RE: [PHP] Recursion to sanitize user input
Simple your code should look like this:
...
if ( is_array($userInput) )
{
foreach ( $userInput as $key = $value )
{
return sanitize( $value ); // needed to return it or
else its not recurssive
}
}
else
{
...
.
Should work, not tested.
Best,
Yoed
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, October 08, 2004 5:15 PM
To: [EMAIL PROTECTED]
Subject: [PHP] Recursion to sanitize user input
I'm trying to sanitize my user input. My sanitize function does not work if
I send a variable that's an array. I'm using recursion to go through the
array. The example below shows that $_POST['city'] works but $_POST['user']
doesn't work. The array comes back blank.
Anyone see what's wrong with my code?
OUTPUT:
Array
(
[city] = New York
[user] =
)
CODE:
?php
function sanitize($userInput = '')
{
if ( is_array($userInput) )
{
foreach ( $userInput as $key = $value )
{
sanitize( $value );
}
}
else
{
if ( get_magic_quotes_gpc() )
{
return trim( $userInput );
}
else
{
return trim( addslashes($userInput) );
}
}
}
$_POST['city'] = 'New York';
$_POST['user']['firstName'] = 'Bob';
$_POST['user']['lastName'] = 'Smith';
$_POST['user']['country'] = 'USA';
foreach ( $_POST as $key = $value )
{
$_POST[$key] = sanitize( $value );
}
echo 'pre';
echo print_r($_POST);
echo '/pre';
?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Need some ideas
Of course! Brilliant - why didn't I think of building my own parser from the
ground up? ;-)
Thanks though, this is definitely a starting point.
Thanks,
Yoed
-Original Message-
From: Curt Zirzow [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 28, 2004 10:13 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] Need some ideas
* Thus wrote Yoed Anis:
Hi guys,
OK I need some ideas.
Somebody created the stupidest XML file I've ever seen. And of
course
they can't change it, and I *must* be able to read it. I'm all out of
brain power on thinking how to go about reading it. I typically use
simplexml to read xml and that's where my knowledge end.
Heres the problem:
Catalog
Rate
RateCode1/RateCode
RateCurrencyUSDRateCurrency
RateValue123/RateValue
/Rate
RateDescription
DescThis is dumn/Desc
/RateDescription
I've seen worse :)
You'll have to set up a class that can keep track of the state of your xml
file:
class StupidCatalog {
var $code = 0;
var $current = 'USD';
var $value = '';
var $description = array();
}
class StupidCatalogParser {
var $catalog; // Collection of rates
var $current_catalog; // building this one
var $state;// tag we're working on
function startElement($parser, $name, $attr) {
$this-state = $name;
switch($name) {
case 'Rate':
// start working on a new
$this-current_catalog = new StupidCatalog();
break;
//...
}
}
function endElement($parser, $name) {
if($name == 'Rate') {
// reference is important.
$this-catalog[] = $this-current_catalog;
}
}
function elementData($parser, $data) {
switch ($this-state) {
case 'RateDescription':
// tricky...
$this-current_catalog-{$this-state}[] = $data;
break;
case 'RateCode': // passthrough
case 'RateValue': // and the rest...
// more tricky...
$this-current_cataglog-{$this-state} = $data;
break;
}
}
Just create a new StupidCatalogParser() and assign the methods to the
appropriate call backs in http://php.net/xml
btw, the above is untested and only theory :)
HTH,
Curt
--
The above comments may offend you. flame at will.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Need some ideas
Hi guys, OK I need some ideas. Somebody created the stupidest XML file I've ever seen. And of course they can't change it, and I *must* be able to read it. I'm all out of brain power on thinking how to go about reading it. I typically use simplexml to read xml and that's where my knowledge end. Heres the problem: Catalog Rate RateCode1/RateCode RateCurrencyUSDRateCurrency RateValue123/RateValue /Rate RateDescription DescThis is dumn/Desc /RateDescription RateDescription DescNo reall reall dumb/Desc /RateDescription Rate RateCode1322/RateCode RateCurrencyUSDRateCurrency RateValue123/RateValue /Rate RateDescription DescSometimes one description, othertimes many/Desc /RateDescription and on and on /Catalog As you can see there is no hierachy to a RateDescription, its not part of Rate (nested in it) and many RateDescriptions can follow the same Rate. However, as the eye can tell the RateDescption(s) apply to the Rate element above. The problem is I can never know how many there are (if any) for a Rate. Any ideas how to go about doing this? Thanks, Yoed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Need some ideas
Well, that is one approach. how about ignoring them? :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] how to concatenate php variables in mysql query
Luke,
MySQL has a built in CONCAT function. This will concat two strings togther.
In your example it would look like telephone_number = CONCAT('$telcode',
'$telnumber') ...
See the MySQL manual for more info on the concat function. Of course using
this function will force the data to be a string.
Yoed
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 22, 2004 7:47 AM
To: Jay Blanchard; [EMAIL PROTECTED]
Subject: Re: [PHP] how to concatenate php variables in mysql query
here is the whole query:
$query = INSERT INTO inmarsat_comp SET date_added=NOW(), prefix='$prefix',
firstname='$firstname', lastname='$lastname', job_title='$jobtitle',
company_name='$company',
no_of_employees='$employees',address_1='$address1',address_2='$address2',
address_3='$address3', town='$town', county ='$county',
postcode='$postcode', country ='$country',
telephone_number='$telcode.$telnumber',
fax_number='$faxcode.$faxnumber', email='$email', enterprise='$enterprises',
optin_thirdparty='$distribute', optin_news='$market';
only the telcode gets inserted.
many thanks,
luke m
Jay Blanchard [EMAIL PROTECTED] wrote:
[snip]
telphone number =$telcode.$telnumber'
but only the telcode gets written to the database.
[/snip]
There is not enough here to know for sure (I am betting this is part
of a query), but if your code looks like the above you are missing a
single quote after the =. Now, if you enclose the variables in the
single quotes without other manipulation it will probably not work as
expected. Can we see the whole query?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Secure SOAP connections
From my experience some enterprise level systems do this. As long as you use https and a user/pass combo though I don't see what the problem is. You can always create a server-side login mechanism that will associate an id with the client and automaticaly expire after 30 minutes or so as well. Best, Yoed -Original Message- From: Yann Larrivée [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 22, 2004 7:03 PM To: PHP General Subject: [PHP] Secure SOAP connections Hi, The subject says it all. I want to secure soap connection to my framework. How would you guys do it ? I tought of passing everything on a different port with a SSL connection + an key (sort of a PHP SESSION) that is given after a correct authentification (user, password) and expire after 30 minutes.. What do you guys think of this ? The idea is to develop a PHP-GTK and soap software base on some existing framework. Thanks. Yann -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] How do I send XML attributes via Soap?
Hi, I'm having trouble sending a request containing XML attributes in a soap request. I don't know how to go about doing it. Previously to pass XML as a soap request from my client to the server I would go throw the following steps: (1) Create the XML string. (i.e xmlstr = XML propertiesproperty id = 10/property/properties XML;) (2) Than I would make it an xml object: $xml = simplexml_load_string($xmlstr); (3) Next convert it to an xml complex type for the server $xml1 = new SoapVar($xml, SOAP_ENC_OBJECT, xml, http://thenamespace); (4) Send the request: $client-SoapCall(new SoapParam($xml1, )); However when I do a $client-__getLastRequest(), I get: PropertiesProperty/Property/Properties The Property field is coming up blank in the request with no attributes. How would I go about sending it so the attributes are there? Any help would be appreciated. I'm really stumped on this one. Best, Yoed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] simplexml and xpath
For this simple query simple do a call to $item-date to get your time.
If the query is more complex in reality, do a foreach using xpath. See the
example on Xpath at www.php.net/simplexml
Yoed
-Original Message-
From: Matthew Sims [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 21, 2004 1:42 PM
To: [EMAIL PROTECTED]
Subject: [PHP] simplexml and xpath
So I've just recently fallen in love with simplexml. But from what I've
read, is it true that xpath doesn't really work properly?
I'm using an XML file that has a section like this:
item
titleTitle/title
linkLink/link
descriptionDesc/description dc:subjectSubject/dc:subject
dc:date2004-09-20T18:15:00+00:00/dc:date
/item
My sample of my PHP code is:
?php
$library = simplexml_load_file('file.rss');
foreach ($library-item as $item) {
echo $item-xpath('dc:date');
}
?
I just want to get the date. Am I doing xpath incorrectly or does xpath not
currently work properly in PHP5?
--
--Matthew Sims
--http://killermookie.org
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] last entry in mysql
hey guys, quick question I'm having trouble finding an answer too. In a mysql database, how can I select that last row entry. This might be done mins after i put that entry there and i tried to use: $lastid=mysql_insert_id(); to get the last id but to no avail. Thanks Yoed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] thanks
thanks guys it would have taken me forever to discover your tips.
Yoed Anis [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Hey Guys,
I'm having a trouble I can't seem to solve and hoped maybe one of you
might
take a look and see if you can help me.
(If you don't want to learn my approach just skip to the bottom to help me
with the final bit.. skip to hear)
What I want to do is open the text file testtext.txt (attached) and input
all the information from one row (divided into fields and colum) and input
that into a database (mysql)... I thought the easiest way to do this is
split the fields in the row into an array... since they are all seperated
by
spaces If only it was so easy. This is what I did:
code
$count=0;
$fd = fopen (./Testtext.txt, r);
while (!feof ($fd)) {
$buffer = fgets($fd, 4096);
$count++;
if($count 2 $count 4){
$thearray=split([ ]+, $buffer);
$maxi=count($thearray);
for($i=0; $i$maxi; $i++){
echo $thearray[$i] $i ;
}
echo br;
}
}
/code
Ok now the echo statement above prints the following:
07/29/2001 12:00 0 a 28.6 28.6 28.5 0.0 31.2 -- 0 0.0 0.0 1018.8
3.1
6.3 N 28.0 1.9 0.00 0.0 74 23.4 32.1 10 12.00 1
It looks all good till well the 0 (where did that come from?) after
the
12:00! But upon further code writing:
code
$wdate=$thearray[0];
$wtime=$thearray[1];
$wtimeampm=$thearray[2];
echo BRThe date of the data is : $wdate taken at the time of $wtime
$wtimampm;
/code
that prints:
The date of the data is : 07/29/2001 12:00 taken at the time of a 28.6
28.6
28.5 0.0 31.2 -- 0 0.0 0.0 1018.8 3.1 6.3 N 28.0 1.9 0.00 0.0 74 23.4
32.1 10 12.00
It looks as the array is having trouble splitting the date from the time
(why there is a space there!!??) and makes all the other data into one or
two other parts of the area (instead of the many fields).
--HEAR--
So I've narrowed it to this: $thearray=split([ ]+, $buffer);
Does this look like what I should use to separate all my data in the
array?
It gets this data from one row in the file testtext.txt which looks like
all
fields are separated by at least one space. What should I do?
Thanks a bunch,
Yoed
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Using a file to make an array
Hey Guys,
I'm having a trouble I can't seem to solve and hoped maybe one of you might
take a look and see if you can help me.
(If you don't want to learn my approach just skip to the bottom to help me
with the final bit.. skip to hear)
What I want to do is open the text file testtext.txt (attached) and input
all the information from one row (divided into fields and colum) and input
that into a database (mysql)... I thought the easiest way to do this is
split the fields in the row into an array... since they are all seperated by
spaces If only it was so easy. This is what I did:
code
$count=0;
$fd = fopen (./Testtext.txt, r);
while (!feof ($fd)) {
$buffer = fgets($fd, 4096);
$count++;
if($count 2 $count 4){
$thearray=split([ ]+, $buffer);
$maxi=count($thearray);
for($i=0; $i$maxi; $i++){
echo $thearray[$i] $i ;
}
echo br;
}
}
/code
Ok now the echo statement above prints the following:
07/29/2001 12:00 0 a 28.6 28.6 28.5 0.0 31.2 -- 0 0.0 0.0 1018.8 3.1
6.3 N 28.0 1.9 0.00 0.0 74 23.4 32.1 10 12.00 1
It looks all good till well the 0 (where did that come from?) after the
12:00! But upon further code writing:
code
$wdate=$thearray[0];
$wtime=$thearray[1];
$wtimeampm=$thearray[2];
echo BRThe date of the data is : $wdate taken at the time of $wtime
$wtimampm;
/code
that prints:
The date of the data is : 07/29/2001 12:00 taken at the time of a 28.6 28.6
28.5 0.0 31.2 -- 0 0.0 0.0 1018.8 3.1 6.3 N 28.0 1.9 0.00 0.0 74 23.4
32.1 10 12.00
It looks as the array is having trouble splitting the date from the time
(why there is a space there!!??) and makes all the other data into one or
two other parts of the area (instead of the many fields).
--HEAR--
So I've narrowed it to this: $thearray=split([ ]+, $buffer);
Does this look like what I should use to separate all my data in the array?
It gets this data from one row in the file testtext.txt which looks like all
fields are separated by at least one space. What should I do?
Thanks a bunch,
Yoed
begin 666 Testtext.txt
M0E!:7()0D)4V]I; D)4V]L87()4V]L87()15G+@D)5VEN9 D)5VEN9 E7
M:6YD0D)2D)41E=PE4+D@N4$N4)A='0N#0I$871E51I;64)55M E(
M:0E,;W)150)55M E,96%F5)A9 E%;F5R9WD)1%YPE87()4W!E960)
M2D)1ER4-H:6QL5)U;@E286EN5)A=4)2'5M5!O:6YT4EN95X5!E
M@E6;VQTPT*,#O,CDO,C P,0DQ,CHP,!A3(X+C8),C@N-@DR.XU3 N
M,# P,# ),S$N,@DM+0DP3 N, DP+C ),3 Q.XX3,N,0DV+C,)3@DR.XP
M3$N.0DP+C P3 N, DW- DR,RXT3,R+C$),3 ),3(N,# -C W+S(Y+S(P
M,#$),3(Z,3 @80DR.XU3(X+C8),C@N- DM+0DS,2XR2TM3 ),XP3 N
M, DQ,#$X+C)-XP38N-PE.3(W+C8),BXV3 N,# ),XP3S3(S+C()
M,S(N, DQ, DQ,BXP, T*,#O,CDO,C P,0DQ,CHR,!A3(X+C4),C@N-@DR
M.XT2TM3,Q+C$)+2T), DP+C ),XP3$P,3@N. DS+C$)-2XT4X),CN
M.0DQ+C@),XP, DP+C )-S0),C,N- DS,BXQ3$P3$R+C P#0HP-R\R.2\R
M,# Q3$R.C,P($),C@N-0DR.XU3(X+C0)+2T),S$N,0DM+0DP3 N, DP
M+C ),3 Q.XW3,N,0DU+C0)3@DR-RXY3$N.0DP+C P3 N, DW,PDR,RXR
M3,R+C ),3 ),3(N,# -C W+S(Y+S(P,#$),3(Z-# @80DR.XT3(X+C0)
M,C@N- DM+0DS,2XQ2TM3 ),XP3 N, DQ,#$X+C8),BXR30N, E.3(X
M+C(),2XT3 N,# ),XP3S3(S+C(),S(N, DQ, DQ,BXP, T*,#O,CDO
M,C P,0DQ,CHU,!A3(X+C0),C@N- DR.XT2TM3,Q+C )+2T), DP+C )
M,XP3$P,3@N-0DR+C()-XP4X),C@N,@DQ+C,),XP, DP+C )-S0),C,N
M- DS,BXQ3$P3$R+C P#0HP-R\R.2\R,# Q3$Z,# @80DR.XT3(X+C0)
M,C@N,PDP+C P,# P3,P+CD)+2T), DP+C ),XP3$P,3@N- DR+C)-XY
M4X),CN.0DQ+C8),XP, DP+C )-S0),C,N,PDS,BXQ3$P3$R+C P#0HP
M-R\R.2\R,# Q3$Z,3 @80DR.XR3(X+C,),C@N,@DM+0DS,XY2TM3 )
M,XP3 N, DQ,#$X+C0),BXR30N, E.3(W+CD),2XT3 N,# ),XP3T
M3(S+C(),S(N,0DQ, DQ,BXP, T*,#O,CDO,C P,0DQ.C(P($),C@N,PDR
M.XS3(X+C()+2T),S N.0DM+0DP3 N, DP+C ),3 Q.XS3,N-@DT+CD)
M3@DR-RXU3(N,0DP+C P3 N, DW- DR,RXR3,R+C$),3 ),3(N,# -C W
M+S(Y+S(P,#$),3HS,!A3(X+C,),C@N,PDR.XS2TM3,P+C@)+2T), DP
M+C ),XP3$P,3@N,PDR+C)-XY4X),CN.0DQ+C8),XP, DP+C )-S0)
M,C,N,PDS,BXQ3$P3$R+C P#0HP-R\R.2\R,# Q3$Z-# @80DR.XS3(X
M+C,),C@N,PDM+0DS,XX2TM3 ),XP3 N, DQ,#$X+C,),RXQ34N- E.
M3(W+C),2XX3 N,# ),XP3U3(S+C0),S(N,@DQ, DQ,BXP, T*,#O
M,CDO,C P,0DQ.C4P($),C@N,PDR.XS3(X+C,)+2T),S N. DM+0DP3 N
M, DP+C ),3 Q.XR3(N-PDT+CD)3@DR-RXY3$N. DP+C P3 N, DW-0DR
M,RXU3,R+C(),3 ),3(N,# -C W+S(Y+S(P,#$),CHP,!A3(X+C,),C@N
M,PDR.XR3 N,# P,# ),S N-PDM+0DP3 N, DP+C ),3 Q.XQ3,N,0DT
M+CD)3@DR-RXW3$N.0DP+C P3 N, DW,PDR,RXP3,R+C ),3 ),3(N,# -
MC W+S(Y+S(P,#$),CHQ,!A3(X+C,),C@N,PDR.XS2TM3,P+C)+2T)
M, DP+C ),XP3$P,3@N,0DS+C$)-BXW4X),CN-PDQ+C@),XP, DP+C )
M-S4),C,N- DS,BXR3$P3$R+C P#0HP-R\R.2\R,# Q3(Z,C @80DR.XS
M3(X+C,),C@N,PDM+0DS,XW2TM3 ),XP3 N, DQ,#$X+C ),RXV34N
M- E.3(W+C4),BXQ3 N,# ),XP3W3(S+CD),S(N- DQ, DQ,BXP, T*
M,#O,CDO,C P,0DR.C,P($),C@N,@DR.XS3(X+C()+2T),S N-@DM+0DP
M3 N, DP+C ),3 Q.XP3,N-@DU+C0)3@DR-RXT3(N,0DP+C P3 N, DW
M-0DR,RXT3,R+C(),3 ),3(N,# -C W+S(Y+S(P,#$),CHT,!A3(X+C()
M,C@N,@DR.XR2TM3,P+C8)+2T), DP+C ),XP3$P,3@N, DS+C$)-2XT
M4X),CN-@DQ+CD),XP, DP+C )-S8),C,N-@DS,BXS3$P3$R+C P#0HP
M-R\R.2\R,# Q3(Z-3 @80DR.XR3(X+C,),C@N,@DM+0DS,XV2TM3 )
M,XP3 N, DQ,#$X+C$),RXQ34N. E.3(W+C8),2XY3 N,# ),XP3W
M3(S+C@),S(N- DQ, DQ,BXP, T*,#O,CDO,C P,0DS.C P($),C@N,PDR
M.XS3(X+C(),XP,# P, DS,XU2TM3 ),XP3 N, DQ,#$X+C$),BXR
M30N.0E.3(X+C ),2XS3 N,#
