php-general Digest 22 Jan 2008 13:29:55 -0000 Issue 5250
php-general Digest 22 Jan 2008 13:29:55 - Issue 5250 Topics (messages 267808 through 267828): scandir() in automount/autofs 267808 by: shiplu 267818 by: Zoltán Németh 267819 by: Robert Cummings 267820 by: Zoltán Németh 267821 by: Robert Cummings Re: Upgrade to PHP5 and having issues with mysql 267809 by: Tom Ray [Lists] 267810 by: Robert Cummings forms class 267811 by: nihilism machine 267812 by: Robert Cummings form cleaning class 267813 by: nihilism machine 267814 by: Robert Cummings Tool for programmer team 267815 by: Ronald Wiplinger 267816 by: Sándor Tamás (HostWare Kft.) 267817 by: Robert Cummings 267822 by: Colin Guthrie Re: $_POST Array and Cleaning 267823 by: Manuel Vacelet 267824 by: mike building php with DB extension without installing DB locally 267825 by: Jochem Maas 267827 by: dev.lenss.nl Re: Resetting drop-downlists in input-fields for texts 267826 by: Tor Vidvei Re: Best Approach 267828 by: Jay Blanchard Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- ---BeginMessage--- I configured autofs in my fedora so that when I plug any usb stick in /dev/sda1 it automatically mounts in /mnt/auto/usb0 There is two lines where the problem arise. $util-run_command(ls -1 /mnt/auto/usb0 | wc -l);// it shows 13 when I plug my usb stick. $list = scandir(/mnt/auto/usb0 ); // here $list is null This script is in a php file which is running by apache. the $util object is not actually running the command but it is inserting the command in a queue. There is daemon who has root access processing the queue. It means the command in $util-run_command() is executing with root privilege. this command mounts and get the total amount of file/folder very nicely But when I run the second line I see there is no file. How can I fill the list with those file list. It may look that the problem is regarding permission. But I don't think so. Becasue I use the same command I mean the same 2 lines with /mnt/cdrom, and it works very nicely It works, $util-run_command(ls -1 /mnt/cdrom | wc -l);// it shows 200 in my CD rom drive $list = scandir(/mnt/cdrom); // here I get full list of files/folders Why its happening? I want the $list to be filled. Also I need directory and file information so that I can make another list like array(array('Type'='DIR','Name'='music'),array('Type'='DIR','Name'='music1'),array('Type'='FIL','Name'=' elvis.mp3'),array('Type'='FIL','Name'='elvis2.mp3'),...); -- shout at http://me.cmyweb.net/ comment on http://talk.cmyweb.net/ All time available for Hire/Contract/Full Time :) ---End Message--- ---BeginMessage--- 2008. 01. 21, hétfő keltezéssel 20.23-kor shiplu ezt írta: I configured autofs in my fedora so that when I plug any usb stick in /dev/sda1 it automatically mounts in /mnt/auto/usb0 There is two lines where the problem arise. $util-run_command(ls -1 /mnt/auto/usb0 | wc -l);// it shows 13 when I plug my usb stick. $list = scandir(/mnt/auto/usb0 ); // here $list is null This script is in a php file which is running by apache. the $util object is not actually running the command but it is inserting the command in a queue. There is daemon who has root access processing the queue. It means the command in $util-run_command() is executing with root privilege. this command mounts and get the total amount of file/folder very nicely But when I run the second line I see there is no file. How can I fill the list with those file list. It may look that the problem is regarding permission. But I don't think so. Becasue I use the same command I mean the same 2 lines with /mnt/cdrom, and it works very nicely It works, $util-run_command(ls -1 /mnt/cdrom | wc -l);// it shows 200 in my CD rom drive $list = scandir(/mnt/cdrom); // here I get full list of files/folders Why its happening? I'm pretty sure it is because of the permissions on the mounted usb stick. for example my ubuntu automounts my usb stick with permissions 700 and user/group as me. so it would not be accessible by any other user, except root. I think that's what happening in your case. However, I do not know where you can set that up... greets Zoltán Németh I want the $list to be filled. Also I need directory and file information so that I can make another list like array(array('Type'='DIR','Name'='music'),array('Type'='DIR','Name'='music1'),array('Type'='FIL','Name'=' elvis.mp3'),array('Type'='FIL','Name'='elvis2.mp3'),...); ---End Message--- ---BeginMessage--- On Tue, 2008-01-22 at 09:10 +0100, Zoltán Németh wrote: 2008. 01. 21, hétfő keltezéssel 20.23-kor shiplu ezt írta:
Re: [PHP] Tool for programmer team
On Tue, 2008-01-22 at 08:52 +0100, Sándor Tamás (HostWare Kft.) wrote: It depends. If the project built up of slightly different modules, putting the coders on a big, white table seems to be a good idea. But if the modules are completely different, you should separate them, so each of them can be focused on their own subject. In this case, you have to have some people to make the whole project as one, seeing other programmers' works to combine. There are many tool you can use to manage the project. (I personally like open tools, like OpenProj which compatible with Microsoft Project, and if you want to have version controlling, I can suggest Microsoft Visual SourceSafe, or JEDI VCS). Each of them can handle a variety of subjects. OpenProj can organize jobs, and resources. Microsoft VSS and JEDI VCS are version controlling systems, which can handle the code itself, you can check-out modules, make changes, then check-in, so others can use your module as well. (and if you screwed something, you can change back to a previous version). With all the open source version control systems available (CVS, Subversion, GIT) I wouldn't touch something closed source and more importantly tainted by the Microsoft moniker :/ (yes I am fortunate enough to work within Linux all day long). As for other tools... a big stick :) Seriously though, a good method of communication can be useful, it can also be annoying if someone has ADHD and keeps fire off messages or if you constantly find yourself in boring bogged down in bureaucracy meetings :( For project management I'd use something simple like the Mantis bug tracking system (it's quite useful for managing tasks despite being a bug tracking system). Cheers, Rob. -- ... SwarmBuy.com - http://www.swarmbuy.com Leveraging the buying power of the masses! ... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] scandir() in automount/autofs
2008. 01. 21, hétfő keltezéssel 20.23-kor shiplu ezt írta: I configured autofs in my fedora so that when I plug any usb stick in /dev/sda1 it automatically mounts in /mnt/auto/usb0 There is two lines where the problem arise. $util-run_command(ls -1 /mnt/auto/usb0 | wc -l);// it shows 13 when I plug my usb stick. $list = scandir(/mnt/auto/usb0 ); // here $list is null This script is in a php file which is running by apache. the $util object is not actually running the command but it is inserting the command in a queue. There is daemon who has root access processing the queue. It means the command in $util-run_command() is executing with root privilege. this command mounts and get the total amount of file/folder very nicely But when I run the second line I see there is no file. How can I fill the list with those file list. It may look that the problem is regarding permission. But I don't think so. Becasue I use the same command I mean the same 2 lines with /mnt/cdrom, and it works very nicely It works, $util-run_command(ls -1 /mnt/cdrom | wc -l);// it shows 200 in my CD rom drive $list = scandir(/mnt/cdrom); // here I get full list of files/folders Why its happening? I'm pretty sure it is because of the permissions on the mounted usb stick. for example my ubuntu automounts my usb stick with permissions 700 and user/group as me. so it would not be accessible by any other user, except root. I think that's what happening in your case. However, I do not know where you can set that up... greets Zoltán Németh I want the $list to be filled. Also I need directory and file information so that I can make another list like array(array('Type'='DIR','Name'='music'),array('Type'='DIR','Name'='music1'),array('Type'='FIL','Name'=' elvis.mp3'),array('Type'='FIL','Name'='elvis2.mp3'),...); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] scandir() in automount/autofs
2008. 01. 22, kedd keltezéssel 03.15-kor Robert Cummings ezt írta: On Tue, 2008-01-22 at 09:10 +0100, Zoltán Németh wrote: 2008. 01. 21, hétfő keltezéssel 20.23-kor shiplu ezt írta: I configured autofs in my fedora so that when I plug any usb stick in /dev/sda1 it automatically mounts in /mnt/auto/usb0 There is two lines where the problem arise. $util-run_command(ls -1 /mnt/auto/usb0 | wc -l);// it shows 13 when I plug my usb stick. $list = scandir(/mnt/auto/usb0 ); // here $list is null This script is in a php file which is running by apache. the $util object is not actually running the command but it is inserting the command in a queue. There is daemon who has root access processing the queue. It means the command in $util-run_command() is executing with root privilege. this command mounts and get the total amount of file/folder very nicely But when I run the second line I see there is no file. How can I fill the list with those file list. It may look that the problem is regarding permission. But I don't think so. Becasue I use the same command I mean the same 2 lines with /mnt/cdrom, and it works very nicely It works, $util-run_command(ls -1 /mnt/cdrom | wc -l);// it shows 200 in my CD rom drive $list = scandir(/mnt/cdrom); // here I get full list of files/folders Why its happening? I'm pretty sure it is because of the permissions on the mounted usb stick. for example my ubuntu automounts my usb stick with permissions 700 and user/group as me. so it would not be accessible by any other user, except root. I think that's what happening in your case. However, I do not know where you can set that up... Doesn't the root directory of a mounted partition inherit the ownership/permissions of the directory upon which it is mounted? not if it is mounted with some umask and permissions and stuff specified for mount, I think. for example in the above case, my /media dir has permissions 755 owner/group root/root, but when automount mounts my usb stick in /media/KINGSTON it becomes completely different greets Zoltán Németh Cheers, Rob. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] scandir() in automount/autofs
On Tue, 2008-01-22 at 09:10 +0100, Zoltán Németh wrote: 2008. 01. 21, hétfő keltezéssel 20.23-kor shiplu ezt írta: I configured autofs in my fedora so that when I plug any usb stick in /dev/sda1 it automatically mounts in /mnt/auto/usb0 There is two lines where the problem arise. $util-run_command(ls -1 /mnt/auto/usb0 | wc -l);// it shows 13 when I plug my usb stick. $list = scandir(/mnt/auto/usb0 ); // here $list is null This script is in a php file which is running by apache. the $util object is not actually running the command but it is inserting the command in a queue. There is daemon who has root access processing the queue. It means the command in $util-run_command() is executing with root privilege. this command mounts and get the total amount of file/folder very nicely But when I run the second line I see there is no file. How can I fill the list with those file list. It may look that the problem is regarding permission. But I don't think so. Becasue I use the same command I mean the same 2 lines with /mnt/cdrom, and it works very nicely It works, $util-run_command(ls -1 /mnt/cdrom | wc -l);// it shows 200 in my CD rom drive $list = scandir(/mnt/cdrom); // here I get full list of files/folders Why its happening? I'm pretty sure it is because of the permissions on the mounted usb stick. for example my ubuntu automounts my usb stick with permissions 700 and user/group as me. so it would not be accessible by any other user, except root. I think that's what happening in your case. However, I do not know where you can set that up... Doesn't the root directory of a mounted partition inherit the ownership/permissions of the directory upon which it is mounted? Cheers, Rob. -- ... SwarmBuy.com - http://www.swarmbuy.com Leveraging the buying power of the masses! ... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] scandir() in automount/autofs
On Tue, 2008-01-22 at 09:20 +0100, Zoltán Németh wrote: 2008. 01. 22, kedd keltezéssel 03.15-kor Robert Cummings ezt írta: On Tue, 2008-01-22 at 09:10 +0100, Zoltán Németh wrote: 2008. 01. 21, hétfő keltezéssel 20.23-kor shiplu ezt írta: I configured autofs in my fedora so that when I plug any usb stick in /dev/sda1 it automatically mounts in /mnt/auto/usb0 There is two lines where the problem arise. $util-run_command(ls -1 /mnt/auto/usb0 | wc -l);// it shows 13 when I plug my usb stick. $list = scandir(/mnt/auto/usb0 ); // here $list is null This script is in a php file which is running by apache. the $util object is not actually running the command but it is inserting the command in a queue. There is daemon who has root access processing the queue. It means the command in $util-run_command() is executing with root privilege. this command mounts and get the total amount of file/folder very nicely But when I run the second line I see there is no file. How can I fill the list with those file list. It may look that the problem is regarding permission. But I don't think so. Becasue I use the same command I mean the same 2 lines with /mnt/cdrom, and it works very nicely It works, $util-run_command(ls -1 /mnt/cdrom | wc -l);// it shows 200 in my CD rom drive $list = scandir(/mnt/cdrom); // here I get full list of files/folders Why its happening? I'm pretty sure it is because of the permissions on the mounted usb stick. for example my ubuntu automounts my usb stick with permissions 700 and user/group as me. so it would not be accessible by any other user, except root. I think that's what happening in your case. However, I do not know where you can set that up... Doesn't the root directory of a mounted partition inherit the ownership/permissions of the directory upon which it is mounted? not if it is mounted with some umask and permissions and stuff specified for mount, I think. for example in the above case, my /media dir has permissions 755 owner/group root/root, but when automount mounts my usb stick in /media/KINGSTON it becomes completely different The ownership/permissions of /media are not important it's the actual mountpoint that is important. In this case KINGSTON but that is probably being dynamically created. In which case to control the ownership/perms it may be necessary to configure the mount manually versus relying on automount. I'd be interested to see what happens if he creates /mnt/auto/usb0 with appropriate ownership/perms before plugging in the device and letting automount mount it. Cheers, Rob. -- ... SwarmBuy.com - http://www.swarmbuy.com Leveraging the buying power of the masses! ... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Tool for programmer team
Ronald Wiplinger wrote: What is a good tool to coordinate a team of programmers efficiently? To give each one a different part of the project is a start, but it needs to get combined at some points to be a working project. Not to debug code you have written was a hint, to see actually bugs as a bug and not as a feature. Some hinted let programmer be on different places, others say put them together on a big table, ... Where can I find more information about that subject? For me: * SVN (http://www.subversion.org/) for code/VCS * Trac (http://trac.edgewall.org/) for Wiki, VCS viewing, tickets/tasks + more) * Timing And Estimation Plugin (http://www.trac-hacks.org/wiki/TimingAndEstimationPlugin) for tracking time spent on given tasks) * Work Log Plugin (http://www.trac-hacks.org/wiki/WorkLogPlugin) for showing at a glance which tickets the devs are currently (or have recently been) working on (and to add time automatically). * Clients Plugin (http://www.trac-hacks.org/wiki/ClientsPlugin) To track tasks specific to different clients and send edited highlights of development automatically. * Doxygen Plugin (http://www.trac-hacks.org/wiki/DoxygenPlugin) to show doxygen generated code docs inside Trac. Disclaimer: I wrote Work log and Clients. They integrate nicely with Timing And Estimation which I also hacked on. There are lots of holes and lots of improvements that could (and will eventually) be made. Feel free to ask more questions, but the above works for me and my team. Col -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST Array and Cleaning
On Jan 21, 2008 3:22 AM, nihilism machine [EMAIL PROTECTED] wrote: I'm trying to create a function that will first take an array of $_POSTs and give them key/value pairs like variables. For instance, if i had $_POST['whatever'] = whatever, that would be made into $whatever = whatever, then i can clean for sql injection and xss. any ideas here? i use a combination of php.net/filter, bounds checking for integers/etc, appropriate text escaping (i.e. like mysql_escape_string) prior to any db queries with text data, intval($var) on anything needing to be converted to integer (although filter will do that for you too) also - suhosin might help with some things. i run both the patch and the module. Consider usage of a 3rd party lib like Inspekt: http://code.google.com/p/inspekt/ i'll look at this too, thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST Array and Cleaning
On Jan 21, 2008 3:22 AM, nihilism machine [EMAIL PROTECTED] wrote: I'm trying to create a function that will first take an array of $_POSTs and give them key/value pairs like variables. For instance, if i had $_POST['whatever'] = whatever, that would be made into $whatever = whatever, then i can clean for sql injection and xss. any ideas here? Consider usage of a 3rd party lib like Inspekt: http://code.google.com/p/inspekt/ -- Manuel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] building php with DB extension without installing DB locally
hi guys, I want to build php with firebirdDB (ibase) extension (for the purposes of this exercise it could just as well be mysql) without installing firebird on the local machine (i'm moving the DB to a seperate server) ... I can't figure out how to do this apart from installing firebird, building php then removing firebird again - although I'm not sure this would even work. Does anyone know the correct way to go about such a thing? TIA -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Resetting drop-downlists in input-fields for texts
On Mon, 21 Jan 2008 17:25:06 +0100, David Giragosian [EMAIL PROTECTED] wrote: I think this HTML is IE specific, form autocomplete=off ... /form Not sure if you can do it on a tag by tag basis or not, nor what versions it might be limited by. David Thanks a lot! This solution works fine in the three browser I have tested: IE, Firefox and Opera. (In my Opera there is no AutoComplete feature and the parameter is ignored.) Tor -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] building php with DB extension without installing DB locally
Quoting Jochem Maas [EMAIL PROTECTED]: hi guys, I want to build php with firebirdDB (ibase) extension (for the purposes of this exercise it could just as well be mysql) without installing firebird on the local machine (i'm moving the DB to a seperate server) ... I can't figure out how to do this apart from installing firebird, building php then removing firebird again - although I'm not sure this would even work. Does anyone know the correct way to go about such a thing? TIA Think it's the same as compiling with the mysql extension. You need the client libraries to build PHP. So just install the firebird client and compile against that. That should work .. right? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] More frustration with MySQL and PHP
On Jan 21, 2008, at 4:14 PM, Dave Goodchild wrote: Don't be scared of functions, no magic or mystery there, all you are doing is putting your code in a function like so: function add($a, $b) { return $a + $b; } ..for example and calling it like so: $a = 12; $b = 100; $sum = add(12, 13); ...etc etc, not too much more to learn than that and now I can call add() in many places... So all I have to do (At least to really simplify what I'm sure they can do) is put the code I want to execute into the function and then just list the variables as arguments? Such as: function dbconnect ($host, $user, $pass, $database) { mysqli_connect($host, $user, $pass, $database); etc. etc. } Or something like that? And then I can simply call my dbconnect() anywhere I might need to connect to a database? Or a different database? -- Jason Pruim Raoset Inc. Technology Manager MQC Specialist 3251 132nd ave Holland, MI, 49424 www.raoset.com [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Best Approach
[snip] Is PHP a correct approach to solve this tedious problem?? Can I access a servers and get the results of a ls command for instance?? [/snip] You can use some of PHP's functions, such as readdir() (roughly an ls in PHP land http://www.php.net/readdir ). You can also use exec (to execute) and other commands like fopen (to read, write, append). PHP will actually work pretty well. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] form cleaning class
On Jan 21, 2008 11:39 PM, nihilism machine [EMAIL PROTECTED] wrote: now my debug shows that with the following code, all of the $_POST['whatever'] values are blank. class forms { var $UserInput; // Forms to variables function forms() { if (count($_POST) 0) { foreach($_POST as $curPostKey = $curPostVal) { $_POST[$curPostKey] = forms::CleanInput($curPostVal); } } // Debug print_r($_POST); } // Clean XSS function CleanInput($UserInput) { $allowedtags = strongemaulliprehrblockquoteimgspan; $notallowedattribs = array(@javascript:|onclick|ondblclick| onmousedown|onmouseup .|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown| [EMAIL PROTECTED]); $changexssto = ''; $UserInput = preg_replace($notallowedattribs, $changexssto, $UserInput); $UserInput = strip_tags($text, $allowedtags); $UserInput = nl2br($UserInput); return $UserInput; } } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Check out htmlPurifier http://htmlpurifier.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] More frustration with MySQL and PHP
On Jan 22, 2008 8:44 AM, Jason Pruim [EMAIL PROTECTED] wrote: On Jan 21, 2008, at 4:14 PM, Dave Goodchild wrote: Don't be scared of functions, no magic or mystery there, all you are doing is putting your code in a function like so: function add($a, $b) { return $a + $b; } ..for example and calling it like so: $a = 12; $b = 100; $sum = add(12, 13); ...etc etc, not too much more to learn than that and now I can call add() in many places... So all I have to do (At least to really simplify what I'm sure they can do) is put the code I want to execute into the function and then just list the variables as arguments? Such as: function dbconnect ($host, $user, $pass, $database) { mysqli_connect($host, $user, $pass, $database); etc. etc. } Or something like that? And then I can simply call my dbconnect() anywhere I might need to connect to a database? Or a different database? -- Jason Pruim Raoset Inc. Technology Manager MQC Specialist 3251 132nd ave Holland, MI, 49424 www.raoset.com [EMAIL PROTECTED] That is basically it. You're going to want to learn the why, not just the how though. There is a reason for creating functions and it isn't just code reuse. Think about when you want to change your export script. Say you needed to add a field to it. Right now you have to edit some web facing php script mixed with code that handles the request and connects to your database. Wouldn't it be easier if you just could edit a very specific spot that was easy to get to and pop a column on to that instead of sifting through dozens of if statements? Of course the best way to learn is by doing things. So keep on writing stuff and try to keep moving forward judging how you could improve on the design along the way. Please read about programming theory and why you do things. It will save you more time in the end. Another good thing you could do is download some reputable open source projects and look at how they wrote the code and learn from that. And finally make sure that learning about web security is a big part of your growth from day one. Don't wait until you've wrote tons of sites to realize that your code is riddled with XSS sql injection. Here is a starting point: http://talks.php.net/index.php/Security Here is a list of some you might look at: http://drupal.org/ http://fudforum.org/ http://s9y.org/ Stay away from Wordpress and phpBB. =) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] More frustration with MySQL and PHP
Jason Pruim wrote: So all I have to do (At least to really simplify what I'm sure they can do) is put the code I want to execute into the function and then just list the variables as arguments? Such as: function dbconnect ($host, $user, $pass, $database) { mysqli_connect($host, $user, $pass, $database); etc. etc. } Or something like that? And then I can simply call my dbconnect() anywhere I might need to connect to a database? Or a different database? Sort of. I believe the MySQLi extension is intelligent enough to not create multiple connections with the same details from one process, but you might find the following works a bit better... http://dev.stut.net/php/db.inc.phps This is modified from code I used to use but I have not tested this simplified version (the original supports multiple connections which you probably don't need). I now use a class instead of these functions but the basic idea is the same. At any point in your code you can simply to do... $db = GetDB(); ...to get a resource handle to your database, and it takes care of making sure it only keeps one connection around and closes it when the script ends. Yes it uses globals. No I don't care. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] building php with DB extension without installing DB locally
Quoting Jochem Maas [EMAIL PROTECTED]: [EMAIL PROTECTED] schreef: Quoting Jochem Maas [EMAIL PROTECTED]: hi guys, I want to build php with firebirdDB (ibase) extension (for the purposes of this exercise it could just as well be mysql) without installing firebird on the local machine (i'm moving the DB to a seperate server) ... I can't figure out how to do this apart from installing firebird, building php then removing firebird again - although I'm not sure this would even work. Does anyone know the correct way to go about such a thing? TIA Think it's the same as compiling with the mysql extension. You need the client libraries to build PHP. So just install the firebird client and compile against that. That should work .. right? right! I wasn't thinking - it never occurred to me I could install the client libs without the [db] server a quick look with 'apt-cache search' comfirms that I can. thanks for the wake up call :-) np :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] building php with DB extension without installing DB locally
[EMAIL PROTECTED] schreef: Quoting Jochem Maas [EMAIL PROTECTED]: hi guys, I want to build php with firebirdDB (ibase) extension (for the purposes of this exercise it could just as well be mysql) without installing firebird on the local machine (i'm moving the DB to a seperate server) ... I can't figure out how to do this apart from installing firebird, building php then removing firebird again - although I'm not sure this would even work. Does anyone know the correct way to go about such a thing? TIA Think it's the same as compiling with the mysql extension. You need the client libraries to build PHP. So just install the firebird client and compile against that. That should work .. right? right! I wasn't thinking - it never occurred to me I could install the client libs without the [db] server a quick look with 'apt-cache search' comfirms that I can. thanks for the wake up call :-) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] More frustration with MySQL and PHP
On Jan 22, 2008 9:03 AM, Eric Butera [EMAIL PROTECTED] wrote: That is basically it. You're going to want to learn the why, not just the how though. There is a reason for creating functions and it isn't just code reuse. Think about when you want to change your export script. Say you needed to add a field to it. Right now you have to edit some web facing php script mixed with code that handles the request and connects to your database. Wouldn't it be easier if you just could edit a very specific spot that was easy to get to and pop a column on to that instead of sifting through dozens of if statements? Eric's exactly right, J. I started working with PHP about a decade ago (yeah, I was one of the 1% or so that played around with PHP/FI2 - and I still have a copy of it, actually). I really didn't appreciate functions as much as I should have until the release of PHP4, and like Eric said, it's not just for 'reusability' - it's also for portability, centralization, extensibility, and a whole bunch of other great words with expansive suffixes. -- /Dan Daniel P. Brown Senior Unix Geek and #1 Rated Year's Coolest Guy By Self Since Nineteen-Seventy-[mumble]. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] More frustration with MySQL and PHP
On Jan 22, 2008, at 10:32 AM, Daniel Brown wrote: On Jan 22, 2008 9:03 AM, Eric Butera [EMAIL PROTECTED] wrote: That is basically it. You're going to want to learn the why, not just the how though. There is a reason for creating functions and it isn't just code reuse. Think about when you want to change your export script. Say you needed to add a field to it. Right now you have to edit some web facing php script mixed with code that handles the request and connects to your database. Wouldn't it be easier if you just could edit a very specific spot that was easy to get to and pop a column on to that instead of sifting through dozens of if statements? Eric's exactly right, J. I started working with PHP about a decade ago (yeah, I was one of the 1% or so that played around with PHP/FI2 - and I still have a copy of it, actually). I really didn't appreciate functions as much as I should have until the release of PHP4, and like Eric said, it's not just for 'reusability' - it's also for portability, centralization, extensibility, and a whole bunch of other great words with expansive suffixes. I've found many times, that you can find the how by googling for the right terms... It's the Why that you can't learn from code... That's when you gotta dig into books and ask questions :) Once I've had a chance to read some of the info that has been provided and have a project (Maybe I'll even rewrite my current one if it makes it faster!) I'll be asking questions :) So hopefully you guys are ready for some questions that I come up with. Maybe I'll even throw my experience into a webpage for someone who is learning like me... bit by bit. Thanks for all the help you guys provide! I vote to double the pay of everyone who helps here! -- Jason Pruim Raoset Inc. Technology Manager MQC Specialist 3251 132nd ave Holland, MI, 49424 www.raoset.com [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] scandir() in automount/autofs
On Jan 22, 2008 3:26 AM, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2008-01-22 at 09:20 +0100, Zoltán Németh wrote: 2008. 01. 22, kedd keltezéssel 03.15-kor Robert Cummings ezt írta: On Tue, 2008-01-22 at 09:10 +0100, Zoltán Németh wrote: 2008. 01. 21, hétfő keltezéssel 20.23-kor shiplu ezt írta: I configured autofs in my fedora so that when I plug any usb stick in /dev/sda1 it automatically mounts in /mnt/auto/usb0 There is two lines where the problem arise. $util-run_command(ls -1 /mnt/auto/usb0 | wc -l);// it shows 13 when I plug my usb stick. $list = scandir(/mnt/auto/usb0 ); // here $list is null This script is in a php file which is running by apache. the $util object is not actually running the command but it is inserting the command in a queue. There is daemon who has root access processing the queue. It means the command in $util-run_command() is executing with root privilege. this command mounts and get the total amount of file/folder very nicely But when I run the second line I see there is no file. How can I fill the list with those file list. It may look that the problem is regarding permission. But I don't think so. Becasue I use the same command I mean the same 2 lines with /mnt/cdrom, and it works very nicely It works, $util-run_command(ls -1 /mnt/cdrom | wc -l);// it shows 200 in my CD rom drive $list = scandir(/mnt/cdrom); // here I get full list of files/folders Why its happening? I'm pretty sure it is because of the permissions on the mounted usb stick. for example my ubuntu automounts my usb stick with permissions 700 and user/group as me. so it would not be accessible by any other user, except root. I think that's what happening in your case. However, I do not know where you can set that up... Doesn't the root directory of a mounted partition inherit the ownership/permissions of the directory upon which it is mounted? not if it is mounted with some umask and permissions and stuff specified for mount, I think. for example in the above case, my /media dir has permissions 755 owner/group root/root, but when automount mounts my usb stick in /media/KINGSTON it becomes completely different The ownership/permissions of /media are not important it's the actual mountpoint that is important. In this case KINGSTON but that is probably being dynamically created. In which case to control the ownership/perms it may be necessary to configure the mount manually versus relying on automount. I'd be interested to see what happens if he creates /mnt/auto/usb0 with appropriate ownership/perms before plugging in the device and letting automount mount it. How can I give permission to /mnt/auto/usb0 before accessing. There is a way to use $util-run_command(); Let me check if $util-run_command(chmod -R 777 /mnt/auto/usb0) gives a valid array output from scandir() function. Cheers, Rob. -- ... SwarmBuy.com - http://www.swarmbuy.com Leveraging the buying power of the masses! ...
Re: [PHP] More frustration with MySQL and PHP
On Jan 22, 2008 11:21 AM, Jason Pruim [EMAIL PROTECTED] wrote: I've found many times, that you can find the how by googling for the right terms... It's the Why that you can't learn from code... That's when you gotta dig into books and ask questions :) Not just that, but also citing something Eric said in his last message: you learn by doing. Not just the how's and why's of programming, but also the when's, where's, what's and which's. For example: HOW to create a resuable object. WHY it's the expected result that $n = 4.1; serialize($n); may be 4.0996447286321199499070644378662109375, but $x = serialize($n); $x = ($x * 10); will always be 0. WHEN to use variable variables. WHERE to store your private function configuration variables. WHAT the hell a private function versus a public function really is. WHICH search function - eregi(), preg_match(), stristr(), substr() - to use for a specific case. WHO is going to be reading through your code and comments, and is it clear enough? So hopefully you guys are ready for some questions that I come up with. Maybe I'll even throw my experience into a webpage for someone who is learning like me... bit by bit. That's what Tedd does, actually. He's got some great examples that he puts up as time goes by. Check it out here: http://webbytedd.com/ Thanks for all the help you guys provide! I vote to double the pay of everyone who helps here! The pay we get for contributing to the list? That's floor(sin(10)). ;-P -- /Dan Daniel P. Brown Senior Unix Geek and #1 Rated Year's Coolest Guy By Self Since Nineteen-Seventy-[mumble]. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Upgrade to PHP5 and having issues with mysql
Robert Cummings wrote: On Mon, 2008-01-21 at 18:01 -0500, Tom Ray [Lists] wrote: Hey- I'm trying to install PHP5 with mysql support and I keep running into the same problem over and over again. I run the configuration with this: --with-mysql=/usr/local/mysql and without fail I get this every time: ext/mysql/php_mysql.o: In function `zif_mysql_create_db': /home/tech/upgrades/php-5.2.5/ext/mysql/php_mysql.c:1227: undefined reference to `mysql_create_db' ext/mysql/php_mysql.o: In function `zif_mysql_drop_db': /home/tech/upgrades/php-5.2.5/ext/mysql/php_mysql.c:1266: undefined reference to `mysql_drop_db' collect2: ld returned 1 exit status make: *** [sapi/cgi/php-cgi] Error 1 What am I doing wrong here? I'm running mysql 5.0.45 located at /usr/local/mysql which would my my lib directory at /usr/local/mysql/lib I have updated my ld.so.conf file to point to that and I'm still running into issues here. Any thoughts or pointers on what I am doing wrong here? I've never had an issue before but I never had to compile PHP with mysql support since it was always part of the install. What's your ld.so.conf pointing to for MySQL? It should be pointing to: /usr/local/mysql/lib/mysql And not: /usr/local/mysql/lib Presuming that /usr/local/mysql/ contains the following directories as expected: bin/ include/ info/ lib/ libexec/ man/ mysql-test/ share/ sql-bench/ Cheers, Rob. ARUGH! I fixed my ld.so.conf file and tried again and I'm still dying in the make process at the same spot. Here's what I have: ld.so.conf mx02:~:# cat /etc/ld.so.conf /usr/kerberos/lib /usr/X11R6/lib /usr/local/ssl/lib /usr/local/opensrs-client/lib /usr/local/lib/perl5/site_perl/5.6.1/i686-linux /usr/local/freetds/lib /usr/lib/libmcrypt/lib /usr/local/mhash0-9-3/lib /usr/local/mysql/lib/mysql Here's my mysql structure: (var softlinks to data) mx02:~:# ls /usr/local/mysql binCOPYING docs include INSTALL-BINARY libexec mysql-test scripts sql-bench tests configure data EXCEPTIONS-CLIENT info lib man README sharesupport-files var Here's my configuration setup: mx02:~:# ./configure --prefix=/usr/local/php5 --with-apxs2=/usr/local/apache-dev/bin/apxs --with-mysql=/usr/local/mysql Compiles just fine but when I run make I get the errors previously listed. I've run ldconfig, I rebooted the machine...I just don't know what I'm doing wrong here. Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Debugging classes
On Jan 22, 2008 1:06 PM, TG [EMAIL PROTECTED] wrote: I have a semi-good understanding of classes even if I don't totally 'grok' the benefits for the projects I've worked on so far. One thing that keeps smacking me in the face, though, is reverse engineering in order to make proper changes to projects created by others using classes. In particular, I've been doing a lot of Joomla work and I end up doing a global find in files trying to trace things back to see where they're assigned, etc. In particular 2, $this. I know it's a keyword meaing the active object.. I'm cool with that, but sometimes I need to make changes to how things are handled, or what data is included. I can do a print_r and see what type of object it is, look up the class definition, etc, but it still seems like a pretty cumbersome way of doing things. Anyone have any tips for debugging/reverse engineering/noodling-out classes on big projects created by someone else? I figure things out eventually, I just want to speed up the process and do it 'smarter' if possible http://www.php.net/unsub.php unfortunately the runtime relationships of objects can be quite different than relationships between the classes they incarnate. sometimes debugging tools like xdebug can help you see relationships at runtime by mapping out the call stack graphically (checkout kcachegrind). in general though, you need to have an understanding of what the classes in an application are supposed to do / represent. for joomla, have you scoped out the api spec? http://api.joomla.org/li_Joomla-Framework.html i imagine that would help you work through it. -nathan
[PHP] Debugging classes
I have a semi-good understanding of classes even if I don't totally 'grok' the benefits for the projects I've worked on so far. One thing that keeps smacking me in the face, though, is reverse engineering in order to make proper changes to projects created by others using classes. In particular, I've been doing a lot of Joomla work and I end up doing a global find in files trying to trace things back to see where they're assigned, etc. In particular 2, $this. I know it's a keyword meaing the active object.. I'm cool with that, but sometimes I need to make changes to how things are handled, or what data is included. I can do a print_r and see what type of object it is, look up the class definition, etc, but it still seems like a pretty cumbersome way of doing things. Anyone have any tips for debugging/reverse engineering/noodling-out classes on big projects created by someone else? I figure things out eventually, I just want to speed up the process and do it 'smarter' if possible. Thanks! -TG -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Upgrade to PHP5 and having issues with mysql
On Tue, 2008-01-22 at 12:42 -0500, Tom Ray [Lists] wrote: Robert Cummings wrote: On Mon, 2008-01-21 at 18:01 -0500, Tom Ray [Lists] wrote: Hey- I'm trying to install PHP5 with mysql support and I keep running into the same problem over and over again. I run the configuration with this: --with-mysql=/usr/local/mysql and without fail I get this every time: ext/mysql/php_mysql.o: In function `zif_mysql_create_db': /home/tech/upgrades/php-5.2.5/ext/mysql/php_mysql.c:1227: undefined reference to `mysql_create_db' ext/mysql/php_mysql.o: In function `zif_mysql_drop_db': /home/tech/upgrades/php-5.2.5/ext/mysql/php_mysql.c:1266: undefined reference to `mysql_drop_db' collect2: ld returned 1 exit status make: *** [sapi/cgi/php-cgi] Error 1 What am I doing wrong here? I'm running mysql 5.0.45 located at /usr/local/mysql which would my my lib directory at /usr/local/mysql/lib I have updated my ld.so.conf file to point to that and I'm still running into issues here. Any thoughts or pointers on what I am doing wrong here? I've never had an issue before but I never had to compile PHP with mysql support since it was always part of the install. What's your ld.so.conf pointing to for MySQL? It should be pointing to: /usr/local/mysql/lib/mysql And not: /usr/local/mysql/lib Presuming that /usr/local/mysql/ contains the following directories as expected: bin/ include/ info/ lib/ libexec/ man/ mysql-test/ share/ sql-bench/ Cheers, Rob. ARUGH! I fixed my ld.so.conf file and tried again and I'm still dying in the make process at the same spot. Here's what I have: ld.so.conf mx02:~:# cat /etc/ld.so.conf /usr/kerberos/lib /usr/X11R6/lib /usr/local/ssl/lib /usr/local/opensrs-client/lib /usr/local/lib/perl5/site_perl/5.6.1/i686-linux /usr/local/freetds/lib /usr/lib/libmcrypt/lib /usr/local/mhash0-9-3/lib /usr/local/mysql/lib/mysql Here's my mysql structure: (var softlinks to data) mx02:~:# ls /usr/local/mysql binCOPYING docs include INSTALL-BINARY libexec mysql-test scripts sql-bench tests configure data EXCEPTIONS-CLIENT info lib man README sharesupport-files var This looks like the MySQL source tree and not the installation tree. Please provide your ./configure line for building MySQL. Cheers, Rob. -- ... SwarmBuy.com - http://www.swarmbuy.com Leveraging the buying power of the masses! ... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Debugging classes
On Tue, January 22, 2008 12:06 pm, TG wrote: One thing that keeps smacking me in the face, though, is reverse engineering in order to make proper changes to projects created by others using classes. OOP requires a great deal more high-level documentation, to tell what classes do what and how the hierarchy interacts, at least for anything other than trivial example apps. No docs == a lot of work to figure it out. Good class names helps, somewhat, but even the best-named class may have some pretty serious differences from what you expect, just based on the name... In particular, I've been doing a lot of Joomla work and I end up doing a global find in files trying to trace things back to see where they're assigned, etc. grep is your friend. :-) In particular 2, $this. I know it's a keyword meaing the active object.. I'm cool with that, but sometimes I need to make changes to how things are handled, or what data is included. I can do a print_r and see what type of object it is, look up the class definition, etc, but it still seems like a pretty cumbersome way of doing things. You may want to check out Zend IDE, Komodo, etc and see if they can help you in run-time to work out what's what. I don't do OOP, and don't use such high-falutin' tools, but I assume they'd have SOME kind of inspection features to help you do the lookup and find the definition... At least, that would be one of the first features I'd put into an IDE, if I used OOP in PHP and if I used IDEs in the first place... -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Debugging classes
On Jan 22, 2008 2:40 PM, Richard Lynch [EMAIL PROTECTED] wrote: At least, that would be one of the first features I'd put into an IDE, if I used OOP in PHP and if I used IDEs in the first place... actually php-eclipse and pdt both have pretty solid oop support for php. and theyre free. the funny thing is ive actually been getting back into vim ;) rantexternal documentation such as php documentor is key./rant -nathan
Re: [PHP] form cleaning class
On Mon, January 21, 2008 10:39 pm, nihilism machine wrote: $UserInput = strip_tags($text, $allowedtags); $text is not defined, so it's blank, so now $UserInput is blank... This also tells me that you aren't using E_ALL for development, which is a BAD IDEA... -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] building php with DB extension without installing DB locally
On Tue, January 22, 2008 5:04 am, Jochem Maas wrote: I want to build php with firebirdDB (ibase) extension (for the purposes of this exercise it could just as well be mysql) without installing firebird on the local machine (i'm moving the DB to a seperate server) ... I can't figure out how to do this apart from installing firebird, building php then removing firebird again - although I'm not sure this would even work. Does anyone know the correct way to go about such a thing? In order to compile, you need AT LEAST the client headers, sometimes referred to as the -devel package in RPMs. It will probably be easiest to just install/uninstall, though... -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Tool for programmer team
On Tue, January 22, 2008 1:40 am, Ronald Wiplinger wrote: What is a good tool to coordinate a team of programmers efficiently? To give each one a different part of the project is a start, but it needs to get combined at some points to be a working project. Not to debug code you have written was a hint, to see actually bugs as a bug and not as a feature. Some hinted let programmer be on different places, others say put them together on a big table, ... Where can I find more information about that subject? As far as code management and combining goes, I'd put it in subversion and have it combined from the beginning. No last-minute gotchas at the integration phase. Subversion will handle the minor file-to-file multiple developer issues. On the large scale, documenting what works how is the best idea -- And having it in writing, clear and crisp, with the person writing the code involved in the creation of the documentation. You may also want to look into unit testing and test-based development since the idea there is to write some simple code tests to define what the code should do, then code to the test. It may be bad to teach to the test, but coding to the test will probably save you a lot of grief. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] scandir() in automount/autofs
On Mon, January 21, 2008 7:23 pm, shiplu wrote: I configured autofs in my fedora so that when I plug any usb stick in /dev/sda1 it automatically mounts in /mnt/auto/usb0 There is two lines where the problem arise. $util-run_command(ls -1 /mnt/auto/usb0 | wc -l);// it shows 13 when I plug my usb stick. Perhaps do a flush of the file system cache here... http://php.net/clearstatcache Not sure why it would have been loaded in the first place, but that may be it. $list = scandir(/mnt/auto/usb0 ); // here $list is null -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Best Approach
On Mon, January 21, 2008 5:55 pm, Miguel Guirao wrote: Is PHP a correct approach to solve this tedious problem?? Can I access a servers and get the results of a ls command for instance?? I would use PHP, personally, since I know it best. It might be easiest to install PHP on each box, and have it in a cron job to check whateve and send the results, perhaps via email, to somewhere. Another option would be to right a PHP webpage on each box, and have the central box just file_get_contents() on each page -- assuming you can turn on allow_url_fopen on that box. You *could* go whole hog and use PHP to set up RPC or SOAP on each box, to allow you to execute the commands, but that would be a lot of extra work for not much benefit for such a simple task. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] More frustration with MySQL and PHP
REFERER is set or not by the browser choice, and some browsers let you turn it off. It's completely unreliable. Why not just have the download script accept search inputs, and provide two links: Records where name contains 'foo': http://example.com/download.php?name=foo Whole DB: http://example.com/download.php On Mon, January 21, 2008 1:57 pm, Jason Pruim wrote: Today, I found a bug in my software which I was originally happy to find since that means there's one less that I have to worry about... 3 hours later while trying to figure out how to fix it I wish I never found it! Here's the deal, I have a file that exports the records in the database to excel, which works perfectly, except for 1 small thing... If you search the database first, it exports just those records. Basically what I need to do is allow people the choice of either exporting just certain search criteria, or the entire database without having to logout/login each time. I have tried using HTTP_REFERER to grab weither the user is coming from search.php (My search script) or directly from the index.php site which would mean they want the entire database. Nothing I have done has been successful, I either get just the search criteria exported, or I get the entire database depending on which version I try it from. Anyone have any ideas? -- Jason Pruim Raoset Inc. Technology Manager MQC Specialist 3251 132nd ave Holland, MI, 49424 www.raoset.com [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] a better way to do a data import?
If you unset/NULL out *every* variable, then you should not run out of RAM... It might be a heck of a lot faster to LOAD DATA INFILE to a temp table, and then use SQL statements to compare the data and update/insert any altered/missing data... I do something similar with about the same number of rows, so it can be done... On Mon, January 21, 2008 11:35 am, blackwater dev wrote: I have a text file that contains 200k rows. These rows are to be imported into our database. The majority of them will already exists while a few are new. Here are a few options I've tried: I've had php cycle through the file row by row and if the row is there, delete it and do a straight insert but that took a while. Now I have php get the row from the text file and then to array_combine with a default array I have in the class so I can have key value pairs. I then take that generated array and do array_diff to the data array I pulled from the db and I then have the columns that are different so I do an update on only those columns for that specific row. This is slow and after about 180,000 rows, php throws a memory error. I'm resetting all my vars to NULL at each iteration so am not sure what's up. Anyone have a better way to do this? In MySQL, I could simply a replace on each row...but not in postgres. Thanks! -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Resetting drop-downlists in input-fields for texts
On Mon, January 21, 2008 9:31 am, Tor Vidvei wrote: I'm developing a traning page for basic math. The answers are entered by the user in simple text input fields and the same page is returned (after having been processed by php) to the user with indications of correctness or error on each answer. If the AutoComplete feature is turned on a droplist with previous entries are displayed in the answer fields, even if new exercises are generated. This is quite distracting. Is there any way I can block this feature from my php-code, even if it is turned on in the users browser? No. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] performance/load testing ...
apache benchmark, aka ab comes with apache and lets you hit your server as many times as you want. Also see wget and valgrind/callgrind For Windows users, there's something called SuperSmack or some equally silly name... :-) On Mon, January 21, 2008 3:50 am, Jochem Maas wrote: hi guys, I need to do some performance testing for a site of mine. I want to compare performance of various combinations of using APC, Squid, Apache/LightHTTPD mod_php/fastcgi. all very well I can build the various setups but I'm stuck as to how to go about recreating realistic load on the machine in question. I don't want to have to go out and buy some commercial software. STFW is making my head spin. Does anyone have any tips, urls, advice as to how to start going about creating something like a 'test suite' for testing high load performance of a website? TIA -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] regex
You'd need to use a look-ahead or look-behind with PCRE to do this. Search for a thread just last week involving quotes and HTML attributes for an example. PS You could probably get the DB to ignore case in table names and table fields with some kind of set. You also could probably just replace the [ and ] with and keep table names with spaces (ugh!) if all else fails. On Mon, January 21, 2008 3:02 am, Peter wrote: I am trying to convert ms access sql to postgresql using php. I have a sql statement in the form ;- $sql = SELECT DISTINCT [Table Name].[Column.Name], [Table Name 1].[Column Name 2] etc. what I want to end up with is $sql = SELECT DISTINCT table_name.column_name, table_name_1.column_name_2, I have managed to get the caps to lower but I cant work out how to put the _ in place of spaces if the spaces are between [ ]. I either end up with S_E_L_E_C . or SELECT_DISTINCT_ etc... . Naturally I have only used part of sql statement and table, column names have been changed. (Think the one I'm trying on is 2000+ characters. So its not a case of set number of words/numbers between [] it could be 2 or it could be 4 etc) Anyone workout what I am talking about and can help would be appreciated. Peter -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] regex
ANOTHER option would be to query the DB for table names and then its fields. You could then do a dirt-simple str_replace, because you would know exactly what table names to expect. //totally wrong code to give you the idea: $tables = pg_query_something_about_table_names($connection); foreach($tables as $table){ $ms_table = str_replace('_', ' ', $table); $query = str_replace([$ms_table], $table, $query); } This would not be as slick as a single PCRE, but it might be more maintainable for a newbie who would have a tough time with PCRE look-ahead assertions... ymmv On Mon, January 21, 2008 9:55 am, Keith Roberts wrote: Hi Peter. Is this what you want to do. Copy this into a *.php page, and then look at it with your browser. I just refactored one of my heredoc queries to handle your problem. !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; xml:lang=en head titleSQL Regex Tester/title /head body ?php echo Version 1 br /; $this_table = 'MSS TABLE NAME'; $this_id = 5; $sql = OUT select * from $this_table where ID = $this_id OUT; echo Contents of \$sql: br /$sql; echo br /br / Version 2 br /; $sql = SELECT DISTINCT [Table Name].[Column.Name], [Table Name1].[Column Name 2]; echo Contents of \$sql: br /$sql; echo br /br / Version 3 br /; $this_table = 'MSS TABLE NAME'; $this_id = 5; $sql = OUT SELECT DISTINCT [Table Name].[Column.Name], [Table Name1].[Column Name 2] OUT; echo Contents of \$sql: br /$sql; echo br /br / Version 4 br /; $tbl_name = [Table Name]; $col_name = [Column Name]; $tbl_name1 = [Table Name1]; $col_name2 = [Column Name 2]; $sql = OUT SELECT DISTINCT $tbl_name.$col_name, $tbl_name1.$col_name2 OUT; echo Contents of \$sql: br /$sql; echo br /br / Version 5 br /; $sql_query = SELECT DISTINCT; $tbl_name = [Table Name]; $col_name = [Column Name]; $tbl_name1 = [Table Name1]; $col_name2 = [Column Name 2]; $tbl_name = strtolower($tbl_name); $col_name = strtolower($col_name); $tbl_name1 = strtolower($tbl_name1); $col_name2 = strtolower($col_name2); $sql = OUT $sql_query $tbl_name.$col_name, $tbl_name1.$col_name2 OUT; echo Contents of \$sql: br /$sql; echo br /br / Version 6 br /; $sql_query = SELECT DISTINCT; $tbl_name = [Table Name]; $col_name = [Column Name]; $tbl_name1 = [Table Name1]; $col_name2 = [Column Name 2]; // convert to lower case $tbl_name = strtolower($tbl_name); $col_name = strtolower($col_name); $tbl_name1 = strtolower($tbl_name1); $col_name2 = strtolower($col_name2); // remove '[]' characters $tbl_name = trim($tbl_name, []); $col_name = trim($col_name, []); $tbl_name1 = trim($tbl_name1, []); $col_name2 = trim($col_name2, []); // replace space with '_' character $tbl_name = preg_replace('/\s/', '_', $tbl_name); $col_name = preg_replace('/\s/', '_', $col_name); $tbl_name1 = preg_replace('/\s/', '_', $tbl_name1); $col_name2 = preg_replace('/\s/', '_', $col_name2); $sql = OUT $sql_query $tbl_name.$col_name, $tbl_name1.$col_name2 OUT; echo Contents of \$sql: br /$sql; ? /body /html The above code is not optimal, but it works OK. I use the heredoc construct to build my sql query strings. Saves using all those single and double quote characters. http://uk2.php.net/manual/en/language.types.string.php#language.types.string.syntax.heredoc HTH Keith Roberts - Websites: http://www.karsites.net http://www.php-debuggers.net http://www.raised-from-the-dead.org.uk All email addresses are challenge-response protected with TMDA [http://tmda.net] - On Mon, 21 Jan 2008, Peter wrote: To: php-general@lists.php.net From: Peter [EMAIL PROTECTED] Subject: Re: [PHP] regex Well actually not a real lot so far. I'm just trial and error(lots of that) at the moment. I've only been 'playing with php for about a month or so. $file = phptest1.txt; $rep = array (tbl_ , _%, bool default 0, bool default 1, '?'); $wih = array (, _pc, bool DEFAULT FALSE, bool DEFAULT TRUE, ); if (is_file($file)) : $fh = fopen($file, r+) or die(File does not exist); while (! feof($fh)) : $line = fgets($fh,4096); $str = strtolower($line); $str_fixed = str_replace($rep, $wih, $str); print $str_fixed . br /; endwhile; Then as far as the regexp part for replacing the space inbetween [blah blah blah] with _ goes it was a case of try delete try delete etc. I may need to break the string into an array but that in its self adds its own problems. Think one of my problems is Im try to run before I can crawl with php, postgre regex etc. Also its fun trying to workout things when all the books you come across are php/mysql. Came across an old message in my trawl of the news group
[PHP] including files outside of document root
Hi everyone, Been doing some reading on security and have decided that I should be storing my include files outside of the document root... Which I understand how to do it, but what I'm wondering, is say I write the Next Killer App (tm). How would I port that code easily off of my server and put it into a downloadable file for the millions of people who will download and run the Next Killer App (tm)? Err... That doesn't make it very clear... Is there a program for Macintosh or Unix that I could use to grab all the source code from where ever I have it set? Or would I need to make my own? Or should I just quit being lazy and grab it my self? :) -- Jason Pruim Raoset Inc. Technology Manager MQC Specialist 3251 132nd ave Holland, MI, 49424 www.raoset.com [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST/GET into variables
On Mon, January 21, 2008 10:03 am, Nathan Nobbe wrote: On Jan 21, 2008 10:19 AM, Eric Butera [EMAIL PROTECTED] wrote: I don't think making a single generic function to iterate over every value in the GET/POST arrays is a very good idea. Each field on a form can contain very different pieces of data that should be handed quite differently. I know you did point out that this is just an example, but nonetheless your class is intended to iterate over everything with a generic solution. i think applying trim() to all input is appropriate. You're wrong. :-) There is at least one app where whitespace was significant. It might be for integration with some weird legacy system somewhere, but there it is. The sanitizing of any input data HAS to know what the data is supposed to look like, and should be as strict as possible. No single function can handle that without some kind of meta knowledge about the fields coming in from somewhere else. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST/GET into variables
On Jan 22, 2008 3:59 PM, Richard Lynch [EMAIL PROTECTED] wrote: On Mon, January 21, 2008 10:03 am, Nathan Nobbe wrote: On Jan 21, 2008 10:19 AM, Eric Butera [EMAIL PROTECTED] wrote: I don't think making a single generic function to iterate over every value in the GET/POST arrays is a very good idea. Each field on a form can contain very different pieces of data that should be handed quite differently. I know you did point out that this is just an example, but nonetheless your class is intended to iterate over everything with a generic solution. i think applying trim() to all input is appropriate. You're wrong. :-) fair enough; i thought about it after i said that and realized it wasnt the case. too bad somebody had to go and call me out on it ;) There is at least one app where whitespace was significant. It might be for integration with some weird legacy system somewhere, but there it is. The sanitizing of any input data HAS to know what the data is supposed to look like, and should be as strict as possible. No single function can handle that without some kind of meta knowledge about the fields coming in from somewhere else. if there is default behavior that only needs to be applied in most cases then add a parameter to the function or an instance variable that indicates the default behavior should be overridden. as i said earlier, i was not posting this class as a generic solution for all input filtration. it was mainly intended to demonstrate conversion of variables within an array to ones in the current symbol tables using variable variables. note this segment from the original question: ..work by turning all key/value pairs for both get and post into variable names of the same name as the get/post key, and the variable values as the values from the post/get.. i also had no knowledge of the extract() function which basically does the same thing. on another thread today somebody mentioned inspekt, this looks like a pretty solid validation / sanitization system. http://code.google.com/p/inspekt/ i looked at a couple of the other filtration systems eric recommended and appreciate him sharing. -nathan
Re: [PHP] including files outside of document root
On Jan 22, 2008 3:57 PM, Jason Pruim [EMAIL PROTECTED] wrote: Hi everyone, Hi, Jason! Been doing some reading on security and have decided that I should be storing my include files outside of the document root... Which I understand how to do it, but what I'm wondering, is say I write the Next Killer App (tm). How would I port that code easily off of my server and put it into a downloadable file for the millions of people who will download and run the Next Killer App (tm)? Absolutely. It's called a README file. Lots of well-designed applications keep the includes out of the web root, as they should. They're just included in a directory in the tarball, zip file, or whatever is being used to package and distribute the code, with installation instructions in the README or INSTALL file (or a similar counterpart). Err... That doesn't make it very clear... Yes it did. Leave it alone, it'll grow. Is there a program for Macintosh or Unix that I could use to grab all the source code from where ever I have it set? Or would I need to make my own? Or should I just quit being lazy and grab it my self? :) There's always SVN and CVS for file structure and system architecture, but a zip file or tarball would suffice. And you certainly don't want them downloading the files from the actual location on your server, since that defeats the purpose of placing them outside of the web root. Just one example of this is how WHM AutoPilot handles the situation. There's a database directory named mib_data that is included in the zip file with all of the web files. The README/INSTALL document tells you to place that folder outside of the web root (for example, if on a cPanel or same-structure server, make it ~/mib_data/). Very easy to understand and deploy. -- /Dan Daniel P. Brown Senior Unix Geek and #1 Rated Year's Coolest Guy By Self Since Nineteen-Seventy-[mumble]. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Upgrade to PHP5 and having issues with mysql
Robert Cummings wrote: On Tue, 2008-01-22 at 12:42 -0500, Tom Ray [Lists] wrote: Robert Cummings wrote: On Mon, 2008-01-21 at 18:01 -0500, Tom Ray [Lists] wrote: Hey- I'm trying to install PHP5 with mysql support and I keep running into the same problem over and over again. I run the configuration with this: --with-mysql=/usr/local/mysql and without fail I get this every time: ext/mysql/php_mysql.o: In function `zif_mysql_create_db': /home/tech/upgrades/php-5.2.5/ext/mysql/php_mysql.c:1227: undefined reference to `mysql_create_db' ext/mysql/php_mysql.o: In function `zif_mysql_drop_db': /home/tech/upgrades/php-5.2.5/ext/mysql/php_mysql.c:1266: undefined reference to `mysql_drop_db' collect2: ld returned 1 exit status make: *** [sapi/cgi/php-cgi] Error 1 What am I doing wrong here? I'm running mysql 5.0.45 located at /usr/local/mysql which would my my lib directory at /usr/local/mysql/lib I have updated my ld.so.conf file to point to that and I'm still running into issues here. Any thoughts or pointers on what I am doing wrong here? I've never had an issue before but I never had to compile PHP with mysql support since it was always part of the install. What's your ld.so.conf pointing to for MySQL? It should be pointing to: /usr/local/mysql/lib/mysql And not: /usr/local/mysql/lib Presuming that /usr/local/mysql/ contains the following directories as expected: bin/ include/ info/ lib/ libexec/ man/ mysql-test/ share/ sql-bench/ Cheers, Rob. ARUGH! I fixed my ld.so.conf file and tried again and I'm still dying in the make process at the same spot. Here's what I have: ld.so.conf mx02:~:# cat /etc/ld.so.conf /usr/kerberos/lib /usr/X11R6/lib /usr/local/ssl/lib /usr/local/opensrs-client/lib /usr/local/lib/perl5/site_perl/5.6.1/i686-linux /usr/local/freetds/lib /usr/lib/libmcrypt/lib /usr/local/mhash0-9-3/lib /usr/local/mysql/lib/mysql Here's my mysql structure: (var softlinks to data) mx02:~:# ls /usr/local/mysql binCOPYING docs include INSTALL-BINARY libexec mysql-test scripts sql-bench tests configure data EXCEPTIONS-CLIENT info lib man README sharesupport-files var This looks like the MySQL source tree and not the installation tree. Please provide your ./configure line for building MySQL. Cheers, Rob. This is how I setup mysql: #upgrades: cd mysql tar -zxf mysql-version-x.tar.gz cp -R * /usr/local/mysql cd /usr/local/mysql chown -R mysql:mysql * scripts/mysql_install_db --user=mysql /usr/local/mysql/bin/mysqld_safe mysql starts/runs just fine. This server has been upgraded from 3.x to 4.x to 5.0.45 currently. Is there something I'm missing? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] including files outside of document root
On Jan 22, 2008 4:21 PM, Daniel Brown [EMAIL PROTECTED] wrote: On Jan 22, 2008 3:57 PM, Jason Pruim [EMAIL PROTECTED] wrote: Hi everyone, Hi, Jason! Been doing some reading on security and have decided that I should be storing my include files outside of the document root... Which I understand how to do it, but what I'm wondering, is say I write the Next Killer App (tm). How would I port that code easily off of my server and put it into a downloadable file for the millions of people who will download and run the Next Killer App (tm)? Absolutely. It's called a README file. Lots of well-designed applications keep the includes out of the web root, as they should. They're just included in a directory in the tarball, zip file, or whatever is being used to package and distribute the code, with installation instructions in the README or INSTALL file (or a similar counterpart). Err... That doesn't make it very clear... Yes it did. Leave it alone, it'll grow. Is there a program for Macintosh or Unix that I could use to grab all the source code from where ever I have it set? Or would I need to make my own? Or should I just quit being lazy and grab it my self? :) There's always SVN and CVS for file structure and system architecture, but a zip file or tarball would suffice. And you certainly don't want them downloading the files from the actual location on your server, since that defeats the purpose of placing them outside of the web root. Just one example of this is how WHM AutoPilot handles the situation. There's a database directory named mib_data that is included in the zip file with all of the web files. The README/INSTALL document tells you to place that folder outside of the web root (for example, if on a cPanel or same-structure server, make it ~/mib_data/). Very easy to understand and deploy. -- /Dan Daniel P. Brown Senior Unix Geek and #1 Rated Year's Coolest Guy By Self Since Nineteen-Seventy-[mumble]. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php I use Zend Studio. When a php file includes another file zend automatically includes that file in my current project. This is a nice feature. -- shout at http://me.cmyweb.net/ comment on http://talk.cmyweb.net/ All time available for Hire/Contract/Full Time :)
RE: [PHP] mssql and latin characters
Thanks a lot Eric, I read those links and are really interesting. The solution of the problem was changing the OEM character conversion option of MSSql (see attached image) as Frank answer me in PHP-Windows list. Original answer of Frank: -Original Message- From: Frank M. Kromann [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 22, 2008 3:25 PM To: Leticia Larrosa Cc: [EMAIL PROTECTED] Subject: Re: [PHP-WIN] mssql and latin characters Hi Leticia, MS SQL server comes with a set of client tools that allows you to specify the encoding. There is a checkbox in the Client Network Tool that allows you to enable/disable OEM character conversion. Flipping that for the alias you are using to connect to the database should fix the problem. Remember this must be done on the box where PHP is running if that's different from the SQL server box. - Frank Regards Leticia Larrosa -Original Message- From: Eric Butera [mailto:[EMAIL PROTECTED] Sent: Monday, January 21, 2008 5:43 PM To: Leticia Larrosa Cc: php-general@lists.php.net Subject: Re: [PHP] mssql and latin characters On Jan 20, 2008 9:53 PM, Leticia Larrosa [EMAIL PROTECTED] wrote: Hello I have a MSSql 2000 database that have stored data with the follow special characters: ó, í, Ñ, á, é, ú. When I see the data through any MsSql Client I see exactly those characters. The Collation of database is: SQL_Latin1_General_CP1_CI_AS I can't change the method of insert data in database. When I get (with MSSQL PHP extension) data that have some of those characters, I get weird characters instead. For example: A data that in database appears as Girón is obtained by PHP as Gir¢n The problem with the encoding of browser is discarded, because wherever I saw the data appears with weird characters. The code I use to get the data is: ?php mssql_connect('server','user','pass'); mssql_select_db('db'); $r = mssql_query(select some_column from some_table); $d = mssql_fetch_assoc($r); echo $d['some_column']; ? My PHP is 4.4.3, and my SO is XP. Other people ask the same as I'm and get no answer proper are: http://www.psicofxp.com/forums/desarrollo-web.264/226703-php-mssql-y-acento s.html http://www.psicofxp.com/forums/desarrollo-web.264/226703-php-mssql-y-acentos .html http://www.bdat.net/cuestiones_php/php3/0702.html http://www.bdat.net/cuestiones_php/php3/0702.html http://www.forosdelweb.com/f18/problemas-con-caracteres-especiales-acentos- php-mssql-server-364345/ http://www.forosdelweb.com/f18/problemas-con-caracteres-especiales-acentos-p hp-mssql-server-364345/ http://markmail.org/message/7rksvz44sj2te5sl http://markmail.org/message/7rksvz44sj2te5sl http://www.phpbuilder.com/board/archive/index.php/t-10208269.html http://www.phpbuilder.com/board/archive/index.php/t-10208269.html Thanks in advanced. Leticia Larrosa __ Participe en Universidad 2008. 11 al 15 de febrero del 2008. Palacio de las Convenciones, Ciudad de la Habana, Cuba http://www.universidad2008.cu Hi Leticia, You should be using utf-8, really. What you're dealing with are encoding issues. 8bit character sets just can't hold all known characters, so people invented lots of them to make up for this. See my links below for an in depth look. Maybe, just maybe, we can trick the browser into showing your text right. Below the header and the meta tag are the key parts to it. Try this: ?php header(Content-Type: text/html; charset=iso-8859-1); ? html head meta http-equiv=content-type content=text/html; charset=iso-8859-1 /head body i18n ftw! /body /html You might also take a look at: http://www.microsoft.com/sql/technologies/php/default.mspx Also please read this: http://www.phpwact.org/php/i18n/charsets. And this too: http://talks.php.net/show/wereldveroverend-ffm2004 Have fun! __ NOD32 2808 (20080120) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com __ Participe en Universidad 2008. 11 al 15 de febrero del 2008. Palacio de las Convenciones, Ciudad de la Habana, Cuba http://www.universidad2008.cu -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Debugging classes
TG schreef: I have a semi-good understanding of classes even if I don't totally 'grok' the benefits for the projects I've worked on so far. One thing that keeps smacking me in the face, though, is reverse engineering in order to make proper changes to projects created by others using classes. In particular, I've been doing a lot of Joomla work and I end up doing a global find in files trying to trace things back to see where they're assigned, etc. In particular 2, $this. I know it's a keyword meaing the active object.. I'm cool with that, but sometimes I need to make changes to how things are handled, or what data is included. I can do a print_r and see what type of object it is, look up the class definition, etc, but it still seems like a pretty cumbersome way of doing things. debug_print_backtrace() is your friend. that said get an editor that supports debugging and install the required debugging extension on the server (which will probably be your local machine) this will allow you to initiate a debug session that allows you to step through the code line by line. I use Zend (debugger IDE) for this, there are other options but I'm lazy and I've never had the patience to setup PHPEclipse+Xdebug (or something similar) Anyone have any tips for debugging/reverse engineering/noodling-out classes on big projects created by someone else? I figure things out eventually, I just want to speed up the process and do it 'smarter' if possible. debugging is a bit of a black art. the more you do it the handier and more comfortable you get at doing it. it's a bit like sex but with out the reward ;-) Thanks! -TG -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Debugging classes
Vishal Patel schreef: who the fuck are you and why the fuck are you emailing me I'm fucking me actually. and I'm fucking mailing a fucking mailing list which apparently your fucking subscribed to. So now your fucking up to speed. Any other fucking questions? On Jan 22, 2008 11:15 PM, Jochem Maas [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: TG schreef: I have a semi-good understanding of classes even if I don't totally 'grok' the benefits for the projects I've worked on so far. One thing that keeps smacking me in the face, though, is reverse engineering in order to make proper changes to projects created by others using classes. In particular, I've been doing a lot of Joomla work and I end up doing a global find in files trying to trace things back to see where they're assigned, etc. In particular 2, $this. I know it's a keyword meaing the active object.. I'm cool with that, but sometimes I need to make changes to how things are handled, or what data is included. I can do a print_r and see what type of object it is, look up the class definition, etc, but it still seems like a pretty cumbersome way of doing things. debug_print_backtrace() is your friend. that said get an editor that supports debugging and install the required debugging extension on the server (which will probably be your local machine) this will allow you to initiate a debug session that allows you to step through the code line by line. I use Zend (debugger IDE) for this, there are other options but I'm lazy and I've never had the patience to setup PHPEclipse+Xdebug (or something similar) Anyone have any tips for debugging/reverse engineering/noodling-out classes on big projects created by someone else? I figure things out eventually, I just want to speed up the process and do it 'smarter' if possible. debugging is a bit of a black art. the more you do it the handier and more comfortable you get at doing it. it's a bit like sex but with out the reward ;-) Thanks! -TG -- PHP General Mailing List ( http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Vishal Patel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Debugging classes
On Jan 22, 2008 6:15 PM, Jochem Maas [EMAIL PROTECTED] wrote: TG schreef: I have a semi-good understanding of classes even if I don't totally 'grok' the benefits for the projects I've worked on so far. One thing that keeps smacking me in the face, though, is reverse engineering in order to make proper changes to projects created by others using classes. In particular, I've been doing a lot of Joomla work and I end up doing a global find in files trying to trace things back to see where they're assigned, etc. In particular 2, $this. I know it's a keyword meaing the active object.. I'm cool with that, but sometimes I need to make changes to how things are handled, or what data is included. I can do a print_r and see what type of object it is, look up the class definition, etc, but it still seems like a pretty cumbersome way of doing things. debug_print_backtrace() is your friend. that said get an editor that supports debugging and install the required debugging extension on the server (which will probably be your local machine) this will allow you to initiate a debug session that allows you to step through the code line by line. I use Zend (debugger IDE) for this, there are other options but I'm lazy and I've never had the patience to setup PHPEclipse+Xdebug (or something similar) actually, if youre going the eclispe route, xdebug is supported under pdt. its pretty easy to install, because they have an 'all-in-one' bundle that has all the requirements. as jochem said, youll have to install xdebug on the server, which really isnt that bad (depending on your distro ;)). you can also use xdebug with protoeditor if you like, its pretty decent. to be honest though, ive had marginal success with php debuggers so far. i dont know if xdebug + pdt (or protoeditor) is really ready for prime time, but its definately close. of course there are other debuggers out there, but xdebug is really cool. it has several other features as well that make me think its the one to go w/. Anyone have any tips for debugging/reverse engineering/noodling-out classes on big projects created by someone else? I figure things out eventually, I just want to speed up the process and do it 'smarter' if possible. debugging is a bit of a black art. indeed. sometimes, depending on the application, debuggers can almost be life savers. like some of these monstrous proprietary apps i keep getting myself caught up in.. -nathan
Re: [PHP] Debugging classes
Vishal Patel schreef: i dont know why the hell im on it so please whoever did this, i wish they would stop fucking about with my account. please can you unsuscribe me to all such mailing lists as at the moment im recieving about 10 new emails a minute about all this stuff which im sure you can understand is so annoying unsubscribe yourself. and stop bothering me please. it's not my problem. visit here: http://www.php.net/unsub.php or send an email to [EMAIL PROTECTED] (as detailed in the headers of the email you recieve from the mailing list.) many thanks On Jan 22, 2008 11:33 PM, Jochem Maas [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Vishal Patel schreef: who the fuck are you and why the fuck are you emailing me I'm fucking me actually. and I'm fucking mailing a fucking mailing list which apparently your fucking subscribed to. So now your fucking up to speed. Any other fucking questions? On Jan 22, 2008 11:15 PM, Jochem Maas [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: TG schreef: I have a semi-good understanding of classes even if I don't totally 'grok' the benefits for the projects I've worked on so far. One thing that keeps smacking me in the face, though, is reverse engineering in order to make proper changes to projects created by others using classes. In particular, I've been doing a lot of Joomla work and I end up doing a global find in files trying to trace things back to see where they're assigned, etc. In particular 2, $this. I know it's a keyword meaing the active object.. I'm cool with that, but sometimes I need to make changes to how things are handled, or what data is included. I can do a print_r and see what type of object it is, look up the class definition, etc, but it still seems like a pretty cumbersome way of doing things. debug_print_backtrace() is your friend. that said get an editor that supports debugging and install the required debugging extension on the server (which will probably be your local machine) this will allow you to initiate a debug session that allows you to step through the code line by line. I use Zend (debugger IDE) for this, there are other options but I'm lazy and I've never had the patience to setup PHPEclipse+Xdebug (or something similar) Anyone have any tips for debugging/reverse engineering/noodling-out classes on big projects created by someone else? I figure things out eventually, I just want to speed up the process and do it 'smarter' if possible. debugging is a bit of a black art. the more you do it the handier and more comfortable you get at doing it. it's a bit like sex but with out the reward ;-) Thanks! -TG -- PHP General Mailing List ( http://www.php.net/ http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Vishal Patel -- Vishal Patel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Using mysql_real_escape_string without connecting to mysql
I have a file of my own functions that I include in many places. One of them uses mysql_real_escape_string, however, it may be called in a context that will or will not connect to a mysql server, and worse, may already be connected. So I must avoid connecting. However, when I run the script without connecting I get this error: Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user: '[EMAIL PROTECTED]' (Using password: NO) I was thinking about checking if there is a connection, and if not then connecting. This seems redundant to me, however. What is the list's opinion of this situation? Thanks in advance. Dotan Cohen http://what-is-what.com http://gibberish.co.il א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
[PHP] upload problem
any ideas why this does not work? class upload { function upload() { upload::uploader(); } function uploader() { $FileName = basename($_FILES['upload1']['name']); if (move_uploaded_file($_FILES['upload1']['tmp_name'], $FileName)) { chmod($FileName, 0755); rename($FileName, admin/advertisements/ . $FileName); return $FileName; } else { return Error!; } } } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using mysql_real_escape_string without connecting to mysql
Dotan Cohen wrote: I have a file of my own functions that I include in many places. One of them uses mysql_real_escape_string, however, it may be called in a context that will or will not connect to a mysql server, and worse, may already be connected. So I must avoid connecting. However, when I run the script without connecting I get this error: Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user: '[EMAIL PROTECTED]' (Using password: NO) I was thinking about checking if there is a connection, and if not then connecting. This seems redundant to me, however. What is the list's opinion of this situation? Thanks in advance. real_escape_string needs a connection so it knows what encoding and charset the database supports. No way around it sorry :) -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] upload problem
On Jan 22, 2008, at 5:01 PM, nihilism machine [EMAIL PROTECTED] wrote: any ideas why this does not work? class upload { function upload() { upload::uploader(); } function uploader() { $FileName = basename($_FILES['upload1']['name']); if (move_uploaded_file($_FILES['upload1']['tmp_name'], $FileName)) { chmod($FileName, 0755); rename($FileName, admin/advertisements/ . $FileName); return $FileName; } else { return Error!; } } } Try deleting the upload() function. Then: $test = new upload(); $filename = test-uploader(); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] upload problem
On Jan 22, 2008 8:01 PM, nihilism machine [EMAIL PROTECTED] wrote: any ideas why this does not work? class upload { function upload() { upload::uploader(); } function uploader() { $FileName = basename($_FILES['upload1']['name']); if (move_uploaded_file($_FILES['upload1']['tmp_name'], $FileName)) { chmod($FileName, 0755); rename($FileName, admin/advertisements/ . $FileName); return $FileName; } else { return Error!; } } } What do you mean doesn't work? Does it hit the Error! return, does it do nothing, does it come up with a build error? If you're more specific, you'll get better responses and quicker help. -- /Dan Daniel P. Brown Senior Unix Geek and #1 Rated Year's Coolest Guy By Self Since Nineteen-Seventy-[mumble]. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] including files outside of document root
On MOST setups, you might have: /yourhomedirectory /httpd_docs_or_something_like_that /index.php /page2.php /includes /globals.inc /connect.inc /sql So, pretty much, you'd do something like: tar -cvf my_site.tar http_docs includes gzip my_site.tar And then you'd just install that wherever... Nothing peeves me more than some badly-conceived web-app with no way to move the include files out of the web-tree. On Tue, January 22, 2008 2:57 pm, Jason Pruim wrote: Hi everyone, Been doing some reading on security and have decided that I should be storing my include files outside of the document root... Which I understand how to do it, but what I'm wondering, is say I write the Next Killer App (tm). How would I port that code easily off of my server and put it into a downloadable file for the millions of people who will download and run the Next Killer App (tm)? Err... That doesn't make it very clear... Is there a program for Macintosh or Unix that I could use to grab all the source code from where ever I have it set? Or would I need to make my own? Or should I just quit being lazy and grab it my self? :) -- Jason Pruim Raoset Inc. Technology Manager MQC Specialist 3251 132nd ave Holland, MI, 49424 www.raoset.com [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] upload problem
nihilism machine wrote: any ideas why this does not work? 1) the field in the form might not be 'upload1'. 2) the file is too big to upload ( max_upload_size) 3) the /tmp folder might not be writable or full 4) the folder you're trying to write into is not writable (or the drive is full) 5) the rename might not work (same reasons as above) 6) the chmod might fail that'll do for starters :) add error_reporting(E_ALL); and ini_set('display_errors', true); in your script and see what's going on. instead of doing a move-uploaded-file then a rename, combine them: $destination = 'admin/advertisements/' . basename($_FILES['upload1']['name']); if (move_uploaded_file($src, $destination)) { ... } ... -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] including files outside of document root
On Jan 22, 2008 8:09 PM, Richard Lynch [EMAIL PROTECTED] wrote: Nothing peeves me more than some badly-conceived web-app with no way to move the include files out of the web-tree. You may disagree with me on this here, Rich, but the way I do it is to have a single include_files.php file containing all of the files that need to be included as a whole, and a single configuration variable to set where those files are located. I know that they don't all have to be included in that file, but I find it makes it easier, since I use all of them with every page load. I also employ a function safe_include($filename) that uses a combination of file_exists($filename), is_file($filename), and is_readable($filename). If the function fails, no PHP error message is output if the file can't be found, and the script doesn't necessarily halt. If it's a critical file, instead a message is dispatched to my email, and a friendly message is placed on the site informing the user that a technical error has been encountered and will be repaired ASAP. -- /Dan Daniel P. Brown Senior Unix Geek and #1 Rated Year's Coolest Guy By Self Since Nineteen-Seventy-[mumble]. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] general time question
On Sun, January 20, 2008 5:30 pm, jekillen wrote: I am developing an application that uses php with Apache. A user requests a script file from a web site and the server takes such things as $_SERVER['REMOTE_ADDRESS'] You *DO* understand that large-scale ISP's users will change their IP address more often than most drummers change their underwear? For example, an AOL user could have dozens of IP addresses within a single login AOL session. Further, large corporations could have hundreds, nay thousands, of visitors behind a single firewall. For example, *EVERY* visitor to your site who works at IBM will appear (to you) to have the same IP address. So you CANNOT make any assumptions about users and $_SERVER['REMOTE_ADDRESS'] and uses php's time() function to record the time in utc code (which would be the server's system time) and other bits of info and saves it in a php script file on the server. That's fine, if you want to use it as a guess as to whether this is or isn't the same person and force them to re-authenticate to too much changes. But it's not going to work if you assume that any change at all means a different user. The script is a login script. When the user successfully logs in. Javascript is used to send the client time and time zone offset. These are written to this file also. You do understand that you are relying on the user's computer clock to be set correctly, which is frequently simply not the case... And any user can write some JS to send you whatever they want for the date/time/tz. To track the user for statistical and authorization reasons this file is used to authenticate each user request and track usage. Don't do that; It won't work. Use the built-in sessions and require a login/password to authenticate. What I do not understand perfectly at the moment, and I have to learn somewhere sometime, is the figures that are recorded. Well, you made them up... You should have a pretty good idea what they are. :-) I know, I could use php's built in session handling but I have special reasons for doing it this way. I suspect your special reasons aren't sufficiently well thought out... :-) These are the values I am recording: (a sample php script file) $sid = '96f120f9dcf293e64e6dcbd16024491e'; // this is a session id $da = '1200867964'; // this is the value generated by the time() function Number of seconds from midnight GMT JAN 1, 1970, the birth of disco. :-) $hid = '2c9a46c1a5d89469481951065cc6a621';// another session id You should only have one, really... $ctzo = '480'; // This is time zone offset according to what javascript sends No idea, really, what this is... Number of minutes past/before GMT, I suppose, since some time-zones are offset not by an even number of hours, but by so many hours and 15 minutes. It's not my fault. $ctzn = '1200868142247'; // This is the client time according to javascript, which is supposed // to be in milliseconds I doubt that it is in milliseconds... But it would have to be milliseconds from a known start date to be useful. The specific questions are what does the offset '480' mean? (add or subtract from utc/GMT to get local time?) I am in Pacific Standard Time testing this script. The server is also at the same location. But what time zone is the server set to? You could put a server in China and set its time zone to US/Chicago, if you wanted... The javascript time value should be the original request time plus the time it takes for a successful login to be processed: This is extremely doubtful. For starters, depending on whether you do it onLoad or somewhere else, it could include the page rendering or not. And it's relying on the user's clock being set right, which is often not the case. The user types in the info and clicks the form button the client pre submission script is run then the server receives and processes $_POST values and decides if the user has sent a valid id. Ok. Javascript time value is specified as milliseconds. millisecond is 1/1000 of a second, right? and dividing the value by 1000 would give seconds elapsed from Jan 1 1970(?) Yes, but it's probably not in milliseconds from 1/1/1970... I suppose it might be, except that even if it's in seconds, we run out of time in March 2038... I'm unwilling to do the math to find out if milliseconds *COULD* be from 1/1/1970 and still be valid or when it would run out, but you can work it out if you want to. thank you in advance; -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using mysql_real_escape_string without connecting to mysql
On 23/01/2008, Chris [EMAIL PROTECTED] wrote: Dotan Cohen wrote: I have a file of my own functions that I include in many places. One of them uses mysql_real_escape_string, however, it may be called in a context that will or will not connect to a mysql server, and worse, may already be connected. So I must avoid connecting. However, when I run the script without connecting I get this error: Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user: '[EMAIL PROTECTED]' (Using password: NO) I was thinking about checking if there is a connection, and if not then connecting. This seems redundant to me, however. What is the list's opinion of this situation? Thanks in advance. real_escape_string needs a connection so it knows what encoding and charset the database supports. No way around it sorry :) Ah, now that is a good reason. This is becoming problematic... Thanks. Dotan Cohen http://what-is-what.com http://gibberish.co.il א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
Re: [PHP] Digital Downloads and Scale
On Sun, January 20, 2008 1:57 pm, dg wrote: I'd appreciate any insights, or source suggestions regarding site traffic and necessary adjustments. For example, I'm using a simple digital download page for an indie artist. Not a ton of traffic, not a ton of concurrent requests. Was thinking about introducing something similar for a bigger artist(though still not huge) and I'm concerned for any trouble more demand might create. On the web server side, I'm not worried, as it's on a Pair high volume account. Define still not huge for us; Name the artist. Almost for sure, a Pair high volume account will be MORE than enough for still not huge, but I'd rather be safe than sorry. You probably should consider just how many concurrent requests you expect, and then engineer for 10X that to be safe. Unless it's really huge, and you'd be engineering for more like 3X or 5X. I am concerned where I might need back-ups or adjustments to code and database queries. Not quite sure where to start in researching this - any ideas or keywords would be appreciated. You may or may not need distributed servers and all that. But you'll have to define: how many requests per second you expect to handle how mission-critical it is to not be down more than X seconds just how DB-heavy is the site If it's JUST the digital downloads that need to scale out, and the site itself doesn't, you can consider hosting the digital content on multiple servers with akami or a similar service. Without at least that much, it's like asking how long a piece of rope you need to rappel down a mountain, without saying which mountain... :-) -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] password hashing and crypt()
On Sat, January 19, 2008 2:11 pm, Nathan Nobbe wrote: http://www.php.net/manual/en/function.crypt.php has a second parameter, $salt, which, if not supplied will be automatically generated and presumably become a prefix or suffix of the returned string. Or, in some algorithms, gets buried in the middle at a known offset. Go figure. now, the article on the phpsec website http://phpsec.org/articles/2005/password-hashing.html recommends to externally create a salt and to store that in a separate field in the database, which would then be used for subsequent password verification. You would not need to store it separately, as it is built-in to the crytped value anyway. theoretically, however, if the password is generated without a user supplied salt, there is a salt already embedded in the password anyway. True. so, i have the following questions 1. is the phpsec technique bloated or unnecessary A bit of bloat, but you have to have a million records or it to even start to matter, really... Disk space is cheap, and not going to be your bottleneck. 2. is it better to create a user supplied salt, and why or why not Do *NOT* let PHP pick the salt for you. Here is why. Suppose server/host A has Blowfish, Twofish, Redfish, etc, all installed. PHP will pick the best one, and choose the salt that makes sense for that algorithm. Now suppose server/host B does NOT have that algorithm installed, and you have moved to server/host B. Suddenly, PHP is picking a different algorithm, and your database has two different kinds of passwords in it, and all kinds of problems ensue. If YOU pick the appropriate salt length/format, PHP will know which algorithm you are using, and will error out if that algorithm is not installed, which means you can do something intelligent (like install the dang thing) rather than fill up your DB with incompatible password algorithms. This has happened to me, and it was a royal PITA. :-) 3. is crypt() 'intended' to be used w/o a user provided salt, since it is a stable algorithm I think the intent of making it optional was Good, but in Practice, it's just a Bad Idea (tm). -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] password hashing and crypt()
On Sat, January 19, 2008 8:24 pm, Eric Butera wrote: I always make sure that I use a site specific salt which is just appended on the user supplied value. I started doing that when I read that people had created huge databases of hashed values that they can just search on. At least this way no matter what the password isn't a dictionary word. As for if that really adds value in the end I can't say as I'm not really a security expert. Eg. hash('sha256', $input.$salt); The Bad Guys create humongous databases of every dictionary word with every possible salt... So what salt you use does not matter... So I don't think you are really adding any extra security here... -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] password hashing and crypt()
Richard Lynch wrote: On Sat, January 19, 2008 8:24 pm, Eric Butera wrote: I always make sure that I use a site specific salt which is just appended on the user supplied value. I started doing that when I read that people had created huge databases of hashed values that they can just search on. At least this way no matter what the password isn't a dictionary word. As for if that really adds value in the end I can't say as I'm not really a security expert. Eg. hash('sha256', $input.$salt); The Bad Guys create humongous databases of every dictionary word with every possible salt... So what salt you use does not matter... Sure it does. I could use my server name or the application's url, the current time, whatever I like and put all of that in the salt. There's no way they'll have that in their dictionary. As long as I store the salt I know how to compare it again later. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] including files outside of document root
On Tue, January 22, 2008 7:17 pm, Daniel Brown wrote: On Jan 22, 2008 8:09 PM, Richard Lynch [EMAIL PROTECTED] wrote: Nothing peeves me more than some badly-conceived web-app with no way to move the include files out of the web-tree. You may disagree with me on this here, Rich, but the way I do it is to have a single include_files.php file containing all of the files that need to be included as a whole, and a single configuration variable to set where those files are located. I know that they don't all have to be included in that file, but I find it makes it easier, since I use all of them with every page load. Can I put that include_files.php outside the web-tree as well? Or is the rest of your application bypassing include_path to force it to be inside the web-tree? I also employ a function safe_include($filename) that uses a combination of file_exists($filename), is_file($filename), and is_readable($filename). If the function fails, no PHP error message is output if the file can't be found, and the script doesn't necessarily halt. If it's a critical file, instead a message is dispatched to my email, and a friendly message is placed on the site informing the user that a technical error has been encountered and will be repaired ASAP. This sounds nifty for your own clients, but I don't think it would work well for, say, BB or Cake or phpMyAdmin... I'm pretty sure the authors of those don't want an email from every broken install... :-) -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using mysql_real_escape_string without connecting to mysql
On Tue, January 22, 2008 7:01 pm, Dotan Cohen wrote: I have a file of my own functions that I include in many places. One of them uses mysql_real_escape_string, however, it may be called in a context that will or will not connect to a mysql server, and worse, may already be connected. So I must avoid connecting. However, when I run the script without connecting I get this error: Don't do that? :-) Can the file really do anything useful without the DB? When there *IS* a connection, how do you access it? Can't the file check somehow? -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net
On Sat, January 19, 2008 12:51 pm, Per Jessen wrote: David Powers wrote: When I subscribed to the PHP general mailing list I did not give permission for this. This is an international list, and what you're doing breaks EU privacy laws, and possibly those in other countries too. Hmm, I'm not so sure about that. By participating on a public mailing list, you accept that your postings and your email-address may be essentially be sent to all and sundry. You'll also have a VERY tough time trying to ram EU privacy laws through a non-EU court, if Dan is not in the EU... You *know* it's an international list, so you *know* you cannot expect your local laws to apply. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using mysql_real_escape_string without connecting to mysql
On 23/01/2008, Richard Lynch [EMAIL PROTECTED] wrote: On Tue, January 22, 2008 7:01 pm, Dotan Cohen wrote: I have a file of my own functions that I include in many places. One of them uses mysql_real_escape_string, however, it may be called in a context that will or will not connect to a mysql server, and worse, may already be connected. So I must avoid connecting. However, when I run the script without connecting I get this error: Don't do that? :-) Can the file really do anything useful without the DB? The file defines some of my own functions, like these: function clean_html ($dirty) { $dirty=strip_tags($dirty); $clean=htmlentities($dirty); return $clean; } function clean_mysql ($dirty) { $dirty=str_replace (--, , $dirty); $dirty=str_replace (;, , $dirty); $clean=mysql_real_escape_string($dirty); return $clean; } I use these functions in many places, so I simply put them all in a file and include it in each page. When there *IS* a connection, how do you access it? mysql_fetch_array or mysql_result Can't the file check somehow? I suppose that it could, by checking the return of one of the two functions above. Lucky for me, I always use UTF-8 so I won't get stuck connecting with one encoding yet doing mysql_real_escape_string with another, which would be a problem if I had to deal with multiple encodings. Dotan Cohen http://what-is-what.com http://gibberish.co.il א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
Re: [PHP] password hashing and crypt()
On Tue, January 22, 2008 7:43 pm, Chris wrote: Richard Lynch wrote: On Sat, January 19, 2008 8:24 pm, Eric Butera wrote: I always make sure that I use a site specific salt which is just appended on the user supplied value. I started doing that when I read that people had created huge databases of hashed values that they can just search on. At least this way no matter what the password isn't a dictionary word. As for if that really adds value in the end I can't say as I'm not really a security expert. Eg. hash('sha256', $input.$salt); The Bad Guys create humongous databases of every dictionary word with every possible salt... So what salt you use does not matter... Sure it does. I could use my server name or the application's url, the current time, whatever I like and put all of that in the salt. There's no way they'll have that in their dictionary. As long as I store the salt I know how to compare it again later. For the algorithms used by crypt(), the salt is IN the crypted value. If the Bad Guy has the crypted value, they already have the salt. They can maybe make a dictionary that is MUCH larger with every possible salt, and do a simple comparison. Or they can quickly write up a crypt()-based script that extracts the salt and tries the Top 10,000 passwords for each. Most Un*x systems come with /usr/share/dict/web2, Webster's second edition dictionary. It has only 235,882 words in it. How many possible salts are there? DES only lets you have 2 chars, a-z, right? 235,882 X 26 X 26 is not exactly a HUGE database of possible values to have on hand. The 1$ and 2$ salts are longer, but I suspect still not THAT much longer. The salt only increases the difficulty by a factor of X, but doesn't make it geometrically harder to crack -- So a Bad Guy only has to have X times as much resources, for a relatively small X. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] sessions/cookies
I wrote an authentication class in php4. The sessions dont seem to be working with internet explorer, just with FF. here is the code below, a cookies notice pops up when you try and login: ?php class auth { var $UserID; var $AdminLevel; var $FirstName; var $LastName; var $DateAdded; var $MobileTelephone; var $LandLineTelephone; // Connect to the database function auth() { mysql_connect('','','') or die('ERROR: Could not connect to database'); mysql_select_db('') or die('ERROR: Could not select database'); } // Attempt to login a user function CheckValidUser($Email,$Password) { $result = mysql_query('SELECT * FROM Users'); $Password = $this-encode($Password); if (mysql_num_rows($result) != 0) { while($row = mysql_fetch_assoc($result)) { if (!strcmp($row['Email'],$Email)) { if (!strcmp($row['Password'],$Password)) { // User info stored in Globals $this-UserID = $row['ID']; $this-AdminLevel = $row['Admin_Level']; $this-FirstName = $row['First_Name']; $this-LastName = $row['Last_Name']; $this-DateAdded = $row['Date_Added']; $this-MobileTelephone = $row['Telephone_Mobile']; $this-LandLineTelephone = $row['Telephone_Land_Line']; // User info stored in Sessions session_start(); $_SESSION['Status'] = loggedIn; $_SESSION['Email'] = $row['Email']; $_SESSION['AdminLevel'] = $row['Admin_Level']; $_SESSION['LandLine'] = $row['Telephone_Land_Line']; $_SESSION['MobileTelephone'] = $row['Telephone_Mobile']; $_SESSION['FirstName'] = $row['First_Name']; $_SESSION['LastName'] = $row['Last_Name']; return true; } } } header(Location: index.php?error=invalidLogin); } else { die('ERROR: No Users in the database!'); } } // Create a new user account function CreateUser($Email, $Password, $AdminLevel, $LandLineTelephone, $MobileTelephone, $FirstName, $LastName) { $Password = $this-encode($Password); $this-AccessLevel = $AdminLevel; $DateAdded = date(Y-m-d H:i:s); mysql_query(INSERT INTO Users (Email, Password, Admin_Level, Date_Added, First_Name, Last_Name, Telephone_Land_Line, Telephone_Mobile) VALUES ('$Email','$Password','$AdminLevel', '$DateAdded', '$FirstName', '$LastName', '$LandLineTelephone', '$MobileTelephone')) or die(mysql_error()); return $this-UserID = mysql_insert_id(); } // Update a users access level function UpdateAccessLevel($ID,$AdminLevel) { mysql_query(UPDATE Users SET Admin_Level='$AdminLevel' WHERE ID= $ID) or die(mysql_error()); return true; } // Delete a user function DeleteUser($ID) { mysql_query(DELETE FROM Users WHERE ID=$ID) or die(mysql_error()); return true; } // Get a users access level function GetAccessLevel() { return $this-AccessLevel; } // Get a users ID function GetUserID() { return $this-UserID; } // Log user out function LogOut() { session_start(); session_unset(); session_destroy(); header(Location: index.php); } // Check users access level to see if they have clearance for a certain page function CheckUserLevel($RequiredLevel) { if ($_SESSION['AdminLevel'] $RequiredLevel) { if ($_SESSION['AdminLevel'] == 2) { header(Location: financial.php); } else if ($_SESSION['AdminLevel'] == 1) { header(Location: user.php); } else {
Re: [PHP] password hashing and crypt()
Richard Lynch wrote: On Tue, January 22, 2008 7:43 pm, Chris wrote: Richard Lynch wrote: On Sat, January 19, 2008 8:24 pm, Eric Butera wrote: I always make sure that I use a site specific salt which is just appended on the user supplied value. I started doing that when I read that people had created huge databases of hashed values that they can just search on. At least this way no matter what the password isn't a dictionary word. As for if that really adds value in the end I can't say as I'm not really a security expert. Eg. hash('sha256', $input.$salt); The Bad Guys create humongous databases of every dictionary word with every possible salt... So what salt you use does not matter... Sure it does. I could use my server name or the application's url, the current time, whatever I like and put all of that in the salt. There's no way they'll have that in their dictionary. As long as I store the salt I know how to compare it again later. For the algorithms used by crypt(), the salt is IN the crypted value. Yeh - I pointed that out here: http://marc.info/?l=php-generalm=120095678525654w=2 But Eric's example was using sha256, not crypt. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mssql and latin characters
On Jan 22, 2008 6:00 PM, Leticia Larrosa [EMAIL PROTECTED] wrote: Thanks a lot Eric, I read those links and are really interesting. The solution of the problem was changing the OEM character conversion option of MSSql (see attached image) as Frank answer me in PHP-Windows list. Original answer of Frank: -Original Message- From: Frank M. Kromann [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 22, 2008 3:25 PM To: Leticia Larrosa Cc: [EMAIL PROTECTED] Subject: Re: [PHP-WIN] mssql and latin characters Hi Leticia, MS SQL server comes with a set of client tools that allows you to specify the encoding. There is a checkbox in the Client Network Tool that allows you to enable/disable OEM character conversion. Flipping that for the alias you are using to connect to the database should fix the problem. Remember this must be done on the box where PHP is running if that's different from the SQL server box. - Frank Regards Leticia Larrosa -Original Message- From: Eric Butera [mailto:[EMAIL PROTECTED] Sent: Monday, January 21, 2008 5:43 PM To: Leticia Larrosa Cc: php-general@lists.php.net Subject: Re: [PHP] mssql and latin characters On Jan 20, 2008 9:53 PM, Leticia Larrosa [EMAIL PROTECTED] wrote: Hello I have a MSSql 2000 database that have stored data with the follow special characters: ó, í, Ñ, á, é, ú. When I see the data through any MsSql Client I see exactly those characters. The Collation of database is: SQL_Latin1_General_CP1_CI_AS I can't change the method of insert data in database. When I get (with MSSQL PHP extension) data that have some of those characters, I get weird characters instead. For example: A data that in database appears as Girón is obtained by PHP as Gir¢n The problem with the encoding of browser is discarded, because wherever I saw the data appears with weird characters. The code I use to get the data is: ?php mssql_connect('server','user','pass'); mssql_select_db('db'); $r = mssql_query(select some_column from some_table); $d = mssql_fetch_assoc($r); echo $d['some_column']; ? My PHP is 4.4.3, and my SO is XP. Other people ask the same as I'm and get no answer proper are: http://www.psicofxp.com/forums/desarrollo-web.264/226703-php-mssql-y-acento s.html http://www.psicofxp.com/forums/desarrollo-web.264/226703-php-mssql-y-acentos .html http://www.bdat.net/cuestiones_php/php3/0702.html http://www.bdat.net/cuestiones_php/php3/0702.html http://www.forosdelweb.com/f18/problemas-con-caracteres-especiales-acentos- php-mssql-server-364345/ http://www.forosdelweb.com/f18/problemas-con-caracteres-especiales-acentos-p hp-mssql-server-364345/ http://markmail.org/message/7rksvz44sj2te5sl http://markmail.org/message/7rksvz44sj2te5sl http://www.phpbuilder.com/board/archive/index.php/t-10208269.html http://www.phpbuilder.com/board/archive/index.php/t-10208269.html Thanks in advanced. Leticia Larrosa __ Participe en Universidad 2008. 11 al 15 de febrero del 2008. Palacio de las Convenciones, Ciudad de la Habana, Cuba http://www.universidad2008.cu Hi Leticia, You should be using utf-8, really. What you're dealing with are encoding issues. 8bit character sets just can't hold all known characters, so people invented lots of them to make up for this. See my links below for an in depth look. Maybe, just maybe, we can trick the browser into showing your text right. Below the header and the meta tag are the key parts to it. Try this: ?php header(Content-Type: text/html; charset=iso-8859-1); ? html head meta http-equiv=content-type content=text/html; charset=iso-8859-1 /head body i18n ftw! /body /html You might also take a look at: http://www.microsoft.com/sql/technologies/php/default.mspx Also please read this: http://www.phpwact.org/php/i18n/charsets. And this too: http://talks.php.net/show/wereldveroverend-ffm2004 Have fun! __ NOD32 2808 (20080120) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com __ Participe en Universidad 2008. 11 al 15 de febrero del 2008. Palacio de las Convenciones, Ciudad de la Habana, Cuba http://www.universidad2008.cu Thank you for posting the answer to the list for archives! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP SOAP Client formats
This is a typical .NET vs. PHP interop problem, and happens because the .NET services (or clients) expect the payload to be namespace qualified as you have figured out. I too have looked into this with PHP SOAP extension, and what I gathered is that the WSDL mode implementation needs to pick the qualifying namespace and make that the default namespace of payload. However, I could not locate the exact point in C code to fix this. Samisa... Michael Gross wrote: Hi I have a similar problem, only the other way round: the server is PHP, the client is C#. I found that the problem is that the xmlns=https://api.authorize.net/soap/v1/; in the AuthenticateTest-tag is needed. I tried to modify the PHP source code, but I had no success yet (it would be fantastic, if someone could give me a hint where the XML representation is built). Michael Tim Traver wrote: The problem that I have is that the server that I am talking to (that is not in my control), will accept the following SOAP call ?xml version=1.0 encoding=utf-8? soap:Envelope xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns:xsd=http://www.w3.org/2001/XMLSchema; xmlns:soap=http://schemas.xmlsoap.org/soap/envelope/; soap:Body AuthenticateTest xmlns=https://api.authorize.net/soap/v1/; merchantAuthentication namename/name transactionKeystring/transactionKey /merchantAuthentication /AuthenticateTest /soap:Body /soap:Envelope -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] sessions/cookies
On Jan 22, 2008 9:15 PM, nihilism machine [EMAIL PROTECTED] wrote: I wrote an authentication class in php4. The sessions dont seem to be working with internet explorer, just with FF. here is the code below, a cookies notice pops up when you try and login: Hi, I took a quick look at your code. I haven't pin-pointed exactly what the issue is because there is really way too much going on there. I'd suggest you look at your error log and see if there are any warnings. Here is some advice: - Having a class named auth is a bad idea. Is auth authentication or authorization? - The auth class itself really shouldn't be directly accessing the session or database. You should write drivers and interfaces that implement this functionality for you. - Hard coding header redirects (That aren't absolute by the way) means you have to modify your authorization class instead of behavior based on if you log in or not. That isn't a good idea. By separating out concerns it will make your class a lot smaller and easier to work with. I realize this link I'm posting is called auth too, but that wasn't my choice. You can see that they have drivers so that authentication itself is a generic idea and you implement it against a specific thing such as a mysql users table or htpassword. http://solarphp.com/package/Solar_Auth -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Upgrade to PHP5 and having issues with mysql
On Tue, 2008-01-22 at 16:47 -0500, Tom Ray [Lists] wrote: This is how I setup mysql: #upgrades: cd mysql tar -zxf mysql-version-x.tar.gz cp -R * /usr/local/mysql cd /usr/local/mysql chown -R mysql:mysql * scripts/mysql_install_db --user=mysql /usr/local/mysql/bin/mysqld_safe mysql starts/runs just fine. This server has been upgraded from 3.x to 4.x to 5.0.45 currently. Is there something I'm missing? Ah, I see. I install from source so don't have the same layout. Hmm, I don't know what the problem is then :/ Cheers, Rob. -- ... SwarmBuy.com - http://www.swarmbuy.com Leveraging the buying power of the masses! ... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] sessions/cookies
On Jan 22, 2008 9:54 PM, Eric Butera [EMAIL PROTECTED] wrote: I realize this link I'm posting is called auth too, but that wasn't my choice. that was kind of funny after your initial criticizm above, but to solars credit, its the auth 'package' so really the name isnt too bad, id say. You can see that they have drivers so that authentication itself is a generic idea and you implement it against a specific thing such as a mysql users table or htpassword. eric is totally right here; at a quick look at you code, i saw auth, ... create user,.. database.. cookie; im thinking what exactly is going on here. the general idea behind a class is to 'encapsulate' things that change into a little self-contained unit. ideally the class doent know how the insides of other classes work, nor do other classes know how it works on the inside. in order to realize this, you should strive for classes with a high degree of cohesion. http://en.wikipedia.org/wiki/Cohesion_(computer_science) although there is no real metric for this concept, most people can grasp the concept and have an idea when code has either a low or high degree of cohesion. if you want some advice on your class, i would start by breaking out the CheckUserLevel(), and CreateUser() methods into a User class, you might also consider a Session class. if you want some advice on how to solve your problem here is my suggestion; you need to isolate the behavior that is not working correctly. this feat becomes difficult when you have lots of variable behaviors in one place. break your class into pieces and test the pieces individually; once they all work individually, then they should work as a group without too much effort. if that isnt working (when you get there) then the code that glues it all together is to blame. -nathan
Re: [PHP] Tool for programmer team
On Jan 22, 2008 2:40 AM, Ronald Wiplinger [EMAIL PROTECTED] wrote: What is a good tool to coordinate a team of programmers efficiently? that is a big question, primarily because there are many facets of coordination with different tools to help out. obviously version control is one of the fundamental tools of this coordination. it lets you do things like maintain 'versions' of your software. there are many ways to leverage this concept. development version vs production version; customerA version vs. customerB version and so on. there is also the nice aspect where multiple developers can work on the same file simultaneously. any one of the standard tools (others have already mentioned) cvs, svn, git will have literature on basic usage of the software and the underlying concepts. in general though i think the question of managing efficiently is not the greatest perspective. i would instead focus on managing 'effectively', see the 7 habits of highly effective people. and its still somewhat of an art in the end. To give each one a different part of the project is a start, but it needs to get combined at some points to be a working project. here you are getting into several potential topics as well. so, the main thing here is dependencies. say 2 developers are given a number of 'components' to work on. pretty simple right, look at the requirements, devA gets tasks 1-4, devB gets tasks 5-8; no problem. what you need to consider here are the relationships between the tasks, in particular, are any of tasks 5-8 dependent upon any of tasks 1-4? if so, then devB could end up having to wait for devA to complete a dependent task before progress on said dependent task is possible. your decision here can also have an impact on the design of the software as a whole. see, organizing the tasks in such a way that there are no dependencies in the tasks devA and devB have (or next to none anyway) then you will get a high degree of throughput, because they can both be working on completing different objectives simultaneously; its sort of like threading. i am of the opinion however, that this can get you some poorly designed software. the developers may not be leveraging the strengths and covering the weaknesses of each other. furthermore, its ideal to divide software into horizontal layers rather than vertical towers. its more complicated, but you have a better product as a result. so anyway this topic is a big overall decision. Not to debug code you have written was a hint, to see actually bugs as a bug and not as a feature. obviously you will have to debug code you write that isnt working. generally, functionality is perceived as 'features' near the beginning of a development cycle, and as 'bugs' towards the release of a development cycle. watch out for deeming everything as a bug, because then youll get trapped in a horrible realm where you only implement functionality to fix these 'bugs'. you should have a cycle with well defined phases and stick to it. one important phase is after a major release, you need to go through the code, re-organize it, consolidate things and remove the dust. this will keep you in good shape for the next round of features (if you perceive them as such ;)) Some hinted let programmer be on different places, others say put them together on a big table, ... probly you should start small with everyone at the same location until you have the basics down. Where can I find more information about that subject? check out the mythical man month if you get a chance. its a short book that is generally considered as legendary. its been recommended to me by 2 completely unrelated millionaires and the dude who wrote the Solar framework; basically, its key ;) (but it wont help you to master any of these modern tools) -nathan
Re: [PHP] password hashing and crypt()
alright, so you guys have responded and im really appreciative. you have me thinking now.. so what are the real issues here? 1. portability 2. security (obviously) im wondering now if crypt() is really even so practical. especially considering the deal where only 2 characters are prepended as the salt. in the article i referenced, what theyve done is written a function that creates a password with a salt whereby the entire salt will be used in the resultant hash (actually a definable portion thereof): define('SALT_LENGTH', 9); function generateHash($plainText, $salt = null) { if ($salt === null) { $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH); } else { $salt = substr($salt, 0, SALT_LENGTH); } return $salt . sha1($salt . $plainText); } i must admit that i didnt realize they were not using crypt() in this function. i must have glazed over it :( after all this discussion, im now mostly looking for a reason to use crypt() rather than to implement a function such as the one above. it has the advantage of a known, consistent algorithm, that will be used to generate the hash, rather than one that could potentially change on a per system or future release basis; and the salt isnt limited to 2 characters. -nathan
Re: [PHP] password hashing and crypt()
On Wed, 2008-01-23 at 00:40 -0500, Nathan Nobbe wrote: alright, so you guys have responded and im really appreciative. you have me thinking now.. so what are the real issues here? 1. portability 2. security (obviously) im wondering now if crypt() is really even so practical. especially considering the deal where only 2 characters are prepended as the salt. in the article i referenced, what theyve done is written a function that creates a password with a salt whereby the entire salt will be used in the resultant hash (actually a definable portion thereof): define('SALT_LENGTH', 9); function generateHash($plainText, $salt = null) { if ($salt === null) { $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH); } else { $salt = substr($salt, 0, SALT_LENGTH); } return $salt . sha1($salt . $plainText); } i must admit that i didnt realize they were not using crypt() in this function. i must have glazed over it :( after all this discussion, im now mostly looking for a reason to use crypt() rather than to implement a function such as the one above. it has the advantage of a known, consistent algorithm, that will be used to generate the hash, rather than one that could potentially change on a per system or future release basis; and the salt isnt limited to 2 characters. Other than supporting legacy apps that used crypt() I don't see any reason to use it now. Cheers, Rob. -- ... SwarmBuy.com - http://www.swarmbuy.com Leveraging the buying power of the masses! ... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Foreach
On Jan 18, 2008 5:24 PM, Richard Lynch [EMAIL PROTECTED] wrote: If you are trying to keep the names and orders in parallel you need to do something not unlike: while (list($key, $name) = each($names)){ $order = $orders[$key]; $query = update whatever set order = $order where name = '$name'; } just as a mention; spl has a DualIterator class that would be perfect for this situation. i hesitate to mention it though, since ive not found it in any php version. its there in the doc, but not in actual php; what a shame. http://www.php.net/~helly/php/ext/spl/classDualIterator.html i can only expect well see it in a subsequent version; that there is a reason its not yet made it.. -nathan
Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net
Richard Lynch wrote: You'll also have a VERY tough time trying to ram EU privacy laws through a non-EU court, if Dan is not in the EU... Forcing American law on other people of the world has not been a problem for America, why should it be a problem for the EU? :-( You *know* it's an international list, so you *know* you cannot expect your local laws to apply. If anything the applicable law is most probably that of the country in which the mailserver is located (USA), but local law may perfectly well apply to individual posters. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php