RE: [PHP] Recursion to sanitize user input
Simple your code should look like this: ... if ( is_array($userInput) ) { foreach ( $userInput as $key = $value ) { return sanitize( $value ); // needed to return it or else its not recurssive } } else { ... . Should work, not tested. Best, Yoed -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, October 08, 2004 5:15 PM To: [EMAIL PROTECTED] Subject: [PHP] Recursion to sanitize user input I'm trying to sanitize my user input. My sanitize function does not work if I send a variable that's an array. I'm using recursion to go through the array. The example below shows that $_POST['city'] works but $_POST['user'] doesn't work. The array comes back blank. Anyone see what's wrong with my code? OUTPUT: Array ( [city] = New York [user] = ) CODE: ?php function sanitize($userInput = '') { if ( is_array($userInput) ) { foreach ( $userInput as $key = $value ) { sanitize( $value ); } } else { if ( get_magic_quotes_gpc() ) { return trim( $userInput ); } else { return trim( addslashes($userInput) ); } } } $_POST['city'] = 'New York'; $_POST['user']['firstName'] = 'Bob'; $_POST['user']['lastName'] = 'Smith'; $_POST['user']['country'] = 'USA'; foreach ( $_POST as $key = $value ) { $_POST[$key] = sanitize( $value ); } echo 'pre'; echo print_r($_POST); echo '/pre'; ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Need some ideas
Of course! Brilliant - why didn't I think of building my own parser from the ground up? ;-) Thanks though, this is definitely a starting point. Thanks, Yoed -Original Message- From: Curt Zirzow [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 28, 2004 10:13 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] Need some ideas * Thus wrote Yoed Anis: Hi guys, OK I need some ideas. Somebody created the stupidest XML file I've ever seen. And of course they can't change it, and I *must* be able to read it. I'm all out of brain power on thinking how to go about reading it. I typically use simplexml to read xml and that's where my knowledge end. Heres the problem: Catalog Rate RateCode1/RateCode RateCurrencyUSDRateCurrency RateValue123/RateValue /Rate RateDescription DescThis is dumn/Desc /RateDescription I've seen worse :) You'll have to set up a class that can keep track of the state of your xml file: class StupidCatalog { var $code = 0; var $current = 'USD'; var $value = ''; var $description = array(); } class StupidCatalogParser { var $catalog; // Collection of rates var $current_catalog; // building this one var $state;// tag we're working on function startElement($parser, $name, $attr) { $this-state = $name; switch($name) { case 'Rate': // start working on a new $this-current_catalog = new StupidCatalog(); break; //... } } function endElement($parser, $name) { if($name == 'Rate') { // reference is important. $this-catalog[] = $this-current_catalog; } } function elementData($parser, $data) { switch ($this-state) { case 'RateDescription': // tricky... $this-current_catalog-{$this-state}[] = $data; break; case 'RateCode': // passthrough case 'RateValue': // and the rest... // more tricky... $this-current_cataglog-{$this-state} = $data; break; } } Just create a new StupidCatalogParser() and assign the methods to the appropriate call backs in http://php.net/xml btw, the above is untested and only theory :) HTH, Curt -- The above comments may offend you. flame at will. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Need some ideas
Hi guys, OK I need some ideas. Somebody created the stupidest XML file I've ever seen. And of course they can't change it, and I *must* be able to read it. I'm all out of brain power on thinking how to go about reading it. I typically use simplexml to read xml and that's where my knowledge end. Heres the problem: Catalog Rate RateCode1/RateCode RateCurrencyUSDRateCurrency RateValue123/RateValue /Rate RateDescription DescThis is dumn/Desc /RateDescription RateDescription DescNo reall reall dumb/Desc /RateDescription Rate RateCode1322/RateCode RateCurrencyUSDRateCurrency RateValue123/RateValue /Rate RateDescription DescSometimes one description, othertimes many/Desc /RateDescription and on and on /Catalog As you can see there is no hierachy to a RateDescription, its not part of Rate (nested in it) and many RateDescriptions can follow the same Rate. However, as the eye can tell the RateDescption(s) apply to the Rate element above. The problem is I can never know how many there are (if any) for a Rate. Any ideas how to go about doing this? Thanks, Yoed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Need some ideas
Well, that is one approach. how about ignoring them? :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] how to concatenate php variables in mysql query
Luke, MySQL has a built in CONCAT function. This will concat two strings togther. In your example it would look like telephone_number = CONCAT('$telcode', '$telnumber') ... See the MySQL manual for more info on the concat function. Of course using this function will force the data to be a string. Yoed -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 22, 2004 7:47 AM To: Jay Blanchard; [EMAIL PROTECTED] Subject: Re: [PHP] how to concatenate php variables in mysql query here is the whole query: $query = INSERT INTO inmarsat_comp SET date_added=NOW(), prefix='$prefix', firstname='$firstname', lastname='$lastname', job_title='$jobtitle', company_name='$company', no_of_employees='$employees',address_1='$address1',address_2='$address2', address_3='$address3', town='$town', county ='$county', postcode='$postcode', country ='$country', telephone_number='$telcode.$telnumber', fax_number='$faxcode.$faxnumber', email='$email', enterprise='$enterprises', optin_thirdparty='$distribute', optin_news='$market'; only the telcode gets inserted. many thanks, luke m Jay Blanchard [EMAIL PROTECTED] wrote: [snip] telphone number =$telcode.$telnumber' but only the telcode gets written to the database. [/snip] There is not enough here to know for sure (I am betting this is part of a query), but if your code looks like the above you are missing a single quote after the =. Now, if you enclose the variables in the single quotes without other manipulation it will probably not work as expected. Can we see the whole query? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Secure SOAP connections
From my experience some enterprise level systems do this. As long as you use https and a user/pass combo though I don't see what the problem is. You can always create a server-side login mechanism that will associate an id with the client and automaticaly expire after 30 minutes or so as well. Best, Yoed -Original Message- From: Yann Larrivée [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 22, 2004 7:03 PM To: PHP General Subject: [PHP] Secure SOAP connections Hi, The subject says it all. I want to secure soap connection to my framework. How would you guys do it ? I tought of passing everything on a different port with a SSL connection + an key (sort of a PHP SESSION) that is given after a correct authentification (user, password) and expire after 30 minutes.. What do you guys think of this ? The idea is to develop a PHP-GTK and soap software base on some existing framework. Thanks. Yann -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] How do I send XML attributes via Soap?
Hi, I'm having trouble sending a request containing XML attributes in a soap request. I don't know how to go about doing it. Previously to pass XML as a soap request from my client to the server I would go throw the following steps: (1) Create the XML string. (i.e xmlstr = XML propertiesproperty id = 10/property/properties XML;) (2) Than I would make it an xml object: $xml = simplexml_load_string($xmlstr); (3) Next convert it to an xml complex type for the server $xml1 = new SoapVar($xml, SOAP_ENC_OBJECT, xml, http://thenamespace); (4) Send the request: $client-SoapCall(new SoapParam($xml1, )); However when I do a $client-__getLastRequest(), I get: PropertiesProperty/Property/Properties The Property field is coming up blank in the request with no attributes. How would I go about sending it so the attributes are there? Any help would be appreciated. I'm really stumped on this one. Best, Yoed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] simplexml and xpath
For this simple query simple do a call to $item-date to get your time. If the query is more complex in reality, do a foreach using xpath. See the example on Xpath at www.php.net/simplexml Yoed -Original Message- From: Matthew Sims [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 21, 2004 1:42 PM To: [EMAIL PROTECTED] Subject: [PHP] simplexml and xpath So I've just recently fallen in love with simplexml. But from what I've read, is it true that xpath doesn't really work properly? I'm using an XML file that has a section like this: item titleTitle/title linkLink/link descriptionDesc/description dc:subjectSubject/dc:subject dc:date2004-09-20T18:15:00+00:00/dc:date /item My sample of my PHP code is: ?php $library = simplexml_load_file('file.rss'); foreach ($library-item as $item) { echo $item-xpath('dc:date'); } ? I just want to get the date. Am I doing xpath incorrectly or does xpath not currently work properly in PHP5? -- --Matthew Sims --http://killermookie.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] last entry in mysql
hey guys, quick question I'm having trouble finding an answer too. In a mysql database, how can I select that last row entry. This might be done mins after i put that entry there and i tried to use: $lastid=mysql_insert_id(); to get the last id but to no avail. Thanks Yoed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] thanks
thanks guys it would have taken me forever to discover your tips. Yoed Anis [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hey Guys, I'm having a trouble I can't seem to solve and hoped maybe one of you might take a look and see if you can help me. (If you don't want to learn my approach just skip to the bottom to help me with the final bit.. skip to hear) What I want to do is open the text file testtext.txt (attached) and input all the information from one row (divided into fields and colum) and input that into a database (mysql)... I thought the easiest way to do this is split the fields in the row into an array... since they are all seperated by spaces If only it was so easy. This is what I did: code $count=0; $fd = fopen (./Testtext.txt, r); while (!feof ($fd)) { $buffer = fgets($fd, 4096); $count++; if($count 2 $count 4){ $thearray=split([ ]+, $buffer); $maxi=count($thearray); for($i=0; $i$maxi; $i++){ echo $thearray[$i] $i ; } echo br; } } /code Ok now the echo statement above prints the following: 07/29/2001 12:00 0 a 28.6 28.6 28.5 0.0 31.2 -- 0 0.0 0.0 1018.8 3.1 6.3 N 28.0 1.9 0.00 0.0 74 23.4 32.1 10 12.00 1 It looks all good till well the 0 (where did that come from?) after the 12:00! But upon further code writing: code $wdate=$thearray[0]; $wtime=$thearray[1]; $wtimeampm=$thearray[2]; echo BRThe date of the data is : $wdate taken at the time of $wtime $wtimampm; /code that prints: The date of the data is : 07/29/2001 12:00 taken at the time of a 28.6 28.6 28.5 0.0 31.2 -- 0 0.0 0.0 1018.8 3.1 6.3 N 28.0 1.9 0.00 0.0 74 23.4 32.1 10 12.00 It looks as the array is having trouble splitting the date from the time (why there is a space there!!??) and makes all the other data into one or two other parts of the area (instead of the many fields). --HEAR-- So I've narrowed it to this: $thearray=split([ ]+, $buffer); Does this look like what I should use to separate all my data in the array? It gets this data from one row in the file testtext.txt which looks like all fields are separated by at least one space. What should I do? Thanks a bunch, Yoed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Using a file to make an array
Hey Guys, I'm having a trouble I can't seem to solve and hoped maybe one of you might take a look and see if you can help me. (If you don't want to learn my approach just skip to the bottom to help me with the final bit.. skip to hear) What I want to do is open the text file testtext.txt (attached) and input all the information from one row (divided into fields and colum) and input that into a database (mysql)... I thought the easiest way to do this is split the fields in the row into an array... since they are all seperated by spaces If only it was so easy. This is what I did: code $count=0; $fd = fopen (./Testtext.txt, r); while (!feof ($fd)) { $buffer = fgets($fd, 4096); $count++; if($count 2 $count 4){ $thearray=split([ ]+, $buffer); $maxi=count($thearray); for($i=0; $i$maxi; $i++){ echo $thearray[$i] $i ; } echo br; } } /code Ok now the echo statement above prints the following: 07/29/2001 12:00 0 a 28.6 28.6 28.5 0.0 31.2 -- 0 0.0 0.0 1018.8 3.1 6.3 N 28.0 1.9 0.00 0.0 74 23.4 32.1 10 12.00 1 It looks all good till well the 0 (where did that come from?) after the 12:00! But upon further code writing: code $wdate=$thearray[0]; $wtime=$thearray[1]; $wtimeampm=$thearray[2]; echo BRThe date of the data is : $wdate taken at the time of $wtime $wtimampm; /code that prints: The date of the data is : 07/29/2001 12:00 taken at the time of a 28.6 28.6 28.5 0.0 31.2 -- 0 0.0 0.0 1018.8 3.1 6.3 N 28.0 1.9 0.00 0.0 74 23.4 32.1 10 12.00 It looks as the array is having trouble splitting the date from the time (why there is a space there!!??) and makes all the other data into one or two other parts of the area (instead of the many fields). --HEAR-- So I've narrowed it to this: $thearray=split([ ]+, $buffer); Does this look like what I should use to separate all my data in the array? It gets this data from one row in the file testtext.txt which looks like all fields are separated by at least one space. What should I do? Thanks a bunch, Yoed begin 666 Testtext.txt M0E!:7()0D)4V]I; D)4V]L87()4V]L87()15G+@D)5VEN9 D)5VEN9 E7 M:6YD0D)2D)41E=PE4+D@N4$N4)A='0N#0I$871E51I;64)55M E( M:0E,;W)150)55M E,96%F5)A9 E%;F5R9WD)1%YPE87()4W!E960) M2D)1ER4-H:6QL5)U;@E286EN5)A=4)2'5M5!O:6YT4EN95X5!E M@E6;VQTPT*,#O,CDO,C P,0DQ,CHP,!A3(X+C8),C@N-@DR.XU3 N M,# P,# ),S$N,@DM+0DP3 N, DP+C ),3 Q.XX3,N,0DV+C,)3@DR.XP M3$N.0DP+C P3 N, DW- DR,RXT3,R+C$),3 ),3(N,# -C W+S(Y+S(P M,#$),3(Z,3 @80DR.XU3(X+C8),C@N- DM+0DS,2XR2TM3 ),XP3 N M, DQ,#$X+C)-XP38N-PE.3(W+C8),BXV3 N,# ),XP3S3(S+C() M,S(N, DQ, DQ,BXP, T*,#O,CDO,C P,0DQ,CHR,!A3(X+C4),C@N-@DR M.XT2TM3,Q+C$)+2T), DP+C ),XP3$P,3@N. DS+C$)-2XT4X),CN M.0DQ+C@),XP, DP+C )-S0),C,N- DS,BXQ3$P3$R+C P#0HP-R\R.2\R M,# Q3$R.C,P($),C@N-0DR.XU3(X+C0)+2T),S$N,0DM+0DP3 N, DP M+C ),3 Q.XW3,N,0DU+C0)3@DR-RXY3$N.0DP+C P3 N, DW,PDR,RXR M3,R+C ),3 ),3(N,# -C W+S(Y+S(P,#$),3(Z-# @80DR.XT3(X+C0) M,C@N- DM+0DS,2XQ2TM3 ),XP3 N, DQ,#$X+C8),BXR30N, E.3(X M+C(),2XT3 N,# ),XP3S3(S+C(),S(N, DQ, DQ,BXP, T*,#O,CDO M,C P,0DQ,CHU,!A3(X+C0),C@N- DR.XT2TM3,Q+C )+2T), DP+C ) M,XP3$P,3@N-0DR+C()-XP4X),C@N,@DQ+C,),XP, DP+C )-S0),C,N M- DS,BXQ3$P3$R+C P#0HP-R\R.2\R,# Q3$Z,# @80DR.XT3(X+C0) M,C@N,PDP+C P,# P3,P+CD)+2T), DP+C ),XP3$P,3@N- DR+C)-XY M4X),CN.0DQ+C8),XP, DP+C )-S0),C,N,PDS,BXQ3$P3$R+C P#0HP M-R\R.2\R,# Q3$Z,3 @80DR.XR3(X+C,),C@N,@DM+0DS,XY2TM3 ) M,XP3 N, DQ,#$X+C0),BXR30N, E.3(W+CD),2XT3 N,# ),XP3T M3(S+C(),S(N,0DQ, DQ,BXP, T*,#O,CDO,C P,0DQ.C(P($),C@N,PDR M.XS3(X+C()+2T),S N.0DM+0DP3 N, DP+C ),3 Q.XS3,N-@DT+CD) M3@DR-RXU3(N,0DP+C P3 N, DW- DR,RXR3,R+C$),3 ),3(N,# -C W M+S(Y+S(P,#$),3HS,!A3(X+C,),C@N,PDR.XS2TM3,P+C@)+2T), DP M+C ),XP3$P,3@N,PDR+C)-XY4X),CN.0DQ+C8),XP, DP+C )-S0) M,C,N,PDS,BXQ3$P3$R+C P#0HP-R\R.2\R,# Q3$Z-# @80DR.XS3(X M+C,),C@N,PDM+0DS,XX2TM3 ),XP3 N, DQ,#$X+C,),RXQ34N- E. M3(W+C),2XX3 N,# ),XP3U3(S+C0),S(N,@DQ, DQ,BXP, T*,#O M,CDO,C P,0DQ.C4P($),C@N,PDR.XS3(X+C,)+2T),S N. DM+0DP3 N M, DP+C ),3 Q.XR3(N-PDT+CD)3@DR-RXY3$N. DP+C P3 N, DW-0DR M,RXU3,R+C(),3 ),3(N,# -C W+S(Y+S(P,#$),CHP,!A3(X+C,),C@N M,PDR.XR3 N,# P,# ),S N-PDM+0DP3 N, DP+C ),3 Q.XQ3,N,0DT M+CD)3@DR-RXW3$N.0DP+C P3 N, DW,PDR,RXP3,R+C ),3 ),3(N,# - MC W+S(Y+S(P,#$),CHQ,!A3(X+C,),C@N,PDR.XS2TM3,P+C)+2T) M, DP+C ),XP3$P,3@N,0DS+C$)-BXW4X),CN-PDQ+C@),XP, DP+C ) M-S4),C,N- DS,BXR3$P3$R+C P#0HP-R\R.2\R,# Q3(Z,C @80DR.XS M3(X+C,),C@N,PDM+0DS,XW2TM3 ),XP3 N, DQ,#$X+C ),RXV34N M- E.3(W+C4),BXQ3 N,# ),XP3W3(S+CD),S(N- DQ, DQ,BXP, T* M,#O,CDO,C P,0DR.C,P($),C@N,@DR.XS3(X+C()+2T),S N-@DM+0DP M3 N, DP+C ),3 Q.XP3,N-@DU+C0)3@DR-RXT3(N,0DP+C P3 N, DW M-0DR,RXT3,R+C(),3 ),3(N,# -C W+S(Y+S(P,#$),CHT,!A3(X+C() M,C@N,@DR.XR2TM3,P+C8)+2T), DP+C ),XP3$P,3@N, DS+C$)-2XT M4X),CN-@DQ+CD),XP, DP+C )-S8),C,N-@DS,BXS3$P3$R+C P#0HP M-R\R.2\R,# Q3(Z-3 @80DR.XR3(X+C,),C@N,@DM+0DS,XV2TM3 ) M,XP3 N, DQ,#$X+C$),RXQ34N. E.3(W+C8),2XY3 N,# ),XP3W M3(S+C@),S(N- DQ, DQ,BXP, T*,#O,CDO,C P,0DS.C P($),C@N,PDR M.XS3(X+C(),XP,# P, DS,XU2TM3 ),XP3 N, DQ,#$X+C$),BXR M30N.0E.3(X+C ),2XS3 N,#