date:20090521

On Wed, 2009-05-20 at 20:23 -0400, PJ wrote:
 Ashley Sheridan wrote:
  On Wed, 2009-05-20 at 19:20 -0400, PJ wrote:

  Ashley Sheridan wrote:
  
  On Wed, 2009-05-20 at 17:47 -0400, PJ wrote:


  Forgot: you can get an idea of what I'm trying to do at
  http://www.chiccantine.com/preview.html
  -- 
  HervÃƒÂ© Kempf: Pour sauver la planÃƒÂ¨te, sortez du capitalisme.
  -
  Phil Jourdan --- p...@ptahhotep.com
 http://www.ptahhotep.com
 http://www.chiccantine.com/andypantry.php
 
 
 
  
  
  The link you gave doesn't exist online, I'm getting a 404. What do you
  mean by a list in columns? Do you want a mysql select to be output as
  several columns of data, or one column per select?


  :-[  sorry bout that... should have checked - was working with my mouth
   not my brain.
 
  It works now. I forgot to upload.
  hadn't thought about how many columns per select... ???
 
  -- 
  HervÃ© Kempf: Pour sauver la planÃ¨te, sortez du capitalisme.
  -
  Phil Jourdan --- p...@ptahhotep.com
 http://www.ptahhotep.com
 http://www.chiccantine.com/andypantry.php
 
 
  
  So you want the sql select to be dumped into a table as it exists in the
  database?
 
  There is  a simple way to do this, if you know which fields are in your
  table, and that is just to use a while loop to iterate your records, and
  then explicitly output each field as you want it. This is the preferred
  way, and how I'd do it if I were you.
 
  print 'table';
  // put column headers here
  $query = query here;
  $result = mysql_query($query);
  while($row = mysql_fetch_array($result))
  {
  print  'tr';
  print td{$row['field1'])/td;
  print td{$row['field2'])/td;
  print td{$row['field3'])/td;
  // etc
  print '/tr';
  }
  print '/table';
 

 Thanks, Ashley,
 So, you're advocating using tables...
 I thought it might be interesting to do the columns with div inline
 and then populate them with the query results. It worked marvellously
 for the navigation layout and I was able to add background and color to
 the product page, regardless which product page we're showing. Quite
 neat, really, and very simple. Anyway, I'm going to try.
 I must be nuts or something like glutton for punishment, but when you
 get it working, it's quite a satisfaction. :-) Thanks again.
 
 -- 
 Hervé Kempf: Pour sauver la planète, sortez du capitalisme.
 -
 Phil Jourdan --- p...@ptahhotep.com
http://www.ptahhotep.com
http://www.chiccantine.com/andypantry.php
 
 
I'm advocating tables on this one, as it is pretty much tabular data.
Use th tags for your column headers and product names, and tds for
the rest. It will be easier to display, but with actually give your
content meaning, especially if you add a table legend, etc.


Ash
www.ashleysheridan.co.uk


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] table-less layouts; Ideas welcome

2009-05-21 Thread Jim Lucas


Since this has been a topic of dicussion, I figured I would add my thoughts.

I have been toying with the idea of doing a table-less layouts involving tabular data, calendars, 
etc...


Recent threads have finally made me do it.  Let me know what you think.

http://www.cmsws.com/examples/templates/div_tables.php
http://www.cmsws.com/examples/templates/div_tables.phps (source for above)
http://www.cmsws.com/examples/templates/div_cal.php

When you turn off the styles, the calendar becomes pretty rough on the eyes, but still 
accessible.

Same thing with the tabular data structure.

But, not knowing how the various types of accessibility applications work, I am guessing that the 
layout to an application trying to read it should work fairly well.  Let me know if I am way off the 
mark with my thoughts.


If you want to respond off list, that if fine by me.

TIA

--
Jim Lucas

   Some men are born to greatness, some achieve greatness,
   and some have greatness thrust upon them.

Twelfth Night, Act II, Scene V
by William Shakespeare

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] table-less layouts; Ideas welcome

2009-05-21 Thread Jim Lucas

Jim Lucas wrote:
Since this has been a topic of dicussion, I figured I would add my
thoughts.

I have been toying with the idea of doing a table-less layouts
involving tabular data, calendars, etc...

Recent threads have finally made me do it. Let me know what you think.

http://www.cmsws.com/examples/templates/div_tables.php
http://www.cmsws.com/examples/templates/div_tables.phps (source for above)
http://www.cmsws.com/examples/templates/div_cal.php

When you turn off the styles, the calendar becomes pretty rough on the
eyes, but still accessible.

Same thing with the tabular data structure.

But, not knowing how the various types of accessibility applications
work, I am guessing that the layout to an application trying to read it
should work fairly well. Let me know if I am way off the mark with my
thoughts.

If you want to respond off list, that if fine by me.

TIA

I forgot to mention that I have checked this in the following browsers all on
Windows XP SP3
IE6
Mozilla Firefox 2.0.0.20
Mozilla Firefox 3.0.10
Safari 4 Public Beta
Opera 9.64

the layout looked exactly the same between all the various browsers.

If you have a different browser then mentioned above and you have a different layout let me know. If
you could get me a screen shot, that would be great.

Thank again.

--
Jim Lucas

Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them.

Twelfth Night, Act II, Scene V
by William Shakespeare

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] table-less layouts; Ideas welcome

2009-05-21 Thread Luke

2009/5/21 Jim Lucas li...@cmsws.com

 Jim Lucas wrote:

 Since this has been a topic of dicussion, I figured I would add my
 thoughts.

 I have been toying with the idea of doing a table-less layouts involving
 tabular data, calendars, etc...

 Recent threads have finally made me do it.  Let me know what you think.

 http://www.cmsws.com/examples/templates/div_tables.php
 http://www.cmsws.com/examples/templates/div_tables.phps (source for
 above)
 http://www.cmsws.com/examples/templates/div_cal.php

 When you turn off the styles, the calendar becomes pretty rough on the
 eyes, but still accessible.

 Same thing with the tabular data structure.

 But, not knowing how the various types of accessibility applications work,
 I am guessing that the layout to an application trying to read it should
 work fairly well.  Let me know if I am way off the mark with my thoughts.

 If you want to respond off list, that if fine by me.

 TIA


 I forgot to mention that I have checked this in the following browsers all
 on Windows XP SP3
IE6
Mozilla Firefox 2.0.0.20
Mozilla Firefox 3.0.10
Safari 4 Public Beta
Opera 9.64

 the layout looked exactly the same between all the various browsers.

 If you have a different browser then mentioned above and you have a
 different layout let me know. If you could get me a screen shot, that would
 be great.

 Thank again.


 --
 Jim Lucas

   Some men are born to greatness, some achieve greatness,
   and some have greatness thrust upon them.

 Twelfth Night, Act II, Scene V
by William Shakespeare

 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php


But you're just using the same design semantic, but coding it in CSS instead
of using table; it even has the same name!

There appears to be nothing wrong with tables when used for the right
reasons - they _are_ there for a reason.

-- 
Luke Slater
http://dinosaur-os.com/
:O)

[PHP] Re: table-less layouts; Ideas welcome

2009-05-21 Thread O. Lavell

Jim Lucas wrote:

 Since this has been a topic of dicussion, I figured I would add my
 thoughts.
 
 I have been toying with the idea of doing a table-less layouts
 involving tabular data, calendars, etc...

Why?

 Recent threads have finally made me do it.  Let me know what you think.
 
 http://www.cmsws.com/examples/templates/div_tables.php
 http://www.cmsws.com/examples/templates/div_tables.phps (source for
 above) http://www.cmsws.com/examples/templates/div_cal.php

Looks clever, but unfortunately it solves a problem which does not exist. 
In other words, and with all due respect: useless.

 When you turn off the styles, the calendar becomes pretty rough on the
 eyes, but still accessible.
 
 Same thing with the tabular data structure.
 
 But, not knowing how the various types of accessibility applications
 work, I am guessing that the layout to an application trying to read it
 should work fairly well.  Let me know if I am way off the mark with my
 thoughts.

Yes. table tags are intended to represent tables. It's as if the 
authors of HTML foresaw a need... ;)

Browsers render them quite well. They are valid in all versions of HTML 
including HTML 5. Why not use them?

The evil of tables is in abusing them for layout purposes. Where entire 
pages are inside tables. Where you find tables inside table cells of 
other tables (I've seen them nested 6, 7 levels, no kidding). It goes 
against fluidity, accessability, maintainability, and everything that's 
sane and right.

Tableless design means you abstain from such table abuse, that you do 
not use tables for enforcing layouts. Not that you get rid of tables 
altogether.



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Really basic PHP questions -- newbie here!

2009-05-21 Thread O. Lavell

Ellen Heitman wrote:

 Hello! I would really appreciate some answers to a few basic questions.
 I have done some research online, but it would greatly help me to get
 direct answers.
 1. If my site needs to be available to many browsers, including those
 that may not be entirely up-to-date, is PHP a safe option? I mean, I
 know that Flash is something people have to have enabled on their
 browsers, but I thought I read that PHP is available to all recent
 browsers as long as the server the site is hosted on supports PHP. Is
 this true?

No, and it's not even wrong, either ;)

PHP is a programming language. You use it to create programs (more 
commonly called scripts) that run on a web server. When a script is 
requested by a browser, the PHP interpreter on the server runs the script 
and only the result is sent back to the browser.

This is a PHP script:

?php
for(i = 0; i  5; i++)
echo pHello world!/p\n;
?

This is what it looks like to the browser:

pHello world!/p
pHello world!/p
pHello world!/p
pHello world!/p
pHello world!/p

There is no need for a browser of any generation to understand PHP, 
because it will never get to see it. Of course, as the PHP programmer you 
must make sure that your scripts' output can be handled by the intended 
clients.

 2. How can I preview my PHP while I'm coding? I'm using TextWrangler. I
 have already followed the installation tutorial here:
 http://foundationphp.com/tutorials/php_leopard.php. The test PHP file
 does work in my Safari browser. However, when I try to preview my .php
 files created in TextWrangler with Safari it doesn't work.

You need to put your PHP files in the web server's home directory, 
probably the same folder where you placed the test file from that 
article, and access them through http. That would look like

http://localhost/yourscript.php

 3. I need something that functions as an iframe. I've been reading that
 include() serves this purpose.

No. Completely different things.

 However, I've found that I have the make
 the content in the iframe the main content and call the things around
 it. I want to do the reverse. I want the other content on the main html
 page in place, and just want to call the text in the frame box. Is this
 doable?

Of course, with include() you can include the content of a file into a 
script file *before* it gets interpreted. But what it looks like in the 
resulting output and whether there is a box or a frame is entirely up to 
you.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Check out system for Shopping Cart

2009-05-21 Thread Vernon St . Croix



Can you please help with my checkout script. I have been getting errors as 
shown below:

Warning:  mysqli_query() expects parameter 1 to be mysqli, object given in 
C:\wamp\www\draft\checkout.php on line 26



Warning:  mysqli_affected_rows() expects parameter 1 to be mysqli, object given 
in C:\wamp\www\draft\checkout.php on line 28



Warning:  mysqli_rollback() expects parameter 1 to be mysqli, object given in 
C:\wamp\www\draft\checkout.php on line 77

System error

Warning:  mysqli_close() expects parameter 1 to be mysqli, object given in 
C:\wamp\www\draft\checkout.php on line 83

for the script

?php

include(mysql.class.php);

include (header.php);



//include (functions.php);

$user = 1;
$total = 178.93;

include (mysql_connect.php);

//Turn off autocommit

//mysql_autocommit($con, FALSE);

//Add orders to the order table

$sql = INSERT INTO orders (user_id, total) VALUES ($user, $total);

$r = mysqli_query($con, $sql);

if (mysqli_affected_rows($con)==1) {

$oid = mysql_insert_id($con);

//Insert the specific order contents into the database

// prepare query

$sql = INSERT INTO order_contents(order_id, id, quantity, price) 

VALUES (?, ?, ?, ?);

$stmt = mysqli_prepare($con, $sql);

mysqli_stmt_bind_param($stmt, 'iiid', $oid, $id, $qty, $price);

//execute each query, count the total affected:

$affected = 0;

foreach ($_SESSION['cart'] as $id = $item){

$qty = $item['quantity'];
$price = $item['price'];

mysqli_stmt_execute($stmt);

$affected += mysqli_stmt_affected_rows($stmt);

}

mysqli_stmt_close($stmt);

if ($affected ==count($_SESSION['cart'])) {

mysqli_commit($con);

echo'Thank you for your order';

}else{

mysqli_rollback($con);

echo'Your order could not be processed';

}

}else{

mysqli_rollback($con);

echo'System error';

}

mysqli_close($con);



include (footer.html);


?

Many Thanks




VEE
VEE



_
View your Twitter and Flickr updates from one place – Learn more!
http://clk.atdmt.com/UKM/go/137984870/direct/01/-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP5 based Web-Chat?

2009-05-21 Thread Michelle Konzack

Hello,

I like to install a forum for my customers and additional a  PHP5  based
Web-Chat system with publich and private chatrooms.

What can you recommend?

Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
Tamay Dogan Network
Debian GNU/Linux Consultant

-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
# Debian GNU/Linux Consultant #
http://www.tamay-dogan.net/ Michelle Konzack
http://www.can4linux.org/   Apt. 917
http://www.flexray4linux.org/   50, rue de Soultz
Jabber linux4miche...@jabber.ccc.de   67100 Strasbourg/France
IRC #Debian (irc.icq.com) Tel. DE: +49 177 9351947
ICQ #328449886Tel. FR: +33  6  61925193


signature.pgp
Description: Digital signature

[PHP] Re: PHP5 based Web-Chat?


Michelle Konzack wrote:

Hello,

I like to install a forum for my customers and additional a  PHP5  based
Web-Chat system with publich and private chatrooms.

What can you recommend?



Nothing :D - anything php based would involve polling which will kill 
any server when trying to create a realtime chat environment
(1 request per second per chatter + 1 for each message send + normal 
hits) - so say 30 chatters and you have at a minimum 30 requests per 
second with all the weight and db hits they involve.


in all honesty I'd recommend using openfire together with sparkweb or a 
custom client - that combo is premade, feature packed, opensource and 
can easily handle circa 50k users in realtime per server (connections 
and things aside). Additionally its a proper jabber server so you can 
have desktop clients, mods and of course full featured IM with custom 
addresses, openid and integrated in with yahoo, gtalk, msn, aol, 
*whatever* accounts as well.


going down the php route is a complete waste of time imho (unless you 
are creating a custom php socket server which bypasses apache, 
implementing XMPP and connecting in the users client via flash, flex or 
a java client)


yours, not of a very strong opinion, nathan

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE

2009-05-21 Thread Sumit Sharma

Hi,

I am designing a php website for my client which interact with database.
This is my first project for any client (I hope he is not reading this mail
;-)  ). I am a bit more concerned with database security. Can somebody shed
some light on the security measurements, precautions, and functions related
to database security in general to make sure that the data is safely stored
updated and retried from database. I have already used htmlentities(),
strip_tags(), addhashes(), and some regular expressions to check security.
Looking for help beyond this.


Thanks in advance...
Sumit

[PHP] MYSQL 5 auto increment not working

2009-05-21 Thread Leidago !Noabeb

Hi All


I know this is not strictly a PHP question, but i have a problem whenever i
insert a record using PHP. Basically the auto increment field does not work
at all. Here's the structure of the table that i'm using:

CREATE TABLE `children` (
  `cid` int(4) NOT NULL auto_increment,
  `cname` char(50) default NULL,
  `csname` char(50) default NULL,
  PRIMARY KEY  (`cid`)
) ENGINE=InnoDB

I use PHP 5.1 and MYSQL 5

I'm pretty sure the code i use to insert the data is sound since i've tested
it with older versions of MYSQL.

Has anyone else had similar problems?

Re: [PHP] MYSQL 5 auto increment not working

2009-05-21 Thread Bruno Fajardo

2009/5/21 Leidago !Noabeb leid...@googlemail.com

 Hi All


 I know this is not strictly a PHP question, but i have a problem whenever i
 insert a record using PHP. Basically the auto increment field does not work
 at all. Here's the structure of the table that i'm using:

 CREATE TABLE `children` (
  `cid` int(4) NOT NULL auto_increment,
  `cname` char(50) default NULL,
  `csname` char(50) default NULL,
  PRIMARY KEY  (`cid`)
 ) ENGINE=InnoDB

 I use PHP 5.1 and MYSQL 5

 I'm pretty sure the code i use to insert the data is sound since i've
 tested
 it with older versions of MYSQL.

 Has anyone else had similar problems?


Did you left empty the field `cid` (PK) in your INSERT statement?

Re: [PHP] Check out system for Shopping Cart

2009-05-21 Thread Lex Braun

On Thu, May 21, 2009 at 7:32 AM, Vernon St.Croix vstcr...@hotmail.comwrote:

 *Warning*: mysqli_query() expects parameter 1 to be mysqli, object given
 in *C:\wamp\www\draft\checkout.php* on line *26*

 ***for the script

 ?php

 include(mysql.class.php);

 include (header.php);



 //include (functions.php);

 $user = 1;
 $total = 178.93;

 include (mysql_connect.php);

 //Turn off autocommit

 //mysql_autocommit($con, FALSE);

 //Add orders to the order table

 $sql = INSERT INTO orders (user_id, total) VALUES ($user, $total);

 $r = mysqli_query($con, $sql);*


The warning message is saying that it's expecting the first parameter you
passed in mysqli_query() to be a mysqli link identifier, i.e., that the
variable $con used in the line above be your connection to the database.
Somewhere before this function call, you need to set $con:

$con = *mysqli_connect* ($host, $username, $passwd, $dbname);

-- Lex

Re: [PHP] MYSQL 5 auto increment not working

2009-05-21 Thread Per Jessen

Leidago !Noabeb wrote:

 Hi All
 
 I know this is not strictly a PHP question, but i have a problem
 whenever i insert a record using PHP. Basically the auto increment
 field does not work at all. Here's the structure of the table that i'm
 using:
 
 CREATE TABLE `children` (
   `cid` int(4) NOT NULL auto_increment,
   `cname` char(50) default NULL,
   `csname` char(50) default NULL,
   PRIMARY KEY  (`cid`)
 ) ENGINE=InnoDB
 
 I use PHP 5.1 and MYSQL 5

I've just tried creating that table and doing a few inserts - works just
fine here - mysql 5.0.26.


/Per


-- 
Per Jessen, Zürich (26.7°C)


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: MYSQL 5 auto increment not working


Leidago !Noabeb wrote:

Hi All


I know this is not strictly a PHP question, but i have a problem whenever i
insert a record using PHP. Basically the auto increment field does not work
at all. Here's the structure of the table that i'm using:

CREATE TABLE `children` (
  `cid` int(4) NOT NULL auto_increment,
  `cname` char(50) default NULL,
  `csname` char(50) default NULL,
  PRIMARY KEY  (`cid`)
) ENGINE=InnoDB

I use PHP 5.1 and MYSQL 5

I'm pretty sure the code i use to insert the data is sound since i've tested
it with older versions of MYSQL.

Has anyone else had similar problems?



*works for me*

check cid is empty in your insert statement
check you haven't hit  rows, seeing as you are using int 4
drop and recreate the table (or truncate)

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] product listing columns

2009-05-21 Thread Tom Worster

On 5/21/09 3:05 AM, Ashley Sheridan a...@ashleysheridan.co.uk wrote:

 I'm advocating tables on this one, as it is pretty much tabular data.

i too would put a table of product data in an html table.



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: table-less layouts; Ideas welcome

2009-05-21 Thread Tom Worster

On 5/21/09 5:06 AM, O. Lavell olav...@xs4all.nl wrote:

 Jim Lucas wrote:
 
 Since this has been a topic of dicussion, I figured I would add my
 thoughts.
 
 I have been toying with the idea of doing a table-less layouts
 involving tabular data, calendars, etc...
 
 Why?

it's a zen practice.



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: PHP5 based Web-Chat?

2009-05-21 Thread Michelle Konzack

Hello Nathan,

Am 2009-05-21 13:44:38, schrieb Nathan Rixham:
 Nothing :D

grmpf

 - anything php based would involve polling which will kill  
 any server when trying to create a realtime chat environment
 (1 request per second per chatter + 1 for each message send + normal  
 hits) - so say 30 chatters and you have at a minimum 30 requests per  
 second with all the weight and db hits they involve.

if you check http://chat.tchatche.com/ then you will see, they  refesh
only all 5-8 seconds.  Currently I have encountered a maximum  of  ~4800
users connected at once. I am already trying a small thing with 5 frames
imitating the above website and already used it with 10 clients at  once
which work on a Quad-Xeon (P3/550MHz/768MByte) on  a  2.5 MBit  Internet
connection.

 in all honesty I'd recommend using openfire together with sparkweb or a  
 custom client - that combo is premade, feature packed, opensource and  
 can easily handle circa 50k users in realtime per server (connections  
 and things aside). Additionally its a proper jabber server so you can  
 have desktop clients, mods and of course full featured IM with custom  
 addresses, openid and integrated in with yahoo, gtalk, msn, aol,  
 *whatever* accounts as well.

I have a Jabber Server (Package jabber; Debian Distribution) installed
but no one want to use it...  Pidgin is working perfectly with it and is
available on ALL Operating Systems.

However, I need a Webinterface where People can connect to others een if
they have NO Laptop/Smartphone  with them.

Is there a USER Web-Interface to Jabber?

 going down the php route is a complete waste of time imho (unless you  
 are creating a custom php socket server which bypasses apache,  
 implementing XMPP and connecting in the users client via flash, flex or  
 a java client)

I was thinking on a Flash/Java solution too, but I do  not  know  HOW TO
create this Flash-Stuff and do not even code Java.

 yours, not of a very strong opinion, nathan

Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
Tamay Dogan Network
Debian GNU/Linux Consultant

-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
# Debian GNU/Linux Consultant #
http://www.tamay-dogan.net/ Michelle Konzack
http://www.can4linux.org/   Apt. 917
http://www.flexray4linux.org/   50, rue de Soultz
Jabber linux4miche...@jabber.ccc.de   67100 Strasbourg/France
IRC #Debian (irc.icq.com) Tel. DE: +49 177 9351947
ICQ #328449886Tel. FR: +33  6  61925193


signature.pgp
Description: Digital signature

Fwd: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE

2009-05-21 Thread Sumit Sharma

One more thing, should I use @ for security purpose or not so that the use
can reply me with the errors so that I can troubleshoot the problem more
effectively.

Sumit

-- Forwarded message --
From: Ashley Sheridan a...@ashleysheridan.co.uk
Date: Thu, May 21, 2009 at 6:36 PM
Subject: Re: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE
To: Sumit Sharma sumitp...@gmail.com
Cc: php-general@lists.php.net

On Thu, 2009-05-21 at 18:22 +0530, Sumit Sharma wrote:
 Hi,

 I am designing a php website for my client which interact with database.
 This is my first project for any client (I hope he is not reading this
mail
 ;-)  ). I am a bit more concerned with database security. Can somebody
shed
 some light on the security measurements, precautions, and functions
related
 to database security in general to make sure that the data is safely
stored
 updated and retried from database. I have already used htmlentities(),
 strip_tags(), addhashes(), and some regular expressions to check security.
 Looking for help beyond this.

 Thanks in advance...
 Sumit

I'd advise using something like mysql_real_escape_string() (assuming you
are using a MySQL database that is) on each variable of data before you
insert it into the database. You could go further and validate specific
data, so check that a field which you expect a number only contains a
number, etc.

Ash
www.ashleysheridan.co.uk

Re: [PHP] table-less layouts; Ideas welcome

2009-05-21 Thread Paul M Foster

On Thu, May 21, 2009 at 01:02:07AM -0700, Jim Lucas wrote:

 Since this has been a topic of dicussion, I figured I would add my 
 thoughts.

 I have been toying with the idea of doing a table-less layouts involving
 tabular data, calendars,
 etc...

 Recent threads have finally made me do it.  Let me know what you think.

 http://www.cmsws.com/examples/templates/div_tables.php
 http://www.cmsws.com/examples/templates/div_tables.phps (source for above)
 http://www.cmsws.com/examples/templates/div_cal.php

 When you turn off the styles, the calendar becomes pretty rough on the 
 eyes,
 but still accessible.

 Same thing with the tabular data structure.

 But, not knowing how the various types of accessibility applications work,
 I am guessing that the
 layout to an application trying to read it should work fairly well.
 Let me know if I am way off the
 mark with my thoughts.

 If you want to respond off list, that if fine by me.

I have to agree with the other responders, that in both these cases, I
think even W3C would agree that tables are the proper matrix for what
you're doing. In fact, if styles were turned off, putting them in tables
would have them still display properly.

But for the record, this was good work. They look nice. ;-}

Paul

-- 
Paul M. Foster

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Fwd: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE

On Thu, 2009-05-21 at 19:17 +0530, Sumit Sharma wrote:
 One more thing, should I use @ for security purpose or not so that the use
 can reply me with the errors so that I can troubleshoot the problem more
 effectively.
 
 
 Sumit
 
 -- Forwarded message --
 From: Ashley Sheridan a...@ashleysheridan.co.uk
 Date: Thu, May 21, 2009 at 6:36 PM
 Subject: Re: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE
 To: Sumit Sharma sumitp...@gmail.com
 Cc: php-general@lists.php.net
 
 
 On Thu, 2009-05-21 at 18:22 +0530, Sumit Sharma wrote:
  Hi,
 
  I am designing a php website for my client which interact with database.
  This is my first project for any client (I hope he is not reading this
 mail
  ;-)  ). I am a bit more concerned with database security. Can somebody
 shed
  some light on the security measurements, precautions, and functions
 related
  to database security in general to make sure that the data is safely
 stored
  updated and retried from database. I have already used htmlentities(),
  strip_tags(), addhashes(), and some regular expressions to check security.
  Looking for help beyond this.
 
 
  Thanks in advance...
  Sumit
 
 I'd advise using something like mysql_real_escape_string() (assuming you
 are using a MySQL database that is) on each variable of data before you
 insert it into the database. You could go further and validate specific
 data, so check that a field which you expect a number only contains a
 number, etc.
 
 
 Ash
 www.ashleysheridan.co.uk


I'd avoid using @ in favour of turning the errors off in your php.ini
or .htaccess, as there's no chance of you missing a statement here or
there.  It's generally accepted practice to have errors and warnings
turned off on a live server, and to only use them on development
servers.


Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] table-less layouts; Ideas welcome

2009-05-21 Thread tedd


At 1:02 AM -0700 5/21/09, Jim Lucas wrote:

Since this has been a topic of dicussion, I figured I would add my thoughts.

I have been toying with the idea of doing a table-less layouts 
involving tabular data, calendars, etc...


Recent threads have finally made me do it.  Let me know what you think.

http://www.cmsws.com/examples/templates/div_tables.php
http://www.cmsws.com/examples/templates/div_tables.phps (source for above)
http://www.cmsws.com/examples/templates/div_cal.php


Any source for the above?  :-)

Your work, as always, is top-notch.

I've tested both your table and calendar in other browsers and they 
work quite well-- congratulations.


My thoughts are -- my understanding the reason why tables have 
received such bad-press is that designers have abused tables in 
holding designs together with nested tables AND in doing so made it 
difficult for the visually disabled to pull content from the site. 
Screen readers do not read the screen but rather read the source and 
pull out of it what they (the screen reader program) think is 
content. Translating nested tables becomes an impossible job for them.


In that light, if one compares your code with the amount of code to 
do this with tables, I don't see much difference.


With tables, one uses tr and td whereas your code uses div 
class=table_tr and  div class=table_td -- while you do it 
nicely, I really don't see much difference in structure or verbosity.


Furthermore, styling your table as compared to a standard table is 
nearly identical -- I don't see an advantage to either.


Additionally, and not of your doing, even the new css tables don't 
solve this verbosity problem but instead offer more difficulties for 
browsers -- such as Safari doesn't understand caption-side correctly.


In any event, I wouldn't mind seeing the php that creates your 
calendar. I'm working on a project at the moment where I need to 
review week, month, two-month, and three-month displays.


Cheers,

tedd

--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: Fwd: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA INDATABASE

2009-05-21 Thread bruce

if you really want to get to the real low level details of an app...

unless you're dealing with an app that's seriously crunching, and extremely
sensitive to returning data to the user's browser in a timely manner, you
should write all replies back to a db/tbl... this would allow you as the
developer to have a complete trek of the actions/paths (to an extent) for
any potential debugging issue.



-Original Message-
From: Ashley Sheridan [mailto:a...@ashleysheridan.co.uk]
Sent: Thursday, May 21, 2009 7:00 AM
To: Sumit Sharma
Cc: php-general@lists.php.net
Subject: Re: Fwd: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA
INDATABASE


On Thu, 2009-05-21 at 19:17 +0530, Sumit Sharma wrote:
 One more thing, should I use @ for security purpose or not so that the use
 can reply me with the errors so that I can troubleshoot the problem more
 effectively.


 Sumit

 -- Forwarded message --
 From: Ashley Sheridan a...@ashleysheridan.co.uk
 Date: Thu, May 21, 2009 at 6:36 PM
 Subject: Re: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE
 To: Sumit Sharma sumitp...@gmail.com
 Cc: php-general@lists.php.net


 On Thu, 2009-05-21 at 18:22 +0530, Sumit Sharma wrote:
  Hi,
 
  I am designing a php website for my client which interact with database.
  This is my first project for any client (I hope he is not reading this
 mail
  ;-)  ). I am a bit more concerned with database security. Can somebody
 shed
  some light on the security measurements, precautions, and functions
 related
  to database security in general to make sure that the data is safely
 stored
  updated and retried from database. I have already used htmlentities(),
  strip_tags(), addhashes(), and some regular expressions to check
security.
  Looking for help beyond this.
 
 
  Thanks in advance...
  Sumit

 I'd advise using something like mysql_real_escape_string() (assuming you
 are using a MySQL database that is) on each variable of data before you
 insert it into the database. You could go further and validate specific
 data, so check that a field which you expect a number only contains a
 number, etc.


 Ash
 www.ashleysheridan.co.uk


I'd avoid using @ in favour of turning the errors off in your php.ini
or .htaccess, as there's no chance of you missing a statement here or
there.  It's generally accepted practice to have errors and warnings
turned off on a live server, and to only use them on development
servers.


Ash
www.ashleysheridan.co.uk


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Shared memory - linx and PHP newbie

2009-05-21 Thread Richard W

Hi

I have a query regarding shared memory created under Linux and then
accessing it by PHP script.

For my application, I have created a shared memory block in Debian Linux
using the shm_open(..), ftruncate(...) and mmap(...) function calls.

The shared memory block is of size 6304 bytes long. It is store 197 strings
of 32 characters long. I am confident that the shared memory block is
correctly created because when I go navigate to the /shm directory I
find the shared memory block called /program.SCShared present and it is of
size 6304 bytes. In addition to that, I have also written some strings to to
the shared memory, where each string starts at every 32 bytes. I have
verified that I can read these strings back successfully.

What I would like to do now is have some PHP script to read the strings out
of the shared memory so the strings can be displayed on a web page.

From what I can gather from the PHP web site, it appears that I need to use
the shared memory functions as given in
http://au.php.net/manual/en/ref.shmop.php.

Specifically, since my strings start at 32-byte boundaries, the function:


string *shmop_read* ( int $shmid , int $start , int $count);

seems to be the ideal read routine to use. For example, if I want to read
the third string, I believe i write:


$shm_data = shmop_read($shmid, 64, 32);


Below is my code:

==

?php

$shm_key = ftok(/dev/shm/program.SCShared, 't');

if ($shm_key  0)
{
echo ftok failed\n;
}

$shm_id = shmop_open ($shm_key,w,0,0);

if (!empty($shm_id))
{
echo \n Shared memory exists;
}
else
{
echo \n Shared memory doesnt exists;
}

$shm_size = shmop_size ($shm_id);

echo \n the size of shared memory is $shm_size;

$shm_data = shmop_read($shm_id, 0, 32);

$shm_data = unserialize($shm_data);

echo \n read is $shm_data;

$i = strpos($shm_data, \0);

if ($i === false)
{
echo \n String is NULL;
}
else
{
$result = substr($shm_data, 3904, $i);

print_r($result);
}

shmop_close($shm_id);

echo \nDetached from shared memory;

?


==

Running this script shows, it appears that I'm connecting to my shared
memory /dev/shm/program.SCShared because Shared memory exists is
displayed.

However, I get the following which I would like some help with:

1) The size of the memory block is returning 1 and not 6304 bytes as
expected. I believe 1 is the default size if the memory block is created
from scratch using *shm_attach. Does the same apply to shmop_open. If so,
why is it being created?*

2) The call $shm_data = shmop_read($shm_id, 0, 32), which reads the first
string, returns no result. Does any know why this is the case when I know
that there is a string there because I have added it there using some C
code.

3) Is there another way I can access these strings without using the
shmop_blah routines? I have tried using shm_attach(...), shm_get_var(...),
but this seems to be too hard because it requires variable keys. Should I be
using MySQL?

Any help will be greatly appreciated, especially answering 2) as to why I
can't read the data.

Regards,
Richard.

Re: [PHP] Re: MYSQL 5 auto increment not working

2009-05-21 Thread Bastien Koert

On Thu, May 21, 2009 at 9:34 AM, Nathan Rixham nrix...@gmail.com wrote:

 Leidago !Noabeb wrote:

 Hi All


 I know this is not strictly a PHP question, but i have a problem whenever
 i
 insert a record using PHP. Basically the auto increment field does not
 work
 at all. Here's the structure of the table that i'm using:

 CREATE TABLE `children` (
  `cid` int(4) NOT NULL auto_increment,
  `cname` char(50) default NULL,
  `csname` char(50) default NULL,
  PRIMARY KEY  (`cid`)
 ) ENGINE=InnoDB

 I use PHP 5.1 and MYSQL 5

 I'm pretty sure the code i use to insert the data is sound since i've
 tested
 it with older versions of MYSQL.

 Has anyone else had similar problems?


 *works for me*

 check cid is empty in your insert statement
 check you haven't hit  rows, seeing as you are using int 4
 drop and recreate the table (or truncate)

 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php


openfire is something you may want to look at...it has a flash client in
there somewhere...also i believe you can find FLEX based IM chat code that
you can use

-- 

Bastien

Cat, the other other white meat

Re: [PHP] Shared memory - linx and PHP newbie

2009-05-21 Thread Daniel Brown

On Thu, May 21, 2009 at 10:15, Richard W rw180...@gmail.com wrote:

 Any help will be greatly appreciated, especially answering 2) as to why I
 can't read the data.

Are you certain that the problem lies within the shmop reading?
Check to see if the file is actually being accessed properly, the key
is good from your ftok(), etc.  You may also want to make sure that
things as basic as permissions and 'who created' vs. 'who can read'
(since you're trying to run it from the web server) match up
appropriately.

With just a cursory glance, the shmop_read() piece itself looks
fine, which suggests to me that there may be other problems.  See if
the logs spit anything out, or try to debug the things with an `or
die(Here's the error.\n);` tacked onto the end of the suspected
lines.  If it's crashing out, consider a cachegrind or
debug_backtrace() run.

As for the memory being read, I'd agree that it does seem that it
is, since shm_open() is returning something other than FALSE, but that
doesn't mean that it's `=== TRUE` either.  It may instead be returning
a message or another unexpected result that, in empty(), may evaluate
to TRUE and allow it to echo out the message in your test condition.

-- 
/Daniel P. Brown
daniel.br...@parasane.net || danbr...@php.net
http://www.parasane.net/ || http://www.pilotpig.net/
50% Off All Shared Hosting Plans at PilotPig: Use Coupon DOW1

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: PHP5 based Web-Chat?


Michelle Konzack wrote:

Hello Nathan,

Am 2009-05-21 13:44:38, schrieb Nathan Rixham:

Nothing :D


grmpf

- anything php based would involve polling which will kill  
any server when trying to create a realtime chat environment
(1 request per second per chatter + 1 for each message send + normal  
hits) - so say 30 chatters and you have at a minimum 30 requests per  
second with all the weight and db hits they involve.


if you check http://chat.tchatche.com/ then you will see, they  refesh
only all 5-8 seconds.  Currently I have encountered a maximum  of  ~4800
users connected at once. I am already trying a small thing with 5 frames
imitating the above website and already used it with 10 clients at  once
which work on a Quad-Xeon (P3/550MHz/768MByte) on  a  2.5 MBit  Internet
connection.

in all honesty I'd recommend using openfire together with sparkweb or a  
custom client - that combo is premade, feature packed, opensource and  
can easily handle circa 50k users in realtime per server (connections  
and things aside). Additionally its a proper jabber server so you can  
have desktop clients, mods and of course full featured IM with custom  
addresses, openid and integrated in with yahoo, gtalk, msn, aol,  
*whatever* accounts as well.


I have a Jabber Server (Package jabber; Debian Distribution) installed
but no one want to use it...  Pidgin is working perfectly with it and is
available on ALL Operating Systems.

However, I need a Webinterface where People can connect to others een if
they have NO Laptop/Smartphone  with them.

Is there a USER Web-Interface to Jabber?

going down the php route is a complete waste of time imho (unless you  
are creating a custom php socket server which bypasses apache,  
implementing XMPP and connecting in the users client via flash, flex or  
a java client)


I was thinking on a Flash/Java solution too, but I do  not  know  HOW TO
create this Flash-Stuff and do not even code Java.


yours, not of a very strong opinion, nathan




hi - there is a load of really high quality open source flash (well as3) 
stuff, really you want to be using the ignite realtime / jive stuff


http://www.igniterealtime.org/projects/index.jsp

its all java and flash and open source.

openfire is a 2 minute install and all web based interfaces for admin - 
v good java server


sparkweb is a flex based web interface thats v good, has chat and im in 
it, again you just upload it and your done


xiff api is the as3 framework for flex and it's v good - it use it on a 
few sites and its so light its unreal + instant / realtime.


it's not worth bastardizing these old techs when you can have the 
cutting edge stuff set up in minutes (hours the first time). Even if you 
customise the ass off it and use a bespoke front end in flex / flash, 
you are still going to be much faster than the php route and a MUCH 
better end product that's light on the server.



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Azure SDK for PHP

2009-05-21 Thread haliphax

Microsoft's Azure cloud computing framework has now been exposed to
PHP. I haven't tested any of the features myself, but it seems like a
pretty interesting (and leverage-able) concept to work with... figured
I'd pass the word along.

http://phpazure.codeplex.com/


-- 
// Todd

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] table-less layouts; Ideas welcome

Ashley Sheridan wrote:
  Tedd, I've got a fairly simple calendar script in PHP here
 http://www.ashleysheridan.co.uk/coding.php?group=phparticle=coding_php_calendar.php
  which could be adapted fairly easily with the right tweaks.
 
 
 Ash
 www.ashleysheridan.co.uk
 

I cant get the calendar on your site to do anything.  No links and
clicks do nothing.  FF 3.0.10 / Ubuntu.

-- 
Thanks!
-Shawn
http://www.spidean.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] table-less layouts; Ideas welcome

On Thu, 2009-05-21 at 10:44 -0500, Shawn McKenzie wrote:
 Ashley Sheridan wrote:
   Tedd, I've got a fairly simple calendar script in PHP here
  http://www.ashleysheridan.co.uk/coding.php?group=phparticle=coding_php_calendar.php
   which could be adapted fairly easily with the right tweaks.
  
  
  Ash
  www.ashleysheridan.co.uk
  
 
 I cant get the calendar on your site to do anything.  No links and
 clicks do nothing.  FF 3.0.10 / Ubuntu.
 
 -- 
 Thanks!
 -Shawn
 http://www.spidean.com
 
Well, yeah, there isn't any events or anything attached to any day! Like
I said, easy enough to tweak and output a link on a particular date that
matches something in the database.


Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] table-less layouts; Ideas welcome

2009-05-21 Thread Eddie Drapkin

Yeah, it doesn't work here, either.

On Thu, May 21, 2009 at 11:44 AM, Shawn McKenzie nos...@mckenzies.netwrote:

 Ashley Sheridan wrote:
   Tedd, I've got a fairly simple calendar script in PHP here
 
 http://www.ashleysheridan.co.uk/coding.php?group=phparticle=coding_php_calendar.phpwhich
  could be adapted fairly easily with the right tweaks.
 
 
  Ash
  www.ashleysheridan.co.uk
 

 I cant get the calendar on your site to do anything.  No links and
 clicks do nothing.  FF 3.0.10 / Ubuntu.

 --
 Thanks!
 -Shawn
 http://www.spidean.com

 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Azure SDK for PHP


haliphax wrote:

Microsoft's Azure cloud computing framework has now been exposed to
PHP. I haven't tested any of the features myself, but it seems like a
pretty interesting (and leverage-able) concept to work with... figured
I'd pass the word along.

http://phpazure.codeplex.com/



cheers for that - looks interesting, even if only for awareness sakes

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] table-less layouts; Ideas welcome

Ashley Sheridan wrote:
 On Thu, 2009-05-21 at 10:44 -0500, Shawn McKenzie wrote:
 Ashley Sheridan wrote:
   Tedd, I've got a fairly simple calendar script in PHP here
 http://www.ashleysheridan.co.uk/coding.php?group=phparticle=coding_php_calendar.php
  which could be adapted fairly easily with the right tweaks.


 Ash
 www.ashleysheridan.co.uk

 I cant get the calendar on your site to do anything.  No links and
 clicks do nothing.  FF 3.0.10 / Ubuntu.

 -- 
 Thanks!
 -Shawn
 http://www.spidean.com

 Well, yeah, there isn't any events or anything attached to any day! Like
 I said, easy enough to tweak and output a link on a particular date that
 matches something in the database.
 
 
 Ash
 www.ashleysheridan.co.uk
 

OK, sorry.  I thought it was supposed to do something.  Nice never the less.

-- 
Thanks!
-Shawn
http://www.spidean.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] table-less layouts; Ideas welcome

2009-05-21 Thread Eddie Drapkin

I'd be more fond of unrolling some of those loops and feeding the data into
a proper template than tweaking what looks like really half-arsed code.

On Thu, May 21, 2009 at 11:57 AM, Ashley Sheridan
a...@ashleysheridan.co.ukwrote:

 On Thu, 2009-05-21 at 10:44 -0500, Shawn McKenzie wrote:
  Ashley Sheridan wrote:
Tedd, I've got a fairly simple calendar script in PHP here
  
 http://www.ashleysheridan.co.uk/coding.php?group=phparticle=coding_php_calendar.phpwhich
  could be adapted fairly easily with the right tweaks.
  
  
   Ash
   www.ashleysheridan.co.uk
  
 
  I cant get the calendar on your site to do anything.  No links and
  clicks do nothing.  FF 3.0.10 / Ubuntu.
 
  --
  Thanks!
  -Shawn
  http://www.spidean.com
 
 Well, yeah, there isn't any events or anything attached to any day! Like
 I said, easy enough to tweak and output a link on a particular date that
 matches something in the database.


 Ash
 www.ashleysheridan.co.uk


 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP class question

2009-05-21 Thread Peter van der Does

I have the following situation.

I wrote some software and split it up into functionality:

class core {
  function go{
  }
}

class A extends core {
  // PHP4 constructor
  function A {
$this-go();
  }

}

class B extends core {
}

In core I define functions and variables that are to be used
through out my program and to address those functions/variables I just
use $this- .

Now I ran into a situation where class A needs to be extended with
another class. This is not my choice, it's part of a framework I have
to use.

Currently I solved this by doing this:

class A extends framework_class {
  $var core;

  // PHP4 constructor
  function A {
$this-core = new core();
$this-core-go();
  }
}

The question I have, is this a good solution, is it the only solution
or are there different ways to tackle this?
As you might see it needs to run in PHP4.

-- 
Peter van der Does

GPG key: E77E8E98
IRC: Ganseki on irc.freenode.net
Blog: http://blog.avirtualhome.com
Forums: http://forums.avirtualhome.com
Jabber ID: pvanderd...@gmail.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: table-less layouts; Ideas welcome

2009-05-21 Thread Daniele Grillenzoni


On 21/05/2009 10.02, Jim Lucas wrote:

Since this has been a topic of dicussion, I figured I would add my
thoughts.

I have been toying with the idea of doing a table-less layouts
involving tabular data, calendars, etc...

Recent threads have finally made me do it. Let me know what you think.

http://www.cmsws.com/examples/templates/div_tables.php
http://www.cmsws.com/examples/templates/div_tables.phps (source for above)
http://www.cmsws.com/examples/templates/div_cal.php

When you turn off the styles, the calendar becomes pretty rough on the
eyes, but still accessible.

Same thing with the tabular data structure.

But, not knowing how the various types of accessibility applications
work, I am guessing that the layout to an application trying to read it
should work fairly well. Let me know if I am way off the mark with my
thoughts.

If you want to respond off list, that if fine by me.

TIA

Table-less html is a silly idea. Semantic html where tables represent 
tables makes sense instead. A calendar IS a table, semantically 
speaking, so emulating it with css-p is useless torture.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] table-less layouts; Ideas welcome

On Thu, 2009-05-21 at 12:14 -0400, Eddie Drapkin wrote:
 I'd be more fond of unrolling some of those loops and feeding the data into
 a proper template than tweaking what looks like really half-arsed code.
 
 On Thu, May 21, 2009 at 11:57 AM, Ashley Sheridan
 a...@ashleysheridan.co.ukwrote:
 
  On Thu, 2009-05-21 at 10:44 -0500, Shawn McKenzie wrote:
   Ashley Sheridan wrote:
 Tedd, I've got a fairly simple calendar script in PHP here
   
  http://www.ashleysheridan.co.uk/coding.php?group=phparticle=coding_php_calendar.phpwhich
   could be adapted fairly easily with the right tweaks.
   
   
Ash
www.ashleysheridan.co.uk
   
  
   I cant get the calendar on your site to do anything.  No links and
   clicks do nothing.  FF 3.0.10 / Ubuntu.
  
   --
   Thanks!
   -Shawn
   http://www.spidean.com
  
  Well, yeah, there isn't any events or anything attached to any day! Like
  I said, easy enough to tweak and output a link on a particular date that
  matches something in the database.
 
 
  Ash
  www.ashleysheridan.co.uk
 
 
  --
  PHP General Mailing List (http://www.php.net/)
  To unsubscribe, visit: http://www.php.net/unsub.php
 
 
How do you mean feeding it into a proper template?


Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] table-less layouts; Ideas welcome

2009-05-21 Thread Lists


Jim Lucas wrote:

Jim Lucas wrote:
Since this has been a topic of dicussion, I figured I would add my 
thoughts.


I have been toying with the idea of doing a table-less layouts 
involving tabular data, calendars, etc...


Recent threads have finally made me do it.  Let me know what you think.



Hi Jim,

I personally like these kinds of experiments. One thing people are not
mentioning is that you now have greater and more efficient control over 
the look and feel of your layouts.


My only suggestion is maybe shorter naming conventions. :-)
That is because I type all day, and each character ends up weighing
into the time it takes to develop stuff.. (so 'table_th' could become
't_th', or even 't_h'). If you are going for easy to to read, then 
nevermind on this..

it's just a personal preference. ;-)

Donovan


--
  =o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o
  D. BROOKE   EUCA Design Center
   WebDNA Software Corp.
  WEB: http://www.euca.us  |   http://www.webdna.us
  =o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o
  WebDNA: [** Square Bracket Utopia **]

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Check out system for Shopping Cart

2009-05-21 Thread Lex Braun

Vernon,

CC messages to php-general to keep responses on-list. See my comments
inline.

On Thu, May 21, 2009 at 12:06 PM, Vernon St.Croix vstcr...@hotmail.comwrote:


 I have amended as you advised and the mysqli errors are now gone. Thanks
 for that.

 I however have another one I can't get rid of:


 *Warning*: Invalid argument supplied for foreach() in *
 C:\wamp\www\draft\checkout.php* on line *53*
 Your order could not be processed.


 *checkout.php*

 ?php


code snipped



 include (mysql_connect.php);

 //Turn off autocommit


 $con = mysqli_connect (localhost, root, , rum);


 mysqli_autocommit($con, FALSE);

 //Add orders to the order table

 $sql = INSERT INTO orders (user_id, total) VALUES ($user, $total);

 $r = mysqli_query($con, $sql);


code snipped


  *   foreach ($_SESSION['cart'] as $id = $item){*

 $qty = $item['quantity'];
 $price = $item['price'];

 mysqli_stmt_execute($stmt);

 $affected += mysqli_stmt_affected_rows($stmt);

 }


The reason you're getting this warning is that foreach is expecting
$_SESSION['cart'] to be an array.  Do a print_r() or var_dump() of
$_SESSION['cart'] to see what is actually being passed to the function.

mysqli_stmt_close($stmt);

 if ($affected ==count($_SESSION['cart'])) {

 mysqli_commit($con);

 echo'Thank you for your order';

 }else{

 mysqli_rollback($con);

 echo'Your order could not be processed';

 }

 }else{

 mysqli_rollback($con);

 echo'System error';

 }

 mysqli_close($con);




 include (footer.html);


 ?


 VEE


-- Lex

[PHP] Re: PHP class question


Peter van der Does wrote:

I have the following situation.

I wrote some software and split it up into functionality:

class core {
  function go{
  }
}

class A extends core {
  // PHP4 constructor
  function A {
$this-go();
  }

}

class B extends core {
}

In core I define functions and variables that are to be used
through out my program and to address those functions/variables I just
use $this- .

Now I ran into a situation where class A needs to be extended with
another class. This is not my choice, it's part of a framework I have
to use.

Currently I solved this by doing this:

class A extends framework_class {
  $var core;

  // PHP4 constructor
  function A {
$this-core = new core();
$this-core-go();
  }
}

The question I have, is this a good solution, is it the only solution
or are there different ways to tackle this?
As you might see it needs to run in PHP4.



has to extend? if it *has* to extend then you have no choice, but you 
may want to look up on class inheritance, specifically inheritance vs 
composition.


also the isa / hasa rule /should/ always apply.

which one of the following is true
1: A isa framework_class_name
2: A hasa framework_class_name

if it's 1 then you extend
if it's 2 then A should contain an instance of framework_class

eg:
class A
{
  var $framework_class = new framework_class_name();
}

you can also always proxy the methods you need.

all in, this appears to be a design pattern issue and really can't help 
any more unless you give some specifics. (like the source of your 
classes and the framework class you need to extend)


regards,

nathan

incidentally, I play inheritance vs composition as game with my 4 year 
old son, and he's really good - the untainted mind of a child can easily 
solve things us older types find more complex.

eg: car isa wheel, car hasa wheel

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] table-less layouts; Ideas welcome

2009-05-21 Thread Benjamin Hawkes-Lewis

On 21/5/09 09:02, Jim Lucas wrote:

I have been toying with the idea of doing a table-less layouts
involving tabular data, calendars, etc...

[snip]

The responses suggesting that even W3C would let you use tables for
data tables are too weak.

W3C recommend you use the best possible semantic (X)HTML for your
structured content and, if you want to style it, suggest a skin or skins
for that structure with CSS. This is why table is the wrong tool for
grid layout and the /right/ tool for tabular data.

This isn't semantics for the sake of semantics. Table markup implies
a series of relationships that user agents can use in two basic ways:

1) Render content appropriately to communicate tabular relationships.
For example, text browsers and browser/user stylesheets in GUI browsers
can arrange tables in rows and columns, stick borders between cells,
embolden/color header cells and captions, repeat header rows after a
page break when printing. GUI browsers can copy table markup to system
clipboards such that you can paste the table into a word processor or
spreadsheet as a table. Screen readers can read or braille the table
caption or summary when the table receives focus, and render an
individual data cell's headers when it receives content focus.

2) Provide navigational functionality. For example, popular screen
readers use table markup to give users commands to list tables on a
page, jump to the next table, move to the next row rather than the next
cell, query a cell for its headers, read row-by-row, or read
column-by-column. For example:

http://www.freedomscientific.com/Training/Surfs-Up/Tables.htm
http://www.freedomscientific.com/Training/Surfs-up/Table_Reading_Commands.htm

So replacing good data markup ( http://www.webaim.org/techniques/tables/
) with a tree of div elements involves a substantial loss of
functionality, and accessibility.

If for some reason, you /must/ use generic div elements instead of
real tabular markup, I strongly recommend you annotate them with
WAI-ARIA attributes (grid and related roles). Supporting clients will
expose similar structural information to assistive technology as you
would get with (X)HTML tables. WAI-ARIA has poor support compared to
bog-standard (X)HTML tables, but it should be supported by the some of
the newest browsers and screen readers (e.g. Firefox 3, IE8, and JAWS 10).

Calendar markup is a very tricky one.

But I'd certainly take advantage of (X)HTML's dedicated markup for
relationships ( tables, lists, headings, hyperlinks ) to help users
navigate the calendar and to ensure a decent presentation (even without
your CSS) is applied, rather than expect users to parse linearized div
elements.

Some useful discussion at:

http://www.joedolson.com/articles/2006/10/describing-a-semantic-calendar/

http://diveintoaccessibility.org/day_19_using_real_table_headers.html

http://georgiatechcatea.wordpress.com/2007/01/16/accessible-calendars-for-blogs-and-websites/

--
Benjamin Hawkes-Lewis

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] table-less layouts; Ideas welcome

Benjamin Hawkes-Lewis wrote:

On 21/5/09 09:02, Jim Lucas wrote:

I have been toying with the idea of doing a table-less layouts
involving tabular data, calendars, etc...

[snip]

The responses suggesting that even W3C would let you use tables for
data tables are too weak.

This isn't semantics for the sake of semantics. Table markup implies a
series of relationships that user agents can use in two basic ways:

http://www.freedomscientific.com/Training/Surfs-Up/Tables.htm
http://www.freedomscientific.com/Training/Surfs-up/Table_Reading_Commands.htm

So replacing good data markup ( http://www.webaim.org/techniques/tables/
) with a tree of div elements involves a substantial loss of
functionality, and accessibility.

Calendar markup is a very tricky one.

Some useful discussion at:

http://www.joedolson.com/articles/2006/10/describing-a-semantic-calendar/

http://diveintoaccessibility.org/day_19_using_real_table_headers.html

http://georgiatechcatea.wordpress.com/2007/01/16/accessible-calendars-for-blogs-and-websites/

--
Benjamin Hawkes-Lewis

yup,

if you are ever in doublt as to whether you are doing things correctly
or not, highlight the entire web page in question, copy it, and paste it
in to a very basic text editor. Then read from line 1 to the end, if any
of it doesn't make sense or seems misplaced, then it's been made
incorrectly.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: table-less layouts; Ideas welcome

2009-05-21 Thread Weston C

On Thu, 2009-05-21 at 09:54 -0400, tedd wrote:
 My thoughts are -- my understanding the reason why tables have
 received such bad-press is that designers have abused tables in
 holding designs together with nested tables AND in doing so made it
 difficult for the visually disabled to pull content from the site.
 Screen readers do not read the screen but rather read the source and
 pull out of it what they (the screen reader program) think is
 content. Translating nested tables becomes an impossible job for them.

I've heard a rumor this is exaggerated, and I buy it to some extent.
Lynx had an algorithm for distinguishing simple tabular data from more
complex (and probably layout) tables back in 1999. I'd assume a
serious screen reader with more development resources behind it could
do better, and I don't think heuristics for working with this would
even be particularly hard.

This isn't to say tangled table markup is never a problem. It is, both
for human and machine readers. But as much as I like CSS -- and as
much as it simplifies many designs -- there are some cases for which
table layouts are easier and/or more robust, so I almost just wish
we'd accepted the horse was out of the barn and tried to figure out an
easy way to signal distinctions between layout tables and semantic
tabular data, rather than trying to get the entire internet to
completely retool.

A few years ago, I started marking my layout tables with
class=layout. Not always a perfect solution, but makes the
distinction easy (and turns out to be a useful styling convention as
well), and if table-based layouts really are a significant obstacle to
machine readers, my guess is something like this would get us over
that hurdle a lot faster than waiting for everyone to give up those
layouts.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] table-less layouts; Ideas welcome

2009-05-21 Thread Tom Worster

this reminds me of the classic line in Real Programmers Don't Use Pascal:

Besides, the determined Real Programmer can write Fortran programs in any
language.


On 5/21/09 4:02 AM, Jim Lucas li...@cmsws.com wrote:

 Since this has been a topic of dicussion, I figured I would add my thoughts.
 
 I have been toying with the idea of doing a table-less layouts involving
 tabular data, calendars,
 etc...
 
 Recent threads have finally made me do it.  Let me know what you think.
 
 http://www.cmsws.com/examples/templates/div_tables.php
 http://www.cmsws.com/examples/templates/div_tables.phps (source for above)
 http://www.cmsws.com/examples/templates/div_cal.php
 
 When you turn off the styles, the calendar becomes pretty rough on the eyes,
 but still accessible.
 
 Same thing with the tabular data structure.
 
 But, not knowing how the various types of accessibility applications work, I
 am guessing that the
 layout to an application trying to read it should work fairly well.  Let me
 know if I am way off the
 mark with my thoughts.
 
 If you want to respond off list, that if fine by me.
 
 TIA



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: table-less layouts; Ideas welcome

2009-05-21 Thread tedd


At 11:48 AM -0600 5/21/09, Weston C wrote:

On Thu, 2009-05-21 at 09:54 -0400, tedd wrote:

 My thoughts are -- my understanding the reason why tables have
 received such bad-press is that designers have abused tables in
 holding designs together with nested tables AND in doing so made it
 difficult for the visually disabled to pull content from the site.
 Screen readers do not read the screen but rather read the source and
 pull out of it what they (the screen reader program) think is
 content. Translating nested tables becomes an impossible job for them.


[1] I've heard a rumor this is exaggerated, and I buy it to some extent.
Lynx had an algorithm for distinguishing simple tabular data from more
complex (and probably layout) tables back in 1999. I'd assume a
serious screen reader with more development resources behind it could
do better, and I don't think heuristics for working with this would
even be particularly hard.

[2] This isn't to say tangled table markup is never a problem. It is, both
for human and machine readers. But as much as I like CSS -- and as
much as it simplifies many designs -- there are some cases for which



[3] table layouts are easier and/or more robust, so I almost just wish
we'd accepted the horse was out of the barn and tried to figure out an
easy way to signal distinctions between layout tables and semantic
tabular data, rather than trying to get the entire internet to
completely retool.

[4] A few years ago, I started marking my layout tables with
class=layout. Not always a perfect solution, but makes the
distinction easy (and turns out to be a useful styling convention as
well), and if table-based layouts really are a significant obstacle to
machine readers, my guess is something like this would get us over
that hurdle a lot faster than waiting for everyone to give up those
layouts.


Weston:

With regard to [1] -- while it might look like a simple problem to 
solve, let me present a simple example to show it's not.


Above is your text -- let's say that I create a table that is a 
simple 2 x 2 table. It's a table that has two rows and two columns.


Now, let me place your text in that table like so:

1 | 2
3 | 4

Or, I could do it like this:

1 | 3
2 | 4

Could you be certain that your algorithm would figure out which way 
it needs to present the text to a blind person? Remember, it should 
present the text in the correct order, namely 1, 2, 3 and 4. However, 
newsprint and layouts often uses both types of presentation.


Now compound that with cells holding images, place-holders, empty 
cells and cells with navigation elements, flash, videos, and such -- 
and you might have a better appreciation as to the problem screen 
readers face.


Cheers,

tedd

--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: table-less layouts; Ideas welcome

2009-05-21 Thread Benjamin Hawkes-Lewis


On 21/5/09 18:48, Weston C wrote:

I almost just wish
we'd accepted the horse was out of the barn and tried to figure out an
easy way to signal distinctions between layout tables and semantic
tabular data, rather than trying to get the entire internet to
completely retool.


One year after HTML 4.0 recommended stylesheets over table layouts, WCAG 
1.0 (published in 1999) explained how /authors/ could distinguish 
between layout tables and data tables:


1) When writing a presentational table, stick to the elements table, 
tr, td. Do not use the headers, scope, axis, or summary 
attributes. Make sure layout tables make sense when linearized.


2) When writing a data table, add the elements th, thead, tbody, 
tfoot, caption, and col and the attributes headers, scope, 
axis, and summary wherever appropriate.


http://www.w3.org/TR/WCAG10/#gl-table-markup

No algorithm for guessing whether a table matching the first class (but 
which could have been authored before WCAG 1.0 or in ignorance of WCAG 
1.0) is a layout or data table has ever been specified, as far as I 
know. You are entirely correct that text browsers and screen readers do 
indeed use such algorithms, however. This is why it's more crucial to 
use data table markup for data tables than to avoid presentational table 
markup for grid layout.


Fast forward a decade, and authors are getting another tool in our 
toolbox, not a million miles away from your 'class=layout'. I don't 
think it's very well specified yet, but:


http://www.w3.org/TR/wai-aria/#presentation

--
Benjamin Hawkes-Lewis



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Problems working with HTML using PHP's XML tools (placing mixed text/html into xpath-specified nodes...)

2009-05-21 Thread Weston C

Is there a straightforward way (or, heck, any way) of placing mixed
html/text content into xpath-specified nodes using any of PHP's XML
tools?

So far, I've tried SimpleXML and the DOM and things aren't coming out well.

SimpleXML:

 /* $filename contains path to valid XML file, $xpathxpr contains
valid XPath expression matching at least  one document node, $fillval
contains a mixed well-formed text/xhtml string to be pre-pended within
each matching node */

$sx = simplexml_load_file($filename);
$nodes = $sx-xpath($xpathxpr);
foreach($nodes as $node) {
  $children = $node-children();
  $children[0] = $fillval . $children[0];
}

This only sortof works. I get $fillval appended before the original
contents of each matching docment node but if I've put any markup
in, it's all there as literal text (ie, a
href=http://php.net;php.net/a wouldn't show up as a link, you'd
see the actual markup when the document is rendered).

A variation on this that I tried is creating a new SimpleXMLElement
object, with the mixed text/markup string as an argument passed to the
constructor, since the docs seem to indicate this is blessed. Weirdly,
when I do this, it seems to actually be stripping out the markup and
just giving the text. For example:

$s = new SimpleXMLElement('a href=#Boo/a')
echo $s;

yields Boo (and echo $s-a yields nothing). This would be such a
huge bug I have a hard time believing it, so I have to suspect there's
a dance I'm not doing to make this work correctly.

DOM XML:

 /* again, $filename contains path to valid XML file, $xpathxpr
contains valid XPath expression matching at least  one document node,
$fillval contains a mixed well-formed text/xhtml string to be
pre-pended within each matching node */

$domDoc = new DOMDocument();
$domDoc-loadHTML(file_get_contents($filename));
$search = new DOMXPath($domDoc);
$nodes = $search-query($xpathxpr);
foreach($nodes as $emt) {
$f = $domDoc-createDocumentFragment();
$f-appendXML($fillval . $emt-nodeValue);
$emt-nodeValue = '';
$emt-appendChild($f);
}

This also gets mixed results. It gets cranky and issues warnings about
any HTML entities (despite that it seems it should be clear this is an
HTML document given the invocation of loadHTML), and while I'm seeing
some markup make it through, I'm not in other cases. I haven't quite
figured out the difference.

I can come up with some runnable tests if it will help, but I'm hoping
someone's already familiar with the general issues with using PHP's
XML tools to work with HTML that they can make some good commentary on
the matter.

Thanks,

Weston

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE

2009-05-21 Thread Michael A. Peters


Sumit Sharma wrote:

Hi,

I am designing a php website for my client which interact with database.
This is my first project for any client (I hope he is not reading this mail
;-)  ). I am a bit more concerned with database security. Can somebody shed
some light on the security measurements, precautions, and functions related
to database security in general to make sure that the data is safely stored
updated and retried from database. I have already used htmlentities(),
strip_tags(), addhashes(), and some regular expressions to check security.
Looking for help beyond this.


Thanks in advance...
Sumit



Use prepared statements.
If you are just starting out, I would recommend using a database 
abstraction layer, such as MDB2 from pear.


Doing it now is a LOT easier than porting an existing web application to 
use a database abstraction layer.


With prepared statement, sql injection is not an issue.

Example of prepared statement with MDB2:

$types = Array('integer','text','integer');
$q = 'SELECT somefield,someotherfield FROM sometable WHERE afield  ? 
AND bfield=? AND cfield  ? ORDER BY somefield';

$sql = $mdb2-prepare($q,$types,MDB2_PREPARE_RESULT);

$args  = Array($var1,$var2,$var3);
$rs = $sql-execute($args);

Prepared statements pretty much neuter any and all sql injection 
attempts, assuming the database supports prepared statements (otherwise 
the abstraction layer may emulate them which could possibly be prone to 
vulnerabilities).


While you do not need to use an abstraction layer to use prepared 
statements, the advantage of an abstraction layer is that your code will 
be much easier to port to a different database - advantageous to your 
client if they ever want to change databases, advantageous to you if you 
ever want to resuse you code for another client (assuming your contract 
does not give exclusive ownership of your code to your existing client).


The user the web server connects with should be as restricted as 
possible. It should only have permission to connect to the database from 
the host where the web server is running (localhost if running on same 
machine as the sql server) and should not be granted any permissions it 
does not absolutely need.


The file containing the database authentication credentials should end 
in .php and not .inc, and if at all possible, should be outside the web 
root (you can modify the include path to add a directory outside the web 
root that has includes - or include the file full path).


Make sure error reporting is turned off on the production web server 
(you can still read errors in the web server log).


If at all possible, run php compiled with the suhosin core patch and 
also run the suhosin loadable module.


-=-
You shouldn't need addslashes with prepared statements.
You should run user input through an existed tested input filter, such 
as http://htmlpurifier.org/ rather than trying to re-invent the wheel 
and create your own. Script kiddies have scripts that test webapps for 
input vulnerabilities (both xss and sql injection), and some of them are 
rather tricky and browser specific.


A community driven project like HTMLPurifier is more likely to catch 
malicious input than something you cobble together.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: PHP class question

Peter van der Does wrote:
 I have the following situation.
 
 I wrote some software and split it up into functionality:
 
 class core {
   function go{
   }
 }
 
 class A extends core {
   // PHP4 constructor
   function A {
 $this-go();
   }
 
 }
 
 class B extends core {
 }
 
 In core I define functions and variables that are to be used
 through out my program and to address those functions/variables I just
 use $this- .
 
 Now I ran into a situation where class A needs to be extended with
 another class. This is not my choice, it's part of a framework I have
 to use.

This doesn't make sense.  You say class A needs to be extended with
another class, however what you show below is class A extending
framework_class.

Show your classes and we can help I think.

 Currently I solved this by doing this:
 
 class A extends framework_class {
   $var core;
 
   // PHP4 constructor
   function A {
 $this-core = new core();
 $this-core-go();
   }
 }
 
 The question I have, is this a good solution, is it the only solution
 or are there different ways to tackle this?
 As you might see it needs to run in PHP4.
 

I'm sure there are.  This doesn't look right to me, but I'm confused by
your examples.

-- 
Thanks!
-Shawn
http://www.spidean.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Problems working with HTML using PHP's XML tools (placing mixed text/html into xpath-specified nodes...)

2009-05-21 Thread Michael A. Peters


Weston C wrote:

Is there a straightforward way (or, heck, any way) of placing mixed
html/text content into xpath-specified nodes using any of PHP's XML
tools?

So far, I've tried SimpleXML and the DOM and things aren't coming out well.


Not sure if it is of any use to you, I don't use XPath at all, but this 
php class modifies existing DOMDocument objects for filtering purposes 
and may give you an idea of how it is done:


http://www.clfsrpm.net/xss/cspfilter_class.phps

For a clearer example of adding a node to an existing document -

from

http://www.clfsrpm.net/xss/dom_script_test.phps

That page is hard to read as it was butchered from another script, so 
here are the demonstrative parts:


$import_prepare = 'div' . $somexmlcontentinastring . '/div';
$newDom = new DOMDocument(1.0,UTF-8);
$newDom-loadXML($import_prepare);
$elements = $newDom-getElementsByTagName(div);
$imported_div = $elements-item(0);

Now - $imported_div is an object node containing all the xml in 
import_prepare (you don't have to put it in a div, I did there because 
it's a form so I don't know the structure of xml input, putting it in a 
div gave me a known element that would be parent of all input) - but it 
is a node for the $newDom DOMDocument, I need to import it into the 
DOMDocument I am using.


$testDiv = $myxhtml-importNode($imported_div,true);

Now, $testDiv an a DOM object associated with the DOMDocument I want to 
import the node into.


$xmlBody-appendChild($testDiv);

Now the node is a child of the $xmlBody node, and has been incorporated 
into my DOMDocument.


-=-=-=-

importHTML() is problematic with some characters. Better to convert your 
additions to well formed xml and use importXML();


-=-=-=-

While I am currently using DOMDocument for everything (yes, everything), 
I'm still learning it - do not consider me a guru on it's use.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Forms validation and creation- easier solution?

2009-05-21 Thread Daniele Grillenzoni


On 20/05/2009 9.03, Angelo Zanetti wrote:

Hi all.



We have done quite a few projects and we are looking to find better ways to
implementing forms.



Forms seem to be quite time consuming and repetitive.



Generally are there any classes or libraries that will assist with:



1.  Easy creation of forms (fields and layout)

2. Validation of specific fields within the forms (server side not JS)

3. Decrease in time required to setup the forms pages

any other comments are welcome.



Thanks in advance

Angelo


Elemental
http://www.elemental.co.zahttp://www.elemental.co.za/

Dynamic Web and Mobile Solutions








Personally I created a little Class that handles it.

First I create an array of associative arrays, every associative array 
represents an input of an abstract type (similar to the webforms, 
meaning i have stuff like type=telephone).


Stuff like
$inputs[]=array(
name = foobar,
required = true,
type = string,   // text is reserved to textarea
label = Foo Bar,
error_required = you need to provide a Foo Bar value, dummy,
group = main
);
etc.

Then I create an array for groups.
$group[main] = array(
	type = block, // types are either block which means div, set 
which means fieldset, paragraph which means p or a raw html opening tag.
	parent = NULL		//optional of course, if set to the name of another 
group, then the group becomes a child of the referenced group.

)

Then I create an associative array of options for the form.
Finally, I call the class constructor with the three arrays as params.

The class provides me with a few nifty functions:
* toHtml();
(do I need to explain?)
* toArray();
	Returns the inputs, options, and groups inside a single array, with the 
value altered when necessary

* wasSubmitted();
	Does some guesswork to see if the form was submitted, there's a lot of 
smart automagicness inside.

* runAutoChecks();
	Runs the checks he can, like the validity of emails in 'type' = 'email' 
inputs, pattern validation for input with a set pattern, required 
inputs, fills the error array with error messages, sets class[]='error' 
to wrongly filled inputs...

* wasValidInput();
	Returns true if none of the autochecks or eventual manual checks 
returned an error.


And it works like this:
[...]
if ($form-wasSubmitted()){
$form-runAutoChecks();
/* Additional non-automatable controls */
// None in this case
if ($form-wasValidInput()){
// success, do stuff
} else {
// show errors and form again
}
} else {
echo $form-toHtml();
}

There are other things I didn't list, like the fact that ever input has 
options to specify a wrapper (class and id are associated to the wrapper 
if it's defined), the form encoding automatically changes in case of a 
file input, etc etc etc...


The types are abstracted enough that one could easily make a function 
that automatically creates the code for a first draft of the forum out 
of the db schema of an eventual table. Of course you'd have to provide 
error messages, remove unnecessary inputs, adding new ones...


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: table-less layouts; Ideas welcome

2009-05-21 Thread Weston C

On Thu, May 21, 2009 at 12:10 PM, tedd tedd.sperl...@gmail.com wrote:
 Could you be certain that your algorithm would figure out which way it needs
 to present the text to a blind person?

My own experience browsing the web with Lynx (which for the most part,
tends to ignore table layout, giving you the content of table cells in
source order) suggests that order doesn't end up being a significant
issue. The common layouts tend to read surprising well in source
order. Navigation is usually at the top or the left, so you encounter
it quickly. If there's any problem, most of the time it's that the
page author has done something hideous with a lot of images with no
alt text or abuse of HTML entitites, or part of the navigation
structure is only accessible via javascript or flash or something like
that... all separate issues from repurposing tabular markup.

And when there *is* some kind of a layout issue, most of the time it's
easy to adapt as a human reader by searching/scanning (sometimes
easier than if you're looking at a bad visual layout). The tools that
enhance accessibility on a page in these respects really don't have a
lot to do with whether there's tabular markup -- if you want to enable
easy access to page navigation, you can add semantic information about
that regardless. In fact, that information is quite likely more
important and less prevalent than what you end up with even most
CSS-positioned sites, given that the vast majority of them simply
provide stylesheets for the purposes of... visual layout, and what
you're left with when a screen reader ignores them is linear
source-ordered elements.

None of this is to say that CSS can't be very useful in addressing
this problem (and other problems), or that there aren't some problems
with tabular markup. The presentation example you mentioned is
actually going to be an issue with even real tabular data without some
care taken in the markup. And I don't want to go back to coding 1999
markup for 1999 browsers. Mostly my point is that the problem with
using tables is a bit more limited in size than it's often made out to
be, there are other ways of dealing with the accessibility and
semanticity issues involved, some of them potentially more effective.
And for some cases, table layouts just work better. I think we'd be
better off with a wide variety of professionals who can balance these
different issues than with a  tables considered harmful summary.

 Now compound that with cells holding images,
 place-holders, empty cells and cells with navigation elements,
 flash, videos, and such -- and you might have a better appreciation
 as to the problem screen readers face.

These are actually some of the heuristic markers I believe some
browsers actually use (and if they don't, they certainly could). If
you have a table whose cells largely contain highly mixed markup,
largely presentational elements, no alternative data, chances are
pretty good that it isn't tabular data. And...

Benjamin Hawkes-Lewis bhawkesle...@googlemail.com
 WCAG 1.0 ... explained how /authors/ could distinguish between layout
 tables and data tables:

 1) When writing a presentational table, stick to the elements table, tr,
 td. Do not use the headers, scope, axis, or summary attributes.
 Make sure layout tables make sense when linearized.

 2) When writing a data table, add the elements th, thead, tbody,
 tfoot, caption, and col and the attributes headers, scope, axis,
 and summary wherever appropriate.

Exactly. These are great markers for distinguishing between where
authors were using table markup semantically or presentationally. I
think in practice there are probably many others available.

 Fast forward a decade, and authors are getting another tool in our toolbox,
 not a million miles away from your 'class=layout'. I don't think it's very
 well specified yet, but:

 http://www.w3.org/TR/wai-aria/#presentation

I'm actually amazed... this is very nearly what I proposed in some
discussions back in 2004. I eventually shifted to class=layout
because it had some other practical benefits and everybody I talked to
seemed to feel cluttering up the attribute space with yet another item
was wrong (on top of this sortof general malaise about repurposed
table markup), especially when considering how much semantic mileage
you can get out of class attributes. I'd be totally happy to see
anything like it adopted, though, and as I said before, think it'd
push the semantic web forward faster than waiting for everyone to come
around to doing things one blessed way.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE

Michael A. Peters wrote:
 Sumit Sharma wrote:
 Hi,

 I am designing a php website for my client which interact with database.
 This is my first project for any client (I hope he is not reading this
 mail
 ;-)  ). I am a bit more concerned with database security. Can somebody
 shed
 some light on the security measurements, precautions, and functions
 related
 to database security in general to make sure that the data is safely
 stored
 updated and retried from database. I have already used htmlentities(),
 strip_tags(), addhashes(), and some regular expressions to check
 security.
 Looking for help beyond this.


 Thanks in advance...
 Sumit

 
 Use prepared statements.
 If you are just starting out, I would recommend using a database
 abstraction layer, such as MDB2 from pear.
 
 Doing it now is a LOT easier than porting an existing web application to
 use a database abstraction layer.
 
 With prepared statement, sql injection is not an issue.
 
 Example of prepared statement with MDB2:
 
 $types = Array('integer','text','integer');
 $q = 'SELECT somefield,someotherfield FROM sometable WHERE afield  ?
 AND bfield=? AND cfield  ? ORDER BY somefield';
 $sql = $mdb2-prepare($q,$types,MDB2_PREPARE_RESULT);
 
 $args  = Array($var1,$var2,$var3);
 $rs = $sql-execute($args);
 
 Prepared statements pretty much neuter any and all sql injection
 attempts, assuming the database supports prepared statements (otherwise
 the abstraction layer may emulate them which could possibly be prone to
 vulnerabilities).
 
 While you do not need to use an abstraction layer to use prepared
 statements, the advantage of an abstraction layer is that your code will
 be much easier to port to a different database - advantageous to your
 client if they ever want to change databases, advantageous to you if you
 ever want to resuse you code for another client (assuming your contract
 does not give exclusive ownership of your code to your existing client).
 
 The user the web server connects with should be as restricted as
 possible. It should only have permission to connect to the database from
 the host where the web server is running (localhost if running on same
 machine as the sql server) and should not be granted any permissions it
 does not absolutely need.
 
 The file containing the database authentication credentials should end
 in .php and not .inc, and if at all possible, should be outside the web
 root (you can modify the include path to add a directory outside the web
 root that has includes - or include the file full path).
 
 Make sure error reporting is turned off on the production web server
 (you can still read errors in the web server log).
 
 If at all possible, run php compiled with the suhosin core patch and
 also run the suhosin loadable module.
 
 -=-
 You shouldn't need addslashes with prepared statements.
 You should run user input through an existed tested input filter, such
 as http://htmlpurifier.org/ rather than trying to re-invent the wheel
 and create your own. Script kiddies have scripts that test webapps for
 input vulnerabilities (both xss and sql injection), and some of them are
 rather tricky and browser specific.
 
 A community driven project like HTMLPurifier is more likely to catch
 malicious input than something you cobble together.

PDO is another good option.  You shouldn't have to worry about escaping
or SQL injections, though suhosin is a great idea.

http://php.net/manual/book.pdo.php

-- 
Thanks!
-Shawn
http://www.spidean.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE

2009-05-21 Thread Eddie Drapkin

Suhosin is completely not-related to SQL, though, I don't know why you'd
bring it up...



 On Thu, May 21, 2009 at 3:42 PM, Shawn McKenzie nos...@mckenzies.netwrote:

 Michael A. Peters wrote:
  Sumit Sharma wrote:
  Hi,
 
  I am designing a php website for my client which interact with
 database.
  This is my first project for any client (I hope he is not reading this
  mail
  ;-)  ). I am a bit more concerned with database security. Can somebody
  shed
  some light on the security measurements, precautions, and functions
  related
  to database security in general to make sure that the data is safely
  stored
  updated and retried from database. I have already used htmlentities(),
  strip_tags(), addhashes(), and some regular expressions to check
  security.
  Looking for help beyond this.
 
 
  Thanks in advance...
  Sumit
 
 
  Use prepared statements.
  If you are just starting out, I would recommend using a database
  abstraction layer, such as MDB2 from pear.
 
  Doing it now is a LOT easier than porting an existing web application to
  use a database abstraction layer.
 
  With prepared statement, sql injection is not an issue.
 
  Example of prepared statement with MDB2:
 
  $types = Array('integer','text','integer');
  $q = 'SELECT somefield,someotherfield FROM sometable WHERE afield  ?
  AND bfield=? AND cfield  ? ORDER BY somefield';
  $sql = $mdb2-prepare($q,$types,MDB2_PREPARE_RESULT);
 
  $args  = Array($var1,$var2,$var3);
  $rs = $sql-execute($args);
 
  Prepared statements pretty much neuter any and all sql injection
  attempts, assuming the database supports prepared statements (otherwise
  the abstraction layer may emulate them which could possibly be prone to
  vulnerabilities).
 
  While you do not need to use an abstraction layer to use prepared
  statements, the advantage of an abstraction layer is that your code will
  be much easier to port to a different database - advantageous to your
  client if they ever want to change databases, advantageous to you if you
  ever want to resuse you code for another client (assuming your contract
  does not give exclusive ownership of your code to your existing client).
 
  The user the web server connects with should be as restricted as
  possible. It should only have permission to connect to the database from
  the host where the web server is running (localhost if running on same
  machine as the sql server) and should not be granted any permissions it
  does not absolutely need.
 
  The file containing the database authentication credentials should end
  in .php and not .inc, and if at all possible, should be outside the web
  root (you can modify the include path to add a directory outside the web
  root that has includes - or include the file full path).
 
  Make sure error reporting is turned off on the production web server
  (you can still read errors in the web server log).
 
  If at all possible, run php compiled with the suhosin core patch and
  also run the suhosin loadable module.
 
  -=-
  You shouldn't need addslashes with prepared statements.
  You should run user input through an existed tested input filter, such
  as http://htmlpurifier.org/ rather than trying to re-invent the wheel
  and create your own. Script kiddies have scripts that test webapps for
  input vulnerabilities (both xss and sql injection), and some of them are
  rather tricky and browser specific.
 
  A community driven project like HTMLPurifier is more likely to catch
  malicious input than something you cobble together.

 PDO is another good option.  You shouldn't have to worry about escaping
 or SQL injections, though suhosin is a great idea.

 http://php.net/manual/book.pdo.php

 --
 Thanks!
 -Shawn
 http://www.spidean.com

 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE

Eddie Drapkin wrote:
 Suhosin is completely not-related to SQL, though, I don't know why you'd
 bring it up...

Well, because the post that I was replying to brought it up and I happen
to agree that it's a good idea even though it has nothing to do with SQL :-)

 Michael A. Peters wrote:
 Use prepared statements.
 If you are just starting out, I would recommend using a database
 abstraction layer, such as MDB2 from pear.

 Doing it now is a LOT easier than porting an existing web application to
 use a database abstraction layer.

 With prepared statement, sql injection is not an issue.

 Example of prepared statement with MDB2:

 $types = Array('integer','text','integer');
 $q = 'SELECT somefield,someotherfield FROM sometable WHERE afield  ?
 AND bfield=? AND cfield  ? ORDER BY somefield';
 $sql = $mdb2-prepare($q,$types,MDB2_PREPARE_RESULT);

 $args  = Array($var1,$var2,$var3);
 $rs = $sql-execute($args);

 Prepared statements pretty much neuter any and all sql injection
 attempts, assuming the database supports prepared statements (otherwise
 the abstraction layer may emulate them which could possibly be prone to
 vulnerabilities).

 While you do not need to use an abstraction layer to use prepared
 statements, the advantage of an abstraction layer is that your code will
 be much easier to port to a different database - advantageous to your
 client if they ever want to change databases, advantageous to you if you
 ever want to resuse you code for another client (assuming your contract
 does not give exclusive ownership of your code to your existing client).

 The user the web server connects with should be as restricted as
 possible. It should only have permission to connect to the database from
 the host where the web server is running (localhost if running on same
 machine as the sql server) and should not be granted any permissions it
 does not absolutely need.

 The file containing the database authentication credentials should end
 in .php and not .inc, and if at all possible, should be outside the web
 root (you can modify the include path to add a directory outside the web
 root that has includes - or include the file full path).

 Make sure error reporting is turned off on the production web server
 (you can still read errors in the web server log).

 *If at all possible, run php compiled with the suhosin core patch and
 also run the suhosin loadable module.*

 -=-
 You shouldn't need addslashes with prepared statements.
 You should run user input through an existed tested input filter, such
 as http://htmlpurifier.org/ rather than trying to re-invent the wheel
 and create your own. Script kiddies have scripts that test webapps for
 input vulnerabilities (both xss and sql injection), and some of them are
 rather tricky and browser specific.

 A community driven project like HTMLPurifier is more likely to catch
 malicious input than something you cobble together.
 PDO is another good option.  You shouldn't have to worry about escaping
 or SQL injections, though suhosin is a great idea.

 http://php.net/manual/book.pdo.php

 --
 Thanks!
 -Shawn
 http://www.spidean.com

 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php


 


-- 
Thanks!
-Shawn
http://www.spidean.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP class question

2009-05-21 Thread Peter van der Does

On Thu, 21 May 2009 14:08:11 -0500
Shawn McKenzie nos...@mckenzies.net wrote:


 
 This doesn't make sense.  You say class A needs to be extended with
 another class, however what you show below is class A extending
 framework_class.
 

I worded it wrong, I apologize.
Class A needs to be an extension of the framework class.

-- 
Peter van der Does

GPG key: E77E8E98
IRC: Ganseki on irc.freenode.net
Blog: http://blog.avirtualhome.com
Forums: http://forums.avirtualhome.com
Jabber ID: pvanderd...@gmail.com

GetDeb Package Builder
http://www.getdeb.net - Software you want for Ubuntu

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] CSS tables

2009-05-21 Thread Jessi Berkelhammer


Hi,
This post is another one that might be better asked on a CSS-list, but 
it is relevant to this thread.


The calendar at http://php1.net/my-php-calendar/ seems to have a similar 
issue to a problem I am havingcell borders (sometimes) disappear in 
Firefox when you zoom out. In both this calendar and mine, the behavior 
is unpredictable---sometimes a border will be there, and other times 
not. In my case, I have a javascript mouseover, and the mouseover 
changes the border behavior below it.


Does anybody have any experience with this?

Thanks!
-jessi

tedd wrote:

At 11:28 PM +0100 5/15/09, Nathan Rixham wrote:

tedd wrote:
However, there are occasions such as in a calendar where not using a 
table would be more than difficult. I haven't received a decree yet 
as to IF that would be considered column data or not.


I'm gonna differ on this one, when you simply float each calender item 
to the left you're pretty much done, in many cases i find it easier 
than tables.


Okay -- so you find them easier to use for this purpose.

This is my little php calendar (not all the code is mine):

http://php1.net/my-php-calendar/

and I use tables.

I would not want to redo this script using pure css, but I probably will 
do it at some point. We all have investments into our code.


Do you have a css calendar to show?

Cheers,

tedd


--
Jessi Berkelhammer
Downtown Emergency Service Center
Computer Programming Specialist

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] CSS tables

On Thu, 2009-05-21 at 13:05 -0700, Jessi Berkelhammer wrote:
 Hi,
 This post is another one that might be better asked on a CSS-list, but 
 it is relevant to this thread.
 
 The calendar at http://php1.net/my-php-calendar/ seems to have a similar 
 issue to a problem I am havingcell borders (sometimes) disappear in 
 Firefox when you zoom out. In both this calendar and mine, the behavior 
 is unpredictable---sometimes a border will be there, and other times 
 not. In my case, I have a javascript mouseover, and the mouseover 
 changes the border behavior below it.
 
 Does anybody have any experience with this?
 
 Thanks!
 -jessi
 
 tedd wrote:
  At 11:28 PM +0100 5/15/09, Nathan Rixham wrote:
  tedd wrote:
  However, there are occasions such as in a calendar where not using a 
  table would be more than difficult. I haven't received a decree yet 
  as to IF that would be considered column data or not.
 
  I'm gonna differ on this one, when you simply float each calender item 
  to the left you're pretty much done, in many cases i find it easier 
  than tables.
  
  Okay -- so you find them easier to use for this purpose.
  
  This is my little php calendar (not all the code is mine):
  
  http://php1.net/my-php-calendar/
  
  and I use tables.
  
  I would not want to redo this script using pure css, but I probably will 
  do it at some point. We all have investments into our code.
  
  Do you have a css calendar to show?
  
  Cheers,
  
  tedd
 
 -- 
 Jessi Berkelhammer
 Downtown Emergency Service Center
 Computer Programming Specialist
 
I've just zoomed out to the maximum Fx allows me, and the borders remain
all the way through. Using Fx 2 on Linux. It could be a known issue,
have the you checked Bugzilla?


Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP class question

Peter van der Does wrote:
 On Thu, 21 May 2009 14:08:11 -0500
 Shawn McKenzie nos...@mckenzies.net wrote:
 
 
 This doesn't make sense.  You say class A needs to be extended with
 another class, however what you show below is class A extending
 framework_class.

 
 I worded it wrong, I apologize.
 Class A needs to be an extension of the framework class.
 

Well I guess from my point of view there are several ways depending upon
the requirements.  Others that are better with OOP will chime in I'm sure.

This I'll get flamed for, but you can use one instance of core as a global:

class A extends framework_class {
  var $core;

  function A() {
$this-core = $GLOBALS['core'];
$this-core-go();
  }
}

//in global scope in bootstrap or whatever
$core = new core();

Along the same lines but more OOP and without globals, maybe use a
registry class and store core in the registry. This also uses one
instance of core:

class Registry {
protected $_objects = array();

function set($name, $object) {
$this-_objects[$name] = $object;
}

function get($name) {
return $this-_objects[$name];
}
}

class A extends framework_class {
  var $core;

  function A($registry) {  //dunno if you need a reference here or not
$this-core = $registry-get('core');
$this-core-go();
  }
  //i guess you could also pass in core, but registry will give you all
objects in the registry
  //function A(core) {
//$this-core = $core;
//$this-core-go();
  //}
}

//this is in your bootstrap or whatever
$core = new core();
$registry = new registry();
$registry-set('core', $core);

Or, if you don't need an object, call it statically:

class A extends framework_class {

  function A() {
core::go();
  }
}

-- 
Thanks!
-Shawn
http://www.spidean.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP class question

Shawn McKenzie wrote:
 Peter van der Does wrote:
 On Thu, 21 May 2009 14:08:11 -0500
 Shawn McKenzie nos...@mckenzies.net wrote:


 This doesn't make sense.  You say class A needs to be extended with
 another class, however what you show below is class A extending
 framework_class.

 I worded it wrong, I apologize.
 Class A needs to be an extension of the framework class.

 
 Well I guess from my point of view there are several ways depending upon
 the requirements.  Others that are better with OOP will chime in I'm sure.
 
 This I'll get flamed for, but you can use one instance of core as a global:
 
 class A extends framework_class {
   var $core;
 
   function A() {
 $this-core = $GLOBALS['core'];
 $this-core-go();
   }
 }
 
 //in global scope in bootstrap or whatever
 $core = new core();
 
 Along the same lines but more OOP and without globals, maybe use a
 registry class and store core in the registry. This also uses one
 instance of core:
 
 class Registry {
 protected $_objects = array();
 
 function set($name, $object) {
 $this-_objects[$name] = $object;
 }
 
 function get($name) {
 return $this-_objects[$name];
 }
 }
 
 class A extends framework_class {
   var $core;
 
   function A($registry) {  //dunno if you need a reference here or not
 $this-core = $registry-get('core');
 $this-core-go();
   }
   //i guess you could also pass in core, but registry will give you all
 objects in the registry
   //function A(core) {
 //$this-core = $core;
 //$this-core-go();
   //}
 }
 
 //this is in your bootstrap or whatever
 $core = new core();
 $registry = new registry();
 $registry-set('core', $core);
 
 Or, if you don't need an object, call it statically:
 
 class A extends framework_class {
 
   function A() {
 core::go();
   }
 }
 

I guess you could always do a singleton so that you always have the same
instance.  Add something like this to the core class (not tested):

static $_instance;

function getInstance() {
if(self::$_instance === null) {
self::$_instance = new self();
}
return self::$_instance;
}

Then you can do:

class A extends framework_class {
   var $core;

   function A() {
 $this-core = core::getInstance();
 $this-core-go();
   }
 }

-- 
Thanks!
-Shawn
http://www.spidean.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE

2009-05-21 Thread Michael A. Peters


Eddie Drapkin wrote:

Suhosin is completely not-related to SQL, though, I don't know why you'd
bring it up...


I brought it up because suhosin catches many exploits that otherwise get 
through, including exploits that allow inclusion of remote files that 
can then be used to run arbitrary commands on the server, send include 
files (such as the db authentication script) as plain text, all kinds of 
nasty can result.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP class question