: [PHP] How to add on libPDF to php
On 21 Apr 2006, at 10:20, Ko Ko wrote: I am a newbie to libPDF and I am actually wanted to install it. When I look at the installation manual from the website it asked me to recompile with libPDF library directory. But if possible I don't wish to recompile the whole of PHP because I am using Suse Linux and PHP is packaged together with it. And I realize Suse works quite differently from Red Hat and not very used to it. Once I recompile a new PHP, I will be quite lost how to go on with it. Is there anyway I can easily add on this libPDF to PHP without recompiling. And I wonder where can I find this libpdf_php.so file. I only found libpdf.so file on my suse after installing libpdf to it. Help would be much appreciated. Thanks alot. Do you desperately need to use PDFlib? If not then you could save yourself some hassle and use FPDF instead, which is extremely good, and easy to use! (no re-compile required) It has a good manual, example code and tutorials. Well worth a look if your PDF requirements are -relatively- simple. The really cool PDFlib features (like blocks support, or including other PDFs in the flow) costs a lot of money. Worth it if you are doing heavy and complex PDF generation, overkill if not. Cheers, Rich -- http://www.corephp.co.uk Zend Certified Engineer PHP Development Services -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Creating an OO Shopping Cart
Nicolas Verhaeghe wrote: [snip] I'm creating my own Object Oriented PHP Shopping Cart. Okaaay. ... To answer our friend, he seems to have to learn to develop simple applications before starting building something as complex as a shopping cart. Not only complex, but also sensitive, because the end of the process is to handle credit card numbers, and I would not trust a beginner to handle that type of information. get ready for a 'Richard Lynching' with regard to the CC statement. ;-) unless your name is VISA (or somethin gin a similar vein) you don't ever touch a creditcard number - ever, ever, ever. this saves you getting sued, your house being sold from underneath and consequently your wife leaving you. Richard Lynch has given very detailed responses to the issues of handling credit cards on numerous occasions on this list - do yourself a favor and search the archives and read what he had to say - his is sound advice imho. Functions that perform operations such as manipulating objects (a shopping cart is an object, after all, so are the items, and the client's information) are simply performed at the top and the functions which display the changes or prompts the buyer for operations are shown at the bottom, it's all very straight and linear. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Linebreak
Martin Alterisio wrote: You wouldn't feel/look stupid if you had RTFM: no no thats not right - I RTFM all the time and still feel stupid ;-) http://www.php.net/manual/en/language.types.string.php#language.types.string.syntax.single to to OP: do read up on strings some more (look for the word 'interpolation' and make sure you know what it means). -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP Script to open phpBB2 accounts
No words... Just :) -Original Message- From: Richard Lynch [mailto:[EMAIL PROTECTED] Sent: Friday, April 21, 2006 2:48 AM To: John Nichel Cc: php-general@lists.php.net Subject: Re: [PHP] PHP Script to open phpBB2 accounts [some SERIOUS text-deleting happened here...] On Thu, April 20, 2006 8:08 am, John Nichel wrote: Weber Sites LTD wrote: I have been on this list since 1998. Looking at some of the '98 you say? Well, I don't remember you, but one would think being a part of I do. He posted an answer link for almost every question to weberdev almost as often as Manuel posted an answer link to phpclasses. :-) :-) :-) Honestly, I think they're both fine sites that fulfill a need, and they both backed off on the self-promotion posting as the sites matured, and that's a fine thing. And we ALL tend to get a bit trigger-happy on the RTFM and so forth, especially after a nice big fire-storm like we've just had. That's just how it goes. Human nature. [shrug] Disclaimer: This post was just good-natured ribbing I believe *I* may actually hold the Title to Most OT/Bad Posts to PHP-General to this day. :-) H. Wonder if I could wrangle that into an all-expenses-covered Topic at some PHP Conference. Yeah, right. :-v -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session contamination?
Yes, Chuck is correct here. The security issue I raised has to do with multiple users on the same shared server, which is how some hosting companies manage their clients. Each user may have a different home directory and has separation from other users, however, usually the same /tmp directory is used to store all the session cookies for all the users on the server. By running a simple script in your area you can read all the sessions managed by the server including sessions generated by other users. By moving the session cookies to a directory within your own user area it may make them more difficult to find, but it does not guarantee security as Chuck points out. This is discussed at [http://php.net/manual/en/ ref.session.php] as pointed out by Jochem. - Ben On Apr 20, 2006, at 7:22 PM, Richard Lynch wrote: On Thu, April 20, 2006 1:46 pm, Ben Liu wrote: After a bit more research, I think I understand why Jochem recommends use of session_save_path() rather than just naming each session differently. The former method provides more security as you can set the location where session cookies are stored. This will help prevent an attacker from gaining access to session information and then using it to gain inappropriate access to the application the session was created for or even other applications running on the same shared server. Anyway, I think that's why. ::Possible False Sense Of Security Alert:: If a Bad Guy can read the session data, moving it to a different directory is probably not going to help, really... Unless you are running with different Usernames for each client on your shared server, using FastCGI + suexec or some similar method, the cookie files are STILL just as readable by the same Bad Guys, using the same methods. They just have to change their to: ?php $path = /other/path/to/other/cookies;? before they start their damage. There may well be other GREAT reasons for using a different save path, or a different path for the Cookie, or session_name over each other, but I don't think Security is the reason behind any of the choices. I'd personally use ini_set as the last choice because it's remotely possible that the setting can't be changed from within a script, as a few are like that -- Or, worse, that they can be changed today, but in, say PHP 6 or PHP 7, they won't be for some obscure reason we cannot predict today. session_name() seems less likely to just disappear completely as a feature than a minor change to a php.ini setting and where it is allowed. But that's just my paranoid logic. :-) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: no offense to Rasmus... are you kidding me
You guys make me laugh... :) :-) (And I really actually mean that in a nice way... that last bit was quite funny. And yes, size does matter... some don't like it _too_ big.) Damn, just my luck :-D As far as AJAX is concerned: yeah, it's a bitch. I've gotten it to work pretty cleanly in a newer project of mine with little discrepencies, and, hopefully, if what I've been doing is good enough, You might want to wait a bit and then check out weberdev as Tedd from the list has written quite a sweet ajax (mini-framework?) that he has been kind enough to share with me when I was experimenting with ajax, you can either write to him and _request him to give you some sample code or wait a bit as he told me he's going to submit it to weberdev soon. As for writing your opinions, I say go for it, but remember that you will get responses to it...some that you may like and..well, you kind of know the rest :-D One suggestion, if you are going to write articles like the last one (which personally I didnt go for either - putting it mildly ;-) ) please put it on a page where people can comment directly under it so it wont be like this original thread and this sub-thread which is so far OT ,flaming etc, I for one would appreciate that. My two cents.. Mvh, -Ryan -- - The faulty interface lies between the chair and the keyboard. - Creativity is great, but plagiarism is faster! - Smile, everyone loves a moron. :-) __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session contamination?
Ach, correction: Chuck is correct here. = *Richard* is correct here. No morning coffee yet, sorry. - Ben On Apr 20, 2006, at 7:22 PM, Richard Lynch wrote: On Thu, April 20, 2006 1:46 pm, Ben Liu wrote: After a bit more research, I think I understand why Jochem recommends use of session_save_path() rather than just naming each session differently. The former method provides more security as you can set the location where session cookies are stored. This will help prevent an attacker from gaining access to session information and then using it to gain inappropriate access to the application the session was created for or even other applications running on the same shared server. Anyway, I think that's why. ::Possible False Sense Of Security Alert:: If a Bad Guy can read the session data, moving it to a different directory is probably not going to help, really... Unless you are running with different Usernames for each client on your shared server, using FastCGI + suexec or some similar method, the cookie files are STILL just as readable by the same Bad Guys, using the same methods. They just have to change their to: ?php $path = /other/path/to/other/cookies;? before they start their damage. There may well be other GREAT reasons for using a different save path, or a different path for the Cookie, or session_name over each other, but I don't think Security is the reason behind any of the choices. I'd personally use ini_set as the last choice because it's remotely possible that the setting can't be changed from within a script, as a few are like that -- Or, worse, that they can be changed today, but in, say PHP 6 or PHP 7, they won't be for some obscure reason we cannot predict today. session_name() seems less likely to just disappear completely as a feature than a minor change to a php.ini setting and where it is allowed. But that's just my paranoid logic. :-) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Session contamination?
Hi Chuck, Glad this discussion has been of use to you. I can't help much with where your /tmp directory might be. if you echo session_save_path() it should tell you where your session cookies are being saved to on your server. I have read recommendations that you set a different path for the cookies using session_save_path(), and yes they recommend some place within your home directory structure. The problem this creates is in garbage collection. The standard *nix cron jobs will clear everything out of /tmp on a regular basis whereas some directory you create will not be subject to this regular housekeeping unless you write some script to do it or create a custom cron job. My interpretation of managing this problem, at this point is: If you are on a shared server and have an application or applications that have sensitive data and require an adequate level of security, you should move the session cookies somewhere away from /tmp and dealing with the garbage collection issues. Alternatively, perhaps you shouldn't be using shared hosting or you could encrypt the sessions cookies somehow. If you are on a shared server and don't have sensitive data, changing the session name should be enough to prevent cross-contamination of session variables. I'm still reading/learning so if I'm wrong, someone else please jump in. - Ben On Apr 21, 2006, at 12:05 AM, Chuck Anderson wrote: This has been a very interesting discussion, as I have had the same problem, but never thought much about the fact that I could do anything about it. As to session save path, when I run phpinfo (at my remote Linux server) it tells me that it is set to no value. This means it would default to /tmp. Where is this tmp directory? I have looked at the tmp directory that is one level above my site's www directory (outside of the web space), but I do not see any session data there. That's why I am asking if it is a system wide directory, or is it the one in my home directory. If I set the path myself, what would be a good location? (I assume it should be outside the web space). Should I make up some random folder name (one time) and story my session data within that directory, within my own home directory? Ben Liu wrote: Hello All, I'm using a single development server to host multiple client projects, many of which require session management. I've noticed that sometimes when I test these various web apps (which are simply in separate sub directories) I get session leakage where logging in and establishing a session on one app allows me access to (automatically logs me in) to other app(s) on the same server. Or sometimes a session variable will be set across all the apps, like $_SESSION['username']. Is this due to the fact that sessions are established between client browsers and servers, regardless of directory/sub directory? What is the best way to avoid/prevent this problem? Should I be using specific Session ID's or Session names? Thanks for any help, - Ben -- * Chuck Anderson • Boulder, CO http://www.CycleTourist.com Integrity is obvious. The lack of it is common. * -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] performance criteria on DEFINE()
Hi, We have a big multilanguage project. For a while we used gettext to translate the pages, but we gave up on this because of many problems. Out solution is to create a file for each language which includes the label definitions. for ex: define(LABEL1, label 1); define(LABEL2, label 2); etc... Now, one of this file can contain more than 2000 defines and we make a calculation that we will reach 8000 in 2 years. I made some testing(generated many label) in including these files into the project it seemed to work fine. I don't know how php handles these defines(memory usage, CPU etc) so the question is: how much affects the performace the inclusion of a lot of defines??? Andy.
[PHP] forms and variables?
Hello, Probably a stupid one but anyway... In PHP. Is it possible to point to a variable with the HTML form name by which it was posted from? Example: //point to the variable with something like or somenthing??? $AddNew.SomeVar form name=AddNew method=post action=? $PHP_SELF ? $SomeVar = Add; /form form name=DeleteOld method=post action=? $PHP_SELF ? $SomeVar = Del; /form Or do I just have name the variables uniquely? Thanks -Will -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] performance criteria on DEFINE()
Andy wrote: Hi, We have a big multilanguage project. For a while we used gettext to translate the pages, but we gave up on this because of many problems. Out solution is to create a file for each language which includes the label definitions. for ex: define(LABEL1, label 1); define(LABEL2, label 2); etc... Now, one of this file can contain more than 2000 defines and we make a calculation that we will reach 8000 in 2 years. I made some testing(generated many label) in including these files into the project it seemed to work fine. I don't know how php handles these defines(memory usage, CPU etc) so the question is: how much affects the performace the inclusion of a lot of defines??? creating constants is _very_ slow... if gettext is too much hassle (I can understand that ;-) it's a pity, but you have the alternative of using an array: $Lang = array( 'LABEL1' = 'hallo!', // etc ); OR install APC and write a routine that uses apc_define_constants() (not on every request obviously - well it will becomne obvious when you read up on apc and that function in particular) and apc_load_constants(). which means you can still use define() and not suffer the speed hit - although be prepared to use up a little RAM :-). note that although this means you will use the constants in your app the definition of the LABEL=text pairs will be an array if you go the APC route. http://php.net/apc ps - the info on constants and apc is regurgitation of advice/info coming direct from Rasmus. I have never tested it, I assume he knows what he's talking about (otherwise why would he bother to write apc_load_constants()/apc_define_constants()?) pps - use single quotes for the __minimal__ decrease in processing that the skipping of string interpolation causes. Andy. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] forms and variables?
[snip] Probably a stupid one but anyway... In PHP. Is it possible to point to a variable with the HTML form name by which it was posted from? Example: //point to the variable with something like or somenthing??? $AddNew.SomeVar form name=AddNew method=post action=? $PHP_SELF ? $SomeVar = Add; /form form name=DeleteOld method=post action=? $PHP_SELF ? $SomeVar = Del; /form Or do I just have name the variables uniquely? [/snip] You could write a function...looks like you're trying to do something similar to DOM. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] FQDN of the server thru CLI
php_uname('n') Edin Venkat Venkataraju wrote: Hi All I'm writing a bunch of cron scripts that send reports periodically using phpmailer. I'm having a hard time trying to find the FQDN of the server. I need that information to construct the from address for the emails. The $_ENV['HOSTNAME'] works only if the script is executed manually. the cron does not pass the HOSTNAME env variable to the scripts. When executed from the CLI, the $_SERVER['HOSTNAME'] does not have the fqdn, but just the hostname part of the FQDN. Unless i hard code the corntab file with HOSTNAME=fqdn i do not want to hardcode the hostname anywhere as these script will be copied onto many servers. is there a way i can find the fully qualified domain name thru PHP? Thanks /V -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] forms and variables?
take the following code and do some experimentation: ? echo 'pre'; echo POST vars: \n; var_dump($_POST); echo GET vars: \n; var_dump($_GET); echo '/pre'; ? stick that in your page that contain the form and start playing with different form fields, different form fields names, etc, etc - everytime you submit you'll know see what's being submitted. enjoy William Stokes wrote: Hello, Probably a stupid one but anyway... In PHP. Is it possible to point to a variable with the HTML form name by which it was posted from? Example: //point to the variable with something like or somenthing??? $AddNew.SomeVar this is not asp.NET/asp.NOT, so no to that question. god only knows what you mean by the form examples below... form name=AddNew method=post action=? $PHP_SELF ? $SomeVar = Add; /form form name=DeleteOld method=post action=? $PHP_SELF ? $SomeVar = Del; /form Or do I just have name the variables uniquely? I would, in general, recommend calling every $x. ;-) Thanks -Will -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: no offense to Rasmus... are you kidding me
[snip] it's about our philosophies. [/snip] Too bad your article didn't reflect that as well as you might have liked. And Web 2.0 is a label, the underlying philosophy has been there for years (before you ever got Dreamweaver to write your first line of HTML for you). Ajax is a label for a loose group of tools some cat wrote about a couple of years ago. Agile development is a label (just as Extreme Programming is) to describe a quicker turn-around from concept to working application that cuts out several steps that will be handled later. Your disjointed article does a disservice to any philosophy or tool mentioned within it. Those of us who have been doing this for a while (some for decades) have examined and re-examined our philosophies so many times it would curl the peach fuzz on your baby-fatted butt. Dude, you're 20 years old and quite frankly wet behind the ears. You have brilliant potential (as I have said before after reviewing Canvas) but you have a long way to go. P.S. For those of you who wanted this off-list just don't read it. You know what the subject is. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP6 just became my worst nightmare.
Jochem Maas wrote: apparently calling a dynamic function using static syntax will cause an E_FATAL. ? That's just how OO design works... If you have a non-static method you can always have a $this- lingering in there. Now, if you call this method with the static syntax, $this suddenly doesn't exist... Design wise trying to do something like this is just fundamentally wrong. That it was supported in PHP 5 can be considered as the bug and it was just fixed... The other way (calling a static function dynamically) ofcourse does not give any problems. Derick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] asociative array syntax
Hi there, I would like to associate to 2 variables the same content. Example: 'gm_GM', 'gm_CH' = array( unfortunatelly this syntax does not work. It simply overwrites gm_GM Any ideas on how to make this possible? Thank you for any hint, Merlin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] forms and variables?
At 3:45 PM +0300 4/21/06, William Stokes wrote: Hello, Probably a stupid one but anyway... In PHP. Is it possible to point to a variable with the HTML form name by which it was posted from? Example: //point to the variable with something like or somenthing??? $AddNew.SomeVar form name=AddNew method=post action=? $PHP_SELF ? $SomeVar = Add; /form form name=DeleteOld method=post action=? $PHP_SELF ? $SomeVar = Del; /form Or do I just have name the variables uniquely? Thanks -Will -Will: Sure, you're almost there, just make a hidden variable $whichform and use it like so: form name=AddNew method=post action=? $PHP_SELF ? input type=hidden name=whichform value=add /form form name=DeleteOld method=post action=? $PHP_SELF ? input type=hidden name=whichform value=del /form HTH's tedd -- http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Export data with PHPMyAdmin
Hello, I'm using PhpMyadmin 2.6.3 on operators server for DB management. I would from time to time like to export the whole DB to text file and move the DB to my own test server. Problem is that when I dump the whole DB to a file all scandic fonts are incorrect. If I dump the data to screen they are correct. Data Collation in the DB is latin1_swedish_ci. Since the amount of data and tables are increased dumping everything to screen is not very convenient. Any ideas how to do this right? Thanks -Will -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Export data with PHPMyAdmin
Forgot to say that the scandic fonts are ok in the tables... William Stokes [EMAIL PROTECTED] kirjoitti viestissä:[EMAIL PROTECTED] Hello, I'm using PhpMyadmin 2.6.3 on operators server for DB management. I would from time to time like to export the whole DB to text file and move the DB to my own test server. Problem is that when I dump the whole DB to a file all scandic fonts are incorrect. If I dump the data to screen they are correct. Data Collation in the DB is latin1_swedish_ci. Since the amount of data and tables are increased dumping everything to screen is not very convenient. Any ideas how to do this right? Thanks -Will -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Export data with PHPMyAdmin
phpmyadmin have their own support channels. as do mysql. William Stokes wrote: Hello, I'm using PhpMyadmin 2.6.3 on operators server for DB management. I would from time to time like to export the whole DB to text file and move the DB to my own test server. Problem is that when I dump the whole DB to a file all scandic fonts are incorrect. If I dump the data to screen they are correct. Data Collation in the DB is latin1_swedish_ci. Since the amount of data and tables are increased dumping everything to screen is not very convenient. Any ideas how to do this right? Thanks -Will -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Creating an OO Shopping Cart
You don't need the unserialize(), it's done internally by the session_start(). All the things you put inside $_SESSION, except for resources, will be rebuilt when the session is regenerated. This way you don't need to worry about serializing. Read the manual section about sessions. 2006/4/21, Steve [EMAIL PROTECTED]: Hi Thanks for all your help so far. I've combined all your thoughts, and from what I understand, for every page I have that interacts with the cart, I need to have something like the following code. So basically, on every page, be it a page that displays the contents of the cart, the checkout, or catalog pages, at the top of the code I always need to check if files are being added, deleted or changed qty. Is this correct? This is my biggest concern. What's the best way to interact with the Cart class when adding/removing items? Thanks Steve ?php // This File: catalog.php require_once 'Cart.php'; session_start(); /* Establish connection to the cart */ if ( isset($_SESSION[cart] ) $cart = unserialize($_SESSION[cart]); else $cart = new Cart(); /* Modify the cart for this user */ if ( isset($_GET['add']) ) $cart-addItem($_GET['add']); if ( isset($_GET['remove']) ) $cart-removeItem($_GET['remove']); /* Save the cart's state */ $_SESSION['cart'] = $cart; /* Display the catalog */ echo HEREDOCS blah blah HEREDOCS; ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] performance criteria on DEFINE()
Thanks for the suggests. I will have to make some tests to see what will happen, especially how fast. I will post after that my opinion. Regards, Andy. - Original Message - From: Jochem Maas [EMAIL PROTECTED] To: Andy [EMAIL PROTECTED] Cc: php-general@lists.php.net Sent: Friday, April 21, 2006 3:52 PM Subject: Re: [PHP] performance criteria on DEFINE() Andy wrote: Hi, We have a big multilanguage project. For a while we used gettext to translate the pages, but we gave up on this because of many problems. Out solution is to create a file for each language which includes the label definitions. for ex: define(LABEL1, label 1); define(LABEL2, label 2); etc... Now, one of this file can contain more than 2000 defines and we make a calculation that we will reach 8000 in 2 years. I made some testing(generated many label) in including these files into the project it seemed to work fine. I don't know how php handles these defines(memory usage, CPU etc) so the question is: how much affects the performace the inclusion of a lot of defines??? creating constants is _very_ slow... if gettext is too much hassle (I can understand that ;-) it's a pity, but you have the alternative of using an array: $Lang = array( 'LABEL1' = 'hallo!', // etc ); OR install APC and write a routine that uses apc_define_constants() (not on every request obviously - well it will becomne obvious when you read up on apc and that function in particular) and apc_load_constants(). which means you can still use define() and not suffer the speed hit - although be prepared to use up a little RAM :-). note that although this means you will use the constants in your app the definition of the LABEL=text pairs will be an array if you go the APC route. http://php.net/apc ps - the info on constants and apc is regurgitation of advice/info coming direct from Rasmus. I have never tested it, I assume he knows what he's talking about (otherwise why would he bother to write apc_load_constants()/apc_define_constants()?) pps - use single quotes for the __minimal__ decrease in processing that the skipping of string interpolation causes. Andy. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Creating an OO Shopping Cart
Nicolas Verhaeghe wrote: [snip] I'm creating my own Object Oriented PHP Shopping Cart. Okaaay. ... To answer our friend, he seems to have to learn to develop simple applications before starting building something as complex as a shopping cart. Not only complex, but also sensitive, because the end of the process is to handle credit card numbers, and I would not trust a beginner to handle that type of information. get ready for a 'Richard Lynching' with regard to the CC statement. ;-) unless your name is VISA (or somethin gin a similar vein) you don't ever touch a creditcard number - ever, ever, ever. this saves you getting sued, your house being sold from underneath and consequently your wife leaving you. Richard Lynch has given very detailed responses to the issues of handling credit cards on numerous occasions on this list - do yourself a favor and search the archives and read what he had to say - his is sound advice imho. Functions that perform operations such as manipulating objects (a shopping cart is an object, after all, so are the items, and the client's information) are simply performed at the top and the functions which display the changes or prompts the buyer for operations are shown at the bottom, it's all very straight and linear. -- Actually you do not touch a credit card when your name is Visa. Credit card authorization is done with credit card processors and of course you have to touch credit card numbers in order to communicate with those. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Form to page force download
Peter Lauri wrote: [···] 1. Fill out a form on a web page 2. Lands on a thank you page and force a download of a pdf Right now I solve this by outputting the thank you page and then using a javascript to redirect to the download.php that consist of the following: header('Content-type: application/pdf'); header('Content-Disposition: attachment; filename=eguide.pdf'); readfile('http://www.thedomain.com/download/eguide.pdf'); Unfortunally it seams like some browsers blocks my javascript that redirects to that address. If JavaScript is enabled, this works fine. How would you solve this? Any method in PHP? I was hoping to be able to do the thing that download.php does in the same file as the output of my thank you page. So... why don't you do it that way? I have a function similar to your code (for sending the file) and call it whenever I need it in the 'main' page (no special page for download used) You may want to try yourself -- Atentamente, J. Rafael Salazar Magaña Innox - Innovación Inteligente Tel: +52 (33) 3615 5348 ext. 205 / 01 800 2-SOFTWARE http://www.innox.com.mx -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Passing Form As Argument
At 3:46 PM -0700 4/20/06, Chris Kennon wrote: I'm new to the list so Hello to all. I'm drafting a function.php page, which will be included() in the pages in need. How would I pass a form as an argument of a function? From the name parameter of the form element or perhaps an ID: function checkForm(theForm){ //Form validation code omitted. } You can't pass the form, but you can pass the form content, which is probably what you want anyway. If it were me, I would place a form value ($theForm) in each fomr as a input hidden variable that would identify which form and I would pass that to your checkForm($theFrom) function. From there, I would set up a switch which would channel your validation. The variables to validate, of course, would be in your $_POST or $_GET arrays. That should be simple enough. Also, I seem to recall some caution is needed when using user-defined functions? No more so than any other syntax, just do it right. tedd -- http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: asociative array syntax
Merlin wrote: I would like to associate to 2 variables the same content. Example: 'gm_GM', 'gm_CH' = array( unfortunatelly this syntax does not work. It simply overwrites gm_GM Any ideas on how to make this possible? 'gm_GM' is not overwritten, do a print_r($array) to verify. What you're telling PHP to do is to add a secuential index whose value is 'gm_GM', then an asociative index 'gm_CH' whose value is an array. If you want to assign the same value to both index, you need to simply do 'gm_GM' = $value, 'gm_CH' = $value, or $array['gm_GM'] = $array['gm_CH'] = $value; -- Atentamente, J. Rafael Salazar Magaña Innox - Innovación Inteligente Tel: +52 (33) 3615 5348 ext. 205 / 01 800 2-SOFTWARE http://www.innox.com.mx -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Export data with PHPMyAdmin
Use mysqldump. Quick easy. -Original Message- From: William Stokes [mailto:[EMAIL PROTECTED] Sent: Friday, April 21, 2006 8:56 AM To: php-general@lists.php.net Subject: [PHP] Re: Export data with PHPMyAdmin Forgot to say that the scandic fonts are ok in the tables... William Stokes [EMAIL PROTECTED] kirjoitti viestissä:[EMAIL PROTECTED] Hello, I'm using PhpMyadmin 2.6.3 on operators server for DB management. I would from time to time like to export the whole DB to text file and move the DB to my own test server. Problem is that when I dump the whole DB to a file all scandic fonts are incorrect. If I dump the data to screen they are correct. Data Collation in the DB is latin1_swedish_ci. Since the amount of data and tables are increased dumping everything to screen is not very convenient. Any ideas how to do this right? Thanks -Will -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] strange php url
Hi, could anyone tell me why the following url doesn't generate a page not found ? http://www.php.net/manual/en/function.checkdnsrr.php/manual/ you can try with a longer url after the last .php. I tried with ../manual instead of manual and this produces a 404. I checked with www.php.net because my own site does the same and I wanted to be sure it didn't come from my config. thanks Nicolas Figaro -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strange php url
Not sure about php.net specifically, but two things to note here: If you leave off a filename at the end of the URL, the web server will look for a 'default' document. On apache and unix systems I believe the default is index.html and on IIS systems it's something like Default.htm. Most of the time there are other options like you might add a index.php if your site uses PHP. The other thing that could happen is they could be using something like the Apache mod_rewrite (some info at http://www.modrewrite.com/ among others) which can dynamically change the requested URL to a more standard URL before sending back to the user. Something like this: http://www.testserver.com/tgryffyn/homepage/middlesection Could be turned into something like: http://www.testserver.com/userpage.php?user=tgryffynpage=home#middleanchor But to the user requesting the page, it'll always look like the first URL. Forgive me if I got any syntax or capability of mod_rewrite wrong, never used it myself just know that's the general sort of thing that it does. You might be getting a 404 on using ../manual because they're using mod_rewrite and it didn't know how to deal with ../manual because manual isn't part of a path but actually part of the rewrite rules. and the ../ part of it didn't fit into those rules or got translated to a non-existant page This: http://www.php.net/manual/en/function.checkdnsrr.php/manual/ Might become something like (ignoring everythin after the function reference): http://www.php.net/manual.php?l=enfunction=checkdnsrr I'm not sure why you'd get a 404 by changing the second 'manual' to '../manual' but could have something to do with rewrite rules or something. Just some thoughts. -TG = = = Original message = = = Hi, could anyone tell me why the following url doesn't generate a page not found ? http://www.php.net/manual/en/function.checkdnsrr.php/manual/ you can try with a longer url after the last .php. I tried with ../manual instead of manual and this produces a 404. I checked with www.php.net because my own site does the same and I wanted to be sure it didn't come from my config. thanks Nicolas Figaro ___ Sent by ePrompter, the premier email notification software. Free download at http://www.ePrompter.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Preg_match() regex
Hey all, Regex pattern question here. I need to match on Foo-F00, Foo-foo, foo-Foo. I know in perl you can use the /i to specify case insensitive matching. Is there any such switch that can be used in preg_match() in PHP? Thanks, Jeff -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Validating XML
Hello, Anyone have pointers to good tutorials out there for validating XML with DTD? I have looked at the top comment on: http://www.php.net/manual/en/ref.xmlreader.php#xmlreader.constants Where you set the parser property to validate, but it is kind of like a black box...what is it using the validate the XML schema? I am working with an XML document and a DTD file which is separate, do the files have to share a name with a different extension, or does the DTD somehow have to be embedded? TIA -Brad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Preg_match() regex
On Friday 21 April 2006 9:44 am, Jeff wrote: Regex pattern question here. I need to match on Foo-F00, Foo-foo, foo-Foo. I know in perl you can use the /i to specify case insensitive matching. Is there any such switch that can be used in preg_match() in PHP? http://us3.php.net/manual/en/reference.pcre.pattern.syntax.php -- Joe Henry www.celebrityaccess.com [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strange php url
Hi, could anyone tell me why the following url doesn't generate a page not found ? http://www.php.net/manual/en/function.checkdnsrr.php/manual/ you can try with a longer url after the last .php. I tried with ../manual instead of manual and this produces a 404. I checked with www.php.net because my own site does the same and I wanted to be sure it didn't come from my config. thanks Nicolas Figaro [EMAIL PROTECTED] wrote: The other thing that could happen is they could be using something like the Apache mod_rewrite (some info at http://www.modrewrite.com/ among others) which can dynamically change the requested URL to a more standard URL before sending back to the user. Something like this: http://www.testserver.com/tgryffyn/homepage/middlesection Could be turned into something like: http://www.testserver.com/userpage.php?user=tgryffynpage=home#middleanchor But to the user requesting the page, it'll always look like the first URL. Forgive me if I got any syntax or capability of mod_rewrite wrong, never used it myself just know that's the general sort of thing that it does. Pretty good thoughts, there. Some years ago, Tim Perdue (of PHPBuilder and SourceForge fame) had a popular article on Search Engine Friendly URL's (or some such), in which he described use of the Apache ForceLocal directive to make a site just One Big Script, parsing the slashed portions of the query string as variables (instead of GET, a la ?section=manterm=foo) so that the browser appears to be accessing documents in subfolders, but it's really just telling the server to grab a page with certain values defined in the URI. It sure looks like a possibility of this or similar magic in this case. Of course, I could be way off my tree... Kevin Kinsey -- Byte your tongue. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strange php url
I believe Kevin is on the right track there. To expand a bit, you can use $_SERVER['PATH_INFO'] with these urls instead of $_GET to make use of the data it contains example for url http://www.example.com/index.php/foo/bar ?php echo $_SERVER['PATH_INFO']; ? produces: /foo/bar You can then parse this string, (generally by using the '/' character as a deliminator) and extract the data. MediaWiki even provides information (can't think of where at the moment) on how to use Apache's mod_rewrite to hide index.php thus making the url even cleaner: http://www.example.com/foo/bar Cheers! - Joe On 4/21/06, Kevin Kinsey [EMAIL PROTECTED] wrote: Hi, could anyone tell me why the following url doesn't generate a page not found ? http://www.php.net/manual/en/function.checkdnsrr.php/manual/ you can try with a longer url after the last .php. I tried with ../manual instead of manual and this produces a 404. I checked with www.php.net because my own site does the same and I wanted to be sure it didn't come from my config. thanks Nicolas Figaro [EMAIL PROTECTED] wrote: The other thing that could happen is they could be using something like the Apache mod_rewrite (some info at http://www.modrewrite.com/ among others) which can dynamically change the requested URL to a more standard URL before sending back to the user. Something like this: http://www.testserver.com/tgryffyn/homepage/middlesection Could be turned into something like: http://www.testserver.com/userpage.php?user=tgryffynpage=home#middleanchor But to the user requesting the page, it'll always look like the first URL. Forgive me if I got any syntax or capability of mod_rewrite wrong, never used it myself just know that's the general sort of thing that it does. Pretty good thoughts, there. Some years ago, Tim Perdue (of PHPBuilder and SourceForge fame) had a popular article on Search Engine Friendly URL's (or some such), in which he described use of the Apache ForceLocal directive to make a site just One Big Script, parsing the slashed portions of the query string as variables (instead of GET, a la ?section=manterm=foo) so that the browser appears to be accessing documents in subfolders, but it's really just telling the server to grab a page with certain values defined in the URI. It sure looks like a possibility of this or similar magic in this case. Of course, I could be way off my tree... Kevin Kinsey -- Byte your tongue. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Preg_match() regex
As Joe implied with his link, the preg_* family is called PCRE (Perl Compatible Regular Expression), and that's because they accept a Perl-style regexp as a string, i.e. '/foo-foo/i' would do it. Jeff wrote: Regex pattern question here. I need to match on Foo-F00, Foo-foo, foo-Foo. I know in perl you can use the /i to specify case insensitive matching. Is there any such switch that can be used in preg_match() in PHP? -- Atentamente, J. Rafael Salazar Magaña Innox - Innovación Inteligente Tel: +52 (33) 3615 5348 ext. 205 / 01 800 2-SOFTWARE http://www.innox.com.mx -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strange php url
You could do that... a poor man's mod_rewrite might involve something like this and making the main PHP parsing script your 404 page.. so no matter where you went on a page, the 404 redirect to your PHP script would parse the request (or would you get the post-redirected URL? in which case you'd have to get the 'referrer' maybe? not sure..). Sounds like it could have some security issues though..giving too much power to the user and what they enter in the URL being used as variable data.. definitely would want to scrub that input hard. -TG = = = Original message = = = I believe Kevin is on the right track there. To expand a bit, you can use $_SERVER['PATH_INFO'] with these urls instead of $_GET to make use of the data it contains example for url http://www.example.com/index.php/foo/bar ?php echo $_SERVER['PATH_INFO']; ? produces: /foo/bar You can then parse this string, (generally by using the '/' character as a deliminator) and extract the data. MediaWiki even provides information (can't think of where at the moment) on how to use Apache's mod_rewrite to hide index.php thus making the url even cleaner: http://www.example.com/foo/bar Cheers! - Joe ___ Sent by ePrompter, the premier email notification software. Free download at http://www.ePrompter.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PDF to Text
On Thursday 20 April 2006 19:23, Richard Lynch wrote: Actually, it's possible just bloody difficult. You're looking into a topic known as OCR (Optical Character Recognition). One OS project for this is: GOCR (aka JOCR) It's GOCR on freshmeat and JOCR on sourceforge because they name they wanted was taken by another project. :-( A commercial product known as OmniPages is probably the best solution, unfortunately. Thanks for the info. It makes sense that the scanner puts makes the image and puts that on the PDF. I'll have to look into GOCR, or just scrap the idea I had. Luckily I'm still just in the planning stage and we haven't figured out how all the processes are going to work :) Thanks again, -- Ray Hauge Programmer/Systems Administrator American Student Loan Services www.americanstudentloan.com 1.800.575.1099 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Form to page force download
Yes I am using that for the moment. The problem is that for the moment I require javascript to make it work. And I know there are browsers that block javascript, my client has already had a customer complaining that the download did not start. Temporary I solved it by puttning a link it the download does not start within a few seconds, please click here. /Peter -Original Message- From: Rafael [mailto:[EMAIL PROTECTED] Sent: Friday, April 21, 2006 9:22 PM To: php-general@lists.php.net Subject: [PHP] Re: Form to page force download Peter Lauri wrote: [···] 1. Fill out a form on a web page 2. Lands on a thank you page and force a download of a pdf Right now I solve this by outputting the thank you page and then using a javascript to redirect to the download.php that consist of the following: header('Content-type: application/pdf'); header('Content-Disposition: attachment; filename=eguide.pdf'); readfile('http://www.thedomain.com/download/eguide.pdf'); Unfortunally it seams like some browsers blocks my javascript that redirects to that address. If JavaScript is enabled, this works fine. How would you solve this? Any method in PHP? I was hoping to be able to do the thing that download.php does in the same file as the output of my thank you page. So... why don't you do it that way? I have a function similar to your code (for sending the file) and call it whenever I need it in the 'main' page (no special page for download used) You may want to try yourself -- Atentamente, J. Rafael Salazar Magaña Innox - Innovación Inteligente Tel: +52 (33) 3615 5348 ext. 205 / 01 800 2-SOFTWARE http://www.innox.com.mx -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PDF to Text
Jay Blanchard wrote: [snip] I am trying to find a way for a program to search through the text on a PDF. My first thought was to use pdftotext, but the PDFs generated by our commercial scanner/copier/printer machine do not seem to work with pdftotext... it just outputs two CRLFs. I've been looking around on the net for something similar that might work. Anyone know of something like that? Thanks, -- Ray Hauge Things I forgot to post: It is a PHP script. I was planning on using shell_exec() to call the program and read the output from stdout. [/snip] Sounds like the PDF's are images and therefore will not be readable by anything, save for eyeballs. I have run into this quite a bit. The scanner scans the doc via a TWAIN driver, which then converts the info into an image of that which was scanned. It would be like trying to read text programmatically from a JPEG.not really possible. http://www.cs.wisc.edu/~ghost/ will do it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strange php url
No arguments here ;-). For what it's worth, I've used this technique just to simply clean up the url's a bit. With that in mind, I usually don't need to do a terrible amount of scrubbing because I'm using the variables in the url more for navigation. So http://www.example.com/index.php/edit/customer/1234simply tells my script to display a form that will allow the user to edit customer 1234, if the first sections of $_SERVER['PATH_INFO'] isn't exactly what I'm expecting then I moce on to whatever the default action is (except of course for the customer id at the end). Really this isn't any different than http://www.example.com/index.php?action=edittype=customerid=1234 in terms of security. If I'm wrong someone please let me know as I do use this technique quite a bit. - Joe On 4/21/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: You could do that... a poor man's mod_rewrite might involve something like this and making the main PHP parsing script your 404 page.. so no matter where you went on a page, the 404 redirect to your PHP script would parse the request (or would you get the post-redirected URL? in which case you'd have to get the 'referrer' maybe? not sure..). Sounds like it could have some security issues though..giving too much power to the user and what they enter in the URL being used as variable data.. definitely would want to scrub that input hard. -TG = = = Original message = = = I believe Kevin is on the right track there. To expand a bit, you can use $_SERVER['PATH_INFO'] with these urls instead of $_GET to make use of the data it contains example for url http://www.example.com/index.php/foo/bar ?php echo $_SERVER['PATH_INFO']; ? produces: /foo/bar You can then parse this string, (generally by using the '/' character as a deliminator) and extract the data. MediaWiki even provides information (can't think of where at the moment) on how to use Apache's mod_rewrite to hide index.php thus making the url even cleaner: http://www.example.com/foo/bar Cheers! - Joe ___ Sent by ePrompter, the premier email notification software. Free download at http://www.ePrompter.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strange php url
All depends on how the data is used after it's interpreted/split: http://www.example.com/index.php/edit/customer/1234 $action = edit; $type = customer; $id = 1234; header(Location: http://www.example.com/index.php?action=$actiontype=$typeid=$id;); In this case, what happens if someone does: http://www.example.com/index.php/edit/customer/1234adminaccess=1 $action = edit; $type = customer; $id = 1234adminaccess=1; header(Location: http://www.example.com/index.php?action=$actiontype=$typeid=$id;); redirects to: http://www.example.com/index.php?action=edittype=customerid=1234adminaccess=1 Or if that data was used in a SQL query, you could open yourself up to a SQL injection attackbasically all the kind of concerns you have when handling user input in general, but you have to ask yourself What could someone do is they manually entered a URL instead of just clicking on a link that we generated... what other data is passed via $_GET vars or other data that's affected by the pre-rewrite URL). Maybe your stuff is ok... maybe the worst that happens is it looks for an id of 1234adminaccess=1 and doesn't find it. Security tends to involve dealing with what we know is a security risk... while hacking (the illegal kind) is only limited by the imagination and skill of the hacker. So good security relies on as much imagination and creativity as you can conjure up and hopefully it's more than the hacker trying to poke at your system. :) In other words, ALWAYS think of the worst-case scenario when thinking about security... isolate, restrict and scrub your input vigorously..hah -TG And you split on the forward slash.. you might get: = = = Original message = = = No arguments here ;-). For what it's worth, I've used this technique just to simply clean up the url's a bit. With that in mind, I usually don't need to do a terrible amount of scrubbing because I'm using the variables in the url more for navigation. So http://www.example.com/index.php/edit/customer/1234simply tells my script to display a form that will allow the user to edit customer 1234, if the first sections of $_SERVER['PATH_INFO'] isn't exactly what I'm expecting then I moce on to whatever the default action is (except of course for the customer id at the end). Really this isn't any different than http://www.example.com/index.php?action=edittype=customerid=1234 in terms of security. If I'm wrong someone please let me know as I do use this technique quite a bit. - Joe ___ Sent by ePrompter, the premier email notification software. Free download at http://www.ePrompter.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] unexpected T_NEW on object property
With php5, I'm trying to create an object that has a property that is another object. First I have this class: ?php class Address { public $address1; public $address2; public $city; public $state; public $zip; } ? Then I have another class: ?php require_once('model/Address.class.php'); class User { public $name; public $address = new Address(); } ? Then if I try to use the user object like this: ?php require_once('model/User.class.php'); $user = new User(); $user-name = 'Paul Barry'; $user-address-city = 'Washington'; ? ?= $user-name ? lives in ?= $user-address-city ? I get this error: Parse error: syntax error, unexpected T_NEW in /app/model/User.class.php on line 5 What am I doing wrong?
Re: [PHP] unexpected T_NEW on object property
On Fri, April 21, 2006 2:17 pm, Paul Barry wrote: public $address = new Address(); I believe this is true: At this time, you can only initialize class properties to CONSTANTS. So you could use 'Address' or 42 or NULL or TRUE/FALSE, but not new Address(); Actually, I think an array might also be do-able, come to think of it... But for sure, the error message is saying you can't have 'new' there. You'll have to initialize $this-address in the constructor. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Preg_match() regex
On Fri, April 21, 2006 10:44 am, Jeff wrote: Regex pattern question here. I need to match on Foo-F00, Foo-foo, foo-Foo. I know in perl you can use the /i to specify case insensitive matching. Is there any such switch that can be used in preg_match() in PHP? If you go to the http://php.net/preg_match page, and then on the left in the navigation you'll see an outline of subjects. From any function in the manual, it's always a Good Idea to also read the General Topic which is its parent in that outline. If you do so, you will, almost-for-sure, soon find that there is an entire page of the manual devoted to answering questions like this one. Hope that helps. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strange php url
On Fri, April 21, 2006 10:04 am, nicolas figaro wrote: could anyone tell me why the following url doesn't generate a page not found ? http://www.php.net/manual/en/function.checkdnsrr.php/manual/ you can try with a longer url after the last .php. I tried with ../manual instead of manual and this produces a 404. I checked with www.php.net because my own site does the same and I wanted to be sure it didn't come from my config. Because it is incredibly USEFUL to have extra information in the URL after the actual script that does the work. Because that URL does, in fact, point to a valid document. Because the /manual part is just passed in to the 'function.checkdnsrr.php' script. Actually, that last statement is quite possible a lie. It's quite possible that what YOU think of as the 'function.checkdnsrr.php' page is actually a script named 'manual' And that the script named 'manual' looks for things like '/en' and '/function.checkdnsrr.php' in order to determine what page to serve up. You could read the php.net source to find out for sure, by clicking on the link in the bottom right corner of the PHP website. To try this out on your own server, do this: 1. Create a file called 'myscript.php' 2. Put this in it: ?php echo $_SERVER['PATH_INFO'];? 3. Surf to these two URLs: http://yoursite.com/myscript.php/foo http://yoursite.com/myscript.php/bar There are all sorts of uses for this kind of thing, and you'll end up hearing me rant more about some of them if you stick around :-) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strange php url
On Fri, April 21, 2006 1:11 pm, [EMAIL PROTECTED] wrote: You could do that... a poor man's mod_rewrite might involve something like this and making the main PHP parsing script your 404 page.. so no matter where you went on a page, the 404 redirect to your PHP script would parse the request (or would you get the post-redirected URL? in which case you'd have to get the 'referrer' maybe? not sure..). Actually, I consider it a vastly superior solution to mod_rewrite for several reasons: #1. Don't have to restart Apache just to add some new wrinkle. [When your mod_rewrite rules are in httpd.conf and not .htaccess] #2. Works on all servers, including shared servers where mod_rewrite and/or .htaccess is turned completely off for perofrmance. #3. Screwing up a rule doesn't take down your whole site, or everything below the directory of your .htaccess -- You only screw up one page where you are messing with the rules of the translation. #4. About 100 X simpler to understand than mod_rewrite regular expression syntax and all that L/R business I never did figure out, really. #5. It's PHP. :-) #6. Can log specific data about interesting rules, not a monolithic and sometimes quite expensive logging for debugging. Sounds like it could have some security issues though..giving too much power to the user and what they enter in the URL being used as variable data.. definitely would want to scrub that input hard. You would scrub it EXACTLY the same way you scrub GET data, POST data, and COOKIE data. You are literally just translating the search not-so-friendly: script.php?x=5y=7 into the very search friendly: script.php/x=5/y=7 Also note that for rich media such as PDF and FDF, some versions of IE will simply choke on: http://example.com/test.pdf?whatdate=7-1-2006 But they're quite happy with: http://example.com/test/whatdate=7-1-2006/whatever.pdf In fact, there is NO WAY the browser can tell that it's not retrieving a plain ol' PDF just by looking at the URL. And that's a very good thing because browsers suck at dynamic rich media such as images, PDF, etc -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] forms and variables?
On Fri, April 21, 2006 7:45 am, William Stokes wrote: In PHP. Is it possible to point to a variable with the HTML form name by which it was posted from? The FORM name attribute was an add-on for Javascript client-side. It is not transmitted by HTTP. PHP never sees it. Or do I just have name the variables uniquely? Yes. Or you could just add ONE new INPUT in each form to tell you which FORM was used: INPUT TYPE=HIDDEN NAME=FORM VALUE=AddNew / Or you could have just ONE form and use buttons with name for your INPUTs: form name=irrelevant ... input type=submit name=AddNew value=Add / input type=submit name=DeleteOld value=Del / /form The button the user clicked on is sent as a variable with HTTP. EXCEPTIONS: If there is only ONE submit button, and if the user hits Enter (aka Return) instead of actually clicking on the button, then some browser do not send the button name/value. If you use JavaScript to do the submit, it's your problem to add whatever inputs you need in JavaScript to make things work... As well as anything in JavaScript works, anyway. Or you could have the FORMs have different ACTION attributes so you know which form sent the data because you have scripts dedicated to a specific purpose instead of some monolithic mess trying to be-all do-all end-all. Or you can use arrays in the NAME attributes to organize things in some cases -- probably not in this particular instance, but keep it in mind for INPUT elements within the same form. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] performance criteria on DEFINE()
On Fri, April 21, 2006 7:52 am, Jochem Maas wrote: Andy wrote: Now, one of this file can contain more than 2000 defines and we make a calculation that we will reach 8000 in 2 years. Seems to me you could extend your testing to generate 8000 constants in a file pretty easily, and just benchmark it and find out if it's acceptable. Hell, go for 16000 and 32000 tests as well, and benchmark those. The pattern should be obvious pretty quickly, and you'll know, beyond a shadow of a doubt, if you will be happy in 2 years. (On this issue.) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] permissions
I have a text file that is just being read by php Can I change the permissions of it so www can not read it? what username does php uses to read files? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Form to page force download
On Fri, April 21, 2006 1:53 am, Peter Lauri wrote: 1. Fill out a form on a web page 2. Lands on a thank you page and force a download of a pdf Right now I solve this by outputting the thank you page and then using a javascript to redirect to the download.php that consist of the following: header('Content-type: application/pdf'); header('Content-Disposition: attachment; filename=eguide.pdf'); readfile('http://www.thedomain.com/download/eguide.pdf'); Unfortunally it seams like some browsers blocks my javascript that redirects to that address. If JavaScript is enabled, this works fine. How would you solve this? Any method in PHP? I was hoping to be able to do the thing that download.php does in the same file as the output of my thank you page. Did you consider looking at the source to the download.php page? Cuz if that's what you want to do, then that's where you solution is. At a guess, I'd say you want to add a META HTTP-EQUIV=Refresh tag to your thank you page. I can't promise EVERY browser will support/honor it, but it does not rely on JavaScript and has a MUCH larger install-base than JS. Personally, I'd rather you just gave me a link to the dman PDF and put a little thank you next to it, so I don't have to waste my time surfing to your thank page to get what I want. [shrug] I believe that if you examine this from the user's point of view, you'll find that to be a nicer experience. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Passing Form As Argument
On Fri, April 21, 2006 1:02 am, Nicolas Verhaeghe wrote: I'm new to the list so Hello to all. I'm drafting a function.php page, which will be included() in the pages in need. How would I pass a form as an argument of a function? From the name parameter of the form element or perhaps an ID: function checkForm(theForm){ //Form validation code omitted. You wouldn't. See, you probably don't really want to pass every form through the same validation function, because every form is different. And every input should have the strictest validation possible for that input. So you can't really have a generic checkForm function, any more than you can turn on your Security switch and magically make it safe. It just plain doesn't work like that. So your function, for now, should just know what form it is checking because there is only one form it checks. You might maybe some day want a big framework of standarized input names and checks can be automated on some standard kinds of inputs. But that's a whole different animal from what I'm pretty sure you are doing today. And it never works all that well, imho, as there are too many subtle differences in the needs for data validation. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] permissions
Benjamin Adams wrote: I have a text file that is just being read by php Can I change the permissions of it so www can not read it? what username does php uses to read files? Usually www, so you could have a bit of a problem there. PHP runs under the same user Apache does, although there are ways to change that you'll have to get that info from Google or someone else since I've never needed it. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Creating an OO Shopping Cart
On Thu, April 20, 2006 11:24 pm, Steve wrote: Yes, there is a TON of source code, and Yes, most of it is very very very badly-written, and Yes, that's because they started typing just like you are now instead of actually figuring all this [bleep] out in advance. :-) Thank you for taking the time to respond and assist me. Do you have any specific shopping carts that you would recommend I take a look at? Any that ARE well written. Donning my flame-retardant underwear... No. They all suck. There is no decent security-concious well-designed Open Source / Free PHP Shopping Cart available to date. So examine all the big-name ones and see where they went wrong. Let the flames begin. Or not, as I'm betting not one of you can say something I haven't heard yet... -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Creating an OO Shopping Cart
On Fri, April 21, 2006 12:21 am, Steve wrote: So basically, on every page, be it a page that displays the contents of the cart, the checkout, or catalog pages, at the top of the code I always need to check if files are being added, deleted or changed qty. Is this correct? Yes. This is my biggest concern. What's the best way to interact with the Cart class when adding/removing items? Just include Cart.php which does all that. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Creating an OO Shopping Cart
Richard Lynch wrote: Or not, as I'm betting not one of you can say something I haven't heard yet... When I close my eyes I see images of donkeys with unicorn-like horns jumping over the moon with ponies on their backs. To be perfectly honest it does worry me sometimes. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to add on libPDF to php
On Fri, April 21, 2006 4:20 am, Ko Ko wrote: I am a newbie to libPDF and I am actually wanted to install it. When I look at the installation manual from the website it asked me to recompile with libPDF library directory. But if possible I don't wish to recompile the whole of PHP because I am using Suse Linux and PHP is packaged together with it. And I realize Suse works quite differently from Red Hat and not very used to it. Once I recompile a new PHP, I will be quite lost how to go on with it. Is there anyway I can easily add on this libPDF to PHP without recompiling. And I wonder where can I find this libpdf_php.so file. I only found libpdf.so file on my suse after installing libpdf to it. Help would be much appreciated. Thanks alot. libpdf_php.so file is the one that re-compiling with-libpdf-dir would give you, and it's the bridge between libpdf.so (libPDF) and PHP itself. SuSe *might* have a libpdf_php package that you can just install. But there are licensing issues with libpdf, so maybe not. Compiling PHP from source is not super tricky, but here are some tips to make it less painful. #1. For all the extensions in your ?php phpinfo();? go ahead and install their -devel packages with SuSe's package manager. E.G., if you use GD, you already have gd-2.0.x.whatever.rpm installed. But you want to seek out and add gd-devel-2.0.x.whatever.rpm Doing this puts all the header files that PHP source needs on your computer. #2. If there are WAY too many extensions in your default SuSe phpinfo() output, consider skipping the ones you never use anyway, and have no plans to use for the next 12-24 months. Once you've done that, downloading PHP source and compiling is usually pretty easy, and you can just follow the instructions. One option to all this is that after you've done all this, instead of doing the make install in PHP source, you could just COPY the libpdf_php.so from libs to your extension directory, and then change php.ini to enable it. WARNING: You will have to MATCH your PHP version with SuSe *exactly* to do all this. If you try to upgrade, you may find yourself needing to upgrade other packages as well, and SuSe may not have packages available, and then you have to compile something else from source as well. That could be a 5-minute painless task, or it could be a weeks-long exercise in frustration as more and more version dependencies surface. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Session contamination?
On Thu, April 20, 2006 11:05 pm, Chuck Anderson wrote: As to session save path, when I run phpinfo (at my remote Linux server) it tells me that it is set to no value. This means it would default to /tmp. Where is this tmp directory? I have looked at the tmp directory that is one level above my site's www directory (outside of the web space), but I do not see any session data there. That's why I am asking if it is a system wide directory, or is it the one in my home directory. It is what you are calling a system wide directory It is named /tmp and it is at the very tip-top of your directory structure. Actually, it doesn't HAVE to be called /tmp nor does it HAVE to be at the tip-top directory. It doesn't even HAVE to be on the same hard drive as your home directory. Hell, it might even be on a RAM disk on some souped-up machines. In Windoze, it might be called C:/temp Or not. But who cares about Windows anyway? Still, it's usually /tmp at the tip-top, and your post indicates that you probably have some indicator that that is true. From a shell (or php exec) you should be able to do: ls / and see '/tmp' in the output. You may even be able to do: ls /tmp and see what is in there. Or you might not, as you might not have permission to poke around in there. And that's a Good Thing. Hopefully, whatever *IS* in there, you can't view all of it. tmp directories are handled specially by the operating system. The exact rules differ from OS to OS and configuration to configuration, but for starters, you should generally assume that anything in /tmp is subject to being wiped out when the machine reboots. It might not be set up that way, but it's safer to assume it is, because it might be. Access to tmp directories is often handled as a special case, to allow users that normally have no access to the file system at all, to be allowed to make/delete tmp files. If I set the path myself, what would be a good location? (I assume it should be outside the web space). Should I make up some random folder name (one time) and story my session data within that directory, within my own home directory? Your best bet, if possible, is to use s sub-directory of /tmp for yourself, or for each application, or for whatever you want to separate from the rest of /tmp This will keep your stuff separate, but you still enjoy all the benefits of system tmp directory behaviour. Unless, of course, you specifically WANT your sessions to survive a re-boot for some reason, and you are willing to take care of lingering sessions and the permissions gotchas of rolling your own... Think long and hard before doing this, as there are subtle permissions things involved (either way you go) that you don't want to overlook. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] permissions
Benjamin Adams wrote: I have a text file that is just being read by php Can I change the permissions of it so www can not read it? what username does php uses to read files? Use a .htaccess file, if your web server supports it. For example, in apache2 you can do this: FilesMatch yourfile.txt Order Allow,Deny Deny From All /FilesMatch See: http://httpd.apache.org/docs/2.0/howto/htaccess.html, http://httpd.apache.org/docs/2.0/mod/core.html#files, and http://httpd.apache.org/docs/2.0/mod/core.html#filesmatch jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Creating an OO Shopping Cart
On Fri, April 21, 2006 5:09 am, Jochem Maas wrote: Nicolas Verhaeghe wrote: get ready for a 'Richard Lynching' with regard to the CC statement. ;-) Oh, let's do the children's version today. :-) You know that game Hot Potato? Yeah? Good. A CC # is just like the Hot Potato in that game. You do NOT want it in your hands a nano-second longer than it has to be. [subtle shift to adult computer design version] You certainly don't want to put it into anything like permanent storage like your database or on your hard drive! You want to hand it off to your Merchant Account API ASAP!, and you want to ERASE that CC number from your memory banks *FOREVER* as totally wiped out gone forever as you can. If you could, you'd like to apply a Stun Gun right to that portion of RAM and just WASTE the 16 bytes into a burned-out shell of useless nano-circuitry... Okay, that's a little extreme (and impossible) but it is not that far off from the desired philosophical goal. Every beginner on the planet seems to make this mistake, at least in their initial design. I know quite a few have made it all the way past development, implementation, review, launch, and long-term usage! Some guys are shaking their heads in denial on this, but I swear to god, I have seen it. I am not making this [bleep] up. Credit card numbers have been sitting for YEARS in some boutique home-rolled shopping cart system MySQL database with the oh-so-clever username/password of nobody/nobody or www/www Hell, I'll even posit that SOME have managed to configure MySQL with % access for the hostname -- Though I personally have never seen that. I can only hope that my continued (and freely-admitted annoying) rant on this topic stops at least ONE beginner from making this mistake. Cuz god knows somebody on this list was kind enough to stop ME a decade ago when I was about to do it, and it's foolish, incredibly risky, and carries penalties beyond comprehension. Thanks. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Creating an OO Shopping Cart
-Original Message- From: Richard Lynch [mailto:[EMAIL PROTECTED] Sent: Friday, April 21, 2006 2:18 PM To: Steve Cc: php-general@lists.php.net; Richard Lynch Subject: Re: [PHP] Creating an OO Shopping Cart On Thu, April 20, 2006 11:24 pm, Steve wrote: Yes, there is a TON of source code, and Yes, most of it is very very very badly-written, and Yes, that's because they started typing just like you are now instead of actually figuring all this [bleep] out in advance. :-) Thank you for taking the time to respond and assist me. Do you have any specific shopping carts that you would recommend I take a look at? Any that ARE well written. Donning my flame-retardant underwear... No. They all suck. There is no decent security-concious well-designed Open Source / Free PHP Shopping Cart available to date. So examine all the big-name ones and see where they went wrong. Let the flames begin. Or not, as I'm betting not one of you can say something I haven't heard yet... -- No flaming from me, I would add fuel to the fire. First of all, unless you are really a newbie, do not ever use a shopping cart solution which hackers could download to analyze the flaws. Second, like you, I think they all suck. Either they have too many bells and whistles, or are poorly coded, or have includes calling includes calling includes. The best example of this is OsCommerce, because it has the three flaws listed above. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Passing Form As Argument
From: Richard Lynch [mailto:[EMAIL PROTECTED] Sent: Friday, April 21, 2006 2:15 PM To: Nicolas Verhaeghe Cc: php-general@lists.php.net Subject: RE: [PHP] Passing Form As Argument On Fri, April 21, 2006 1:02 am, Nicolas Verhaeghe wrote: I'm new to the list so Hello to all. I'm drafting a function.php page, which will be included() in the pages in need. How would I pass a form as an argument of a function? From the name parameter of the form element or perhaps an ID: function checkForm(theForm){ //Form validation code omitted. You wouldn't. See, you probably don't really want to pass every form through the same validation function, because every form is different. And every input should have the strictest validation possible for that input. So you can't really have a generic checkForm function, any more than you can turn on your Security switch and magically make it safe. It just plain doesn't work like that. So your function, for now, should just know what form it is checking because there is only one form it checks. --- I have functions which dynamically generate client-side javascript validation functions according to the name of the field, its type (text, password, email, drop down, radio button, textarea, and what not). Same thing server-side. TIMTOWTDI but I cannot be the only one with the idea. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] permissions
On Fri, April 21, 2006 3:48 pm, Benjamin Adams wrote: I have a text file that is just being read by php Can I change the permissions of it so www can not read it? Yes. Then PHP cannot read it, if your setup is what I think it is... what username does php uses to read files? That depends. If PHP is running as a Module to Apache (see phpinfo output and search for SAPI) then it runs as the same user Apache runs as, which is set in httpd.conf by the User directive. 'www' is a very common choice for this setting, so you probably have PHP running as a Module with 'www' as the user, based on what you posted. PHP can also be run as CGI or FastCGI, and in those cases can, if desired, be configured via suexec to be run as some other user. That's pretty much what suexec does. There are wrinkles and risks to using suexec, and some for using CGI, including perforamnce issues. So it's not usually done on inexpensive shared hosting, nor on high-volume servers. Under IIS, I don't know (or care) how the user process file permission stuff works. Actually, I *do* recall fighting with MS and something about IUSER_MACHINENAME at some point in Windows 95/98 days, in case that helps some very sorry luser reading this post. Back to your topic: If you make your text file un-readable (or un-writable or un-executable) by the User that PHP us running as (probably 'www' in your case) then PHP simply cannot read (or write or execute, if you change those) the file. The converse is, unfortunately also true: If PHP runs as the 'www' user and the 'www' user can read the file, then PHP can read the file. Why unfortunately, you ask? Because ANYBODY who can write and upload a PHP script to that machine can read that file. This means that on most shared servers at a reasonable price-point, you simply have to take a leap of faith and trust your fellow users to not poke around in your stuff too much. Please see previous post regarding credit card numbers and hot potatoes to make a connection now. Thank you. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Creating an OO Shopping Cart
[snip] Some guys are shaking their heads in denial on this, but I swear to god, I have seen it. I am not making this [bleep] up. Credit card numbers have been sitting for YEARS in some boutique home-rolled shopping cart system MySQL database with the oh-so-clever username/password of nobody/nobody or www/www [/snip] I know what you are talking about, I have seen that type of tables with literally thousands of CC numbers collected over the years, along with name on the card and expiry, of course. As a programmer it is your duty to report this to your client and to keep track, because if one day someone resells this list, you could be liable. Unless, of course, you are a Soprano. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] unexpected T_NEW on object property
Paul Barry wrote: .. Then I have another class: ?php require_once('model/Address.class.php'); class User { public $name; public $address = new Address(); this is wrong. you can define the property in the class with a constant or scalar value (i.e. literal string, numeric value or an array) but not a return value of a function or a 'new' object. you should initialize the $address property in the contructor of the User object like so: class User { public $name; public $address; function __construct($name = '') { $this-name = strval($name); $this-address = new Address; } } it's good practice to only set values to the objects properties once it's contructed (or while it's being constructed - as per my example). } ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session contamination?
On Fri, April 21, 2006 6:28 am, Ben Liu wrote: Yes, Chuck is correct here. The security issue I raised has to do with multiple users on the same shared server, which is how some hosting companies manage their clients. Each user may have a different home directory and has separation from other users, however, usually the same /tmp directory is used to store all the session cookies for all the users on the server. By running a simple script in your area you can read all the sessions managed by the server including sessions generated by other users. By moving the session cookies to a directory within your own user area it may make them more difficult to find, but it does not guarantee security as Chuck points out. This is discussed at [http://php.net/manual/en/ ref.session.php] as pointed out by Jochem. I wouldn't rely on the home directories and open_basedir as a real super big security fence... I believe that on some versions of PHP on some servers under some httpd.conf setting which seem perfectly reasonable, a symlink from a directory within open_basedir to a file you really shouldn't be able to read lets you in. Or, at least, I know I have used something like this to help people retrieve files for which they managed to lose access through sheer stupidity. The restrictions PHP can impose are, really, kind of just hacks to try to fix something that is basically way outside the realm and control of PHP in the first place. They're useful hacks, mind, and will stop the casual snoop. But it's not something to bet the bank on. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] any better way...
On Thu, April 20, 2006 9:52 pm, benifactor wrote: I am trying to come up with the best way to check for errors on a form. I have done this before by checking each $_POST variable seperatly but needed a better way that would display more then one error. The following is what i came up with... if (!$condition1 || !$condition2 || $condition1 != $condition2) { if (!$condition1) { $regError[0] = condition 1 not met.; $regErrorc[0] = font color=red; $regErrore[0] = /font; $regErrord[0] = font color=red***/font; } else { if (!$condition2) { $regError[1] = condtion 2 not met.; Well, you need to use .= in a lot of places here, but it's not a bad start. You're also mixing your presentation junk of font tags into the logic, which is probably not-so-good. It's also too likely that, over time, you'll mess up and duplicate an index like [24] and [24] for two different errors, if you haven't already. But your basic idea is sound. So let's look at a simpler version: Set up a 'globals.inc' file which initializes your $messages array, and has the code to put out your masthead and navigation: globals.inc: ?php $messages = array(); function head($title = 'My Site!'){ //I hate global as much as the next guy, but... //I can live with it for an error-output array of messages. global $messages; ? html head title?php echo $title?/title meta keywods blah blah blah meta description blah blah balh /head body !-- navigation bar and logo go here -- ?php if (count($messages)){ echo font color=red, implode(br /, $messages), /font; }? ?php } function foot(){ ? /body /html ?php } ? Then, in your usual files, you would do: ?php require 'globals.inc'; if ($condition1){ //Note that with no index, PHP just tacks the message on to the end of the array. This is better than using an index. //Because you may find yourself adding error messages in include files, and you will get confused about which number to use. $messages[] = condition 1 not met; } if ($condition2){ $messages[] = condition 2 not met; } head('My Site Rocks!'); ? pThis is your content layed out./p pYou still need to be careful not to output Bad Things when condition1 failed above. But your error message is taken care of./p ?php foot(); ? This solution is a lot like what you had, but with a lot less clutter. It's also one I've been using for years for simple boutique sites. It's not as rigid in separation of content and presentation as some would like, but it's not a total mess in that regard either. The basic business logic is at the top of each file, the layout of the main content is in the file, and the shared structure (what little there is) is in the globals file for all files to, well, share. I'd personally consider using CSS instead of FONT tags unless you need ancient browser support. (And some of us do!) But with this setup, you'd have a minimal number of changes to go that route. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Linebreak
On Thu, April 20, 2006 9:47 pm, Peter Lauri wrote: I feel stupid. In many examples I have seen similar to: echo 'pWhatever./p\n'; echo 'pAn other whatever./p\n'; But my PHP outputs the \n instead of a new line in the source. I am stupid? No, just naive. :-) Quotes () and Apostrophes (') are not QUITE the same in PHP. To some degree, they are VERY different. ' has only two (2) special characters: ' and \ has a lot of special characters, and interpolates variables and one-dimension arrays. \n only works in not in ' Read this and you'll be WAY ahead of the game: http://us2.php.net/manual/en/language.types.string.php -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PHP6 just became my worst nightmare.
hi Derick, Derick Rethans wrote: Jochem Maas wrote: apparently calling a dynamic function using static syntax will cause an E_FATAL. ? That's just how OO design works... If you have a non-static method you can always have a $this- lingering in there. Now, if you call this method with the static syntax, $this suddenly doesn't exist... Design wise trying to do something like this is just fundamentally wrong. That it was supported in PHP 5 can be considered as the bug and it was just fixed... thank you for replying, much appreciated. given the ammount of time I have to fix my code I think I'll be able to figure out a way to refactor my code :-) I just had a bit of a meltdown, thought that I had 2.5 years worth of code development go down the drain and needed to vent (well maybe not 'needed'). I still have plenty to learn, it's hard to keep up with the amazing stuff you guys are producing (and all to easy to get 'it' wrong). as a average joe php programmer It was quite painful to go thru all the BC breaking changes that occured going from php5beta2 to php5.1.2 - somethings still irk me (like the array_merge() changes) because I don't really see the point ... but I understand that alot of changes really were improvements. and obviously you devs are also humans so the occasional oversight and mistake can be expected - it must be hard developing software thats being jumped on and used by so many people (once functionality is out there - whether it's considered broken or not - it's difficult to get it back in the bag!) again thanks for your reply, and keep up the good work - I for one am very much looking forward to the new date functionality, unicode (although it scares me less - I guess I read too much internals mail that I don't fully understand ;-) , static late binding and all the other great stuff that's coming our way! kind regards, Jochem. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Linebreak
Richard Lynch wrote: On Thu, April 20, 2006 9:47 pm, Peter Lauri wrote: I feel stupid. In many examples I have seen similar to: echo 'pWhatever./p\n'; echo 'pAn other whatever./p\n'; But my PHP outputs the \n instead of a new line in the source. I am stupid? No, just naive. :-) Quotes () and Apostrophes (') are not QUITE the same in PHP. To some degree, they are VERY different. ' has only two (2) special characters: ' and \ has a lot of special characters, and interpolates variables and one-dimension arrays. just to add: you can interpolate any dimension of arrays (and objects for that matter) as long as you bother to escape the variables with braces inside the string e.g. $str = my {$array['one']['two']['three']} string {$object-prop} interpolation; \n only works in not in ' Read this and you'll be WAY ahead of the game: http://us2.php.net/manual/en/language.types.string.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Passing Form As Argument
On Fri, April 21, 2006 4:56 pm, Nicolas Verhaeghe wrote: I have functions which dynamically generate client-side javascript validation functions according to the name of the field, its type (text, password, email, drop down, radio button, textarea, and what not). Same thing server-side. Allow me to expand on why I think this is (generally) a wrong-headed approach. Consider a simple, common example: The phone number. Now, if you're doing this the Right Way and restricting only to the characters known to be valid, then you want only: [0-9] To be nice to users, maybe you allow '-' and space as well. Of course, if it's taking international phone numbers, you want to let them type that leading + sign, but not if it's US-only. Now, if it's a businees-oriented phone number, you want to allow something like: 1-800-CALL-ATT because, by god, they paid big money to get the digits they want and the right to promote/market that 800 number with alpha-characters in it. Yet, to be as restrictive as possible for non-business use with home telephone numbers, you wouldn't want to let that slip by, so you can avoid more pranksters. If you look at it carefully, most of your data in most of your applications *IS* that complicated. Phone numbers? See above. Postal Codes? US or World? Zip +4 or not? Should you not cross-check with country code and a specific regex, for those countries where you KNOW what it should be, and you expect many users? Email address? Man, you could spend a year trying to get this one right, and still have it wrong. So, all-in-all, the rule for how to sanitize data, IN MY OPINION, is too application-specific and too domain-specific to be generalized and maintain the level of security most programmers and clients would desire, given the cost/benifit ratios involved for using a pre-packaged sanitizer, or a clear in-line regex of what is kosher for THIS application and THIS domain. To drive this home: If the rule is complicated enough to want a generalized function to handle it, it's probably complicated enough that you do NOT want to over-generalize by using a package function, but want to use the RIGHT regex for that application. This is just my philosophical position, and I'm NOT the expert. Somebody could show me a whiz-bang pre-packaged sanitizer tomorrow that had all the flags/cases covered and let me tweak them to my satisfaction. The fact that about 1,027 attempts by others to do this have, so far, failed, doesn't negate that. I'm not THAT bull-headed. :-) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Creating an OO Shopping Cart
On Fri, 2006-04-21 at 17:59, Nicolas Verhaeghe wrote: [snip] Some guys are shaking their heads in denial on this, but I swear to god, I have seen it. I am not making this [bleep] up. Credit card numbers have been sitting for YEARS in some boutique home-rolled shopping cart system MySQL database with the oh-so-clever username/password of nobody/nobody or www/www [/snip] I know what you are talking about, I have seen that type of tables with literally thousands of CC numbers collected over the years, along with name on the card and expiry, of course. As a programmer it is your duty to report this to your client and to keep track, because if one day someone resells this list, you could be liable. *hahah* I've seen it too, in the database, and then the guy also had a debug log that wrote the data to the log file. Bigger problem was that the log file was xwrxwrxwr right smack in request land with no access restrictions :/ He never turned the debug log off. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] unexpected T_NEW on object property
Jochem Maas wrote: Paul Barry wrote: .. Then I have another class: ?php require_once('model/Address.class.php'); class User { public $name; public $address = new Address(); this is wrong. you can define the property in the class with a constant or scalar value (i.e. literal string, numeric value or an array) but not a return value of a function or a 'new' object. just to nag, an array is not a scalar value. However, you're correct on this. Properties can only be defined in the class with constant values (this does not mean they have to be constants! The values they get just have to be fixed, and not determined during runtime.) you should initialize the $address property in the contructor of the User object like so: class User { public $name; public $address; function __construct($name = '') { $this-name = strval($name); $this-address = new Address; } } it's good practice to only set values to the objects properties once it's contructed (or while it's being constructed - as per my example). } ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Passing Form As Argument
On Fri, April 21, 2006 4:56 pm, Nicolas Verhaeghe wrote: I have functions which dynamically generate client-side javascript validation functions according to the name of the field, its type (text, password, email, drop down, radio button, textarea, and what not). Same thing server-side. Allow me to expand on why I think this is (generally) a wrong-headed approach. Consider a simple, common example: The phone number. Now, if you're doing this the Right Way and restricting only to the characters known to be valid, then you want only: [0-9] To be nice to users, maybe you allow '-' and space as well. Of course, if it's taking international phone numbers, you want to let them type that leading + sign, but not if it's US-only. Now, if it's a businees-oriented phone number, you want to allow something like: 1-800-CALL-ATT because, by god, they paid big money to get the digits they want and the right to promote/market that 800 number with alpha-characters in it. Yet, to be as restrictive as possible for non-business use with home telephone numbers, you wouldn't want to let that slip by, so you can avoid more pranksters. If you look at it carefully, most of your data in most of your applications *IS* that complicated. Phone numbers? See above. Postal Codes? US or World? Zip +4 or not? Should you not cross-check with country code and a specific regex, for those countries where you KNOW what it should be, and you expect many users? Email address? Man, you could spend a year trying to get this one right, and still have it wrong. So, all-in-all, the rule for how to sanitize data, IN MY OPINION, is too application-specific and too domain-specific to be generalized and maintain the level of security most programmers and clients would desire, given the cost/benifit ratios involved for using a pre-packaged sanitizer, or a clear in-line regex of what is kosher for THIS application and THIS domain. To drive this home: If the rule is complicated enough to want a generalized function to handle it, it's probably complicated enough that you do NOT want to over-generalize by using a package function, but want to use the RIGHT regex for that application. This is just my philosophical position, and I'm NOT the expert. -- You can always take it to the nth level and end up not verifying everything but you can prevent most common mistakes. As far as email address, make sure there is something that looks like [EMAIL PROTECTED]. Same with Zip codes. You can CASS certify it all you want but you'll never be sure that the address is correct until you send snail mail. The idea of such client- and server-side verification is to prevent mistakes that the user could make unwillingly, for instance mixing fields: typing something else than the email address in that field, without realizing it. You can force someone to enter data into a field that absolutely needs to be filled. So far, I have rarely seen people entering fake data into shopping carts or online forms. Why? Because most people don't have time to waste screwing around filling online form with junk. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Handling illegal byte sequences in UTF-8 strings
Hello list, We have recently upgraded our database to PostgreSQL 8.1.x which handles UTF-8 more strictly than previous versions. The new version will not allow illegal byte sequences when inserting data. This has caused some errors in our system which inputs data. Basically, what the system does is insert data which is copy-pasted from OpenOffice.org files. The content of the OpenOffice.org files are likewise pasted from various websites which may or may not be using UTF-8 encoding. After some research, I have looked at both iconv and mbstring (I might use iconv since it's there by default). But nonetheless, someone on the list may have a better way of handling this issue. What then would be the best way to handle illegal byte sequences before they are inserted into the database? -- Stand before it and there is no beginning. Follow it and there is no end. Stay with the ancient Tao, Move with the present. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Creating an OO Shopping Cart
Richard... you're amazing. Good on you for just standing up there, stating your position and defending it like there's no tomorrow! So everyone's aware, I have NO intention of storing credit card #'s. I don't see why anyone needs to.. especially after reading Richard's past posts in the archive. Steve -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] unexpected T_NEW on object property
M. Sokolewicz wrote: Jochem Maas wrote: Paul Barry wrote: .. Then I have another class: ?php require_once('model/Address.class.php'); class User { public $name; public $address = new Address(); this is wrong. you can define the property in the class with a constant or scalar value (i.e. literal string, numeric value or an array) but not a return value of a function or a 'new' object. just to nag, an array is not a scalar value. However, you're correct on this. Properties can only be defined in the class with constant values (this does not mean they have to be constants! The values they get just have to be fixed, and not determined during runtime.) IC - spot the self taught idiot :-) (that's me btw) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Handling illegal byte sequences in UTF-8 strings
Matt Arnilo S. Baluyos (Mailing Lists) wrote: Hello list, We have recently upgraded our database to PostgreSQL 8.1.x which handles UTF-8 more strictly than previous versions. The new version will not allow illegal byte sequences when inserting data. This has caused some errors in our system which inputs data. Basically, what the system does is insert data which is copy-pasted from OpenOffice.org files. The content of the OpenOffice.org files are likewise pasted from various websites which may or may not be using UTF-8 encoding. After some research, I have looked at both iconv and mbstring (I might use iconv since it's there by default). But nonetheless, someone on the list may have a better way of handling this issue. What then would be the best way to handle illegal byte sequences before they are inserted into the database? the best? wait for php6. but thats probably not an option. for the rest I'm a charset idiot (I just proved it with a nightmare upgrade to mysql4.1.something) -- Stand before it and there is no beginning. Follow it and there is no end. Stay with the ancient Tao, Move with the present. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php