RE: [PHP] Help! Made a boo-boo encrypting credit cards
From: Brian Dunning My merchant provider levies monthly fines based on how many of their security restrictions you fail to follow. I follow as many as are reasonably practical, but I think it's virtually impossible to follow them all, such as absurdly expensive (and probably unnecessary) hardware. IMHO, some of the restrictions are based less on reality and more on their security consulting firm's ability to frighten them. Their consulting firm's disclosed commissions on the fines creates an inherent conflict of interest. Goofily, my provider's fine structure does not differentiate between transactions that are merely processed on my server with no storage, and transactions originating from a card number stored on my server. So I have to constantly weigh the monthly fines vs. the cost of the upgrades vs. the amount of money that my various services bring in. There is no perfect solution. Nevertheless, I'm very open to any suggestions people have for transactions requiring that I keep the card number (in this case, recurring monthly charges where the customers choose not to use PayPal etc. and where too many customers would flake or get frustrated if forced to re-enter their card info every month for an annoyingly small transaction). Sorry this is getting a little off-topic for PHP. Seems to me we have had similar discussions in the past, and not necessarily on Friday. First of all, you probably want to talk to your lawyer about the potential conflict of interest. That may need to be forwarded to a regulatory office or Attorney General for investigation. Second, do their rules conform to the OWASP recommendations and standard PCI guidelines? If they are deviating from those, or adding ridiculous requirements simply to squeeze a few extra pesos out of you, you might also want to ask your lawyer about them. Next, do they have a storage vault for credit card numbers that you can access. There shouldn't be any need for you to store them. We put numbers in our processor's vault and they give us a hash index to access them in the future. We use that for recurring charges and as a convenience so customers don't have to enter them every time they make a payment. And finally, even if they do follow the PCI regulations, you have to remember that the primary purpose of those regulations is to deflect liability from them to you when there is a problem. All they need to do is document one instance where you don't follow the rules and they are off the hook for damages. Guess where that puts you. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Check for open file
From: Ashley M. Kirchner Is there a clean or reliable way of checking to see if a file is still being written to before doing anything with it? Here's the scenario: we have a Samba share that we can copy files to (from within Windows or Macs). The server picks up the file and does some processing of said file. At the moment this is all a manual process: we copy a file into the Samba share, wait for that to finish then go to a web page (on the server) and tell it to process the file that was just copied into the Samba share. I'm trying to see if there is a way to automate this where a file, or multiple files, get copied into the share and the server picks them up and process automatically without needing any interaction. Can PHP detect this, or should I look into some delayed process of checking the file's modified time stamp versus current time and not touch the file till a certain threshold has been reached (say 30 seconds difference?). Write the file with a temporary name and extension. Once the file is closed, change the name to the pattern your server is looking for. Once you finish processing it, either change the name again, or move it to a different directory. Don't reuse the same file name, but add a numeric value which increases every time you create it. Keep a log of which files have been processed and any errors each one produced. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Quotes in Heredoc
From: Ashim Kapoor From Ashley Sheridan The quotes you mention are in the HTML, nothing to do with PHP. HTML will work without the quotes in most cases (unless there's a space in the value for the attribute) but the quotes are required in XHTML and will cause unexpected results. Can you elaborate on the XHTML part? Do you mean they are required in XHTML but optional in HTML ? Please keep your attribution levels straight. XHTML also requires all tags, attribute labels and values to be in lower case and values must be quoted. So your original content should be table cellpadding=0 cellspacing=0 border=0 align=center width=621 tr td rowspan=2img width=15 height=1 src=../images/spacer.gif/td You should install the HTML Validtor plug-in for Firefox and use it regularly to catch all of the errors you can. Some of this can also be replaced with style sheets. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Quotes in Heredoc
From: Colin Guthrie 'Twas brillig, and Bob McConnell at 28/02/11 13:23 did gyre and gimble: XHTML also requires all tags, attribute labels and values to be in lower case and values must be quoted. So your original content should be table cellpadding=0 cellspacing=0 border=0 align=center width=621 tr td rowspan=2img width=15 height=1 src=../images/spacer.gif/td Actually, in xhtml the img tag would need a corresponding /img tag, or it can be self closing: e.g. img width=15 height=1 src=../images/spacer.gif / (technically the space before the / bit above is not needed, but used to be needed to stop older versions of IE from exploding... these probably are not worth worrying about these days tho') Ooops, forgot that one. XHTML is XML compliant, so all tags must be closed properly. Also, you can't use the PHP short open tag, because it collides with a specific XML tag. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Turning off magic_quotes_gpc?
From: Michael Stroh
I'm maintaining various php scripts on a server that was originally
configured to have magic_quotes_gpc turned on. The installed php
version
is 5.2.6. I've read that magic_quotes_gpc is deprecated in 5.3 and
continuing to use it is highly discouraged. I've ran into a few
fields
that I believe this is causing issues with so I'm considering turning
it
off but am wondering what steps should I take to make sure that
nothing
breaks and what should I look out for? Also, is it still a good idea
to
turn off since this installation isn't yet at 5.3?
It's a good idea to turn it off as soon as possible. However, you need
to test your site to make sure it won't broke something first.
There is a way to undo the results of magic quotes. We have implemented
it on a number of sites so that we won't care when it gets turned off.
Early in the script we have the following code:
// If magic quotes is on, we want to remove slashes
if (get_magic_quotes_gpc()) {
// Magic quotes is on
$response = stripslashes($_GET[$key]);
}
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: First PHP site - thanks - euca_phpmysql function library
From: Al On 2/8/2011 4:58 PM, Donovan Brooke wrote: Hello, Just wanted to say thanks to those that helped me get through my first PHP project (over the last month). As is with much of the work we server-side language people do, the back-end (non-public) side of this site is perhaps the more interesting. Suggestion: Design for XHTML 1.1. It really doesn't require any significant additional effort and you'll already be current when it becomes the W3C standard. I like it because it forces me to create better, cleaner html code. You should also use the HTML Validator plug-in for Firefox to make sure you are producing valid XHTML. That makes it so much easier to find those invisible problems. I can't count how many times it has pointed right at a logic flaw in my code. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: First PHP site - thanks - euca_phpmysql function library
From: Peter Lind On 9 February 2011 14:57, Bob McConnell r...@cbord.com wrote: From: Al On 2/8/2011 4:58 PM, Donovan Brooke wrote: Hello, Just wanted to say thanks to those that helped me get through my first PHP project (over the last month). As is with much of the work we server-side language people do, the back-end (non-public) side of this site is perhaps the more interesting. Suggestion: Design for XHTML 1.1. It really doesn't require any significant additional effort and you'll already be current when it becomes the W3C standard. I like it because it forces me to create better, cleaner html code. You should also use the HTML Validator plug-in for Firefox to make sure you are producing valid XHTML. That makes it so much easier to find those invisible problems. I can't count how many times it has pointed right at a logic flaw in my code. Or go with the more likely candidate for a future html standard: html 5. Has the added benefit of easing you in to the new tags that will be used as standard in a few years but won't be in xhtml. I don't believe HTML 5 will ever be completed. Microsoft is working hard behind the scenes to block it unless it only allows their codec's behind the video and canvas tags. (Their efforts are very reminiscent of their sabotage of ISO with the OOXML specification.) From a recent announcement(*), it appears that even the committee has given up ever having a usable consensus, but will accept whatever the browser developers want to implement even if they are incompatible with other browsers. That's not a standard. Bob McConnell (*) http://blog.whatwg.org/html-is-the-new-html5 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Secure monetary transactions
From: Paul M Foster I'm certain people on this list have set up this type of system for customers. So I have some questions: 1) Does the usual online store software (osCommerce or whatever) include secure pages for acceptance of credit cards? I know they have the capability to pass this info securely off to places like authorize.net for processing. 2) Assuming a customer website, probably hosted in a shared hosting environment, with appropriate ecommerce store software, how does one deal with PCI compliance? I mean, the customer would have no control over the data center where the site is hosted. Moreover, they would probably have little control over the updating of insecure software, as demanded by PCI. They likely don't have the facilities to do the type of penetration testing PCI wants. So how could they (or how do you) deal with the potentially hundreds of questions the PCI questionnaire asks about all this stuff? How do you, as a programmer doing this for a customer, handle this? 1) No. 2) PCI compliance is neither simple nor cheap. If you have not done it before, hire a consultant that has and have them train you. You will also need annual refresher courses and a good auditor to validate your site every month. You will need to change data centers, as you need one that is PCI compliant for the pages that will handle protected information. There are requirements for physical security of those servers as well as the software that runs on them. You also have a choice of maintaining your own servers or finding a managed hosting service that will maintain them for you. One of the requirements is that you must maintain separate servers for development and testing. You also need to establish a formal development, test and deployment process. The developers are not allowed to have any access to the production servers. We have four sets, development, QA test, User Acceptance Test and production. The latter two are exposed to the Internet, while the first two are internal only. We have several sites that are now PCI compliant. It took us eight months after the decision to get the first one online and certified. Most of that was training and waiting for the audits and certification, as we nearly passed the initial validation on the first try. But we had to change hosting providers twice to find one that we were comfortable with. After that is all said and done, keep in mind that the primary purpose of the PCI requirements is to mitigate the financial liability of the credit card issuers. If anything goes wrong at your end that exposes privileged data, you will be financially responsible for the damages. So make sure you go above and beyond those requirements to protect yourself. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] public static or static public?
From: Richard Quadling
On 28 January 2011 17:15, Colin Guthrie gm...@colin.guthr.ie wrote:
OK, so it's a Friday hence a random debate
What is preferred for class methods?
class foo
{
static public function bar(){}
public static function wibble(){}
}
??
All methods are valid, but are some more valid than others? :p
Checking ZF:
[colin@jimmy Zend (working)]$ cgrep public static function . |wc -l
755
[colin@jimmy Zend (working)]$ cgrep static public function . |wc -l
60
It's clear which is preferred there, but still not absolutely consistent
(I didn't bother checking differently scoped methods).
I personally prefer scope first then static, but others may have valid
reasons/arguments for preferring the other way.
WDYT?
Arrange these 3 words in the correct linguistic.
shirt, large, green.
Hopefully, all native English speakers will say
large green shirt.
We just do.
I wonder if the same is true for ...
final public static function
I've just done a quick scan of all my methods ...
5 abstract protected function
2 abstract public function
2 final protected function
11final public function
1 final public static function
1 final static public function
2 private final function
12private function
8 private static function
120 protected function
5 public final function
125 public function
11public static function
3 static function
4 static private function
7 static protected function
16static public function
This is code that is 6 years old. As you can see I'm completely inconsistent.
If there was some evidence that one order is preferable to another -
pretty much ANY metric would do - then I'd probably adopt it.
But I don't know if it makes ANY difference.
OOI. I did the same analysis for Zend Framework (not the most recent,
but a good a representative analysis as any I suppose).
1 abstract function
40abstract protected function
153 abstract public function
1 final private function
1 final protected function
9 final public function
2 final public static function
150 private function
37private static function
1 protected abstract function
1507 protected function
63protected static function
5 public abstract function
2 public final function
11956 public function
701 public static function
1 static function
1 static private function
10static protected function
60static public function
So, as mixed up as my own.
But it is good to know that at least the attributes are commutative. I was
never sure about that.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Cross-platform IDE
From: Andy McKenzie Hopefully this is enough on-topic not to annoy anyone. Up until now I've mostly written small one-off scripts -- a web page that needs a few things dynamically generated, a shell script to do a small job, things like that -- and vim has been more than adequate. I'm currently working on something a lot more complex -- a web based front-end for a medium sized custom database -- and I'm finding that my code is getting more and more scattered because I don't have a good tool for looking at it. So: does anyone have a recommendation for an IDE that works in Windows, Mac, and Linux? I spend roughly equal time in all three, and I haven't found a tool I like yet that works in all of them. Actually, I stopped looking three or four years ago, but at that point there didn't seem to be anything. If anyone has any advice, I'd love to hear it! Netbeans http://netbeans.org/index.html. Make sure you get the package with the PHP plug-ins. There are a variety of different sets available. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Stripslashes
From: Ravi Gehlot
What are these magic quotes anyways?. What are they used for?
escaping?
I wasn't there at the time, but I gather that the general idea was to
automagically insert escape characters into data submitted from a form.
However, they used a backslash as the escape character, which is not
universally recognized across database engines. Even the SQL standard
defines an escape as a single quote character.
We used to have magic quotes enabled, and came up with the following
code to clean up the mess it caused.
// If magic quotes is on, we want to remove slashes
if (get_magic_quotes_gpc()) {
// Magic quotes is on
$response = stripslashes($_POST[$key]);
} else {
$response = $_POST[$key];
}
For future releases of PHP, this will also need a check to see if
get_magic_quotes_gpc() exists first.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Under which distribution(s) is PHP developed, compiled, and tested?
From: Dan Schaefer Background (some of these facts may be well-known, and for that I apologize): I'm running CentOS 5.5 on all servers, which only supports PHP 5.1.6 CentOS 5.5 is based off RHEL 5.5 Redhat has released RHEL 6 which supports PHP 5.3 CentOS has not released even a beta 6 version yet that supports PHP 5.2+ I was having a discussion with my bosses about what PHP release we are running on our systems. We have a few applications and packages that require and/or will work better with PHP 5.2+. I understand that no matter what Linux distribution I have, I can always download the source, compile, and install manually. My question is, when The PHP Group develops, compiles, and tests PHP for a release, what distribution(s) and versions do they use? And of those, which distribution is the most commonly used throughout the development team? What Internet references are there, if any, that show the major and/or minor Linux distributions that support which version of PHP? This issue has been discusses a few times, but it might be hard to figure out search terms to find those threads. First of all, I believe that while the official build still says it is PHP 5.1.6, many of the patches have actually been back ported. So security wise, it should be up to date. Of course that does not help you with the new features. Our experience has been that we have to compile PHP for our production servers. This is a result of several factors. One, we lease space on managed servers, where the owners only promise to keep up with the official releases and patches. Second, we are subject to a monthly PCI (Payment Card Industry) audit, which gives us 30 days after a security patch is released before it must be installed on our servers. But the auditors don't recognize the back-ports. They need to see the newest version numbers. The end result is that we compile PHP 5.2.xx and install it on each server in our leased farm every time there is a patch. The hosting provider has blocked updates for the official builds from the CentOS repositories. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] A general discussion of libraries and frameworks
From: Adam Richardson As one point of curiosity, I'm wondering when a function or group of functions is, in your eyes, deemed a library. I tend to use the pornography approach to identifying a library (I know it when I see it), but I'm sure there's a more formal analysis. For some, maybe it's as simple as The developer calls this a library. :) As soon as you bundle a set of functions into a separate package that can be shared between projects, developers or teams, you have a library. I believe this is true even if there is only a single function in the bundle. Some libraries are quite extensive, and may even include a complete framework. But the distinction is the bundling that makes them independent of any specific project. I'm also curious if some of the custom libraries people have built fall into the category of framework using the definitions above. C'mon, you can 'fess up, there aren't that many people listening :) Yes, I would accept that some frameworks are distributed as libraries. The distinction is where do you start? A library of functions can be added to your application as you go along. But a framework pretty much has to be the starting point for a project. When you use Drupal, you start by setting up a Drupal server. Then you add your own pages or maybe a custom module. The same goes for most of the other frameworks. You start with the framework and develop your application within it. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] LDAP, Active Directory, and permissions
From: Chris Knipe I've found various sources and are successfully manipulating Active Directory from PHP on our Domain Controller - frankly, things works much better than I expected :) I have now reached the point where I need to set permissions on objects in Active Directory, i.e. to restrict read permissions to certain OUs and objects within the directory (mainly related to Exchange stuff). Is there anything in PHP which can be used to set permissions on AD objects? I haven't found any reference to doing this anywhere, so I thought I'd give it a chance here... If not, then I suppose I'll have to code some ..NET application to act as a gateway between the PHP interface and Active Directory, but naturally I would like to do as much as possible from within PHP itself. I don't know about your IT group, but around here and at any of our clients, they will never allow anyone outside their office modify access rights, or add users. It takes a written request by a manager or above to get them to make any changes, and each request must include the reasons for the change. No we cannot use the master LDAP server for testing. We have a couple of OpenLDAP servers isolated on our test networks for that. But even those have to be managed directly. No application is allowed to do more than retrieve data. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP shows nothing
From: Mohammad Taghi Khalifeh
On Tue, Nov 30, 2010 at 10:38 PM, Bob McConnell r...@cbord.com wrote:
From: Mohammad Taghi Khalifeh
Hi there,
I have a package written in pure PHP, some .php files that refer to
others
via require_once(''),
but when I try to see package's contents via a browser, the pacakge
just
shows nothing: a blank page.
I've activated all log levels, and it seems that php doesn't
encounter
any
problem.
I'm using PHP 5.3.3 and apache httpd 2.2.
FYI, I'm new to PHP and this mailing list :)
I would appreciate if someone could help me.
One of the irregularities about require_once is that if there is a
syntax error anywhere in the chain, the interpreter simply exits
without
emitting anything. If you have display errors turned off, you get
nothing at all. There may be clues in the Apache error log, but don't
depend on it. To debug, enable errors temporarily, or print some
bread
crumbs at the start of each file. That should at least help identify
how
far you get before it fails.
the files are so many, so I think tracking problem by printing some
bread crumbs at the start of each file is not easy,
something that might help is that I've turned on magic_quotes_gpc
because
of the package developer's suggestion.
but I got this warning in both php log:
PHP Warning: Directive 'magic_quotes_gpc' is deprecated in PHP 5.3
and
greater in Unknown on line 0
is this warning mean that 'magic_quotes_gpc' will not work properly?
so
whats the alternative?
No, As long as it is just a warning it still works correctly, The
message simply points out that magic quotes was a terrible idea and they
are finally going to remove it from the language. You should never have
to use it.
You will probably have to selectively add breadcrumbs to isolate which
file or files are causing your problem. Even if you put them in every
fourth file, you at least get some idea where to start digging.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Template engines
From: Daniel P. Brown On Thu, Nov 11, 2010 at 08:51, Robert Cummings rob...@interjinn.com wrote: Yeah, that and some Gateway with a Common Interface. So any language that could pre-process pre-hypertext would either have the unique ability to foresee the future, the mundane ability to pre-process plain text (or request headers or anything prior to the data being classified as hypertext), or the disconcerting ability to modify reality as we know it. And why bother to do that when you could just %= go elsewhere. %? ;-P One of the items at the top of our wish list for over two decades has been a pre-causal response generator. Processing time for transactions on point of sale systems has always been an issue for us, so we wanted to have the response message ready before the transaction arrived. The next item on that list is a neural interface specifically designed for developers. Unfortunately, neither of those technologies has materialized. (It's felt like Friday all day.) It still feels like Monday here. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Array problem
From: Richard Quadling On 27 October 2010 22:15, Kevin Kinsey k...@daleco.biz wrote: Marc Guay wrote: As Nicholas pointed out, the extra underscore in the key is the issue. That's way too easy a fix. I think he should check to make sure his version of PHP was compiled with the right extensions and that the browser isn't doing something unpredictably bizarre when submitting the form. Just checked the card file, today's cause is: Sunspots. I always believed that cosmic radiation was the cause. I'll second the cosmic radiation. We are currently in the low activity portion of the 11 year sunspot cycle[1], and predictions of the next high are lower than most cycles recorded over the past century[2]. So that one is not an easy sell right now. Bob McConnell [1] http://www.windows2universe.org/sun/activity/sunspot_cycle.html [2] http://solarscience.msfc.nasa.gov/predict.shtml -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Check for existence of mail address
From: TR Shaw On Oct 25, 2010, at 6:46 PM, Daniel P. Brown wrote: On Mon, Oct 25, 2010 at 18:38, web...@blaettner.com wrote: Is there any other function which checks whether this address really exists? Of course not! Can you imagine the implications, insecurities, and privacy concerns that would be associated with that? Some mailservers will confirm or deny if a local address exists, but not most --- thankfully. Not true or else you would never get mail. Of course it's true. Most servers will accept any email sent to a valid domain name, then silently discard all messages that don't have valid user names, expecting that set to be mostly SPAM. This created a new problem where the legitimate senders no longer know when their mail didn't get delivered due to a typo in the address. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Formatting an ECHO statement.
From: Cris S Someone needs to hire me now, to keep me busy and stop me from taking this issue apart one piece at a time. Kee-rist. That's not likely to happen soon. You have demonstrated here that you are immature and have very little self-control or self-respect. There is no way you would be hired for any shop that I have ever worked in. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] searching for application like Google Doc
From: ?? Is there any application like Google Doc(here I mean the spreadsheet). What is your conception of like? Have you looked at OpenOffice? Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] [IDEA] date_moonrise, date_moonset, and date_moon_info for calculating moonrise and moonset
From: Steve Staples On Fri, 2010-10-08 at 13:33 -0400, Daniel Brown wrote: On Fri, Oct 8, 2010 at 13:29, ELY M. s...@mboca.com wrote: I did a search thru all places on php.net for moonrise and moonset functions or any comments about moonrise and moonset. I can not find anything about moonrise and moonset. I am not sure where to submit my ideas. I would like to suggest to php developers to add in the moonrise and moonset functions. I think the moonrise and moonset functions should be added in php. date_moonrise date_moonset date_moon_info those functions would be great to have in future version of php. Do it as a feature request at http://bugs.php.net/ and we'll look into it. In related matters, I just approved a user note with a code snippet example for sunrise and sunset. In his defense, he was talking abut moonrise, and moonset... in some cases, the moon is up during the middle of the day... this originally started out a joke reply... but then after thinking about what to say, I realized that the moonrise/set does not follow the sun... crap, i hate my brain... LOL on a side note, where would you even get this info? is there a set formula for sunrise/set? It would also require both latitude and longitude input parameters. Rough guess in temperate zones is that for each 250 miles you move west, it delays the event by 15 minutes. But when you get within 22 degrees of a pole, the event may not occur for days, or weeks, or ... Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] What other languages do you use?
From: Nathan Rixham As per the subject, not what other languages have you used, but what other languages do you currently use? I guess it may also be interesting to know if: (1) there's any particular reason for you using a different language (other than work/day-job/client requires it) (2) about to jump in to another language C, Perl and Java. Been programming embedded devices and credit card terminals in C (and ASM) for about three decades. Still have to maintain that code. (We are supporting some devices that went out of production in 1992.) Have dabbled in Perl for about half of that time. Started out doing Perl-CGI for a web site. It's useful for generating test data to emulate random events, test drivers for communications protocols and to control test systems. I'm still learning both PHP and Java. I know just enough of each to be very dangerous. I'm most comfortable in C, so I lean towards that for casual projects at home. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] which one is faster
From: Steve Staples
On Tue, 2010-10-05 at 20:53 +0100, Ashley Sheridan wrote:
On Tue, 2010-10-05 at 15:46 -0400, Steve Staples wrote:
On Tue, 2010-10-05 at 20:35 +0100, Ashley Sheridan wrote:
On Tue, 2010-10-05 at 15:28 -0400, chris h wrote:
Benchmark and find out! :)
What are you using this for? Unless you are doing something
crazy it
probably doesn't matter, and you should pick whichever you feel
looks nicer
/ is easier to code in / etc.
Chris H.
On Tue, Oct 5, 2010 at 3:23 PM, saeed ahmed
saeed@gmail.com wrote:
$a = 'hey';
$b = 'done';
$c = $a.$b;
$c = $a$b;
which one is faster for echo $c.
As far as I'm aware, the first of the two will be faster, but
only just.
As Saeed mentioned, the difference will be negligible, and unless
you
plan to run a line like that in a loop or something hundreds of
thousands of times, you probably won't notice any difference.
Thanks,
Ash
http://www.ashleysheridan.co.uk
to be proper, shouldn't it technically be
$c = {$a}{$b};
It doesn't have to use the braces. The braces only tell PHP exactly
where to stop parsing the current variable name. The following
examples
wouldn't work without them:
$var = 'hello ';
$arr = array('msg 1'='hello','msg 2'='world');
echo {$var}world;
echo {$arr['msg 1']}{$arr['msg 2']};
Without the braces, in the first example PHP would look for a
variable
called $varworld, and in the second it would be looking for a simple
scaler called $arr, not the array value you wanted.
Ash:
I understand what the {} does, but just like in HTML, it is more
proper
to use lower case for the attributes/elements, and use (double
quotes)
when wrapping the attributes... but is it not REQUIRED to write it
in
that manner... just like it is not required to wrap the variables in
{}
when inside the ...
that's just me, I tend to try and do that every time...
XHTML requires both lower case and double quotes. So if that may be in
your future, you should be using both already.
I don't know about HTML 5. Since that spec is still years away from
completion and hasn't added anything we can make use of, we haven't even
bothered to look at it.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Friday's Post
From: Gary tedd wrote: What do you people think of the .NET framework? It's a framework, like any other framework - can make your life easier, can make your life harder by forcing you to take the path determined as TOTP by its designers. That's The One True Path, not Top Of The Pops. The installer and the license limit its use to just a subset of a single platform. The attempts at producing clones on other platforms are clouded by license and patent restrictions, and will perpetually be at least one release behind the MS-Windows version. In reality, .Net is a poor clone of the Java runtime environment, while C# is a poor clone of the Java language. They were created after the courts told Microsoft the Sun license did not allow them to subvert the Java API to build applications that would only run on their OS. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Copying an Object
From: David Hutto On Fri, Sep 24, 2010 at 4:09 AM, Gary php-gene...@garydjones.name wrote: Daniel Kolbo wrote: Say you have two classes: human and male. Further, say male extends human. Let's say you have a human object. Then later you want to make that human object a male object. This seems to be a pretty reasonable thing to request of our objects. I don't think any human can change gender without major surgery, but I don't know if you just chose your example badly or whether you really think objects should be able to mutate into other types of object without some kind of special treatment. But it would work in something like makehuman, where you start with a neuter form and scale one way or the other for physical features. If I remember correctly, we're' all xx until you become xy(genetically speaking). This is one of the details that really bothers me about OOP. It makes it impossible to implement some very reasonable scenarios. 80% of the time, when a patron is added to a system, we don't know which gender they are. More than 50% of the time, we will never know, since the client doesn't keep track of it. But the rest of them will be assigned sometime after they were added. i.e. the gender assignment comes from a secondary source that is not available at the time the patron is entered. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Copying an Object
From: Peter Lind On 24 September 2010 14:22, Bob McConnell r...@cbord.com wrote: From: David Hutto On Fri, Sep 24, 2010 at 4:09 AM, Gary php-gene...@garydjones.name wrote: Daniel Kolbo wrote: Say you have two classes: human and male. Further, say male extends human. Let's say you have a human object. Then later you want to make that human object a male object. This seems to be a pretty reasonable thing to request of our objects. I don't think any human can change gender without major surgery, but I don't know if you just chose your example badly or whether you really think objects should be able to mutate into other types of object without some kind of special treatment. But it would work in something like makehuman, where you start with a neuter form and scale one way or the other for physical features. If I remember correctly, we're' all xx until you become xy(genetically speaking). This is one of the details that really bothers me about OOP. It makes it impossible to implement some very reasonable scenarios. 80% of the time, when a patron is added to a system, we don't know which gender they are. More than 50% of the time, we will never know, since the client doesn't keep track of it. But the rest of them will be assigned sometime after they were added. i.e. the gender assignment comes from a secondary source that is not available at the time the patron is entered. If you can't handle that, it's not the fault of OOP but your lack of programming skills in OOP I'd say (and I mean no disrespect there, I'm just pretty sure your scenario can be handled very easily in OOP). And no, I have no urge to defend OOP in PHP, I just see this entire thread as a complete non-starter: if the language doesn't let you do something in a particular way, how about you stop, take a breather, then ask if perhaps there's a better way in the language to do what you want done? That would normally be a much more productive and intelligent response than either a) pressing on in the face of failure or b) complaining about your specific needs and how the language fails to meet them. I have no problem with that idea. My first reaction would be to return to a procedural format and forget about objects altogether. I have been struggling with them for more than ten years now, and still don't understand the intent or purpose behind them. They simply appear to be a lot of unnecessary overhead with no real advantages in return. Even multi-tasking was a lot easier to figure out. Unfortunately, I keep getting stuck working with other people's applications that are already cast in objects. It makes me wish I could take early retirement this winter. Sorry for the rant. I'll go hide in the corner and be quiet for a while. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Copying an Object
From: chris h On Fri, Sep 24, 2010 at 8:35 AM, Peter Lind peter.e.l...@gmail.com wrote: On 24 September 2010 14:22, Bob McConnell r...@cbord.com wrote: From: David Hutto On Fri, Sep 24, 2010 at 4:09 AM, Gary php-gene...@garydjones.name wrote: Daniel Kolbo wrote: Say you have two classes: human and male. Further, say male extends human. Let's say you have a human object. Then later you want to make that human object a male object. This seems to be a pretty reasonable thing to request of our objects. I don't think any human can change gender without major surgery, but I don't know if you just chose your example badly or whether you really think objects should be able to mutate into other types of object without some kind of special treatment. But it would work in something like makehuman, where you start with a neuter form and scale one way or the other for physical features. If I remember correctly, we're' all xx until you become xy(genetically speaking). This is one of the details that really bothers me about OOP. It makes it impossible to implement some very reasonable scenarios. 80% of the time, when a patron is added to a system, we don't know which gender they are. More than 50% of the time, we will never know, since the client doesn't keep track of it. But the rest of them will be assigned sometime after they were added. i.e. the gender assignment comes from a secondary source that is not available at the time the patron is entered. If you can't handle that, it's not the fault of OOP but your lack of programming skills in OOP I'd say (and I mean no disrespect there, I'm just pretty sure your scenario can be handled very easily in OOP). And no, I have no urge to defend OOP in PHP, I just see this entire thread as a complete non-starter: if the language doesn't let you do something in a particular way, how about you stop, take a breather, then ask if perhaps there's a better way in the language to do what you want done? That would normally be a much more productive and intelligent response than either a) pressing on in the face of failure or b) complaining about your specific needs and how the language fails to meet them. I think pages 17-19 of the GoF covers exactly this: Object composition is an alternative to inheritance. ... Any [composed] object can be replaced at run-time by another as long as it has the same type. I would look into object composition or just read the GoF. GoF? Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] if/elseif being treated as if/if
From: tedd
At 1:50 PM -0400 9/24/10, Andy McKenzie wrote:
Hey folks,
Here's the deal. I have the following code:
if($col_vals[$i][$val['column']] == $search_result[0][$col])
{ echo ' selected=selected'; }
elseif($val['default'] == $col_vals[$i][$val['column']])
{ echo ' selected=selected'; }
It's supposed to check whether there's a value in the db
($search_result[0][$col]) that matches the current column value, and
if not, check whether the default matches it. It does that, sort of.
In fact, both statements trigger, which I would have said wasn't
possible.
So the question is: what causes both parts of an if/elseif
statement to trigger? As far as I can see my punctuation is correct,
and I've confirmed through debugging statements that all the values
are what I expect, so how do I make the elseif stop acting like
another if? Or, alternatively, have I just misunderstood all this
time what the if/elseif statement does?
Alex:
I am not in the majority when I say for conditions where you have
more than two options use a switch control and not an elseif.
In 40+ years of programming, I have never used elseif because the
control confuses me. It is *much* easier for me to use, understand,
and document a switch statement than an elseif.
Your mileage may vary.
A switch works when a single test can dispatch all possible branches. If
you have a series of tests where each looks for a different subset of
conditions, you need an elseif.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Database Administration
From: tedd At 2:36 PM -0400 9/24/10, Bastien Koert wrote: On Fri, Sep 24, 2010 at 2:26 PM, tedd tedd.sperl...@gmail.com wrote: At 2:09 PM -0400 9/24/10, Bastien Koert wrote: @tedd, He wants not techie users to create new systems for their clients when they sign up. It involves creating a DB and he's wondering about security for that. The main part of the app needs the least priv's to run (select, update, insert [,delete]) while the creating the DB obviously takes more. The OP was asking how to best handle that since the he didn't want to give the main app DB user account more privs than needed. Okay, what does creating new systems for their clients mean? What I want to know is specifically what these non-techie users intend to do? Please don't answer that they want to set up accounts for their clients because that is meaningless to me. That could mean anything. So, what specifically are these non-techie users going to do? Create a DB schema, create and populate tables. Creating a DB schema is not for non-techies -- you really need to know what you are doing to do this. But we all live with what we create. I suspect he actually means create a new table using a predefined schema. But unfortunately, he doesn't appear to know enough about the problem to be able to explain it. He is either in way over his depth, or hasn't done a very good job of defining his requirements. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] if/elseif being treated as if/if
From: tedd
At 2:23 PM -0400 9/24/10, Bob McConnell wrote:
A switch works when a single test can dispatch all possible branches.
If
you have a series of tests where each looks for a different subset of
conditions, you need an elseif.
Not so, O'wise one.
This will work:
switch(1)
{
case $a $b:
/* whatever
break;
case $c == 1:
/* whatever
break;
case $d == 'this works':
/* whatever
break;
}
Granted, it's not the normal way a switch works in some other
languages, but it does work in PHP. :-)
That is just so wrong, it can't actually be taken seriously. There is
simply no justification for such broken logic.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Auto-generating HTML
From: Andy McKenzie I think the main thing I'm seeing is that there isn't a single, accepted, simple way to do this: no matter what I do, it will be a workaround of some type. Either I'm adding complexity (a function to convert everything), or I'm adding lines (heredoc/nowdoc seem to require that the opening and closing tags be on lines without any of the string on them), or I'm adding typing (adding ' . \n' to the end of every line of HTML). Perhaps I'll put some effort into building a function to do it, but not this week... I think for now I'll keep appending those newlines, and just have more code to fix at a later date. It's reasonably clean, it's just mildly annoying. It should be relatively easy to do a search and replace on the double tag locations and insert the newlines. Using tr(1) to replace all pairs with \n might be an improvement. Would it be easier to remove the extras, or to insert all of them in the first place? Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] 1984 (Big Brother)
From: tedd At 9:10 AM -0400 9/13/10, Steve Staples wrote: here's a silly idea... put the database on his computer (or the entire app). that way, when he's *there* he is logged in. if the computer is off, he's not there, the app wont work (and the database). Silly or not, that *would* work. Now I have to figure out how to do that. This may be the only way to do it, but it shouldn't be too hard to figure out. If he turns off the computer every time he leaves his desk, it can be installed anywhere, even as a service. But if he leaves the computer on, it has to be on his desktop, probably with an entry in his Start directory to start it when he logs in. But he has to actually log out of the desktop to block access, not just leave it in the screen saver. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] 1984 (Big Brother)
From: tedd At 11:55 PM -0400 9/12/10, Paul M Foster wrote: I hate to seem flippant, but here would be my conversation with this customer: Customer: My employees got access to the database while I was gone yesterday! Consultant: Well, let's see. Oh, it appears you didn't properly log out. Customer: Yes, but I was *gone*. They weren't supposed to be able to access the database unless I'm *here*. Consultant: The only way we know that is if you log in and log out properly. Now, if you like, we can put a nanny-cam in your office, and whenever you're not there (like in the bathroom), the whole thing shuts down. That will cost $x. Your choice. We've been working on the mind-reading extension to PHP, but it's not finished yet. Customer: Thanks for your opinion. We'll be in touch. Customer to his secretary: Let's find someone who knows how to do this. Anybody that tells him it can be done is lying through their teeth and will just be stealing his money. He probably deserves what he gets in this case. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] newbie question about code
Did you mean to say That is a method call.?
Bob McConnell
-
From: Joshua Kehn
That is a function call. In Java:
class Code
{
public static void function do_command(){ }
}
Code.do_command();
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
On Sep 10, 2010, at 2:27 PM, Adam Williams wrote:
I'm looking at someone's code to learn and I'm relatively new to
programming. In the code I see commands like:
$code-do_command();
I'm not really sure what that means. How would that look in
procedural style programming? do_command($code); or something else?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Broken pipes, time outs, PHP, and mail
From: Dave M G There is one other possibility. According to the RFCs, the standard line ending for email is CRLF. Make sure your system is sending both characters after each line. There is a slim chance the server is cutting you off after some number of bytes if you are only sending a LF. This is actually a possiblity. I think I might be only using LF. Some of the text being sent in the emails is entered via a form on a web page. Is it possible to enforce CRLF on that text? You would have to scan the text when you process the form and replace any bare LF you find with CRLF. The string sequence for that would be \r\n. It shouldn't be too difficult to come up with a regular expression to find any LF not preceded by a CR and replace it. Also, check your mail library to make sure it defines $EOL correctly as well. I reported that as a bug in PHPMailer a while back. If it is correct, it may actually fix the bare LF's for you. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Broken pipes, time outs, PHP, and mail
From: Dave M G I have a set of scripts that sends out emails to a list of about 150 people. Sometimes it works fine. Other times, it dies part way through the list, and in my error logs I get this output: fputs() [a href='function.fputs'function.fputs/a]: send of 22 bytes failed with errno=32 Broken pipe /public_html/class.smtp.php 489 The code that sends the mail is derived from here: http://www.phpclasses.org/browse/file/920.html It's mostly rock solid code, so far as I know, so I suspect the problem to more with my server settings or something. That said, I don't know what differentiates a failed mailing and a successful one. After a Google search, it seems broken pipes are a matter of time outs. That's about as far as I understand it, though. Can anyone throw me a tip as to how I might diagnose this problem? Broken pipe is a euphemism for Network error. There are any number of causes including the remote server closing the socket, a switch or hub between here and there is bogged down by backup traffic, or a segment your connection passes through became too busy with higher priority video traffic. The actual details are difficult to determine and none of the administrators involved will ever admit they had a problem. In most cases the TCP/IP error will simply tell you it timed out waiting for a response. Your code should be able to re-open the connection at this point and resend the message that triggered the error. Then resume working on the rest of your list. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: Re: [PHP] Broken pipes, time outs, PHP, and mail
From: a...@ashleysheridan.co.uk Could it be that there are connection limits on the remote server? Thanks, Ash Only if you are opening a new connection for each message. Any decent SMTP client should be able to send multiple messages over a single connection. You could capture the traffic with Wireshark. Set the capture filter to only grab SMTP traffic to that server's IP address. Unless it is going through SSL/TLS, you can read the handshake messages. They will look something like this: -8 220 lists.php.net ESMTP Postfix EHLO ashleysheridan.co.uk 250-mail.php.net 250-PIPELINING 250-SIZE 1024 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH LOGIN PLAIN 250 8BITMIME MAIL FROM:a...@ashleysheridan.co.uk 250 Ok RCPT TO:php-general@lists.php.net 250 Ok -8 The lines beginning with numbers are the server's responses. All of them should be ASCII/UTF-8 text. There is one other possibility. According to the RFCs, the standard line ending for email is CRLF. Make sure your system is sending both characters after each line. There is a slim chance the server is cutting you off after some number of bytes if you are only sending a LF. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Web application architecture (subdomain vs. sub directory)
From: tedd At 1:45 PM -0500 8/25/10, Tim Martens wrote: Hi Everyone, New to the list. Hello! I'm in the customer discovery phase for a Health IT web application concept I have. My programmer is new to web apps, but not to programming and is set up with LAM(PHP). We're still debating weather to use a framework or to go with Rasmus's no framework framework approach. Language/Framework decisions aside... my main question is about subdomain ( customerx.appname.com vs subdirectory (appname.com/customerx/) models for instances of individual customers' accounts. It seems most people are opting for the former -- is this but a trebd? -- but I see flickr use the latter. The guys at Particletree (i.e., Wufoo) wrote a blog post about it ( http://particletree.com/notebook/subdomains-development-sucks/) years ago to which they still attest. They say the subdirectory model is much easier and faster to develop and deploy. We are developing locally on our macs and will be using Mecurial/Bitbucket for CVS. I'm really lost on this issue as all my searches turn up stuff on SEO/SEM. Is one approach easier that the other? What about security and scalability considerations? I would very much appreciate your opinions as to the pros and cons of each approach. As an aside, does anyone have some advice about rapid PHP deployment, i.e., pushing new features to production daily in micro iterations vs the typical milestone approach? Are there any good tools for this? What about hosts? Thanks all, Tim Tim: My recommendations: 1. No framework. Learn one thing, namely what you want to do and not two (i.e., what you want to do and a framework). I did not know that Rasmus said that, but I listen to what he says. 2. Use directories. They are much simpler to use and easy to create/change/delete/scale/make-secure. -- SEO stuff does not apply here. 3. Investigate Agile development. 4. Host? Roll the dice like the rest of us. Before you can select a hosting provider, define what you want. Are you looking for a cage with power and network connections, a VM that you can load up and manage, or a fully managed server environment? UPS or generator? What about backup and failover? Do you need redundant network connections? There is a wide range of options here that are not easy to evaluate. We have used a variety of different hosts through the years as our needs and requirements changed. Our current one is fully managed, guarantees PCI compliance and is very expensive. But it is still less than the FTE we would have to hire to do it all ourselves. We have more than 100 client sites on that cluster of servers. Depending on your size, it may be worth considering hiring a consultant to walk you through this process the first time. It could save you a lot of mistakes, time and money. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Bitwise NOT operator?
From: Richard Quadling On 24 August 2010 21:42, Andy McKenzie amckenz...@gmail.com wrote: On Tue, Aug 24, 2010 at 3:55 PM, Ford, Mike m.f...@leedsmet.ac.uk wrote: From: Andy McKenzie [mailto:amckenz...@gmail.com] From your example, this would have shown me what I needed to know: Then taking the value of E_NOTICE... 1000 ... and inverting it via ~: 0111 As it was, I assumed the 32-bit number was there because the author wanted it there, not because PHP assumes those extra bits. That's not PHP. That's the underlying computer architecture, and PHP has no choice in the matter. (Well, assuming you leave BCMath and so on out of the equation!) True, but largely irrelevant from my point of view: I'm talking to PHP. Even if I'd thought about it in terms of the architecture, I would have assumed that PHP would treat a two-bit number as a two-bit number, even if it had to do some weirdness in the background because it's not. If I enter a decimal two, I know the computer deals with it as binary, and now I know it probably deals with it as a 32-bit binary number, but it doesn't show me all the extra bits: it just shows me a two. My point here, much as it might sound like it, isn't that PHP is wrong for doing things the way it does. Even if I thought it is, I don't know what I'm talking about, and I know it. What I'm saying is that the documentation doesn't even begin to indicate to people like me that things won't work the way we expect. Maybe that's not necessary; certainly I've never needed it until now, and the confusion was easily cleared up. But adding to the docs might avoid a lot of confusion for the next guy who doesn't really know what he's doing. I think trying to explain to someone with no knowledge of the rules is going to be a little beyond the role of the PHP documentation. A rudimentary understanding has to be assumed. You are talking about decimal numbers (2, 3, 4) and then applying the NOT operator and then expressing the result in base 10 and base 2. Decimal numbers are column based. By worldwide and historic convention, leading zeros are not needed. In fact, worldwide convention has dictated that a leading 0 implies an octal number and not a decimal one. Binary numbers are block based. Historic/worldwide convention dictates bits are either singular (true/false) or in blocks (bytes, words, double-words, quad-words, etc.) OK. Nibbles/nybbles/nybles too. You say a two-bit number. Well, there is no such entity. As soon as you talk in terms of bits, you are dealing in binary and this is block based, not column based. Applying a not operator has the effect of inverting all the bits. We see that perfectly fine in ... ~0001 = 1110 But, when you then express that pattern in decimal, the rules regarding 2's compliment kick in. -128 to 127 = 256 options. Not -127 to 127 ... what happened to -0? To make it simple, the computer hardware doesn't know or care if you want two bits or 128, so neither can PHP. If you are only interested in the lower bits, you need to mask your answer to throw away the rest. For example, doing a bitwise AND with 3 will discard all but the last two bits, 7 will give you the last three bits, etc. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] two questions on serverside validation
From: David Mehler
I've got two questions. I'm having to redo my form. Can you tell me
the difference if any between these two lines of code? This is for
output filtering.
textarea name=description ?php echo htmlout($description);
?/textarea
textarea name=description?php echo htmlout($description); ?
/textarea
One has the quotes around the parameter in the function call the other
does not. Here's the functions:
function html($text)
{
return htmlentities($text, ENT_QUOTES, 'UTF-8');
}
function htmlout($text)
{
return html($text);
}
The version with quotes will go through a superfluous step of parsing
the string and then doing the substitution. The other will simply do the
substitution.
My second question is I'm wanting to do input filtering to prevent
anything malicious from coming in to my form. The eventual goal is to
get this information in to a database. Here's an insecure name field
i'm wanting to secure it against html tags, strange text, no symbols
except perhaps period, dash, letters, numbers alpha numeric stuff.
$name = $_POST['name'];
div
label for=nameName*:/label
input type=text name=name id=name size=50 value=?php echo
htmlout($name); ? / br /
/div
In my previous form i used a variable declaration like:
$name = trim($_POST['name']);
but I can probably do better, as I said this is eventually going in to
a database.
There are actually two stages to this, sanitization and validation. The
first strips out dangerous characters, tags, etc. The second is to
verify that the content is actually within the acceptable range of
answers for your system. i.e. if you are using English names, there are
no Cyrillic characters in there. In some cases there is also a third
step, which varies depending on where you are using the string. For a
database, there are usually escape functions with the DB library to
prepare it for storage. I frequently use pg_escape_string(). There are
other options for strings being set to the browser, either as html
content or URLs.
You probably should become familiar with the OWASP[1] recommendations as
early as possible. They have a variety of tried and tested functions for
this very purpose. You can use them as is, as models or as frameworks
for your own variations on the theme.
Bob McConnell
[1] http://www.owasp.org/index.php/Main_Page
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: How safe is a .htaccess file?
From: Peter Lind On 24 August 2010 15:43, Gary php-gene...@garydjones.name wrote: Jan G.B. wrote: The weakness of MD5 is mainly because MD5 collisions are possible. That means, that different strings can have the same MD5-hash... http://en.wikipedia.org/wiki/MD5#cite_note-1 It's worth noting that that essentially does not touch upon whether or not MD5 can be considered safe or not as a means to store password information. The researchers have discovered ways of crafting inputs to easily find colliding hashes - they have not discovered any easy means to craft an input that will collide with a given hash. That's a simple matter of brute force, which can be done once and saved for instant use later. However, putting a salt into your algorithm pretty much eliminates the chances of success using that attack. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] tutorial failure
From: e-letter On 19/08/2010, David McGlone da...@dmcentral.net wrote: Yes it is. But your computer needs the correct software to view that php file in a web browser as if it was a web page. If you do not have this software installed, then the web browser will ask you if you want to download the file instead. The web browser views the php file as described previously; there is no prompt to download the file. David, If the server is set up correctly, it interprets the PHP code and only sends an HTML stream to the browser. The only way the browser would see PHP is if the server is misconfigured. The browser will simply display it as it would HTML. It doesn't know PHP from plain text. Actually, the browser could not process PHP, since most of the resources needed are still on the server. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] possible issue with quotes (Magicquotes feature)?
From: David Mehler I've got a php5 document and some items are showing up as question marks. For example, the word President's in the code it is President's however when displaying in the browser it's President?s the ' is not being displayed properly, this is occurring in several places and on several pages. The php version my hosting is using is 5.2.14, a check of phpinfo shows magic_quotes_gpc as on, magic_quotes_runtime and magic_quotes_sybase as off. Is this my issue? Not likely, magic quotes escapes MySQL style, which doubles up any backslashes, not single quotes. The more likely issue is the character encoding on your system is incompatible with the version used on the server. If the server is using UTF and you only have an ASCII set, there may not be a display character available on your browser for the code used for that character on the server. I see this frequently when viewing pages translated from other languages into English, or pages generated by any number of Wikis and template packages. UTF is still a quagmire of incompatible font sets. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] tutorial failure
From: e-letter On 18/08/2010, chris h chris...@gmail.com wrote: On Wed, Aug 18, 2010 at 7:10 AM, e-letter inp...@gmail.com wrote: On 18/08/2010, chris h chris...@gmail.com wrote: What are the actual file permissions when you run ls -o? root What's the entire output of ls -o? [r...@localhost html]# ls -o * -rwxr-xr-x 1 root 182 2010-08-18 11:33 test.php* addon-modules: total 4 lrwxrwxrwx 1 root 51 2010-01-11 22:03 apache-mod_svn_view-0.1.0 - ../../../../usr/share/doc/apache-mod_svn_view-0.1.0 lrwxrwxrwx 1 root 52 2010-01-11 22:03 apache-mod_transform-0.6.0 - ../../../../usr/share/doc/apache-mod_transform-0.6.0 -rw-r--r-- 1 root 115 2007-09-07 21:47 HOWTO_get_modules.html Do you know if PHP is installed as an apache mod or cgi? Also you might check what user apache is running as. No. How to verify? possibly... $ vi /etc/apache2/envvars No apache2 on my computer, only '/usr/lib/apache' which contains only .so files. there's no /etc/apache either? No Some distributions have really screwed up the locations of various applications. This is compounded by the decision to rename the Apache 2 directories to httpd. Look for /etc/httpd, /home/httpd or /usr/lib/httpd. If worse comes to worst, try ps ax | grep httpd to see if you can find the path from the original start up in the init process. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Encryption/Decryption Question
From: tedd At 8:09 PM -0400 8/11/10, Bastien Koert wrote: From my experience, I'd have to say that it would be a real tough go to crack that. If there was a weak point in the scheme is that your end result pattern ( the ssn ) is defined with a pair of constants, the hyphens. In our scheme we remove the dashes and just provide a mask for display. We also keep a unique key with each ssn, the record number for extra security. The SS numbers can be stored in any format (with/without hyphens, reversed, transposed, predetermined mixing, whatever). Of course, there can be another field where a unique key is kept, but I'm not sure how that might improve security. Where to keep it is tougher, OWASP suggests that the keys be stored on another non web facing server, with a locked down filesystem. That would be best if you have the hardware available. So that I understand, you are talking about two web sites where one (domain1.com) would contain/run the scripts and the other (domain2.com) contained the keys. It would work like so: When the script launches in domain1.com, the script would ask (after authorization) domain2.com for the keys, which are kept in a locked directory. After which the Encryption/Decryption scheme would work. Is that it? One other option here is to load the keys into ram on server start up and never have them physically on the machine. I'm not sure as to how to make that work. But I assume that it requires a dedicated server, right? If I might make a suggestion or two. 1. Put all of the data on a separate DB server that is not accessible from the Internet, but only through authorized access to the web server. The data should still be encrypted, but at least you can eliminated brute force attacks. Even though the data is necessary for your client's business, it is still privileged information as far as his targets and the government are concerned. Treat it accordingly. 2. Spend some time reading all of the OWASP[1] guidelines and implement as many of them as you feasibly can. That might cost some time (and money) but will be better for your client in the long run. He reduces both his exposure and liability while still being able to use that data. 3. Spend some time reading the PCI requirements in your country and try to implement as many of those as possible. But keep in mind that they exist solely to protect the credit card issuers. You need to figure out how far you need to go in order to protect your client. Bob McConnell [1] http://www.owasp.org/index.php/Main_Page -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Variable variables into an array.
From: Richard Quadling Quick set of eyes needed to see what I've done wrong... The following is a reduced example ... ?php $Set = array(); $Entry = 'Set[1]'; ^^ Shouldn't that be $Set[1]? $Value = 'Assigned'; $$Entry = $Value; print_r($Set); ? Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] question about compiling a portable web server for linux
From: Ashley Sheridan On Sat, 2010-08-07 at 10:43 +0800, lainme wrote: thanks for the reply. I know it is not a PHP problem. And I want to know whether it is possible to make it architecture independent. On Sat, Aug 7, 2010 at 10:38 AM, Ashley Sheridan a...@ashleysheridan.co.ukwrote: On Sat, 2010-08-07 at 10:22 +0800, lainme wrote: Hi, I recently compiled a portable portable web server for linux, using lighttpd and php. But it seems that php can only run on machine with the same glibc version compiled it. How can I solve the problem? It's not a PHP problem. If you compile something, it's compiled to the same architecture that you specify, which by default is yours. have you tried compiling your executable with the same setup as you're currently using? You can't compile to be architecture independent. The best you can do is convert a language to a byte-code, like java. To expand on this, just a little, once you compile an application, you have locked it in to a specific CPU, OS and versions of the requisite dynamic libraries. The compiler options and your tool set define which range of each of those it will actually run on. The only way to make something completely independent of the architecture is to distribute it in source code form. In this case, you are probably better off defining minimum versions for the web server and PHP module that is required and allow the user to install those on his own. Most distributions already have those components packaged in an easy to manage kit. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Limit failed logins attempts
From: Juan Rodriguez Monti I would like to know what do you suggest to implement a limit for failed login attempts. I thought that might be a good idea, to define a session variable called ( failedattempts ), then check and if $failedattempts is greater than, suppose, 4 write to a Database ( ip, username and last-time-attempt ). If ater that, the user/bot tries again to login unsuccessfully, then the system should ban that user ip combination. We have two columns in the user table, login_attempts and u_touch. The first is an integer, the second is a time stamp. The second is updated to now every time the user requests a page. Each time a login attempt fails, the first column is incremented. If the first column exceeds 3 when a new attempt is made, the previous time in the second must be more than 30 minutes old. The first column is reset to 0 on a successful login, or 1 on an unsuccessful attempt more than 30 minutes after the previous attempt. The error message is the same for all login failures, no matter what the cause. While logged in, if a page is requested with the value of u_touch more than ten minutes old, the user is automatically logged out. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP 5.3 as a requirement for a library?
From: David Harkness My current company just switched to 5.3 after running 5.2 for some time. Are we average in that regard or the exception to the rule? From where I sit, you are will ahead of the curve. RedHat and CentOS 5 still have 5.2.4 in their production repositories. We have to custom compile 5.2.13 just to pass our PCI audits. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: RE: [PHP] the state of the PHP community
From: Per Jessen Bob McConnell wrote: In chronological order - Languages: [snip] C++ (Still don't understand the purpose of objects or classes). Two words - encapsulation and abstraction. Both of which are euphemisms that simply mean obfuscation. I learned very early in my professional career to eschew obfuscation, so they don't impress me at all. In addition, I really don't do abstraction well. I have trouble when I have to deal with more than two levels of indirection. Having written and debugged a _lot_ of real-time applications and device drivers, in both assembler and C, I am much more comfortable with the concrete, like managing I/O registers, interrupt controllers and circular buffers. Unfortunately, there aren't many of those jobs left. That's one of the primary reasons I am looking forward to retiring. I still believe that OOP is as much of a fad as Structured Programming and Top-Down Programming were. They all can be used to solve certain classes of problems, but none of them are a silver bullet for software development. OOP will eventually learn its place in the overall scheme of programming, but it will never be universally applicable. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] the state of the PHP community
From: Robert Cummings On 10-07-29 10:18 PM, David McGlone wrote: On Thu, 2010-07-29 at 22:14 -0400, Robert Cummings wrote: Early high school I used to program in basic on a TRS-80. Oh how I loved saving my programs to audio cassette. Later in high school I learned pascal and then later qbasic. Later still I studied computer science and was exposed to many different languages C, C++, Smalltalk, Java, Scheme, Prolog, Perl, JavaScript, HTML, VRML, SQL that I remember. When I finished university I walked straight into a PHP job knowing not an iota of PHP. I came up to speed the first week and fell in love with it. That was around March 2000. The company there always used Java also, as part of a desktop suite to manage the web content. Towards the end of 2002 they began an effort to create a Java based web framework to parallel their PHP framework and so I used Java more at that time. Then the dot com crash caught up with them and layoffs ensued. What High School did you go to? What year? As far as I remember when I was in HS, nothing about computers was offered. this was back in '88. I was attending the Nechako Valley Secondary School in Vanderhoof, British Columbia, Canada in 1989 when I was learning Pascal. Now that I think of it more deeply, it wasn't Qbasic in high schoool, it was Watcom Basic while attending Timmins High Vocational School in Timmins, Ontario, Canada in 1990 or 1991. Qbasic was at home :) Actually, I'm not sure about Timmins for the Watcom Basic, it might have been Lockerby Composite in Sudbury, Ontario, Canada. I attended 4 different high schools. Some if it is blurry now :) The use of Watcom tools would make sense since the Wat was an abbreviation of Waterloo, Ontario. That was also the source of the WatFor Fortran compiler I used in 1968. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] hash problem.
From: João Cândido de Souza Neto I´ve got the setting in my /etc/login.defs file as bellow: # Use MD5 or DES to encrypt password? Red Hat use MD5 by default. MD5_CRYPT_ENAB no ENCRYPT_METHOD SHA512 So, when I try to get this: echo hash(sha512, $_POST[password]); It does not match the password the user´s got in /etc/shadow file. Anyone knows why? I believe you forgot the salt. Traditionally, Unix adds an additional value to the password before it is encrypted. I don't know where that comes from. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] the state of the PHP community
code resources. Perl has CPAN, C has Snippets http://snippets.snippets.org/index.php, and there are other similar resources for other languages. I haven't found the like for PHP yet. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] File Manager with acl
From: Ricardo Martinez i want ask to the list, if anyone knows a FIle Manager with ACL, written in PHP and MySQL. Dokuwiki doesn't require a DBMS, but can use MySQL if you really need to shoehorn it in. http://www.splitbrain.org/projects/dokuwiki Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: Re[2]: [PHP] Do you have some standard for defined the variable in program language?
From: tedd
At 1:38 PM +0300 7/27/10, Andre Polykanine wrote:
Hello viraj,
As for classes, it's suggested to start a class name with a capital:
class MyBestClass {
...
}
In some languages (I can't remember if it is Java, or Javascript, or
both) the first letter should be lowercase, such as:
myBestClass
One of the best features of standards is that there are so many to
choose from. Likewise with coding styles, there are nearly as many as
there are coders. If you are working by yourself, pick something and
stick with it. If you are working in a group, or are employed to write
code, there may be requirements agreed upon or required in that
environment. You may not find out about them until your first code
review, but be assured, you will eventually be told about them.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php array in different OS
From: fyang
I have a simple test code in different OS ,but it give me a
different
result.
the code as follows:
?php
$n= 5;
for($i=0;$i$n;$i++)
{
$data[]=array(,$i,$i/1000);
echo $i, ,$data[$i][1],br;
}
echo count:,count($data);
?
OS1: Red Hat Enterprise Linux Server release 5.1
Linux 2.6.18-53.el5xen i686 i686 i386 GNU/Linux
test result: the result is correct,it can display 5 data and
count:5.
OS2: CentOS release 5.4
Linux 2.6.18-164.el5 x86_64 x86_64 x86_64 GNU/Linux
test result: the result is wrong,it can only display 31148 data and
it
can not display count value.
I'm not sure the result relate to array capacity in different OS.
Please give me some tips,thanks in advance.
Did you really have to post the same message eight times?
CentOS is Red Hat minus the proprietary elements, so you actually have
two releases of the same OS here. The bigger question is what version of
PHP are you running on each of them and how are they configured?
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Weird behavior of exec()
From: Leonardo Em 15/07/2010 18:54, Shawn McKenzie escreveu: On 07/15/2010 04:40 PM, Leonardo wrote: Bad habit. I know. Did it fix it? Not really. The server allows short open tags. So, nothing changed. You are running b.php as an external command, so it is running as a CLI, not in the httpd server. You need to check to see how your PHP command line is configured, it may need the full tag no matter how the server is set up. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] How to alter the schema of a database to introducenewfeatures or change the current features
From: Pete Ford On 15/07/10 09:14, Ashley Sheridan wrote: ALTER TABLE is the way to go. If in doubt, look at the SQL phpMyAdmin produces when you make the changes in there. Yeah, scripting ALTER TABLE commands ... :) We maintain two files for every schema, site_schema.pgsql and site_delta.pgsql. Every time we modify the schema, we add the change commands to the delta file. We also have markers in it for each build number, so the update scripts can determine which changes need to be run when a site is updated. We use a similar technique on other systems that use Oracle or Sybase ASA on the back end, but those are stored as a shell database and sets of patch files for each build. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] updating a database
From: David Mehler
What i'm trying to do certainly doesn't seem hard conceptually, but
coding it has been rough. I'm wondering if anyone has anything
similar.
I've got a database with records. The first time the page is accessed
the submit button won't be selected, so display information about the
record with a checkbox for selection. If a user selects a checkbox and
hits submit, display only that specific record in a form for editing,
once editing is complete feed the edited data back to the database.
I'd like all this to be done in a single sticky file.
If anyone has any code similar to this i'd appreciate getting a look,
mine is nonworking.
Mine looks something like this
-8---
$Submit = $_POST['Submit'];
if (isset($CCsubmit)) {
DELETE
if ($Submit == Delete) {
// Check to see if user authorized, then delete record
}
NEW
else if ($Submit == New || $Submit == Next){
// Issue empty form or next record
}
EDIT
else if ($Submit == Save) {
// Validate and ssve the updated data. Reissue if validation
fails.
}
}
else {
// Issue form with initial data
}
-8---
You should also check in the Save option to see if anything was actually
changed. The record shouldn't be updated if nothing was edited.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php processing name vs. id field
From: Ashley Sheridan Not sure if my other email got through earlier. Replacing the name attribute on form fields with the id one is not feasible at all. They don't even behave the same. What would happen if you had two forms on a page that both had an element with the same name? Using the name attribute, everything is fine, but not so if you were using the id instead. These conditions sound like a bugs to me. I can't imagine any reason why different forms could have the same name or id. That applies to any set of elements on a page. Each one must have a unique moniker, no matter which attribute you use. Even the simple validations I use will complain about your duplicates, as they should. Making them all unique also makes it much simpler to use tools like Selenium or Silk Test to automate the testing process. Looking at the HTML 4.01 references given earlier in this thread, I see that id is now a core attribute, i.e. it is available for all but a handful of tags, while name is only available for the tags where it is explicitly included. So it still appears to me that id is the preferred attribute, as it is more generally available. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php processing name vs. id field
From: tedd At 2:01 PM +0100 7/2/10, Ashley Sheridan wrote: -snip- I agree with Ash 100%. There is an id and a name attribute for input (et al) tags -- that's html. ... So, what's the major beef here? Is someone objecting to having both id and name being legal attributes for a tag? If so, this is really not the place to submit a compliant. However, it is the place to see the error of that thinking. Giving the slightest bit of thought to dismissing the name attribute from tags should result in the realization that the act would break countless forms already in use. So the beef here is not well thought out, nor is it likely to happen. Arguments against using/dismissing the name attribute in tags is simply nonsense. This discussion began when I pointed out that the name attribute is deprecated in XHTML. This was later confirmed when someone pointed to the actual specification at http://www.w3.org/TR/xhtml1/, however there may be some confusion about the scope of the change. The applicable section is shown below. Apparently HTML 5 is planning to take a different path. Of course, nobody knows that for sure since the spec is far from complete and will likely be undergoing major changes for several more years. Bob McConnell -8 4.10. The elements with 'id' and 'name' attributes HTML 4 defined the name attribute for the elements a, applet, form, frame, iframe, img, and map. HTML 4 also introduced the id attribute. Both of these attributes are designed to be used as fragment identifiers. In XML, fragment identifiers are of type ID, and there can only be a single attribute of type ID per element. Therefore, in XHTML 1.0 the id attribute is defined to be of type ID. In order to ensure that XHTML 1.0 documents are well-structured XML documents, XHTML 1.0 documents MUST use the id attribute when defining fragment identifiers on the elements listed above. See the HTML Compatibility Guidelines for information on ensuring such anchors are backward compatible when serving XHTML documents as media type text/html. Note that in XHTML 1.0, the name attribute of these elements is formally deprecated, and will be removed in a subsequent version of XHTML. -8 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php processing name vs. id field
From: tedd At 10:53 AM -0400 7/2/10, Bob McConnell wrote: This discussion began when I pointed out that the name attribute is deprecated in XHTML. This was later confirmed when someone pointed to the actual specification at http://www.w3.org/TR/xhtml1/, however there may be some confusion about the scope of the change. The applicable section is shown below. Apparently HTML 5 is planning to take a different path. Of course, nobody knows that for sure since the spec is far from complete and will likely be undergoing major changes for several more years. What XHTML does is limited to XHTML. Simply put, HTML is the glue that holds the web-works together. The attributes that HTML uses/approves is what concerns other languages. I am sure that the powers that be will consider the affects of changing established and well entrenched attributes (remember that name was used as an attribute before id). As such, I seriously doubt that name will fall by the wayside any time soon. Yes, the wonderful thing about standards is that there are so many to chose from. My head is hurting even trying to consider all of this. We have settled on XHTML for all corporate pages, since it is final, fixed and well supported. It can also be validated easily using the HTML Validator plug-in for Firefox, among others. A significant portion of my work over the past year has been improving conformance by using that plug-in. The only other thing I plan to think about is how soon I should retire. I'll be eligible for social security in less than six months, and if the stock market is kind to my 401K, I should be ready by then. Since there isn't anything left here that allows me to use my primary skills (Assembly language and hardware device drivers) I am pretty much treading water until I leave. I think my managers have put me on these web pages simply to keep me occupied until then. It's obvious I don't understand the underlying technology very well. For those in the USofA, have a great Fourth of July holiday. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php processing name vs. id field
From: Adam Richardson
On Wed, Jun 30, 2010 at 9:16 PM, David Mehler dave.meh...@gmail.com
wrote:
Hello,
I've got a php form processing question. I've got a text field like
so:
div
label for=txtnameName*:/label
input type=text name=name id=name size=30 value=?php echo
htmlspecialchars($_POST['name']), ENT_QUOTES, UTF-8; ? / br /
/div
My question is what is the purpose of the id field? I know the name
field is what php references, but am not sure what id is for?
Sometimes it's helpful to target a specific element for stylistic or
functional purposes, and that's when you'll find an id attribute
helpful.
In your example above, label elements use the id in the 'for'
attribute
(and, speaking to your example, you should have for=name instead of
for=txtname):
http://www.w3schools.com/tags/tag_label.asp
In terms of CSS, you can specifically reference the element by it's id
using
the notation tag_name#id_value, and id's have the highest order of
specificity (i.e., if you try and style an element by tag name, class,
and/or id, the id styles are what will take precedent, all other
things
equal.)
http://webdesign.about.com/od/cssselectors/qt/cssselid.htm
http://www.stuffandnonsense.co.uk/archives/css_specificity_wars.html
In terms of javascript, you can reference the element by it's id by
using
the function getElementById('id_value):
http://www.tizag.com/javascriptT/javascript-getelementbyid.php
Just remember that a particular id can only occur once on a page
(another
difference between the name attributes in a form, as you could have
multiple
forms on a page and each form could have an input with a zip name
without
issue, but that same page could only have one id with the value
zip.)
That all said, with the advent of javascript data attributes, you'll
have
one more way to target elements for design and functionality:
http://ejohn.org/blog/html-5-data-attributes/
If you look at the current HTML 4.01 and XHTML 1.0 specification, you
will find 'name' is no longer listed as a standard attribute. It is all
but obsolete and has been replaced by 'id' almost everywhere. They
actually recommend you put both attributes into tags with identical
values until your applications can be updated to drop all uses of the
name attribute.
http://www.w3schools.com/tags/default.asp
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php processing name vs. id field
From: Peter Lind
On 1 July 2010 14:38, Bob McConnell r...@cbord.com wrote:
From: Adam Richardson
On Wed, Jun 30, 2010 at 9:16 PM, David Mehler
dave.meh...@gmail.com
wrote:
Hello,
I've got a php form processing question. I've got a text field like
so:
div
label for=txtnameName*:/label
input type=text name=name id=name size=30 value=?php
echo
htmlspecialchars($_POST['name']), ENT_QUOTES, UTF-8; ? / br /
/div
My question is what is the purpose of the id field? I know the name
field is what php references, but am not sure what id is for?
Sometimes it's helpful to target a specific element for stylistic or
functional purposes, and that's when you'll find an id attribute
helpful.
In your example above, label elements use the id in the 'for'
attribute
(and, speaking to your example, you should have for=name instead
of
for=txtname):
http://www.w3schools.com/tags/tag_label.asp
In terms of CSS, you can specifically reference the element by it's
id
using
the notation tag_name#id_value, and id's have the highest order of
specificity (i.e., if you try and style an element by tag name,
class,
and/or id, the id styles are what will take precedent, all other
things
equal.)
http://webdesign.about.com/od/cssselectors/qt/cssselid.htm
http://www.stuffandnonsense.co.uk/archives/css_specificity_wars.html
In terms of javascript, you can reference the element by it's id by
using
the function getElementById('id_value):
http://www.tizag.com/javascriptT/javascript-getelementbyid.php
Just remember that a particular id can only occur once on a page
(another
difference between the name attributes in a form, as you could have
multiple
forms on a page and each form could have an input with a zip name
without
issue, but that same page could only have one id with the value
zip.)
That all said, with the advent of javascript data attributes, you'll
have
one more way to target elements for design and functionality:
http://ejohn.org/blog/html-5-data-attributes/
If you look at the current HTML 4.01 and XHTML 1.0 specification, you
will find 'name' is no longer listed as a standard attribute. It is
all
but obsolete and has been replaced by 'id' almost everywhere. They
actually recommend you put both attributes into tags with identical
values until your applications can be updated to drop all uses of the
name attribute.
http://www.w3schools.com/tags/default.asp
Errr, what? Name is by no means obsolete for forms. Have a look at
http://dev.w3.org/html5/spec/association-of-controls-and-forms.html#attr
-fe-name
- it's still in the html5 spec and there's little to no chance of it
going away any time soon.
HTML5 is years away from completion and still changes far too often, so
we don't consider it nearly ready for prime time. XHTML is here now, has
several usable validation suites and has been stable for years. That's
more of a reasonable target for commercial products.
Relying on w3schools is not ... really advisable.
Where else would you go? Even W3C doesn't publish decent reference
documents, and their specifications are inscrutable to normal human
beings.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] mail command failing
From: Ashley Sheridan
On Tue, 2010-06-29 at 10:00 -0700, Mike Wright wrote:
Hi all,
I'm very puzzled by this. I've been using the php mail command for
years but now I can't get it to work and can't figure out how to
diagnose the problem.
The code below was copied from the manual (addresses changed, etc);
php.ini has safe_mode off; binary is at /usr/sbin/sendmail.
?php
ini_set(SMTP,localhost );
ini_set('sendmail_from', 'mike.wri...@mailinator.com');
$name = Mike Wright; //senders name
$email = mike.wri...@mailinator.com; //senders e-mail adress
$recipient = mike.wri...@mailinator.com; //recipient
$body = The text for the mail...; //mail body
$subject = Subject for review; //subject
$header = From: $name $email\r\n; //optional headerfields
$echo = mail($recipient, $subject, $body, $header) ?
'success':'fail';
echo br/br/$echo;
I can access the mail server with /usr/bin/mailx and by telnet
localhost 25. I can also send mail using php by using 'exec (
echo
$body | mailx -s $subject $recipient)'.
php-5.2.29 on fedora10 with apache 2.2.14. Can this be selinux
related?
Any ideas or troubleshooting tips?
The first ini_set variable you're setting I believe will
only work for a Windows server.
Aside from that, yes SELinux does prevent the mail command from
sending
mail by default. I'm using Fedora 11, so I assume it will be similar;
there are config tools for setting SELinux policies, or you could even
turn it off (not advised on a live server). As a test, try turning it
off temporarily just to see if it is the culprit, then you can
determine
what policy changes need to be made.
Don't turn it off, set it for Permissive mode. It will both allow the
connection and log why it wouldn't allow it in normal operation. Then
you can review the logs and make the necessary adjustments.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] in_array - what the...
From: Daevid Vincent
Why do this in_array() business??
Just do this...
if (self::$aboveArray[$name])
{
//something interesting here
}
Does that gibberish actually do something? It doesn't make any sense to
me, while in_array() actually looks like what it does.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] in_array - what the...
From: Peter Lind
On 25 June 2010 19:58, Bob McConnell r...@cbord.com wrote:
From: Daevid Vincent
Why do this in_array() business??
Just do this...
if (self::$aboveArray[$name])
{
//something interesting here
}
Does that gibberish actually do something? It doesn't make any sense to
me, while in_array() actually looks like what it does.
Gibberish?? Probably a good time to go look up some php tutorials.
No thanks. I tried to figure out that double colon nonsense over a decade ago
as part of an OOP development team. I still don't understand most of the code
written during those two years, even though I still maintain parts of it. All I
see is a lot of unnecessary overhead with no significant return on the
investment. I'll stick with the tried and true procedural notation, at least
until I retire next year.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] FW: Problem with ssh2_connect
From: Radek Krejca I am trying connect to freebsd. I have php 5.3.2 installed. I have to connect using public keys, but without succes. Function ssh2_connect throws me following error (then I have invalid resource for function ssh2_auth_pubkey_file)... PHP Warning: ssh2_connect(): Error starting up SSH connection(-5): Unable to exchange encryption keys in /usr/home/radek/pokus.php on line 14 ... I got the same error without using methods variable. Have you tried opening the connection from the command line with OpenSSL or similar tools? Do you know those credentials will actually work? Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] $_SERVER['REMOTE_ADDR'] and sql injection
From: Ashley Sheridan Out of interest, how does PHP calculate the IP number, as it was my understanding of IP numbers that they can't be negative. For example, my IP address is 89.243.156.135 The four parts as binary: 01011001 0011 10011100 1111 From there, I thought that the binary values were concatenated as if they were a string, and then the decimal value worked out from that, giving, in my case, a value of 1509137543. How is it possible that PHP can produce negative values from this method? Does it do something else entirely, or is this a case of the integer value overflowing into negative values? (which might explain why the value correctly converts back) When stored as a four byte integer, the high bit becomes the sign flag. So if the first byte is 128 or higher, it would be converted into a negative number. This is a common issue when the size of numbers exceed the storage space allotted. It's well understood in tightly typed languages, but often missed in the more loosely typed languages like Perl and PHP. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Replacing Registered Symbol
From: Rick Dwyer I'm trying to replace the registered ((r)) symbol from a variable via PHP. The variable $mystring is set to a MySQL field that contains the value This Is The Registered Symbol (r). Using the following, I try to replace the symbol, but it persists: $moditem = str_replace((r),,$mystring); I tried replacing the symbol in the above syntax with the HTML equivalent but no luck. It depends on what you want it for. For a URL, the HTML encoding is 'reg;' '#174;' or '%AE'. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Unit testing in PHP
From: vikash What do you use for unit testing in PHP? phpUnit, SimpleTest or any other? I use Mike Lively's PHP TAP Test Harness with test-more.php from the Apache Test Harness. This requires a CLI interpreter be installed. I was already familiar with the equivalent packages in Perl, and this is mostly a port of them into PHP. In addition to that, I have written my own db_dummy.php to emulate the PostgreSQL library in PHP. I have no class, so the OOP test modules are of no use to me. After 40 years of procedural programming, I simply cannot see anything as objects. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] User's IP Validation
If this is an open site, using the IP won't be any good. We have over 200 people behind our NAT firewall, all of which would show up as coming from the same IP on your server. Many other networks have the same or a similar configuration. If you only allow registered users, add a couple of flags to your user table and set one of them when they fill out the form. Don't show them the form after it is set. Having a couple, you can do a couple of questionnaires simultaneously, and clear the matching flag when you close the form. Bob McConnell -Original Message- From: Juan Rodriguez Monti [mailto:j...@rodriguezmonti.com.ar] Sent: Wednesday, June 16, 2010 2:26 PM To: php-general@lists.php.net Subject: [PHP] User's IP Validation Hi people, I would like to know the best way to perform some kind of validation for an application that I've written. I have a system that ask through an HTML Form some questions to users. I use some cookies to save some information from the user side. However, I would like to implement some code in PHP that would let me limit to 1 the number of times that the page with the questions was executed. I mean, the user fills the HTML's Form, then send it through an HTML Button, then PHP receives this informations and send an Email containing the replies to the questions. I would like to limit to one, the times one single user is able to execute this form. I thought getting the IP Address, then doing some kind of validation with it. However I don't know if using cookies is the best idea. I don't have access to a DataBase for this. So I thought might be a good idea write to a file in the server the IP, then perform some if to know if the user already replied the form. As far as I don't know which is the best way to code this, I felt free to ask you guys. Thanks a lot. Juan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question - foreach.
From: Paul M Foster On Thu, Jun 10, 2010 at 11:16:08AM -0400, tedd wrote: At 9:32 AM -0400 6/10/10, Paul M Foster wrote: On Thu, Jun 10, 2010 at 07:03:28AM -0400, tedd wrote: Paul: Now, if I could get the old memory to lock in and remember it, it would be great! I spend much of my time thinking Did I do that before? grin I know the feeling. I will say this, though. I have yet to figure out, from your URLs, how your site(s) is/are organized. Maybe a reorg would help? ISTR there are three signs of old age. The first is loss of memory, but I can never remember the other two. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Security Issue
From: Ashley Sheridan On Mon, 2010-06-07 at 15:00 -0300, Igor Escobar wrote: PHP Injection is the technical name given to a security hole in PHP applications. When this gap there is a hacker can do with an external code that is interpreted as an inner code as if the code included was more a part of the script. That data is still coming from somewhere, so is still badly sanitised data either coming from a form or a URL. You really should go over all the code to find these and root them out, which is a mammoth task. To narrow it down, those access logs I mentioned before will help. I think there are ways you can automatically detect security holes in your software, but if none of your user data is sanitised correctly, then virtually everything is a potential security hole. You need to narrow your search down a bit. Are there corrupted files on the server? Who has write privileges for those files and directories? Are they tracked via a content management system? Who last wrote to them? Can you further restrict who is allowed to write into those files and directories? Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Set up MySQL + Apache 2.2.4 on Win XP
From: Shreyas Not sure what you meant by that. I never had to restore anything. Would be happy to know if I have misunderstood anything. On Thu, Jun 3, 2010 at 4:52 AM, shiplu shiplu@gmail.com wrote: Actually you just restore your NS schema in the new EasyPHP stack. The fact that you were able to add your schema by simply copying it into the correct directory is a happy coincidence, or more likely a serious bug in MySQL. There may be some system tables that were not updated to reflect the presence of that schema, so some features may not work with it. The correct way to move a database is to back it up on the original server, then restore it on the new one. That way all system tables would be correctly updated by the server. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Set up MySQL + Apache 2.2.4 on Win XP.
From: Shreyas What would be the exact installer which will let me have the MySQL Server and the Query browser? I know this is the wrong forum but I am just giving it a shot. When I do Start - All Programs - MYSQL, I used to get only above options. I have lost the installer and the actual MySQL website has quite a lot of things. I don't know anything about the MySQL toy, but from scanning this thread you already have a server installed if your java app is talking to it on port 3306. You are now trying to install a second server on the same computer, which can only be done if you change the port number. How did you install the first server? Was it part of the java install or did one of the other packages you installed put it there? Do you still have the documents for that package with the default users and passwords? Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Convert UTF-8 to PHP defines
From: Ashley Sheridan
On Thu, 2010-05-27 at 12:08 -0400, Adam Richardson wrote:
On Thu, May 27, 2010 at 9:45 AM, Guus Ellenkamp
ellenkamp_g...@hotmail.comwrote:
Thanks, but are you sure of that? I did some research a while ago and found
that officially PHP files should be ascii and not have any specific
character encoding. I believe it will work anyhow (did not try this one),
but would like to stick with the standards.
Ashley Sheridan a...@ashleysheridan.co.uk wrote in message
news:1274883714.2202.228.ca...@localhost...
On Wed, 2010-05-26 at 22:20 +0800, Guus Ellenkamp wrote:
We use PHP defines for defining text in different languages. As far as I
know PHP files are supposed to be ASCII, not UTF-8 or something like
that.
What I want to make is a conversion program that would convert a given
UTF-8
file with the format
definetext1=this is a text in random UTF-8, probably arabic or similar
text
definetext2=this is another text in random UTF-8, probably arabic or
similar
text
into a file with the following defines
define('definetext1',chr(t_value).chr(h_value).chr(i_value)...
chr(x_value).chr(t_value));
define('definetext2,chr(t_value).chr(h_value).chr(i_value)...
chr(x_value).chr(t_value));
Not sure if I'm using the correct chr/ord function, but I hope the above
is
clear enough to make clear what I'm looking for. Basically the output
file
should be ascii and not contain any utf-8.
Any advise? The html_special_chars did not seem to work for Vietnamese
text
I tried to convert, so something seems to get wrong with just reading an
array of strings and converting the strings and putting them in defines.
PHP files can contain utf-8, and in-fact is the preference of most
developers I know of.
Because the lower range of UTF-8 matches the ascii character set
(intentionally by design), you'll be able to use UTF-8 for PHP files without
problem (i.e., ascii 7-bit chars have same encoding in UTF-8.)
http://www.cl.cam.ac.uk/~mgk25/unicode.html
However, if you were to use any of the multibyte characters of UTF-8 in a
PHP file, you could run in to some trouble. I use UTF-8 for most of my PHP
files, but I've been sticking to the ASCII subset exclusively.
I don't use the higher range of characters often, but I do sometimes use
them for things like the graphical glyphs (½✉✆, etc) I know I could do
those with regular text and the Wingdings font, but that's not available
on every computer, and breaks the semantic meaning behind the glyphs.
What higher range? ASCII only defined 128 values, the bottom 32 being control
characters that don't print. Anything outside of that is not ASCII, but a
proprietary extension. In particular, the glyphs usually associated with 0-32
and 128-255 are IBM specific and not guaranteed to be present outside of their
original video ROM. So only the first 128 characters map directly into UTF-8.
Bob McConnell
Ref: pp 25-29 The Programmer's PC Sourcebook, 1988, Thom Hogan, Microsoft Press
RE: [PHP] displaying database output in a table
From: Philip Thompson On May 25, 2010, at 8:27 PM, David Mehler wrote: Hello, I'm trying to display mysql database output in a formatted table. My problem is i'm getting a blank screen with no errors. I've got debugging on, and have run the cli php on this file which produces no errors either, but neither does it give me any output. My eventual goal is to select the two nearest future events to the current date. Having done that I want to display the name, location, start date, start time, and a summary. Right now though I just want to put all information in the database in to a table. Here's the code. Pointers welcome. Thanks. Dave. ?php require_once($_SERVER['DOCUMENT_ROOT'] . /dbconnect.php); I ran into a similar issue yesterday. Tracked it down and figured out the required file did not exist. It didn't show up in my dev environment b/c I had the file. When we pushed it to QA, the file had not been uploaded. The require_once() stops execution if the file isn't found. Try changing it to include_once() and see if you can _any_ output. We struggled with this as well. require terminates the process without any indication of why it stopped. No error, no exception, not even a whimper. Recording a basic file not found message in the error log would be a major improvement. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Convert UTF-8 to PHP defines
From: tedd The Unicode database uses the same lower character values (i.e., code points) as does ASCII, namely 0-127, and thus UFT-8 (8-bit variable width encoding) is really a super-set which includes the sub-set of ASCII. The Wingdings font that Ash refers to is the really the Dingbat char set in Unicode, as shown here: The use of UFT-8 encoding in everything (web and php) should present much less problems globally than it is trying to fight it. Thanks tedd, The real question is whether unicode is even relevant now that the UTF series is available. I see no reason to have to deal with two competing specifications, when one of them is more than adequate for the job and the other is not even finished yet. That's like the old days when a few users demanded we support both ASCII and EBCDIC. That didn't get very far either. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Select Values Didn't Get Passed in From Two Different Forms
From: Alice Wei On Tue, 2010-05-25 at 15:41 -0400, Alice Wei wrote: Date: Tue, 25 May 2010 13:40:44 -0400 Subject: Re: [PHP] Select Values Didn't Get Passed in From Two Different Forms From: marc.g...@gmail.com To: aj...@alumni.iu.edu I would like to take those values away into my third form, which is what you see with the hidden. If they are not populated, then how come I could see the drop down menus? So you're expecting the values selected in the first two forms to populate the values of the hidden fields in the third form? Why not wrap the whole thing in a single form? Do test_getrss.php and test_getrss2.php perform anything useful or are they just hanging around? No, the fields are populated in the first and second form, form1 and form2. What I want to do is to get the selections from both forms and pass them on to the third. Does this make sense? For some reason, the text input and the semester drop down menu result can be passed to process.php, but the results that I try to select from the first and second does not. So, the form is not passing the results of what I had from the radio button selections. Alice, What you seem to be missing is that the browser, by design, will only send the fields in the form that was submitted. If you want to change that you need to either replace the browser with one you modified to act the way you want, or change the page to combine all of the forms into one. You can try to work around it using Javascript, but that will only work for people that don't know enough to disable that primary infection vector for malware. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] exec in different directory where PHP is Installed
From: loki PHP is installed in c:\program files\php the PHP script are in network drive \\xxx.xxx.xxx.xxx\scriptdir\ in the PHP script, we try to launch the command @exec(...) with a executable located in c:\program files\ourexecutable\ it's not work :( but if we move the PHP script from \\xxx.xxx.xxx.xxx\scriptdir\ to c:\scriptdir\ then it's work !! everything work good EXCEPT the @EXEC command ... Is 'C:\Program Files\PHP' in your PATH? You may need to add that manually. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] exec in different directory where PHP is Installed
From: loki On 5/24/2010 11:31 PM, Bob McConnell wrote: From: loki PHP is installed in c:\program files\php the PHP script are in network drive \\xxx.xxx.xxx.xxx\scriptdir\ in the PHP script, we try to launch the command @exec(...) with a executable located in c:\program files\ourexecutable\ it's not work :( but if we move the PHP script from \\xxx.xxx.xxx.xxx\scriptdir\ to c:\scriptdir\ then it's work !! everything work good EXCEPT the @EXEC command ... Is 'C:\Program Files\PHP' in your PATH? You may need to add that manually. no ? but why i would need to add C:\Program Files\PHP in my path ? why it's explain that it's work when the php script are located in any directory under c: and not under \\xxx.xxx.xxx.xxx\scriptdir\ ?? What is the exact error message you get when it doesn't work? Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] How to get input from socket client
From: Ryan Sun Thanks for your reply You are welcome. The other problem has to do with thinking an fread() will always give you everything you sent in an fwrite() Interestingly, I use 'telnet 127.0.0.1 1037' for testing later(on windows) and everything works, the php server got the input from telnet client, so I assume there is something wrong in the php client, the fwrite statement... What are the actual symptoms? Are you sure both ends are using the same character encoding? TCP transports a series of octets, or bytes. Again it is up to the applications on both ends of the stream to agree on interpretation of those octets, either separately or in sequence. For example, if integers or floats are sent in a native format, but one end is little Endean while the other is big Endean, there will be some differences in what the two ends read from that stream. Likewise, if one end is expecting ASCII, while the other is sending UTF-8, there may be the occasional multi-byte value that gets scrambled. On the other hand, I may be way out in left field. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Remove blank lines from a file
From: Anton Heuschen
On 21 May 2010 15:16, Ashley Sheridan a...@ashleysheridan.co.uk
wrote:
On Fri, 2010-05-21 at 14:03 +0200, Anton Heuschen wrote:
Hi Im trying do something like this, have a function which uploads my
file and returns file pointer ... but at same time ... I want to
remove all Blank lines in a file and update it before it goes to the
final location ...
What I tried was to do a write of file and use some regexp replace to
remove a blank ... either I am not doing the replace correct or my
understanding of the file buffer and what I can do with it between
the
browser and saving is not correct,
Anyway my code looks something like this :
$uploadfile = $this-uploaddir;
$mtran = mt_rand(999,99);
$NewName= date(Ymd_Gis).$mtran..csv;
$uploadfile = $uploadfile.$NewName;
try{
if
(move_uploaded_file($_FILES['attachfile']['tmp_name'], $uploadfile))
{
$handle = fopen($uploadfile, r+);
$lines = file($uploadfile,
FILE_SKIP_EMPTY_LINES); //FILE_IGNORE_NEW_LINES |
foreach ($lines as $line_num = $line) {
$line =
preg_replace(/(^[\r\n]*|[\r\n]+)[\s\t]*[\r\n]+/, , $line);
if(strlen($line) 0)
$line=trim($line);
$line=$line.\n;
fwrite($handle, $line);
}
fclose($handle);
If the files aren't too large in size, what about using something
like
file('somefile.txt', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
which
should pull into an array only those lines with content, and then
just write
that back out to the same file line by line?
I actually had that ... removed it in last example as I was trying
other
stuff and it did not seem to work either ?
$lines = file($uploadfile, FILE_SKIP_EMPTY_LINES);
//FILE_IGNORE_NEW_LINES
|
see I removed the FILE_IGNORE line - it was in earlier and only tried
FILE_SKIP_EMPTY but still the final file had all the spaces again
...
So in the file it would look like (from the original file the user
uploads
that is)
1
2
3
4
5
6
but when the file is saved to the server it must look like
1
2
3
4
5
6
but it never does and still looks like the first block.
Are those lines actually empty, or do they have other non-printing
characters in them? Isn't there a generic whitespace value that could be
used in place of '\s\t'?
Can you look at the output file with a binary or hex editor to see what
is actually in those 'empty' lines?
Does that regular expression work correctly on UTF-8 input?
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Automatic PHP Security tool
From: Juan Rodriguez Monti I would like to know if there´s some App that run automatic test against a PHP Application to detect security issues, potential bugs and so on. I know this kind of applications exists for other fields of IT, but I don´t know if there are some application or tests to run against a PHP App. Might be some security suite or tests written in Python or Perl, I don´t know, but I guess you might know. In this case, I just finished the development of an application developed in PHP with XHTML and that works with Sqlite. And I would like to include some security tests before it goes online. It´s not actually working in production environment, but it´s ready to use it. You probably want to start by looking at the OWASP project. http://www.owasp.org/index.php/Category:OWASP_Project Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Multiple Login in a single PC should not be possible
Web servers can only identify computers, not users. You will need something else to track which user started a specific application on a particular computer, probably a fingerprint scanner next to the keyboard. But that won't prevent someone else from replacing the entity between the keyboard and the chair after they log in. Plus, it is unlikely that will be useful in a true multi-user environment. There are simply too many possible ways to get around your restrictions. Bob McConnell -Original Message- From: Jagdeep Singh [mailto:jagsaini1...@gmail.com] Sent: Friday, May 14, 2010 4:26 AM To: Peter Lind Cc: Lester Caine; php-general@lists.php.net php-general@lists.php.net Subject: Re: [PHP] Multiple Login in a single PC should not be possible Hi, yes, I can make a databse table to record LOGIN details, But I want that No other user can login on same machine on smae or another browser. E.g. If user1 has logged in from IE then user2 should not login from Firefox or Chrome etc.. I need ONLY ONE USER ACCESS AT SAME TIME ON SAME MACHINE (On Same or Other broswers) Regards Jagdeep Singh On Fri, May 14, 2010 at 1:26 PM, Peter Lind peter.e.l...@gmail.com wrote: On 14 May 2010 09:29, Lester Caine les...@lsces.co.uk wrote: Jagdeep Singh wrote: Hi All! I am looking for a solution, I want a user to do a single Login only on a PC . E.g. If a User has logged on my website website.com in Internet explorer, then he cant login on same website in another browser like Firefox etc with same loginid or another. Can I trace MAC address of a single machine to solve this issue? The browser IP address works for us quite reliably. Once logged in, you get a message saying already logged on ... and where ... but it does need a little help if the user closes the browser without logging out. One needs a facility to 'bounce' a user now and again however some remote users may well have 'floating' IP addresses :( Don't rely on IP addresses staying the same for a user, it's not safe in any way and not needed anyway. Karls method is probably the best bet - just remember to record last accessed time so anyone not accessing for more than 15-20 minutes will succeed if trying to log in again. Regards Peter -- hype WWW: http://plphp.dk / http://plind.dk LinkedIn: http://www.linkedin.com/in/plind Flickr: http://www.flickr.com/photos/fake51 BeWelcome: Fake51 Couchsurfing: Fake51 /hype -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question about creating php files from a form
From: Kevin I am trying to figure out how to create files when a user submits a form ... I have seen something about '*fopen*' , is that the direction I should be going? Here is what I am trying to accomplish: I am creating a program to keep track of recipes for my wife. I have have page set up where she can put the name of the recipe, the ingredients, and the amounts of each ingredient. Then she clicks Submit I would like a html file with the name of the recipe to be created ie *cookies.html *with a link to the cookies.html created on another page. There are already a number of free applications for this. I have reviewed over a dozen of them in the past year. Drupal has a recipe module, Gourmet for Gnome users, Krecipes for KDE users. ReciPants in Perl, Qookbook, to name a few off the top of my head. Some of them will link into the USDA Nutrition Database as well. You may not need to reinvent this particular wheel. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] jquery password problem
From: Manolis Vlachakis i uses str_replace finally and it works.. but still i would like to know how this problem comes up cause i would like to be sure on whatever password is going to be used weather that is a number a letter or a combination of those two any ideas, You probably should look at the documentation for html entities and magic quotes to see what is and is not allowed in a URL. There are a number of characters that may be modified by either the browser or the server before you get your hands on them. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Multiple Login in a single PC should not be possible
From: Robert Cummings Bob McConnell wrote: Web servers can only identify computers, not users. You will need something else to track which user started a specific application on a particular computer, probably a fingerprint scanner next to the keyboard. But that won't prevent someone else from replacing the entity between the keyboard and the chair after they log in. Plus, it is unlikely that will be useful in a true multi-user environment. There are simply too many possible ways to get around your restrictions. Isn't it simple to associate a single session ID with a username? User logs in, place username and session ID in active users table and invalidate any others for same user. When user accesses page check session ID against entry in active users table. Richard Quadling has it right. This is not complicated, but it sounds like people are making it so. The user identified themselves via login. From the series of questions he asked, it was not clear to me what he was trying to do. It sounded like he wanted to allow a user to access a single session simultaneously via multiple browsers, yet not allow another person to hijack that session even if both were using the same computer. Somehow I don't think all of that is a reasonable requirement. Actually, I believe that linking a session to a specific individual without reading a biometric key with every http request is an unacceptable risk. And no, I don't do any banking online. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Multiple Login in a single PC should not be possible
From: Richard Quadling On 14 May 2010 14:47, Bob McConnell r...@cbord.com wrote: Actually, I believe that linking a session to a specific individual without reading a biometric key with every http request is an unacceptable risk. And no, I don't do any banking online. That's why my bank has supplied me with a little card reader for my bank card, into which I put my pin number. So they know it is me because of something I have (my card and card reader) and something I know (my pin number). This is pretty similar to the system we use for our online BACS transactions. And yes, I do online banking. That only verifies that it was probably you that initially logged in. There is nothing to prevent someone else from knocking you out and using the session once you have completed that step, or hijacking it after you are done. There are any number of ways to intercept your traffic, such as a poisoned DNS server misdirecting your browser through a man in the middle. Even without that, how long would it take someone else to 'discover' your four digit PIN number if they wanted to? Probably less than an hour with only possible variations. That's nowhere near safe enough for me. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] How to get input from socket client
From: Ryan Sun Stream and networking programming seems like a rock on the way to ZCE for most people, so I'm learning some socket examples before I sit in the room for exam. Here is the script for server snip serverclient hangs after output and time out later. Can any1 point out whats the reason and the more correct way to get socket client input in socket server? I have not done any socket programs in PHP, but I have in Assembler, C and Perl. First, I don't think feof() will do what you think it does. I wouldn't expect it to show up until after the other end has actually closed the connection. The other problem has to do with thinking an fread() will always give you everything you sent in an fwrite(). TCP is a stream protocol, there are no guarantees about delivering a complete message in one read, or that two writes won't be read together. It only guarantees that all octets will eventually be delivered in the same order they were sent, or you will get an error. The buffering is completely hidden and outside of your control. If you want writes to be atomic, you want UDP, but then you lose the guarantee of delivery. If you want to enforce a structure on the data in that stream, it is your application's responsibility to reconstruct that data at the receiver. One other detail that may or may not make a difference. TCP actually defines two independent pipes, one in each direction. Many Unix applications create two processes to service a socket, one to send, the other to receive. Only occasionally does a protocol require alternating messages similar to a conversation or ping-pong match. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Can't find my error
From: Robert Cummings tedd wrote: At 6:40 AM -0400 5/7/10, David McGlone wrote: On Thursday 06 May 2010 23:47:23 Jim Lucas wrote: Robert Cummings wrote: David McGlone wrote: On Thursday 06 May 2010 20:49:47 Jason Pruim wrote: On May 5, 2010, at 9:02 PM, David McGlone wrote: On Wednesday 05 May 2010 13:12:58 Dan Joseph wrote: On Wed, May 5, 2010 at 1:06 PM, David McGlone da...@dmcentral.net On Wednesday 05 May 2010 12:59:07 Dan Joseph wrote: On Wed, May 5, 2010 at 12:55 PM, David McGlone da...@dmcentral.net wrote: -snip- mindless chater We are surely a different breed ;-) Yes, the breed that finds such chatter assuming. Careful, we might drool on our pocket protectors. :-) I have some duct tape that can help you with your drooling problem! I use some 100-mile-an-hour tape my son left the last time he was home on leave. That reminds me, I need to get some more from him when he gets back from Baghdad next month. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Converting floats to ints with intval
From: David McGlone On Thursday 06 May 2010 07:19:48 Paul Waring wrote: David Otton wrote: On 6 May 2010 11:52, Paul Waring p...@xk7.net wrote: If I was designing the system from scratch, that's what I'd do. Unfortunately this is an add-on to a legacy system where currency values are already stored as strings in the database (yes, not ideal I know, but you have to work with what you've got). I don't know much about your situation, but it does sound like you need to fix the root problem. I'd use a decimal type, and lean on the database to do the maths. As I said, unfortunately it's a legacy system, so I can't just change the database to use a different type (there are dozens of columns set up like this, with thousands of values already set). Would It be possible to write a script to extract everything from that database and insert it into a database with the correct columns and values, then all you would need to do is change the db connection information. If the data is really stored in strings, you need to break it down into substrings around the decimal and then convert both sides into integers and combine them into an integer value. It is the conversion into float that introduces the error because of the imprecise representation of fractional decimal values in binary. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Inserting rows with missing IDs
From: Andre Polykanine It's not a strictly PHP question, however since I use that with PHP, I'm asking it there. How can I accomplish the task of inserting rows into MySql database with missing IDs? Say, I have rows with IDs 1, 2, 3, 5, 9, 12, 17, and 195. How do I make the check that allows to insert firstly the missing IDs and only then apply the auto-increment? Why are they missing? Were they present at one time then deleted? If so, were they used as foreign keys from another table or referenced in queries for other data that may still reference those empty rows? Think about the ramifications of old data in other tables that may be inherited when new rows are assigned a deleted ID. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Need login suggestions
From: Ashley M. Kirchner From: Paul M Foster The only reliable way to resolve this is to let the school administration to handle it. Each registration would *attempt* to register as a student, parent or whatever. Those attempted registrations would go into a wait queue. Meantime, emails would be sent to an administrator whose job is would be to bless those registrations. They would check to see if a potential registrant was what they claimed to be. You'd give them a page where the queued registration attempts would show up. And they would check the proper box for each potential registrant. Once done, the registration would be completed, and in the proper category. Yeah, that would fall on our shoulders. School administration won't do this. It comes back to the IT Department and we have to figure it out. The problem is, while we can bless student registrations, we can't always tell if the next one is a parent or not, or if it's a parent in our district. We do have another system in place, one in which we hand out 2 unique keys for each student at each school and parents pick those up. Internally those keys are matched to that student so we know who it is that's registering. However, that requires a lot of front work to get those keys out. For this particular project, we want to make it as painless as possible, but the more I think about it, the more I'm accepting the impossible nature of it. It all boils down to a simple risk assessment. Is the administration willing to live with the possibility that students can masquerade as parents and vice versa? And that strangers can masquerade as either? If so, then a simple check box on the registration page will suffice. If not, they will need to establish a manual authentication step as part of the registration process and control that check box themselves. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Two color rows in table inside while iteration
From: Ashley Sheridan On Wed, 2010-04-28 at 09:46 -0400, Fernando wrote: But then you need to differentiate the table, otherwise all your tables will have the same row formating no? This way you only apply the formating to those rows that need it. Yes, but one would assume you'd be doing that anyway if you needed this table to be displayed differently from all the others on your page? The alternate colors should be in a CSS style linked to the TR tag. The base table style is used for the odd rows, with the alternate colors for the even rows. It's very easy to create multiple variations that way. Javascript is definitely out. Only a fool or an imbecile intentionally enables primary malware infection vectors like that. I believe Firefox should install the NoScript add-on by default with maximum protection enabled. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Updating cli executable on MS-Windows
From: Richard Quadling On 23 April 2010 02:34, Bob McConnell r...@cbord.com wrote: From: Richard Quadling On 22 April 2010 14:42, Bob McConnell r...@cbord.com wrote: I downloaded the MS-Windows cli from The PHP Group a while ago. It claims to be version 5.2.10. But now I can't find where I got it, nor where to get the updates. What is the easiest way to upgrade it to 5.2.13? D:\Code\Testsphp --version PHP 5.2.10 (cli) (built: Jun 17 2009 16:16:57) Copyright (c) 1997-2009 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies You can get the latest V5.2.x from http://windows.php.net/download/ Which one has just the cli installer? I don't want any server files installed on my workstation. Normally, you take the ZIP file and unzip it into C:\PHP5 (or wherever you want). That's the installation done. Then, you take a long look through the php.ini-production and php.ini-development to see what you need to setup. I'd recommend reading ... http://docs.php.net/manual/en/install.windows.manual.php and http://docs.php.net/manual/en/install.windows.commandline.php Thank you for those links. I had missed them completely on my first and second times through the manual. I did it the easy way by renaming D:\php to php.5.2.10 and creating a new D:\php to extract the new version into. It is working, but now I have to see about those setup options. Thank you, Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] What's your game? (X-PHP)
The last game I played was catch. My oldest grandson and I borrowed his cousin's Harlem Globetrotters miniature basketball. I taught him how to use spin to deflect the ball path when it bounced. I actually don't recall the last time I played an electronic game. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Updating cli executable on MS-Windows
I downloaded the MS-Windows cli from The PHP Group a while ago. It claims to be version 5.2.10. But now I can't find where I got it, nor where to get the updates. What is the easiest way to upgrade it to 5.2.13? D:\Code\Testsphp --version PHP 5.2.10 (cli) (built: Jun 17 2009 16:16:57) Copyright (c) 1997-2009 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Updating cli executable on MS-Windows
From: Richard Quadling On 22 April 2010 14:42, Bob McConnell r...@cbord.com wrote: I downloaded the MS-Windows cli from The PHP Group a while ago. It claims to be version 5.2.10. But now I can't find where I got it, nor where to get the updates. What is the easiest way to upgrade it to 5.2.13? D:\Code\Testsphp --version PHP 5.2.10 (cli) (built: Jun 17 2009 16:16:57) Copyright (c) 1997-2009 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies Bob McConnell You can get the latest V5.2.x from http://windows.php.net/download/ Which one has just the cli installer? I don't want any server files installed on my workstation. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
