php-general Digest 21 Dec 2010 16:07:30 -0000 Issue 7097
php-general Digest 21 Dec 2010 16:07:30 - Issue 7097 Topics (messages 310170 through 310196): PDO Prepared Statements and stripslashes 310170 by: Rico Secada 310171 by: Paul M Foster 310173 by: Rico Secada 310174 by: Ravi Gehlot 310195 by: Adam Richardson Re: Problems w/ goto 310172 by: David Harkness Re: Common session for all subdomains? 310175 by: Ravi Gehlot 310192 by: Daniel Brown Re: Problem with Include 310176 by: Ravi Gehlot 310178 by: David Hutto 310182 by: Ravi Gehlot 310183 by: David Hutto 310188 by: Daniel P. Brown 310189 by: David Hutto 310190 by: David Hutto 310191 by: Paul M Foster Re: All records not displaying... 310177 by: Ravi Gehlot Re: array question 310179 by: Ravi Gehlot Re: PHPInfo disabled due to security 310180 by: Ravi Gehlot 310187 by: Daniel Brown Re: Error Querying Database 310181 by: Ravi Gehlot Session problem 310184 by: Walter Caielli Ways to attend usergroups meeting 310185 by: vikash.iitb.gmail.com 310193 by: Daniel Brown 310196 by: vikash.iitb.gmail.com Re: PHPmailer.. best way to send to many recipients? 310186 by: Ian 310194 by: Govinda Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- Hi. In an article about SQL Injection by Chris Shiflett he mentions the following in a comment: The process of escaping should preserve data, so it should never be necessary to reverse it. When I'm auditing an application, things like stripslashes() alert me to design problems. Now, I'm always using PHP PDO with prepared statements and as such data with quotes gets slashed automatically by PDO when inserted into the database. When I need to pull out the data something might be slashed and I need to use stripslashes() or some str_replace() to make sure that the slashes are removed. So what's the mistake here and what's the correct way to do it? Kind regards Rico ---End Message--- ---BeginMessage--- On Tue, Dec 21, 2010 at 05:31:15AM +0100, Rico Secada wrote: Hi. In an article about SQL Injection by Chris Shiflett he mentions the following in a comment: The process of escaping should preserve data, so it should never be necessary to reverse it. When I'm auditing an application, things like stripslashes() alert me to design problems. Now, I'm always using PHP PDO with prepared statements and as such data with quotes gets slashed automatically by PDO when inserted into the database. Just out of idle curiosity, are you using MySQL? PDO shouldn't be backslashing quotes for PostgreSQL, as the PostgreSQL convention for values containing single quotes is to double the quotes, as: ''. When I need to pull out the data something might be slashed and I need to use stripslashes() or some str_replace() to make sure that the slashes are removed. So what's the mistake here and what's the correct way to do it? I don't see a mistake. If the values come out of the database backslashed, then you need to remove them to work with the data. My only question would be whether you're sure the data is backslashed before PDO ever sees it. In which case, yes, you have a problem. Paul -- Paul M. Foster ---End Message--- ---BeginMessage--- On Tue, 21 Dec 2010 00:32:19 -0500 Paul M Foster pa...@quillandmouse.com wrote: On Tue, Dec 21, 2010 at 05:31:15AM +0100, Rico Secada wrote: Hi. In an article about SQL Injection by Chris Shiflett he mentions the following in a comment: The process of escaping should preserve data, so it should never be necessary to reverse it. When I'm auditing an application, things like stripslashes() alert me to design problems. Now, I'm always using PHP PDO with prepared statements and as such data with quotes gets slashed automatically by PDO when inserted into the database. Just out of idle curiosity, are you using MySQL? PDO shouldn't be backslashing quotes for PostgreSQL, as the PostgreSQL convention for values containing single quotes is to double the quotes, as: ''. Currently I'm working with MySQL, but I have just tested PDO with PostgreSQL 8.3 and in this case PDO backslashes PostgreSQL as well. When I need to pull out the data something might be slashed and I need to use stripslashes() or some str_replace() to make sure that the slashes are removed. So what's the mistake here and what's the correct way to do it? I don't see a mistake. If the values come out of the database backslashed, then you need to remove them to work with the data. My only question would be whether
php-general Digest 22 Dec 2010 05:26:44 -0000 Issue 7098
php-general Digest 22 Dec 2010 05:26:44 - Issue 7098 Topics (messages 310197 through 310210): Re: Session problem 310197 by: Walter Caielli 310204 by: Ravi Gehlot Re: Ways to attend usergroups meeting 310198 by: Daniel Brown Is there a simple way to enforce a private method in a subclass? 310199 by: Richard Quadling 310203 by: David Harkness 310209 by: Carlos Medina Re: Problem with Include 310200 by: Ravi Gehlot 310205 by: a...@ashleysheridan.co.uk 310207 by: Ravi Gehlot 310208 by: Bastien Koert Re: PHPInfo disabled due to security 310201 by: Ravi Gehlot Re: Common session for all subdomains? 310202 by: Ravi Gehlot Re: PDO Prepared Statements and stripslashes 310206 by: Rico Secada Warning when calling session_start() 310210 by: webdev.blaettner.com Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- I've fixed the problem. I don't know why, but suddenly windows prevents PHP from writing into C:\windows\temp directory. Moving the session and log files to another directory solved the problem. Until few days ago it worked. I've now to discovered what was changed in windows configuration. Walter Caielli walter.caie...@ars21.net ha scritto nel messaggio news:bd.40.31041.b7a60...@pb1.pair.com... I'm facing the following basic problem: I have made two simple sample files to explain it: 1st file: ?php session_start(); $_SESSION['SS_user'] = user000; echo $_SESSION['SS_user']; echo SID; echo br.session_id(); echo 'br /a href=home.phppage 1/a'; ? 2nd file ?php session_start(); echo file Homebr; echo session_name().'+'.session_id(); echo $_SESSION['SS_user']; ? $_SESSION seems to be empty. Nothing is print. Session Name and session ID are the same but it seems that $_SESSION is not shared across the two files. No HTML is made before sessioni_start(). Why? I'm using PHP 5.3.4 on IIS, windows XP SP3. Tested as localhost or from another PC inside a LAN. Many thanks Walter ---End Message--- ---BeginMessage--- Walter, Session variables may be using cookies which in turn create temp files for storing such cookies. Ravi. On Tue, Dec 21, 2010 at 11:32 AM, Walter Caielli walter.caie...@ars21.netwrote: I've fixed the problem. I don't know why, but suddenly windows prevents PHP from writing into C:\windows\temp directory. Moving the session and log files to another directory solved the problem. Until few days ago it worked. I've now to discovered what was changed in windows configuration. Walter Caielli walter.caie...@ars21.net ha scritto nel messaggio news:bd.40.31041.b7a60...@pb1.pair.com... I'm facing the following basic problem: I have made two simple sample files to explain it: 1st file: ?php session_start(); $_SESSION['SS_user'] = user000; echo $_SESSION['SS_user']; echo SID; echo br.session_id(); echo 'br /a href=home.phppage 1/a'; ? 2nd file ?php session_start(); echo file Homebr; echo session_name().'+'.session_id(); echo $_SESSION['SS_user']; ? $_SESSION seems to be empty. Nothing is print. Session Name and session ID are the same but it seems that $_SESSION is not shared across the two files. No HTML is made before sessioni_start(). Why? I'm using PHP 5.3.4 on IIS, windows XP SP3. Tested as localhost or from another PC inside a LAN. Many thanks Walter -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php ---End Message--- ---BeginMessage--- On Tue, Dec 21, 2010 at 11:07, vikash.i...@gmail.com wrote: Thanks for the link. I already been through the given link. But, it is filled with inactive and non-responsive groups. I was hoping to get in touch with an active one. We don't seem to have any user group events for Mumbai on the calendar, either. If you'd like to start your own group, start by speaking with some of your fellow PHP users and come up with a date, time, and place to meet. Your first meetings don't need any real content --- they can simply be mixers for folks to get together and discuss common interests. To get more folks interested, try using social sites like LinkedIn, Facebook, and Twitter, and don't forget to submit your meeting details at http://php.net/cal.php. After your second or third meeting, you should begin to know how your group will take shape. What format will future meetings follow? Will you have multiple presentations and departments each week, or will you simply have one topic of discussion
Re: [PHP] Problem with Include
On Tue, Dec 21, 2010 at 2:48 AM, Ravi Gehlot r...@ravigehlot.net wrote: My point is that you tried to Not me personally. take code from one page and put it all organized in another page and the include that page of includes back into the pages that you want it to feed off from. If stuff works the way that it does then there a reason for it to have been done that way. By the original designer, but maybe not the OP. That's why documenting code is so important. 99% doesn't do it (including me). For you, others, and for self, it's more than important, it can be essential, especially if you're trying to keep up with multiple languages, OS's, and platforms. Ravi. On Tue, Dec 21, 2010 at 2:35 AM, David Hutto smokefl...@gmail.com wrote: On Tue, Dec 21, 2010 at 2:29 AM, Ravi Gehlot r...@ravigehlot.net wrote: Why mess with something that is already working? If you are trying to make it pretty then you are not solving a problem. You are creating one. Define working. I've had programs 'work', but more experienced would say it's flawed in some respect. Does it perform the immediate task? Now define pretty. Is it aesthetically pleasing to you, or to someone else with less, or maybe more experience. By defining the two above, you then define whether it's a problem. To you, or to them, or to the original designer? Ravi. On Mon, Dec 20, 2010 at 7:40 AM, Daniel P. Brown daniel.br...@parasane.netwrote: On Mon, Dec 20, 2010 at 02:49, Simcha Younger sim...@syounger.com wrote: Since it is being included by PHP, and not served by Apache, the extension is not important. Correct, but keep in mind that it will likely be served as plain text if accessed directly, if the web server is not properly configured (which, by default, it isn't). -- /Daniel P. Brown Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting (866-) 725-4321 http://www.parasane.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- They're installing the breathalyzer on my email account next week. -- They're installing the breathalyzer on my email account next week. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session problem
I'm facing the following basic problem: I have made two simple sample files to explain it: 1st file: ?php session_start(); $_SESSION['SS_user'] = user000; echo $_SESSION['SS_user']; echo SID; echo br.session_id(); echo 'br /a href=home.phppage 1/a'; ? 2nd file ?php session_start(); echo file Homebr; echo session_name().'+'.session_id(); echo $_SESSION['SS_user']; ? $_SESSION seems to be empty. Nothing is print. Session Name and session ID are the same but it seems that $_SESSION is not shared across the two files. No HTML is made before sessioni_start(). Why? I'm using PHP 5.3.4 on IIS, windows XP SP3. Tested as localhost or from another PC inside a LAN. Many thanks Walter -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Ways to attend usergroups meeting
Hi, I want to know if there is a central repo of all the php usergroups and its activities. wiki.php.net page is empty on this topic. Anyone aware of a php group meetings in Mumbai, India? If not, how to go about starting it? Thanks, Vikash Kumar -- http://vika.sh
[PHP] Re: PHPmailer.. best way to send to many recipients?
On 20/12/2010 21:33, Govinda wrote: followup question, please see below the OP: I just started using PHPmailer for one project that requires SMTP authentication (if I said that right).. and all is well.. but I want to ask now before it might get outta hand later: How many comma-delim'ed addresses can I stuff in $BCC_recipients before I have problems (need to restructure the design)? -- require(php_inc/class.phpmailer.php); $mail = new PHPMailer(); $BCC_recipients = x...@host.com,y...@server.com; // ---just an example $arrBCC_recipients = explode(,, $BCC_recipients); foreach ($arrBCC_recipients as $email2stuffInBCC) { $mail-AddBcc($email2stuffInBCC); } if(!$mail-Send()) { // problem -- For now there will be less than 100 Bcc recipients.. but later, more. I don't know if/when it will ever grow past 1,000. I see from reading on a PHPmailer list that the main concern people expressed from this (above) approach is to not go over limits set by the host/server as to how many emails can go out before being marked as spam. OK, understood. Here I am just asking about the code. I mean does it make any difference in terms of code reliability whether I loop on $mail-Send() -versus- looping on/concatenating the Bcc addresses? Hi, I regularly use PHPMailer to send out a mailshot to two batches of 5 and had no problems at all. I would not use BCC. Just set the recipient, send the email, then use the ClearAllRecipients() function and start again. We do other things like set a custom MessageID for tracking bounces and auto unsubscribing during this process as well. I also do this from the command line so I don't have to worry about timeouts / apache memory issues etc. But as long as you're aware of these problems then you can set the values appropriately. Regards Ian -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHPInfo disabled due to security
On Tue, Dec 21, 2010 at 02:40, Ravi Gehlot r...@ravigehlot.net wrote: Hello there, If you have a small to medium size web site then go to GoDaddy. Do not believe all that you see from php_info(). I will give you an example. The memory_limit it gives on shared hosting does not reflect the one intended for your shared account. It shows what was set for overall use. But blocking php_info() isn't right (at least I don't think so). Please don't top-post in addition to giving incorrect information like this. -- /Daniel P. Brown Network Infrastructure Manager Documentation, Webmaster Teams http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with Include
On Tue, Dec 21, 2010 at 02:48, Ravi Gehlot r...@ravigehlot.net wrote: My point is that you tried to take code from one page and put it all organized in another page and the include that page of includes back into the pages that you want it to feed off from. If stuff works the way that it does then there a reason for it to have been done that way. So you think no one should ever do that because it's only making it look pretty? Ever hear of maintainability? That's why documenting code is so important. 99% doesn't do it (including me). Please cite your source. -- /Daniel P. Brown Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting (866-) 725-4321 http://www.parasane.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with Include
On Tue, Dec 21, 2010 at 9:50 AM, Daniel P. Brown daniel.br...@parasane.net wrote: On Tue, Dec 21, 2010 at 02:48, Ravi Gehlot r...@ravigehlot.net wrote: My point is that you tried to take code from one page and put it all organized in another page and the include that page of includes back into the pages that you want it to feed off from. If stuff works the way that it does then there a reason for it to have been done that way. So you think no one should ever do that because it's only making it look pretty? Ever hear of maintainability? That's why documenting code is so important. 99% doesn't do it (including me). Please cite your source. Personally, I'd even have to admit mine was less than 99% compatible with what I'd like it to be. -- /Daniel P. Brown Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting (866-) 725-4321 http://www.parasane.net/ -- They're installing the breathalyzer on my email account next week. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with Include
On Tue, Dec 21, 2010 at 9:54 AM, David Hutto smokefl...@gmail.com wrote: On Tue, Dec 21, 2010 at 9:50 AM, Daniel P. Brown daniel.br...@parasane.net wrote: On Tue, Dec 21, 2010 at 02:48, Ravi Gehlot r...@ravigehlot.net wrote: My point is that you tried to take code from one page and put it all organized in another page and the include that page of includes back into the pages that you want it to feed off from. If stuff works the way that it does then there a reason for it to have been done that way. So you think no one should ever do that because it's only making it look pretty? Ever hear of maintainability? That's why documenting code is so important. 99% doesn't do it (including me). Please cite your source. Personally, I'd even have to admit mine was(and is) less than 99% compatible with what I'd like it to be. -- /Daniel P. Brown Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting (866-) 725-4321 http://www.parasane.net/ -- They're installing the breathalyzer on my email account next week. -- They're installing the breathalyzer on my email account next week. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with Include
On Tue, Dec 21, 2010 at 02:35:33AM -0500, David Hutto wrote: On Tue, Dec 21, 2010 at 2:29 AM, Ravi Gehlot r...@ravigehlot.net wrote: Why mess with something that is already working? If you are trying to make it pretty then you are not solving a problem. You are creating one. Define working. I've had programs 'work', but more experienced would say it's flawed in some respect. Does it perform the immediate task? Now define pretty. Is it aesthetically pleasing to you, or to someone else with less, or maybe more experience. By defining the two above, you then define whether it's a problem. To you, or to them, or to the original designer? Beware of more experienced programmers. I recently talked to an ex-boss of mine who had a programmer flake out on him. One of his customers threatened to take this flaky code to another company and get their opinion about whether it was good code or not. My ex-boss explained that, of course, they'd shoot it down. Because that's what programmers do-- they complain about other programmers' code. I'd never heard that idea expressed aloud. But when I thought about it, I realized it was true. Hell, look at the content of this list. ;-} Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Common session for all subdomains?
On Tue, Dec 21, 2010 at 02:27, Ravi Gehlot r...@ravigehlot.net wrote: That's a good question. There should be a setting on php.ini to allow cross session. Right. Because who needs to teach folks about computer security when we can just disable it for them anyway? Like Jonathan pointed out, it's a matter of adjusting the cookie parameters to match wildcard subdomains by preceding the part of the domain (usually the SLD, but some ccTLD or FQDN situations can be different) with a dot, like so:.example.com -- /Daniel P. Brown Network Infrastructure Manager Documentation, Webmaster Teams http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Ways to attend usergroups meeting
On Tue, Dec 21, 2010 at 05:35, vikash.i...@gmail.com wrote: Hi, I want to know if there is a central repo of all the php usergroups and its activities. wiki.php.net page is empty on this topic. Anyone aware of a php group meetings in Mumbai, India? If not, how to go about starting it? http://links.parasane.net/nrmb The first result should be exactly what you want. -- /Daniel P. Brown Network Infrastructure Manager Documentation, Webmaster Teams http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHPmailer.. best way to send to many recipients?
Hi, I regularly use PHPMailer to send out a mailshot to two batches of 5 and had no problems at all. I would not use BCC. Just set the recipient, send the email, then use the ClearAllRecipients() function and start again. We do other things like set a custom MessageID for tracking bounces and auto unsubscribing during this process as well. I also do this from the command line so I don't have to worry about timeouts / apache memory issues etc. But as long as you're aware of these problems then you can set the values appropriately. Regards Ian -- Thank you for replying Ian! That was just what I wanted to hear.. and I really appreciate your taking the time to offer me your experience so I can feel secure about using the class for multiple recipients. I'll do as you suggest and move the mailing into a proper loop on the send function itself (out of Bcc). Govinda -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PDO Prepared Statements and stripslashes
On Mon, Dec 20, 2010 at 11:31 PM, Rico Secada coolz...@it.dk wrote: Hi. In an article about SQL Injection by Chris Shiflett he mentions the following in a comment: The process of escaping should preserve data, so it should never be necessary to reverse it. When I'm auditing an application, things like stripslashes() alert me to design problems. Adding slashes to variables isn't needed for actually storing the values in the DB, but rather for their safe use in a SQL statement. If you use addslashes() on data going into a DB, you'll have to make sure you call stripslashes() on data coming out of the DB. His statement The process of escaping should preserve data, so it should never be necessary to reverse it, conveys that you shouldn't need to know if a value has been escaped down the line. The escaping operation should be done in such a way that it doesn't matter how you handle the data afterwards (your code shouldn't have to keep track of whether it has to call stripslashes(), with one notable problem being that calling stripslashes() twice on the same data can lead to a value that differs from the original.) Now, I'm always using PHP PDO with prepared statements and as such data with quotes gets slashed automatically by PDO when inserted into the database. In most languages I'm familiar with, prepared statements don't imply that values are automatically slashed. Rather, the statement is compiled with placeholders. Through use of placeholders, it's impossible for the DB to interpret any of the values inserted into any of the placeholders in a way that could lead to SQL injection. When I need to pull out the data something might be slashed and I need to use stripslashes() or some str_replace() to make sure that the slashes are removed. NO, using prepared statements does not require that you call stripslashes() when retrieving data from the DB. If you're noticing slashes, you've got them coming from other source (magic_quotes_gpc might be on, and if so, I recommend turning it off.) So what's the mistake here and what's the correct way to do it? 1. Turn off magic_quotes_gpc if on, as its use has been deprecated. 2. Use prepared statements. 3. Don't worry about stripping slashes ever again :) Adam -- Nephtali: A simple, flexible, fast, and security-focused PHP framework http://nephtaliproject.com
Re: [PHP] Ways to attend usergroups meeting
Thanks for the link. I already been through the given link. But, it is filled with inactive and non-responsive groups. I was hoping to get in touch with an active one. Thanks, Vikash Kumar -- http://vika.sh On 21 December 2010 21:00, Daniel Brown danbr...@php.net wrote: On Tue, Dec 21, 2010 at 05:35, vikash.i...@gmail.com wrote: Hi, I want to know if there is a central repo of all the php usergroups and its activities. wiki.php.net page is empty on this topic. Anyone aware of a php group meetings in Mumbai, India? If not, how to go about starting it? http://links.parasane.net/nrmb The first result should be exactly what you want. -- /Daniel P. Brown Network Infrastructure Manager Documentation, Webmaster Teams http://www.php.net/
[PHP] Re: Session problem
I've fixed the problem. I don't know why, but suddenly windows prevents PHP from writing into C:\windows\temp directory. Moving the session and log files to another directory solved the problem. Until few days ago it worked. I've now to discovered what was changed in windows configuration. Walter Caielli walter.caie...@ars21.net ha scritto nel messaggio news:bd.40.31041.b7a60...@pb1.pair.com... I'm facing the following basic problem: I have made two simple sample files to explain it: 1st file: ?php session_start(); $_SESSION['SS_user'] = user000; echo $_SESSION['SS_user']; echo SID; echo br.session_id(); echo 'br /a href=home.phppage 1/a'; ? 2nd file ?php session_start(); echo file Homebr; echo session_name().'+'.session_id(); echo $_SESSION['SS_user']; ? $_SESSION seems to be empty. Nothing is print. Session Name and session ID are the same but it seems that $_SESSION is not shared across the two files. No HTML is made before sessioni_start(). Why? I'm using PHP 5.3.4 on IIS, windows XP SP3. Tested as localhost or from another PC inside a LAN. Many thanks Walter -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Ways to attend usergroups meeting
On Tue, Dec 21, 2010 at 11:07, vikash.i...@gmail.com wrote: Thanks for the link. I already been through the given link. But, it is filled with inactive and non-responsive groups. I was hoping to get in touch with an active one. We don't seem to have any user group events for Mumbai on the calendar, either. If you'd like to start your own group, start by speaking with some of your fellow PHP users and come up with a date, time, and place to meet. Your first meetings don't need any real content --- they can simply be mixers for folks to get together and discuss common interests. To get more folks interested, try using social sites like LinkedIn, Facebook, and Twitter, and don't forget to submit your meeting details at http://php.net/cal.php. After your second or third meeting, you should begin to know how your group will take shape. What format will future meetings follow? Will you have multiple presentations and departments each week, or will you simply have one topic of discussion and then allow folks to mingle and trade contact information? Will you have a two-hour meeting on the second Tuesday of every month, or a four-hour event every Saturday? Figure out what works best for your group and feel free to reach out via email to other user groups to get some tips on how they operate. -- /Daniel P. Brown Network Infrastructure Manager Documentation, Webmaster Teams http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with Include
If something is working and you don't know exactly whats under the hood then you are wasting your time in trying to re-invent your own wheel and waste your time and resources to modify something that isn't needed to be touched. Good programmers make good use of their time as well. We need to keep in check with new technology, learn new trends and also master our weakness. If we keep changing this or that or moving that or this then oh well...there goes 1 day worth of work to figure stuff out. Just my take on this. If you think different, then no problems. Regards, Ravi. On Tue, Dec 21, 2010 at 10:23 AM, Paul M Foster pa...@quillandmouse.comwrote: On Tue, Dec 21, 2010 at 02:35:33AM -0500, David Hutto wrote: On Tue, Dec 21, 2010 at 2:29 AM, Ravi Gehlot r...@ravigehlot.net wrote: Why mess with something that is already working? If you are trying to make it pretty then you are not solving a problem. You are creating one. Define working. I've had programs 'work', but more experienced would say it's flawed in some respect. Does it perform the immediate task? Now define pretty. Is it aesthetically pleasing to you, or to someone else with less, or maybe more experience. By defining the two above, you then define whether it's a problem. To you, or to them, or to the original designer? Beware of more experienced programmers. I recently talked to an ex-boss of mine who had a programmer flake out on him. One of his customers threatened to take this flaky code to another company and get their opinion about whether it was good code or not. My ex-boss explained that, of course, they'd shoot it down. Because that's what programmers do-- they complain about other programmers' code. I'd never heard that idea expressed aloud. But when I thought about it, I realized it was true. Hell, look at the content of this list. ;-} Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Common session for all subdomains?
Daniel, Good info. Ravi. On Tue, Dec 21, 2010 at 10:23 AM, Daniel Brown danbr...@php.net wrote: On Tue, Dec 21, 2010 at 02:27, Ravi Gehlot r...@ravigehlot.net wrote: That's a good question. There should be a setting on php.ini to allow cross session. Right. Because who needs to teach folks about computer security when we can just disable it for them anyway? Like Jonathan pointed out, it's a matter of adjusting the cookie parameters to match wildcard subdomains by preceding the part of the domain (usually the SLD, but some ccTLD or FQDN situations can be different) with a dot, like so:.example.com -- /Daniel P. Brown Network Infrastructure Manager Documentation, Webmaster Teams http://www.php.net/
Re: [PHP] Is there a simple way to enforce a private method in a subclass?
On Tue, Dec 21, 2010 at 8:36 AM, Richard Quadling rquadl...@gmail.comwrote: If I have an abstract class of Task and I want all subclasses of Task to have a private method _runTask, is there a way to enforce this? I cannot think of a reason to force a class to have a specifically-named *private* method. Since it's private, you cannot call it from outside the class--not from its superclasses nor any subclasses. Since it cannot be exposed in the class's API, there's no point in forcing a particular name. If you are using the Template Method pattern [1], make the method protected. This allows the superclass that declares the abstract method to call it and forces its subclasses to implement it given the name you decide. David [1] http://c2.com/cgi/wiki?TemplateMethodPattern
Re: [PHP] Re: Session problem
Walter, Session variables may be using cookies which in turn create temp files for storing such cookies. Ravi. On Tue, Dec 21, 2010 at 11:32 AM, Walter Caielli walter.caie...@ars21.netwrote: I've fixed the problem. I don't know why, but suddenly windows prevents PHP from writing into C:\windows\temp directory. Moving the session and log files to another directory solved the problem. Until few days ago it worked. I've now to discovered what was changed in windows configuration. Walter Caielli walter.caie...@ars21.net ha scritto nel messaggio news:bd.40.31041.b7a60...@pb1.pair.com... I'm facing the following basic problem: I have made two simple sample files to explain it: 1st file: ?php session_start(); $_SESSION['SS_user'] = user000; echo $_SESSION['SS_user']; echo SID; echo br.session_id(); echo 'br /a href=home.phppage 1/a'; ? 2nd file ?php session_start(); echo file Homebr; echo session_name().'+'.session_id(); echo $_SESSION['SS_user']; ? $_SESSION seems to be empty. Nothing is print. Session Name and session ID are the same but it seems that $_SESSION is not shared across the two files. No HTML is made before sessioni_start(). Why? I'm using PHP 5.3.4 on IIS, windows XP SP3. Tested as localhost or from another PC inside a LAN. Many thanks Walter -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with Include
(Apologies for top posting; on my mobile just now.) Not true. Refactoring code is one of the main tasks of a developer. None of us produce perfect code, and some code is less perfect than other code. It's instinct to want to fix bad code when we're maintaining it or having to add new features to it. For the same reason car enthusiasts tinker with and tune their cars, good developers will do the same with code, be it in the form of consolidating common code to include files or other ways. To not do so seems to me to avoid ones nature really! Thanks, Ash http://www.ashleysheridan.co.uk - Reply message - From: Ravi Gehlot r...@ravigehlot.net Date: Tue, Dec 21, 2010 18:12 Subject: [PHP] Problem with Include To: Paul M Foster pa...@quillandmouse.com Cc: php-general@lists.php.net If something is working and you don't know exactly whats under the hood then you are wasting your time in trying to re-invent your own wheel and waste your time and resources to modify something that isn't needed to be touched. Good programmers make good use of their time as well. We need to keep in check with new technology, learn new trends and also master our weakness. If we keep changing this or that or moving that or this then oh well...there goes 1 day worth of work to figure stuff out. Just my take on this. If you think different, then no problems. Regards, Ravi. On Tue, Dec 21, 2010 at 10:23 AM, Paul M Foster pa...@quillandmouse.comwrote: On Tue, Dec 21, 2010 at 02:35:33AM -0500, David Hutto wrote: On Tue, Dec 21, 2010 at 2:29 AM, Ravi Gehlot r...@ravigehlot.net wrote: Why mess with something that is already working? If you are trying to make it pretty then you are not solving a problem. You are creating one. Define working. I've had programs 'work', but more experienced would say it's flawed in some respect. Does it perform the immediate task? Now define pretty. Is it aesthetically pleasing to you, or to someone else with less, or maybe more experience. By defining the two above, you then define whether it's a problem. To you, or to them, or to the original designer? Beware of more experienced programmers. I recently talked to an ex-boss of mine who had a programmer flake out on him. One of his customers threatened to take this flaky code to another company and get their opinion about whether it was good code or not. My ex-boss explained that, of course, they'd shoot it down. Because that's what programmers do-- they complain about other programmers' code. I'd never heard that idea expressed aloud. But when I thought about it, I realized it was true. Hell, look at the content of this list. ;-} Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PDO Prepared Statements and stripslashes
On Tue, 21 Dec 2010 10:32:21 -0500 Adam Richardson simples...@gmail.com wrote: 1. Turn off magic_quotes_gpc if on, as its use has been deprecated. 2. Use prepared statements. 3. Don't worry about stripping slashes ever again :) Thank you for a very enlightening answer. I guess I misunderstood the PDO automatically quotes.. and the slashes part! :-) Adam -- Nephtali: A simple, flexible, fast, and security-focused PHP framework http://nephtaliproject.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with Include
Hello, Good points. If you are getting paid to do that then fine. There is a difference between enhancing code and wasting time. I do my best to come up with the best I can. I always take notes to perform better in upcoming projects. It is imperative to make good use of time. Unless it is a security issue, no need to waste time. Again, if you are getting paid for it then fine. People tune cars for a reason, they want the attention or the thrill. If you want to tune your code for fun then nobody is against that either :) Ravi. On Tue, Dec 21, 2010 at 1:28 PM, a...@ashleysheridan.co.uk a...@ashleysheridan.co.uk wrote: (Apologies for top posting; on my mobile just now.) Not true. Refactoring code is one of the main tasks of a developer. None of us produce perfect code, and some code is less perfect than other code. It's instinct to want to fix bad code when we're maintaining it or having to add new features to it. For the same reason car enthusiasts tinker with and tune their cars, good developers will do the same with code, be it in the form of consolidating common code to include files or other ways. To not do so seems to me to avoid ones nature really! Thanks, Ash http://www.ashleysheridan.co.uk - Reply message - From: Ravi Gehlot r...@ravigehlot.net Date: Tue, Dec 21, 2010 18:12 Subject: [PHP] Problem with Include To: Paul M Foster pa...@quillandmouse.com Cc: php-general@lists.php.net If something is working and you don't know exactly whats under the hood then you are wasting your time in trying to re-invent your own wheel and waste your time and resources to modify something that isn't needed to be touched. Good programmers make good use of their time as well. We need to keep in check with new technology, learn new trends and also master our weakness. If we keep changing this or that or moving that or this then oh well...there goes 1 day worth of work to figure stuff out. Just my take on this. If you think different, then no problems. Regards, Ravi. On Tue, Dec 21, 2010 at 10:23 AM, Paul M Foster pa...@quillandmouse.com wrote: On Tue, Dec 21, 2010 at 02:35:33AM -0500, David Hutto wrote: On Tue, Dec 21, 2010 at 2:29 AM, Ravi Gehlot r...@ravigehlot.net wrote: Why mess with something that is already working? If you are trying to make it pretty then you are not solving a problem. You are creating one. Define working. I've had programs 'work', but more experienced would say it's flawed in some respect. Does it perform the immediate task? Now define pretty. Is it aesthetically pleasing to you, or to someone else with less, or maybe more experience. By defining the two above, you then define whether it's a problem. To you, or to them, or to the original designer? Beware of more experienced programmers. I recently talked to an ex-boss of mine who had a programmer flake out on him. One of his customers threatened to take this flaky code to another company and get their opinion about whether it was good code or not. My ex-boss explained that, of course, they'd shoot it down. Because that's what programmers do-- they complain about other programmers' code. I'd never heard that idea expressed aloud. But when I thought about it, I realized it was true. Hell, look at the content of this list. ;-} Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with Include
On Tue, Dec 21, 2010 at 1:28 PM, a...@ashleysheridan.co.uk a...@ashleysheridan.co.uk wrote: (Apologies for top posting; on my mobile just now.) Not true. Refactoring code is one of the main tasks of a developer. None of us produce perfect code, and some code is less perfect than other code. It's instinct to want to fix bad code when we're maintaining it or having to add new features to it. For the same reason car enthusiasts tinker with and tune their cars, good developers will do the same with code, be it in the form of consolidating common code to include files or other ways. To not do so seems to me to avoid ones nature really! Thanks, Ash http://www.ashleysheridan.co.uk - Reply message - From: Ravi Gehlot r...@ravigehlot.net Date: Tue, Dec 21, 2010 18:12 Subject: [PHP] Problem with Include To: Paul M Foster pa...@quillandmouse.com Cc: php-general@lists.php.net If something is working and you don't know exactly whats under the hood then you are wasting your time in trying to re-invent your own wheel and waste your time and resources to modify something that isn't needed to be touched. Good programmers make good use of their time as well. We need to keep in check with new technology, learn new trends and also master our weakness. If we keep changing this or that or moving that or this then oh well...there goes 1 day worth of work to figure stuff out. Just my take on this. If you think different, then no problems. Regards, Ravi. On Tue, Dec 21, 2010 at 10:23 AM, Paul M Foster pa...@quillandmouse.comwrote: On Tue, Dec 21, 2010 at 02:35:33AM -0500, David Hutto wrote: On Tue, Dec 21, 2010 at 2:29 AM, Ravi Gehlot r...@ravigehlot.net wrote: Why mess with something that is already working? If you are trying to make it pretty then you are not solving a problem. You are creating one. Define working. I've had programs 'work', but more experienced would say it's flawed in some respect. Does it perform the immediate task? Now define pretty. Is it aesthetically pleasing to you, or to someone else with less, or maybe more experience. By defining the two above, you then define whether it's a problem. To you, or to them, or to the original designer? Beware of more experienced programmers. I recently talked to an ex-boss of mine who had a programmer flake out on him. One of his customers threatened to take this flaky code to another company and get their opinion about whether it was good code or not. My ex-boss explained that, of course, they'd shoot it down. Because that's what programmers do-- they complain about other programmers' code. I'd never heard that idea expressed aloud. But when I thought about it, I realized it was true. Hell, look at the content of this list. ;-} Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php +1 -- Bastien Cat, the other other white meat -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Is there a simple way to enforce a private method in a subclass?
Am 21.12.2010 17:36, schrieb Richard Quadling: Hi. If I have an abstract class of Task and I want all subclasses of Task to have a private method _runTask, is there a way to enforce this? Currently an abstract private function in an abstract class isn't allowed. Fatal error: Abstract function Task::_runTask() cannot be declared private in D:\PHP\Includes\Task.php on line 91 Now I'm pretty sure there are valid reasons for this, but, for me, the key part here is the abstract modifier. This should be read first and foremost and simply say that somewhere in the subclasses, this method must defined. And if it must be defined as private, then so be it. Richard. Hi Richard, okay you want to use an abstract class (not instantiable) with a private abstract method. I think this doesnt make sense. And i think, PHP does not allow this because the inheritance constraint will be failed (you can use only in the class itself). Regards Carlos -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Warning when calling session_start()
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Warning when calling session_start()
Hi, folks, good morning ! Since I'm a newbie with respect of sessions cookies I'm quite lost here getting always a warning when calling session_start(); I developed and tested some php code using a session to pass some values betwen different scripts on my local machine. All went O.K. But when I transferred the code to my provider's server where my website is hosted, I constantly get this warning when calling session_start(): Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /./sess.php:3) in /./sess.php on line 5 In line 5 is session_start(); I dotted-out the path prefices in this warning. Lines 1-5 of my script sess.php are as follows: 1 !-- PHP CODE - - 2 3 ?php 4 5 session_start (); In my browser (firefox) I've enabled cookies. There were some differences between my local machine and my provider's server in respect to session related PHP flags/variables. I adapted those by adding following lines in .htaccess on the webserver: php_flag session.bug_compat_42 off# Was On php_value session.bug_compat_42 off # Was On php_flag session.cookie_httponly on # Was off php_value session.cookie_httponly on # Was off php_flag session.use_only_cookies On # Was off php_value session.use_only_cookies On # Was off Can anybody give me some hints for resolving this issue and/or pointers where to dig further ?!? Thanks in advance ! Rolf -- Dipl.phys. Rudolf Otto Blättner, D 91074 Herzogenaurach, Germany. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Warning when calling session_start()
On Tue, Dec 21, 2010 at 9:27 PM, web...@blaettner.com wrote: Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /./sess.php:3) in /./sess.php on line 5 first - this is probably your culprit: don't output empty lines before you do anything (just a general good practice) also i'd turn on output buffering. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Warning when calling session_start()
Hi, folks, On Tue, 21 Dec 2010 21:35:17 -0800 [06:35:17 AM CET], Michael Shadle mike...@gmail.com wrote: first - this is probably your culprit: don't output empty lines before you do anything (just a general good practice) Whow! This did the trick ! Warning vanished when I changed beginning of script to: 1 ?php session_start (); 2 I wasn't aware that the HTML comment and the following empty line are in fact written to output. But that's clear now :-) So I suppose my local PHP setup supressed this warning or is more compliant ... also i'd turn on output buffering. Since it worked without warning at 1st try, I haven't changed output buffering (yet). Mike, many thanks for Your PROMPT and HELPFUL answer! Have a nice day! Rolf -- Dipl.phys. Rudolf Otto Blättner, D 91074 Herzogenaurach, Germany. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] goto - My comments
On 12/18/2010 9:17 PM, Ethan Rosenberg wrote: Dear List - Thanks to all for your EXCELLENT comments. I definitly agree that goto is a command to be avoided at all costs. In this case, I could not figure out how to acheive the desired result without the goto. So being a newbie, I humbly request that you show [and at the same time teach] me how to rewrite the code to eleiminate the goto. Additionally, would you please do the same for the code I list below. This code runs perfectly. == This is the form: form action=srchrhsptl2.php method=post centerSite: input type=text name=Site value=AA / Record Number: input type=text name=MedRec / First Name: input type=text name=Fname / Last Name: input type=text name=Lname /br /br / Phone: input type=text name=Phone / Height: input type=decimal name=Height //inputbr /br / Maleinput type=radio name=Sex value = 0/input Femaleinput type=radio name=Sex value = 1/inputbr /br /br / input type=submit /br /br / input type=reset value = Clear Form //center /form Not sure if you can change the values for the Sex field to 'Male' 'Female' respectively, but it would simplify the following example. Here is my rendition of how I would do it. ?php ... $query = select * from Intake3 where 1 ; $allowed_fields = array('Site', 'MedRe', 'Fname', 'Lname', 'Phone', 'Sex', 'Height'); # deal with the special case first # Normally you do not want to modify the _POST/_GET/_REQUEST array, but # in this case, it is used as an quick example of how to get the data # passed along. if you can change the field values to Male/Female you # could remove the following section and have just the foreach() loop. if ( ! empty($_POST['Sex']) ) { if ( $_POST['Sex'] === '1' ) $_POST['Sex'] = 'Female'; else $_POST['Sex'] = 'Male'; } # Now deal with the rest... foreach ( $allowed_fields AS $field ) { if ( ! empty( $_POST[$field] ) ) { $value = mysql_real_escape_string( $_POST[$field] ); $query .= AND `{$field}` = '{$value}' ; } } in the end, you will end up with a nicely formatted SQL query to execute. I would suggest cleaning up the output code some and use *_assoc() instead of the *_array() function call. It gives you back the array version of the output. This way instead of calling $row[0], $row[...] you would call $row['Fname'] or $row['Lname'] instead. Get rid of all those commented out sections and you will have a good script to play with. Let us know what comes of it... == THANK YOU EVER SO MUCH FOR YOUR HELP. Ethan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php