RE: [PHP] Web Site Directory Layout
Thanks for help. Caner. _ From: דניאל דנון [mailto:danondan...@gmail.com] Sent: Saturday, September 26, 2009 2:35 PM To: Caner Bulut Cc: php-general@lists.php.net Subject: Re: [PHP] Web Site Directory Layout There is no standard for that - Its your choice, I usually use something like index.php configuration.php template/ template/NAME/template.html template/NAME/template.css template/NAME/images/ modules/ modules/connection/MySQL.php etc. On Sat, Sep 26, 2009 at 1:50 AM, Caner Bulut caner...@gmail.com wrote: Hi All, Is there a stable or standart directory layout for PHP project (like web sites)?. Example; index.php img/ css/ js/ lib/ doc/ tools/ Thanks. -- Use ROT26 for best security
[PHP] Web Site Directory Layout
Hi All, Is there a stable or standart directory layout for PHP project (like web sites)?. Example; index.php img/ css/ js/ lib/ doc/ tools/ Thanks.
RE: [PHP] Web Site Directory Layout
Thanks Bastien for your advice, But i still waiting some more advice from experienced developers, maybe this is related about security and directory permissions? Thanks. -Original Message- From: Phpster [mailto:phps...@gmail.com] Sent: Saturday, September 26, 2009 2:19 AM To: Caner Bulut Cc: php-general@lists.php.net; caner...@gmail.com Subject: Re: [PHP] Web Site Directory Layout On Sep 25, 2009, at 6:50 PM, Caner Bulut caner...@gmail.com wrote: Hi All, Is there a stable or standart directory layout for PHP project (like web sites)?. Example; index.php img/ css/ js/ lib/ doc/ tools/ Thanks. It depends. Using of the many frameworks will force you to userheir layout. If you are coding your own site without one, the you can use whatever you want. Thanks Bastien -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Sanitizing mysql inserts of user data
Hi Dotan,
You can use htmlentities(), htmlspecialchars() and strip_tags() functions
when you show your saved data on your web pages. mysql_real_escape_string
function saved data into mysql DB with a secure way. But when you try to
show data you still have to control it.
Thanks.
Caner.
-Original Message-
From: Dotan Cohen [mailto:dotanco...@gmail.com]
Sent: Sunday, August 16, 2009 9:43 PM
To: php-general.
Subject: [PHP] Sanitizing mysql inserts of user data
I am sanitizing user-entered data before storing in mysql with this
function:
function clean_mysql ($dirty) {
$dirty=trim($dirty);
$dirty=str_replace (--, , $dirty);
$dirty=str_replace (;, , $dirty);
$clean=mysql_real_escape_string($dirty);
return $clean;
}
Is this good enough to prevent SQL injection attacks? Should I add
anything else? Thanks!
Dotan Cohen
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Cannot exec in my own directory
Dotan, Please copy your script in the Linux include paths. Such as /usr/local/bin and give it neccecary permission and try your script again. If you still have any problem, we understand that it is no related script path problem and permissions. Maybe there is some problems on your php script. Thanks -Original Message- From: Dotan Cohen [mailto:dotanco...@gmail.com] Sent: Sunday, August 16, 2009 9:46 PM To: Sudheer Satyanarayana Cc: php-general. Subject: Re: [PHP] Cannot exec in my own directory Check the include path. Try using the complete path to the file. And make sure the user PHP is running has read permissions to the directories upwards the hierarchy. Thanks. I am using the complete path to the script: exec(/home/username/script.sh); In the /home/username/ directory there are other files, such as database_connection.inc that I regularly include_once in my PHP scripts, so I know that PHP has read access to that directory. -- Dotan Cohen http://what-is-what.com http://gibberish.co.il -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] OOP Design Software
Hi Daniel, You can use Eclipse with plugin PDT or Zend Studio. They can track your classes and methods. They can remember your methods and classes also they have code completion abilities. Thanks Caner. -Original Message- From: Daniel Kolbo [mailto:kolb0...@umn.edu] Sent: 26 July 2009 19:46 To: PHP General Subject: [PHP] OOP Design Software Hello, Is there an objected oriented programming software that can help me keep track of my methods and properties of my objects. My memory is not what it used to be, and i'd like to have a quick 'overview' or layout of all the objects I have to work with. Maybe the software would even let make a process flow chart. This would really help my design (and save me time). Thanks, dK ` -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] XSS Preventing.
Michael, I can be useful for me. It seems there will be not ant charset problem occurs. Thanks for help. Caner. 2009/6/23 Michael A. Peters mpet...@mac.com Caner BULUT wrote: Hi Guys, I have a question if you have any knowledge about this please let me know. I getting data from a form with POST method like following. $x = htmlentities($_POST['y']); . After getting all form daha I save them into DB, I used mysql_real_escape_string. Don't try to home brew your own. You'll miss stuff. Use an input filter class that is developed by and tested by a large number of users. http://htmlpurifier.org/ is what I recommend. Also, with respect to mysql_real_escape - if you use prepared statements, escaping isn't an issue. Personally I recommend a database extraction later. Pear MDB2 is a good one. It makes your code portable to other databases as long as you stick to standard SQL (which usually is pretty easy to do).
Re: [PHP] Re: XSS Preventing.
I have read somethings about these issues. And i understand that If you use htmlentities() BEFORE insertion, when querying DB from XML, PDF or other data format, there will be some problems. I have some PHP books, the author codding like Martin Zvarík's way. If you have any pros and cons please share us. Thanks. 2009/6/23 Martin Zvarík mzva...@gmail.com Don't htmlentiies() before DB save. In general: - mysql_real_escape_string() before DB insertion - htmlentities() before dispaly I, on the other hand, would do htmlentities() BEFORE insertion. Pros: --- The text is processed once and doesn't have to be htmlentitied() everytime you read the database - what a stupid waste of performance anyway. Cons: --- Instead you'll see amp; ... is that a problem? Not for me and I believe 80% of others who use DB to store view on web. Martin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] resubmit form after validation error
Hi PJ,
You can use the structure following
$bid = htmlentities($_GET['id']);
if(empty($bid) {
$bid=0;
}
if(is_numeric($bid)) {
if($bid==0) {
do something
} else if($bid==1) {
do something
}
}
After this code there will always a number, If the id variable is 0, bid
will be 0 and you can control it.
Thanks.
Caner.
2009/6/22 PJ af.gour...@videotron.ca
Hi Caner,
Thanks for the input. I'm not sure that would do it as the first
instruction on the page is :
$bid = $_GET['id'] ;
thus, the page cannot even be loaded if there is no id in the uri - it
generates a number of errors.
In order to use the feature of editing, I use a search page and then set
up an href to the edit page with the id of the item to be edited.
I finally figured out to do the action=another_page.php and with
slight modifications to the form, things finally work.
And, to delete the item (all records related to the item), I set up 2
submits - 1 to update.php and one to delete.php
Maybe it's all cumbersome and maybe it is possible to streamline the
whole process, but then it does work and I am just learning... :-)
Thanks again.
PJ
Caner BULUT wrote:
Hi,
You can use a variable to that. Like following. Example if the variable
is 1
you start to processing form input.
Example
form method=post action=file.php?action=1
And in file.php you check the action variable if it is 1 you can start
the
processing data.
If($_GET['action']==1) {
Echo done;
}
Thanks.
Caner.
-Original Message-
From: PJ [mailto:af.gour...@videotron.ca]
Sent: 20 June 2009 22:55
To: php-general@lists.php.net
Subject: [PHP] resubmit form after validation error
I'm having a bit of a time figuring out how to resubmit a form after
obligatory field missing error.
The problem is that the page is accessed from a search page href where
the uri is like = file.php$=123.
Since the method=post action=file.php?=?php echo $number; ? does
not work nor does PHP_SELF, I have set the action=otherfile.php. All
is well, if all fields are properly entered, but if there is an error,
how to resubmit the form for correction and resubmission without using
js or functions or redoing it all from scratch?
--
Hervé Kempf: Pour sauver la planète, sortez du capitalisme.
-
Phil Jourdan --- p...@ptahhotep.com
http://www.ptahhotep.com
http://www.chiccantine.com/andypantry.php
[PHP] XSS Preventing.
Hi Guys, I have a question if you have any knowledge about this please let me know. I getting data from a form with POST method like following. $x = htmlentities($_POST['y']); . After getting all form daha I save them into DB, I used mysql_real_escape_string. I have an page which show the information that I have save into DB. But If I don't use html_entity_decode, there will encodding and charset problems. I can't set htmlentities charset parameters because this function does not have Turkish Charset support. The question is that, after saving data into DB with using htmlentities, in the information page if I use html_entity_decode function still there is an XSS risk or not? . html_entity_decode function get back all risk again? Please help. Thanks. Caner.
RE: [PHP] Re: XSS Preventing.
Thanks for response. But if I use before display there is charset problems occurs. And htmlentities does not support Turkish Charset. How can I decode data after pass thought htmlentities. Thanks. -Original Message- From: Shawn McKenzie [mailto:nos...@mckenzies.net] Sent: 22 June 2009 23:27 To: php-general@lists.php.net Subject: [PHP] Re: XSS Preventing. Caner BULUT wrote: Hi Guys, I have a question if you have any knowledge about this please let me know. I getting data from a form with POST method like following. $x = htmlentities($_POST['y']); . After getting all form daha I save them into DB, I used mysql_real_escape_string. I have an page which show the information that I have save into DB. But If I don't use html_entity_decode, there will encodding and charset problems. I can't set htmlentities charset parameters because this function does not have Turkish Charset support. The question is that, after saving data into DB with using htmlentities, in the information page if I use html_entity_decode function still there is an XSS risk or not? . html_entity_decode function get back all risk again? Please help. Thanks. Caner. Don't htmlentiies() before DB save. In general: - mysql_real_escape_string() before DB insertion - htmlentities() before dispaly -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: XSS Preventing.
Shawm thanks, İf you using htmlentities awere that he change the charset to ISO-8859-1. So this is the a problem. For solving this there were some parameters. Htmlentities($str, ENT_QUOTES, 'UTF-8') But there is no Turkish Charset inside supportad Charset. You can see the detail info from http://tr.php.net/htmlentities After using htmlentities I am getting following Paramp;ccedil;anyacute;n amp;ccedil;yacute;karyacute;ldyacute;eth;yacute; / takyacute;lacaeth;yacute; araamp;ccedil; modeli Paramp;ccedil;anyacute;n amp;ccedil;yacute;karyacute;ldyacute;eth;yacute; / takyacute;lacaeth;yacute; araamp;ccedil; modeli Paramp;ccedil;anyacute;n amp;ccedil;yacute;karyacute;ldyacute;eth;yacute; / takyacute;lacaeth;yacute; araamp;ccedil; modeli Paramp;ccedil;anyacute;n After using htmlspecialchars I am getting following Paramp;ccedil;anyacute;n amp;ccedil;yacute;karyacute;ldyacute;eth;yacute; / takyacute;lacaeth;yacute; araamp;ccedil; modeli Paramp;ccedil;anyacute;n amp;ccedil;yacute;karyacute;ldyacute;eth;yacute; / takyacute;lacaeth;yacute; araamp;ccedil; modeli Paramp;ccedil;anyacute;n amp;ccedil;yacute;karyacute;ldyacute;eth;yacute; / takyacute;lacaeth;yacute; araamp;ccedil; modeli Paramp;ccedil;anyacute;n amp;ccedil;yacute;karyacute;ldyacute;eth;yacute; / takyacute;lacaeth;yacute; araamp;ccedil; modeli I hope I can explain the problem. Thanks -Original Message- From: Shawn McKenzie [mailto:nos...@mckenzies.net] Sent: 23 June 2009 00:01 To: php-general@lists.php.net Subject: Re: [PHP] Re: XSS Preventing. Caner BULUT wrote: Thanks for response. But if I use before display there is charset problems occurs. And htmlentities does not support Turkish Charset. How can I decode data after pass thought htmlentities. I have no idea, I was just saying that if you use it, use it for display and not for storage. If you only use it for display, then you don't need to decode it. Also, what do you mean it doesn't support the Turkish charset? Does it mangle some of the chars? You are using it so that you don't get markup script etc. in your output, so does it do something bad with the Turkish chars?. Maybe try htmlspecialchars() as it only converts a few specific chars. Thanks. -Original Message- From: Shawn McKenzie [mailto:nos...@mckenzies.net] Sent: 22 June 2009 23:27 To: php-general@lists.php.net Subject: [PHP] Re: XSS Preventing. Caner BULUT wrote: Hi Guys, I have a question if you have any knowledge about this please let me know. I getting data from a form with POST method like following. $x = htmlentities($_POST['y']); . After getting all form daha I save them into DB, I used mysql_real_escape_string. I have an page which show the information that I have save into DB. But If I don't use html_entity_decode, there will encodding and charset problems. I can't set htmlentities charset parameters because this function does not have Turkish Charset support. The question is that, after saving data into DB with using htmlentities, in the information page if I use html_entity_decode function still there is an XSS risk or not? . html_entity_decode function get back all risk again? Please help. Thanks. Caner. Don't htmlentiies() before DB save. In general: - mysql_real_escape_string() before DB insertion - htmlentities() before dispaly -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] resubmit form after validation error
Hi,
You can use a variable to that. Like following. Example if the variable is 1
you start to processing form input.
Example
form method=post action=file.php?action=1
And in file.php you check the action variable if it is 1 you can start the
processing data.
If($_GET['action']==1) {
Echo done;
}
Thanks.
Caner.
-Original Message-
From: PJ [mailto:af.gour...@videotron.ca]
Sent: 20 June 2009 22:55
To: php-general@lists.php.net
Subject: [PHP] resubmit form after validation error
I'm having a bit of a time figuring out how to resubmit a form after
obligatory field missing error.
The problem is that the page is accessed from a search page href where
the uri is like = file.php$=123.
Since the method=post action=file.php?=?php echo $number; ? does
not work nor does PHP_SELF, I have set the action=otherfile.php. All
is well, if all fields are properly entered, but if there is an error,
how to resubmit the form for correction and resubmission without using
js or functions or redoing it all from scratch?
--
Hervé Kempf: Pour sauver la planète, sortez du capitalisme.
-
Phil Jourdan --- p...@ptahhotep.com
http://www.ptahhotep.com
http://www.chiccantine.com/andypantry.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Search/Replace in entire database?
Hi Chris, MySQL introduced full - text indexing and searching capabilities back in version 3.23.23. The implementation is straightforward and easy to use — define a FULLTEXT index and use MATCH / AGAINST in the query. Consider this example: CREATE TABLE SOCIAL_EVENT ( EVENT_ID INTEGER UNSIGNED NOT NULL AUTO_INCREMENT, USER_ID INTEGER UNSIGNED NOT NULL, HEADLINE TEXT NOT NULL, EVENT_TEXT TEXT NOT NULL, EVENT_DATE TIMESTAMP NOT NULL, PRIMARY KEY (EVENT_ID), FOREIGN KEY (USER_ID) REFERENCES SOCIAL_USER(USER_ID), FULLTEXT INDEX (HEADLINE, EVENT_TEXT) ) ENGINE=MyISAM DEFAULT CHARACTER SET latin1 COLLATE latin1_general_cs AUTO_INCREMENT=0; Thanks. Caner 2009/6/15 Chris Payne chris_pa...@danmangames.com Hi everyone, I am in the middle of creating an editor where you can search and replace on an individual column in a single table then I came across something I need to be able to do but not sure how. Is it posible (And if so please how :-) to search an entire database and all tables within a database and do a find/replace on keywords without having to specify each table/column within that table? The people I am working for have made some big changes and one of them is changing the names of one of their products, but this product name appears EVERYWHERE in many tables and in lots of different column names, and it would save so much time if I could do a single query that would just search EVERYTHING within the database. Thanks for any advice you can give me. Regards Chris Payne -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
