Re: [PHP] CSS position:absolute for INPUT ... on form
I think you cannot directly position the input tag itself, but rather you should create a div around the input tag and position that div greets Zoltán Németh 2007. 04. 20, péntek keltezéssel 22.33-kor rwhartung ezt írta: Hi all, I have an internal project where I need to position input text boxes to simulate a desktop app that i am replacing. Can I define a stylesheet with absolute positioning for INPUTs. If so do the calls to class=... or index=... work in placed within the INPUT . . . statement? My understanding is that the INPUT is an inline element and that absolute positioning may be difficult. I have looked at well over 100 google responses without finding a clear answer. Thanks, Bob -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Find MAC Address in PHP
The OP said he wants MACs for the machines on his local LAN. In that case I don't think he would have meet the things you said. greets Zoltán Németh 2007. 04. 21, szombat keltezéssel 07.49-kor Satyam ezt írta: Don't bother, if you manage to get a MAC, it won't be that of the client machine in the majority of cases since the IP you get for the request is not, in most cases, the one for that machine, but that of the proxy, router and zillion of other things that step in the middle and change the IP. Satyam - Original Message - From: Nathaniel Hall [EMAIL PROTECTED] To: php-general@lists.php.net Sent: Friday, April 20, 2007 10:00 PM Subject: [PHP] Find MAC Address in PHP Hi all, I am attempting to find the MAC address of systems visiting my page from the local LAN. I have tried several things, but it appears it will not let me run system commands. For example, running ?php $MAC = system(arp 192.168.200.254); echo $MAC; ? does not give me any output. I have copied arp to a place that the apache user can execute from and ensured arp is executable. This is on a Fedora Core 6 box running PHP 5.1.6-3.4 and Apache 2.2.3-5. Any help is appreciated. -- Nathaniel Hall -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 269.5.5/769 - Release Date: 19/04/2007 17:56 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Find MAC Address in PHP
I'm sorry, I missed that, you are right, unless there are subnets within the company, several offices in distant locations. Satyam - Original Message - From: Zoltán Németh [EMAIL PROTECTED] To: Satyam [EMAIL PROTECTED] Cc: Nathaniel Hall [EMAIL PROTECTED]; php-general@lists.php.net Sent: Saturday, April 21, 2007 9:10 AM Subject: Re: [PHP] Find MAC Address in PHP The OP said he wants MACs for the machines on his local LAN. In that case I don't think he would have meet the things you said. greets Zoltán Németh 2007. 04. 21, szombat keltezéssel 07.49-kor Satyam ezt írta: Don't bother, if you manage to get a MAC, it won't be that of the client machine in the majority of cases since the IP you get for the request is not, in most cases, the one for that machine, but that of the proxy, router and zillion of other things that step in the middle and change the IP. Satyam - Original Message - From: Nathaniel Hall [EMAIL PROTECTED] To: php-general@lists.php.net Sent: Friday, April 20, 2007 10:00 PM Subject: [PHP] Find MAC Address in PHP Hi all, I am attempting to find the MAC address of systems visiting my page from the local LAN. I have tried several things, but it appears it will not let me run system commands. For example, running ?php $MAC = system(arp 192.168.200.254); echo $MAC; ? does not give me any output. I have copied arp to a place that the apache user can execute from and ensured arp is executable. This is on a Fedora Core 6 box running PHP 5.1.6-3.4 and Apache 2.2.3-5. Any help is appreciated. -- Nathaniel Hall -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 269.5.5/769 - Release Date: 19/04/2007 17:56 -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.463 / Virus Database: 269.5.6/770 - Release Date: 20/04/2007 18:43 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session with microtime
-Message d'origine- De : Matthew Powell [mailto:[EMAIL PROTECTED] Envoyé : vendredi 20 avril 2007 18:57 À : php-general@lists.php.net Objet : Re: [PHP] Session with microtime Panquekas wrote: On 20/04/07, Panquekas [EMAIL PROTECTED] wrote: snip I'm sorry, my mistake. What I tried to say is that the session_start() was on the top of the page, and the if( ) block was after that and the login script was even after the if( ), so the first thing to ran was the session_start() then the if( ) block and after that the login script registering the $_SESSION's. I moved the login script to the middle of the session_start() and the if( ). snip Am I the only one that uses 'session.auto_start = 1'? It saves me from worrying about that type of problem. I like control over what goes on ;) Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] should I be looking to eliminate all notices?
When coding I think it is better to turn error_reporting to E_ALL and try to write code that emits no notices. Of course there might be some notices left, which you decide not to care about, in production notices should be turned off then greets Zoltán Németh 2007. 04. 21, szombat keltezéssel 10.01-kor Ross ezt írta: A quick one this morning. When coding should I be trying to code so there are no notices or is it ok to turn them off. I don't really want to do a isset check for every index I have. Ross -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] should I be looking to eliminate all notices?
Should I care? Is it considered bad practice to just turn them off? Zoltán Németh [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] When coding I think it is better to turn error_reporting to E_ALL and try to write code that emits no notices. Of course there might be some notices left, which you decide not to care about, in production notices should be turned off then greets Zoltán Németh 2007. 04. 21, szombat keltezéssel 10.01-kor Ross ezt írta: A quick one this morning. When coding should I be trying to code so there are no notices or is it ok to turn them off. I don't really want to do a isset check for every index I have. Ross -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] sendmail smrsh symlinks not working against php scripts
On Fri, April 20, 2007 10:27 am, dan1 wrote: I would simply like the script to be executed, when passed as a symlink as argument, instead of a hardlink. The problem is that when I specify the script to be executed (ecardbounce.php) as being a symlink, in the /etc/aliases like this: ecard-bounce: |/usr/bin/php /etc/smrsh/ecardbounce.php, then the script isn't executed. However, when I replace the symlink by a hardlink to the same located script, then it works fine with no problems. I don't think you should be allowing the php binary to be run like that... It's just too easy for some hacker email to run arbitrary PHP code on your box this way, as I understand it... At least that's my recollection of how you do NOT want to set up: sendmail | smrsh | php The Right Way to make sure that only the script you WANT to run is run is to put the actual PHP script in the /etc/smrsh directory, use #! at the top of it, and sendmail pipe the data to the executable .php script. I don't understand what you mean. A lot of people are using the smrsh/sendmail combination to run scripts on their site. more often they use cgi instead of PHP, and now it seems that you are saying that PHP is not a good thing to use with sendmail/smrsh. You are saying that it is not safe to use smrsh/php, yet smrsh has been specifically designed to use sendmail/scripts in a secure way (it stands for restricted shell). How do you explain that the 'sympa' production level bulk email program does use symlinks with sendmail and smrsh the exact same way I do, wouldn't they know that this would be a potential security breach? Also, I did follow exactly the recommendation of smrsh on how to setup symlinks with sendmail and interpreters: http://www.faqs.org/docs/securing/chap22sec182.html I think that I do things the right way, just as many other who use phpp scrits with sendmail to handle e-mail bounces do it, because putting the real file in /etc/smrsh or putting a link to the file in the same diretory doesn't present any security difference, as the script will be exectued exactly the same way, and if a hacker can have access to the symlink, then he will also be able to have access to the real file. Else, I have the safe mode set to off, so the php.ini configuration should not be the problem. Anyway, thanks for your answers Richard, because it helped me to develop my understanding about this problem. I will try to put it in the bug database. Thanks again for your support. Regards, Daniel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] should I be looking to eliminate all notices?
-Message d'origine- De : Ross [mailto:[EMAIL PROTECTED] Envoyé : samedi 21 avril 2007 11:18 À : php-general@lists.php.net Objet : Re: [PHP] should I be looking to eliminate all notices? Should I care? Is it considered bad practice to just turn them off? Yes you should, if you are using undeclared variables, this could lead to coding problems, and/or security problems depending on how you have acces to your php files setup. As a rule of thumb, i declare all variables and do check isset on my indexes, so far my framework/cms has over 4000 lines of codes and i adress each notice and warning accordingly... But then again, this is just my philosophy its really up to you to decide how you code, and how to adress issues that emmit notice messages.. If you don't adresse those message then be sure to turn error_reporting off on your production server. Besides, using isset is a good way of determining certain states of your programm flow, for me it comes in handy rather then being a long task.. I feel full control over what is happening in your script will lead you to 1. less errors, 2. a better understanding of your script wich then leads itself into 3. easier debugging (yup their are a lot of people who have scripts that work but don't really know why! ) Regards, Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] should I be looking to eliminate all notices?
2007. 04. 21, szombat keltezéssel 10.17-kor Ross ezt írta: Should I care? Is it considered bad practice to just turn them off? some people consider it bad practice, yes I personally wouldn't say it is bad practice, but I am sure that in many cases notices can help finding bugs in your code. So I think it is a tool which can help in coding, you decide if you want to use it or not ;) greets Zoltán Németh Zoltn Nmeth [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] When coding I think it is better to turn error_reporting to E_ALL and try to write code that emits no notices. Of course there might be some notices left, which you decide not to care about, in production notices should be turned off then greets Zoltn Nmeth 2007. 04. 21, szombat keltezssel 10.01-kor Ross ezt rta: A quick one this morning. When coding should I be trying to code so there are no notices or is it ok to turn them off. I don't really want to do a isset check for every index I have. Ross -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Preventing SQL Injection/ Cross Site Scripting
-Message d'origine- De : Dotan Cohen [mailto:[EMAIL PROTECTED] Envoyé : samedi 21 avril 2007 03:08 À : php php Objet : [PHP] Preventing SQL Injection/ Cross Site Scripting I've got a comments form that I'd like to harden against SQL Injection / XSS attacks. The data is stored in UTF-8 in a mysql database. I currently parse the data as such: ... The first statement doubles up quotes, it's a bit difficult to see in the code. After seeing this: http://ha.ckers.org/xss.html and another similar one for SQL injection, I'm worried that my filters are not enough. What do the pro php programers out there use? Sql and xss attacks are two different issues that should each be adressed accordingly at at the right time... XSS attacks should be parsed when the form is checked, sql should be adresssed when you are puting the actuall information in the database. PHP has several functions that adress sql injection issues for example as stated: mysql_real_escape_string(); which will safely escape any data used in an sql statement to evade sql injection, thats a good first measure any ways... Second, a mesure that i take for both xss and sql is instead of escaping certain data, i only allow certain data, that i consider safe for display on a web site.. I recommend you dig deeper into that xss page you might even find a script that filters xss.. You might even be able to modify it to suit your needs and/or to harden/better it... Regards, Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Preventing SQL Injection/ Cross Site Scripting
On 21/04/07, Leonard Burton [EMAIL PROTECTED] wrote: Hi Dotan, Why not use mysql_escape_string()? I use mysql_real_escape_string() as the second to last function in there. Dotan Cohen http://dotancohen.com/eng/army_pictures.php http://lyricslist.com/lyrics/artist_albums/575/7a3.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Preventing SQL Injection/ Cross Site Scripting
On 21/04/07, Tim [EMAIL PROTECTED] wrote: -Message d'origine- De : Dotan Cohen [mailto:[EMAIL PROTECTED] Envoyé : samedi 21 avril 2007 03:08 À : php php Objet : [PHP] Preventing SQL Injection/ Cross Site Scripting I've got a comments form that I'd like to harden against SQL Injection / XSS attacks. The data is stored in UTF-8 in a mysql database. I currently parse the data as such: ... The first statement doubles up quotes, it's a bit difficult to see in the code. After seeing this: http://ha.ckers.org/xss.html and another similar one for SQL injection, I'm worried that my filters are not enough. What do the pro php programers out there use? Sql and xss attacks are two different issues that should each be adressed accordingly at at the right time... XSS attacks should be parsed when the form is checked, sql should be adresssed when you are puting the actuall information in the database. The information is inserted into the database right after it is checked. PHP has several functions that adress sql injection issues for example as stated: mysql_real_escape_string(); which will safely escape any data used in an sql statement to evade sql injection, thats a good first measure any ways... Yes, that is the second to last function that I'm using. Second, a mesure that i take for both xss and sql is instead of escaping certain data, i only allow certain data, that i consider safe for display on a web site.. Although I can semicolons and the like, greater than and less than signs I want to keep as there are some rather witty people from the Mathematics faculty who will be using the comments. I'll str_replace() them to gt; and lt; however. I recommend you dig deeper into that xss page you might even find a script that filters xss.. You might even be able to modify it to suit your needs and/or to harden/better it... Obviously I keep missing it. I've reread it twice since you mention there is a filter script and can't find it. I've followed most of the links as well. I'll keep looking. Dotan Cohen http://what-is-what.com/what_is/blog.html http://ultu.com
Re: [PHP] upload file then move between servers
On 4/21/07, blackwater dev [EMAIL PROTECTED] wrote: I need to allow a user to upload a file. Once the file is up, I need to then move it to another server and wsync it to our webclusters. What's the best way to do this with php? I don't really want php issuing root commands. I've considered storing the file in the db but really need it to be scanned (they should just be images) then pushed out to my servers. Thanks! You could transfer files between servers using FTP.Or using internal network connections. like if you have mounted the second server at /mnt/server2, you could simply move the file with the built in PHP command. http://www.php.net/move_uploaded_file Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Preventing SQL Injection/ Cross Site Scripting
2007. 04. 21, szombat keltezéssel 13.20-kor Dotan Cohen ezt írta: On 21/04/07, Tim [EMAIL PROTECTED] wrote: -Message d'origine- De : Dotan Cohen [mailto:[EMAIL PROTECTED] Envoyé : samedi 21 avril 2007 03:08 À : php php Objet : [PHP] Preventing SQL Injection/ Cross Site Scripting I've got a comments form that I'd like to harden against SQL Injection / XSS attacks. The data is stored in UTF-8 in a mysql database. I currently parse the data as such: ... The first statement doubles up quotes, it's a bit difficult to see in the code. After seeing this: http://ha.ckers.org/xss.html and another similar one for SQL injection, I'm worried that my filters are not enough. What do the pro php programers out there use? Sql and xss attacks are two different issues that should each be adressed accordingly at at the right time... XSS attacks should be parsed when the form is checked, sql should be adresssed when you are puting the actuall information in the database. The information is inserted into the database right after it is checked. PHP has several functions that adress sql injection issues for example as stated: mysql_real_escape_string(); which will safely escape any data used in an sql statement to evade sql injection, thats a good first measure any ways... Yes, that is the second to last function that I'm using. Second, a mesure that i take for both xss and sql is instead of escaping certain data, i only allow certain data, that i consider safe for display on a web site.. Although I can semicolons and the like, greater than and less than signs I want to keep as there are some rather witty people from the Mathematics faculty who will be using the comments. I'll str_replace() them to gt; and lt; however. what about htmlentities()? http://php.net/htmlentities greets Zoltán Németh I recommend you dig deeper into that xss page you might even find a script that filters xss.. You might even be able to modify it to suit your needs and/or to harden/better it... Obviously I keep missing it. I've reread it twice since you mention there is a filter script and can't find it. I've followed most of the links as well. I'll keep looking. Dotan Cohen http://what-is-what.com/what_is/blog.html http://ultu.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] how to detect type of image
Hi, In my web application, end user is able to load images (png, jpeg, gif,..) into database. I would like to know how can i detect automatically the type of image (pnd, jpeg,...) ? i do not want to check the extension because this is easily faked... just by renaming it. Does it exist a technique for that ? thanks a lot, -- Alain Windows XP SP2 PostgreSQL 8.1.4 Apache 2.0.58 PHP 5
Re: [PHP] how to detect type of image
On 4/21/07, Alain Roger [EMAIL PROTECTED] wrote: Hi, In my web application, end user is able to load images (png, jpeg, gif,..) into database. I would like to know how can i detect automatically the type of image (pnd, jpeg,...) ? i do not want to check the extension because this is easily faked... just by renaming it. Does it exist a technique for that ? thanks a lot, -- Alain Use the mime_content_type function for returning the mime type. Check if that matches one of you image mimetypes http://www.php.net/mime_content_type Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] echo or print ?
On 4/18/07, Richard Lynch [EMAIL PROTECTED] wrote: On Tue, April 17, 2007 1:40 am, Christian Haensel wrote: Whenever I see people put their code up for review, I realize they mostly use print instead of echo, while I am using echo 99% of the time. Actually, I can't even remember when I last used the regular print. There used to be a difference, but not really any more, I don't think. Or does print still not allow multiple arguments?... What do you guys use, and what is the advantage (if ther is any) of print over echo? And I am not talking about print_r or anything, just the regular print. :o) I use echo, because I'm old, and got in the habit, back when print() was a function and echo was a language construct, and only echo let you have as many args with commas as you wanted. But there's no significant difference, as far as I know. There is a difference, echo is slightly faster. code used for benchmark: ? $start = microtime(TRUE); for ($i=0; $i10; ++$i) { print ABC; } echo sprintf(With print ($i): %0.3f\n,microtime(TRUE) - $start); $start = microtime(TRUE); for ($i=0; $i10; ++$i) { echo ABC; } echo sprintf(With echo ($i): %0.3f\n,microtime(TRUE) - $start); ? it displays 10 times ABC, first with the print command, and second with the echo command. Result: ABCABCABCsnip print (10): 0.085 ABCABCABCsnip echo (10): 0.076 It's not a lot, but since we are displaying data a lot, (most used function?) it will make a difference in really big scripts. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how to detect type of image
On Apr 21, 2007, at 5:45 AM, Alain Roger wrote: Hi, In my web application, end user is able to load images (png, jpeg, gif,..) into database. I would like to know how can i detect automatically the type of image (pnd, jpeg,...) ? i do not want to check the extension because this is easily faked... just by renaming it. Does it exist a technique for that ? thanks a lot, Take a look at getimagesize() http://us2.php.net/getimagesize Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] echo or print ?
Tijnema ! wrote: On 4/18/07, Richard Lynch [EMAIL PROTECTED] wrote: On Tue, April 17, 2007 1:40 am, Christian Haensel wrote: Whenever I see people put their code up for review, I realize they mostly use print instead of echo, while I am using echo 99% of the time. Actually, I can't even remember when I last used the regular print. There used to be a difference, but not really any more, I don't think. Or does print still not allow multiple arguments?... What do you guys use, and what is the advantage (if ther is any) of print over echo? And I am not talking about print_r or anything, just the regular print. :o) I use echo, because I'm old, and got in the habit, back when print() was a function and echo was a language construct, and only echo let you have as many args with commas as you wanted. But there's no significant difference, as far as I know. There is a difference, echo is slightly faster. code used for benchmark: ? $start = microtime(TRUE); for ($i=0; $i10; ++$i) { print ABC; } echo sprintf(With print ($i): %0.3f\n,microtime(TRUE) - $start); $start = microtime(TRUE); for ($i=0; $i10; ++$i) { echo ABC; } echo sprintf(With echo ($i): %0.3f\n,microtime(TRUE) - $start); ? it displays 10 times ABC, first with the print command, and second with the echo command. Result: ABCABCABCsnip print (10): 0.085 ABCABCABCsnip echo (10): 0.076 It's not a lot, but since we are displaying data a lot, (most used function?) it will make a difference in really big scripts. This has been covered before. The difference actually depends on how you're using it, rather than whether you use print or echo. For example, your benchmark shows echo to be slightly faster, but the the following script that I wrote last time this came up shows the opposite. The only difference is that you're outputting a literal whereas I'm printing a variable. http://dev.stut.net/phpspeed/ At the end of the day there are more important things to worry about, especially when you're talking in the region of 0.009 seconds per 100,000 calls it's not going to make anywhere near a significant difference to any script you write, even really really big ones scripts. To put it another way, you would need to make 10,000,000 calls for it to extend the runtime of your script by 1 second. Granted you might have a script that calls it 1000 times, meaning 10,000 requests to that script would waste 1 second. But unless you're getting twitter-like levels of traffic (they spike at over 11k hits a second) it's not worth worrying about, and I'm guessing (hoping) their devs probably wouldn't care either. Get over it and concentrate on the functionality and usability of your code rather than insignificant details like this. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] should I be looking to eliminate all notices?
On Apr 21, 2007, at 4:01 AM, Ross wrote: A quick one this morning. When coding should I be trying to code so there are no notices or is it ok to turn them off. If you don't mind writing code that contains errors, notices are errors. Not serious, but it's not that hard to write code in php that doesn't produce errors. Unless I don't really want to do a isset check for every index I have. your lazy about your code. Sorry if it sounds harsh, but if you don't want to even check this minor thing then you probably shouldn't be writing code that's going to see the light of day*. Read up on web security. Start here... http://phpsec.org/ I'm betting that if you don't care about checking for set indexes then you're not checking a lot of things that really need to be checked. Ed * Code to bee used on a box connected to the internet. If your just writing some script that you use on your local machine then what you do with notices is your business. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] running linux
On Friday 20 April 2007 23:38, Edward Vermillion wrote: On Apr 20, 2007, at 4:09 PM, Richard Lynch wrote: On Fri, April 20, 2007 3:59 pm, Edward Vermillion wrote: On Apr 20, 2007, at 3:10 PM, Daniel Brown wrote: You're exactly right, Richard. MacOS is based on BSD. And if you have any familiarity with linux administration, forget almost everything you know 'cause they changed it in OSX... Hmmm. I didn't try to administer much, but once I find and open up a terminal window, it pretty was just like being on BSD, afaict... I'm not a BSD (nor Linux) guru, but I typed things in the shell, and they did what I expected... Yeah, the shell is familiar and except for a few differences between linux and bsd in some of the commands it's very familiar. But pretty much everything under /etc has been replaced with NetInfo. I'm sure it's great for guys that have a thousand boxes to admin, but it's a pain for just setting up one box. I guess I could spend a week or so getting familiar with all the command line stuff for NetInfo since the GUI is no real help. But it sure would be nice to just be able to edit the config files like I'm used to... Ed The only good things left on the darwin code is vim and the ssh client, witch is fairly similar to the different unices boxes I'm used to. Trying to compile stuff with the compiler to get things going is like digging your own grave... and yes netinfo I didn't understand at all, witch genious did come up with that crap? -- --- Børge http://www.arivene.net --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: how to detect type of image
Alain Roger escreveu: Hi, In my web application, end user is able to load images (png, jpeg, gif,..) into database. I would like to know how can i detect automatically the type of image (pnd, jpeg,...) ? i do not want to check the extension because this is easily faked... just by renaming it. Does it exist a technique for that ? thanks a lot, function getimagesize: http://www.educar.pro.br/a/gdlib/index.php?pn=22tr=97 -- zerof http://www.educar.pro.br/ Apache - PHP - MySQL - Boolean Logics - Project Management -- Você deve, sempre, consultar uma segunda opinião! -- Deixe todos saberem se esta informação foi-lhe útil. -- You must hear, always, one second opinion! In all cases. -- Let the people know if this info was useful for you! -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] running linux[way OT]
On Apr 21, 2007, at 7:39 AM, Børge Holen wrote: On Friday 20 April 2007 23:38, Edward Vermillion wrote: On Apr 20, 2007, at 4:09 PM, Richard Lynch wrote: On Fri, April 20, 2007 3:59 pm, Edward Vermillion wrote: On Apr 20, 2007, at 3:10 PM, Daniel Brown wrote: You're exactly right, Richard. MacOS is based on BSD. And if you have any familiarity with linux administration, forget almost everything you know 'cause they changed it in OSX... Hmmm. I didn't try to administer much, but once I find and open up a terminal window, it pretty was just like being on BSD, afaict... I'm not a BSD (nor Linux) guru, but I typed things in the shell, and they did what I expected... Yeah, the shell is familiar and except for a few differences between linux and bsd in some of the commands it's very familiar. But pretty much everything under /etc has been replaced with NetInfo. I'm sure it's great for guys that have a thousand boxes to admin, but it's a pain for just setting up one box. I guess I could spend a week or so getting familiar with all the command line stuff for NetInfo since the GUI is no real help. But it sure would be nice to just be able to edit the config files like I'm used to... Ed The only good things left on the darwin code is vim and the ssh client, witch is fairly similar to the different unices boxes I'm used to. Trying to compile stuff with the compiler to get things going is like digging your own grave... and yes netinfo I didn't understand at all, witch genious did come up with that crap? rant Yeah... and leopard will have Spaces ooh. Multiple desktops on a Mac, that's what I call innovation! :P /rant I did have some luck with Fink. It's a fairly good GNU environment and things tended to compile rather well (Apache, PHP, etc). I even had KDE running for a while, but it didn't like user switching and I think the power saver stuff. It would lock the computer up a little too often. I eventually just pulled Fink out because I've got an X login over ssh to my linux box and any GNU programs I need to run I just run from there. Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session with microtime
At 11:56 AM -0500 4/20/07, Matthew Powell wrote: Panquekas wrote: On 20/04/07, Panquekas [EMAIL PROTECTED] wrote: snip I'm sorry, my mistake. What I tried to say is that the session_start() was on the top of the page, and the if( ) block was after that and the login script was even after the if( ), so the first thing to ran was the session_start() then the if( ) block and after that the login script registering the $_SESSION's. I moved the login script to the middle of the session_start() and the if( ). snip Am I the only one that uses 'session.auto_start = 1'? It saves me from worrying about that type of problem. Matt I don't do it that way and I don't worry, I just do it when I need to. Making it automatic when it's not needed is needless (by definition) and carries with it a lot of overhead. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] how do I pass a variable with header?
header('Location: edit_property.php?property_id=.'$property_id'.'); t: 0131 553 3935 | m:07816 996 930 | [EMAIL PROTECTED] | http://www:blue-fly.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Preventing SQL Injection/ Cross Site Scripting
At 4:08 AM +0300 4/21/07, Dotan Cohen wrote: I've got a comments form that I'd like to harden against SQL Injection / XSS attacks. The data is stored in UTF-8 in a mysql database. I currently parse the data as such: I highly recommend Essential PHP Security by Chris Shiflett -- he covers those issues and more in detail. It's well worth the cost and you can get it used for as little $12.81. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Preventing SQL Injection/ Cross Site Scripting
Dotan Cohen wrote: I recommend you dig deeper into that xss page you might even find a script that filters xss. Obviously I keep missing it. You might find these examples useful: http://phpsecurity.org/code/ch01-3 http://phpsecurity.org/code/ch01-4 Hope that helps. Chris -- Chris Shiflett http://shiflett.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] should I be looking to eliminate all notices?
I really have to agree here. I have gone through a mature open source project over the last month or so, and removed EVERY notice. It honestly took all of about 2 hours to actually fix the notices. It really isn't hard to eliminate them, and if you are coding something the may be released, you don't know how the end-user will have their error_reporting. I think it's fairly good practice to eliminate them. - Original Message From: Edward Vermillion [EMAIL PROTECTED] To: Ross [EMAIL PROTECTED] Cc: php-general@lists.php.net Sent: Saturday, April 21, 2007 7:17:35 AM Subject: Re: [PHP] should I be looking to eliminate all notices? On Apr 21, 2007, at 4:01 AM, Ross wrote: A quick one this morning. When coding should I be trying to code so there are no notices or is it ok to turn them off. If you don't mind writing code that contains errors, notices are errors. Not serious, but it's not that hard to write code in php that doesn't produce errors. Unless I don't really want to do a isset check for every index I have. your lazy about your code. Sorry if it sounds harsh, but if you don't want to even check this minor thing then you probably shouldn't be writing code that's going to see the light of day*. Read up on web security. Start here... http://phpsec.org/ I'm betting that if you don't care about checking for set indexes then you're not checking a lot of things that really need to be checked. Ed * Code to bee used on a box connected to the internet. If your just writing some script that you use on your local machine then what you do with notices is your business. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] show file creation date
Hi sorry not really a php question.. but using it in a php script :) I want to list the date and time a file was created so I want someting like.. Apr 21 18:57 monkey.txt Ive been playing around with the LS options but I dont know what flags I need. Closest I could get was.. ls -g -o -t monkey.txt -rw-r--r-- 1 393 Apr 21 18:57 monkey.txt What flags would I need to get rid of -rw-r--r-- 1 393 Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Do two lists in a while statement
How can I do something like this in the same while statement. This does not work while (list(,$possible) = each($possiblefields) list(,$possibleview) = each($possiblefieldsdiscription)){ }
Re: [PHP] retrieve POST body?
Richard Lynch wrote: On Thu, April 19, 2007 10:28 pm, Myron Turner wrote: that should be necessary at this time. For instance, if it's necessary to pass in CGI parameters at the same time as sending out a file, the parameters can be tacked onto a query string and they will be packed into both the $_POST and the $_GET arrays. I've lost track of why the OP needs an md5 or whatever it is of the raw POST data, but MAYBE using an unknown MIME type and putting all the other args in the URL as $_GET parameters, would leave them with only the file itself to be parsed which would be pretty minimal parsing... There exists a mode of HTTP digest authentication where a header contains an MD5 hash of an MD5 hash of the POST body (along with a few other things that effectively add a salt to the hash, and provide the actual username/password authentication). This is used for integrity protection, to safegaurd against any malicious proxy or man in the middle attack from altering the form data while it's in transit from the authorized user to the web server. I'm a little lost here though... how can it be possible to put data into the URI as well as the POST body? The request is originating from the user-agent, not the server. Regardless though, the real problem with this proposed hack is how, through HTML code, would one instruct the user-agent to submit the form using multipart/form-data, but without it creating a Content-Type: multipart/form-data header in the request!? This sounds like an impossible task to me. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Preventing SQL Injection/ Cross Site Scripting
On 21/04/07, tedd [EMAIL PROTECTED] wrote: At 4:08 AM +0300 4/21/07, Dotan Cohen wrote: I've got a comments form that I'd like to harden against SQL Injection / XSS attacks. The data is stored in UTF-8 in a mysql database. I currently parse the data as such: I highly recommend Essential PHP Security by Chris Shiflett -- he covers those issues and more in detail. It's well worth the cost and you can get it used for as little $12.81. Thanks, I see it used on Amazon for $12.81 in like new condition, with another $10 to ship it. I might just do that as I cannot get those books locally. Dotan Cohen http://what-is-what.com/what_is/blog.html http://ultu.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Preventing SQL Injection/ Cross Site Scripting
On 21/04/07, Chris Shiflett [EMAIL PROTECTED] wrote: Dotan Cohen wrote: I recommend you dig deeper into that xss page you might even find a script that filters xss. Obviously I keep missing it. You might find these examples useful: http://phpsecurity.org/code/ch01-3 http://phpsecurity.org/code/ch01-4 Hope that helps. Chris Thanks, Chris. I think that I see your book in my future! One note, I remove semicolons from the user input to thrart SQL injection as they can be used to terminate an SQL query and are very uncommon in regular speech. However, htmlspecialchars() and htmlentities add semicolons when converting. Is this dangerous, ie, can this be exploited? Dotan Cohen http://what-is-what.com/what_is/sitepoint.html http://lyricslist.com/lyrics/artist_albums/466/sugar_ray.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Do two lists in a while statement
On 4/21/07, Richard Kurth [EMAIL PROTECTED] wrote: How can I do something like this in the same while statement. This does not work while (list(,$possible) = each($possiblefields) list(,$possibleview) = each($possiblefieldsdiscription)){ } What about using ? while (list(,$possible) = each($possiblefields) list(,$possibleview) = each($possiblefieldsdiscription)){ } Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how do I pass a variable with header?
Ross wrote: header('Location: edit_property.php?property_id=.'$property_id'.'); You read the manual to learn basic PHP syntax. header('Location: edit_property.php?property_id='. urlencode($property_id)); Also, technically the URL given in a location header should be absolute not relative. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Do two lists in a while statement
On 4/21/07, Richard Kurth [EMAIL PROTECTED] wrote: How can I do something like this in the same while statement. This does not work while (list(,$possible) = each($possiblefields) list(,$possibleview) = each($possiblefieldsdiscription)){ } What about using ? while (list(,$possible) = each($possiblefields) list(,$possibleview) = each($possiblefieldsdiscription)){ } Doesn't mean if both variables are TRUE. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Do two lists in a while statement
On 4/21/07, Richard Kurth [EMAIL PROTECTED] wrote: On 4/21/07, Richard Kurth [EMAIL PROTECTED] wrote: How can I do something like this in the same while statement. This does not work while (list(,$possible) = each($possiblefields) list(,$possibleview) = each($possiblefieldsdiscription)){ } What about using ? while (list(,$possible) = each($possiblefields) list(,$possibleview) = each($possiblefieldsdiscription)){ } Doesn't mean if both variables are TRUE. Yes, isn't that what you wanted? Normaly a while checks also if it was TRUE. now it checks if both are TRUE.. If you only require one of both to be TRUE, use || instead of . Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Do two lists in a while statement
On 4/21/07, Richard Kurth [EMAIL PROTECTED] wrote: On 4/21/07, Richard Kurth [EMAIL PROTECTED] wrote: How can I do something like this in the same while statement. This does not work while (list(,$possible) = each($possiblefields) list(,$possibleview) = each($possiblefieldsdiscription)){ } What about using ? while (list(,$possible) = each($possiblefields) list(,$possibleview) = each($possiblefieldsdiscription)){ } Doesn't mean if both variables are TRUE. Yes, isn't that what you wanted? Normaly a while checks also if it was TRUE. now it checks if both are TRUE.. If you only require one of both to be TRUE, use || instead of . I am trying to fill in the drop down box in the script below but it is not working it is only giving me the $possibleview data but not the $possible data $fieldnumber = 0; while (list(,$field) = each($fields)){ echo TR\n; echo TDSELECT NAME=fieldorder[]\n; reset($possiblefields); reset($possiblefieldsdiscription); $anyselected = ''; while (list(,$possible) = each($possiblefields) list(,$possibleview) = each($possiblefieldsdiscription)){ $selected = @(($fieldorder[$fieldnumber] == $possible) ? 'SELECTED' : ''); if ($fieldnumber = count($fieldorder) !$anyselected){ $selected = 'SELECTED'; } echo OPTION value=\$possible\ $selected$possibleview/OPTION\n; } echo /SELECT/TD\n; echo TD$field/TD\n; echo /TR\n; $fieldnumber++; } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Do two lists in a while statement
On 4/21/07, Richard Kurth [EMAIL PROTECTED] wrote: On 4/21/07, Richard Kurth [EMAIL PROTECTED] wrote: On 4/21/07, Richard Kurth [EMAIL PROTECTED] wrote: How can I do something like this in the same while statement. This does not work while (list(,$possible) = each($possiblefields) list(,$possibleview) = each($possiblefieldsdiscription)){ } What about using ? while (list(,$possible) = each($possiblefields) list(,$possibleview) = each($possiblefieldsdiscription)){ } Doesn't mean if both variables are TRUE. Yes, isn't that what you wanted? Normaly a while checks also if it was TRUE. now it checks if both are TRUE.. If you only require one of both to be TRUE, use || instead of . I am trying to fill in the drop down box in the script below but it is not working it is only giving me the $possibleview data but not the $possible data Hmm strange, i don't see any real error, so to test if it's a problem with the while loop, you could assign the backward order. So the code would look like the one below. Please test it, and see if you still get the same problem, or if you get $possible now instead of $possibleview. Tijnema $fieldnumber = 0; while (list(,$field) = each($fields)){ echo TR\n; echo TDSELECT NAME=fieldorder[]\n; reset($possiblefields); reset($possiblefieldsdiscription); $anyselected = ''; while (list(,$possibleview) = each($possiblefieldsdiscription list(,$possible) = each($possiblefields))){ $selected = @(($fieldorder[$fieldnumber] == $possible) ? 'SELECTED' : ''); if ($fieldnumber = count($fieldorder) !$anyselected){ $selected = 'SELECTED'; } echo OPTION value=\$possible\ $selected$possibleview/OPTION\n; } echo /SELECT/TD\n; echo TD$field/TD\n; echo /TR\n; $fieldnumber++; } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Do two lists in a while statement
-Original Message- From: Tijnema ! [mailto:[EMAIL PROTECTED] Sent: Saturday, April 21, 2007 1:13 PM To: Richard Kurth Cc: php-general@lists.php.net Subject: Re: [PHP] Do two lists in a while statement On 4/21/07, Richard Kurth [EMAIL PROTECTED] wrote: On 4/21/07, Richard Kurth [EMAIL PROTECTED] wrote: On 4/21/07, Richard Kurth [EMAIL PROTECTED] wrote: How can I do something like this in the same while statement. This does not work while (list(,$possible) = each($possiblefields) list(,$possibleview) = each($possiblefieldsdiscription)){ } What about using ? while (list(,$possible) = each($possiblefields) list(,$possibleview) = each($possiblefieldsdiscription)){ } Doesn't mean if both variables are TRUE. Yes, isn't that what you wanted? Normaly a while checks also if it was TRUE. now it checks if both are TRUE.. If you only require one of both to be TRUE, use || instead of . I am trying to fill in the drop down box in the script below but it is not working it is only giving me the $possibleview data but not the $possible data Hmm strange, i don't see any real error, so to test if it's a problem with the while loop, you could assign the backward order. So the code would look like the one below. Please test it, and see if you still get the same problem, or if you get $possible now instead of $possibleview. Tijnema $fieldnumber = 0; while (list(,$field) = each($fields)){ echo TR\n; echo TDSELECT NAME=fieldorder[]\n; reset($possiblefields); reset($possiblefieldsdiscription); $anyselected = ''; while (list(,$possibleview) = each($possiblefieldsdiscription) list(,$possible) = each($possiblefields)){ $selected = @(($fieldorder[$fieldnumber] == $possible) ? 'SELECTED' : ''); if ($fieldnumber = count($fieldorder) !$anyselected){ $selected = 'SELECTED'; } echo OPTION value=\$possible\ $selected$possibleview/OPTION\n; } echo /SELECT/TD\n; echo TD$field/TD\n; echo /TR\n; $fieldnumber++; } It now passes the $possible fields but not the $possibleview so it is picking up the last list but not the first I also tried it with || and it does the same thing -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Do two lists in a while statement
On 4/21/07, Richard Kurth [EMAIL PROTECTED] wrote: -Original Message- From: Tijnema ! [mailto:[EMAIL PROTECTED] Sent: Saturday, April 21, 2007 1:13 PM To: Richard Kurth Cc: php-general@lists.php.net Subject: Re: [PHP] Do two lists in a while statement On 4/21/07, Richard Kurth [EMAIL PROTECTED] wrote: On 4/21/07, Richard Kurth [EMAIL PROTECTED] wrote: On 4/21/07, Richard Kurth [EMAIL PROTECTED] wrote: How can I do something like this in the same while statement. This does not work while (list(,$possible) = each($possiblefields) list(,$possibleview) = each($possiblefieldsdiscription)){ } What about using ? while (list(,$possible) = each($possiblefields) list(,$possibleview) = each($possiblefieldsdiscription)){ } Doesn't mean if both variables are TRUE. Yes, isn't that what you wanted? Normaly a while checks also if it was TRUE. now it checks if both are TRUE.. If you only require one of both to be TRUE, use || instead of . I am trying to fill in the drop down box in the script below but it is not working it is only giving me the $possibleview data but not the $possible data Hmm strange, i don't see any real error, so to test if it's a problem with the while loop, you could assign the backward order. So the code would look like the one below. Please test it, and see if you still get the same problem, or if you get $possible now instead of $possibleview. Tijnema $fieldnumber = 0; while (list(,$field) = each($fields)){ echo TR\n; echo TDSELECT NAME=fieldorder[]\n; reset($possiblefields); reset($possiblefieldsdiscription); $anyselected = ''; while (list(,$possibleview) = each($possiblefieldsdiscription) list(,$possible) = each($possiblefields)){ $selected = @(($fieldorder[$fieldnumber] == $possible) ? 'SELECTED' : ''); if ($fieldnumber = count($fieldorder) !$anyselected){ $selected = 'SELECTED'; } echo OPTION value=\$possible\ $selected$possibleview/OPTION\n; } echo /SELECT/TD\n; echo TD$field/TD\n; echo /TR\n; $fieldnumber++; } It now passes the $possible fields but not the $possibleview so it is picking up the last list but not the first I also tried it with || and it does the same thing Quite strange, I personally never work with list/each, but with foreach. But well,that is personal preference. I updated below code, so that it does the second list inside the while loop. It should work the same. (as long as $possiblefieldsdiscription and $possiblefields have same amount of keys) Tijnema $fieldnumber = 0; while (list(,$field) = each($fields)){ echo TR\n; echo TDSELECT NAME=fieldorder[]\n; reset($possiblefields); reset($possiblefieldsdiscription); $anyselected = ''; while (list(,$possibleview) = each($possiblefieldsdiscription)){ list(,$possible) = each($possiblefields); $selected = @(($fieldorder[$fieldnumber] == $possible) ? 'SELECTED' : ''); if ($fieldnumber = count($fieldorder) !$anyselected){ $selected = 'SELECTED'; } echo OPTION value=\$possible\ $selected$possibleview/OPTION\n; } echo /SELECT/TD\n; echo TD$field/TD\n; echo /TR\n; $fieldnumber++; } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Preventing SQL Injection/ Cross Site Scripting
Dotan Cohen wrote: One note, I remove semicolons from the user input to thrart SQL injection as they can be used to terminate an SQL query and are very uncommon in regular speech. However, htmlspecialchars() and htmlentities add semicolons when converting. Is this dangerous, ie, can this be exploited? If you ever use htmlentities() to escape data for SQL or mysql_real_escape_string() to escape data for HTML, then yes, it is dangerous. Escaping functions are context-dependent. Hope that helps. Chris -- Chris Shiflett http://shiflett.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Interface to USB Devices
Hi People, I would like to gather Informations from an USB Device, to display the transmitted data on a web interface. As I read the docs, I found the direct IO functions, but as i read thru the function descriptions, they where only meant for direct file access. Is there a possebility to collect informations from USB Devices when the manufacturer is going to change the export specification for this special purpose. Thank you very much. Best Regards, Sascha Braun fit-o-matic.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] echo or print ?
On 4/21/07, Stut [EMAIL PROTECTED] wrote: Tijnema ! wrote: On 4/18/07, Richard Lynch [EMAIL PROTECTED] wrote: On Tue, April 17, 2007 1:40 am, Christian Haensel wrote: Whenever I see people put their code up for review, I realize they mostly use print instead of echo, while I am using echo 99% of the time. Actually, I can't even remember when I last used the regular print. There used to be a difference, but not really any more, I don't think. Or does print still not allow multiple arguments?... What do you guys use, and what is the advantage (if ther is any) of print over echo? And I am not talking about print_r or anything, just the regular print. :o) I use echo, because I'm old, and got in the habit, back when print() was a function and echo was a language construct, and only echo let you have as many args with commas as you wanted. But there's no significant difference, as far as I know. There is a difference, echo is slightly faster. code used for benchmark: ? $start = microtime(TRUE); for ($i=0; $i10; ++$i) { print ABC; } echo sprintf(With print ($i): %0.3f\n,microtime(TRUE) - $start); $start = microtime(TRUE); for ($i=0; $i10; ++$i) { echo ABC; } echo sprintf(With echo ($i): %0.3f\n,microtime(TRUE) - $start); ? it displays 10 times ABC, first with the print command, and second with the echo command. Result: ABCABCABCsnip print (10): 0.085 ABCABCABCsnip echo (10): 0.076 It's not a lot, but since we are displaying data a lot, (most used function?) it will make a difference in really big scripts. This has been covered before. The difference actually depends on how you're using it, rather than whether you use print or echo. For example, your benchmark shows echo to be slightly faster, but the the following script that I wrote last time this came up shows the opposite. The only difference is that you're outputting a literal whereas I'm printing a variable. http://dev.stut.net/phpspeed/ At the end of the day there are more important things to worry about, especially when you're talking in the region of 0.009 seconds per 100,000 calls it's not going to make anywhere near a significant difference to any script you write, even really really big ones scripts. To put it another way, you would need to make 10,000,000 calls for it to extend the runtime of your script by 1 second. Granted you might have a script that calls it 1000 times, meaning 10,000 requests to that script would waste 1 second. But unless you're getting twitter-like levels of traffic (they spike at over 11k hits a second) it's not worth worrying about, and I'm guessing (hoping) their devs probably wouldn't care either. Get over it and concentrate on the functionality and usability of your code rather than insignificant details like this. -Stut Interesting :) I see there's no big difference between echo and print, but that ?=$x? is faster :) I've learned (not only from this) that whatever you do in PHP is fast, and that you don't need to optimize your code for speed. Unless you're hitting 100k+ hits per hour. But even then it would only save you maybe one hour per year. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] echo or print ?
Tijnema ! wrote: On 4/21/07, Stut [EMAIL PROTECTED] wrote: Tijnema ! wrote: There is a difference, echo is slightly faster. code used for benchmark: ? $start = microtime(TRUE); for ($i=0; $i10; ++$i) { print ABC; } echo sprintf(With print ($i): %0.3f\n,microtime(TRUE) - $start); $start = microtime(TRUE); for ($i=0; $i10; ++$i) { echo ABC; } echo sprintf(With echo ($i): %0.3f\n,microtime(TRUE) - $start); ? it displays 10 times ABC, first with the print command, and second with the echo command. Result: ABCABCABCsnip print (10): 0.085 ABCABCABCsnip echo (10): 0.076 It's not a lot, but since we are displaying data a lot, (most used function?) it will make a difference in really big scripts. This has been covered before. The difference actually depends on how you're using it, rather than whether you use print or echo. For example, your benchmark shows echo to be slightly faster, but the the following script that I wrote last time this came up shows the opposite. The only difference is that you're outputting a literal whereas I'm printing a variable. http://dev.stut.net/phpspeed/ At the end of the day there are more important things to worry about, especially when you're talking in the region of 0.009 seconds per 100,000 calls it's not going to make anywhere near a significant difference to any script you write, even really really big ones scripts. To put it another way, you would need to make 10,000,000 calls for it to extend the runtime of your script by 1 second. Granted you might have a script that calls it 1000 times, meaning 10,000 requests to that script would waste 1 second. But unless you're getting twitter-like levels of traffic (they spike at over 11k hits a second) it's not worth worrying about, and I'm guessing (hoping) their devs probably wouldn't care either. Get over it and concentrate on the functionality and usability of your code rather than insignificant details like this. -Stut Interesting :) I see there's no big difference between echo and print, but that ?=$x? is faster :) I've learned (not only from this) that whatever you do in PHP is fast, and that you don't need to optimize your code for speed. Unless you're hitting 100k+ hits per hour. But even then it would only save you maybe one hour per year. I wouldn't go that far. It is definitely possible to write horribly inefficient code with PHP. Believe me, I've inherited enough crap code in my lifetime to testify to that. My point was simply that you need to look at the numbers from benchmarks in perspective, and when efficiency is concerned there's almost always far bigger gains to be made than 0.009 seconds per 100,000 calls to output something. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] echo or print ?
On 4/21/07, Stut [EMAIL PROTECTED] wrote: Tijnema ! wrote: On 4/21/07, Stut [EMAIL PROTECTED] wrote: Tijnema ! wrote: There is a difference, echo is slightly faster. code used for benchmark: ? $start = microtime(TRUE); for ($i=0; $i10; ++$i) { print ABC; } echo sprintf(With print ($i): %0.3f\n,microtime(TRUE) - $start); $start = microtime(TRUE); for ($i=0; $i10; ++$i) { echo ABC; } echo sprintf(With echo ($i): %0.3f\n,microtime(TRUE) - $start); ? it displays 10 times ABC, first with the print command, and second with the echo command. Result: ABCABCABCsnip print (10): 0.085 ABCABCABCsnip echo (10): 0.076 It's not a lot, but since we are displaying data a lot, (most used function?) it will make a difference in really big scripts. This has been covered before. The difference actually depends on how you're using it, rather than whether you use print or echo. For example, your benchmark shows echo to be slightly faster, but the the following script that I wrote last time this came up shows the opposite. The only difference is that you're outputting a literal whereas I'm printing a variable. http://dev.stut.net/phpspeed/ At the end of the day there are more important things to worry about, especially when you're talking in the region of 0.009 seconds per 100,000 calls it's not going to make anywhere near a significant difference to any script you write, even really really big ones scripts. To put it another way, you would need to make 10,000,000 calls for it to extend the runtime of your script by 1 second. Granted you might have a script that calls it 1000 times, meaning 10,000 requests to that script would waste 1 second. But unless you're getting twitter-like levels of traffic (they spike at over 11k hits a second) it's not worth worrying about, and I'm guessing (hoping) their devs probably wouldn't care either. Get over it and concentrate on the functionality and usability of your code rather than insignificant details like this. -Stut Interesting :) I see there's no big difference between echo and print, but that ?=$x? is faster :) I've learned (not only from this) that whatever you do in PHP is fast, and that you don't need to optimize your code for speed. Unless you're hitting 100k+ hits per hour. But even then it would only save you maybe one hour per year. I wouldn't go that far. It is definitely possible to write horribly inefficient code with PHP. Believe me, I've inherited enough crap code in my lifetime to testify to that. My point was simply that you need to look at the numbers from benchmarks in perspective, and when efficiency is concerned there's almost always far bigger gains to be made than 0.009 seconds per 100,000 calls to output something. -Stut But what else would you use a lot in your code? all commonly used things (like while, if, echo, etc) are just (nearly) as fast as their alternatives (for, print, etc). Other functions (like file/stream) might be some performance difference, but you probably use this only a few times in your script. So there's not a bigger performance difference then when optimizing echo/print. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] echo or print ?
Tijnema ! wrote: But what else would you use a lot in your code? all commonly used things (like while, if, echo, etc) are just (nearly) as fast as their alternatives (for, print, etc). Other functions (like file/stream) might be some performance difference, but you probably use this only a few times in your script. So there's not a bigger performance difference then when optimizing echo/print. Get your head out of the details. Try file-based caching against DB access. Or SQL query optimisation. Or even server configuration tuning. All these things and others on the same level are far more worthy of your time. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] echo or print ?
On 4/22/07, Stut [EMAIL PROTECTED] wrote: Tijnema ! wrote: But what else would you use a lot in your code? all commonly used things (like while, if, echo, etc) are just (nearly) as fast as their alternatives (for, print, etc). Other functions (like file/stream) might be some performance difference, but you probably use this only a few times in your script. So there's not a bigger performance difference then when optimizing echo/print. Get your head out of the details. Try file-based caching against DB access. And compare that with RAM caching ;) Or SQL query optimisation. Or even server configuration tuning. All these things and others on the same level are far more worthy of your time. -Stut So, optimizing is useless :P I see no point in doing it, even more when it's only for personal usage. The time used for writing optimized code is probably far more then the time you save by running optimized code. :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] echo or print ?
Tijnema ! wrote: On 4/22/07, Stut [EMAIL PROTECTED] wrote: Tijnema ! wrote: But what else would you use a lot in your code? all commonly used things (like while, if, echo, etc) are just (nearly) as fast as their alternatives (for, print, etc). Other functions (like file/stream) might be some performance difference, but you probably use this only a few times in your script. So there's not a bigger performance difference then when optimizing echo/print. Get your head out of the details. Try file-based caching against DB access. And compare that with RAM caching ;) Or SQL query optimisation. Or even server configuration tuning. All these things and others on the same level are far more worthy of your time. -Stut So, optimizing is useless :P I see no point in doing it, even more when it's only for personal usage. The time used for writing optimized code is probably far more then the time you save by running optimized code. :) I hope that smiley means you're joking. Optimising is not useless, and I've never said it is. However, you have to do so where it's going to have the biggest impact. What I'm basically saying is you should be optimising logic before even thinking about whether you're using the most optimised functions. Are you sure that your code doesn't do anything it doesn't need to? Do you do a whole load of initialisation for each request that could be cached in some way? Is every part of that initialisation needed for every page request, or should it be doing different things on different pages. IMHO, the kind of developer that gets hung up on details like echo or print is one that is unlikely to accomplish a lot in any given day. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] should I be looking to eliminate all notices?
I've always gone by the rule that if you're making software that other people will see or use, make it clean. Sometimes I'll cheat and stick a @ symbol in front of a line to shut up errors and warnings for that particular line, but usually I only do that for speed optimization. (ie. if it's in a short loop that cycles many times). In any case, I don't think it's a good idea to rely on users disabling warnings and error messages from their PHP configuration file if you want the code to be portable. Personally, I leave all errors and warnings turned on, even for public PHP deployments. Ross wrote: A quick one this morning. When coding should I be trying to code so there are no notices or is it ok to turn them off. I don't really want to do a isset check for every index I have. Ross -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Do two lists in a while statement
Richard Kurth wrote: On 4/21/07, Richard Kurth [EMAIL PROTECTED] wrote: On 4/21/07, Richard Kurth [EMAIL PROTECTED] wrote: How can I do something like this in the same while statement. This does not work while (list(,$possible) = each($possiblefields) list(,$possibleview) = each($possiblefieldsdiscription)){ } What about using ? while (list(,$possible) = each($possiblefields) list(,$possibleview) = each($possiblefieldsdiscription)){ } Doesn't mean if both variables are TRUE. Yes, isn't that what you wanted? Normaly a while checks also if it was TRUE. now it checks if both are TRUE.. If you only require one of both to be TRUE, use || instead of . I am trying to fill in the drop down box in the script below but it is not working it is only giving me the $possibleview data but not the $possible data $fieldnumber = 0; while (list(,$field) = each($fields)){ echo TR\n; echo TDSELECT NAME=fieldorder[]\n; reset($possiblefields); reset($possiblefieldsdiscription); $anyselected = ''; while (list(,$possible) = each($possiblefields) list(,$possibleview) = each($possiblefieldsdiscription)){ $selected = @(($fieldorder[$fieldnumber] == $possible) ? 'SELECTED' : ''); if ($fieldnumber = count($fieldorder) !$anyselected){ $selected = 'SELECTED'; } echo OPTION value=\$possible\ $selected$possibleview/OPTION\n; } echo /SELECT/TD\n; echo TD$field/TD\n; echo /TR\n; $fieldnumber++; } Ok, not sure about where you are pulling/representing some of your data, but here is what I came up with in-place of your code. foreach( $fields AS $field ){ echo TR\n; echo TDSELECT NAME=fieldorder[]\n; for( $i=0; $icount($possiblefields); $i++ ) { $possible = (isset($possiblefields[$i]) ? $possiblefields[$i] : 'NOT_SET'); $possibleview = (isset($possiblefieldsdiscription[$i]) ? $possiblefieldsdiscription[$i] : 'NOT_SET'); if ( isset($fieldorder[$fieldnumber]) $fieldorder[$fieldnumber] == $possible ) { $sel = 'selected=selected'; } else { $sel = ''; } echo OPTION value=\{$possible}\ {$sel}{$possibleview}/OPTION\n; } echo /SELECT/TD\n; echo TD{$field}/TD\n; echo /TR\n; } Give it a try and let us know Jim Lucas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Problem with uploading file using FireFox
I know this is not a PHP problem it is a Browser problem but I need a workaround to make this work. So I can finishing my php script Using this to select the file and path form action=test7.php method=post input type=file name=uploadfile id=original size=60BR BR input type=submit name=submit value=UPLOAD /FORM My problem I Internet explore this will produce C:\directory\directory\uploaded.file But it FireFox,Netscape and Opery it will only give me uploaded.file How do I get the Path for this upload in these browsers
Re: [PHP] should I be looking to eliminate all notices?
On Apr 21, 2007, at 6:35 PM, Justin Frim wrote: I've always gone by the rule that if you're making software that other people will see or use, make it clean. Sometimes I'll cheat and stick a @ symbol in front of a line to shut up errors and warnings for that particular line, but usually I only do that for speed optimization. (ie. if it's in a short loop that cycles many times). Your not saving any cycles. The error handler still gets called, the error just doesn't get shown. And '@' is just another way of ignoring an error in your program. Not really a good idea if you want to right good code. Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with uploading file using FireFox
Richard Kurth-2 wrote: I know this is not a PHP problem it is a Browser problem but I need a workaround to make this work. So I can finishing my php script Using this to select the file and path form action=test7.php method=post input type=file name=uploadfile id=original size=60BR BR input type=submit name=submit value=UPLOAD /FORM My problem I Internet explore this will produce C:\directory\directory\uploaded.file But it FireFox,Netscape and Opery it will only give me uploaded.file How do I get the Path for this upload in these browsers you are missing the enctype=multipart/form-data part in your form tag. If you put echo 'pre'; print_R($_POST); print_R($_FILES); into your test7.php file, you will get someting like Array ( [uploadfile] = Array ( [name] = BEO.bak.htm [type] = text/html [tmp_name] = D:\tmp\php\php179.tmp ... using FireFox which you can use for http://de.php.net/manual/en/function.move-uploaded-file.php then. -- View this message in context: http://www.nabble.com/Problem-with-uploading-file-using-FireFox-tf3625091.html#a10122975 Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
Justin Frim wrote: Richard Lynch wrote: On Thu, April 19, 2007 10:28 pm, Myron Turner wrote: that should be necessary at this time. For instance, if it's necessary to pass in CGI parameters at the same time as sending out a file, the parameters can be tacked onto a query string and they will be packed into both the $_POST and the $_GET arrays. I've lost track of why the OP needs an md5 or whatever it is of the raw POST data, but MAYBE using an unknown MIME type and putting all the other args in the URL as $_GET parameters, would leave them with only the file itself to be parsed which would be pretty minimal parsing... There exists a mode of HTTP digest authentication where a header contains an MD5 hash of an MD5 hash of the POST body (along with a few other things that effectively add a salt to the hash, and provide the actual username/password authentication). This is used for integrity protection, to safegaurd against any malicious proxy or man in the middle attack from altering the form data while it's in transit from the authorized user to the web server. I'm a little lost here though... how can it be possible to put data into the URI as well as the POST body? The request is originating from the user-agent, not the server. Regardless though, the real problem with this proposed hack is how, through HTML code, would one instruct the user-agent to submit the form using multipart/form-data, but without it creating a Content-Type: multipart/form-data header in the request!? This sounds like an impossible task to me. In one of my early replies to this question, I suggested using Perl. But I assume you prefer not to. However, I have tried putting my head around a hack, which does use a small Perl script but which might do the trick for you.You use the Perl script in the action attribute of your form. The Perl script saves the entire posted output to a file, then it sends back a page which uses Javascript to redirect back to the php script, where you can process the file. You send the file name back to the php script from the perl script in the query string of the url. Here goes: ?php // upload.php if(isset($_GET['file'])) { /* do here whatever you have to in PHP */ echo 'h3' .$_GET['file'] . '/h3'; } ? form enctype=multipart/form-data action=save.cgi method=post Send this file: input name=userfile type=file / input type=submit name=submit value=Send File / /form - Then the Perl script: #!/usr/bin/perl # save.cgi if ($ENV{'REQUEST_METHOD'} eq POST) { read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); } print Content-Type: text/html\n\n; open FH, /var/www/html/d_wiki/upload/tmp.fil; print FH $buffer; close FH; print 'html/head'; print 'script language=javascriptlocation = upload.php?file=tmp.fil;/script'; print 'bodyh1Redirecting to upload.php?file=tmp.fil/h1/body/html'; You don't have to know much about Perl here. The only thing you would want to do is find out how to construct a unique temporary file name, for the saved file, which you would then probably delete in the PHP script after processing with PHP. Hope this helps. Myron -- _ Myron Turner http://www.room535.org http://www.bstatzero.org http://www.mturner.org/XML_PullParser/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Do two lists in a while statement
On Sat, April 21, 2007 1:23 pm, Richard Kurth wrote: How can I do something like this in the same while statement. This does not work while (list(,$possible) = each($possiblefields) list(,$possibleview) = each($possiblefieldsdiscription)){ } If you know for sure that there is a 1-to-1 match, you can do: while (list(, $possible) = each($possiblefields)){ list(, $possibleview) = each($possiblefielddiscription); } Personally, I would spell it 'description' however. :-) -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how do I pass a variable with header?
On Sat, April 21, 2007 8:54 am, Ross wrote: header('Location: edit_property.php?property_id=.'$property_id'.'); Location: edit_property.php?property_id=$property_id However, you should be using a complete URI in Location: to be within HTTP spec. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] echo or print ?
On Sat, April 21, 2007 5:20 pm, Tijnema ! wrote: But what else would you use a lot in your code? all commonly used things (like while, if, echo, etc) are just (nearly) as fast as their alternatives (for, print, etc). Other functions (like file/stream) might be some performance difference, but you probably use this only a few times in your script. So there's not a bigger performance difference then when optimizing echo/print. You use valgrind/callgrind and find out where your bottlenecks are and optimize those. You also benchmark your non-PHP stuff which is often the bottleneck in the first place. Optimizing random bits of code that aren't your bottleneck is just wasting your most precious resource: YOUR TIME! -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] should I be looking to eliminate all notices?
On Sat, April 21, 2007 4:01 am, Ross wrote: A quick one this morning. When coding should I be trying to code so there are no notices or is it ok to turn them off. I don't really want to do a isset check for every index I have. [dorothy voice] Do you want to write good code, or bad code? :-) [/dorothy] Leave E_NOTICE on and write better code. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] show file creation date
On Sat, April 21, 2007 1:18 pm, [EMAIL PROTECTED] wrote: Hi sorry not really a php question.. but using it in a php script :) I want to list the date and time a file was created so I want someting like.. Apr 21 18:57 monkey.txt Ive been playing around with the LS options but I dont know what flags I need. Closest I could get was.. ls -g -o -t monkey.txt -rw-r--r-- 1 393 Apr 21 18:57 monkey.txt It may not be a PHP question, but here's a PHP answer: http://php.net/filectime -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] should I be looking to eliminate all notices?
On Sat, April 21, 2007 6:35 pm, Justin Frim wrote: Sometimes I'll cheat and stick a @ symbol in front of a line to shut up errors and warnings for that particular line, but usually I only do that for speed optimization. (ie. if it's in a short loop that cycles many times). I don't think that's actually an optimization... PHP still does all the work to generate the error message, and then it just throws it away. @ is not magic enough to make PHP figure out what errors might happen and not record them -- It just traps the error before it gets to your eyes and discards it... So you're making the code slower to add @, not faster... -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Interface to USB Devices
On Sat, April 21, 2007 2:06 am, Sascha Braun wrote: I would like to gather Informations from an USB Device, to display the transmitted data on a web interface. As I read the docs, I found the direct IO functions, but as i read thru the function descriptions, they where only meant for direct file access. What docs are you reading? Cuz I ain't finding any PHP USB docs... Is there a possebility to collect informations from USB Devices when the manufacturer is going to change the export specification for this special purpose. Maybe whatever you are reading can be executed with: http://php.net/exec I don't think this ends up being a PHP question, really. Maybe there's a USB list somewhere... -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CSS position:absolute for INPUT ... on form
On Fri, April 20, 2007 10:33 pm, rwhartung wrote: I have an internal project where I need to position input text boxes to simulate a desktop app that i am replacing. Can I define a stylesheet with absolute positioning for INPUTs. If so do the calls to class=... or index=... work in placed within the INPUT . . . statement? My understanding is that the INPUT is an inline element and that absolute positioning may be difficult. I have looked at well over 100 google responses without finding a clear answer. Try it and see? http://browsercam.com should give you a pretty good idea which browsers it will work with... There's no PHP in this question -- try a CSS list. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Preventing SQL Injection/ Cross Site Scripting
On Fri, April 20, 2007 8:08 pm, Dotan Cohen wrote: I've got a comments form that I'd like to harden against SQL Injection / XSS attacks. The data is stored in UTF-8 in a mysql database. I currently parse the data as such: After seeing this: http://ha.ckers.org/xss.html and another similar one for SQL injection, I'm worried that my filters are not enough. What do the pro php programers out there use? http://phpsec.org For MySQL: http://mysql_real_escape_string -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Appending into associative arrays
On Fri, April 20, 2007 5:11 pm, Tijnema ! wrote: So you end up with a big useless array? How big is the chance that there are 2 files modified at the same time? 0.1? or is it 0.01? Well, the OP *said* he had multiple files with the same mtime, and asked why he was only getting one of them... Other than that, the odds are pretty damn good you'll have multiple files with the same filemtime, actually, given that something like 'cp' will coy a heck of a lot of files with the same filemtime... Not to mention 'tar', 'scp' or anything of that nature, depending on what flags you use, or not, as the case may be. There are a lot of ways to get a zillion files with the same filemtime, actually... So do you want to write code that mostly works sometimes, or do you want to write code that always works? [shrug] -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] upload file then move between servers
On Fri, April 20, 2007 5:11 pm, blackwater dev wrote: I need to allow a user to upload a file. Once the file is up, I need to then move it to another server and wsync it to our webclusters. What's the best way to do this with php? I don't really want php issuing root commands. I've considered storing the file in the db but really need it to be scanned (they should just be images) then pushed out to my servers. Let PHP do all the checks you can think of, and then http://php.net/move_uploaded_file to the directory that is getting wrsync'ed or whatever. Let root cron job handle the sync. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Preventing SQL Injection/ Cross Site Scripting
On Sat, April 21, 2007 5:20 am, Dotan Cohen wrote: Although I can semicolons and the like, greater than and less than signs I want to keep as there are some rather witty people from the Mathematics faculty who will be using the comments. I'll str_replace() them to gt; and lt; however. Store the original data (after mysql escaping). Upon output to a browser, *ANY* data should have htmlentities() called on it, unless you really really trust the author and have a secure chain of evidence that it's kosher to let them put HTML/JS on your site. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php seems to be inconsistent in its handling of backslashes ... maybe?
-- or maybe it's just the PCRE extension -- or quite likely I have got something wrong Hello members, I'm hoping you could enlighten me. Using error_reporting = E_ALL | E_STRICT, I tested the following statements: ?php preg_match('#\\#','any-string'); = warning preg_match('#\\\#','any-string'); preg_match('##','any-string'); preg_match('#\#','any-string'); = warning preg_match('#\\#','any-string'); = warning preg_match('#\\\#','any-string'); ? This seemed strange: warnings with 2 and 6 backlashes no warnings with 3, 7 warning with 5 but not with 3 and 7. The warning related of course to no matching delimeter '#' being found. So I wrote a little test script (preg.php) to test up to 10 backslashes: ?php for($i=1; $i=10; ++$i) { echo \n-\n; echo Number of '\\' is $i \n; $bs = '#'; $bs .= str_repeat('\\',$i); $bs .= '#'; echo 'Pattern is: ' . $bs . \n; $php_errormsg = ; @preg_match($bs, anystring) . \n; if($php_errormsg != '') echo error\n; else echo ok\n; } ? Here is the output: $ php preg.php - Number of '\' is 1 Pattern is: #\# error - Number of '\' is 2 Pattern is: #\\# ok - Number of '\' is 3 Pattern is: #\\\# error - Number of '\' is 4 Pattern is: ## ok - Number of '\' is 5 Pattern is: #\# error - Number of '\' is 6 Pattern is: #\\# ok - Number of '\' is 7 Pattern is: #\\\# error - Number of '\' is 8 Pattern is: ## ok - Number of '\' is 9 Pattern is: #\# error - Number of '\' is 10 Pattern is: #\\# ok End of output. This agrees with my understanding of backslash escaping (I hope that's right) but now I can't understand why I got the results earlier (shown in my first script). Many thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php