Re: [PHP] How to disable PHP's POST caching?
Adam Zey wrote: Tunelling arbitrary TCP packets. Similar idea to SSH port forwarding, except tunneling over HTTP instead of SSH. A good example might be encapsulating an IRC (or telnet, or pop3, or ssh, etc) connection inside of an HTTP connection such that incomming IRC traffic goes over a GET to the client, and outgoing IRC traffic goes over a POST request. So, the traffic is bounced: [mIRC] --- [client.php] -internet- [apache --- server.php] -internet- [irc server] And the same in reverse. The connection between client.php and server.php is taking the IRC traffic and encapsulating it inside an HTTP connection, where it is unpacked by server.php before being sent on to the final destination. The idea is to get TCP tunneling working, once you do that you can rely on other programs to use that TCP tunnel for more complex things, like SOCKS. You're trying to get a square peg through a round hole. The HTTP protocol was not designed to do anything like this, so the standard implementation by most web servers and PHP does not allow what you are trying to do. I'm curious about your 'lots of POSTs' solution. How are you keeping the connection open on the server-side? It's certainly not possible to maintain that connection between requests without using a process outside the web server that maintains the connections. I've implemented a system in the past to proxy IRC, MSN and AIM connections in this way, but it only worked because the requests that came into PHP got passed to this other process which held all the connections and managed the traffic. And yes, it did generate a huge amount of traffic even when it wasn't doing anything due to the need to poll the server for new incoming messages. This demonstrates a point at which you need to reconsider whether a shared hosting environment (which I assume you're using given the restrictions you've mentioned) is enough for your purposes. If you had a dedicated server you could add another IP and run a custom server on it that would be capable of doing exactly what you want. In fact there are lots of nice free proxies that will happily sit on port 80. However, it's worth nothing that a lot of firewalls block traffic that doesn't look like HTTP, in which case you'll need to use SSL on port 443 to get past those checks. Anyways, long story (sorry) short, your square peg won't go in the round hole without serious modification. Hope that helps. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Parse error: syntax error, unexpected ',' in
Hi All,
this code,
?php
$flavour[] = blue raspberry;
$flavour[] = root beer;
$flavour[] = pineapple;
sort($flavour);
print_r($flavour);
echo br;
echo My favourite flavours are:br;
foreach ($flavour as $currentValue) {
//these lines will execute as long as there is a value in $flavour
echo $currentValue br\n;
}
?
gives this,
*Parse error*: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING,
expecting ',' or ';' in */usr/local/apache2/htdocs/sorting.php* on line *18
*
and adding a , to this line,
foreach ($flavour, as $currentValue) {
gives this error,
*Parse error*: syntax error, unexpected ',' in
*/usr/local/apache2/htdocs/sorting.php* on line *16*
The code in the book I'm following has the , in that line. Can anyone
tell me what I'm doing wrong? Cheers.
Mark Sargent.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Can a script run twice?
Lester Caine wrote: The double click 'problem' was a sideline to the original problem, which I found while trying to track things. The original problem *IS* that PHP can run two copies of a script in parallel and the second copy does NOT see the 'locking' in place on the first copy. I had always thought that PHP was sequential, but I'm not so sure now. I've put in a trap for the double click ( and yes it *IS* browser dependent ) and that works fine, but we will have to see if it makes any difference to the original 'race' problem :( PHP is not 'sequential' and I have no idea where you got that impression. If the browser puts in a request to the server, the server will execute that request as soon as sufficient resources are free to do so. PHP does not 'lock' the session between requests. This is a problem being found by people trying AJAX with a session. Consider this sequence... 1) User hits your button (ooh-err) 2) PHP starts processing the script and runs session_start() which loads the session data 3) User hits your button again 4) PHP starts processing the script a second time before the first run has finished, and loads the session data again for this new request 5) The execution started in 2) ends and commits the session data back to the session store 6) The execution started in 4) ends and commits the session data back to the session store There are 2 different issues here. First is that the second run will not get any changes made in the first run. Second is that any changes made in the first run will be lost when the second run commits the session to the store. This is a fact of the stateless nature of HTTP and you need to plumb around it. There are various ways you can do this. I'm the first to admit that I haven't found an ideal solution yet, but methods I've used in the past have been... * Before start_session() check a directory for the existence of a file named after the session id. If it doesn't exist call start_session() and touch the lock file. Delete the lock file at the end of the request (ideally using register_shutdown_function). * Use shared memory to store an array of session ids that are locked. Neither of these were ideal because there was a race condition where two requests could check the lock at the same time and then both lock it. Now that I come to think about it again it may be possible to write a custom session handler that blocks reading of session data that's been locked until it's either unlocked or a timeout passes. You'd have to try that to see if it's possible - I'm not sure how the internals of session_start() work. Hope that early morning ramble helps you out. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Can a script run twice?
On Wed, 2006-05-24 at 01:45, Lester Caine wrote: The double click 'problem' was a sideline to the original problem, which I found while trying to track things. The original problem *IS* that PHP can run two copies of a script in parallel and the second copy does NOT see the 'locking' in place on the first copy. I had always thought that PHP was sequential, but I'm not so sure now. But PHP doesn't run anything... the webserver passes the request to PHP, and so if the webserver can process requests in parallel then the race is on. As for th elocking... it depends on how the locking is being done. Out of curiosity, is session data being written to a network filesystem? because all bets are off for network filesystems when trying to perform locking on the files (and I think that's how PHP achieves session locking). I've put in a trap for the double click ( and yes it *IS* browser dependent ) and that works fine, but we will have to see if it makes any difference to the original 'race' problem :( Good luck :) Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Parse error: syntax error, unexpected ',' in
Mark Sargent wrote:
Hi All,
this code,
?php
$flavour[] = blue raspberry;
$flavour[] = root beer;
$flavour[] = pineapple;
sort($flavour);
print_r($flavour);
echo br;
echo My favourite flavours are:br;
foreach ($flavour as $currentValue) {
//these lines will execute as long as there is a value in $flavour
echo $currentValue br\n;
}
?
gives this,
*Parse error*: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING,
expecting ',' or ';' in */usr/local/apache2/htdocs/sorting.php* on line *18
The echo in the foreach loop has no concatenation operator.
echo $currentValue br\n;
should be
echo $currentValue.br\n;
and adding a , to this line,
foreach ($flavour, as $currentValue) {
gives this error,
*Parse error*: syntax error, unexpected ',' in
*/usr/local/apache2/htdocs/sorting.php* on line *16*
The code in the book I'm following has the , in that line. Can anyone
tell me what I'm doing wrong? Cheers.
If the code in the book you're reading really has a , in the foreach
line I suggest you throw it away and find another book, because that's
not valid PHP.
-Stut
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Parse error: syntax error, unexpected ',' in
On 24/05/06, Mark Sargent [EMAIL PROTECTED] wrote:
Hi All,
this code,
?php
$flavour[] = blue raspberry;
$flavour[] = root beer;
$flavour[] = pineapple;
sort($flavour);
print_r($flavour);
echo br;
echo My favourite flavours are:br;
foreach ($flavour as $currentValue) {
//these lines will execute as long as there is a value in $flavour
echo $currentValue br\n;
}
?
gives this,
*Parse error*: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING,
expecting ',' or ';' in */usr/local/apache2/htdocs/sorting.php* on line *18
*
and adding a , to this line,
foreach ($flavour, as $currentValue) {
No, you were right the first time. No comma is required there.
Line 18 is the line with the echo statement on it. The items you want
to echo should be separated by commas:
So it should be:
echo $currentValue, br\n;
-robin
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Parse error: syntax error, unexpected ',' in
Mark Sargent wrote:
Hi All,
this code,
?php
$flavour[] = blue raspberry;
$flavour[] = root beer;
$flavour[] = pineapple;
sort($flavour);
print_r($flavour);
echo br;
echo My favourite flavours are:br;
foreach ($flavour as $currentValue) {
//these lines will execute as long as there is a value in $flavour
echo $currentValue br\n;
}
?
gives this,
*Parse error*: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING,
expecting ',' or ';' in */usr/local/apache2/htdocs/sorting.php* on line *18
*
and adding a , to this line,
foreach ($flavour, as $currentValue) {
gives this error,
*Parse error*: syntax error, unexpected ',' in
*/usr/local/apache2/htdocs/sorting.php* on line *16*
Since there aren't actually 18 lines this isn't the real code..
The problem is here:
echo $currentValue br\n;
it should be
echo $currentValue . br\n;
or
echo $currentValue , br\n;
--
Postgresql php tutorials
http://www.designmagick.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Parse error: syntax error, unexpected ',' in
Chris wrote: Since there aren't actually 18 lines this isn't the real code.. true, as I only posted the php code The problem is here: echo $currentValue br\n; it should be echo $currentValue . br\n; or echo $currentValue , br\n; thanx to all. The book is Beginning PHP, Apache, MySQL, Web Development and it seems to only be a typo on that page(section) as the next page shows similar code using the right syntax. I just didn't notice it till after I posted. Cheers. Mark Sargent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] captcha or other recommendations
Hi all. I've been playing with captcha for one of my sites. It works well but have had a few issues integrating it into the site and sometimes it appears not to work/show the textfield and graphic. Anyway are there any other suggestions for something with similiar functionality as captcha and what are your experiences with these code bases? TIA -- Angelo Zanetti Z Logic www.zlogic.co.za [c] +27 72 441 3355 [t] +27 21 469 1052 [f] +27 86 681 5885 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] captcha or other recommendations
Angelo Zanetti wrote: Hi all. I've been playing with captcha for one of my sites. It works well but have had a few issues integrating it into the site and sometimes it appears not to work/show the textfield and graphic. Anyway are there any other suggestions for something with similiar functionality as captcha and what are your experiences with these code bases? TIA oh Im using the captcha from freshmeat... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Can a script run twice?
Robert Cummings wrote: I've put in a trap for the double click ( and yes it *IS* browser dependent ) and that works fine, but we will have to see if it makes any difference to the original 'race' problem :( Good luck :) Actually the main problem was I was not updating the _SESSION variable soon enough, so the second 'click' was still seeing the original value. Now I set it with a dummy value (-1) until I can get the real value, which requires a pass through the database, and the original logic seems to be working fine - second string gets kicked out like it should. -- Lester Caine - G8HFL - L.S.Caine Electronic Services - http://home.lsces.co.uk Model Engineers Digital Workshop - http://home.lsces.co.uk/ModelEngineersDigitalWorkshop/ Treasurer - Firebird Foundation Inc. - http://www.firebirdsql.org/index.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Serialize
Hi, Is a serialized array a safe string to insert into a mysql text field? Or is a function such as mysql_real_escape_string always needed? regards Simon. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Serialize
On 5/24/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi, Is a serialized array a safe string to insert into a mysql text field? Or is a function such as mysql_real_escape_string always needed? *Always* escape your data. What if your array contains a quote? -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Serialize
It's not safe... if the array contains strings which contain ' or might screw your query... it's safe to escape the string result from serialize... Andy [EMAIL PROTECTED] wrote: Hi, Is a serialized array a safe string to insert into a mysql text field? Or is a function such as mysql_real_escape_string always needed? regards Simon. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Serialize
On 24/05/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi, Is a serialized array a safe string to insert into a mysql text field? Or is a function such as mysql_real_escape_string always needed? No, it's not at all a safe string to insert into a mysql text field. mysql_real_escap_string() is needed. -robin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 3DES w/ openssl_{csr,pkey}_new ?
RSA and DSA are different types of key formats. They do not imply protecting the private keywith an encryption algorithm. If you look at gendsa(1) or genrsa(1), you will see that passphrase protection is optional to both, and that there a good many choices. default_md is actually something from ca(1), it's the crypto signature algorithm for public keys / certificates, and really doesn't apply to private keys. I'll just look at the source code when I get to the office. ~BAS On Wed, 2006-05-24 at 01:54, Chris wrote: Brian A. Seklecki wrote: Does anyone know how to specify the encryption cipher used in this funciton as documented in OpenSSL's genrsa(1)? Why isn't the encryption method a value in [array configargs] ? -des|-des3|-idea These options encrypt the private key with the DES, triple DES, or the IDEA ciphers respectively before outputting it. If none of these options is specified no encryption is used. Or is the encryption method a value that can be specified in config= and req_extensions= ? Right now generated private keys look like: -BEGIN RSA PRIVATE KEY- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,FA81C573DFD21B7D Which is 3DES, but some systems support AES, IDEA, Blowfish, Twofish, It depends on the OpenSSL config. Idea? Read the documentation? Took me about 30 seconds to find this page: http://www.php.net/manual/en/function.openssl-csr-new.php Where it says: under private_key_type Specifies the type of private key to create. This can be one of OPENSSL_KEYTYPE_DSA, OPENSSL_KEYTYPE_DH or OPENSSL_KEYTYPE_RSA. The default value is OPENSSL_KEYTYPE_RSA which is currently the only supported key type. So you can't use any other type. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] RE: Can php convert doc to HTML?
On 5/23/06, Martin Alterisio [EMAIL PROTECTED] wrote: If that's the case, why don't you just use the export as web page or save as web page tools of MS Word (if you don't have it anymore you can as someone who still has it, or I think OpenOffice also has a similar tool). Because there are 200 of them. Dotan Cohen Unless you want to do them one at a time, you'll need to write code. Unless this is something that you need to do a lot, why not write the code using OOo's programming language? Seems like all the appropriate hooks should be there to pull in each Word doc, push it off as HTML, and repeat for all the docs. I haven't worked with OOo for programming, but it might be worth a look. Hit the OOo site and see what their forums have to offer. Doug ___ This e-mail message has been sent by Kollsman, Inc. and is for the use of the intended recipients only. The message may contain privileged or confidential information. If you are not the intended recipient you are hereby notified that any use, distribution or copying of this communication is strictly prohibited, and you are requested to delete the e-mail and any attachments and notify the sender immediately. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Can a script run twice?
At 7:19 AM +0100 5/24/06, Stut wrote: PHP is not 'sequential' and I have no idea where you got that impression. If the browser puts in a request to the server, the server will execute that request as soon as sufficient resources are free to do so. PHP does not 'lock' the session between requests. This is a problem being found by people trying AJAX with a session. Consider this sequence... 1) User hits your button (ooh-err) 2) PHP starts processing the script and runs session_start() which loads the session data 3) User hits your button again 4) PHP starts processing the script a second time before the first run has finished, and loads the session data again for this new request 5) The execution started in 2) ends and commits the session data back to the session store 6) The execution started in 4) ends and commits the session data back to the session store Nice explanation. Ajax people are finding this happening w/o sessions. Back to the posters problem, which is duplicate dB entries caused by double clicking. Apparently the problem isn't solvable by using tokens, sessions, locking, and such. So why not just check the dB to see if the current record has already been entered? If so, don't do it again. Isn't this a solution? Or is there something here that I'm not understanding? tedd -- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] captcha or other recommendations
Hi all. I've been playing with captcha for one of my sites. It works well but have had a few issues integrating it into the site and sometimes it appears not to work/show the textfield and graphic. Anyway are there any other suggestions for something with similiar functionality as captcha and what are your experiences with these code bases? TIA -- Angelo Zanetti Z Logic Angelo: Read this: http://www.access-matters.com/2005/05/22/quiz-115-did-a-captcha-catch-ya/ While not prefect by any means (i.e., blind can't see it), you may want to review my click the circle solution: http://xn--ovg.com/captcha If you want the code, I'll provide -- BUT -- try to find another way. tedd -- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Can a script run twice?
Apparently the problem isn't solvable by using tokens, sessions, locking, and such. So why not just check the dB to see if the current record has already been entered? If so, don't do it again. Isn't this a solution? Or is there something here that I'm not understanding? ...or maybe do a 'REPLACE...' rather than an 'INSERT...'? That way the record is not entered into the database twice if it already exists. Might be a more economical way than doing a lookup/compare/write if sequence. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] storing single and double quote in MySQL
after these very helpfull comments, I rad (again) Shiflett's (and few
others) Security articles about filtering input and output. And more I
read - less is clear :(
Before, I used addslash() before I insert data in database and strislshe()
to show them on screen.
Later found it's not good and start using mysql_real_escae_string() to add
to DB and stripslashe() to show on screen.
But, also, I thought, mysql_real_escape_string() is filter for
everything, e.g. lets have three links (add, delete, edit) as
a href=index.php?action=addrec_id=$rec_idAdd new/a
a href=index.php?action=editrec_id=$rec_idEdit/a
a href=index.php?action=deleterec_id=$rec_idDelete/a
and was doing this way:
#index.php
?php
if($_GET['action'])
{
$action = mysql_real_escape_string($_GET['action']);
$rec_id = mysql_real_escape_string($_GET['rec_id']);
switch($action)
{
case 'add':
// add new record
break;
case 'edit':
// edit record
break;
case 'delete':
// delete record
break;
}
}
?
it means that $action I will never store in DB, neither show on screen. I
then wrong to
$action = mysql_real_escape_string($_GET['action']);
or I should
$action = htmlentities($_GET['action']);
or
$action = $_GET['action'];
is just fine?
I', really confused.
Richard Lynch wrote:
On Mon, May 22, 2006 11:37 am, Brad Bonkoski wrote:
http://www.php.net/manual/en/function.stripslashes.php
if you have to dump that information back to the users.
If you are using http://php.net/stripslashes on data coming out of
your database, you are DEFINITELY doing something wrong acquiring that
data.
Stripslashes is correctly used ONLY when:
1. You have Magic Quotes on, and
2. You need to display/use the incoming data for something other than
MySQL in the same script that does the INSERT
Even then, you really ought to turn off Magic Quotes and migrate to
http://php.net/mysql_real_escape_string
Thanks for your constructive criticism Sorry for the original bad
advice.
So, when the magic_quotes goes away in future version, with
stripslashes() also go away?
-Brad
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] date iteration
Richard is correct, the format for the mktime() is
hours/minutes/seconds/month/day/year. My code suggestion is based
on the start date being entered as follows -- 05242006, and the
display is to be 05/24/2006. My suggestion is the following...
function generateDates($first, $duration)
{
$dates = array();
$smonth = substr($first,0,2);
$sday = substr($first,2,2);
$syear = substr($first,4,4);
$start_date = mktime(0,0,0,$smonth,$sday,$syear);
for ($i = 1; $i = $duration; $i++)
{
$added = mktime(0,0,0,$smonth,$sday+$i,$syear);
$dates[$i] = date( m/d/Y, $added );
}
return $dates;
}
[SNIP]
Good luck,
Jef
-Original Message-
From: Richard Lynch [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 23, 2006 3:27 PM
To: Dave Goodchild
Cc: php-general@lists.php.net
Subject: Re: [PHP] date iteration
mktime() args are hour/minute/second/month/day/year or somesuch.
You are passing in a string, which PHP tries to convert to int, which
results in who knows what, on the line that starts $added =
On Tue, May 23, 2006 6:11 am, Dave Goodchild wrote:
Hi all, I am writing an app that runs a prize draw, wherein the admin
chooses the duration by adding a start date and number of days for the
draw
to run. These values are passed into a small function that generates
an
array holding the start date, end date and all dates in between as
follows:
function generateDates($first, $duration) {
$dates = array();
$date = getdate(mktime($first));
$month = $date['mon'];$day = $date['mday'];$year = $date['year'];
for ($i = 1;$i = $duration; $i++) {
$added = getdate(mktime($day++ . - . $month . - . $year));
$dates[] = $added['mday'] . - . $added['mon'] . - .
$added['year'];
}
return $dates;
}
$series = generateDates('23-05-2006', 20);
var_dump($series);
...when I var_dump the array the iteration stops at May 24 - I am
looking
into it but does anyone have any ideas why this is sticking ie is my
date
arithmetic wrong? Cheers.
--
http://www.web-buddha.co.uk
dynamic web programming from Reigate, Surrey UK (php, mysql, xhtml,
css)
look out for project karma, our new venture, coming soon!
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] parsing/replacing for special MS Word characters
I have a friend who I wrote some very simple publishing software, basically he takes his writtings and puts them online. Well his writtings are in Word and so he has alot of special characters that he inputs, some unknowingly, into the database. Are there any classes or samples of what others have done to strip/replace/find these special characters, I have asked him to be careful, but he will do it once or twice and then forget and lapse, and I get a call saying can you help me get these out. Any ideas? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] storing single and double quote in MySQL
[EMAIL PROTECTED] wrote:
after these very helpfull comments, I rad (again) Shiflett's (and few
others) Security articles about filtering input and output. And more I
read - less is clear :(
Before, I used addslash() before I insert data in database and strislshe()
to show them on screen.
Later found it's not good and start using mysql_real_escae_string() to add
to DB and stripslashe() to show on screen.
If you have to stripslashes() when you pull data out of the db, you're
doing something wrong (like running with magic_quotes* on, therefore
double escaping your data).
But, also, I thought, mysql_real_escape_string() is filter for
everything, e.g. lets have three links (add, delete, edit) as
mysql_real_escape_string() *only* escapes the data which needs to be
escaped for your particular db version.
a href=index.php?action=addrec_id=$rec_idAdd new/a
a href=index.php?action=editrec_id=$rec_idEdit/a
a href=index.php?action=deleterec_id=$rec_idDelete/a
and was doing this way:
#index.php
?php
if($_GET['action'])
{
$action = mysql_real_escape_string($_GET['action']);
$rec_id = mysql_real_escape_string($_GET['rec_id']);
switch($action)
{
case 'add':
// add new record
break;
case 'edit':
// edit record
break;
case 'delete':
// delete record
break;
}
}
?
it means that $action I will never store in DB, neither show on screen. I
then wrong to
$action = mysql_real_escape_string($_GET['action']);
or I should
$action = htmlentities($_GET['action']);
or
$action = $_GET['action'];
is just fine?
If you're not going to display it or insert it...if all you're doing is
checking the value of it, then you don't need to modify it.
--
John C. Nichel IV
Programmer/System Admin (ÜberGeek)
Dot Com Holdings of Buffalo
716.856.9675
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] RE: Can php convert doc to HTML?
So, here's what you need. http://ftp.45.free.net/pub/catdoc/catdoc-0.94.2.zip This converts doc files to .txt, although I'm not sure that it will keep the format intact. Take care. On 5/24/06, Finner, Doug [EMAIL PROTECTED] wrote: On 5/23/06, Martin Alterisio [EMAIL PROTECTED] wrote: If that's the case, why don't you just use the export as web page or save as web page tools of MS Word (if you don't have it anymore you can as someone who still has it, or I think OpenOffice also has a similar tool). Because there are 200 of them. Dotan Cohen Unless you want to do them one at a time, you'll need to write code. Unless this is something that you need to do a lot, why not write the code using OOo's programming language? Seems like all the appropriate hooks should be there to pull in each Word doc, push it off as HTML, and repeat for all the docs. I haven't worked with OOo for programming, but it might be worth a look. Hit the OOo site and see what their forums have to offer. Doug ___ This e-mail message has been sent by Kollsman, Inc. and is for the use of the intended recipients only. The message may contain privileged or confidential information. If you are not the intended recipient you are hereby notified that any use, distribution or copying of this communication is strictly prohibited, and you are requested to delete the e-mail and any attachments and notify the sender immediately. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to disable PHP's POST caching?
Stut wrote: Adam Zey wrote: Tunelling arbitrary TCP packets. Similar idea to SSH port forwarding, except tunneling over HTTP instead of SSH. A good example might be encapsulating an IRC (or telnet, or pop3, or ssh, etc) connection inside of an HTTP connection such that incomming IRC traffic goes over a GET to the client, and outgoing IRC traffic goes over a POST request. So, the traffic is bounced: [mIRC] --- [client.php] -internet- [apache --- server.php] -internet- [irc server] And the same in reverse. The connection between client.php and server.php is taking the IRC traffic and encapsulating it inside an HTTP connection, where it is unpacked by server.php before being sent on to the final destination. The idea is to get TCP tunneling working, once you do that you can rely on other programs to use that TCP tunnel for more complex things, like SOCKS. You're trying to get a square peg through a round hole. The HTTP protocol was not designed to do anything like this, so the standard implementation by most web servers and PHP does not allow what you are trying to do. That's the fun of it, making things like PHP and HTTP do things they weren't supposed to. I'm curious about your 'lots of POSTs' solution. How are you keeping the connection open on the server-side? It's certainly not possible to maintain that connection between requests without using a process outside the web server that maintains the connections. I've implemented a system in the past to proxy IRC, MSN and AIM connections in this way, but it only worked because the requests that came into PHP got passed to this other process which held all the connections and managed the traffic. And yes, it did generate a huge amount of traffic even when it wasn't doing anything due to the need to poll the server for new incoming messages. With the lots-of-posts, the connection is a regular keepalive, which any webserver happily keeps open. When this keepalive connection closes, you open a new one. At least this way, while I still need to send lots of posts (Say, one every 100ms, or 250ms, something like that), I can limit the new connections to once every minute or two. While 4 messages per second may seem like a lot, I would imagine that an application such as Google Maps would generate a LOT more than that while a user is scrolling around; google maps would have to load in dozens of images per second as the user scrolled. Polling for incomming messages isn't a problem, as there is no incomming data for the POSTs. A seperate GET request handles incomming data, and I can simply do something like select, or even something as mundane as polling the socket myself. But I don't need to poll the server. And, the 4-per-second POST transactions don't need to be sent unless there is actually data to be sent. As long as a keepalive request is sent to make sure the remote server doesn't sever connection (My tests show apache 2 with a 15 second timeout on a keepalive connection), there doesn't need to be any POSTs unless there is data waiting to be sent. Of course, this solution has high latency (up to 250ms delay), and generates a fair number of POST requests, so it still isn't ideal. But it should work, since it doesn't do anything out-of-spec as far as HTTP is concerned. This demonstrates a point at which you need to reconsider whether a shared hosting environment (which I assume you're using given the restrictions you've mentioned) is enough for your purposes. If you had a dedicated server you could add another IP and run a custom server on it that would be capable of doing exactly what you want. In fact there are lots of nice free proxies that will happily sit on port 80. However, it's worth nothing that a lot of firewalls block traffic that doesn't look like HTTP, in which case you'll need to use SSL on port 443 to get past those checks. I wasn't targetting shared hosting environments. I imagine most of them use safe mode anyhow. I was thinking more along the lines of somebody with a dedicated server, or perhaps just a linux box in their closet. The thing is, I'm not writing a web proxy. I'm writing a tunneling solution. And, the idea is that firewalls won't block the traffic, because it doesn't just look like HTTP traffic, it really IS HTTP traffic. Is a firewall really going to block a download because the data being downloaded doesn't look legitimate? As far as the firewall is concerned, it just sees regular HTTP traffic. And of course, a bit of obuscation of the data being sent wouldn't be too hard. The idea here is that no matter what sort of proxy or firewall the user is behind, they will be able to get a TCP/IP connection for any protocol out to the outside world. Even if the user is sitting on a LAN with no gateway, no connection to the internet except a single proxy server, they should still be able to make a TCP/IP connection by tunneling it
Re: [PHP] storing single and double quote in MySQL
ok. I just made one test and if you can then explain something to me:
I entered in form (textarea)
afan's crazy web
and stored in db using mysql-real_escape_string().
in DB, it's stored with slashes:
afan\'s \crazy\ web
Then I pulled that from DB on three different ways:
$query = mysql_query(select test from dbtest where rec_id = 5);
$result = mysql_fetch_array($query);
echo $result['gen_value']; // gives afan\'s \crazy\ web
echo stripslashes($result['gen_value']);// gives afan's
crazy web
echo htmlentities($result['gen_value']);// gives afan\'s
\crazy\ web
if stripslashes() is not correcct to use - what then?!?
-afan
[EMAIL PROTECTED] wrote:
after these very helpfull comments, I rad (again) Shiflett's (and few
others) Security articles about filtering input and output. And more I
read - less is clear :(
Before, I used addslash() before I insert data in database and
strislshe()
to show them on screen.
Later found it's not good and start using mysql_real_escae_string() to
add
to DB and stripslashe() to show on screen.
If you have to stripslashes() when you pull data out of the db, you're
doing something wrong (like running with magic_quotes* on, therefore
double escaping your data).
But, also, I thought, mysql_real_escape_string() is filter for
everything, e.g. lets have three links (add, delete, edit) as
mysql_real_escape_string() *only* escapes the data which needs to be
escaped for your particular db version.
a href=index.php?action=addrec_id=$rec_idAdd new/a
a href=index.php?action=editrec_id=$rec_idEdit/a
a href=index.php?action=deleterec_id=$rec_idDelete/a
and was doing this way:
#index.php
?php
if($_GET['action'])
{
$action = mysql_real_escape_string($_GET['action']);
$rec_id = mysql_real_escape_string($_GET['rec_id']);
switch($action)
{
case 'add':
// add new record
break;
case 'edit':
// edit record
break;
case 'delete':
// delete record
break;
}
}
?
it means that $action I will never store in DB, neither show on screen.
I
then wrong to
$action = mysql_real_escape_string($_GET['action']);
or I should
$action = htmlentities($_GET['action']);
or
$action = $_GET['action'];
is just fine?
If you're not going to display it or insert it...if all you're doing is
checking the value of it, then you don't need to modify it.
--
John C. Nichel IV
Programmer/System Admin (ÜberGeek)
Dot Com Holdings of Buffalo
716.856.9675
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Embedding PHP 5 in a C application
All, Can anybody give me a pointer on where I might start to learn how to embed Zend2/PHP 5 inside a stand-alone C application? I realize that by asking a question like this it might imply I am not prepared enough to do handle the answer, but ignoring that, is there a document out there? I guess I could start hacking Apache or something, but I was hoping for more of a tutorial/hand-holding article on the basics. Dante -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] storing single and double quote in MySQL
[EMAIL PROTECTED] wrote: ok. I just made one test and if you can then explain something to me: I entered in form (textarea) afan's crazy web and stored in db using mysql-real_escape_string(). in DB, it's stored with slashes: afan\'s \crazy\ web Then I pulled that from DB on three different ways: $query = mysql_query(select test from dbtest where rec_id = 5); $result = mysql_fetch_array($query); echo $result['gen_value']; // gives afan\'s \crazy\ web echo stripslashes($result['gen_value']);// gives afan's crazy web echo htmlentities($result['gen_value']);// gives afan\'s \crazy\ web if stripslashes() is not correcct to use - what then?!? You're missing the main issue. You shouldn't have any 'escape' slashes in your db. I'm betting your php install has magic_quotes* enabled, so what's happening is this: User inputs data magic_quotes escapes that data *you* escape the data data is inserted into the db. Either turn magic_quotes off or stripslashes() *before* you use mysql_real_escape_string() You shouldn't have to stripslashes() coming out of the db. -- John C. Nichel IV Programmer/System Admin (ÜberGeek) Dot Com Holdings of Buffalo 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] storing single and double quote in MySQL
in your php.ini file what is the value of:
magic_quotes_gpc?
(hint: should be off, if it is on, then you are add slashes twice...)
-Brad
[EMAIL PROTECTED] wrote:
ok. I just made one test and if you can then explain something to me:
I entered in form (textarea)
afan's crazy web
and stored in db using mysql-real_escape_string().
in DB, it's stored with slashes:
afan\'s \crazy\ web
Then I pulled that from DB on three different ways:
$query = mysql_query(select test from dbtest where rec_id = 5);
$result = mysql_fetch_array($query);
echo $result['gen_value']; // gives afan\'s \crazy\ web
echo stripslashes($result['gen_value']);// gives afan's
crazy web
echo htmlentities($result['gen_value']);// gives afan\'s
\crazy\ web
if stripslashes() is not correcct to use - what then?!?
-afan
[EMAIL PROTECTED] wrote:
after these very helpfull comments, I rad (again) Shiflett's (and few
others) Security articles about filtering input and output. And more I
read - less is clear :(
Before, I used addslash() before I insert data in database and
strislshe()
to show them on screen.
Later found it's not good and start using mysql_real_escae_string() to
add
to DB and stripslashe() to show on screen.
If you have to stripslashes() when you pull data out of the db, you're
doing something wrong (like running with magic_quotes* on, therefore
double escaping your data).
But, also, I thought, mysql_real_escape_string() is filter for
everything, e.g. lets have three links (add, delete, edit) as
mysql_real_escape_string() *only* escapes the data which needs to be
escaped for your particular db version.
a href=index.php?action=addrec_id=$rec_idAdd new/a
a href=index.php?action=editrec_id=$rec_idEdit/a
a href=index.php?action=deleterec_id=$rec_idDelete/a
and was doing this way:
#index.php
?php
if($_GET['action'])
{
$action = mysql_real_escape_string($_GET['action']);
$rec_id = mysql_real_escape_string($_GET['rec_id']);
switch($action)
{
case 'add':
// add new record
break;
case 'edit':
// edit record
break;
case 'delete':
// delete record
break;
}
}
?
it means that $action I will never store in DB, neither show on screen.
I
then wrong to
$action = mysql_real_escape_string($_GET['action']);
or I should
$action = htmlentities($_GET['action']);
or
$action = $_GET['action'];
is just fine?
If you're not going to display it or insert it...if all you're doing is
checking the value of it, then you don't need to modify it.
--
John C. Nichel IV
Programmer/System Admin (ÜberGeek)
Dot Com Holdings of Buffalo
716.856.9675
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] storing single and double quote in MySQL
But, also, I thought, mysql_real_escape_string() is filter for
everything, e.g. lets have three links (add, delete, edit) as
a href=index.php?action=addrec_id=$rec_idAdd new/a
a href=index.php?action=editrec_id=$rec_idEdit/a
a href=index.php?action=deleterec_id=$rec_idDelete/a
and was doing this way:
#index.php
?php
if($_GET['action'])
{
$action = mysql_real_escape_string($_GET['action']);
$rec_id = mysql_real_escape_string($_GET['rec_id']);
switch($action)
{
case 'add':
// add new record
break;
case 'edit':
// edit record
break;
case 'delete':
// delete record
break;
}
}
?
it means that $action I will never store in DB, neither show on screen. I
then wrong to
$action = mysql_real_escape_string($_GET['action']);
or I should
$action = htmlentities($_GET['action']);
or
$action = $_GET['action'];
is just fine?
I', really confused.
One thing that might help is to understand why you are doing
something. As everyone has said, mysql_real_escape_string escapes
characters to prevent SQL injection. The reason we do this is to tell
the system that the data we are putting into the system is just data,
not syntax characters.
An example is this:
Say I want to echo out a string exactly variables should be in this
format: $variable. So I make this code block:
?php
echo variables should be in this format: $variable;
?
That would give this output:
variables should be in this format:
And throw this error:
[error] PHP Notice: Undefined variable: variable in
/Users/eric/Sites/meh.php on line 3
The reason is because PHP parsed $variable and saw that it was
undefined. So to get it to show up I would have to do this:
?php
echo variables should be in this format: \$variable;
?
And I get this output:
variables should be in this format: $variable
By adding the \ infront of the $ I escaped it and told the parser to
ignore that. That is what all functions like mysql_real_escape_string
and htmlentities do. They tell whatever parser to ignore what is
happening (more or less:))
So when you have a page like this:
page.php?id=34
... that eventually gets piped into this ...
$sql = SELECT id, title FROM sometable WHERE id='. $_GET['id'] .';
People will know that 34 is being put into a DB. So they might try to
add raw SQL commands to your ?id=. This is why we use
mysql_real_escape_string to prevent people from injecting SQL commands
into your raw data. It is also used to prevent your data from mixing
with SQL commands too like if you had a form that submitted an input
field to update a table and I type in Eric's Data would end up:
UPDATE sometable SET title = 'Eric's Data' WHERE id=32;
This would cause an error You have an error in your SQL syntax; check
the manual that corresponds to your MySQL server version for the right
syntax to use near 's Data' WHERE id=32' at line 1 That is why magic
quotes exists. It automatically escapes quotes for you so that you
don't have to worry about this. So on POSTing of this form Eric's
Data becomes Eric\'s Data.
When you addslashes or use mysql_real_escape_string with magic quotes
on it will add another escape \ to the quote (leading to Eric\\'s
Data) which would lead to you having to use stripslahes when you pull
this record back out of sometable. As you have read, you shouldn't
have to use stripslashes. mysql_real_escape_string and stripslahes
only escape characters for the SQL query to work. They don't actually
go into the database just like when we did echo \$variable; you
didn't see \$variable in the output.
Hopefully this will clear up a few things for you.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Embedding PHP 5 in a C application
I think you can use the 'embed' SAPI for that. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Embedding PHP 5 in a C application
D. Dante Lorenso wrote: All, Can anybody give me a pointer on where I might start to learn how to embed Zend2/PHP 5 inside a stand-alone C application? I realize that by asking a question like this it might imply I am not prepared enough to do handle the answer, but ignoring that, is there a document out there? I guess I could start hacking Apache or something, but I was hoping for more of a tutorial/hand-holding article on the basics. Dante Are you sure that you can't get away with just calling the PHP executable from your C program to do any PHP related activity? Regards, Adam Zey. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] storing single and double quote in MySQL
Ok. Looks like I DID miss the point :)
I thought that with mysql_real_escape_string() HAVE TO add slash in front
of a quote and THAT's filtering.
:(
Ok. slash SHOULDN'T be in DB!
:)
But, also, I thought, mysql_real_escape_string() is filter for
everything, e.g. lets have three links (add, delete, edit) as
a href=index.php?action=addrec_id=$rec_idAdd new/a
a href=index.php?action=editrec_id=$rec_idEdit/a
a href=index.php?action=deleterec_id=$rec_idDelete/a
and was doing this way:
#index.php
?php
if($_GET['action'])
{
$action = mysql_real_escape_string($_GET['action']);
$rec_id = mysql_real_escape_string($_GET['rec_id']);
switch($action)
{
case 'add':
// add new record
break;
case 'edit':
// edit record
break;
case 'delete':
// delete record
break;
}
}
?
it means that $action I will never store in DB, neither show on screen.
I
then wrong to
$action = mysql_real_escape_string($_GET['action']);
or I should
$action = htmlentities($_GET['action']);
or
$action = $_GET['action'];
is just fine?
I', really confused.
One thing that might help is to understand why you are doing
something. As everyone has said, mysql_real_escape_string escapes
characters to prevent SQL injection. The reason we do this is to tell
the system that the data we are putting into the system is just data,
not syntax characters.
An example is this:
Say I want to echo out a string exactly variables should be in this
format: $variable. So I make this code block:
?php
echo variables should be in this format: $variable;
?
That would give this output:
variables should be in this format:
And throw this error:
[error] PHP Notice: Undefined variable: variable in
/Users/eric/Sites/meh.php on line 3
The reason is because PHP parsed $variable and saw that it was
undefined. So to get it to show up I would have to do this:
?php
echo variables should be in this format: \$variable;
?
And I get this output:
variables should be in this format: $variable
By adding the \ infront of the $ I escaped it and told the parser to
ignore that. That is what all functions like mysql_real_escape_string
and htmlentities do. They tell whatever parser to ignore what is
happening (more or less:))
So when you have a page like this:
page.php?id=34
... that eventually gets piped into this ...
$sql = SELECT id, title FROM sometable WHERE id='. $_GET['id'] .';
People will know that 34 is being put into a DB. So they might try to
add raw SQL commands to your ?id=. This is why we use
mysql_real_escape_string to prevent people from injecting SQL commands
into your raw data. It is also used to prevent your data from mixing
with SQL commands too like if you had a form that submitted an input
field to update a table and I type in Eric's Data would end up:
UPDATE sometable SET title = 'Eric's Data' WHERE id=32;
This would cause an error You have an error in your SQL syntax; check
the manual that corresponds to your MySQL server version for the right
syntax to use near 's Data' WHERE id=32' at line 1 That is why magic
quotes exists. It automatically escapes quotes for you so that you
don't have to worry about this. So on POSTing of this form Eric's
Data becomes Eric\'s Data.
When you addslashes or use mysql_real_escape_string with magic quotes
on it will add another escape \ to the quote (leading to Eric\\'s
Data) which would lead to you having to use stripslahes when you pull
this record back out of sometable. As you have read, you shouldn't
have to use stripslashes. mysql_real_escape_string and stripslahes
only escape characters for the SQL query to work. They don't actually
go into the database just like when we did echo \$variable; you
didn't see \$variable in the output.
Hopefully this will clear up a few things for you.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Question about set_time_out and shell_exec
Hi, I am trying to write a script which will avoid browser timeout problem and in that process I have created 2 files FILE1.php: set_time_out(1); echo shell_exec(/usr/local/bin/php -f FILE2.php ); FILE2.php: @mail($to,$sub,$msg); sleep(60); @mail($to,$sub,$msg); I run File1.php thr' browser and I get 2 emails 1 min apart. But browser does not timeout and PHP also does not throw error about timeout even if I have specified time limit to 1sec. Is there any explanation to this behaviour? Thanks in adv. SP
Re: [PHP] Can a script run twice?
On Wed, 2006-05-24 at 02:19, Stut wrote: Lester Caine wrote: The double click 'problem' was a sideline to the original problem, which I found while trying to track things. The original problem *IS* that PHP can run two copies of a script in parallel and the second copy does NOT see the 'locking' in place on the first copy. I had always thought that PHP was sequential, but I'm not so sure now. I've put in a trap for the double click ( and yes it *IS* browser dependent ) and that works fine, but we will have to see if it makes any difference to the original 'race' problem :( PHP is not 'sequential' and I have no idea where you got that impression. If the browser puts in a request to the server, the server will execute that request as soon as sufficient resources are free to do so. PHP does not 'lock' the session between requests. This is a problem being found by people trying AJAX with a session. Consider this sequence... From the manual at: 1) User hits your button (ooh-err) 2) PHP starts processing the script and runs session_start() which loads the session data 3) User hits your button again 4) PHP starts processing the script a second time before the first run has finished, and loads the session data again for this new request 5) The execution started in 2) ends and commits the session data back to the session store 6) The execution started in 4) ends and commits the session data back to the session store There are 2 different issues here. First is that the second run will not get any changes made in the first run. Second is that any changes made in the first run will be lost when the second run commits the session to the store. This is a fact of the stateless nature of HTTP and you need to plumb around it. There are various ways you can do this. I'm the first to admit that I haven't found an ideal solution yet, but methods I've used in the past have been... * Before start_session() check a directory for the existence of a file named after the session id. If it doesn't exist call start_session() and touch the lock file. Delete the lock file at the end of the request (ideally using register_shutdown_function). * Use shared memory to store an array of session ids that are locked. Neither of these were ideal because there was a race condition where two requests could check the lock at the same time and then both lock it. Now that I come to think about it again it may be possible to write a custom session handler that blocks reading of session data that's been locked until it's either unlocked or a timeout passes. You'd have to try that to see if it's possible - I'm not sure how the internals of session_start() work. Hope that early morning ramble helps you out. -Stut From the manual at: http://ca3.php.net/manual/en/function.session-write-close.php Session data is usually stored after your script terminated without the need to call session_write_close(), but as session data is locked to prevent concurrent writes only one script may operate on a session at any time. When using framesets together with sessions you will experience the frames loading one by one due to this locking. You can reduce the time needed to load all the frames by ending the session as soon as all changes to session variables are done Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Can a script run twice?
On Wed, 2006-05-24 at 09:44, tedd wrote: At 7:19 AM +0100 5/24/06, Stut wrote: PHP is not 'sequential' and I have no idea where you got that impression. If the browser puts in a request to the server, the server will execute that request as soon as sufficient resources are free to do so. PHP does not 'lock' the session between requests. This is a problem being found by people trying AJAX with a session. Consider this sequence... 1) User hits your button (ooh-err) 2) PHP starts processing the script and runs session_start() which loads the session data 3) User hits your button again 4) PHP starts processing the script a second time before the first run has finished, and loads the session data again for this new request 5) The execution started in 2) ends and commits the session data back to the session store 6) The execution started in 4) ends and commits the session data back to the session store Nice explanation. Ajax people are finding this happening w/o sessions. Back to the posters problem, which is duplicate dB entries caused by double clicking. Apparently the problem isn't solvable by using tokens, sessions, locking, and such. So why not just check the dB to see if the current record has already been entered? If so, don't do it again. Isn't this a solution? Or is there something here that I'm not understanding? No the problem with ajax and sessions is usually scripts not releasing the session as soon as they are done. In which case an ajax request blocks all other requests with the same session. For instance I have ajax requests that hit the webserver for slow feed requests that can take up to 10 seconds. If I didn't manually close out the session, then all other requests with the same session (either from browser or other ajax requests) would block for about 10 seconds. If ajax requests are seeing race conditions related to sessions then it is usually due to a custom session implementation that doesn't perform locking. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] parsing/replacing for special MS Word characters
Start here... http://www.php.net/manual/en/function.preg-replace.php Jef -Original Message- From: Dan McCullough [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 24, 2006 8:35 AM To: PHP LIST Subject: [PHP] parsing/replacing for special MS Word characters I have a friend who I wrote some very simple publishing software, basically he takes his writtings and puts them online. Well his writtings are in Word and so he has alot of special characters that he inputs, some unknowingly, into the database. Are there any classes or samples of what others have done to strip/replace/find these special characters, I have asked him to be careful, but he will do it once or twice and then forget and lapse, and I get a call saying can you help me get these out. Any ideas? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] parsing/replacing for special MS Word characters
When my clients use word to compose the contents of a website, I always recommend them to paste the contents onto notepad and only then pass them to the RTE on the browser so that the text looses all it's formatting. Sucks, but it's the only way I know. Since then, they started formatting using predefined styles on the RTE and there was much rejoicing On 5/24/06, Jef Sullivan [EMAIL PROTECTED] wrote: Start here... http://www.php.net/manual/en/function.preg-replace.php Jef -Original Message- From: Dan McCullough [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 24, 2006 8:35 AM To: PHP LIST Subject: [PHP] parsing/replacing for special MS Word characters I have a friend who I wrote some very simple publishing software, basically he takes his writtings and puts them online. Well his writtings are in Word and so he has alot of special characters that he inputs, some unknowingly, into the database. Are there any classes or samples of what others have done to strip/replace/find these special characters, I have asked him to be careful, but he will do it once or twice and then forget and lapse, and I get a call saying can you help me get these out. Any ideas? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Can a script run twice?
At 9:58 AM -0400 5/24/06, Jim Moseby wrote: Apparently the problem isn't solvable by using tokens, sessions, locking, and such. So why not just check the dB to see if the current record has already been entered? If so, don't do it again. Isn't this a solution? Or is there something here that I'm not understanding? ...or maybe do a 'REPLACE...' rather than an 'INSERT...'? That way the record is not entered into the database twice if it already exists. Might be a more economical way than doing a lookup/compare/write if sequence. JM I didn't suggest using either. I just said check first before adding a duplicate record. However, using REPLACE rather than INSERT would probably be best. The MySQL manual states that REPLACE works exactly like INSERT except REPLACE either inserts, or deletes and inserts. So, it's still a lookup/compare/write if sequence, but it's an internal mysql operation, which should be quicker and less coding (i.e., more economical) than using php/mysql to do it. tedd -- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Can a script run twice?
On Wed, 2006-05-24 at 13:02, tedd wrote: At 9:58 AM -0400 5/24/06, Jim Moseby wrote: Apparently the problem isn't solvable by using tokens, sessions, locking, and such. So why not just check the dB to see if the current record has already been entered? If so, don't do it again. Isn't this a solution? Or is there something here that I'm not understanding? ...or maybe do a 'REPLACE...' rather than an 'INSERT...'? That way the record is not entered into the database twice if it already exists. Might be a more economical way than doing a lookup/compare/write if sequence. JM I didn't suggest using either. I just said check first before adding a duplicate record. However, using REPLACE rather than INSERT would probably be best. The MySQL manual states that REPLACE works exactly like INSERT except REPLACE either inserts, or deletes and inserts. So, it's still a lookup/compare/write if sequence, but it's an internal mysql operation, which should be quicker and less coding (i.e., more economical) than using php/mysql to do it. This stuff presumes you have an ID upon which to replace. What about task/bug type submissions where the entry is created upon submission with it's own unique key? Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Can a script run twice?
At 12:38 PM -0400 5/24/06, Robert Cummings wrote:
On Wed, 2006-05-24 at 09:44, tedd wrote:
-snip-
Back to the posters problem, which is duplicate dB entries caused by
double clicking.
Apparently the problem isn't solvable by using tokens, sessions,
locking, and such. So why not just check the dB to see if the current
record has already been entered? If so, don't do it again.
Isn't this a solution? Or is there something here that I'm not
understanding?
No the problem with ajax and sessions is usually scripts not releasing
the session as soon as they are done. In which case an ajax request
blocks all other requests with the same session. For instance I have
ajax requests that hit the webserver for slow feed requests that can
take up to 10 seconds. If I didn't manually close out the session, then
all other requests with the same session (either from browser or other
ajax requests) would block for about 10 seconds.
If ajax requests are seeing race conditions related to sessions then it
is usually due to a custom session implementation that doesn't perform
locking.
Cheers,
Rob.
Rob:
I wasn't addressing ajax. But considering the question has been
raised -- the race problem is not limited to, or caused by, sessions
and appears to be further complicated by browsers.
Please note the following relevant excerpts taken from the following link:
http://swik.net/Ajax/Ajax-Development-Gotchas
Multiple Ajax Requests are not fired in order.
IE, breaking from a long tradition of ignoring independent standards,
chooses to follow the HTTP 1.1 RFC 2616 to the letter, which means
that IE may only have two XMLHttpRequests open at a time; after which
IE will retain an internal queue of requests which will be serviced
in no particular order. Even if the requests are fired in order, the
nature of the internet dictates that they will not be received in
order, so never write code that assumes XMLHttpRequests will be sent
in a particular order.
Firefox also has a similar albeit more liberal limitation in the
number of simultaneous XMLHttpRequests that may be open; however in
Firefox 1.5, the developer may modify the priority of the internal
request queue.
Asynchronous XMLHttpRequests responses will arrive in no particular order.
As implied by the word Asynchronous, XMLHttpRequest responses may
arrive at any time in an unpredictable order that is ignorant of
developer intent, happily executing callbacks in the random order in
which they eventually wind up on the client.
Synchronous XMLHttpRequests lock up Firefox.
The XMLHttpRequest method provides a third argument, which defines
whether the Ajax requests are submitted synchronously or
asynchronously. (xmlhttprequest.open('GET',
'http://www.mozilla.org/', false);) On Firefox, setting this value to
false will submit the xmlhttprequest synchronously and lock up the
entire browser for the duration of the request.
And so on...
So, ajax exhibits concerns beyond sessions.
tedd
--
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Can a script run twice?
On Wed, 2006-05-24 at 13:45, tedd wrote: At 12:38 PM -0400 5/24/06, Robert Cummings wrote: On Wed, 2006-05-24 at 09:44, tedd wrote: -snip- Back to the posters problem, which is duplicate dB entries caused by double clicking. Apparently the problem isn't solvable by using tokens, sessions, locking, and such. So why not just check the dB to see if the current record has already been entered? If so, don't do it again. Isn't this a solution? Or is there something here that I'm not understanding? No the problem with ajax and sessions is usually scripts not releasing the session as soon as they are done. In which case an ajax request blocks all other requests with the same session. For instance I have ajax requests that hit the webserver for slow feed requests that can take up to 10 seconds. If I didn't manually close out the session, then all other requests with the same session (either from browser or other ajax requests) would block for about 10 seconds. If ajax requests are seeing race conditions related to sessions then it is usually due to a custom session implementation that doesn't perform locking. Cheers, Rob. Rob: I wasn't addressing ajax. But considering the question has been raised -- the race problem is not limited to, or caused by, sessions and appears to be further complicated by browsers. Please note the following relevant excerpts taken from the following link: http://swik.net/Ajax/Ajax-Development-Gotchas Multiple Ajax Requests are not fired in order. This is NOT a race issue. It's an ordering issue which is a different problem. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Can a script run twice?
Robert Cummings wrote: Apparently the problem isn't solvable by using tokens, sessions, locking, and such. So why not just check the dB to see if the current record has already been entered? If so, don't do it again. Isn't this a solution? Or is there something here that I'm not understanding? ...or maybe do a 'REPLACE...' rather than an 'INSERT...'? That way the record is not entered into the database twice if it already exists. Might be a more economical way than doing a lookup/compare/write if sequence. JM I didn't suggest using either. I just said check first before adding a duplicate record. However, using REPLACE rather than INSERT would probably be best. The MySQL manual states that REPLACE works exactly like INSERT except REPLACE either inserts, or deletes and inserts. So, it's still a lookup/compare/write if sequence, but it's an internal mysql operation, which should be quicker and less coding (i.e., more economical) than using php/mysql to do it. This stuff presumes you have an ID upon which to replace. What about task/bug type submissions where the entry is created upon submission with it's own unique key? And I don't use anything as unreliable as MySQL to generate the ID's (check sig) ;) I have already indicated that my problem was caused by NOT updating the _SESSION soon enough. Having added that, then the second 'run' simply kicks out because the the 'browser' is already flagged as serving. The delay caused by accessing the ID to use for the next record allowed the second 'run' to start a second request. So initially I've set the ID to -1 and used that as a 'busy' flag, until firebird returns the real one, which as solved most of the problems. I just had not appreciated that the second 'run' would start when the first was waiting for the database response. When things are on the same machine, the response is fast, but looking to a separate database server allows a bigger window which the second 'run' slipped into hence the differences between sites. The double click action on Moz allowed me to track exactly what was going on, but a simple _SESSION[ID] = -1 solved the problem :) There is still a possibility that the second 'run' will beat the first run, but in that case I would expect the first one to be scrapped instead ;) -- Lester Caine - G8HFL - L.S.Caine Electronic Services - http://home.lsces.co.uk Model Engineers Digital Workshop - http://home.lsces.co.uk/ModelEngineersDigitalWorkshop/ Treasurer - Firebird Foundation Inc. - http://www.firebirdsql.org/index.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] storing single and double quote in MySQL
if magic_quotes_gpc is On, does it add slashes in front of quotes when
submit through form?
Mean, if I submit in input form (text) afan's crazy web, after
echo $_POST['record'];
I'll get afan\'s \crazy\ web. Is this because of magic_quote_gps is On?
-afan
Security wise, it is best to turn it off...
Yes, you *might* have to redo code if you turn it off...
(Of course in future versions you will not be able to turn it on, so
code migration might be better now then later)
Your options are:
- turn it off, see what breaks and fix it.
- or use the stripslashes() function on all $_POST, session and cookie
variables *before* you use the mysql_real_escape_string() function. You
only really need to do such things when that data is going into the
database! So any control variables passed via get, post, etc.. do not
need to be cleaned up, just use as they are.
-Brad
[EMAIL PROTECTED] wrote:
yes. it's *On*
if I turn it Off - I have to redo a lot of code, then right?
What would be the best solution (and few options too :))?
-afan
in your php.ini file what is the value of:
magic_quotes_gpc?
(hint: should be off, if it is on, then you are add slashes twice...)
-Brad
[EMAIL PROTECTED] wrote:
ok. I just made one test and if you can then explain something to me:
I entered in form (textarea)
afan's crazy web
and stored in db using mysql-real_escape_string().
in DB, it's stored with slashes:
afan\'s \crazy\ web
Then I pulled that from DB on three different ways:
$query = mysql_query(select test from dbtest where rec_id = 5);
$result = mysql_fetch_array($query);
echo $result['gen_value']; // gives afan\'s \crazy\ web
echo stripslashes($result['gen_value']);// gives afan's
crazy web
echo htmlentities($result['gen_value']);// gives afan\'s
\crazy\
web
if stripslashes() is not correcct to use - what then?!?
-afan
[EMAIL PROTECTED] wrote:
after these very helpfull comments, I rad (again) Shiflett's (and few
others) Security articles about filtering input and output. And more
I
read - less is clear :(
Before, I used addslash() before I insert data in database and
strislshe()
to show them on screen.
Later found it's not good and start using mysql_real_escae_string()
to
add
to DB and stripslashe() to show on screen.
If you have to stripslashes() when you pull data out of the db, you're
doing something wrong (like running with magic_quotes* on, therefore
double escaping your data).
But, also, I thought, mysql_real_escape_string() is filter for
everything, e.g. lets have three links (add, delete, edit) as
mysql_real_escape_string() *only* escapes the data which needs to be
escaped for your particular db version.
a href=index.php?action=addrec_id=$rec_idAdd new/a
a href=index.php?action=editrec_id=$rec_idEdit/a
a href=index.php?action=deleterec_id=$rec_idDelete/a
and was doing this way:
#index.php
?php
if($_GET['action'])
{
$action = mysql_real_escape_string($_GET['action']);
$rec_id = mysql_real_escape_string($_GET['rec_id']);
switch($action)
{
case 'add':
// add new record
break;
case 'edit':
// edit record
break;
case 'delete':
// delete record
break;
}
}
?
it means that $action I will never store in DB, neither show on
screen.
I
then wrong to
$action = mysql_real_escape_string($_GET['action']);
or I should
$action = htmlentities($_GET['action']);
or
$action = $_GET['action'];
is just fine?
If you're not going to display it or insert it...if all you're doing
is
checking the value of it, then you don't need to modify it.
--
John C. Nichel IV
Programmer/System Admin (ÜberGeek)
Dot Com Holdings of Buffalo
716.856.9675
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: parsing/replacing for special MS Word characters
I Dan McCullough wrote: I have a friend who I wrote some very simple publishing software, basically he takes his writtings and puts them online. Well his writtings are in Word and so he has alot of special characters that he inputs, some unknowingly, into the database. Are there any classes or samples of what others have done to strip/replace/find these special characters, I have asked him to be careful, but he will do it once or twice and then forget and lapse, and I get a call saying can you help me get these out. Any idea I use in the header meta http-equiv=Content-Type content=text/html;charset=utf-8 Then for the uploaded text: $translate_array= array(//converts MS chars to html; this will catch most of them chr(133)= '...', chr(145)= '\'', chr(146)= '\'', chr(147)= '', chr(148)= '', chr(150)= '-', chr(151)= '-', ); $str= strtr($str, $translate_array); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about set_time_out and shell_exec
On 5/24/06, Suhas [EMAIL PROTECTED] wrote: Hi, I am trying to write a script which will avoid browser timeout problem and in that process I have created 2 files FILE1.php: set_time_out(1); echo shell_exec(/usr/local/bin/php -f FILE2.php ); FILE2.php: @mail($to,$sub,$msg); sleep(60); @mail($to,$sub,$msg); I run File1.php thr' browser and I get 2 emails 1 min apart. But browser does not timeout and PHP also does not throw error about timeout even if I have specified time limit to 1sec. Is there any explanation to this behaviour? Things that happen outside the execution of the script like program execution with system() or shell_exec() are not affected by set_time_limit. This is mentioned in the docs: php.net/set_time_limit. Rabin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] storing single and double quote in MySQL
On 5/24/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: if magic_quotes_gpc is On, does it add slashes in front of quotes when submit through form? Mean, if I submit in input form (text) afan's crazy web, after echo $_POST['record']; I'll get afan\'s \crazy\ web. Is this because of magic_quote_gps is On? Yep! http://us2.php.net/magic_quotes What are Magic Quotes When on, all ' (single-quote), (double quote), \ (backslash) and NULL characters are escaped with a backslash automatically. This is identical to what addslashes() does. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Looping through a Db query result twice in PEAR
Greetings All,
I have a problem that I usually solve in MySQL pretty easily, but using
PEAR identifiers are not working.
Any suggestions.
I want to loop through a result set in two different while loops that
are not nested.
I am able to do in it MySQl as follows
$sql=Some query;
$result = $conn-query($sql);
while ($row = $result-fetchArray()) {
echo $row['hey'];
}
while ($row2 = $result-fetchArray()) {
echo $row2['otherhey'];
}
This has worked in the past and I do not have to hit up the DB twice for
the same information.
However when I try something similar with PEAR it does not work.
So the below does not work. This is my first time using PEAR.
So can anyone help me out.
I cannot seem to find anything about this on the documentation online.
$sql=Some query;
$result = $db-query($sql);
while($result-fetchInto($data)) {
echo \t\t\tlia
href=\#$data[id]\$data[question]/a/li\n;
}
while($result-fetchInto($data2)) {
echo a name=\#$data2[id]\$data2[answer]/a/li\n;
}
Thanks
Phillip
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Looping through a Db query result twice in PEAR
Shouldn't it be;
$sql=Some query;
$result = $conn-query($sql);
//V VVV
while ($row = $conn-fetchArray($result)) {
echo $row['hey'];
}
// V VVV
while ($row2 = $conn-fetchArray($result)) {
echo $row2['otherhey'];
}
Warren Vail
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Serialize
At 10:50 AM +0100 5/24/06, [EMAIL PROTECTED] wrote: Hi, Is a serialized array a safe string to insert into a mysql text field? Or is a function such as mysql_real_escape_string always needed? regards Simon. Simon: If you want to store a serialized array in mysql, then you must use mysql_real_escape_string to cover the possibility that your array values may have quotes and other such stuff that a mysql query would stumble on. Also, the following is what I discovered from my own investigation. Please note that normally when you place data into mysql using mysql_real_escape_string -- you also use htmlentities to pull it out -- if -- your going to show it to a browser. But, if you do that, then you can't subsequently also unserialized the string into an array. You must unserialized the array directly from mysql and not after htmlentities. It's interesting that an inspection of a serialized array string before and after htmlentities may look the same, but they aren't. hth's tedd -- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Looping through a Db query result twice in PEAR
On Wed, May 24, 2006 at 02:28:33PM -0600, Phillip S. Baker wrote:
Greetings All,
I have a problem that I usually solve in MySQL pretty easily, but using
PEAR identifiers are not working.
Any suggestions.
I want to loop through a result set in two different while loops that
are not nested.
I am able to do in it MySQl as follows
$sql=Some query;
$result = $conn-query($sql);
I'm not sure how this is mysql specific. it appears that this is
some class you are using.
while ($row = $result-fetchArray()) {
echo $row['hey'];
}
while ($row2 = $result-fetchArray()) {
echo $row2['otherhey'];
}
This has worked in the past and I do not have to hit up the DB twice for
the same information.
The class you are using probably does some caching of the result so
you are able to do this.
However when I try something similar with PEAR it does not work.
So the below does not work. This is my first time using PEAR.
So can anyone help me out.
I cannot seem to find anything about this on the documentation online.
$sql=Some query;
$result = $db-query($sql);
while($result-fetchInto($data)) {
echo \t\t\tlia
href=\#$data[id]\$data[question]/a/li\n;
}
while($result-fetchInto($data2)) {
echo a name=\#$data2[id]\$data2[answer]/a/li\n;
}
This is sort of expected with any interface, if you want to start
over you would probably have a $result-seek() call resetting the
result to the beginning of the result set. I dont think pear
has such a thing. The pear mailing list might be more helpful.
Curt.
--
cat .signature: No such file or directory
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to disable PHP's POST caching?
On Tue, May 23, 2006 at 06:37:27PM -0400, Adam Zey wrote: The data going from client-server needs to be sent over an HTTP connection, which seems to limit me to PUT and POST requests, since they're the only ones that allow significant quantities of data to be sent by the client. Ideally, there should be no delay between the client wanting to send data and the data being sent over the connection; it should be as simple as wrapping the data and sending. So, I need some way to send data to a PHP script that lives on a webserver without any buffering going on. My backup approach, as I described in another mail, involves client-side buffering and multiple POST requests. But that induces quite a bit of latency, which is quite undesirable. How much data are you sending? A POST shouldn't cause that much delay unless your talking about a lot of POST data Curt. -- cat .signature: No such file or directory -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to disable PHP's POST caching?
Curt Zirzow wrote: On Tue, May 23, 2006 at 06:37:27PM -0400, Adam Zey wrote: The data going from client-server needs to be sent over an HTTP connection, which seems to limit me to PUT and POST requests, since they're the only ones that allow significant quantities of data to be sent by the client. Ideally, there should be no delay between the client wanting to send data and the data being sent over the connection; it should be as simple as wrapping the data and sending. So, I need some way to send data to a PHP script that lives on a webserver without any buffering going on. My backup approach, as I described in another mail, involves client-side buffering and multiple POST requests. But that induces quite a bit of latency, which is quite undesirable. How much data are you sending? A POST shouldn't cause that much delay unless your talking about a lot of POST data Curt. Please see my more recent messages on the subject for the reasoning behind this. It's interactive data being sent that may require an immediate response. If a user is tunneling a telnet session, they expect a response within a matter of milliseconds, not seconds. POST holds onto the data until the client is done uploading, which with a persistant POST request never happens, which is why I spoke of multiple POST requests above and in more recent messages. Regards, Adam Zey. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] storing single and double quote in MySQL
At 8:14 PM +0200 5/24/06, [EMAIL PROTECTED] wrote: if magic_quotes_gpc is On, does it add slashes in front of quotes when submit through form? Mean, if I submit in input form (text) afan's crazy web, after echo $_POST['record']; I'll get afan\'s \crazy\ web. Is this because of magic_quote_gps is On? -afan afan: You're getting the idea. Whatever is in your mysql dB should look just like it would in print with quotes and all -- and without any escape characters preceding them. So, if your records in mysql (when viewed via something like myphpadmin) have something like this O\'Mally, then the data is wrong. It should be O'Mally and thus somewhere you, or magic_quotes, have added slashes. So, backup to your original data, turn magic_quotes OFF, use mysql_real_escape_string to prepare the data and then add that data to your mysql. Upon retrieval of the data from mysql -- if -- you want to show it to a browser, then use htmlentities. Remember mysql_real_escape_string IN and htmlentities OUT and the world will be well. I don't know if you are working in the same type of environment as me, but I fixed mine by adding a .htacess file to my root. The code is simply a text file like so: php_value magic_quotes_gpc 0 php_value magic_quotes_sybase 0 php_value magic_quotes_runtime 0 That might work for you -- others on this list may have more detailed information. In any event, IMO do everything you can to turn magic_quotes OFF because after that, then everything will be easier and you'll never have to worry about when, or if, you should add_lashes, strip_lashes, and other such confusing stuff. hth's tedd -- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Syntax to call a class' methods in your own class
What is the correct syntax for calling methods from other classes
into your own class ?
Example:
Calling the ADODB class with:
$this-conn=ADONewConnection('mysql');
This works:
$rs= $this-conn-GetAll(SELECT title FROM content WHERE page_id= ?,
$id);
This fails:
while (!$rs-$this-conn-EOF)
{
// iterate through $rs
}
Can someone point me in the right direction ?
I did not want to use 'Extends' because I wanted incorporate several
pre-existing classes,like ADODB, into my own class
I am more than a bit new at OOP so any help is appreciated.
Code:
?php
require (./adodb/adodb.inc.php);
$PageBuilder = new PageBuilder();
$PageBuilder-getPageTextbyID($id=1);
//--
class PageBuilder{
public function __construct() {
$this-connect2db('localhost','u','p','db');
}
public function __destruct() {
# Close the db connection
$this-conn-Close();
}
// Methods within the PageBuilder Class //
private function connect2db()
{
$this-conn=ADONewConnection('mysql');
$this-conn-Connect($server,$u,$p,$db);
}
public function getPageTextbyID($id)
{
// this query DOES work
$rs= $this-conn-GetAll(SELECT title FROM content WHERE page_id= ?,
$id);
// ---Now iterate through $rs//
// Original Iteration Code
while (!$rs-EOF) {
for ($i=0, $max=$rs-FieldCount(); $i $max; $i++)
print $result-fields[$i].' ';
$rs-MoveNext();
print br\n;
//Failed: First Attempt using $this-
while (!$rs-$this-conn-EOF)
{
for ($i=0, $max=$rs-$this-conn-FieldCount(); $i $max; $i++)
echo the result is:. $rs-$this-conn-fields[$i].' ';
$rs-$this-conn-MoveNext();
print br\n;
}
// Failed: Second Attempt using ::
while (!$rs-conn::EOF)
{
for ($i=0, $max=$rs-conn::FieldCount(); $i $max; $i++)
echo $rs-conn::fields[$i].' ';
$rs-conn::MoveNext();
print br\n;
}
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] preg_replace learning resources? Regex tuts? Tips? (and yes, I have been rtfm)
Hi all, I have been rtfm on preg_replace, and I am a bit turned-off by how complex reg-exing appears to be anyway, I would like to spend some time learning how I would convert a file full of links that look like: A HREF=/viewentry.asp?ID=343323PT=PERSONALITIES TARGET=_topFake Link 1/A A HREF=/viewentry.asp?ID=328474PT=PERSONALITIESFake Link 2/A A HREF=/viewentry.asp?ID=340492PT=PERSONALITIESFake Link 3/A A HREF=/viewentry.asp?ID=339795PT=PERSONALITIESFake Link 4/A And make them look like this: a href=http://www.site.com/viewentry.asp?ID=343323amp;PT=PERSONALITIES; target=_blankFake Link 1/a a href=http://www.site.com/viewentry.asp?ID=328474amp;PT=PERSONALITIES; target=_blankFake Link 2/a a href=http://www.site.com/viewentry.asp?ID=340492amp;PT=PERSONALITIES; target=_blankFake Link 3/a a href=http://www.site.com/viewentry.asp?ID=339795amp;PT=PERSONALITIES; target=_blankFake Link 4/a Basically, I would like to make the links/code xhtml transitional, make the links absolute, add quotes where needed, convert to amp;, and make them open in a blank window... it would be cool to trash everything except for the url and link description (in other words, if any of the links have, for example, TARGET=_top, it would just ignore and grab only what I want from source file Any good links to tutorials and/or resources that teach one how to scrub urls with PHP and regex? Many TIA! Cheers, Micky -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Filtering (was storing single and double quote in MySQL)
At 4:28 PM +0200 5/24/06, [EMAIL PROTECTED] wrote:
after these very helpfull comments, I rad (again) Shiflett's (and few
others) Security articles about filtering input and output. And more I
read - less is clear :(
and
At 6:07 PM +0200 5/24/06, [EMAIL PROTECTED] wrote:
Ok. Looks like I DID miss the point :)
I thought that with mysql_real_escape_string() HAVE TO add slash in front
of a quote and THAT's filtering.
No, that's NOT filtering input, as per Shiflett's book.
Filtering input is proving that the data coming is -- IS -- valid data!
Take for example the code he shows on page 11 of his book (Essential
PHP Security) where:
?php
$clean = array();
switch($$_POST['color'])
{
case 'red':
case 'green':
case 'blue':
$clean['color'} = $_POST['color'];
break;
}
?
If you inspect this code, you will see that the array $clean will
never have anything in it that's not 'red', 'green', or 'blue' --
that's filtering input as per Shiflett.
And, that makes prefect sense to me.
tedd
PS: I changed the subject line because it's a different subject. :-)
--
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] preg_replace learning resources? Regex tuts? Tips? (and yes, I have been rtfm)
Micky Hulse wrote: Any good links to tutorials and/or resources that teach one how to scrub urls with PHP and regex? Ah, missed this in the comment section of the manual: http://www.tote-taste.de/X-Project/regex/index.php Looks like a good place to start. :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Syntax to call a class' methods in your own class
This works:
$rs= $this-conn-GetAll(SELECT title FROM content WHERE
page_id= ?,
$id);
You can't iterate through an array like you are trying to do. Using the
GetAll() function returns an array, you have to use the Execute()
function to be able to iterate through $rs like you are trying to do:
$rs= $this-conn-Execute(SELECT title FROM content WHERE page_id=
?,$id);
This fails:
while (!$rs-$this-conn-EOF)
{
// iterate through $rs
}
Try:
while(!$rs-EOF)
{
// do whatever
$rs-MoveNext();
}
You may want to take a look at the phpgacl (http://phpgacl.sf.net)
class, it has integrated ADODB so it may be a good example for you to
follow.
HTH,
Brady
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to disable PHP's POST caching?
On Tue, May 23, 2006 at 03:51:51PM -0400, Adam Zey wrote: PHP seems to cache POST data, and waits for the entire POST to finish sending before it makes it available to php://input. I'd like to be able to read the post data from php://input while the client is still uploading it. How can I cause PHP to make the POST data available right away instead of after the client finishes sending? One thing you can do is limit the size of the post_max_size and upload_max_filesize (if using an upload) to someting like 1. php will issue a warning and not read the POST data. You then can read the contents of what was sent via php://input or php://stdin, i forget wich one it is. Of course you will need to read the data and parse the raw data as it was sent from the browser. HTH, Curt. -- cat .signature: No such file or directory -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to disable PHP's POST caching?
On Wed, May 24, 2006 at 05:44:56PM -0400, Adam Zey wrote: Curt Zirzow wrote: On Tue, May 23, 2006 at 06:37:27PM -0400, Adam Zey wrote: The data going from client-server needs to be sent over an HTTP connection, which seems to limit me to PUT and POST requests, since they're the only ones that allow significant quantities of data to be sent by the client. Ideally, there should be no delay between the client wanting to send data and the data being sent over the connection; it should be as simple as wrapping the data and sending. So, I need some way to send data to a PHP script that lives on a webserver without any buffering going on. My backup approach, as I described in another mail, involves client-side buffering and multiple POST requests. But that induces quite a bit of latency, which is quite undesirable. How much data are you sending? A POST shouldn't cause that much delay unless your talking about a lot of POST data Curt. Please see my more recent messages on the subject for the reasoning behind this. It's interactive data being sent that may require an I didn't ask why... I was asking how much. immediate response. If a user is tunneling a telnet session, they expect a response within a matter of milliseconds, not seconds. POST holds onto the data until the client is done uploading, which with a persistant POST request never happens, which is why I spoke of multiple POST requests above and in more recent messages. The only way you will be able to read data as it comes in is by removing php's reading and parsing of data from the HTTP posted data. I posted how to do this on a different thread. Curt. -- cat .signature: No such file or directory -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Upload files problems
Hi!
When the users of my system try to go up files of more than 460 K, they
receive the message:
Fatal error: Maximum execution time of 90 seconds exceeded in
c:\websites\iracbiogenar48\iracbiogen.com.ar\virtual\procesa_msjpriv.php on
line 2
I'm using the following method to up load the files:
if($archivo_name)
{
$dpath=./archivos_recibidos/.$archivo_name;
if(move_uploaded_file($archivo, $dpath))
{//Se realiza la transmision del archivo al servidor.
echo font size=2 face=Arial, Helvetica, sans-serifEl archivo
.$archivo_name.. ha sido transferido exitosamente./font/div/td;
}
else
{
echo font size=2 face=Arial, Helvetica,
sans-serifADVERTENCIA: El arcvhio .$archivo_name.. no ha podido
enviarse./font/div/td;
}
Do I have control on these 90 seconds? or is a parameter of the server?
What can I do to solve this problem?
Ahead of time thank you very much,
Tom.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Syntax to call a class' methods in your own class
Here's a link to a series of 4 articles that explain aggregation in
PHP.as this sounds like what you want to do.
http://www.devshed.com/c/a/PHP/Object-Interaction-in-PHP-Introduction-to-Aggregation-part-1/
HTH
Steve
Graham Anderson [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
What is the correct syntax for calling methods from other classes into
your own class ?
Example:
Calling the ADODB class with:
$this-conn=ADONewConnection('mysql');
This works:
$rs= $this-conn-GetAll(SELECT title FROM content WHERE page_id= ?,
$id);
This fails:
while (!$rs-$this-conn-EOF)
{
// iterate through $rs
}
Can someone point me in the right direction ?
I did not want to use 'Extends' because I wanted incorporate several
pre-existing classes,like ADODB, into my own class
I am more than a bit new at OOP so any help is appreciated.
Code:
?php
require (./adodb/adodb.inc.php);
$PageBuilder = new PageBuilder();
$PageBuilder-getPageTextbyID($id=1);
//--
class PageBuilder{
public function __construct() {
$this-connect2db('localhost','u','p','db');
}
public function __destruct() {
# Close the db connection
$this-conn-Close();
}
// Methods within the PageBuilder Class //
private function connect2db()
{
$this-conn=ADONewConnection('mysql');
$this-conn-Connect($server,$u,$p,$db); }
public function getPageTextbyID($id)
{
// this query DOES work
$rs= $this-conn-GetAll(SELECT title FROM content WHERE page_id= ?,
$id);
// ---Now iterate through $rs//
// Original Iteration Code
while (!$rs-EOF) {
for ($i=0, $max=$rs-FieldCount(); $i $max; $i++)
print $result-fields[$i].' ';
$rs-MoveNext();
print br\n;
//Failed: First Attempt using $this-
while (!$rs-$this-conn-EOF)
{
for ($i=0, $max=$rs-$this-conn-FieldCount(); $i $max; $i++)
echo the result is:. $rs-$this-conn-fields[$i].' ';
$rs-$this-conn-MoveNext();
print br\n;
}
// Failed: Second Attempt using ::
while (!$rs-conn::EOF)
{
for ($i=0, $max=$rs-conn::FieldCount(); $i $max; $i++)
echo $rs-conn::fields[$i].' ';
$rs-conn::MoveNext();
print br\n;
}
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Syntax to call a class' methods in your own class
Here's a link to a series of 4 articles that explain aggregation in
PHP.as this sounds like what you want to do.
http://www.devshed.com/c/a/PHP/Object-Interaction-in-PHP-Introduction-to-Aggregation-part-1/
HTH
Steve
Graham Anderson [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
What is the correct syntax for calling methods from other classes into
your own class ?
Example:
Calling the ADODB class with:
$this-conn=ADONewConnection('mysql');
This works:
$rs= $this-conn-GetAll(SELECT title FROM content WHERE page_id= ?,
$id);
This fails:
while (!$rs-$this-conn-EOF)
{
// iterate through $rs
}
Can someone point me in the right direction ?
I did not want to use 'Extends' because I wanted incorporate several
pre-existing classes,like ADODB, into my own class
I am more than a bit new at OOP so any help is appreciated.
Code:
?php
require (./adodb/adodb.inc.php);
$PageBuilder = new PageBuilder();
$PageBuilder-getPageTextbyID($id=1);
//--
class PageBuilder{
public function __construct() {
$this-connect2db('localhost','u','p','db');
}
public function __destruct() {
# Close the db connection
$this-conn-Close();
}
// Methods within the PageBuilder Class //
private function connect2db()
{
$this-conn=ADONewConnection('mysql');
$this-conn-Connect($server,$u,$p,$db); }
public function getPageTextbyID($id)
{
// this query DOES work
$rs= $this-conn-GetAll(SELECT title FROM content WHERE page_id= ?,
$id);
// ---Now iterate through $rs//
// Original Iteration Code
while (!$rs-EOF) {
for ($i=0, $max=$rs-FieldCount(); $i $max; $i++)
print $result-fields[$i].' ';
$rs-MoveNext();
print br\n;
//Failed: First Attempt using $this-
while (!$rs-$this-conn-EOF)
{
for ($i=0, $max=$rs-$this-conn-FieldCount(); $i $max; $i++)
echo the result is:. $rs-$this-conn-fields[$i].' ';
$rs-$this-conn-MoveNext();
print br\n;
}
// Failed: Second Attempt using ::
while (!$rs-conn::EOF)
{
for ($i=0, $max=$rs-conn::FieldCount(); $i $max; $i++)
echo $rs-conn::fields[$i].' ';
$rs-conn::MoveNext();
print br\n;
}
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Upload files problems
Ing. Tomás Liendo wrote:
Hi!
When the users of my system try to go up files of more than 460 K, they
receive the message:
Fatal error: Maximum execution time of 90 seconds exceeded in
c:\websites\iracbiogenar48\iracbiogen.com.ar\virtual\procesa_msjpriv.php on
line 2
I'm using the following method to up load the files:
if($archivo_name)
{
$dpath=./archivos_recibidos/.$archivo_name;
if(move_uploaded_file($archivo, $dpath))
{//Se realiza la transmision del archivo al servidor.
echo font size=2 face=Arial, Helvetica, sans-serifEl archivo
.$archivo_name.. ha sido transferido exitosamente./font/div/td;
}
else
{
echo font size=2 face=Arial, Helvetica,
sans-serifADVERTENCIA: El arcvhio .$archivo_name.. no ha podido
enviarse./font/div/td;
}
Do I have control on these 90 seconds? or is a parameter of the server?
What can I do to solve this problem?
Ahead of time thank you very much,
Tom.
See http://php.net/set_time_limit, although it might not work if your
host uses safe mode.
- Ryan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] preg_replace learning resources? Regex tuts? Tips? (and yes, I have been rtfm)
--- Micky Hulse [EMAIL PROTECTED] wrote: Micky Hulse wrote: Any good links to tutorials and/or resources that teach one how to scrub urls with PHP and regex? Hey, Am learning from here: http://weblogtoolscollection.com/regex/regex.php found it via google (note: Am in NO way connected to that site) HTHs...Cheers, Ryan -- - The faulty interface lies between the chair and the keyboard. - Creativity is great, but plagiarism is faster! - Smile, everyone loves a moron. :-) __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] preg_replace learning resources? Regex tuts? Tips? (and yes, I have been rtfm)
Ryan A wrote: http://weblogtoolscollection.com/regex/regex.php HTHs...Cheers, Yeah, looks like a great resource, thanks! :) Cheers, m -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Syntax to call a class' methods in your own class
thanks :)
that helps
g
On May 24, 2006, at 3:19 PM, Brady Mitchell wrote:
This works:
$rs= $this-conn-GetAll(SELECT title FROM content WHERE
page_id= ?,
$id);
You can't iterate through an array like you are trying to do.
Using the
GetAll() function returns an array, you have to use the Execute()
function to be able to iterate through $rs like you are trying to do:
$rs= $this-conn-Execute(SELECT title FROM content WHERE page_id=
?,$id);
This fails:
while (!$rs-$this-conn-EOF)
{
// iterate through $rs
}
Try:
while(!$rs-EOF)
{
// do whatever
$rs-MoveNext();
}
You may want to take a look at the phpgacl (http://phpgacl.sf.net)
class, it has integrated ADODB so it may be a good example for you to
follow.
HTH,
Brady
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 3DES w/ openssl_{csr,pkey}_new ?
Brian A. Seklecki wrote: RSA and DSA are different types of key formats. They do not imply protecting the private keywith an encryption algorithm. If you look at gendsa(1) or genrsa(1), you will see that passphrase protection is optional to both, and that there a good many choices. default_md is actually something from ca(1), it's the crypto signature algorithm for public keys / certificates, and really doesn't apply to private keys. That's all nice but doesn't change the answer to your question - php only supports creating one type of key. If you want to create different types of keys then join the php-internals list and discuss it with them - maybe it'll become available in a future php version. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
