Re: [PHP] How can I check for characters in a $_POST[] variable?
Use this regex:
if(preg_match('/[[:punct:]]/', $_POST['username']) !== 0) {
// string contains other characters, write the code
}
The POSIX class [:punct:] means matches any punctuation and symbols in your
string and that includes [!#$%'()*+,\-./:;=?@[\\\]^_`{|}~]
Regards,
Igor Escobar
*Software Engineer
*
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar http://www.twitter.com/igorescobar
On Thu, Sep 22, 2011 at 9:17 AM, Nilesh Govindarajan
cont...@nileshgr.comwrote:
On Thu 22 Sep 2011 08:25:29 PM IST, Eric wrote:
I have this problem when using php because my computer recognizes
the characters . and .. as an existing file when I use file_exists.
Also
I want to check $_POST[username] for characters other then A-Z a-z and
0-9.
If it contains anything other then, I would like to prompt the user but
I can't seam to use foreach properly and I don't know how to itterate
through the post variable with a for loop while loop or do while loop.
file_exists() for . and .. would always return true, because they
really exist! . is an alias for the current directory and .. for the
parent directory. This is irrespective of OS.
To search $_POST[username] for characters other than A-Z, a-z, 0-9,
you can use preg_match something like this (there's an alpha class as
well, but I'm not sure about it):
if(preg_match('(.*)^[A-Za-z0-9]+', $_POST['username']) !== 0) {
// string contains other characters, write the code
}
--
Nilesh Govindarajan
http://nileshgr.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How can I check for characters in a $_POST[] variable?
Or... just use:
if(preg_match('/^[A-Za-z0-9]+$/', $_POST['username']) !== 0) {
// string contains other characters, write the code
}
You can see this regex in action here: http://regexpal.com/?flags=regex=
^%5BA-Za-z0-9%5D%2B%24input=myusername01
If you put anything different of A-Za-z0-9 the regex will not match.
Regards,
Igor Escobar
*Software Engineer
*
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar http://www.twitter.com/igorescobar
On Thu, Sep 22, 2011 at 10:03 AM, Igor Escobar titiolin...@gmail.comwrote:
Use this regex:
if(preg_match('/[[:punct:]]/', $_POST['username']) !== 0) {
// string contains other characters, write the code
}
The POSIX class [:punct:] means matches any punctuation and symbols in
your string and that includes [!#$%'()*+,\-./:;=?@[\\\]^_`{|}~]
Regards,
Igor Escobar
*Software Engineer
*
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar http://www.twitter.com/igorescobar
On Thu, Sep 22, 2011 at 9:17 AM, Nilesh Govindarajan cont...@nileshgr.com
wrote:
On Thu 22 Sep 2011 08:25:29 PM IST, Eric wrote:
I have this problem when using php because my computer recognizes
the characters . and .. as an existing file when I use file_exists.
Also
I want to check $_POST[username] for characters other then A-Z a-z and
0-9.
If it contains anything other then, I would like to prompt the user but
I can't seam to use foreach properly and I don't know how to itterate
through the post variable with a for loop while loop or do while loop.
file_exists() for . and .. would always return true, because they
really exist! . is an alias for the current directory and .. for the
parent directory. This is irrespective of OS.
To search $_POST[username] for characters other than A-Z, a-z, 0-9,
you can use preg_match something like this (there's an alpha class as
well, but I'm not sure about it):
if(preg_match('(.*)^[A-Za-z0-9]+', $_POST['username']) !== 0) {
// string contains other characters, write the code
}
--
Nilesh Govindarajan
http://nileshgr.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re:
No problem ;)
Regards,
Igor Escobar
*Software Engineer
*
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar http://www.twitter.com/igorescobar
On Thu, Sep 22, 2011 at 1:25 PM, Eric eric_justin_al...@cfl.rr.com wrote:
Thanks Very much I used,
preg_match('/[[:punct:]]/', $_POST['username']) !== 0
and it works without errors. The reason I can't just use
is_file which I wish I could is because windows doesn't allow question
marks
or some wierd character. It decides to not allow php to make the file if
there
are odd ball characters. It is a very unfortunate mistake in my code that
I
wish php would ignore and just make the file ?.
Re: [PHP] Escaping MySQL passwords necessary when md5 is used?
If you're converting the input data in a md5 hash has no reason to scape it.
Regards,
Igor Escobar
*Software Engineer
*
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar http://www.twitter.com/igorescobar
On Wed, Sep 21, 2011 at 2:53 PM, Dotan Cohen dotanco...@gmail.com wrote:
I have an application in which the password is stored in the database
as md5(md5('passWord').'userSpecificSalt'). I'm checking the password
entered with:
$password=md5( md5('$_POST['password']').'userSpecificSalt' );
$query=SELECT id FROM table WHERE password='{$password}';
Now I'm a bit queasy about not using mysql_real_escape_string() on
that $password variable! Please reassure me or tell me the folly of my
ways. Thanks!
--
Dotan Cohen
http://gibberish.co.il
http://what-is-what.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Bug?
Anyone can explain this? https://gist.github.com/1220404 Part of the code are in portuguese so... iguais = equal diferentes = different Regards, Igor Escobar *Software Engineer * + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar http://www.twitter.com/igorescobar
Re: [PHP] Bug?
I'm confused about the output of the code... very disturbed. But @*augustohphttps://gist.github.com/augustohp * already respond the question on the gist thread (in portuguese) and explained why those results. Regards, Igor Escobar *Software Engineer * + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar http://www.twitter.com/igorescobar On Thu, Sep 15, 2011 at 6:17 PM, Daniel Brown danbr...@php.net wrote: On Thu, Sep 15, 2011 at 17:07, Igor Escobar titiolin...@gmail.com wrote: Anyone can explain this? https://gist.github.com/1220404 Part of the code are in portuguese so... iguais = equal diferentes = different About this part are you confused? -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/
[PHP] Re: Bug?
Thank you guys. Regards, Igor Escobar *Software Engineer * + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar http://www.twitter.com/igorescobar On Thu, Sep 15, 2011 at 6:32 PM, Shawn McKenzie nos...@mckenzies.netwrote: On 09/15/2011 04:07 PM, Igor Escobar wrote: Anyone can explain this? https://gist.github.com/1220404 Part of the code are in portuguese so... iguais = equal diferentes = different Regards, Igor Escobar *Software Engineer * + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar http://www.twitter.com/igorescobar 1. Obviously because of the issues with floating point precision these are stored as the same float, a la your next example. 2. Using bc math for binary calculations on string representations of a number overcomes the problems in 1. 3. This one is peculiar, but it seems that since they are numeric strings that they are being juggled to float for the comparison since using == there is no type checking. Using === yields a different result, presumably because forcing a type check compares them as strings. Use strcmp() to overcome this. 4. Do I need to explain this one? -- Thanks! -Shawn http://www.spidean.com
[PHP] Sort problem
Hi Folks! Anyone know a smart way to order file names? An example to you guys picture what im saying is: ?php $serie[] = Two And Half Man Season 1; $serie[] = Two And Half Man Season 4; $serie[] = Two And Half Man Season 2; $serie[] = Two And Half Man Season 3; $serie[] = Two And Half Man Season 10; $serie[] = Two And Half Man Season 9; sort($serie); print_r($serie); ? The result of this snippet is: Array ( [0] = Two And Half Man Season 1[1] = Two And Half Man Season 10[2] = Two And Half Man Season 2 [3] = Two And Half Man Season 3 [4] = Two And Half Man Season 4 [5] = Two And Half Man Season 9 ) Anyone knows how to solve this problem? Regards, Igor Escobar *Software Engineer * + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar http://www.twitter.com/igorescobar
Re: [PHP] Sort problem
Wow! Thank you! I completely forgot this method! Regards, Igor Escobar *Software Engineer * + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar http://www.twitter.com/igorescobar On Wed, Sep 14, 2011 at 12:02 PM, Marc Guay marc.g...@gmail.com wrote: Anyone know a smart way to order file names? Nope, but I know a natural way: http://ca.php.net/manual/en/function.natsort.php
Re: [PHP] What would you like to see in most in a text editor?
+ extensible plug-ins. Regards, Igor Escobar *Software Engineer * + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar http://www.twitter.com/igorescobar On Tue, Sep 13, 2011 at 6:13 PM, Alex Nikitin niks...@gmail.com wrote: +1 on terminal. For gui-based ones, i like to be able to syntax check my code and run it from within the editor window, tabs for dozens of files i usually have open at once, highlight that supports many languages as i can be working on many at once (php, css, js, ruby, python, C, lua, sql, for the ones i have open in geany atm), shortcuts are essential for things like find or replace in a selected area or what have you, regex support in search, and something that can be themed with white on black. For web-based ones, i never want to have to physically press anything to save my work, and i expect it to be within a few words if i just closed the browser and came back. It can't use any more resources than a usual web-page and has to be responsive. For other features to think about, built in version control system, ability to sync with github or really any cvs/svn/git repo, diff tool integrated into the editor, collaboration. Essential 1: utmost security, if they pwn your servers, they should not be able to have my data, this means that some part of what i pass to you in my credentials needs to not even reside on your servers (for example you can use the salted hash to check my the password, but the clear text version is still needed to decrypt that user's data store) and for the ultra paranoid, i should be able to further protect my data store with another password the hash for which you don't store, but rather store the md5 of the hash. Essential 2: reliability, i would like to be in an N+N+1 where the service and my data are both highly available without performance degradation when one of the services/servers goes kablewey (technical term) Enjoy. -- The trouble with programmers is that you can never tell what a programmer is doing until it’s too late. ~Seymour Cray On Tue, Sep 13, 2011 at 4:35 PM, Robert Cummings rob...@interjinn.com wrote: On 11-09-13 03:56 PM, Brad Huskins wrote: Hello all you php coders out there, I'm doing an Open Source text editor (just a hobby) that's designed for PHP developers and is accessible through the web. This has been stewing for a while, and has gotten to the point where I can use it for my own work. I would like any feedback on things that people really like/dislike about their current editors, as I believe some of these things could be resolved in mine. I currently have username/password protection (with Salted-Hash passwords), a file-system browser, file loading/saving, and syntax highlighting -- and these things seem to work reasonably well. As well, most things about the editor are scriptable with JavaScript. This would seem to imply that in a few weeks I would have something useful. So I would like to get some feedback on what features people would most want, since I am still at a very flexible stage in development. If you would like to see what I have, you can go to un1tware.wordpress.com. You can also peruse the code at github.com/bhus/scriptr. In particular, the README on github gives a little bit better rationality for why something like this might be useful, and how things are currently structured. I'm a big fan of editors that work in the terminal. Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP cron job optimization
Use PHP threads. Do the job separately.. in parts... in other words... you can't read all them at once. You can read a little more about php multithreading here: http://blog.motane.lu/2009/01/02/multithreading-in-php/ You can use a non-relational database like mongo or couchdb to manage where you stop and where you have to look back to the RSS feed as well. []'s Regards, Igor Escobar *Software Engineer * + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar http://www.twitter.com/igorescobar On Sat, Sep 10, 2011 at 10:37 PM, Stuart Dallas stu...@3ft9.com wrote: On 10 Sep 2011, at 09:35, muad shibani wrote: I want to design an application that reads news from RSS sources. I have about 1000 RSS feed to collect from. I also will use Cron jobs every 15 minutes to collect the data. the question is: Is there a clever way to collect all those feed items without exhausting the server any Ideas I designed a job queuing system a while back when I had a similar problem. You can read about it here: http://stut.net/2009/05/29/php-job-queue/. Set that type of system up and add a job for each feed, set to run every 15 minutes. You can then watch the server and tune the number of concurrent job processors so you get the optimum balance between load and speed. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP cron job optimization
Other good point is: always set a timeout connection when you're getting the RSS data to avoid your thread get stuck unnecessary. Use cURL (is much more faster then file_get_contents). Multithreading in PHP with cURL http://devzone.zend.com/article/3341 Regards, Igor Escobar *Software Engineer * + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar http://www.twitter.com/igorescobar On Mon, Sep 12, 2011 at 10:05 AM, Igor Escobar titiolin...@gmail.comwrote: Use PHP threads. Do the job separately.. in parts... in other words... you can't read all them at once. You can read a little more about php multithreading here: http://blog.motane.lu/2009/01/02/multithreading-in-php/ You can use a non-relational database like mongo or couchdb to manage where you stop and where you have to look back to the RSS feed as well. []'s Regards, Igor Escobar *Software Engineer * + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar http://www.twitter.com/igorescobar On Sat, Sep 10, 2011 at 10:37 PM, Stuart Dallas stu...@3ft9.com wrote: On 10 Sep 2011, at 09:35, muad shibani wrote: I want to design an application that reads news from RSS sources. I have about 1000 RSS feed to collect from. I also will use Cron jobs every 15 minutes to collect the data. the question is: Is there a clever way to collect all those feed items without exhausting the server any Ideas I designed a job queuing system a while back when I had a similar problem. You can read about it here: http://stut.net/2009/05/29/php-job-queue/. Set that type of system up and add a job for each feed, set to run every 15 minutes. You can then watch the server and tune the number of concurrent job processors so you get the optimum balance between load and speed. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP cron job optimization
@Eric ok ;) Regards, Igor Escobar *Software Engineer * + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar http://www.twitter.com/igorescobar On Mon, Sep 12, 2011 at 10:52 AM, Eric Butera eric.but...@gmail.com wrote: On Mon, Sep 12, 2011 at 9:37 AM, Igor Escobar titiolin...@gmail.com wrote: Other good point is: always set a timeout connection when you're getting the RSS data to avoid your thread get stuck unnecessary. Use cURL (is much more faster then file_get_contents). Multithreading in PHP with cURL http://devzone.zend.com/article/3341 Regards, Igor Escobar *Software Engineer * + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar http://www.twitter.com/igorescobar On Mon, Sep 12, 2011 at 10:05 AM, Igor Escobar titiolin...@gmail.com wrote: Use PHP threads. Do the job separately.. in parts... in other words... you can't read all them at once. You can read a little more about php multithreading here: http://blog.motane.lu/2009/01/02/multithreading-in-php/ You can use a non-relational database like mongo or couchdb to manage where you stop and where you have to look back to the RSS feed as well. []'s Regards, Igor Escobar *Software Engineer * + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar http://www.twitter.com/igorescobar On Sat, Sep 10, 2011 at 10:37 PM, Stuart Dallas stu...@3ft9.com wrote: On 10 Sep 2011, at 09:35, muad shibani wrote: I want to design an application that reads news from RSS sources. I have about 1000 RSS feed to collect from. I also will use Cron jobs every 15 minutes to collect the data. the question is: Is there a clever way to collect all those feed items without exhausting the server any Ideas I designed a job queuing system a while back when I had a similar problem. You can read about it here: http://stut.net/2009/05/29/php-job-queue/. Set that type of system up and add a job for each feed, set to run every 15 minutes. You can then watch the server and tune the number of concurrent job processors so you get the optimum balance between load and speed. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Thread != Multi Process.
Re: [PHP] Security Issue
Hey Richard,
I'll find more about this parameter allow_url_include, thank you!
Regards,
Igor Escobar
Systems Analyst Interface Designer
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar (twitter)
On Mon, Jun 7, 2010 at 5:26 PM, richard gray r...@richgray.com wrote:
On 07/06/2010 20:00, Igor Escobar wrote:
PHP Injection is the technical name given to a security hole in PHP
applications. When this gap there is a hacker can do with an external code
that is interpreted as an inner code as if the code included was more a
part
of the script.
// my code...
// my code...
include ('http:///externalhackscript.txt');
//my code...
//my code..
can you not switch off remote file includes in php.ini?
This will stop include/require from a remote host..
i.e. /allow_url_include = Off in php.ini
HTH
Rich
/
[PHP] Security Issue
Hi Folks! The portal for which I work is suffering constant attacks that I feel that is PHP Injection. Somehow the hacker is getting to change the cache files that our system generates. Concatenating the HTML file with another that have an iframe to a malicious JAR file. Do you have any suggestions to prevent this action? The hacker has no access to our file system, he is imputing the code through some security hole. The problem is that the portal is very big and has lots and lots partners hosted on our estructure structure. We are failing to identify the focus of this attacks. Any ideas? Regards, Igor Escobar Systems Analyst Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter)
Re: [PHP] Security Issue
I think we're getting off topic here folks... Regards, Igor Escobar Systems Analyst Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter) On Mon, Jun 7, 2010 at 2:51 PM, Ashley Sheridan a...@ashleysheridan.co.ukwrote: On Mon, 2010-06-07 at 10:48 -0700, Michael Shadle wrote: Oh yeah. I do more than just intval() I make sure they didn't feed me anything BUT numeric text first. I do sanity check before type forcing :) I use garbage in garbage out. So I take what is given to me and yes I escape if before the db of course as well, and then encode on output. On Jun 7, 2010, at 10:45 AM, Ashley Sheridan a...@ashleysheridan.co.uk wrote: On Mon, 2010-06-07 at 10:38 -0700, Michael Shadle wrote: It's not that bad. Use filter functions and sanity checks for input. Use htmlspecialchars() basically on output. That should take care of basically everything. On Jun 7, 2010, at 6:16 AM, Igor Escobar titiolin...@gmail.com wrote: This was my fear. Regards, Igor Escobar Systems Analyst Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter) On Mon, Jun 7, 2010 at 10:05 AM, Peter Lind peter.e.l...@gmail.com wrote: On 7 June 2010 14:54, Igor Escobar titiolin...@gmail.com wrote: Hi Folks! The portal for which I work is suffering constant attacks that I feel that is PHP Injection. Somehow the hacker is getting to change the cache files that our system generates. Concatenating the HTML file with another that have an iframe to a malicious JAR file. Do you have any suggestions to prevent this action? The hacker has no access to our file system, he is imputing the code through some security hole. The problem is that the portal is very big and has lots and lots partners hosted on our estructure structure. We are failing to identify the focus of this attacks. Any ideas? Check all user input + upload: make sure that whatever comes from the user is validated. Then check all output: make sure that everythin output is escaped properly. Yes, it's an enormous task, but there's no way around it. Regards Peter -- hype WWW: http://plphp.dk / http://plind.dk LinkedIn: http://www.linkedin.com/in/plind BeWelcome/Couchsurfing: Fake51 Twitter: http://twitter.com/kafe15 /hype htmlspecialchars() is really only good for user input that you are outputting to the browser. For inserting data into a database, use mysql_real_escape_string(). I find it's good to think carefully about what sort of data I expect and sanitise it accordingly. If I want a numerical value, I use intval($_GET['var']) or floatval(). For things like small text box elements, regex's work well depending on the data. For data from select lists of checkboxes, make sure the value given is within a list of pre-determined values you have. Basically, nothing from the user should be trusted at all, ever. As soon as you let go of that trust in the good honesty of people you'll do fine ;) Thanks, Ash http://www.ashleysheridan.co.uk Why waste time validating an integer value when intval() will do that for you? Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Security Issue
PHP Injection is the technical name given to a security hole in PHP
applications. When this gap there is a hacker can do with an external code
that is interpreted as an inner code as if the code included was more a part
of the script.
// my code...
// my code...
include ('http:///externalhackscript.txt');
//my code...
//my code..
I know how to fix that too. The problem is: WHERE I HAVE TO FIX THAT.
Got it?
Regards,
Igor Escobar
Systems Analyst Interface Designer
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar (twitter)
On Mon, Jun 7, 2010 at 2:48 PM, Ashley Sheridan
a...@ashleysheridan.co.ukwrote:
On Mon, 2010-06-07 at 14:42 -0300, Igor Escobar wrote:
It's not a SQL Injection or XSS problem, Michael.
It's a PHP Injection problem. I know how fix that but the web site is
very
very huge, have lots and lots of partners and i'm have a bug difficult do
identify the focus of the problem.
Got it?
Regards,
Igor Escobar
Systems Analyst Interface Designer
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar (twitter)
On Mon, Jun 7, 2010 at 2:38 PM, Michael Shadle mike...@gmail.com
wrote:
It's not that bad.
Use filter functions and sanity checks for input.
Use htmlspecialchars() basically on output.
That should take care of basically everything.
On Jun 7, 2010, at 6:16 AM, Igor Escobar titiolin...@gmail.com
wrote:
This was my fear.
Regards,
Igor Escobar
Systems Analyst Interface Designer
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar (twitter)
On Mon, Jun 7, 2010 at 10:05 AM, Peter Lind peter.e.l...@gmail.com
wrote:
On 7 June 2010 14:54, Igor Escobar titiolin...@gmail.com wrote:
Hi Folks!
The portal for which I work is suffering constant attacks that I
feel
that
is PHP Injection. Somehow the hacker is getting to change the cache
files
that our system generates. Concatenating the HTML file with another
that
have an iframe to a malicious JAR file. Do you have any suggestions
to
prevent this action? The hacker has no access to our file system, he
is
imputing the code through some security hole. The problem is that
the
portal
is very big and has lots and lots partners hosted on our estructure
structure. We are failing to identify the focus of this attacks.
Any ideas?
Check all user input + upload: make sure that whatever comes from the
user is validated. Then check all output: make sure that everythin
output is escaped properly. Yes, it's an enormous task, but there's
no
way around it.
Regards
Peter
--
hype
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
BeWelcome/Couchsurfing: Fake51
Twitter: http://twitter.com/kafe15
/hype
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
What do you mean it's a PHP injection? PHP is all on the server, and the
only way to get at that if you don't have direct access to the server
(which you've said isn't possible as the passwords, etc are all fine)
then the bad data is coming from either a form or another area where
user data is expected. This data might be as simple as unsanitised URL
variables that are intended to fetch a blog entry, to form data sent in
a registration page.
All data coming from the user is bad until proven otherwise.
Thanks,
Ash
http://www.ashleysheridan.co.uk
Re: [PHP] Security Issue
I'm totally agree with you Ash,
I came up here to ask you guys some for light. Anything to well me to track
that M%$#% F#$CK#$# and discover from where he's attacking.
Regards,
Igor Escobar
Systems Analyst Interface Designer
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar (twitter)
On Mon, Jun 7, 2010 at 3:06 PM, Ashley Sheridan
a...@ashleysheridan.co.ukwrote:
On Mon, 2010-06-07 at 15:00 -0300, Igor Escobar wrote:
PHP Injection is the technical name given to a security hole in PHP
applications. When this gap there is a hacker can do with an external code
that is interpreted as an inner code as if the code included was more a part
of the script.
// my code...
// my code...
include ('http:///externalhackscript.txt');
//my code...
//my code..
I know how to fix that too. The problem is: WHERE I HAVE TO FIX THAT.
Got it?
Regards,
Igor Escobar
Systems Analyst Interface Designer
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar (twitter)
On Mon, Jun 7, 2010 at 2:48 PM, Ashley Sheridan a...@ashleysheridan.co.uk
wrote:
On Mon, 2010-06-07 at 14:42 -0300, Igor Escobar wrote:
It's not a SQL Injection or XSS problem, Michael.
It's a PHP Injection problem. I know how fix that but the web site is
very
very huge, have lots and lots of partners and i'm have a bug difficult do
identify the focus of the problem.
Got it?
Regards,
Igor Escobar
Systems Analyst Interface Designer
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar (twitter)
On Mon, Jun 7, 2010 at 2:38 PM, Michael Shadle mike...@gmail.com
wrote:
It's not that bad.
Use filter functions and sanity checks for input.
Use htmlspecialchars() basically on output.
That should take care of basically everything.
On Jun 7, 2010, at 6:16 AM, Igor Escobar titiolin...@gmail.com
wrote:
This was my fear.
Regards,
Igor Escobar
Systems Analyst Interface Designer
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar (twitter)
On Mon, Jun 7, 2010 at 10:05 AM, Peter Lind peter.e.l...@gmail.com
wrote:
On 7 June 2010 14:54, Igor Escobar titiolin...@gmail.com wrote:
Hi Folks!
The portal for which I work is suffering constant attacks that I
feel
that
is PHP Injection. Somehow the hacker is getting to change the cache
files
that our system generates. Concatenating the HTML file with another
that
have an iframe to a malicious JAR file. Do you have any suggestions
to
prevent this action? The hacker has no access to our file system, he
is
imputing the code through some security hole. The problem is that
the
portal
is very big and has lots and lots partners hosted on our estructure
structure. We are failing to identify the focus of this attacks.
Any ideas?
Check all user input + upload: make sure that whatever comes from the
user is validated. Then check all output: make sure that everythin
output is escaped properly. Yes, it's an enormous task, but there's
no
way around it.
Regards
Peter
--
hype
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
BeWelcome/Couchsurfing: Fake51
Twitter: http://twitter.com/kafe15
/hype
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
What do you mean it's a PHP injection? PHP is all on the server, and the
only way to get at that if you don't have direct access to the server
(which you've said isn't possible as the passwords, etc are all fine)
then the bad data is coming from either a form or another area where
user data is expected. This data might be as simple as unsanitised URL
variables that are intended to fetch a blog entry, to form data sent in
a registration page.
All data coming from the user is bad until proven otherwise.
Thanks,
Ash
http://www.ashleysheridan.co.uk
That data is still coming from somewhere, so is still badly sanitised data
either coming from a form or a URL. You really should go over all the code
to find these and root them out, which is a mammoth task. To narrow it down,
those access logs I mentioned before will help. I think there are ways you
can automatically detect security holes in your software, but if none of
your user data is sanitised correctly, then virtually everything is a
potential security hole.
Thanks,
Ash
http://www.ashleysheridan.co.uk
Re: [PHP] How to redefine a function if it doesn't exist?
See
http://br2.php.net/manual/en/function.create-function.php
Regards,
Igor Escobar
Systems Analyst Interface Designer
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar (twitter)
On Tue, Mar 30, 2010 at 10:23 AM, David Otton
phpm...@jawbone.freeserve.co.uk wrote:
On 30 March 2010 14:16, Andre Polykanine an...@oire.org wrote:
I need a quoted_printable_encode function but it's available only
since PHP 5.3. How do I redefine that function only if PHP version is
lower than 5.3?
function_exists().
if (!function_exists('myfunc')) {
function myfunc() {
;
}
}
http://uk3.php.net/function_exists
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Bitly-PHP - A PHP Bitly API to shorten URLs, expand and more.
Hi Guys! Can you help me to test my new library? It's about a PHP Library to use and enjoy the RESTful Bitly API to shorten URLs, expand and more http://github.com/igorescobar/Bitly-PHP http://github.com/igorescobar/Bitly-PHPAny doubts, fell free to ask. http://github.com/igorescobar/Bitly-PHP Regards, Igor Escobar Systems Analyst Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter)
Re: [PHP] Bitly-PHP - A PHP Bitly API to shorten URLs, expand and more.
Nice point. I will implement that ;) Thanks a lot! Regards, Igor Escobar Systems Analyst Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter) On Wed, Mar 24, 2010 at 4:08 PM, Rene Veerman rene7...@gmail.com wrote: nice code, but i'd like it better if the comments were in english ;) the only thing i see missing is some proper error reporting (in case bit.ly is down or has changed api specs) On Wed, Mar 24, 2010 at 7:39 PM, Igor Escobar titiolin...@gmail.com wrote: Hi Guys! Can you help me to test my new library? It's about a PHP Library to use and enjoy the RESTful Bitly API to shorten URLs, expand and more http://github.com/igorescobar/Bitly-PHP http://github.com/igorescobar/Bitly-PHPAny doubts, fell free to ask. http://github.com/igorescobar/Bitly-PHP Regards, Igor Escobar Systems Analyst Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter)
[PHP] SWF Manipulation with PHP
Hi Folks! A very long time ago i spend a little bit of my time to find how i can load a swf file, load an specific frame of that SWF File and save this like a JPG or any other format. I try the ming but it can't load a external swf movie. You only can CREATE a swf. I try the libswf too but i not have a success. Anyone have ANY idea that works? Regards, Igor Escobar Systems Analyst Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter)
[PHP] Speed Issues PHP vs ASP.net
Recently i read this blog post about speed issues comparing PHP with ASP.net, please, read that and comment what you think about it: http://misfitgeek.com/blog/aspnet/php-versus-asp-net-ndash-windows-versus-linux-ndash-who-rsquo-s-the-fastest/ The big deal is: I don't know if this bechmark is true or false but, what are doing the PHP team about speed issues? Results like that maybe results like this can tarnish the image of language. So, what do you think about it? Regards, Igor Escobar Systems Analyst Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter)
Re: [PHP] Character encoding
Build some script to convert to these comments.
Check this out:
?php
// Fixes the encoding to uf8
function fixEncoding($in_str)
{
$cur_encoding = mb_detect_encoding($in_str) ;
if($cur_encoding == UTF-8 mb_check_encoding($in_str,UTF-8))
return $in_str;
else
return utf8_encode($in_str);
} // fixEncoding
?
Regards,
Igor Escobar
Systems Analyst Interface Designer
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar (twitter)
2009/8/5 b p...@logi.ca
On 08/05/2009 07:05 AM, Sándor Tamás (HostWare Kft.) wrote:
Hi,
I have a mysql database, which the users can insert comments. As the users
can be from different countries, with different character encoding, the
mysql table can contain various special characters.
How can I be sure to display these comments properly? I've found the
mb_convert_encoding, and for some characters it works okay, but there are
some really special characters which displayed as a '?'.
Does anybody know some workarounds?
Thanks,
SanTa
Use UTF-8. Create your database and its tables with UTF-8 char encoding.
eg.
ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci
Note there's no hyphen.
Also, make sure the *data* is converted. You can use iconv for that.
Next, ensure that the browser knows how to display the text. Use either a
header or a meta tag (or both):
meta http-equiv=Content-Type content=text/html; charset=utf-8 /
This is especially important for the page with the comments form.
Any SQL file with your data (for import) should have the following at the
top:
SET NAMES 'utf8';
If you export a dump make sure that line is present before trying to
import.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Regex Problem
Hi Folks, I have a serious problem. must create a regular expression against all that is between single quote or double quotes. Easy? Ok, i know, but i need that everything must to be too an single quote or double quote. If i have this SQL command: SELECT * FROM TSTRENIC.MEI_ACESSO WHERE UPPER(DS_MEI_ACS) LIKE *'%NOME' ASD ' AS'ASD'%' *AND USUARIO = *'oaksdpokasd'asda'* ORDER BY DS_MEI_ACS ASC; SELECT * FROM TSTRENIC.MEI_ACESSO WHERE USUARIO_DATA BETWEEN *'2007-01-02'*AND *'2008-07-08'* Anyone have any idea? I need an expression which case the fields in bold. Regards, Igor Escobar Systems Analyst Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter)
[PHP] Re: Regex Problem
The solution don't need to be with regex, if anyone can solve this with other way will be very helpfull . Regards, Igor Escobar Systems Analyst Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter) On Fri, Jul 31, 2009 at 2:23 PM, Igor Escobar titiolin...@gmail.com wrote: Hi Folks, I have a serious problem. must create a regular expression against all that is between single quote or double quotes. Easy? Ok, i know, but i need that everything must to be too an single quote or double quote. If i have this SQL command: SELECT * FROM TSTRENIC.MEI_ACESSO WHERE UPPER(DS_MEI_ACS) LIKE *'%NOME' ASD ' AS'ASD'%' *AND USUARIO = *'oaksdpokasd'asda'* ORDER BY DS_MEI_ACS ASC; SELECT * FROM TSTRENIC.MEI_ACESSO WHERE USUARIO_DATA BETWEEN *'2007-01-02' * AND *'2008-07-08'* Anyone have any idea? I need an expression which case the fields in bold. Regards, Igor Escobar Systems Analyst Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter)
Re: [PHP] Re: Progressbar
http://www.ajaxload.info/ Regards, Igor Escobar Systems Analyst Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter) On Thu, Jun 25, 2009 at 2:03 PM, Eddie Drapkin oorza...@gmail.com wrote: On Thu, Jun 25, 2009 at 12:52 PM, Bastien Koertphps...@gmail.com wrote: On Thu, Jun 25, 2009 at 11:51 AM, Michael A. Petersmpet...@mac.com wrote: Martin Scotta wrote: I found extremely un-productive editors or IDEs like Eclipse or Zend Studio. I use SciTE. It don't has any feature you are talking about... but it.. # do not eat all you ram # starts in a microsecond # opens any type of file # paints the code in pretty colors. # has a little intellisense using pre-written words or api files I almost exclusively use bluefish, the closest I come to an IDE for anything I do is emacs + AUCTeX for my occasional TeX needs. I also use vim and on the rare occasions I'm stuck with Windows, something I think called PSPad (not sure, downloaded it awhile back at my parents house). I actually have a license for Homesite, but I don't think I can install it on their computer and I don't run Windows anymore. That was nice. On a Mac - bbedit for everything. However, all that being said, I do very little php. Right now though a little more than usual. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php over the past little while I have been using komodo edit (free) - good (more like a text editor with some brains), good code completion and hinting aptana studio (free) - eclipse based, bigger learning curve, but lots of functionality netbeans (free) - good, nice interface -- Bastien Cat, the other other white meat -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Well the thing about being productive out of the box with Zend Studio isn't entirely related to Zend Studio, it's more of an Eclipse problem. Eclipse itself, whether using it in a heavily modified form like Aptana or PDT or Zend Studio, or just using it out of the box for Java development or C/C++ development or anything in between, has a ridiculously steep learning curve for what's really just a fancy text editor. While this turns a lot of people off, I was lucky (although I sure didn't think so at the time) enough to have it forced on me when I was learning Java in school. And in the end, I'm pretty glad that I was forced to learn Eclipse because it's been the go to editor for all my coding needs, whether PHP, Python, C, Java, even complex shell scripting. And whenever someone is learning to develop and gets to the point that they'd actually take advantage of some of the more advanced features of Eclipse - step through debugging, code autocompletion, etc. - I recommend that they take some time out of learning the code, or coding, and learn Eclipse. The second Java class I took was actually learning Eclipse and it was one of the more useful classes that I've taken, given that there's no longer a learning curve for any IDE that I want to use. Yes, Eclipse is pretty intimidating and oftentimes more complicated than it needs to be, but there's a level of customizability that doesn't exist in any other editors that I've seen. Whether it's making code look and behave exactly the same, or binding keybindings to things like SVN commit / update / resolve, it's all possible in Eclipse. Whether you use Aptana, PDT, Zend Studio (= 6.0) or another derivative, I'd definitely recommend using Eclipse and once you've topped the learning curve, you'll be able to say that your IDE actually boosts your productivity significantly, which is the ultimate goal anyway. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: SQL Injection - Solution
Ok guys, thanks.
Regards,
Igor Escobar
Systems Analyst Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Thu, May 7, 2009 at 7:32 AM, Jan G.B. ro0ot.w...@googlemail.com wrote:
What about declare, cast, unhex, exec etc.?
You Replace everything with isn't so good, I believe. Others
mentiond it before, that *, =, select, from ETC. are valid words and
characters in an other context.
Anayse some attacks before trying to defend them. Injections can be
heavily db-dependent, so filtering the common words might not be so
insightful.
If you really want to go the filter approach, then check out this
project and learn from them. ;)
http://php-ids.org/
byebye
2009/5/6 Igor Escobar titiolin...@gmail.com:
Yeah yeah, i understood that, but, the point is... i sad previously, my
function is not tied to any database.
Is a generic function, i dont know who be use this, so i don't know, what
is
your data base so, i can't use functions like mysql_real_scape_string
etc...
Regards,
Igor Escobar
Systems Analyst Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Wed, May 6, 2009 at 3:00 PM, Bruno Fajardo bsfaja...@gmail.com
wrote:
2009/5/6 Igor Escobar titiolin...@gmail.com:
hun...by the way I forgot to mention, I am Brazilian and here in
Brazil
these words are not common ...
Igor,
I'm brazilian too, but that is not the point. Deny the use of *any*
word as input in your app is unnecessary. The problem that you're
trying to solve, has been solved a long time ago.
Bruno.
That is a recursive function and i can use array_map becouse i some
cases
we
obtain arrays of arrays and that will generate a error.
Regards,
Igor Escobar
Systems Analyst Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Wed, May 6, 2009 at 2:36 PM, Shawn McKenzie nos...@mckenzies.net
wrote:
Igor Escobar wrote:
Hunnn...
So, what do you think now?
function _antiSqlInjection($Target){
$sanitizeRules =
array('OR','FROM','SELECT','INSERT','DELETE','WHERE','DROP
TABLE','SHOW TABLES','*','--','=');
foreach($Target as $key = $value):
if(is_array($value)): $arraSanitized[$key] =
_antiSqlInjection($value);
else:
$arraSanitized[$key] = (!get_magic_quotes_gpc()) ?
addslashes(str_ireplace(trim($sanitizeRules,,$value))) :
str_ireplace(trim($sanitizeRules,,$value));
endif;
endforeach;
return $arraSanitized;
}
Stay on list please. I don't like the ternary or the brace omissions
(alternate syntax) :-) however
My point was that in my opinion you don't need the replace at all.
Also, do you really want to strip all 'or', * and = from all fields?
These may be perfectly valid in your app. Or is a very, very common
word, so is from and come to think of it, where, select, insert and
delete.
For any of the SQL injections to work in your query, there will need
to
be quotes or the backtick ` in the user supplied content. The quotes
are escaped by mysql_real_escape_string().
I don't see any way for a SQL injection without the user input
containing quotes or the backtick to break out of your query or
prematurely terminate an expression. Some examples here, however
they
don't mention the backtick:
http://us2.php.net/manual/en/security.database.sql-injection.php
This might be more useful:
||function _antiSqlInjection($Target)
{
if(is_array($Target)) {
$Value = array_map('_antiSqlInjection', $Target);
} else {
if(get_magic_quotes_gpc()) {
$Target = stripslashes($Target);
}
// replace backtick with single quote or whatever
$Target = str_replace(`, ', $Target);
$Value = mysql_real_escape_string($Target);
}
return $Value;
}
Thanks!
-Shawn
[PHP] SQL Injection - Solution
Hi folks,
Someone know how i can improve this function to protect my envairounment
vars of sql injection attacks.
that is the function i use to do this, but, some people think is not enough:
* @uses $_REQUEST= _antiSqlInjection($_REQUEST);
* @uses $_POST = _antiSqlInjection($_POST);
* @uses $_GET = _antiSqlInjection($_GET);
*
* @author Igor Escobar
* @email blog [at] igorescobar [dot] com
*
*/
function _antiSqlInjection($Target){
$sanitizeRules =
array('OR','FROM,'SELECT','INSERT','DELETE','WHERE','DROP TABLE','SHOW
TABLES','*','--','=');
foreach($Target as $key = $value):
if(is_array($value)): $arraSanitized[$key] =
_antiSqlInjection($value);
else:
$arraSanitized[$key] =
addslashes(strip_tags(trim(str_replace($sanitizeRules,,$value;
endif;
endforeach;
return $arraSanitized;
}
You can help me to improve them?
Regards,
Igor Escobar
Systems Analyst Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
Re: [PHP] SQL Injection - Solution
I know that use the mysql_real_escape_string to do de job is better but you
should consider that the this function don't have any access to the data
base, to objective of this function is sanitize the string.
And please, see my second answer, i make some updates in the function that
possibly is relevant.
Regards,
Igor Escobar
Systems Analyst Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Wed, May 6, 2009 at 1:14 PM, Andrew Ballard aball...@gmail.com wrote:
On Wed, May 6, 2009 at 12:06 PM, Bruno Fajardo bsfaja...@gmail.com
wrote:
Hi there!
2009/5/6 Igor Escobar titiolin...@gmail.com
Hi folks,
Someone know how i can improve this function to protect my envairounment
vars of sql injection attacks.
that is the function i use to do this, but, some people think is not
enough:
* @uses $_REQUEST= _antiSqlInjection($_REQUEST);
* @uses $_POST = _antiSqlInjection($_POST);
* @uses $_GET = _antiSqlInjection($_GET);
*
* @author Igor Escobar
* @email blog [at] igorescobar [dot] com
*
*/
function _antiSqlInjection($Target){
$sanitizeRules =
array('OR','FROM,'SELECT','INSERT','DELETE','WHERE','DROP TABLE','SHOW
TABLES','*','--','=');
foreach($Target as $key = $value):
if(is_array($value)): $arraSanitized[$key] =
_antiSqlInjection($value);
else:
$arraSanitized[$key] =
addslashes(strip_tags(trim(str_replace($sanitizeRules,,$value;
endif;
endforeach;
return $arraSanitized;
}
You can help me to improve them?
What if someone posts, in any form of your app, a message containing
or, from or where? Those are very common words, and eliminate
them is not the best solution, IMO.
Use mysql_real_escape_string() like Shawn said, possibly something
like this would do the trick (from
http://br2.php.net/manual/en/function.mysql-query.php):
$query = sprintf(SELECT firstname, lastname, address, age FROM
friends WHERE firstname='%s' AND lastname='%s',
mysql_real_escape_string($firstname),
mysql_real_escape_string($lastname));
Cheers,
Bruno.
+1
I would stick with parameterized queries if available, or just use
mysql_real_escape_string() for these and a few more reasons:
1) You'll find lots of posts in the archives explaining why
mysql_real_escape_string() is preferred over addslashes() for this
purpose.
2) strip_tags has absolutely nothing to do with SQL injection. Neither
does trim(). There are cases where you would not want to use either of
those functions on input, but you would still need to guard against
injection.
3) DROP TABLE will work no matter how many white-space characters
appeared between the words. For that matter, I am pretty sure that
'DROP /* some bogus SQL comment to make it past your filter */ TABLE'
will work also.
Andrew
Re: [PHP] Re: SQL Injection - Solution
hun...by the way I forgot to mention, I am Brazilian and here in Brazil
these words are not common ...
That is a recursive function and i can use array_map becouse i some cases we
obtain arrays of arrays and that will generate a error.
Regards,
Igor Escobar
Systems Analyst Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Wed, May 6, 2009 at 2:36 PM, Shawn McKenzie nos...@mckenzies.net wrote:
Igor Escobar wrote:
Hunnn...
So, what do you think now?
function _antiSqlInjection($Target){
$sanitizeRules =
array('OR','FROM','SELECT','INSERT','DELETE','WHERE','DROP
TABLE','SHOW TABLES','*','--','=');
foreach($Target as $key = $value):
if(is_array($value)): $arraSanitized[$key] =
_antiSqlInjection($value);
else:
$arraSanitized[$key] = (!get_magic_quotes_gpc()) ?
addslashes(str_ireplace(trim($sanitizeRules,,$value))) :
str_ireplace(trim($sanitizeRules,,$value));
endif;
endforeach;
return $arraSanitized;
}
Stay on list please. I don't like the ternary or the brace omissions
(alternate syntax) :-) however
My point was that in my opinion you don't need the replace at all.
Also, do you really want to strip all 'or', * and = from all fields?
These may be perfectly valid in your app. Or is a very, very common
word, so is from and come to think of it, where, select, insert and delete.
For any of the SQL injections to work in your query, there will need to
be quotes or the backtick ` in the user supplied content. The quotes
are escaped by mysql_real_escape_string().
I don't see any way for a SQL injection without the user input
containing quotes or the backtick to break out of your query or
prematurely terminate an expression. Some examples here, however they
don't mention the backtick:
http://us2.php.net/manual/en/security.database.sql-injection.php
This might be more useful:
||function _antiSqlInjection($Target)
{
if(is_array($Target)) {
$Value = array_map('_antiSqlInjection', $Target);
} else {
if(get_magic_quotes_gpc()) {
$Target = stripslashes($Target);
}
// replace backtick with single quote or whatever
$Target = str_replace(`, ', $Target);
$Value = mysql_real_escape_string($Target);
}
return $Value;
}
Thanks!
-Shawn
Re: [PHP] Re: SQL Injection - Solution
Now i realize... i sent only to the Shawn the modified functions... here
goes:
function _antiSqlInjection($Target){
$sanitizeRules =
array('OR','FROM','SELECT','INSERT','DELETE','WHERE','DROP TABLE','SHOW
TABLES','*','--','=');
foreach($Target as $key = $value):
if(is_array($value)): $arraSanitized[$key] =
_antiSqlInjection($value);
else:
$arraSanitized[$key] = (!get_magic_quotes_gpc()) ?
addslashes(str_ireplace(trim($sanitizeRules,,$value))) :
str_ireplace(trim($sanitizeRules,,$value));
endif;
endforeach;
return $arraSanitized;
}
Regards,
Igor Escobar
Systems Analyst Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Wed, May 6, 2009 at 2:55 PM, Igor Escobar titiolin...@gmail.com wrote:
hun...by the way I forgot to mention, I am Brazilian and here in Brazil
these words are not common ...
That is a recursive function and i can use array_map becouse i some cases
we obtain arrays of arrays and that will generate a error.
Regards,
Igor Escobar
Systems Analyst Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Wed, May 6, 2009 at 2:36 PM, Shawn McKenzie nos...@mckenzies.netwrote:
Igor Escobar wrote:
Hunnn...
So, what do you think now?
function _antiSqlInjection($Target){
$sanitizeRules =
array('OR','FROM','SELECT','INSERT','DELETE','WHERE','DROP
TABLE','SHOW TABLES','*','--','=');
foreach($Target as $key = $value):
if(is_array($value)): $arraSanitized[$key] =
_antiSqlInjection($value);
else:
$arraSanitized[$key] = (!get_magic_quotes_gpc()) ?
addslashes(str_ireplace(trim($sanitizeRules,,$value))) :
str_ireplace(trim($sanitizeRules,,$value));
endif;
endforeach;
return $arraSanitized;
}
Stay on list please. I don't like the ternary or the brace omissions
(alternate syntax) :-) however
My point was that in my opinion you don't need the replace at all.
Also, do you really want to strip all 'or', * and = from all fields?
These may be perfectly valid in your app. Or is a very, very common
word, so is from and come to think of it, where, select, insert and
delete.
For any of the SQL injections to work in your query, there will need to
be quotes or the backtick ` in the user supplied content. The quotes
are escaped by mysql_real_escape_string().
I don't see any way for a SQL injection without the user input
containing quotes or the backtick to break out of your query or
prematurely terminate an expression. Some examples here, however they
don't mention the backtick:
http://us2.php.net/manual/en/security.database.sql-injection.php
This might be more useful:
||function _antiSqlInjection($Target)
{
if(is_array($Target)) {
$Value = array_map('_antiSqlInjection', $Target);
} else {
if(get_magic_quotes_gpc()) {
$Target = stripslashes($Target);
}
// replace backtick with single quote or whatever
$Target = str_replace(`, ', $Target);
$Value = mysql_real_escape_string($Target);
}
return $Value;
}
Thanks!
-Shawn
Re: [PHP] Re: SQL Injection - Solution
Yeah yeah, i understood that, but, the point is... i sad previously, my
function is not tied to any database.
Is a generic function, i dont know who be use this, so i don't know, what is
your data base so, i can't use functions like mysql_real_scape_string etc...
Regards,
Igor Escobar
Systems Analyst Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Wed, May 6, 2009 at 3:00 PM, Bruno Fajardo bsfaja...@gmail.com wrote:
2009/5/6 Igor Escobar titiolin...@gmail.com:
hun...by the way I forgot to mention, I am Brazilian and here in
Brazil
these words are not common ...
Igor,
I'm brazilian too, but that is not the point. Deny the use of *any*
word as input in your app is unnecessary. The problem that you're
trying to solve, has been solved a long time ago.
Bruno.
That is a recursive function and i can use array_map becouse i some cases
we
obtain arrays of arrays and that will generate a error.
Regards,
Igor Escobar
Systems Analyst Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Wed, May 6, 2009 at 2:36 PM, Shawn McKenzie nos...@mckenzies.net
wrote:
Igor Escobar wrote:
Hunnn...
So, what do you think now?
function _antiSqlInjection($Target){
$sanitizeRules =
array('OR','FROM','SELECT','INSERT','DELETE','WHERE','DROP
TABLE','SHOW TABLES','*','--','=');
foreach($Target as $key = $value):
if(is_array($value)): $arraSanitized[$key] =
_antiSqlInjection($value);
else:
$arraSanitized[$key] = (!get_magic_quotes_gpc()) ?
addslashes(str_ireplace(trim($sanitizeRules,,$value))) :
str_ireplace(trim($sanitizeRules,,$value));
endif;
endforeach;
return $arraSanitized;
}
Stay on list please. I don't like the ternary or the brace omissions
(alternate syntax) :-) however
My point was that in my opinion you don't need the replace at all.
Also, do you really want to strip all 'or', * and = from all fields?
These may be perfectly valid in your app. Or is a very, very common
word, so is from and come to think of it, where, select, insert and
delete.
For any of the SQL injections to work in your query, there will need to
be quotes or the backtick ` in the user supplied content. The quotes
are escaped by mysql_real_escape_string().
I don't see any way for a SQL injection without the user input
containing quotes or the backtick to break out of your query or
prematurely terminate an expression. Some examples here, however they
don't mention the backtick:
http://us2.php.net/manual/en/security.database.sql-injection.php
This might be more useful:
||function _antiSqlInjection($Target)
{
if(is_array($Target)) {
$Value = array_map('_antiSqlInjection', $Target);
} else {
if(get_magic_quotes_gpc()) {
$Target = stripslashes($Target);
}
// replace backtick with single quote or whatever
$Target = str_replace(`, ', $Target);
$Value = mysql_real_escape_string($Target);
}
return $Value;
}
Thanks!
-Shawn
Re: [PHP] Re: $_session/$_cookie trouble
A few days ago i had a problem similar to their and it was a problem with
files with BOM signature... maybe its your case.
Regards,
Igor Escobar
Systems Analyst Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Tue, Apr 28, 2009 at 11:00 PM, Gary gwp...@ptd.net wrote:
Ok, working code. I'm sure there is some left over code that is not
actually working, but I have been playing frankenstein all day. Basically a
vistor fills in 3 (only two set so far) inputs to see if they qualify for a
rebate. If they do, they can go on to file two to submit their
information.
This is my first project using $_cookie or $_session. I have done an
exercise or two in lessons using them, but this is my first attempt from
scratch.
File1 of 2
?php
session_start();
?
?php
$_SESSION=array('$sale_value', 'assess_value');
$sale_value=$_POST['sale'];
$assess_value=$_POST['assess'];
$mil_rate=.03965;
$ratio=.51;
$present_tax=($assess_value) * ($mil_rate);
$correct_tax=($sale_value)*($ratio)*($mil_rate);
$savings=($present_tax)-($correct_tax);
if ($savings 0.00){
echo 'h2 style=margin:0;color:#ff;Yes, Your property appears to
qualify!/h2br /br /';
}
if ($savings 0.00){
echo 'h3 style=margin:0;NO, Your property does not appear to qualify.
/h3br /br /';
}
echo 'According to the information you have enteredbr /';?br /
?php
echo You believe your home would today sell for
$.number_format($sale_value).br /;
echo Your current tax assessment is $.number_format($assess_value).br
/;
echo 'You live in br /br /';
echo 'According to preliminary calculationsbr /br /';
echo You are currently paying now $.number_format($present_tax, 2).br
/br /;
echo According to the information you have submitted, your taxes should be
$ .number_format($correct_tax, 2).br /;
?
br/?php
if ($savings 0.00){
echo According to our preliminary calculations, a successful assessment
appeal could save you annually on your current real estate taxes. b$
.number_format($savings, 2)./b ;
}
if ($savings 0.00){
echo 'It does not appear that an appeal would be successful in saving you
money this year. If property values in your area continue to decline, you
may wish to revisit the issue next year./h3br /br /';
}
$_SESSION['sale_value'] ='$sale_value';
$_SESSION['assess_value'] ='$assess_value';
?
p style=font-size:.8em; color:#66;If you feel you have entered
incorrect information, hit your browsers back button to re-calculate with
the new information/pbr /
p style=text-align:center; color:#FF; font-size:1.4em;bImportant
Notice!/b/p
p style=text-align:center; border:#99 1px solid;This bDOES
NOT/b
constitute a legal opinion by !br / No information has been
submitted./p
pIn order to proceed with an assessment appeal, you must contact my
office
that we may verify all pertinent information regarding your a real estate
assessment appeal case/p
p To submit this information to , please complete the following form./p
form action=sendresult.inc.php method=post
First Name input name=fname type=text /br /br /
Last Name input name=lname type=text /br /br /
Property Street Address input name=street type=text / br /br /
Town or City input name=town type=text /br/br /
Zip Code input name=zip type=text /br /br /
County input name=county type=text /br /br /
Phone Number input name=phone type=text /br /br /
E-Mail Address input name=email type=text /br /br /
input name=$assess_value type=hidden value=$assess_value
input name=submit type=submit value=Submit
/form
File 2
?php
?
!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
html xmlns=http://www.w3.org/1999/xhtml;
head
meta http-equiv=Content-Type content=text/html; charset=utf-8 /
titleUntitled Document/title
/head
body
?php
$fname=STRIPSLASHES($_POST['fname']);
$lname=STRIPSLASHES($_POST['lname']);
$street=STRIPSLASHES($_POST['street']);
$town=STRIPSLASHES($_POST['town']);
$zip=STRIPSLASHES($_POST['zip']);
$county=STRIPSLASHES($_POST['county']);
$phone=STRIPSLASHES($_POST['phone']);
$email=STRIPSLASHES($_POST['email']);
$assess_value=$_COOKIE['assess_value'];
$sale_value=$_COOKIE['sale_value'];
echo Thank you $fname for your submission!br /;
echo You have submitted the following information.br /;
echo Name:$fname $lnamebr /;
echo Address:$street $town $zipbr /;
echo Phone Number: $phonebr /;
echo E-Mail Address: $emailbr /;
echo You believe your home would sell for $; echo
$_COOKIE['sale_cookie'];
?br /?php
echo Your assessment value is $; echo $_COOKIE['assess_cookie'];?br
/?php
echo You live in $countybr /;
?
/body
/html
Lists li...@euca.us wrote in message news:49f790ed.5040...@euca.us...
Andrew Hucks wrote:
$sale_value would have worked if it hadn't been in single quotes, I
believe. (Assuming it was populated.).
Which
Re: [PHP] $_session/$_cookie trouble
http://www.tech-recipes.com/rx/1489/solve-php-error-cannot-modify-header-information-headers-already-sent/
Regards,
Igor Escobar
Systems Analyst Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Tue, Apr 28, 2009 at 3:59 PM, Ashley Sheridan
a...@ashleysheridan.co.ukwrote:
On Tue, 2009-04-28 at 10:48 -0400, Gary wrote:
I am trying to set a cookie and a session, but seem to be running into a
wall.
I have tried different variations, and keep getting the same error
message
If I have this
?php
session_start();
I get this:
Warning: session_start() [function.session-start]: Cannot send session
cookie - headers already sent by (output started at
C:\xampp\htdocs\weiss\assessresult.inc.php:2) in
C:\xampp\htdocs\weiss\assessresult.inc.php on line 4
Warning: session_start() [function.session-start]: Cannot send session
cache
limiter - headers already sent (output started at
C:\xampp\htdocs\weiss\assessresult.inc.php:2) in
C:\xampp\htdocs\weiss\assessresult.inc.php on line 4
If I have this:
session_start();
setcookie('sale_cookie','$sale_value', time()-3600);
setcookie('assess_cookie','$assess_value', time()-3600);
I get this
Warning: session_start() [function.session-start]: Cannot send session
cookie - headers already sent by (output started at
C:\xampp\htdocs\weiss\assessresult.inc.php:2) in
C:\xampp\htdocs\weiss\assessresult.inc.php on line 4
Warning: session_start() [function.session-start]: Cannot send session
cache
limiter - headers already sent (output started at
C:\xampp\htdocs\weiss\assessresult.inc.php:2) in
C:\xampp\htdocs\weiss\assessresult.inc.php on line 4
Warning: Cannot modify header information - headers already sent by
(output
started at C:\xampp\htdocs\weiss\assessresult.inc.php:2) in
C:\xampp\htdocs\weiss\assessresult.inc.php on line 6
Warning: Cannot modify header information - headers already sent by
(output
started at C:\xampp\htdocs\weiss\assessresult.inc.php:2) in
C:\xampp\htdocs\weiss\assessresult.inc.php on line 7
If I delete and start over, I stll get the headers already sent... I
have
tried numerous other variations, but all with the same error.
What am I missing here?
Thanks
Gary
I would have thought it was obvious, the file assessresult.inc.php is
being called before your session_start(). Have you put your code before
every include?
Ash
www.ashleysheridan.co.uk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_session/$_cookie trouble
Make sure your file isn't a UTF-8 with DOM.
Regards,
Igor Escobar
Systems Analyst Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Tue, Apr 28, 2009 at 5:13 PM, Ashley Sheridan
a...@ashleysheridan.co.ukwrote:
On Tue, 2009-04-28 at 15:34 -0400, Gary wrote:
Ashley
There are 3 include files, the first is all html, but it has a form, so I
put the session_start above the DTD and I no longer get the error
messages.
I had the session_start at the beginning of the second file, the php
processing file, but that produced the error. It seemed to be calling to
itself (if that does not sound too naive).
As I mentioned in a post above, I am no longer getting the error message,
but have been unable to get either the $_SESSION or the cookie to produce
results...
Thanks for your help.
Gary
Ashley Sheridan a...@ashleysheridan.co.uk wrote in message
news:1240947209.3494.65.ca...@localhost.localdomain...
On Tue, 2009-04-28 at 15:24 -0400, Gary wrote:
Ashley
Thanks for your reply, but no, that is not it. There was no other
code
prior.
Gary
Ashley Sheridan a...@ashleysheridan.co.uk wrote in message
news:1240945179.3494.61.ca...@localhost.localdomain...
On Tue, 2009-04-28 at 10:48 -0400, Gary wrote:
I am trying to set a cookie and a session, but seem to be running
into
a
wall.
I have tried different variations, and keep getting the same error
message
If I have this
?php
session_start();
I get this:
Warning: session_start() [function.session-start]: Cannot send
session
cookie - headers already sent by (output started at
C:\xampp\htdocs\weiss\assessresult.inc.php:2) in
C:\xampp\htdocs\weiss\assessresult.inc.php on line 4
Warning: session_start() [function.session-start]: Cannot send
session
cache
limiter - headers already sent (output started at
C:\xampp\htdocs\weiss\assessresult.inc.php:2) in
C:\xampp\htdocs\weiss\assessresult.inc.php on line 4
If I have this:
session_start();
setcookie('sale_cookie','$sale_value', time()-3600);
setcookie('assess_cookie','$assess_value', time()-3600);
I get this
Warning: session_start() [function.session-start]: Cannot send
session
cookie - headers already sent by (output started at
C:\xampp\htdocs\weiss\assessresult.inc.php:2) in
C:\xampp\htdocs\weiss\assessresult.inc.php on line 4
Warning: session_start() [function.session-start]: Cannot send
session
cache
limiter - headers already sent (output started at
C:\xampp\htdocs\weiss\assessresult.inc.php:2) in
C:\xampp\htdocs\weiss\assessresult.inc.php on line 4
Warning: Cannot modify header information - headers already sent by
(output
started at C:\xampp\htdocs\weiss\assessresult.inc.php:2) in
C:\xampp\htdocs\weiss\assessresult.inc.php on line 6
Warning: Cannot modify header information - headers already sent by
(output
started at C:\xampp\htdocs\weiss\assessresult.inc.php:2) in
C:\xampp\htdocs\weiss\assessresult.inc.php on line 7
If I delete and start over, I stll get the headers already
sent... I
have
tried numerous other variations, but all with the same error.
What am I missing here?
Thanks
Gary
I would have thought it was obvious, the file assessresult.inc.php
is
being called before your session_start(). Have you put your code
before
every include?
Ash
www.ashleysheridan.co.uk
The code is being pulled in from somewhere, have you checked to see if
the framework you are using is pulling it in?
Ash
www.ashleysheridan.co.uk
There it is then. The HTML file causes the headers to be sent. Any
output to the browser at all causes the headers to be sent, so any HTML
or even spaces and newlines will trigger this error.
Ash
www.ashleysheridan.co.uk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] redirect to a page the fist time a site is accessed
I Agree with @stuart. Regards, Igor Escoar Systems Analyst Interface Designer -- Personal Blog ~ blog.igorescobar.com Online Portifolio ~ www.igorescobar.com Twitter ~ @igorescobar On Thu, Apr 16, 2009 at 6:05 AM, Stuart stut...@gmail.com wrote: 2009/4/15 Don d...@program-it.ca: I have some code in my index.php file that check the user agent and redirects to a warning page if IE 6 or less is encountered. 1. I'm using a framework and so calls to all pages go through index.php 2. The code that checks for IE 6 or less and redirects is in index.php I know how to redirect the users but what I want to do is redirect a user ONLY the first time the web site is accessed regardless of what page they first access. I would like to minimize overhead (no database). Can this be done? Why redirect? That sucks as a user experience. Why not simply put an alert somewhere prominent on the page with the message you want to convey? That way you can have it on every page and not interrupt the users use of your site. -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Best Practices for Hiding Errors
It's just an observation ;) If you have to use it or not, you have to decide better way. Regards, Igor Escoar Systems Analyst Interface Designer -- Personal Blog ~ blog.igorescobar.com Online Portifolio ~ www.igorescobar.com Twitter ~ @igorescobar On Mon, Apr 6, 2009 at 9:56 PM, Chris dmag...@gmail.com wrote: Igor Escobar wrote: Becarefull, error supression is slow. If it's the only way to stop an error from showing up, what's the problem? php will still generate the warning/notice even if display_errors is disabled - which will be even slower. Plus I never said use it everywhere, I said use it in particular cases and comment your code about why you had to use it. -- Postgresql php tutorials http://www.designmagick.com/
Re: [PHP] Best Practices for Hiding Errors
Becarefull, error supression is slow.
Regards,
Igor Escoar
Systems Analyst Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Mon, Apr 6, 2009 at 8:38 PM, Chris dmag...@gmail.com wrote:
but they give the following warning:
This is a feature to support your development and should never be used on
production systems (e.g. systems connected to the internet).
Am unclear what that means - is it okay to add:
It's about information disclosure.
Errors/warnings/notices contain paths to php files when they are printed
out.
$ cat test.php
?php
ini_set('display_errors', true);
error_reporting(E_ALL);
echo 'a is ' . $a . \n;
$ php test.php
Notice: Undefined variable: a in /path/to/test.php on line 4
You don't want that because now a potential attacker knows some info - it's
a unix type system (a windows path is drive:\blah\folder so looks different)
and the files are located in /path/to/.
If that message contains database info or passwords for example, you could
be in trouble.
ini_set('display_errors','Off');
to my page, so that an end user won't ever get the warning displayed and I
can deal with the error behind the scenes? Or is there a better way to keep
PHP from writing error codes to the screen?
That's exactly the right thing to change - but only for production systems.
You should develop with this ON so you can see when you have a problem that
needs to be addressed. Some situations (as above) will cause a problem as
you've seen but most won't.
You can also use the @ symbol before the function name - but make sure you
don't use it everywhere (it'll make debugging extremely hard - you could
spend hours looking for a problem and it ends up being a database connection
problem) also comment your code about why you're doing it:
# use the @ here because php throws a warning if it can't be opened.
$fp = @fsockopen('blah');
--
Postgresql php tutorials
http://www.designmagick.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Button id's - firefox and IE different ?
If you read my email you can see that i just give a solution to him and
not a TIP.
IF you DONT want change your form
But if i were doing, i be doing by the right way...can be sure that.
Regards,
Igor Escoar
Systems Analyst Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Fri, Apr 3, 2009 at 6:27 AM, Jan G.B. ro0ot.w...@googlemail.com wrote:
Igor,
what are you doing here? You say I'm arguing to show how big I am, but
that's not true. I corrected your misleading tipps like using JSCRIPT
to have form essentials and using xhtml in an html context.
no reason to get personal and/or offending.
bye.
2009/4/2 Igor Escobar titiolin...@gmail.com:
I'm sorry, you is the master o/
shame on you.
Who you think you is? everybody is here to pass something for the
others and learn something, everything i wrote its just to help, if you
are
compete with others showing how much bigger you is, go to a championship
or
something.
Have a nice day.
Regards,
Igor Escoar
Systems Analyst Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Thu, Apr 2, 2009 at 11:01 AM, Jan G.B. ro0ot.w...@googlemail.com
wrote:
2009/4/2 Igor Escobar titiolin...@gmail.com:
If you don't want change your form, do some function in Javascript
witch
control the last button you clicked.
Javascript is bad and you don't need it.
centerbutton type=submit name=btid value=1Delete/center
centerbutton type=submit name=btid value=2Delete/center
centerbutton type=submit name=btid value=3Delete/center
input type=hidden name=last_buttom id= value=last_buttom /
I wanna make a advice to you learn more about HTML and Web
Standards...
I want give an advice to you: learn to make a difference out of HTML
and XHTML. It's not the same, and input / is XHTML.
Don't use button type... use input type...
You forgot to mention *why* he should he use input type=submit!
button is supported by all major browsers! So there's no need to use
input instead ...
But having several button or input tags in one form element with
the same NAME= value makes no sense! Only the last one in the code
will be submitted.
Also, the LABEL for the button should be written like that: button
name=x1 value=0815LABEL GOES HERE/button
http://www.w3schools.com/tags/tag_button.asp
Using input might be more future-oriented.. ;)
Your javascript (using jQuery) sems like this
Installing and using jquery to have three buttons is overkill. not
more, not less!
byebye
$(input[name='btid']).click(function() {
$('#last_buttom').attr('value', $(this).val());
});
And then you submit your form or something, the input last_buttom
are
with
the value of the buttom you has clicked at last time.
Regards,
Igor Escobar
systems analyst interface designer
www . igorescobar . com
On Thu, Apr 2, 2009 at 8:29 AM, Phpster phps...@gmail.com wrote:
What about styling a link to look like a button with css? It won't be
an
exact match style wise but you can get close. I have done this
succesfully
Bastien
Sent from my iPod
On Apr 2, 2009, at 6:04, Angus Mann angusm...@pobox.com wrote:
Hi all.
I want to have several delete buttons with just one form, and
depending on
which button is pressed, one of several items is deleted.
So I need multiple submit buttons for 1 form, each displaying the
same
text Delete to the user, but each with a different value so the
PHP
script can tell them apart.
I've used this code for the buttons...
centerbutton type=submit name=btid value=1Delete/center
centerbutton type=submit name=btid value=2Delete/center
centerbutton type=submit name=btid value=3Delete/center
And it works just fine with firefox. But IE does not seem to pass
the
value back to the btid so when the script asks
if $_POST['btid'] == 1 {
}
the value 1, 2, or 3 is not given back to PHP by IE. It is given
back
correctly by firefox and works fine.
Any suggestions ?
Thanks.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Button id's - firefox and IE different ?
Better then READ is UNDERSTAND.
Regards,
Igor Escoar
Systems Analyst Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Fri, Apr 3, 2009 at 11:30 AM, Jan G.B. ro0ot.w...@googlemail.com wrote:
http://www.stimpco.com/carpix/arguingOnTheInternet.gif
byebye
2009/4/3 Igor Escobar titiolin...@gmail.com:
If you read my email you can see that i just give a solution to him and
not a TIP.
IF you DONT want change your form
But if i were doing, i be doing by the right way...can be sure that.
Regards,
Igor Escoar
Systems Analyst Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Fri, Apr 3, 2009 at 6:27 AM, Jan G.B. ro0ot.w...@googlemail.com
wrote:
Igor,
what are you doing here? You say I'm arguing to show how big I am, but
that's not true. I corrected your misleading tipps like using JSCRIPT
to have form essentials and using xhtml in an html context.
no reason to get personal and/or offending.
bye.
2009/4/2 Igor Escobar titiolin...@gmail.com:
I'm sorry, you is the master o/
shame on you.
Who you think you is? everybody is here to pass something for the
others and learn something, everything i wrote its just to help, if
you
are
compete with others showing how much bigger you is, go to a
championship
or
something.
Have a nice day.
Regards,
Igor Escoar
Systems Analyst Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Thu, Apr 2, 2009 at 11:01 AM, Jan G.B. ro0ot.w...@googlemail.com
wrote:
2009/4/2 Igor Escobar titiolin...@gmail.com:
If you don't want change your form, do some function in Javascript
witch
control the last button you clicked.
Javascript is bad and you don't need it.
centerbutton type=submit name=btid
value=1Delete/center
centerbutton type=submit name=btid
value=2Delete/center
centerbutton type=submit name=btid
value=3Delete/center
input type=hidden name=last_buttom id= value=last_buttom
/
I wanna make a advice to you learn more about HTML and Web
Standards...
I want give an advice to you: learn to make a difference out of HTML
and XHTML. It's not the same, and input / is XHTML.
Don't use button type... use input type...
You forgot to mention *why* he should he use input type=submit!
button is supported by all major browsers! So there's no need to
use
input instead ...
But having several button or input tags in one form element with
the same NAME= value makes no sense! Only the last one in the code
will be submitted.
Also, the LABEL for the button should be written like that: button
name=x1 value=0815LABEL GOES HERE/button
http://www.w3schools.com/tags/tag_button.asp
Using input might be more future-oriented.. ;)
Your javascript (using jQuery) sems like this
Installing and using jquery to have three buttons is overkill. not
more, not less!
byebye
$(input[name='btid']).click(function() {
$('#last_buttom').attr('value', $(this).val());
});
And then you submit your form or something, the input last_buttom
are
with
the value of the buttom you has clicked at last time.
Regards,
Igor Escobar
systems analyst interface designer
www . igorescobar . com
On Thu, Apr 2, 2009 at 8:29 AM, Phpster phps...@gmail.com wrote:
What about styling a link to look like a button with css? It won't
be
an
exact match style wise but you can get close. I have done this
succesfully
Bastien
Sent from my iPod
On Apr 2, 2009, at 6:04, Angus Mann angusm...@pobox.com
wrote:
Hi all.
I want to have several delete buttons with just one form, and
depending on
which button is pressed, one of several items is deleted.
So I need multiple submit buttons for 1 form, each displaying the
same
text Delete to the user, but each with a different value so
the
PHP
script can tell them apart.
I've used this code for the buttons...
centerbutton type=submit name=btid
value=1Delete/center
centerbutton type=submit name=btid
value=2Delete/center
centerbutton type=submit name=btid
value=3Delete/center
And it works just fine with firefox. But IE does not seem to pass
the
value back to the btid so when the script asks
if $_POST['btid'] == 1 {
}
the value 1, 2, or 3 is not given back to PHP by IE. It is given
back
correctly by firefox and works fine.
Any suggestions ?
Thanks.
--
PHP General Mailing List (http://www.php.net
Re: [PHP] Button id's - firefox and IE different ?
ZZzz. What what ? oh sorry, i fell in sleep. Whatever, end of discussion. Regards, Igor Escoar Systems Analyst Interface Designer -- Personal Blog ~ blog.igorescobar.com Online Portifolio ~ www.igorescobar.com Twitter ~ @igorescobar On Fri, Apr 3, 2009 at 11:40 AM, Jan G.B. ro0ot.w...@googlemail.com wrote: Is it mandatory to annoy the whole list with your crap? If you want to keep on informing me or insulting me or feel free to send it directly to me. I'll add you to my killfile in no time. get a life 2009/4/3 Igor Escobar titiolin...@gmail.com: Better then READ is UNDERSTAND. 2009/4/2 Igor Escobar titiolin...@gmail.com: If you don't want change your form, do some function in Javascript witch control the last button you clicked. Regards, Igor Escoar Systems Analyst Interface Designer
Re: [PHP] What is wrong with this code
You forgot to mention the method of the form.
form action=... method=post ... /form
Regards,
Igor Escoar
Systems Analyst Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Fri, Apr 3, 2009 at 4:08 PM, Gary gwp...@ptd.net wrote:
This is driving me nuts. I am getting blank emails and the only
information
that is being passed to MySQL is the IP address.
Can someone tell me what is wrong with this?
form method=post action=?php echo $_SERVER['PHP_SELF']; ?
div id=important style=visibility:hidden;
pIf you can see this, it's an anti-spam measure. Please don't
fill in the address field./p
label for=addressAddress/label
input type=text name=address id=address //div
label for=nameName:/label
input name=name type=text /br /
label for=emailEmail Address:/label
input name=email type=text /
br /
label for=nameComments:/label
textarea name=comments cols=50 rows=/textarea
input name=submit type=button value=submit //form
?php
// Receiving variables
$ip= $_SERVER['REMOTE_ADDR'];
$name = $_POST['name'];
$email = $_POST['email'];
$comments = $_POST['comments'];
//spam filter, do not touch
if ($_POST['address'] != '' ){
die(Changed field);
}
//endo fo spam filter
$header = From: $email\n
. Reply-To: $email\n;
$subject = Response from Assessment Lawyer;
$email_to = sanitized;
$message = name: $name\n
. email: $email\n
. comments: $comments\n
.Visitors IP: $ip\n;
mail($email_to, $subject, $message, $header);
$dbc= mysqli_connect(sanitized,sanitized,sanitized,sanitized)// I have
removed the actual information, but it was connecting!
or die('Could not connect to db');
$query = INSERT INTO sanitized VALUES(0,'$name',
'$email','$comments','$ip');
$result = mysqli_query($dbc, $query)
or die('Error querying database.');
mysqli_close($dbc);
echo 'Thank you $name for submitting your inquiry!br /';
echo 'You have supplied the following information:br /';
echo 'Name: $name br /';
echo 'Email Address: $email br /';
echo 'Comments: $comments';
?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What is wrong with this code
If method POST is there and the information still empty...maybe you should
call to someone like a warlock... :D
Regards,
Igor Escoar
Systems Analyst Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Fri, Apr 3, 2009 at 4:22 PM, Gary gwp...@ptd.net wrote:
I recieve an email, it will contain the ip address, it will also contain
the
name:, email: , comments: but not the information from the form of the
name or email or comments.
The database also recieves only the ip address. So I assume those parts
are
working, but I cant seem to find why the others are not.
Thanks for your reply.
Gary
kyle.smith kyle.sm...@inforonics.com wrote in message
news:d3fe56d174abf6469079ca1a5c8474a804fa9...@nsmail01.inforonics.corp...
Try something like print_r on $_POST to see if it contains *anything*,
seems like it's empty?!
Also, when you say blank emails I assume you mean they have the template
you made but the variables are empty and not zero-length emails.
-Original Message-
From: Gary [mailto:gwp...@ptd.net]
Sent: Friday, April 03, 2009 3:14 PM
To: php-general@lists.php.net
Subject: Re: [PHP] What is wrong with this code
Its there...
Igor Escobar titiolin...@gmail.com wrote in message
news:1f5251d50904031212o6fcc3e43q5c60b7ae373e9...@mail.gmail.com...
You forgot to mention the method of the form.
form action=... method=post ... /form
Regards,
Igor Escoar
Systems Analyst Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Fri, Apr 3, 2009 at 4:08 PM, Gary gwp...@ptd.net wrote:
This is driving me nuts. I am getting blank emails and the only
information that is being passed to MySQL is the IP address.
Can someone tell me what is wrong with this?
form method=post action=?php echo $_SERVER['PHP_SELF']; ?
div id=important style=visibility:hidden;
pIf you can see this, it's an anti-spam measure. Please don't
fill in the address field./p
label for=addressAddress/label
input type=text name=address id=address //div
label for=nameName:/label
input name=name type=text /br /
label for=emailEmail Address:/label input name=email
type=text / br / label for=nameComments:/label textarea
name=comments cols=50 rows=/textarea input name=submit
type=button value=submit //form
?php
// Receiving variables
$ip= $_SERVER['REMOTE_ADDR'];
$name = $_POST['name'];
$email = $_POST['email'];
$comments = $_POST['comments'];
//spam filter, do not touch
if ($_POST['address'] != '' ){
die(Changed field);
}
//endo fo spam filter
$header = From: $email\n
. Reply-To: $email\n;
$subject = Response from Assessment Lawyer; $email_to =
sanitized; $message = name: $name\n
. email: $email\n
. comments: $comments\n
.Visitors IP: $ip\n;
mail($email_to, $subject, $message, $header);
$dbc= mysqli_connect(sanitized,sanitized,sanitized,sanitized)// I
have removed the actual information, but it was connecting!
or die('Could not connect to db');
$query = INSERT INTO sanitized VALUES(0,'$name',
'$email','$comments','$ip');
$result = mysqli_query($dbc, $query)
or die('Error querying database.');
mysqli_close($dbc);
echo 'Thank you $name for submitting your inquiry!br /'; echo 'You
have supplied the following information:br /'; echo 'Name: $name
br /'; echo 'Email Address: $email br /'; echo 'Comments:
$comments';
?
--
PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] W3C Validator and Post Arrays
Put [] in the name attribute, but in ID must be unique. Regards, Igor Escobar systems analyst interface designer www . igorescobar . com On Thu, Apr 2, 2009 at 8:11 AM, Peter Ford p...@justcroft.com wrote: Peter Ford wrote: Michael A. Peters wrote: Shaun Thornburgh wrote: Hi, We are getting errors when trying to vaildate our HTML due to the [ character when using Post Arrays: Line 173, Column 65: character [ is not allowed in the value of attribute id …e=filters[calling_url] id=filters[calling_url] value=categories-bulk-ear Does anyone know of a way around this? Thanks Don't use [] in an ID - it doesn't belong there. If you are not using the ID for a hook, just drop it - the ID doesn't need to be there. The name attribute is where you want the [] to post an array, ID does not get sent in a post. The ID of any element should be unique in a HTML document - if you need an ID for each of the inputs then you'll have to generate a unique one for each. To the rest of the list: I'm not too happy about having stuff inside the [] either - is that some syntax I've missed or is it just wrong? Oooh, I've just looked it up - that *is* neat! -- Peter Ford phone: 01580 89 Developer fax: 01580 893399 Justcroft International Ltd., Staplehurst, Kent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Oracle's dump to MySQL
I'm in the Oracle/MySQL E-mail List ? Regards, Igor Escobar systems analyst interface designer www . igorescobar . com On Thu, Apr 2, 2009 at 6:26 AM, 9el le...@phpxperts.net wrote: I found this command from one guy for importing Oracle's dump to MySQL Shell mysql -uroot db_name -vvf oracle_dump.dmp But, v is for verbose and f is for force continuation. Anyone worked with Oracle and MySQL?
Re: [PHP] XML data extraction
@Jessen I read your answer and... You have any article speaking about that you are saying? Regards, Igor Escobar systems analyst interface designer www . igorescobar . com On Thu, Apr 2, 2009 at 8:38 AM, Per Jessen p...@computer.org wrote: Andrew Williams wrote: Best All, How can you best and accurately extract XLM data to DB table. e.g.: Use XSLT to generate SQL INSERT statements. /Per -- Per Jessen, Zürich (11.3°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Button id's - firefox and IE different ?
If you don't want change your form, do some function in Javascript witch
control the last button you clicked.
centerbutton type=submit name=btid value=1Delete/center
centerbutton type=submit name=btid value=2Delete/center
centerbutton type=submit name=btid value=3Delete/center
input type=hidden name=last_buttom id= value=last_buttom /
I wanna make a advice to you learn more about HTML and Web Standards...
Don't use button type... use input type...
Your javascript (using jQuery) sems like this
$(input[name='btid']).click(function() {
$('#last_buttom').attr('value', $(this).val());
});
And then you submit your form or something, the input last_buttom are with
the value of the buttom you has clicked at last time.
Regards,
Igor Escobar
systems analyst interface designer
www . igorescobar . com
On Thu, Apr 2, 2009 at 8:29 AM, Phpster phps...@gmail.com wrote:
What about styling a link to look like a button with css? It won't be an
exact match style wise but you can get close. I have done this succesfully
Bastien
Sent from my iPod
On Apr 2, 2009, at 6:04, Angus Mann angusm...@pobox.com wrote:
Hi all.
I want to have several delete buttons with just one form, and depending on
which button is pressed, one of several items is deleted.
So I need multiple submit buttons for 1 form, each displaying the same
text Delete to the user, but each with a different value so the PHP
script can tell them apart.
I've used this code for the buttons...
centerbutton type=submit name=btid value=1Delete/center
centerbutton type=submit name=btid value=2Delete/center
centerbutton type=submit name=btid value=3Delete/center
And it works just fine with firefox. But IE does not seem to pass the
value back to the btid so when the script asks
if $_POST['btid'] == 1 {
}
the value 1, 2, or 3 is not given back to PHP by IE. It is given back
correctly by firefox and works fine.
Any suggestions ?
Thanks.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Button id's - firefox and IE different ?
I'm sorry, you is the master o/
ps: I dont ask for them to install the jQuery, i just give an exemplo how he
can do something like that.
ps 2: I know the difference betwenn XHMTL and HTML i put the / there
becouse it's the force of the habit
ps 3: Why javascript is bad? you don't know develop a good interface with
that? shame on you.
ps 4: Who you think you is? everybody is here to pass something for the
others and learn something, everything i wrote its just to help, if you are
compete with others showing how much bigger you is, go to a championship or
something.
Have a nice day.
Regards,
Igor Escoar
Systems Analyst Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Thu, Apr 2, 2009 at 11:01 AM, Jan G.B. ro0ot.w...@googlemail.com wrote:
2009/4/2 Igor Escobar titiolin...@gmail.com:
If you don't want change your form, do some function in Javascript witch
control the last button you clicked.
Javascript is bad and you don't need it.
centerbutton type=submit name=btid value=1Delete/center
centerbutton type=submit name=btid value=2Delete/center
centerbutton type=submit name=btid value=3Delete/center
input type=hidden name=last_buttom id= value=last_buttom /
I wanna make a advice to you learn more about HTML and Web Standards...
I want give an advice to you: learn to make a difference out of HTML
and XHTML. It's not the same, and input / is XHTML.
Don't use button type... use input type...
You forgot to mention *why* he should he use input type=submit!
button is supported by all major browsers! So there's no need to use
input instead ...
But having several button or input tags in one form element with
the same NAME= value makes no sense! Only the last one in the code
will be submitted.
Also, the LABEL for the button should be written like that: button
name=x1 value=0815LABEL GOES HERE/button
http://www.w3schools.com/tags/tag_button.asp
Using input might be more future-oriented.. ;)
Your javascript (using jQuery) sems like this
Installing and using jquery to have three buttons is overkill. not
more, not less!
byebye
$(input[name='btid']).click(function() {
$('#last_buttom').attr('value', $(this).val());
});
And then you submit your form or something, the input last_buttom are
with
the value of the buttom you has clicked at last time.
Regards,
Igor Escobar
systems analyst interface designer
www . igorescobar . com
On Thu, Apr 2, 2009 at 8:29 AM, Phpster phps...@gmail.com wrote:
What about styling a link to look like a button with css? It won't be an
exact match style wise but you can get close. I have done this
succesfully
Bastien
Sent from my iPod
On Apr 2, 2009, at 6:04, Angus Mann angusm...@pobox.com wrote:
Hi all.
I want to have several delete buttons with just one form, and depending
on
which button is pressed, one of several items is deleted.
So I need multiple submit buttons for 1 form, each displaying the same
text Delete to the user, but each with a different value so the PHP
script can tell them apart.
I've used this code for the buttons...
centerbutton type=submit name=btid value=1Delete/center
centerbutton type=submit name=btid value=2Delete/center
centerbutton type=submit name=btid value=3Delete/center
And it works just fine with firefox. But IE does not seem to pass the
value back to the btid so when the script asks
if $_POST['btid'] == 1 {
}
the value 1, 2, or 3 is not given back to PHP by IE. It is given back
correctly by firefox and works fine.
Any suggestions ?
Thanks.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Error on .htaccess
In all the servers i had tested my system i dont have any problem, but in
this server the apache are displaying to me the error 500 Internal Server
Error.
Someone can say tome what is wront with my .htaccess?
RewriteEngine On
IfModule mod_rewrite.c
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond $1 !-d
RewriteRule ^(.*)$ load.php?$1 [QSA,L]
/IfModule
This server are running PHP 5.2.9 and Apache 1.3.41 (Unix).
Regards,
Igor Escobar
systems analyst interface designer
www . igorescobar . com
Re: [PHP] Problem with header();
I don't had the oportunity to test it yet, but today i will. Today i will make two tests: - Save the files without BOM. - If i dont have success i will disable the output buffering. Thanks to everybody for all support. Regards, Igor Escobar systems analyst interface designer www . igorescobar . com On Tue, Mar 31, 2009 at 12:39 AM, Phpster phps...@gmail.com wrote: Output buffering turned off? Bastien Sent from my iPod On Mar 30, 2009, at 15:03, Igor Escobar titiolin...@gmail.com wrote: Hi guys, probably everybody goes think: its the same problem ever HTML before header() functions ... but it is not. I has working on a project and this are a running in Windows (shame on me). Recently i migrate to *Ubuntu *and some problems occurred and that specifically i can't understand WHY this rappening Warning: Cannot modify *header* information - headers already sent by On my web server on the internet it's OK On my local web server on my work it's OK On my loca web server on my notebook it's the problem. This error occurs only in my notebook (recently that I migrate to linux and it does not already). Please, someone have any idea what the fuck is happening? Regards, Igor Escobar systems analyst interface designer www . igorescobar . com
Re: [PHP] time() TIMER in seconds or just numbers
When someone does that, it means the execution time between $t1 and $t2...
Att,
Igor Escobar
systems analyst interface designer
www . igorescobar . com
On Mon, Mar 30, 2009 at 7:38 AM, Richard Heyes rich...@php.net wrote:
2009/3/30 Andrew Williams andrew4willi...@gmail.com:
what does time();
$t1 = time();
{
do something
}
$t2 = time();
$end_time = $t2 - $t1;
echo $end_time;
what does $end_time represent?
$end_time is not a great name for it: it's the time (number of
seconds) it took to go from $t1 to $t2. $duration might be better.
how do you determine the next 5 mins?
Eh? time() + 300 is five minutes from now.
--
Richard Heyes
HTML5 Canvas graphing for Firefox, Chrome, Opera and Safari:
http://www.rgraph.net (Updated March 14th)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] foreach and form submission.
Try this...
$_POST = array_map('stri_tags', $_POST);
Igor Escobar
systems analyst interface designer
www . igorescobar . com
On Sat, Mar 28, 2009 at 6:21 PM, Angus Mann angusm...@pobox.com wrote:
Thanks Ashley...that did the trick.
After reading about the limitations of strip_tags I decided to just replace
the bad bits as below...
It still uses your foreach suggestion but replaces and with (
and ) instead of stripping tags.
I think I will extend the good and bad arrays to deal with magic quotes
also !
$bad = array('','lt;','#60;', '', 'gt;', '#62');
$good = array('(', '(', '(', ')', ')', ')');
foreach ($_POST as $key = $value) {
$_POST[$key] = str_ireplace($bad, $good, $value);
}
I'd do something like this, so as to preserve the original post data
array:
$data = Array();
foreach($_POST as $key = $value)
{
$data[$key] = strip_tags($value);
}
Note that strip_tags() will not be able to decently clean up messy code
(i.e. code where the opening or closing tags themselves aren't formed
properly)
Ash
www.ashleysheridan.co.uk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Security Support
I agree with you Daniel Regards, Igor Escobar systems analyst interface designer www . igorescobar . com On Mon, Mar 30, 2009 at 10:58 AM, Daniel Brown danbr...@php.net wrote: On Sun, Mar 29, 2009 at 22:07, abdulazeez alugo defati...@hotmail.com wrote: Yea, dude, well me GED says I kin git it dun wit less wastid time. -- No be only una get pidgin English ooo. Me sef fit do am sharp sharp no be say them say. Is there any particular reason you guys totally trashed this thread? It's fine if you don't want to apply, but please don't go out of your way to try to make someone with a legitimate and properly-formatted request look like a moron because it backfires and reflects poorly on your own professionalism. -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] time() TIMER in seconds or just numbers
Okey, but you understand the purpouse of it? Igor Escobar systems analyst interface designer www . igorescobar . com On Mon, Mar 30, 2009 at 3:42 PM, haliphax halip...@gmail.com wrote: On Mon, Mar 30, 2009 at 11:37 AM, Igor Escobar titiolin...@gmail.com wrote: The people use that to measure performance. If you're intersted about that read http://www.igorescobar.com/blog/2009/03/05/benchmarking-de-desempenho-no-php/ (in portuguese, sorry) Regards, Igor Escobar On Mon, Mar 30, 2009 at 1:05 PM, haliphax halip...@gmail.com wrote: On Mon, Mar 30, 2009 at 10:47 AM, Richard Heyes rich...@php.net wrote: When someone does that, it means the execution time between $t1 and $t2... Is that for my benefit? Believe it or not, I do know the arcane art of subtraction... I would subtract more often, but sacrificial farm animals and black candles are so hard to come by these days... Oh, I'm fully aware of what it's for. FYI, microtime() is probably more appropriate, since 1 full second in computer terms is a loong time. ...and I don't speak a lick of Portuguese. -- // Todd
[PHP] Problem with header();
Hi guys, probably everybody goes think: its the same problem ever HTML before header() functions ... but it is not. I has working on a project and this are a running in Windows (shame on me). Recently i migrate to *Ubuntu *and some problems occurred and that specifically i can't understand WHY this rappening Warning: Cannot modify *header* information - headers already sent by On my web server on the internet it's OK On my local web server on my work it's OK On my loca web server on my notebook it's the problem. This error occurs only in my notebook (recently that I migrate to linux and it does not already). Please, someone have any idea what the fuck is happening? Regards, Igor Escobar systems analyst interface designer www . igorescobar . com
Re: [PHP] Problems with implode
Maybe you can reduce your code a little using the range();
?php
$list = range(12300, 12801);
$pidList = implode(',', $list);
mail('y...@email.dom, 'debug implode', var_export(array($pidList,
$list),1));
?
it's just a sugestion...
Regards,
Igor Escobar
systems analyst interface designer
www . igorescobar . com
On Wed, Mar 25, 2009 at 4:42 AM, Toke Herkild t...@ezl-data.dk wrote:
Okay, tested in the following manner:
for ($i=12300;$i12801;$i++){
// List is filled with integers, in the correct charset from PHP
$list[] = $i;
}
$pidList = implode(',', $list);
mail('y...@email.dom, 'debug implode', var_export(array($pidList,
$list),1));
And I got the same error, which indicates that perhaps implode works just
as it should but the representation is off. that in it self would be okay,
but how then do we control that the query is actually correct ?
If we cannot trust the debug output how then can we trust that the query
is doing what it is supposed to do ?
Regards,
Toke
Toke Herkild skrev:
As stated before, packet size not the problem, data is delivered perfectly
from MySQL.
Problem seems to be when the result string is diplayed.
I'll try to do a test with a numeric array:
$list = array(12300..12800); and see what happens.
regards,
Toke
Andrea Giammarchi skrev:
What about MySQL max_allowed_packet setting? is it bigger than produced
string?
To: php-general@lists.php.net
Date: Tue, 24 Mar 2009 15:23:20 +0100
From: t...@ezl-data.dk
Subject: Re: [PHP] Problems with implode
Per Jessen skrev:
Andrea Giammarchi wrote:
Dunno why you guys started talk about utf-8 problems, he has a list of
ids which should contain only unsigned integers, otherwise I do not
get how that query could work with an implode(',', $whatever)
Very good point - maybe the OP has not yet tested his code that far?
Is
there a possibility that some of the id's are _not_ just plain integers
made up of 0-9?
/Per
And exatly the reason I tried the following:
$list[] = $row['uid'];
$list[] = intval($row['uid']);
$list[] = mb_convert_encoding($row['uid'], 'iso-8859-1');
$list[] = mb_convert_encoding(intval($row['uid']), 'iso-8859-1');
My best bet as for now:
It isn't implode there's the problem, but the length of the string
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
_
More than messages–check out the rest of the Windows Live™.
http://www.microsoft.com/windows/windowslive/
As stated before, packet size not the problem, data is delivered perfectly
from MySQL.
Problem seems to be when the result string is diplayed.
I'll try to do a test with a numeric array:
$list = array(12300..12800); and see what happens.
regards,
Toke
Andrea Giammarchi skrev:
What about MySQL max_allowed_packet setting? is it bigger than produced
string?
To: php-general@lists.php.net
Date: Tue, 24 Mar 2009 15:23:20 +0100
From: t...@ezl-data.dk
Subject: Re: [PHP] Problems with implode
Per Jessen skrev:
Andrea Giammarchi wrote:
Dunno why you guys started talk about utf-8 problems, he has a list of
ids which should contain only unsigned integers, otherwise I do not
get how that query could work with an implode(',', $whatever)
Very good point - maybe the OP has not yet tested his code that far?
Is
there a possibility that some of the id's are _not_ just plain integers
made up of 0-9?
/Per
And exatly the reason I tried the following:
$list[] = $row['uid'];
$list[] = intval($row['uid']);
$list[] = mb_convert_encoding($row['uid'], 'iso-8859-1');
$list[] = mb_convert_encoding(intval($row['uid']), 'iso-8859-1');
My best bet as for now:
It isn't implode there's the problem, but the length of the string
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
_
More than messages–check out the rest of the Windows Live™.
http://www.microsoft.com/windows/windowslive/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Fwd: A fatal error with php virtual cron
Maybe your problem are in the way you're calling your program by socket. If you show me this part of the code, maybe i can help you. Regards, Igor Escobar systems analyst interface designer www . igorescobar . com On Wed, Mar 25, 2009 at 4:01 PM, אלמוג בקו almog.b...@gmail.com wrote: Hello, There is some week than I trying to solve a critical error on my VirtualCron script. *First of all what is VirtualCron?:* Virtual cron is script that`s call(http request) himself and doing the jobs by the time(like a cron-jobs on linux, but this script build on php and its make it independent by the Operation System and the access to the server. [wordpress build something like that too]). *How my system works?:* I have a page(cron.php) and I set this settings: ignore_user_abort(true); set_time_limit(0); sleep(1); //setting the base time unit I call to the script by socket connection with timout of 0.5s and with non-blocking mode. Additionaly I have a log system that save a file with the error when they happend. andI can kill the script by deleting pid file. *Well what`s happend?:* The script works well when I tune a job to work more 5min from the running time. But from some reason the script stop to run after some seconds.. and the system`s log dosent show any php`s error. BUT I found this error on my apache`s logs: *[Wed Mar 25 10:25:19 2009] [error] [client 67.205.44.109] Premature end of script headers: cron.php* I hope thats someone know what I have to do.. Thanks a lot, Almog Baku, Israel. * *** My script run on Shared DreamHost, with php5 apache on linux *** * * צור איתי קשר:* http://www.facebook.com/profile.php?id=682327963
Re: [PHP] Fwd: A fatal error with php virtual cron
Try the ignore_user_abort(true);
Regards,
Igor Escobar
systems analyst interface designer
www . igorescobar . com
On Wed, Mar 25, 2009 at 4:21 PM, אלמוג בקו almog.b...@gmail.com wrote:
This is a part of the class:
private function _request() {
//URL information
$url= http://.$_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
$url_info= parse_url($url);
//Fixing port
if(!isset($url_info['port'])) $url_info['port']=80;
//Send Cron-data
$data = array(
'jobs'= base64_encode(var_export($this-jobs, true)),
'firstRun'= base64_encode($this-firstRun)
);
$data=http_build_query($data);
//Headers
$headers =
.POST . $url . HTTP/1.0 \r\n
.HOST: . $url_info['host'] . : . $url_info['port'] .
\r\n
.Content-type: application/x-www-form-urlencoded \r\n
.Content-Length: . strlen($data) . \r\n
.User-Agent: phpCron \r\n
.Connection: close\r\n\r\n
.$data
;
//Error vars
$errstr= null;
$errno = null;
$fp = fsockopen($_SERVER['HTTP_HOST'], $_SERVER['SERVER_PORT'], $errno,
$errstr, 0.5);
if($fp) {
@fwrite($fp, $headers);
@stream_set_timeout($fp, 0.5);
@stream_set_blocking($fp, 0);
@fclose($fp);
return true;
} else {
$this-error = array('socket'=array('errstr'=$errstr,
'errno'=$errno));
return false;
}
}
*
צור איתי קשר:*
http://www.facebook.com/profile.php?id=682327963
On Wed, Mar 25, 2009 at 9:17 PM, Igor Escobar titiolin...@gmail.comwrote:
Maybe your problem are in the way you're calling your program by socket.
If you show me this part of the code, maybe i can help you.
Regards,
Igor Escobar
systems analyst interface designer
www . igorescobar . com
On Wed, Mar 25, 2009 at 4:01 PM, אלמוג בקו almog.b...@gmail.com wrote:
Hello,
There is some week than I trying to solve a critical error on my
VirtualCron
script.
*First of all what is VirtualCron?:*
Virtual cron is script that`s call(http request) himself and doing the
jobs by the time(like a cron-jobs on linux, but this script build on
php
and its make it independent by the Operation System and the access to the
server. [wordpress build something like that too]).
*How my system works?:*
I have a page(cron.php) and I set this settings:
ignore_user_abort(true);
set_time_limit(0);
sleep(1); //setting the base time unit
I call to the script by socket connection with timout of 0.5s and with
non-blocking mode.
Additionaly I have a log system that save a file with the error when they
happend. andI can kill the script by deleting pid file.
*Well what`s happend?:*
The script works well when I tune a job to work more 5min from the
running
time.
But from some reason the script stop to run after some seconds.. and the
system`s log dosent show any php`s error.
BUT I found this error on my apache`s logs:
*[Wed Mar 25 10:25:19 2009] [error] [client 67.205.44.109] Premature end
of
script headers: cron.php*
I hope thats someone know what I have to do..
Thanks a lot,
Almog Baku, Israel.
*
*** My script run on Shared DreamHost, with php5 apache on linux ***
*
*
צור איתי קשר:*
http://www.facebook.com/profile.php?id=682327963
Re: [PHP] Fwd: A fatal error with php virtual cron
Oh, Sorry, I had not seen.
Well, I don't see anything wrong in your code, but maybe...if you find in
your apache config file, you can found for something similar to your problem
...
Sorry can't help you.
Regards,
Igor Escobar
systems analyst interface designer
www . igorescobar . com
On Wed, Mar 25, 2009 at 4:40 PM, אלמוג בקו almog.b...@gmail.com wrote:
I already wrote that..
ignore_user_abort(true);
set_time_limit(0);
sleep(1);
*
צור איתי קשר:*
http://www.facebook.com/profile.php?id=682327963
On Wed, Mar 25, 2009 at 9:38 PM, Igor Escobar titiolin...@gmail.comwrote:
Try the ignore_user_abort(true);
Regards,
Igor Escobar
systems analyst interface designer
www . igorescobar . com
On Wed, Mar 25, 2009 at 4:21 PM, אלמוג בקו almog.b...@gmail.com wrote:
This is a part of the class:
private function _request() {
//URL information
$url= http://.$_SERVER['HTTP_HOST'] .
$_SERVER['PHP_SELF'];
$url_info= parse_url($url);
//Fixing port
if(!isset($url_info['port'])) $url_info['port']=80;
//Send Cron-data
$data = array(
'jobs'= base64_encode(var_export($this-jobs, true)),
'firstRun'= base64_encode($this-firstRun)
);
$data=http_build_query($data);
//Headers
$headers =
.POST . $url . HTTP/1.0 \r\n
.HOST: . $url_info['host'] . : . $url_info['port'] .
\r\n
.Content-type: application/x-www-form-urlencoded \r\n
.Content-Length: . strlen($data) . \r\n
.User-Agent: phpCron \r\n
.Connection: close\r\n\r\n
.$data
;
//Error vars
$errstr= null;
$errno = null;
$fp = fsockopen($_SERVER['HTTP_HOST'], $_SERVER['SERVER_PORT'],
$errno, $errstr, 0.5);
if($fp) {
@fwrite($fp, $headers);
@stream_set_timeout($fp, 0.5);
@stream_set_blocking($fp, 0);
@fclose($fp);
return true;
} else {
$this-error = array('socket'=array('errstr'=$errstr,
'errno'=$errno));
return false;
}
}
*
צור איתי קשר:*
http://www.facebook.com/profile.php?id=682327963
On Wed, Mar 25, 2009 at 9:17 PM, Igor Escobar titiolin...@gmail.comwrote:
Maybe your problem are in the way you're calling your program by socket.
If you show me this part of the code, maybe i can help you.
Regards,
Igor Escobar
systems analyst interface designer
www . igorescobar . com
On Wed, Mar 25, 2009 at 4:01 PM, אלמוג בקו almog.b...@gmail.comwrote:
Hello,
There is some week than I trying to solve a critical error on my
VirtualCron
script.
*First of all what is VirtualCron?:*
Virtual cron is script that`s call(http request) himself and doing the
jobs by the time(like a cron-jobs on linux, but this script build on
php
and its make it independent by the Operation System and the access to
the
server. [wordpress build something like that too]).
*How my system works?:*
I have a page(cron.php) and I set this settings:
ignore_user_abort(true);
set_time_limit(0);
sleep(1); //setting the base time unit
I call to the script by socket connection with timout of 0.5s and with
non-blocking mode.
Additionaly I have a log system that save a file with the error when
they
happend. andI can kill the script by deleting pid file.
*Well what`s happend?:*
The script works well when I tune a job to work more 5min from the
running
time.
But from some reason the script stop to run after some seconds.. and
the
system`s log dosent show any php`s error.
BUT I found this error on my apache`s logs:
*[Wed Mar 25 10:25:19 2009] [error] [client 67.205.44.109] Premature
end of
script headers: cron.php*
I hope thats someone know what I have to do..
Thanks a lot,
Almog Baku, Israel.
*
*** My script run on Shared DreamHost, with php5 apache on linux ***
*
*
צור איתי קשר:*
http://www.facebook.com/profile.php?id=682327963
Re: [PHP] Proper code formatting
Hi Angus, please, read this topic http://www.igorescobar.com/blog/2009/02/03/coding-standards/ I speak a little bit about Coding Standards. Igor Escobar systems analyst interface designer www . igorescobar . com On Mon, Mar 23, 2009 at 9:48 AM, Jason Pruim pru...@gmail.com wrote: George Larson wrote: On Mon, Mar 23, 2009 at 8:23 AM, Shawn McKenzie nos...@mckenzies.net wrote: Bob McConnell wrote: From: Michael A. Peters Angus Mann wrote: Hi all, I'm fairly new to PHP so I don't have too many bad habits yet. I'm keen to make my code easy to read for me in the future, and for others as well. Are there any rules or advice I can use for formatting (especially indenting) code? for example how best to format / indent this ? To each his own. Whatever floats your canoe. Just whatever you pick, stick to it throughout your code. I'm using PHP designer 2008 which does syntax coloring but if it has something to automatically indent - I haven't found it yet. It probably allows you to either set a specify a tab as a real tab or a specified number of spaces. Auto-indenting - this isn't python, the compiler doesn't enforce it's way, you follow the convention of the project you are working on - so I suspect many php editors tailored to php don't have an auto indent. I've never of course tried that specific product. I use bluefish, vi, and emacs. To take this question a step further, is there a PHP best practices document available? I am looking for one that I can give to a new programmer and tell her do it this way until you can explain to me why you shouldn't. Bob McConnell There are various coding standards. There is one for PEAR, the Zend Framework and most frameworks/large projects that take contributions have them. Here's Zend: http://framework.zend.com/manual/en/coding-standard.html -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Being a greenhorn, I too can benefit from this thread. Is that to say, Shawn, that you personally find this (Zend) standard as good or better than the rest? I actually just went through this wit ha group of people that come from all different levels and back grounds in regards to programing. Trying to decide whether to use spaces, or tabs, short hand or long hand... It took quite a bit of discussion before we arrived at an agreement... It really didn't matter what format we used as long as we stayed consistent throughout the file. In other words, if you are going to edit a file and it uses spaces instead of tabs, use spaces So absolutely, develop some standards if you are going to have multiple coders working on it... But they don't have to be set by someone else... Personally though, I go for readability it may at times take longer to write it out, but since we all type 500 words permit with 100% accuracy it won't be a problem right? ;) And then when you go back to the code in 6 months, a year, 2 years... It's still easily read able :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Multithreading in PHP
Great Project, Lemos. When you are thinking in show more exemples? Regards, Igor Escobar systems analyst interface designer www . igorescobar . com On Fri, Mar 20, 2009 at 3:04 AM, Manuel Lemos mle...@acm.org wrote: Hello Andrea, on 03/18/2009 06:07 AM Andrea Giammarchi said the following: If anybody interested, this is my old comet implementation in PHP: http://webreflection.blogspot.com/2008/04/phomet-changes-name-so-welcome-phico.html Great! Any live examples page? P.S. Hi Manuel, ages I do not read you ( ages I do not post my classes in phpclasses.org :-) ) Oh, yes, feel free to get back. Hopefully soon the PHPClasses site will share ad revenue with the best contributors! ;-) -- Regards, Manuel Lemos Find and post PHP jobs http://www.phpclasses.org/jobs/ PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] today i found the best function I've ever seen
Do not try this at home...
Igor Escobar
systems analyst interface designer
www . igorescobar . com
On Sat, Mar 21, 2009 at 7:23 AM, Virgilio Quilario
virgilio.quila...@gmail.com wrote:
if( !function_exists('clean_sql_term') )
{
function clean_sql_term($term) {
return $term;
}
}
beautiful
hi Nathan,
Nice find.
You have found a very useful function.
Here is how I use it to load needed PHP files that declares the function.
if (!function_exists('clean_sql_term'))
{
require 'module.php';
}
clean_sql_term($term);
Above code makes sure that the function is available.
Really beautiful, though jurassic but useful.
Cheers,
Virgil
http://www.jampmark.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] So called PHP Expert
Say this: Okey man, where are the camera? it's not funny :D Regards, Igor Escobar systems analyst interface designer www . igorescobar . com On Sat, Mar 21, 2009 at 8:16 PM, abdulazeez alugo defati...@hotmail.comwrote: Date: Sat, 21 Mar 2009 10:54:56 -0400 From: danbr...@php.net To: tedd.sperl...@gmail.com CC: php-general@lists.php.net; rob...@interjinn.com Subject: Re: [PHP] So called PHP Expert On Sat, Mar 21, 2009 at 10:48, tedd tedd.sperl...@gmail.com wrote: Leave it to you to drop kick me when you have the chance. Here I was trying to say something prophetic and you made it pathetic. :-) Maybe philosophical? Oh well, at least I take comfort in the fact that you'll probably not live to be as old as me. But if you do, just imagine how deep your ignorance will be. :-) Now *this* is prophetic and a harsh response to a virtual drop-kick. You guys play rough! Oh! ref dan, I charge you to give them a yellow card or something. Alugo www.frangeovic.com _ More than messages–check out the rest of the Windows Live™. http://www.microsoft.com/windows/windowslive/
Re: [PHP] Proper code formatting
Im brazilian, and i understand your language, why you dont undertand my ? Regards, Igor Escobar systems analyst interface designer www . igorescobar . com On Mon, Mar 23, 2009 at 11:10 AM, abdulazeez alugo defati...@hotmail.comwrote: Date: Mon, 23 Mar 2009 09:52:21 -0300 From: titiolin...@gmail.com To: pru...@gmail.com CC: george.g.lar...@gmail.com; nos...@mckenzies.net; php-general@lists.php.net Subject: Re: [PHP] Proper code formatting Hi Angus, please, read this topic *http://www.igorescobar.com/blog/2009/02/03/coding-standards/ * I speak a little bit about Coding Standards. And how did you expect us to understand the language your site is written in? -- See all the ways you can stay connected to friends and familyhttp://www.microsoft.com/windows/windowslive/default.aspx
Re: [PHP] Proper code formatting
Ok man, I'm sorry. This post i wrote in a few days ago in my native language. I dont have time enough to write in two languagesbut who knows in the future i can do it? I'm sorry about that man,but if you like the post anyway, try something like google translator. Regards, Igor Escobar systems analyst interface designer www . igorescobar . com On Mon, Mar 23, 2009 at 11:33 AM, abdulazeez alugo defati...@hotmail.comwrote: Im brazilian, and i understand your language, why you dont undertand my ? Regards, Igor Escobar systems analyst interface designer www . igorescobar . com Well I guess the answer to that is obvious. I'm not brazilian and it would be so generous of you to use the most acceptable International language in the world (English). Though it's not my first language too but I use it as a mean to communicate with others. Atleast the essence of communication is to be understood isn't it? NOTE: I speak other international languages too though but I haven't come up to learning brazilian. Maybe you can help me with a simple tutorial on your language. Best regards. Alugo. _ Drag n’ drop—Get easy photo sharing with Windows Live™ Photos. http://www.microsoft.com/windows/windowslive/products/photos.aspx
Re: [PHP] Proper code formatting
Thx ab. I'm did not to be rude ;) Have a nice day. Regards, Igor Escobar systems analyst interface designer www . igorescobar . com On Mon, Mar 23, 2009 at 12:05 PM, abdulazeez alugo defati...@hotmail.comwrote: Ok man, I'm sorry. This post i wrote in a few days ago in my native language. I dont have time enough to write in two languagesbut who knows in the future i can do it? I'm sorry about that man,but if you like the post anyway, try something like google translator. Regards,Igor Escobar systems analyst interface designer www . igorescobar . com Well. Since it's not a common thing on this mailing list to hear someone say he's sorry I readily accept your apology and I'll use the google translator as you suggested. Come to think of it, arguments almost never end well on this list (we just broke the record). Remember the one between Almighty, self acclaimed Superstar Dan and Bot Jessica? then there was the one between the client who later became the employer and Tedd. Cheers. _ More than messages–check out the rest of the Windows Live™. http://www.microsoft.com/windows/windowslive/
