Re: [PHP] how to manage permissions for file uploader
From: Phpster phps...@gmail.com To: Lamp Lists lamp.li...@yahoo.com Cc: php-general@lists.php.net php-general@lists.php.net Sent: Wednesday, June 3, 2009 8:30:05 PM Subject: Re: [PHP] how to manage permissions for file uploader This is fairly simple to do as an http upload. With the folder above the web root, it less if an issue since general users can't gain access, a script can do all the interaction needed. Plus you can chown the permissions with php Bastien Sent from my iPod On Jun 3, 2009, at 17:24, Lamp Lists lamp.li...@yahoo.com wrote: to upload an image for a photo gallery (my own code) I have to have permission for the directory images 0777. but having permission for a directory 0777 is REALLY bad idea, isn't it? I'm owner of the directory (lamp:lamp images). what to do to set my code has permission to upload an image into the images directory and have permissions on the directory 0755? I googled for file uploader scripts and classes to se how they handle it but I can't see that part. just file/size/type validation and moving uploaded file to final destination. thanks. -LL Right. I did it for very first time. Now, I changed the hosting and directory is already full with images. What now? Create by php new one and then move by php images to new folder?
[PHP] how to manage permissions for file uploader
to upload an image for a photo gallery (my own code) I have to have permission for the directory images 0777. but having permission for a directory 0777 is REALLY bad idea, isn't it? I'm owner of the directory (lamp:lamp images). what to do to set my code has permission to upload an image into the images directory and have permissions on the directory 0755? I googled for file uploader scripts and classes to se how they handle it but I can't see that part. just file/size/type validation and moving uploaded file to final destination. thanks. -LL
Re: [PHP] try - catch is not so clear to me...
From: Bastien Koert phps...@gmail.com To: Lamp Lists lamp.li...@yahoo.com Cc: Marc Steinert li...@bithub.net; php-general@lists.php.net Sent: Tuesday, April 14, 2009 8:11:04 AM Subject: Re: [PHP] try - catch is not so clear to me... On Mon, Apr 13, 2009 at 11:34 PM, Lamp Lists lamp.li...@yahoo.com wrote: From: Marc Steinert li...@bithub.net To: Lamp Lists lamp.li...@yahoo.com Cc: php-general@lists.php.net Sent: Monday, April 13, 2009 11:27:08 AM Subject: Re: [PHP] try - catch is not so clear to me... Basically try-catch gives you the ability to handle errors outside a class or method scope, by the calling instance. This comes in handy, if you are programming in an object orientated way and thus enables you to seperate error handling from the rest of your functionality. Means, your methods do only the things, they are meant to do, without bothering to handling occuring errors. Hope, that made things clearer. Greetings from Germany Marc Lamp Lists wrote: hi to all! actually, the statement in the Subject line is not 100% correct. I understand the purpose and how it works (at least I think I understand :-)) but to me it's so complicated way? -- http://bithub.net/ Synchronize and share your files over the web for free My Twitter feed http://twitter.com/MarcSteinert Looks like I still didn't get it correctly: try { if (!send_confirmation_email($email, $subject, $content)) { throw new Exception('Confirmation email is not sent'); } } catch (Exception $e) { send_email_with_error_to_admin($e, $content); } why am I getting both emails? I'm receiving confirmation email and email with error message - that I'm supposed to get if the first one is not sent for some reason?!?!?!? thanks for any help. -LL what does this function [send_confirmation_email($email, $subject, $content)] return? -- Bastien Cat, the other other white meat function send_confirmation_email($to, $subject, $body) { $headers =MIME-Versin: 1.0\n . Content-type: text/plain; charset=ISO-8859-1; format=flowed\n . Content-Transfer-Encoding: 8bit\n . Reply-To: Contact lamp.li...@yahoo.com\n. From: Contact lamp.li...@yahoo.com\n . X-Mailer: PHP . phpversion(); mail($to, $subject, $body, $headers) or die(mysql_errno()); } $body is regular confirmation text: Thank you for subscribing. To activate your account klick on the following link... etc. function send_email_with_error_to_admin($e, $content) { $error_message = Caught exception: . $e-getMessage() . \n; $error_message .= Code : . $e-getCode().\n; $error_message .= File : . $e-getFile().\n; $error_message .= Line : . $e-getLine().\n; $to_email = lamp.li...@yahoo.com; $subject = [Confirmation Error Report] .$e-getMessage(); $content .= \n--\n\n; $content .= Error Report:\n\n.$error_message; $content .= \n--\n\n; send_confirmation_email($to_email, $subject, $content); }
[PHP] try - catch is not so clear to me...
hi to all! actually, the statement in the Subject line is not 100% correct. I understand the purpose and how it works (at least I think I understand :-)) but to me it's so complicated way? let's take a look in example from php.net(http://us3.php.net/try) ?php function inverse($x) { if (!$x) { throw new Exception('Division by zero.'); } else return 1/$x; } try { echo inverse(5) . \n; echo inverse(0) . \n; } catch (Exception $e) { echo 'Caught exception: ', $e-getMessage(), \n; } // Continue execution echo 'Hello World'; ? I would do the same thing, I think, less complicated: ?php function inverse($x) { if (!$x) { echo 'Division by zero'; } else return 1/$x; } echo inverse(5); echo inverse(0); // Continue execution echo 'Hello world'; ? I know this is too simple, maybe not the best example, but can somebody please explain the purpose of try/catch? Thanks. -LL
Re: [PHP] try - catch is not so clear to me...
From: Kyle Smith kyle.sm...@inforonics.com To: Lamp Lists lamp.li...@yahoo.com Cc: php-general@lists.php.net Sent: Monday, April 13, 2009 9:52:36 AM Subject: Re: [PHP] try - catch is not so clear to me... Lamp Lists wrote: hi to all! actually, the statement in the Subject line is not 100% correct. I understand the purpose and how it works (at least I think I understand :-)) but to me it's so complicated way? let's take a look in example from php.net(http://us3.php.net/try) ?php function inverse($x) { if (!$x) { throw new Exception('Division by zero.'); } else return 1/$x; } try { echo inverse(5) . \n; echo inverse(0) . \n; } catch (Exception $e) { echo 'Caught exception: ', $e-getMessage(), \n; } // Continue execution echo 'Hello World'; ? I would do the same thing, I think, less complicated: ?php function inverse($x) { if (!$x) { echo 'Division by zero'; } else return 1/$x; } echo inverse(5); echo inverse(0); // Continue execution echo 'Hello world'; ? I know this is too simple, maybe not the best example, but can somebody please explain the purpose of try/catch? Thanks. -LL Your example kind of defeats the point. The point of a try {} block is that it will attempt to execute code and execute catch on a true failure. Your function already is protected against failure. Consider this $x = 0; try { $y = 4 / $x; // This will divide by zero, not good. } catch (Exception $e) { echo Error: $e } More importantly, the try/catch should be in your function, not around the invocations of your function: function inverse($x) { try { return $x/0; } catch(Exception $e) { return false; } } Consider this also, simply echoing an error on divide by Zero might not be great if your function is called, say, before headers. Throwing exceptions can be re-caught by executing code, which can easily avoid pre-header output. Does that clear up the purpose a bit? I'm no expert, but that's my understanding. HTH, Kyle Yes and No... Right now I was thinking to start using try/catch block on places where could be problem in my code and, if there is an error - send to myself email with error info. E.g., I use right now something like this: function send_conf_email($to, $subject, $content) { $headers =MIME-Versin: 1.0\n . Content-type: text/plain; charset=ISO-8859-1; format=flowed\n . Content-Transfer-Encoding: 8bit\n . Reply-To: l...@yahoo.com\n. From: LL\n . X-Mailer: PHP . phpversion(); mail($to, $subject, $body, $headers); } function send_error_email_to_admin($email) { $to = 'l...@yahoo.com'; $subject = '[Error Report] '.$email['subject']; $content = $email['content']; send_conf_email($to, $subject, $content); } if (!send_conf_email($to, $subject, $content)) { send_error_email_to_admin($subject, $content); } how would/should be the code by using try/catch() block? something like this: try { if (!send_plain_email($this-submitted_email, $subject, $body_plain)) { throw new Exception('Confirmation email is not sent'); } } catch (Exception $e) { send_error_email_to_admin($subject, $content . $e-getMessage()); } there is something fishy :-) -LL
Re: [PHP] try - catch is not so clear to me...
From: Lamp Lists lamp.li...@yahoo.com To: php-general@lists.php.net Sent: Monday, April 13, 2009 9:29:16 AM Subject: [PHP] try - catch is not so clear to me... hi to all! actually, the statement in the Subject line is not 100% correct. I understand the purpose and how it works (at least I think I understand :-)) but to me it's so complicated way? let's take a look in example from php.net(http://us3.php.net/try) ?php function inverse($x) { if (!$x) { throw new Exception('Division by zero.'); } else return 1/$x; } try { echo inverse(5) . \n; echo inverse(0) . \n; } catch (Exception $e) { echo 'Caught exception: ', $e-getMessage(), \n; } // Continue execution echo 'Hello World'; ? I would do the same thing, I think, less complicated: ?php function inverse($x) { if (!$x) { echo 'Division by zero'; } else return 1/$x; } echo inverse(5); echo inverse(0); // Continue execution echo 'Hello world'; ? I know this is too simple, maybe not the best example, but can somebody please explain the purpose of try/catch? Thanks. -LL another example from php.net ?php try { $connection = mysql_connect(...); if ($connection === false) { throw new Exception('Cannot connect do mysql'); } /* ... do whatever you need with database, that may mail and throw exceptions too ... */ mysql_close($connection); } catch (Exception $e) { /* ... add logging stuff there if you need ... */ echo This page cannot be displayed; } ? compare to: ?php $connection = mysql_connect(...) or die('Cannot connect do mysql'. mysql_error()); ? -LL
Re: [PHP] try - catch is not so clear to me...
From: Marc Steinert li...@bithub.net To: Lamp Lists lamp.li...@yahoo.com Cc: php-general@lists.php.net Sent: Monday, April 13, 2009 11:27:08 AM Subject: Re: [PHP] try - catch is not so clear to me... Basically try-catch gives you the ability to handle errors outside a class or method scope, by the calling instance. This comes in handy, if you are programming in an object orientated way and thus enables you to seperate error handling from the rest of your functionality. Means, your methods do only the things, they are meant to do, without bothering to handling occuring errors. Hope, that made things clearer. Greetings from Germany Marc Lamp Lists wrote: hi to all! actually, the statement in the Subject line is not 100% correct. I understand the purpose and how it works (at least I think I understand :-)) but to me it's so complicated way? -- http://bithub.net/ Synchronize and share your files over the web for free My Twitter feed http://twitter.com/MarcSteinert Looks like I still didn't get it correctly: try { if (!send_confirmation_email($email, $subject, $content)) { throw new Exception('Confirmation email is not sent'); } } catch (Exception $e) { send_email_with_error_to_admin($e, $content); } why am I getting both emails? I'm receiving confirmation email and email with error message - that I'm supposed to get if the first one is not sent for some reason?!?!?!? thanks for any help. -LL
[PHP] HTML pages are faster then php?
hi, as far as I know (at least I was told so) html page will download faster then the same page made with php getting the same info from mysql, right? let's pretend we are building php/mysq based website of one football team. there are pages of every player, about the team, games etc. in admin area there is form to enter player's data: first name, last name, DOB, place of birth, him number (jersey), previous teams, education,... we submit data and they are stored in database. and we just did for john doe, (id=12345), born on 1986-10-02 in Paris, TX (do you remember nastasia kinski? :-)) on front end there is list of players and you click on john doe's name and the page will show submitted data. what if we, together with storing john doe data into mysql, create html page 12345.html with all his data. and actually, when visitor clicks on his name on the list of players it will not open player.php?id=12345 then 12345.html? this page will download faster, right? downside, depending of type of the website, it could be thousands and thousands of pages, but still...? to edit john doe page, the administrator (in admin area) will pull the data from mysql, do the changes and submit new ones to mysql and overwrite 12345.html page. now, what's bad with this structure? what am I thinking wrong? thanks ll
Re: [PHP] HTML pages are faster then php?
From: Ashley Sheridan a...@ashleysheridan.co.uk To: Lamp Lists lamp.li...@yahoo.com Cc: php-general@lists.php.net Sent: Wednesday, January 14, 2009 4:47:28 PM Subject: Re: [PHP] HTML pages are faster then php? On Wed, 2009-01-14 at 14:34 -0800, Lamp Lists wrote: hi, as far as I know (at least I was told so) html page will download faster then the same page made with php getting the same info from mysql, right? let's pretend we are building php/mysq based website of one football team. there are pages of every player, about the team, games etc. in admin area there is form to enter player's data: first name, last name, DOB, place of birth, him number (jersey), previous teams, education,... we submit data and they are stored in database. and we just did for john doe, (id=12345), born on 1986-10-02 in Paris, TX (do you remember nastasia kinski? :-)) on front end there is list of players and you click on john doe's name and the page will show submitted data. what if we, together with storing john doe data into mysql, create html page 12345.html with all his data. and actually, when visitor clicks on his name on the list of players it will not open player.php?id=12345 then 12345.html? this page will download faster, right? downside, depending of type of the website, it could be thousands and thousands of pages, but still...? to edit john doe page, the administrator (in admin area) will pull the data from mysql, do the changes and submit new ones to mysql and overwrite 12345.html page. now, what's bad with this structure? what am I thinking wrong? thanks ll I've seen CMS's do this kind of thing before, and really you only have an advantage if you are getting lots and lots (think many thousands) of visitors a day. The overhead isn't all that large and the user won't even notice it. The advantage to having the site done only in PHP/MySQL is that should you decide to add elements to the site in the future, with a CMS driven site it's much easier than having to edit the part of the CMS that is outputting the HTML files and then making it run through an re-create each and every page, which will be very slow each time you have to do it. Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php right. I forgot about banners, advertising, and other stuff around main data. these will be static too... yup... stupid idea... :-)
Re: [PHP] Re: redoing website after 7 years
From: Al n...@ridersite.org To: php-general@lists.php.net Sent: Thursday, January 8, 2009 11:50:26 AM Subject: [PHP] Re: redoing website after 7 years Lamp Lists wrote: hi guys, I did php/mysql based website for one my client 7 years ago, in time when register_globals was on by default. hosting company upgraded server to php5/mysql5 and turned globals off. the site is doesn't work any more. I can define globals on again in .htaccess but rather not because it could be a big risk. to work again I have to spend a lot of hours to modify the code. boring job. but, I'm more concern does client has to pay the changes/upgrade or it's still my obligation? anybody had similar experience? thanks for any help. ll What's the magnitude of the problem? Are there a handful of files that need fixing or hundreds? i think there is 10-15 hrs of work. at least.
Re: [PHP] redoing website after 7 years
I think I did code well (everybody can say the code is 100% proof - until get hacked ;-)) and never, for these 7 years had problems. And I'm sure the site will be just ok if I switch register_globals back to On through .htaccess. Actually, I offered the client 3 options: 1. redo the website (after 7 years, it's really time to do that :-)); 2. fix the code but keep the site the same; 3. change .htaccess. the site will work just fine; though, I also think, if you built your code with register_globals on several years ago, you are still in a danger. Big or small, depends on your code, but still in risky group. right? anyway, the client was really understandable and we are going most likely to build new website. thanks for opinions and help. ll From: Jim Lucas li...@cmsws.com To: Robert Cummings rob...@interjinn.com Cc: Nathan Rixham nrix...@gmail.com; Richard Heyes rich...@php.net; lamp.li...@yahoo.com; php-general@lists.php.net php-general@lists.php.net Sent: Thursday, January 8, 2009 10:51:32 AM Subject: Re: [PHP] redoing website after 7 years Robert Cummings wrote: On Wed, 2009-01-07 at 16:16 -0800, Jim Lucas wrote: Nathan Rixham wrote: Richard Heyes wrote: but, I'm more concern does client has to pay the changes/upgrade or it's still my obligation? Of course you charge him. Christ if I was expected to maintain stuff gratis that I wrote 7 years ago I'd be mullahed. concurred, personally I'd be tempted to offer to find or indeed resetup on an old server if they could find one for free, but as for upgrading certainly quote/charge. If one was to go this route, then why not just use a .htaccess file and turn on register_globals and call it good? I mean really, the customer would be in no greater risk then what they had been for the last 7 years. Reason being, nothing else has changed about the script. If their is an exploit in the script now, then their was an exploit in the past. I realize that I am going against what I preach here. But really, the ISP isn't going to pay for it. The own isn't going to want to pay for it. Can't squeeze blood from a turnip... What if the turnip is the programmer? In this case, it wouldn't be. If the programmer designed an insecure web site 7 years ago then the programmer should be responsible for making the application secure. That was part of his/her job in the beginning. Nobody said it's insecure... only that register globals was used as a feature, a feature at one point touted as useful to the PHP language. As has been mentioned previously, register globals is not real culprit of insecurity in this context, the real culprit is poor programming while using register globals... unfortunately such programming was common thus requiring a strong antidote... namely the downstream removal of support for the feature. I didn't mean to imply that the programmer did build an insecure app. I said if the programmer designed and insecure web site. If the designer didn't build an insecure app, then it wont hurt a thing to turn on register_globals and just go back to the way it was before the ISP upgraded. I mean, sure when I first started designing/building web sites I thought I was doing the right thing most of the time. If two years down the road I had a moment of clarity and I realized that I had been doing something wrong or in-secure for the past two years (which I've done) then I would go back and tell the customer that I did something wrong or in-secure and I would fix it for free. Ahhh... but this presumes the programmer did something wrong. That has not yet been determined. All we know is that globals were used, not that they were necessarily used incorrectly. I didn't say that, nor did I mean to imply that. I was talking about my experiences. Thia is part of my responsibility as a designer With that said, I would image that over the past 7 years, if the site has not been exploited, then I would think that by turning register_globals back on would be of no concern. To me, all the above sounds logical. If I am missing something, please point it out. Duly pointed out ;) Cheers, Rob. So, here is how I would summarize all the above. Whether or not the programmer used the feature register_globals isn't of concern. Whether the programmer designed and insecure app is the concern. ?php $APP_SECURE = (app is secure?); // Boolean: TRUE, FALSE if ( $APP_SECURE ) { print('Turn on register_globals and call the job done.'); } else { print('Fix, at no cost, what you designed insecurely.'); } ? -- Jim Lucas Some men are born to greatness, some achieve greatness, and some have greatness thrust upon them. Twelfth Night, Act II, Scene V by William Shakespeare -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] redoing website after 7 years
From: Jim Lucas li...@cmsws.com To: Robert Cummings rob...@interjinn.com Cc: Nathan Rixham nrix...@gmail.com; Richard Heyes rich...@php.net; lamp.li...@yahoo.com; php-general@lists.php.net php-general@lists.php.net Sent: Thursday, January 8, 2009 10:51:32 AM Subject: Re: [PHP] redoing website after 7 years Robert Cummings wrote: On Wed, 2009-01-07 at 16:16 -0800, Jim Lucas wrote: Nathan Rixham wrote: Richard Heyes wrote: but, I'm more concern does client has to pay the changes/upgrade or it's still my obligation? Of course you charge him. Christ if I was expected to maintain stuff gratis that I wrote 7 years ago I'd be mullahed. concurred, personally I'd be tempted to offer to find or indeed resetup on an old server if they could find one for free, but as for upgrading certainly quote/charge. If one was to go this route, then why not just use a .htaccess file and turn on register_globals and call it good? I mean really, the customer would be in no greater risk then what they had been for the last 7 years. Reason being, nothing else has changed about the script. If their is an exploit in the script now, then their was an exploit in the past. I realize that I am going against what I preach here. But really, the ISP isn't going to pay for it. The own isn't going to want to pay for it. Can't squeeze blood from a turnip... What if the turnip is the programmer? In this case, it wouldn't be. If the programmer designed an insecure web site 7 years ago then the programmer should be responsible for making the application secure. That was part of his/her job in the beginning. Nobody said it's insecure... only that register globals was used as a feature, a feature at one point touted as useful to the PHP language. As has been mentioned previously, register globals is not real culprit of insecurity in this context, the real culprit is poor programming while using register globals... unfortunately such programming was common thus requiring a strong antidote... namely the downstream removal of support for the feature. I didn't mean to imply that the programmer did build an insecure app. I said if the programmer designed and insecure web site. If the designer didn't build an insecure app, then it wont hurt a thing to turn on register_globals and just go back to the way it was before the ISP upgraded. I mean, sure when I first started designing/building web sites I thought I was doing the right thing most of the time. If two years down the road I had a moment of clarity and I realized that I had been doing something wrong or in-secure for the past two years (which I've done) then I would go back and tell the customer that I did something wrong or in-secure and I would fix it for free. Ahhh... but this presumes the programmer did something wrong. That has not yet been determined. All we know is that globals were used, not that they were necessarily used incorrectly. I didn't say that, nor did I mean to imply that. I was talking about my experiences. Thia is part of my responsibility as a designer With that said, I would image that over the past 7 years, if the site has not been exploited, then I would think that by turning register_globals back on would be of no concern. To me, all the above sounds logical. If I am missing something, please point it out. Duly pointed out ;) Cheers, Rob. So, here is how I would summarize all the above. Whether or not the programmer used the feature register_globals isn't of concern. Whether the programmer designed and insecure app is the concern. ?php $APP_SECURE = (app is secure?); // Boolean: TRUE, FALSE if ( $APP_SECURE ) { print('Turn on register_globals and call the job done.'); } else { print('Fix, at no cost, what you designed insecurely.'); } ? -- Jim Lucas Some men are born to greatness, some achieve greatness, and some have greatness thrust upon them. Twelfth Night, Act II, Scene V by William Shakespeare -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php sorry for top-posting in my previous email. errarer humanum est! :-) ll
[PHP] redoing website after 7 years
hi guys, I did php/mysql based website for one my client 7 years ago, in time when register_globals was on by default. hosting company upgraded server to php5/mysql5 and turned globals off. the site is doesn't work any more. I can define globals on again in .htaccess but rather not because it could be a big risk. to work again I have to spend a lot of hours to modify the code. boring job. but, I'm more concern does client has to pay the changes/upgrade or it's still my obligation? anybody had similar experience? thanks for any help. ll
Re: [PHP] redoing website after 7 years
From: Stuart stut...@gmail.com To: lamp.li...@yahoo.com Cc: php-general@lists.php.net Sent: Wednesday, January 7, 2009 8:29:48 AM Subject: Re: [PHP] redoing website after 7 years 2009/1/7 Lamp Lists lamp.li...@yahoo.com: hi guys, I did php/mysql based website for one my client 7 years ago, in time when register_globals was on by default. hosting company upgraded server to php5/mysql5 and turned globals off. the site is doesn't work any more. I can define globals on again in .htaccess but rather not because it could be a big risk. The first point to make is that the risk is no higher now than it has been for the previous 7 years. Register_globals is not inherently insecure, it's the way people code their scripts which makes it open to abuse. to work again I have to spend a lot of hours to modify the code. boring job. but, I'm more concern does client has to pay the changes/upgrade or it's still my obligation? anybody had similar experience? Personally I'd tell the client that the host has upgraded the server software which has broken the site. It needs work and they need to pay for it. If they object tell them you can work around the issue but it means potentially exposing the site to potentially fatal security risks. -Stuart -- thanks guys for your opinions. you gave me good points to talk to client :-) -ll
Re: [PHP] what's the difference in the following code?
- Original Message From: tedd [EMAIL PROTECTED] To: Lamp Lists [EMAIL PROTECTED]; php-general@lists.php.net Sent: Monday, October 20, 2008 8:25:50 AM Subject: Re: [PHP] what's the difference in the following code? At 10:58 AM -0700 10/17/08, Lamp Lists wrote: I'm reading Essential PHP Security by Chris Shiflett. on the very beginning, page 5 6, if I got it correct, he said this is not good: $search = isset($_GET['search']) ? $_GET['search'] : ''; and this is good: $search = ''; if (isset($_GET['search'])) { $search = $_GET['search']; } what's the difference? I really can't see? to me is more the way you like to write your code (and I like the top one :-) )? thanks. -ll The problem here is you have to read and understand what the author is trying to say. Chris is NOT saying that there is a difference between these two forms of code. He is saying that one hides the fact that the variable ($search) is tainted while the other makes it more obvious. The whole point of the first few pages is to show you how a variable can be tainted and how you can minimize that by following some very simple rules, one of which was simplicity, which you had problems following. With just a little reading, you could have answered your own question. Cheers, tedd how it's so obvious? I can't see it either? -ll PS: I'm back -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: [PHP] what's the difference in the following code?
- Original Message From: tedd [EMAIL PROTECTED] To: php-general@lists.php.net Sent: Monday, October 20, 2008 4:15:02 PM Subject: Re: [PHP] what's the difference in the following code? At 10:12 AM -0400 10/20/08, Daniel Brown wrote: On Mon, Oct 20, 2008 at 10:02 AM, tedd [EMAIL PROTECTED] wrote: I hate it when people take things out of context and misquote others. Chris did not say that one way was better, or different, than the other. But rather he used two sets of code to illustrate a point. Welcome back, Grum-pa. Glad to see you're willing to flame people whose first language is not English. ;-P If he wanted my advice in a different language, then he should have asked his question in that language. That way I could have ignored him in mine. Besides, I'm not flaming in his language, so that should balance out. In this case, the introduction chapter of Chris' PHP Security clearly states several things one can do to simplify the task of security. One of which is to understand that the way you code can hide tainted variables. Chris illustrated his tainted point by asking the reader to compare these two structures: [1] $search = isset($_GET['search']) ? $_GET['search'] : ''; [2] $search = ''; if (isset($_GET['search'])) { $search = $_GET['search']; } He ALSO said that: -- quote The approach is identical, but one line draws in particular nows draws much attention: $search = $_GET['search']; Without altering the logic in any way, it is now more obvious whether $search is tainted and under what conditions. -- un-quote Now, instead of the OP getting the point the OP flies off on a tangent asking us what's the difference in the following code? and of course the answer is There is no difference. BUT, Chris didn't say there was, as was implied by the OP in his post. Sure I can understand language problems, but this thread was started because the OP couldn't understand a simple concept that was stated in less than ten (10) sentences. Our collective replies amounted to more lines than that -- with the obvious language problems the OP has with the written word, who knows what the OP thinks now. But the point is that Chris did not say there WAS a difference as was implied by the OP -- and that was my point. some people just CAN'T understand there are some barriers in languages that could cause misunderstanding. true, I didn't understand chris' statement correctly and now, after tedd's explanation is clear to me. and I thank to him. though, I hate it (as sombody said) when I always regret to post question and ask for help because of those arrogant php masters. if you didn't uderstand, and most likely you didn't, I asked because I had a problem and asked for help. not to be smart or flame something. I didn't understand. But you don't KNOW how to answer to people without killing them or at least slap them. and using some local shortcuts (OP ?!?) could be rather annoying? -ll Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
[PHP] what's the difference in the following code?
I'm reading Essential PHP Security by Chris Shiflett. on the very beginning, page 5 6, if I got it correct, he said this is not good: $search = isset($_GET['search']) ? $_GET['search'] : ''; and this is good: $search = ''; if (isset($_GET['search'])) { $search = $_GET['search']; } what's the difference? I really can't see? to me is more the way you like to write your code (and I like the top one :-) )? thanks. -ll __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
[PHP] calling functions from one or multiple files
Hi, Right now I use one file, usually called functions.php, with all functions I'm going to use most likely on every page. Then, I create each function I'm going to use once in a while as separate file. Pro: I would include a function when I'm going to use. Con: I have to write extra include line to call function. And have bunch of files (functions) in function folder. I was talking to co-workers few days ago and they said I complicate my life to much and putting ALL functions in one file is just fine and I'll not be able to see difference in real situations. True? -ll
[PHP] does function extract() trim?
do not laugh, but I discovered today function extract(); :D before I used: foreach ($array as $key = $value) { ${$key} = trim($value); } though, trimming $value is kind of important to me and I would like to know if extract trims too? thanks. -ll Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] does function extract() trim?
- Original Message From: Stut [EMAIL PROTECTED] To: Lamp Lists [EMAIL PROTECTED] Cc: php General list php-general@lists.php.net Sent: Friday, March 28, 2008 4:02:27 PM Subject: Re: [PHP] does function extract() trim? On 28 Mar 2008, at 20:59, Lamp Lists wrote: do not laugh, but I discovered today function extract(); :D before I used: foreach ($array as $key = $value) { ${$key} = trim($value); } though, trimming $value is kind of important to me and I would like to know if extract trims too? No, but you can use http://php.net/array_map to do the trim before using extract. -Stut -- http://stut.net/ function trim_array($array_element) { $array_element = trim($array_element); return $array_element; } $myArray = array_map(trim_array, $myArray); extract($myArray); hm?!? my way is shorter! :D -ll Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: [PHP] does function extract() trim?
- Original Message From: Stut [EMAIL PROTECTED] To: Lamp Lists [EMAIL PROTECTED] Cc: php General list php-general@lists.php.net Sent: Friday, March 28, 2008 4:22:25 PM Subject: Re: [PHP] does function extract() trim? On 28 Mar 2008, at 21:14, Lamp Lists wrote: - Original Message From: Stut [EMAIL PROTECTED] To: Lamp Lists [EMAIL PROTECTED] Cc: php General list php-general@lists.php.net Sent: Friday, March 28, 2008 4:02:27 PM Subject: Re: [PHP] does function extract() trim? On 28 Mar 2008, at 20:59, Lamp Lists wrote: do not laugh, but I discovered today function extract(); :D before I used: foreach ($array as $key = $value) { ${$key} = trim($value); } though, trimming $value is kind of important to me and I would like to know if extract trims too? No, but you can use http://php.net/array_map to do the trim before using extract. -Stut -- http://stut.net/ function trim_array($array_element) { $array_element = trim($array_element); return $array_element; } $myArray = array_map(trim_array, $myArray); extract($myArray); hm?!? my way is shorter! :D Only if you over-complicate it. extract(array_map('trim', $myArray)); -Stut TOUCHE! :D I like your way. Thanks Stut! -ll You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost. http://tc.deals.yahoo.com/tc/blockbuster/text5.com
Re: [PHP] loosing session in new window (IE only) [SOLVED]
this is happening when Security on IE (internet options) is on levels High or Block all cookies.. most likely there is a solution to fix this but I think (in my case) is not worth and it's much easier to tell client (their administrator) to trust the world a little bit more :D thanks for all posts. -ll - Original Message From: Stefan Langwald [EMAIL PROTECTED] To: php-general@lists.php.net Sent: Wednesday, March 26, 2008 9:20:33 AM Subject: Re: [PHP] loosing session in new window (IE only) href=person.php?id=123SESSIONID=... maybe.. ev0l but works.. 2008/3/26, Lamp Lists [EMAIL PROTECTED]: --- Richard Lynch [EMAIL PROTECTED] wrote: On Tue, March 25, 2008 4:07 pm, Lamp Lists wrote: - Original Message From: Andrew Ballard [EMAIL PROTECTED] To: PHP General list php-general@lists.php.net Sent: Tuesday, March 25, 2008 3:41:35 PM Subject: Re: [PHP] loosing session in new window (IE only) On Tue, Mar 25, 2008 at 3:49 PM, Lamp Lists [EMAIL PROTECTED] wrote: hi, i have a list of people on one page. each row, on the end has link a href=person.php?id=123 target=_blankview details/a. it's requested to open detail page in new window. very few people complained they can't open detail page. all of them use IE. I wasn't able to reproduce the error, though using GoToMeeting I was able to look while customer was doing it. I put session info on screen to see what's going on and found that new window doesn't have session info from old window?!? like, new window - new session. does anybody knows anything about this? thanks. -ll If they open a new window by clicking on IE (say, on the desktop, the QuickLaunch bar, or the Start menu), Windows actually opens a new, totally separate process of IE along side the first. The new one will share any persistent cookies with the first, since they are written to the file system, but sessions do not usually use persistent cookies. As long as your users are opening the new window by clicking a link or by pressing Ctrl+N from the first window, the session information *should* remain in tact. Andrew should - but don't :D you're right and I understand opening new window from desktop starts new process, but this is happening after visitor hits the link detail view and that is confusing :( WILD GUESS ALERT! Perhaps the MS version of open popup in new tab/window is to start a whole new process? -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php exactly. now, what would be my solution to keep session info in new window? -ll Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Mit freundlichen Grüßen Stefan Langwald Special deal for Yahoo! users friends - No Cost. Get a month of Blockbuster Total Access now http://tc.deals.yahoo.com/tc/blockbuster/text3.com
Re: [PHP] loosing session in new window (IE only)
- Original Message From: Hélio Rocha [EMAIL PROTECTED] To: Lamp Lists [EMAIL PROTECTED] Sent: Wednesday, March 26, 2008 5:14:40 AM Subject: Re: [PHP] loosing session in new window (IE only) If u open the link in the same window, what's the behaviour? On Tue, Mar 25, 2008 at 7:49 PM, Lamp Lists [EMAIL PROTECTED] wrote: hi, i have a list of people on one page. each row, on the end has link a href=person.php?id=123 target=_blankview details/a. it's requested to open detail page in new window. very few people complained they can't open detail page. all of them use IE. I wasn't able to reproduce the error, though using GoToMeeting I was able to look while customer was doing it. I put session info on screen to see what's going on and found that new window doesn't have session info from old window?!? like, new window - new session.. does anybody knows anything about this? thanks. -ll Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping Works fine. No problems. Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: [PHP] loosing session in new window (IE only)
- Original Message From: Hélio Rocha [EMAIL PROTECTED] To: Lamp Lists [EMAIL PROTECTED] Sent: Wednesday, March 26, 2008 5:14:40 AM Subject: Re: [PHP] loosing session in new window (IE only) If u open the link in the same window, what's the behaviour? On Tue, Mar 25, 2008 at 7:49 PM, Lamp Lists [EMAIL PROTECTED] wrote: hi, i have a list of people on one page. each row, on the end has link a href=person.php?id=123 target=_blankview details/a. it's requested to open detail page in new window. very few people complained they can't open detail page. all of them use IE. I wasn't able to reproduce the error, though using GoToMeeting I was able to look while customer was doing it. I put session info on screen to see what's going on and found that new window doesn't have session info from old window?!? like, new window - new session.. does anybody knows anything about this? thanks. -ll Also, forgot one thing: it's not happening to everybody. Just few people. Just few IE users. ?!?!?!? -ll Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: [PHP] loosing session in new window (IE only)
--- Richard Lynch [EMAIL PROTECTED] wrote: On Tue, March 25, 2008 4:07 pm, Lamp Lists wrote: - Original Message From: Andrew Ballard [EMAIL PROTECTED] To: PHP General list php-general@lists.php.net Sent: Tuesday, March 25, 2008 3:41:35 PM Subject: Re: [PHP] loosing session in new window (IE only) On Tue, Mar 25, 2008 at 3:49 PM, Lamp Lists [EMAIL PROTECTED] wrote: hi, i have a list of people on one page. each row, on the end has link a href=person.php?id=123 target=_blankview details/a. it's requested to open detail page in new window. very few people complained they can't open detail page. all of them use IE. I wasn't able to reproduce the error, though using GoToMeeting I was able to look while customer was doing it. I put session info on screen to see what's going on and found that new window doesn't have session info from old window?!? like, new window - new session. does anybody knows anything about this? thanks. -ll If they open a new window by clicking on IE (say, on the desktop, the QuickLaunch bar, or the Start menu), Windows actually opens a new, totally separate process of IE along side the first. The new one will share any persistent cookies with the first, since they are written to the file system, but sessions do not usually use persistent cookies. As long as your users are opening the new window by clicking a link or by pressing Ctrl+N from the first window, the session information *should* remain in tact. Andrew should - but don't :D you're right and I understand opening new window from desktop starts new process, but this is happening after visitor hits the link detail view and that is confusing :( WILD GUESS ALERT! Perhaps the MS version of open popup in new tab/window is to start a whole new process? -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php exactly. now, what would be my solution to keep session info in new window? -ll Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] losing session in new window (IE only) [WAS: loosing...]
- Original Message From: Paul Novitski [EMAIL PROTECTED] To: php-general@lists.php.net Sent: Tuesday, March 25, 2008 3:05:43 PM Subject: Re: [PHP] losing session in new window (IE only) [WAS: loosing...] At 3/25/2008 12:49 PM, Lamp Lists wrote: i have a list of people on one page. each row, on the end has link a href=person.php?id=123 target=_blankview details/a. it's requested to open detail page in new window. very few people complained they can't open detail page. all of them use IE. Try putting the attribute values in double quotes and see if that helps: a href=person.php?id=123 target=_blankview details/a How does your page validate? http://validator.w3.org/ Regards, Paul hi paul, nope. quotes are not an issue. I'm going to validate the page - I'll post results. -ll Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
[PHP] loosing session in new window (IE only)
hi, i have a list of people on one page. each row, on the end has link a href=person.php?id=123 target=_blankview details/a. it's requested to open detail page in new window. very few people complained they can't open detail page. all of them use IE. I wasn't able to reproduce the error, though using GoToMeeting I was able to look while customer was doing it. I put session info on screen to see what's going on and found that new window doesn't have session info from old window?!? like, new window - new session. does anybody knows anything about this? thanks. -ll Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
Re: [PHP] loosing session in new window (IE only)
- Original Message From: Andrew Ballard [EMAIL PROTECTED] To: PHP General list php-general@lists.php.net Sent: Tuesday, March 25, 2008 3:41:35 PM Subject: Re: [PHP] loosing session in new window (IE only) On Tue, Mar 25, 2008 at 3:49 PM, Lamp Lists [EMAIL PROTECTED] wrote: hi, i have a list of people on one page. each row, on the end has link a href=person.php?id=123 target=_blankview details/a. it's requested to open detail page in new window. very few people complained they can't open detail page. all of them use IE. I wasn't able to reproduce the error, though using GoToMeeting I was able to look while customer was doing it. I put session info on screen to see what's going on and found that new window doesn't have session info from old window?!? like, new window - new session. does anybody knows anything about this? thanks. -ll If they open a new window by clicking on IE (say, on the desktop, the QuickLaunch bar, or the Start menu), Windows actually opens a new, totally separate process of IE along side the first. The new one will share any persistent cookies with the first, since they are written to the file system, but sessions do not usually use persistent cookies. As long as your users are opening the new window by clicking a link or by pressing Ctrl+N from the first window, the session information *should* remain in tact. Andrew should - but don't :D you're right and I understand opening new window from desktop starts new process, but this is happening after visitor hits the link detail view and that is confusing :( Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: [PHP] Double click problem
the way I solved the click back button issue (simplified vresion): confirmation page (conf.php) - transfer page (tp.php) - thank you page (typ.php) #conf.php # after the form is submitted and confirmed header('location: tp.php?url=typ.php'); exit; #tp.php header('location:$_GET['url']); exit; and, if visitor clicks on back button on thakyou page he will go actually to the transfer page - which will send him back to thankyou page ;) -ll - Original Message From: tedd [EMAIL PROTECTED] To: php-general@lists.php.net Sent: Wednesday, March 19, 2008 11:43:06 AM Subject: Re: [PHP] Double click problem At 4:19 PM + 3/19/08, Richard Heyes wrote: tedd wrote: // ... Your first (and the quickest by far) method to employ would be to disable the submit button using Jabbascript when the form is submitted. That will stop the vast majority of occurrences. You could also employ an intermediary page which actually does the card processing and when complete redirects to the thank you page. ie. Form -- Please wait... page -- Thank you page That's in place. The person clicks the confirm purchase and they are taken to a confirm and thank you page. The problem here is two fold -- 1) clicking the confirm purchasebutton twice, which I think js will stop; 2) and clicking the back-button which the token should stop. Now, I just need to develop a test for this. Sometime writing a test is more of a problem than writing the solution. Thanks for everyone's help. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
Re: [PHP] php book
opinions of good book is almost the same as opinion of good car. I can suggest you to go to barnes and noble or borders or any other bookstore, buy cup of coffee or tea, grab all php books from shelf and read some chapters. you are no going to learn anything, rather to compare styles. some authors use a lot of code, some to much code, some explain to details some throw just links where to find more info, some explain functions with examples, some just in general... you know what I mean. spend 2-3 hours going through the books and then pick one you like (the style) the most. my 2 cents. -ll - Original Message From: alexus [EMAIL PROTECTED] To: php-general@lists.php.net Sent: Wednesday, March 19, 2008 9:50:23 AM Subject: [PHP] php book what book would you guys suggest for someone who's new and wants to learn php? -- http://alexus.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: [PHP] Double click problem
- Original Message From: Eric Butera [EMAIL PROTECTED] To: Lamp Lists [EMAIL PROTECTED] Cc: tedd [EMAIL PROTECTED]; php-general@lists.php.net Sent: Thursday, March 20, 2008 11:00:19 AM Subject: Re: [PHP] Double click problem On Thu, Mar 20, 2008 at 10:39 AM, Lamp Lists [EMAIL PROTECTED] wrote: the way I solved the click back button issue (simplified vresion): confirmation page (conf.php) - transfer page (tp.php) - thank you page (typ.php) #conf.php # after the form is submitted and confirmed header('location: tp.php?url=typ.php'); exit; #tp.php header('location:$_GET['url']); exit; and, if visitor clicks on back button on thakyou page he will go actually to the transfer page - which will send him back to thankyou page ;) -ll - Original Message From: tedd [EMAIL PROTECTED] To: php-general@lists.php.net Sent: Wednesday, March 19, 2008 11:43:06 AM Subject: Re: [PHP] Double click problem At 4:19 PM + 3/19/08, Richard Heyes wrote: tedd wrote: // ... Your first (and the quickest by far) method to employ would be to disable the submit button using Jabbascript when the form is submitted. That will stop the vast majority of occurrences. You could also employ an intermediary page which actually does the card processing and when complete redirects to the thank you page. ie. Form -- Please wait... page -- Thank you page That's in place. The person clicks the confirm purchase and they are taken to a confirm and thank you page. The problem here is two fold -- 1) clicking the confirm purchasebutton twice, which I think js will stop; 2) and clicking the back-button which the token should stop. Now, I just need to develop a test for this. Sometime writing a test is more of a problem than writing the solution. Thanks for everyone's help. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping Allowing unscrubbed user data in a header is a really bad idea. - http://en.wikipedia.org/wiki/HTTP_response_splitting - http://www.owasp.org/index.php/Open_redirect I agree with you to use exactly this way is bad idea. But, as I said on the begining of my post it's simplified version, to get my point. My code on tp.php actually use sveral validations before forward to thank you page :D -ll Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
[PHP] why use {} around vraiable?
hi, I saw several times that some people use this $parameters = array( 'param1' = {$_POST[param1]}, 'param2' = {$_POST[param2]} ); or $query = mysql_query(SELECT * FROM table1 WHERE id='{$session_id}'); I would use: $parameters = array( 'param1' = $_POST[param1], 'param2' = $_POST[param2] ); and $query = mysql_query(SELECT * FROM table1 WHERE id=' .$session_id. ' ); does it really matter? is there really difference or these are just two styles? thanks. -ll Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: [PHP] why use {} around vraiable?
- Original Message From: Nathan Nobbe [EMAIL PROTECTED] To: Lamp Lists [EMAIL PROTECTED] Cc: php-general@lists.php.net Sent: Thursday, March 20, 2008 11:35:42 AM Subject: Re: [PHP] why use {} around vraiable? On Thu, Mar 20, 2008 at 12:22 PM, Lamp Lists [EMAIL PROTECTED] wrote: hi, I saw several times that some people use this $parameters = array( 'param1' = {$_POST[param1]}, 'param2' = {$_POST[param2]} ); or $query = mysql_query(SELECT * FROM table1 WHERE id='{$session_id}'); I would use: $parameters = array( 'param1' = $_POST[param1], 'param2' = $_POST[param2] ); and $query = mysql_query(SELECT * FROM table1 WHERE id=' .$session_id. ' ); does it really matter? is there really difference or these are just two styles? the short answer is yes. i think you can find a sufficient explanation here, http://us.php.net/manual/en/language.types.string.php#language.types.string.parsing.simple and here http://us.php.net/manual/en/language.types.string.php#language.types.string.parsing.complex -nathan ok. I got it. actually, my question was about: these two examples $fruits = array('strawberry' = 'red', 'banana' = 'yellow'); echo A banana is {$fruits['banana']}.; echo A banana is . $fruits['banana'] . .; are the same. Though, learned few more other things too :D Thanks guys. -ll Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
[PHP] difference in time
hi to all! on one eZine site, I have to show when the article is posted but as difference from NOW. like posted 32 minutes ago, or posted 5 days ago. is there already sucha php/mysql function? thanks. -ll - Never miss a thing. Make Yahoo your homepage.
Re: [PHP] programming and design fees
--- Per Jessen [EMAIL PROTECTED] wrote: Lamp Lists wrote: now, I didn't have such a big project on side ever. and I by default ALWAY suck in calculations how much time I need for a project and what to charge. I think I need about 120 hrs (3 weeks) to build this baby (without design part). I need your opinion. is it enough time (yes, I know it depends of how fast I program :D Let's say, average fast :)) and what are fees these days for such a project? I lost track. $75/hr is lowest price today or I can't ask more than $50/hr? You can ask whatever you want as long as your customer thinks it's reasonable. (not a joke). That's actually part I'm interested the most :D What is reasonable? Is reasonable for sucha project with complex product catalog and ordering system ask $10K? Given that you're an individual bidding on a single project, you might want to consider fixed price instead of time and materials. I'm not bidding. I did small, simple html web site for them 3 years ago, with 5 pages. Now they want something better, with catalog and admin area. returnig customer :D As for estimates wrt time and effort - if those were available on a mailing-list based on about 30 lines of project description, this list would be full of project managers, all with desperate needs to estimate how long something takes. :-) /Per Jessen, Zürich Thanks Per :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] programming and design fees
--- tedd [EMAIL PROTECTED] wrote: At 7:06 AM -0800 3/8/08, Lamp Lists wrote: That's actually part I'm interested the most :D What is reasonable? Is reasonable for sucha project with complex product catalog and ordering system ask $10K? I think that's reasonable, because I've done similar as you described. I had one client who wanted a site like art.com (don't look now, because it's screwed) and I submitted a bid of $25k. The client asked Isn't that a bit high? and I relied They paid $400k for their name -- you think they went cheap for the back-end? I didn't get the job. I tell clients I charge $50 per hour. Most clients don't mind and hire me. I had one client say I never pay more than $25 per hour -- you will accept that? My answer was Sure, but it will take me twice as long to do anything. The point being that hourly wage doesn't really mean anything. Don't judge the value of your work on the time it takes you, but rather on how well your work works. On most projects, while I make deadlines, I put in many more hours than I bill out. But then again, I love the work. Cheers, tedd I needed to hear this :D :D :D I do not plan to tell the store owner how much hrs I need and what's my rate. as you said, 100hrs x $50/hr or 200hrs x $25/hr - it really doesn't matter. I needed fo myself, to calculate the worth of the job. thanks ted. ;) -afan -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] programming and design fees
hi, maybe my question is not exactly for php list, but since php IS involved and since you are such a great people, I hope the question will not disturb you :D I have a project for one electric wholesale store to build a web site. it has to be dynamic, php, database driven web site. it will have standard pages (news, links, about us, history, contact us, contact form, faq, business partners,...) and product catalog. my client wants to have ability to have different prices for the same product for different customers. means, when you come to the site you are going to see public prices. after customer logs in he's going to see some products with different price. customers (only registered ones) will be able to select products and create an order. of course, after he submits, he's going to get confirmation email, and one email will be sent to store etc. payment is not involved, the store will charge them later, probably monthly or something like that (not part of my project). even there is not payments or any other sensitive data will be transfered over the internet, I suggested and the store owner accepted to use login to membership area and ordering process SSL. project has administration area too to change content of the site, add/edit/delete (single) products, add/edit/delete customers. I have to build also script to update products using excel sheet - the easiest way to make update of products for store owner. I think I covered almost everything. there will be some more stuff, but noghtin critical (new customer registration page, manage my profile, order history,...) now, I didn't have such a big project on side ever. and I by default ALWAY suck in calculations how much time I need for a project and what to charge. I think I need about 120 hrs (3 weeks) to build this baby (without design part). I need your opinion. is it enough time (yes, I know it depends of how fast I program :D Let's say, average fast :)) and what are fees these days for such a project? I lost track. $75/hr is lowest price today or I can't ask more than $50/hr? thanks for any advice/help. -lamp - Never miss a thing. Make Yahoo your homepage.