php-general Digest 26 May 2011 19:00:57 -0000 Issue 7329

2011-05-26 Thread php-general-digest-help 

php-general Digest 26 May 2011 19:00:57 - Issue 7329

Topics (messages 313153 through 313156):

Re: How can a UTF-8 string can be converted to an array of Bytes?
313153 by: Eric Butera

Re: simple question abt convert to integer
313154 by: Bálint Horváth
313155 by: Negin Nickparsa

PHP to Java integration using : shell_exec function
313156 by: Eli Orr (Office)

Administrivia:

To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net

To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net

To post to the list, e-mail:
php-gene...@lists.php.net


--
---BeginMessage---
On Wed, May 25, 2011 at 8:15 AM, Eli Orr (Office) eli@logodial.com wrote:
 Hi,

 Since a UTF-8 is a multi-bytes mechanism I get for 2 or 3 bytes  UTF-8
 encoded character a single character

 How can it be break into the REAL bytes array that represent the UTF-8
 string
  and how  can we reassembled the bytes array  back to UTF-8?

 --
 Best Regards,

 *Eli Orr*
 CTO  Founder
 *LogoDial Ltd.*

 __


You can use mb_substr [1] with a UTF-8 encoding to get the single characters.

http://us.php.net/mb_substr
---End Message---
---BeginMessage---
The problem is that if you set the post directly to the query it's available
to be an attach code in the field... (eg. DROP DATABASE;) it's called to
SQL injection...

what I mean on filtering:
always check the values in query eg.: $id = $_POST['id'];
if(is_numeric($id)){...}else{bad post}
and at other fields u can use eg. strstr() etc...

On Wed, May 25, 2011 at 4:38 PM, Negin Nickparsa nickpa...@gmail.comwrote:

 Tnx to all:D
 Paul you are absolutly right:D
 it was a bad mistake from me
 there was no need 2 convert it
 Balint helped me n with mysql_error i found that
 my code hasn't any mistake
 i just forgot the BIG thing!
 selecting db:D
 i totally forgot it because i had array keys with if statement n in there i
 selected it
 but in the last one of them i forgot 2 set the selection of DB
 Ashley what is OP? and filtering i didn't understand
 Andre why u r telling me
 Note: you *didn't* execute the query by calling mysql_query on it.
 if it doesn't execute the query then what's it doing?
 Reply
 Vitalli believe me that i tried it n i can send the string without  error i
 tried it:
 $query1=select * from patient where id=.$_POST['txt'];
 it works! after i found my error i tried it 2 n it was right!!!

---End Message---
---BeginMessage---
i got it tnx Balint
---End Message---
---BeginMessage---


Hi,

Please advise if the following is possible and how can pass parameters 
from the PHP to the Java application.


Thanks.

Here's my script draft:

?PHP
  ...
  
  $XML_toEnc = urlencode ($XML);

 // The XML_toEnc 
is a string and shall be urlencoded !
  $EncXML = shell_exec(/usr/bin/java/java -jar MyApp.jar -XML 
$XML_toEnc); == ??? How can I pass parameters like a large string of 
let say XML?


echo  $EncXML; // back to the MObile Client

// Receiving client shall:
//  urldecode the string


?


Eli Orr

---End Message---

[PHP] PHP to Java integration using : shell_exec function

2011-05-26 Thread Eli Orr (Office) 


Hi,

Please advise if the following is possible and how can pass parameters 
from the PHP to the Java application.


Thanks.

Here's my script draft:

?PHP
  ...
  
  $XML_toEnc = urlencode ($XML);

 // The XML_toEnc 
is a string and shall be urlencoded !
  $EncXML = shell_exec(/usr/bin/java/java -jar MyApp.jar -XML 
$XML_toEnc); == ??? How can I pass parameters like a large string of 
let say XML?


echo  $EncXML; // back to the MObile Client

// Receiving client shall:
//  urldecode the string


?


Eli Orr


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP to Java integration using : shell_exec function

2011-05-26 Thread Robert Williams 
On 2011-05-26 12:00, Eli Orr (Office) eli@logodial.com wrote:

   $EncXML = shell_exec(/usr/bin/java/java -jar MyApp.jar -XML
$XML_toEnc); == ??? How can I pass parameters like a large string of
let say XML?

You're missing the shell escaping. Try something like this:

$xml = 'greetinghello/greeting';
$xml_shell = escapeshellarg($xml);

$result = shell_exec(/usr/bin/java/java -jar MyApp.jar -XML $xml_shell);

See: http://us.php.net/manual/en/function.escapeshellarg.php

If you need to pass the value through standard input, you can pipe it out
of echo:

$result = shell_exec(/bin/echo -n $xml_shell | /usr/bin/java/java -jar
MyApp.jar -XML);

Regards,
Bob

--
Robert E. Williams, Jr.
Associate Vice President of Software Development
Newtek Businesss Services, Inc. -- The Small Business Authority
http://www.thesba.com/


Notice: This communication, including attachments, may contain information that 
is confidential. It constitutes non-public information intended to be conveyed 
only to the designated recipient(s). If the reader or recipient of this 
communication is not the intended recipient, an employee or agent of the 
intended recipient who is responsible for delivering it to the intended 
recipient, or if you believe that you have received this communication in 
error, please notify the sender immediately by return e-mail and promptly 
delete this e-mail, including attachments without reading or saving them in any 
manner. The unauthorized use, dissemination, distribution, or reproduction of 
this e-mail, including attachments, is prohibited and may be unlawful. If you 
have received this email in error, please notify us immediately by e-mail or 
telephone and delete the e-mail and the attachments (if any).

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Detecting HTTPS connections under Apache

2011-05-26 Thread Geoff Shang 

Hi,

Apologies if this is covered somewhere but I've searched fairly 
extensively and not found anything.


I'm working on an application which has a function for redirecting to a 
given URL.  This is generally used for redirecting after a form has been 
submitted.


Right now it sends an HTTP URL in the redirection, which means it can't 
work under a secure connection.


I'd like to be able to use it over HTTPS but don't want to force people to 
do this.   So ideally I'd like to be able to detect the protocol in use 
and send the appropriate protocol in the Location header.


The problem is that, at least on the system I'm working on, I can't see 
any way of detecting the protocol.  _SERVER[SERVER_SIGNATURE] and 
_SERVER[SERVER_ADDR] both give the port as 80, even if I specify port 
443 in the URL.  I've seen references to _SERVER[HTTPS] or something 
similar but it's not in the output I get from either print_r ($_SERVER) 
or phpinfo ().


I'm running PHP Version 5.3.3-7+squeeze1 on Apache/2.2.16 (Debian).  The 
machine is an x86-64 VPS running Debian Squeeze.


I have full access to the VPS, so if something needs tweeking in Apache 
(or anything else) then I can do this.


Thanks in advance,
Geoff.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Detecting HTTPS connections under Apache

2011-05-26 Thread admin 
The %{HTTPS} variable is not an Apache core variable. A more-portable
solution is to check %{SERVER_PORT} for port 80 or port 443 -- or for not
port 80 or not port 443. 

Also, you're requiring an *exact* match on not /user or not /admin,
meaning that directory and file paths below these directories will not be
matched -- They will always be redirected by the second rule. 

In addition, the URL-path in the Request_URI variable always starts with a
slash, and a RewriteCond should not be used to test the URL-path unless the
RewriteRule cannot be used to do this. 

Finally, since the rules are already scoped to http and https by their
locations within the vHost containers, checking %{HTTPS} or %{SERVER_PORT}
is probably not even necessary. 

Most likely, correcting the second problem will fix your code, and the other
inefficiencies can be removed as well: 

VirtualHost *:80 
RewriteRule ^/((user|admin)(/.*)?)$ https://example.com/$1 [R=301,L]
/VirtualHost

VirtualHost _default_:443
RewriteCond $1 !^(user|admin)(/.*)?$
RewriteRule ^/(.*)$ http://example.com/$1 [R=301,L]
/VirtualHost

[added] Alternative format for second rule -- I'm not sure, but it might be
faster: 
VirtualHost _default_:443
RewriteRule !^/(user|admin)(/.*)?$ http://example.com%{REQUEST_URI}
[R=301,L]
/VirtualHost

Richard L. Buskirk

-Original Message-
From: Geoff Shang [mailto:ge...@quitelikely.com] 
Sent: Thursday, May 26, 2011 3:38 PM
To: php-general@lists.php.net
Subject: [PHP] Detecting HTTPS connections under Apache

Hi,

Apologies if this is covered somewhere but I've searched fairly 
extensively and not found anything.

I'm working on an application which has a function for redirecting to a 
given URL.  This is generally used for redirecting after a form has been 
submitted.

Right now it sends an HTTP URL in the redirection, which means it can't 
work under a secure connection.

I'd like to be able to use it over HTTPS but don't want to force people to 
do this.   So ideally I'd like to be able to detect the protocol in use 
and send the appropriate protocol in the Location header.

The problem is that, at least on the system I'm working on, I can't see 
any way of detecting the protocol.  _SERVER[SERVER_SIGNATURE] and 
_SERVER[SERVER_ADDR] both give the port as 80, even if I specify port 
443 in the URL.  I've seen references to _SERVER[HTTPS] or something 
similar but it's not in the output I get from either print_r ($_SERVER) 
or phpinfo ().

I'm running PHP Version 5.3.3-7+squeeze1 on Apache/2.2.16 (Debian).  The 
machine is an x86-64 VPS running Debian Squeeze.

I have full access to the VPS, so if something needs tweeking in Apache 
(or anything else) then I can do this.

Thanks in advance,
Geoff.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Detecting HTTPS connections under Apache

2011-05-26 Thread Geoff Shang 

On Thu, 26 May 2011, ad...@buskirkgraphics.com wrote:


The %{HTTPS} variable is not an Apache core variable. A more-portable
solution is to check %{SERVER_PORT} for port 80 or port 443 -- or for not
port 80 or not port 443.


ah but this doesn't actually work for me, I get 80 regardless of whether I 
use HTTP or HTTPS, even if I use https://example.com:443



Also, you're requiring an *exact* match on not /user or not /admin,
meaning that directory and file paths below these directories will not be
matched -- They will always be redirected by the second rule.


{snip other rewrite stuff}

uh... I didn't say anything about matching URL patterns or the like.  I 
just want my application to do whatever is already being done.  And 
hard-coding URL paths is a bad idea because someone else might want to 
install the code under some other path.


I don't really want to use rewrite rules to achieve this.  If I did, every 
time my code redirects the browser, it will cause a rewrite from an HTTP 
URL to an HTTPS URL, which surely is inefficient.


Surely it should be simple enough for me to detect whichever is being used 
and continue to use it.  This makes my code separate from whatever the 
webmaster decides to do regarding being secure or not.


Geoff.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Detecting HTTPS connections under Apache

2011-05-26 Thread admin 

So when you echo $_SERVER['SERVER_PORT'];
You get port 80 even if the url currently is https://www.yoursite.com ?

If this is the case good luck. Because you have serious issues.


Richard L. Buskirk


-Original Message-
From: Geoff Shang [mailto:ge...@quitelikely.com] 
Sent: Thursday, May 26, 2011 5:29 PM
To: ad...@buskirkgraphics.com
Cc: php-general@lists.php.net
Subject: RE: [PHP] Detecting HTTPS connections under Apache

On Thu, 26 May 2011, ad...@buskirkgraphics.com wrote:

 The %{HTTPS} variable is not an Apache core variable. A more-portable
 solution is to check %{SERVER_PORT} for port 80 or port 443 -- or for not
 port 80 or not port 443.

ah but this doesn't actually work for me, I get 80 regardless of whether I 
use HTTP or HTTPS, even if I use https://example.com:443

 Also, you're requiring an *exact* match on not /user or not /admin,
 meaning that directory and file paths below these directories will not be
 matched -- They will always be redirected by the second rule.

{snip other rewrite stuff}

uh... I didn't say anything about matching URL patterns or the like.  I 
just want my application to do whatever is already being done.  And 
hard-coding URL paths is a bad idea because someone else might want to 
install the code under some other path.

I don't really want to use rewrite rules to achieve this.  If I did, every 
time my code redirects the browser, it will cause a rewrite from an HTTP 
URL to an HTTPS URL, which surely is inefficient.

Surely it should be simple enough for me to detect whichever is being used 
and continue to use it.  This makes my code separate from whatever the 
webmaster decides to do regarding being secure or not.

Geoff.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php